Introduction to Formal Specification Computer Science School of

Requirements vs. Specifications School of Computing Clemson University o Requirements definition Intended for customers

Interface Specification School of Computing Clemson University o Serves as a contract between component

Informal Specification Examples School of Computing Clemson University o Examples C++ STL Template specifications

Informal Specifications School of Computing Clemson University o Straightforward descriptions Push pushes an object

Informal Specifications School of Computing Clemson University o See Bertrand Meyer’s article on Formal

Formal Interface Specification School of Computing Clemson University o Communicates precisely the demands and

Reasoning Benefits School of Computing Clemson University o Formal specifications make it possible to

Characteristics of Good Specifications School of Computing Clemson University o Simple o Clear o

Languages for Formal Specification School of Computing Clemson University o ANNA (and SPARK) for

Specification Language Summary School of Computing Clemson University o Some specification languages are designed

Slides: 11

Download presentation

Introduction to Formal Specification Computer Science School of Computing Clemson University Murali Sitaraman Clemson University

Requirements vs. Specifications School of Computing Clemson University o Requirements definition Intended for customers in addition to software developers Informal descriptions are necessary o Specification For use by members of a software development team Formal (mathematical) descriptions are necessary

Interface Specification School of Computing Clemson University o Serves as a contract between component users (clients) and developers (implementers) o Typically describes the demands on users and responsibilities for implementers o Should present the essentials in “user-oriented” terms (abstraction) and hide the inessentials (information hiding)

Informal Specification Examples School of Computing Clemson University o Examples C++ STL Template specifications Java util component specifications o Questions for discussion Do they support information hiding? Do they support abstraction? Can they generalize? Is it possible to make them unambiguous?

Informal Specifications School of Computing Clemson University o Straightforward descriptions Push pushes an object on a stack How much do they help? o Use of metaphors A Queue is like a line at a fast food restaurant Do they generalize? o Use of implementation details Push behaves like Add. Element method on Vector Is this appropriate for a user-oriented cover story?

Informal Specifications School of Computing Clemson University o See Bertrand Meyer’s article on Formal Specification in IEEE Computer o Problems with even very carefully designed informal specs Contradiction Noise …

Formal Interface Specification School of Computing Clemson University o Communicates precisely the demands and responsibilities to component users and developers o Allows for independent development of client and implementation components in parallel in a team environment o Minimizes integration costs

Reasoning Benefits School of Computing Clemson University o Formal specifications make it possible to reason about correctness of software formally o Such reasoning may be manual or mechanical (i. e. , with automated support)

Characteristics of Good Specifications School of Computing Clemson University o Simple o Clear o Precise o Concise o Implementation-independent o Consistent o Sufficient completeness o Others …

Languages for Formal Specification School of Computing Clemson University o ANNA (and SPARK) for Ada o JML for Java o Larch/C++ for C++ o Spec# for C# o … o Eiffel o RESOLVE o … o VDM o Z

Specification Language Summary School of Computing Clemson University o Some specification languages are designed for particular programming languages o Some are general-purpose o Some specification languages are integrated with programming constructs o A few additionally integrate the ability to performal mathematical reasoning