Formal Methods in SE Lecture 16 Formal Methods in SE Qaisar Javaid Assistant Professor.

of 27 /27
Formal Methods in SE Lecture 16 Formal Methods in SE Qaisar Javaid Assistant Professor

Embed Size (px)

Transcript of Formal Methods in SE Lecture 16 Formal Methods in SE Qaisar Javaid Assistant Professor.

Finite AutomataDevelopment team. Responsible for developing and verifying the software. The software is NOT executed or even compiled during this process.
Certification team. Responsible for developing a set of statistical tests to exercise the software after development. Reliability growth models used to determine when reliability is acceptable.
Cleanroom process teams
Lecture 16
The results of using the Cleanroom process have been very impressive with few discovered faults in delivered systems.
Independent assessment shows that the
process is no more expensive than other
There were fewer errors than in a 'traditional' development process.
However, the process is not widely used. It is not clear how this approach can be transferred
to an environment with less skilled or less
motivated software engineers.
Cleanroom process evaluation
In the expression Q x : A/B • p we say that variable x is bound by the quantifier.
The scope of x extends from the vertical bar (or the spot if there is no constraint) to the next closing bracket.
If the variable x appears in a predicate q but is not bound by any quantifier, we say that x is free in q.
Formal Methods in SE
We write p[t/x ] to denote the predicate that results from substituting t for each free occurrence of x in predicate p.
The substitute expression t need not be another variable; it can be any expression whose possible values match those of x.
Formal Methods in SE
Formal Methods in SE
Formal Methods in SE
The = (equality) symbol is used to show that expressions are identical
Equalities are one form of atomic propositions in our logical language (the other form is set membership).
Formal Methods in SE
Lecture 16
If the identity of a bound variable is revealed within the quantified expression, then we may replace all instances of that variable, and remove the existential quantier.
Consider following predicate.
This states that there is a value of x in a for which p ^ x = t is true.
If t is in the set a and p holds then we can replace x by t.
One Point Rule
Tuples (records)
Functions (lookup tables, trees and lists)
Sequences (lists, arrays)
Tuples are instances of Cartesian product types.
First declare types for each component.
Declare tuples which are instances of the type.
Relations are sets of tuples. They can resemble tables or databases.
In Z this can be expressed
The projection operators first and second extract the components of a pair.
first(aki,4117) = aki
(aki, 4117)
Binary relations are many-to-many relations
Domain restriction selects pairs based on their first component.
Lecture 16
Functions are binary relations where each element in the domain appears just once. Each domain element is a unique key.
A function cannot be a many-to-many or even one-to-many relation
Surjective Function
A function is surjective (onto) if every element of the domain is mapped to some element of the range. some domain elements may be mapped to more than one range elements. (Total Injections)
Injective Function
Injections are the functions that associate each element in their domain with a different element in their range. It’s a one-to-one relation. (Partial injections)
Bijective Function