Lecture 12 Formal Specifications - Computer Science

Lecturer: Sebastian Coope

Ashton Building, Room G.18

E-mail: [email protected]

COMP 201 web-page: http://www.csc.liv.ac.uk/~coopes/comp201

Lecture 12 – Formal Specifications

1 COMP201 - Software Engineering

Recap on Formal Specification

Objectives:

To explain why formal specification techniques help discover problems in system requirements

To describe the use of:

algebraic techniques (for interface specification) and

model-based techniques (for behavioural specification)

To introduce Abstract State Machine Model (ASML)


Behavioural Specification

Algebraic specification can be cumbersome when the object operations are not independent of the object state

Model-based specification exposes the system state and defines the operations in terms of changes to that state


OSI Reference Model

Application

Presentation

Session

Transport

Network

Data link

Physical

7

6

5

4

3

2

1

Communica tions medium

Network

Data link

Physical

Application

Presentation

Session

Transport

Network

Data link

Physical

Application Model-based

specification

Algebraic

specification


Abstract State Machine Language (AsmL)

AsmL is a language for modelling the structure and behaviour of digital systems. We will see a basic introduction to ASML and how some concepts can be encoded formally. (We will not go into too many details but just see the overall format

ASML uses).

AsmL can be used to faithfully capture the abstract

structure and step-wise behaviour of any discrete systems, including very complex ones such as: Integrated circuits Software components Devices that combine both hardware and software


Abstract State Machine Language

An AsmL model is said to be abstract because it encodes only those aspects of the system’s structure that affect the behaviour being modelled

The goal is to use the minimum amount of detail that accurately reproduces (or predicts) the behaviour of the system that we wish to model

This means we may obtain an overview of the system without becoming bogged down in irrelevant implementation details and concentrate on important concerns such as concurrency.


Abstract State Machine Language

Abstraction helps us reduce complex problems into manageable units and prevents us from getting lost in a sea of details

AsmL provides a variety of features that allows us to

describe the relevant state of a system in a very economical and high-level way


Abstract State Machines and Turing Machines

An abstract state machine is a particular kind of mathematical machine, like a Turing machine (TM)

But unlike a TM, abstract state machines may be defined by a very high level of abstraction

An easy way to understand ASMs is to see them as defining a succession of states that may follow an initial state


9

Sets Described Algorithmically

Sometimes, we may wish to describe a set algorithmically. We shall now see how this may be done is ASML.

Problem:

Suppose we have a set that includes the integers from

1 to 20 and we want to find those numbers that, when

doubled, still belong to the set.

Solution: A = {1..20}

C = {i | i in A where 2*i in A}

Main()

step

WriteLine(C)

Informal

Formal (ASML)

10

Sequences

A Sequence is a collection of elements of the same type, just as a set is but they differ from sets in two ways:

A sequence is ordered while a set is not.

A sequence can contain duplicate elements while a set does not.

Elements of sequences are contained within square brackets: [ ]: e.g. [1,2,3,4], [4,3,2,1], [a,e,i,o,u], [a,a,e,i,o,u]

11

Sequences

X={1,2,3,4}

Y={1,1,2,3,4}

Z=[1,1,2,3,4]

Main()

step WriteLine(“X=” +X)

step WriteLine (“Y=” +Y)

step WriteLine (“Y=” +Y)

The result is:

X = {1,2,3,4}

Y = {1,2,3,4}

Z = [1,1,2,3,4]

SORT Algorithm

We shall now consider a simple specification of a one-swap-at-a-time sorting algorithm and how it can be written in ASML.


Sorting Example

4 1 5 2 3

1 2 3 4 5


ASML Example var A as Seq of Integer

swap()

choose i in {0..length(A)-1}, j in {0..length(A)-1} where i < j and A(i) > A(j)

A(j) := A(i)

A(i) := A(j)

sort()

step until fixpoint

swap()

Main()

step A := [-4,6,9,0, 2,-12,7,3,5,6]

step WriteLine(“Sequence A : ")

step sort()

step WriteLine("after sorting: " + A)


Method

declaration

Continue to do next

operation ( swap() ) until

“fixpoint”, i.e. no more

changes occur.

A is a sequence (i.e. Ordered

set) of integers

ASML Example var A as Seq of Integer

swap()

choose i in {0..length(A)-1}, j in {0..length(A)-1} where i < j and A(i) > A(j)

A(j) := A(i)

A(i) := A(j)

sort()

step until fixpoint

swap()

Main()

step A := [-4,6,9,0, 2,-12,7,3,5,6]

step WriteLine(“Sequence A : ")

step sort()

step WriteLine("after sorting: " + A)


Choose indices i,j such that i < j and

A(i) < A(j) (thus the array elements i,j

are not currently ordered). Swap elements

A(i) and A(j)

Continue to call swap() until there

are no more updates possible (thus

the sequence is ordered)

Hoare’s Quicksort

Quicksort was discovered by Tony Hoare (published in 1962).

Here is the outline • Pick one item from the array--call it the pivot

• Partition the items in the array around the pivot so all elements to the left are smaller than the pivot and all elements to the right are greater than the pivot

• Use recursion to sort the two partitions


An Example

Initial array 4 1 3 8 0 2 11 9 5

1 3 0 2 4 8 11 9 5

0 1 3 2 4 5 8 11 9

0 1 2 3 4 5 8 9 11


Hoare's Quicksort using Sequences and Recursion

qsort(s as Seq of Integer) as Seq of Integer

if s = [] then

return []

else pivot = Head(s)

rest = Tail(s)

return qsort([y | y in rest where y < pivot]) +

[pivot] + qsort([y | y in rest where y ≥ pivot])

A sample main program sorts the Sequence [7, 8, 2, 42] and prints the result:

Main()

WriteLine(qsort([7, 8, 2, 42]))


Shortest Paths Algorithm

Specification of Shortest Paths from a given node s.

The nodes of the graph are given as a set N.

The distances between adjacent nodes are given by a map D, where D(n,m)=infinity denotes that the two nodes are not adjacent.


What is the Shortest Distance from SeaTac to Redmond?

SeaTac Seattle

Bellevue Redmond

11

11

13

5 5

5

5

9 9


Graph Declaration

structure Node

s as String

infinity = 9999

SeaTac = Node("SeaTac")

Seattle = Node("Seattle“)

Bellevue = Node("Bellevue")

Redmond = Node("Redmond")

N = {SeaTac, Seattle, Bellevue, Redmond}

D = {(SeaTac, SeaTac) -> 0,

(SeaTac, Seattle) -> 11,

(SeaTac, Bellevue) -> 13,

(SeaTac, Redmond) -> infinity, // to be calculated

(Seattle, SeaTac) -> 11,

(Seattle, Seattle) -> 0,

(Seattle, Bellevue) -> 5,

(Seattle, Redmond) -> 9,

(Bellevue, SeaTac) -> 13,

(Bellevue, Seattle) -> 5,

(Bellevue, Bellevue) -> 0,

(Bellevue, Redmond) -> 5,

(Redmond, SeaTac) -> infinity, // to be calculated

(Redmond, Seattle) -> 9,

(Redmond, Bellevue) -> 5,

(Redmond, Redmond) -> 0}


shortest( s as Node,

N as Set of Node,

D as Map of (Node, Node) to Integer) as Map of Node to Integer

var S = {s -> 0} merge {n -> infinity | n in N where n ne s}

step until fixpoint

forall n in N where n ne s

S(n) := min({S(m) + D(m,n) | m in N})

step return S

min(s as Set of Integer) as Integer

require s ne {}

return (any x | x in s where forall y in s holds x lte y)

Shortest Path Implementation


S(n) := min({S(m) + D(m,n) | m in N})

s

m

n

S(m) D(m,n)

?


The Main Program

Main()

// … Graph specification …

shortestPathsFromSeaTac = shortest(SeaTac, N, D)

WriteLine("The shortest distance from SeaTac to Redmond is” + shortestPathsFromSeaTac(Redmond) + " miles.")

The shortest distance from SeaTac to Redmond is

18 miles.


Lecture Key Points

Formal system specification complements informal specification techniques.

Formal specifications are precise and unambiguous. They remove areas of doubt in a specification.

Formal specification forces an analysis of the system requirements at an early stage. Correcting errors at this stage is cheaper than modifying a delivered system.

Formal specification techniques are most applicable in the development of critical systems and standards.


Lecture Key Points

Algebraic techniques are suited to interface specification where the interface is defined as a set of object classes.

Model-based techniques model the system using sets and functions. This simplifies some types of behavioural specification.

Operations are defined in a model-based spec. by defining pre and post conditions on the system state.

AsmL is a language for modelling the structure and behaviour of digital systems.


Lecture 12 Formal Specifications - Computer Science

Documents

Transcript of Lecture 12 Formal Specifications - Computer Science