Modelbased Specification u Formal specification of software by
Model-based Specification u Formal specification of software by developing a mathematical model of the system SWEN 5231 Formal Methods Slide 1
Objectives u u SWEN 5231 To introduce an approach to formal specification based on mathematical system models To present some features of the Z specification language The illustrate the use of Z using small examples To show Z schemas may be used to develop incremental specifications Formal Methods Slide 2
Topics covered u u u SWEN 5231 Z schemas The Z specification process Specifying ordered collections Formal Methods Slide 3
Model-based specification u u SWEN 5231 Defines a model of a system using wellunderstood mathematical entities such as sets and functions The state of the system is not hidden (unlike algebraic specification) State changes are straightforward to define VDM and Z are the most widely used model-based specification languages Formal Methods Slide 4
Z as a specification language u u u SWEN 5231 Based on typed set theory Probably now the most widely-used specification language Includes schemas, an effective low-level structuring facility Schemas are specification building blocks Graphical presentation of schemas make Z specifications easier to understand Formal Methods Slide 5
Z schemas u u Introduce specification entities and defines invariant predicates over these entities A schema includes • • • u u SWEN 5231 A name identifying the schema A signature introducing entities and their types A predicate part defining invariants over these entities Schemas can be included in other schemas and may act as type definitions Names are local to schemas Formal Methods Slide 6
Z schema highlighting SWEN 5231 Formal Methods Slide 7
An indicator specification SWEN 5231 Formal Methods Slide 8
Storage tank specification Storage_tank Container Indicator reading = contents capacity = 5000 danger_level = 50 SWEN 5231 Formal Methods Slide 9
Full specification of a storage tank SWEN 5231 Formal Methods Slide 10
Z conventions u u u SWEN 5231 A variable name decorated with a quote mark (N‘) represents the value of the state variable N after an operation A schema name decordated with a quote mark introduces the dashed values of all names defined in the schema A variable name decorated with a ! represents an output Formal Methods Slide 11
Z conventions u u u SWEN 5231 A variable name decorated with a ? represents an input A schema name prefixed by the Greek letter Xi ( ) means that the defined operation does not change the values of state variables A schema name prefixed by the Greek letter Delta ( ) means that the operation changes some or all of the state variables introduced in that schema Formal Methods Slide 12
Operation specification u u SWEN 5231 Operations may be specified incrementally as separate schema then the schema combined to produce the complete specification Define the ‘normal’ operation as a schema Define schemas for exceptional situations Combine all schemas using the disjunction (or) operator Formal Methods Slide 13
A partial spec. of a fill operation SWEN 5231 Formal Methods Slide 14
Storage tank fill operation SWEN 5231 Formal Methods Slide 15
The Z specification process SWEN 5231 Formal Methods Slide 16
Data dictionary specification u u u A Data dictionary will be used as an example. This is part of a system and is used to keep track of system names Step 1 Define “given set” and types Data dictionary structure (type) • • SWEN 5231 Item name Description Type. Assume in these examples that the allowed types are those used in semantic data models Creation date Formal Methods Slide 17
Given sets u u u Z does not require everything to be defined at specification time Some entities may be “given” and defined later The first stage in the specification process is to introduce these “given sets” • • SWEN 5231 [NAME, DATE] ==> [field, type] These representations can be defined at a later stage. Formal Methods Slide 18
Type definitions u u There a number of built-in types (such as INTEGER) in Z Other types may be defined by enumeration • u SWEN 5231 Sem_model_types = { relation, entity, attribute } Z Schemas may also be used for type definition. The predicates serve as constraints on the type Formal Methods Slide 19
Specification using functions u A function is a mapping from an input value to an output value • u The domain of a function is the set of inputs over which the function has a defined result • u dom Small. Square = {1, 2, 3, 4, 5, 6, 7 } The range of a function is the set of results which the function can produce • SWEN 5231 Small. Square = {1 1, 2 4, 3 9, 4 16, 5 2 25, 6 2 36, 7 49 } rng Small. Square = {1, 4, 9, 16, 25, 36, 49 } Formal Methods Slide 20
The function Small. Square SWEN 5231 Formal Methods Slide 21
The Data dictionary model u u A data dictionary may be thought of as a mapping from a name (the key) to a value (the description in the dictionary) Operations are • • SWEN 5231 Add. Makes a new entry in the dictionary or replaces an existing entry Lookup. Given a name, returns the description. Deletes an entry from the dictionary Replaces the information associated with an entry Formal Methods Slide 22
Data dictionary entry Schema Data. Dictionary. Entry entry: NAME desc: sew char type: Sem_model_type creation _date: DATE #description <= 2000 SWEN 5231 Formal Methods Slide 23
Data dictionary as a function Data. Dictionary. Entry ddict: NAME-> {Data. Dictionary. Entry} none SWEN 5231 Formal Methods Slide 24
Data dictionary - initial state Init-Data. Dictionary’ ddict’ = NULL SWEN 5231 Formal Methods Slide 25
Add and lookup operations SWEN 5231 Formal Methods Slide 26
Add and Lookup Error operations SWEN 5231 Formal Methods Slide 27
Function over-riding operator u Replace. Entry uses the function overriding operator (written ). This adds a new entry or replaces and existing entry. . • • SWEN 5231 phone = { Ian 3390, Ray 3392, Steve 3427} The domain of phone is {Ian, Ray, Steve} and the range is {3390, 3392, 3427}. newphone = {Steve 3386, Ron 3427} phone newphone = { Ian 3390, Ray 3392, Steve 3386, Ron 3427} Formal Methods Slide 28
Replace_OK operation SWEN 5231 Formal Methods Slide 29
Deleting an entry u Uses the domain subtraction operator (written 4) which, given a name, removes that name from the domain of the function • • • SWEN 5231 phone = { Ian 3390, Ray 3392, Steve 3427} {Ian} 4 phone {Ray 3392, Steve 3427} Formal Methods Slide 30
Delete_OK Operation SWEN 5231 Formal Methods Slide 31
Specifying ordered collections u u u SWEN 5231 Specification using functions does not allow ordering to be specified Sequences are used for specifying ordered collections A sequence is a mapping from consecutive integers to associated values Formal Methods Slide 32
A Z sequence SWEN 5231 Formal Methods Slide 33
Data dictionary Extract operation u u u SWEN 5231 The Extract operation extracts from the data dictionary all those entries whose type is the same as the type input to the operation The extracted list is presented in alphabetical order A sequence is used to specify the ordered output of Extract Formal Methods Slide 34
The Extract operation SWEN 5231 Formal Methods Slide 35
Extract predicate u u SWEN 5231 For all entries in the data dictionary whose type is in_type? , there is an entry in the output sequence The type of all members of the output sequence is in_type? All members of the output sequence are members of the range of ddict The output sequence is ordered Formal Methods Slide 36
Data dictionary specification The_Data_Dictionary Data. Dictionary Init-Data. Dictionary Add Lookup Delete Replace Extract SWEN 5231 Formal Methods Slide 37
Key points u u SWEN 5231 Model-based specification relies on building a system model using well-understood mathematical entities Z specifications are made up of mathematical model of the system state and a definition of operations on that state A Z specification is presented using a number of schemas Schemas may be combined to make new schemas Formal Methods Slide 38
Key points u u SWEN 5231 Operations are specified by defining their effect on the system state. Operations may be specified incrementally then different schemas combined to complete the specification Z functions are a set of pairs (domain, range) The domain of the function is input. The range is the outputs. A sequence is a function whose domain is the consecutive integers. Formal Methods Slide 39
- Slides: 39
