Formal methods engineering
13
Formal methods Formal methods engineering engineering A short overview A short overview
description
Formal methods engineering. A short overview. Basics. The course was given by Hussein Zedan (Leicester, UK) … … over one week = 30 hours Problem classes and assessment was done by Dragan M a šulović (our own associate professor) Problem classes in two sessions = 15 hours. Agenda. - PowerPoint PPT Presentation
Transcript of Formal methods engineering
Formal methods Formal methods engineeringengineering
A short overviewA short overview
BasicsBasics
The course was given by Hussein The course was given by Hussein Zedan (Leicester, UK) …Zedan (Leicester, UK) …
… … over one week = 30 hoursover one week = 30 hours Problem classes and assessment was Problem classes and assessment was
done by Dragan done by Dragan MMaašulović (our own šulović (our own associate professor)associate professor)
Problem classes in two sessions Problem classes in two sessions == 15 15 hours hours
AgendaAgenda
Part I - Rationale: Why do we model?Part I - Rationale: Why do we model? Part II - Finite state machinesPart II - Finite state machines (“(“as as
the assemblthe assemblyy language of modeling language of modeling”)”) Part III – StatechartsPart III – Statecharts Part IV - Time in statechartsPart IV - Time in statecharts
Students’ backgroundStudents’ background
Should know a lot of FSMsShould know a lot of FSMs Use them in:Use them in:
• compiler construction compiler construction • OOA/D – dynamic viewOOA/D – dynamic view
But had no idea that FSMs are But had no idea that FSMs are ‘assembly language of modeling’ and ‘assembly language of modeling’ and that they may have wider application that they may have wider application areasareas
Problem classesProblem classes
Coursework 1Coursework 1 You are given the following vending machine specification: The machine You are given the following vending machine specification: The machine
has one slot (for inserting coins) and two buttons for selecting the type of has one slot (for inserting coins) and two buttons for selecting the type of coffee.coffee.
• • The vending machine dispenses only two sizes of coffee: big, which costs The vending machine dispenses only two sizes of coffee: big, which costs 50p and ’small’ size costing 25p.50p and ’small’ size costing 25p.
The machine may cheat as it does not return change (nonetheles it gives The machine may cheat as it does not return change (nonetheles it gives coffee!).coffee!).
Once a coin is inserted, the customer can not get it back.Once a coin is inserted, the customer can not get it back. After inserting the coins, the customer presses the coffee of choice. If the After inserting the coins, the customer presses the coffee of choice. If the
right amount of money was inserted, the coffee will be dispensed right amount of money was inserted, the coffee will be dispensed otherwise, the machine waits. Once the coffee is dispensed, all inserted otherwise, the machine waits. Once the coffee is dispensed, all inserted coins are dropped in a money box and the machine waits for the next coins are dropped in a money box and the machine waits for the next customer.customer.
The machine can accept ‘5p’, ‘10p’ and ‘20p’ only.The machine can accept ‘5p’, ‘10p’ and ‘20p’ only. The existing machine only dispenses black coffee and that a customer is The existing machine only dispenses black coffee and that a customer is
provided with milk cartons and/or portions of sugar, both free of charge. provided with milk cartons and/or portions of sugar, both free of charge. However, the company decided to automate these processes (milk and However, the company decided to automate these processes (milk and sugar) by designing a milk and a sugar machine! Both machines have only sugar) by designing a milk and a sugar machine! Both machines have only one button each that is if pressed a carton of milk and/or a portion of sugar one button each that is if pressed a carton of milk and/or a portion of sugar will be dispensed, respectively.will be dispensed, respectively.
Coursework 2 - 1Coursework 2 - 1 Give a Statechart for following informal Give a Statechart for following informal
specification. The objective is to specify a fault-specification. The objective is to specify a fault-tolerant solution for a computation service tolerant solution for a computation service PP that that can be characterised as follows:can be characterised as follows:• PP inputs data provided by a inputs data provided by a producerproducer on channel on channel AA..• For each input For each input xx on on AA, a computation , a computation y y = = f f ((xx)) is is
performed by performed by PP and delivered via channel B to a and delivered via channel B to a consumerconsumer..
• We assume a We assume a synchronous communicationsynchronous communication between between server and environment: The producer will only send a server and environment: The producer will only send a new job after having received a NEXT-message from the new job after having received a NEXT-message from the server computer indicating that server computer indicating that PP has finished the has finished the previous computation.previous computation.
Coursework 2 - 2Coursework 2 - 2 Give a Statechart for a Traffic-light Controller, the Give a Statechart for a Traffic-light Controller, the
informal description of which is as follows:informal description of which is as follows: There are two sets of lights: one is positioned There are two sets of lights: one is positioned
over the main road (MAIN) entering the cross-over the main road (MAIN) entering the cross-junction, and the other is over the secondary road junction, and the other is over the secondary road (SEC). During the daytime the controller (SEC). During the daytime the controller operates according to one of two possible operates according to one of two possible programs (option externally determined):programs (option externally determined):
Program A gives two minutes for the vehicles on MAIN, and Program A gives two minutes for the vehicles on MAIN, and half a minute for the vehicles on SEC, alternating.half a minute for the vehicles on SEC, alternating.
Program B gives half a minute for the vehicles in Program B gives half a minute for the vehicles in SEC once a signal “SEC FULL” goes on (the “SEC SEC once a signal “SEC FULL” goes on (the “SEC FULL” signal coming from an external sensor). FULL” signal coming from an external sensor).
ToolsTools
JFlapJFlap• http://www.jflap.org/http://www.jflap.org/
StatemateStatemate
FeedbackFeedback
