of 18 /18
Comparative Formal Methods By the end of this lecture you will be able to explain the problem of implementation bias; distinguish between model based and algebraic formal methods; use the algebraic approach to specify types; identify the issues raised by concurrent system specification; list some international standards governing the use of formal methods.
• Author

lewis-dixon
• Category

## Documents

• view

400

78

TAGS:

• #### isempty init

Embed Size (px)

description

Comparative Formal Methods. By the end of this lecture you will be able to. explain the problem of implementation bias ; distinguish between model based and algebraic formal methods; use the algebraic approach to specify types; - PowerPoint PPT Presentation

### Transcript of Comparative Formal Methods Comparative Formal Methods

By the end of this lecture you will be able to

• explain the problem of implementation bias;

• distinguish between model based and algebraic formal methods;

• use the algebraic approach to specify types;

• identify the issues raised by concurrent system specification;

• list some international standards governing the use of formal methods. Classifying formal methods

Algebraic Model-based

Sequential systems

Larch Vienna Development Method (VDM)

Z

B

Concurrent Systems

Calculus of Communicating Systems (CCS) OBJ

Prototype Verification System (PVS) Concurrent Sequential Processes (CSP) Problems with a model based approach

Model

Client Specifier

"there cannot be more than 50 patients on the register"

"the cardinality of the register set must not be greater than 50".

Implementation Bias types

Patient = TOKEN

values

LIMIT : = 200

state PatientRegister of

reg: Patient-set

inv mk-PatientRegister (r) card r LIMIT

init mk-PatientRegister (r) r = { }

Patient *

len r LIMIT

i,j inds i j r(i) r(j)

r = [ ]

Implementation bias: An example ext wr reg: Patient*

pre patientIn elems reg

post reg = ^ [patientIn]reg

This model allows patients A, B and C to be recorded in either of the following 6 ways:

[A, B, C] [A, C, B] [B, A, C]

[B, C, A] [C, A, B] [C, B, A] A test for bias

"If there are two or more different data values that cannot be distinguished by any of the operations, the model is biased."

removePatient (Patient)

getPatients ( ): Patient [*]

isRegistered (Patient): Boolean

numberRegistered ( ):Integer

getFirst( ) : Patient Algebraic methods

• The algebraic approach to formal software development is one that does not require a model to be constructed.

• Instead of describing the behaviour of operations via a model, the behaviour is described by the relationship between operations.

• Some algebraic methods (such as LARCH) are suitable sequential system specification and others (such as CCS) are suitable for concurrent systems.

• We will look at a LARCH-like specification of a Stack. Algebraic specification of a Stack

sort < name>

imports <LIST OF SPECIFICATION NAMES>

Operation Signatures

Axioms

<SPECIFICATION NAME> STACK (Elem)

sort Stack

imports BOOL, INT Operation Signatures

init:

push:

pop:

top:

isEmpty:

size:

Stack

Elem Stack Stack

Stack Stack

Stack Elem

Stack Bool

Stack Int Creating Stacks

From the list of operations, there must always be :

• one operation that creates an empty value of the type

• and one operation that allows new values to be constructed

init

push

[A, B, C] push (C, )

push (B, )

push (A, )

push (C, init)

push (B, )push (C, init)

init Axioms

Each operation is described by specifying its effect on the empty value and the non-empty value.

isEmpty ( ) init = true

isEmpty ( ) push (e, stk) = false

pop ( init )

pop ( push (e, stk) )

top ( init )

top ( push (e, stk) )

= ERROR

= stk

= ERROR

= e The Size Operation

size ( init )

size ( push (e, stk) )

= 0

= 1 + size( stk )

size ( push (A, push (B, push (C, init)))

= 1 + size (push (B, push (C, init)) )

= 1 + 1 + size (push (C, init) )

= 1 + 1 + 1 + size ( init )

= 1 + 1 + 1 + 0 = 3 Concurrent Methods

withdraw

precondition

balance - amount > MIN

deposit livelock Examples of use: Standards

MOD 00-55This is a standard from the UK Ministry of Defence for defence software procurement.

DO-178BThis is an industry standard in the field of civil avionics.

IEC 61508This is a generic standard for critical systems development for those industries (such as civil avionics) that do not yet have their own specific standards.

ITSECThis is a security standard developed jointly by France, Germany, the Netherlands and the United Kingdom. Examples of use: Industry

Medical Instruments Control Systems

London Air Traffic Control System

Factory Control System

Operating System Security

Railway Signalling Systems

Information Control System

Smart Cards  