Tr1413 validation process
description
Transcript of Tr1413 validation process
![Page 1: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/1.jpg)
1
TR1413: Discrete TR1413: Discrete Mathematics For Computer Mathematics For Computer
ScienceScience
Lecture 26&27: Lecture 26&27: Validation ProcessValidation Process
![Page 2: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/2.jpg)
2
IntroductionIntroduction• A Z formal specification is a mathematical
system.• It consists of • Undefined terms• Define terms• Axioms – in the form of state schemas and
operation schemas.
![Page 3: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/3.jpg)
3
IntroductionIntroduction• A mathematical system needs to be validated
to ensure that it is complete and consistent.• Validation of a Z specification can be done by:1.Proving of the initial state theorem2.Calculating preconditions3.Proof of properties
– Prov
– P
![Page 4: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/4.jpg)
4
Initial State TheoremInitial State Theorem• There exists at least one state for the
system
![Page 5: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/5.jpg)
5
Initial State TheoremInitial State Theorem• There exists at least one state for the
system• The example of the state is initial
state.
![Page 6: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/6.jpg)
6
Initial State TheoremInitial State Theorem• There exists at least one state for the
system• The example of the state is initial
state.
![Page 7: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/7.jpg)
7
Initial State TheoremInitial State Theorem• There exists at least one state for the
system• The example of the state is initial
state.
Prove the above theorem
![Page 8: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/8.jpg)
8
Initial State TheoremInitial State Theorem
[ expand schema InitialCarPark ]
![Page 9: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/9.jpg)
9
Initial State Theorem
[schema CarPark is redundant,
![Page 10: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/10.jpg)
10
Initial State Theorem
[schema CarPark is redundant, remove the second schema ]
![Page 11: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/11.jpg)
11
Initial State TheoremInitial State Theorem
[ expand schema CarPark ]
![Page 12: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/12.jpg)
12
Initial State TheoremInitial State Theorem
[ expand schema CarPark ]
![Page 13: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/13.jpg)
13
Initial State TheoremInitial State Theorem
[ use ( D | P Q ) ( D P Q ), therefore, ]
![Page 14: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/14.jpg)
14
Initial State TheoremInitial State Theorem
[ use ( D | P Q ) ( D P Q ), therefore, ]
![Page 15: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/15.jpg)
15
Initial State TheoremInitial State Theorem
[ apply One Point Rule, ]
![Page 16: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/16.jpg)
16
Initial State TheoremInitial State Theorem
[ apply One Point Rule, ]
![Page 17: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/17.jpg)
17
Initial State TheoremInitial State Theorem
[ apply One Point Rule, , therefore.. ]
true
![Page 18: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/18.jpg)
18
Initial State TheoremInitial State Theorem
[ apply One Point Rule, , therefore.. ]
From Library of laws, L11, true
![Page 19: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/19.jpg)
19
Initial State TheoremInitial State Theorem
[ apply One Point Rule, , therefore.. ]
true
![Page 20: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/20.jpg)
20
Initial State TheoremInitial State Theorem
[ apply One Point Rule, , therefore.. ]
From axiomatic description
![Page 21: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/21.jpg)
21
Initial State TheoremInitial State Theorem
[ apply One Point Rule, , therefore.. ]
true
![Page 22: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/22.jpg)
22
Initial State TheoremInitial State Theorem
[ apply One Point Rule, , therefore.. ]
This proves that there exists a state for the system.
![Page 23: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/23.jpg)
23
SummarySummary[ expand schema Initial State Schema ]
[ expand state schema]
[ use ( D | P Q ) ( D P Q ) ]
[ apply One Point Rule, ]
[ Conclusion ]
![Page 24: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/24.jpg)
24
ExerciseExercise• Prove initialisation theorems for all
your case studies.• If you have not written any initial
schema, write it now…
![Page 25: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/25.jpg)
25
Precondition calculationPrecondition calculation
Which states it can be successfully applied?
Does it provide a total interface?
![Page 26: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/26.jpg)
26
Precondition calculationPrecondition calculationExample:
Calculating the precondition of schema OrdinaryDepartureOK
Given the schema as follows:
![Page 27: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/27.jpg)
27
Precondition CalculationPrecondition CalculationExpand the schema, we get:
![Page 28: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/28.jpg)
28
Precondition CalculationPrecondition CalculationExpand the schema, we get:
![Page 29: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/29.jpg)
29
Precondition CalculationPrecondition CalculationWrite PreSchema, that is by hiding the after state variables (prime) and output variables.‘Hiding’ means remove the variables from the declaration part andquantify the variables using existential quantifier.
![Page 30: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/30.jpg)
30
Precondition CalculationPrecondition CalculationWrite PreSchema, that is by hiding the after state variables (prime)and output variables.‘Hiding’ means remove the variables from the declaration part andquantify the variables using existential quantifier.
![Page 31: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/31.jpg)
31
Precondition CalculationPrecondition CalculationWrite PreSchema, that is by hiding the after state variables (prime)and output variables.‘Hiding’ means remove the variables from the declaration part andquantify the variables using existential quantifier.
By using One Point Rule, we get ….
![Page 32: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/32.jpg)
32
![Page 33: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/33.jpg)
33
![Page 34: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/34.jpg)
34
![Page 35: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/35.jpg)
35
Simplify the schema above, we get ….
![Page 36: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/36.jpg)
36
Simplify the schema above, we get ….
![Page 37: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/37.jpg)
37
The above is the simplified version of the schema.Therefore, we can say that for an ordinary car to be successfullydepart, the state should be:• the number of ordinary cars in the car park should be at least one and should not be greater than the car park capacity.
![Page 38: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/38.jpg)
38
SummarySummaryWrite the schema.
Expand the schema.
Write its PreSchema, (that is by hiding all prime variables and output variables.)
Use One Point Rule
Simplify the schema
Conclusion
![Page 39: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/39.jpg)
39
ExerciseExerciseTake one example of schema operation/observation from each of your case study and calculate its precondition.
![Page 40: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/40.jpg)
40
TotalityTotalityDoes it provide a total interface?
An operation is total if it is defined on every state which satisfies the state invariant.
The operation OrdinaryDepartureOK is not total, because it does not say what happens when ordinaryCars = 0.
However, we have specified the total operation of an ordinarydeparting in schema OrdinaryDeparture.
Prove that schema OrdinaryDeparture is total.
![Page 41: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/41.jpg)
Proof of PropertiesProof of Properties
41
Every mathematical system must have certain properties.Similarly, since a formal specification is a mathematical system it must have some properties.Completeness of a formal specification can be shown by showing that these properties can be derived from the specification.
![Page 42: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/42.jpg)
Proof of PropertiesProof of Properties
42
In CarPark System:1.If an ordinary car arrive, then the number of ordinary car in the car park increases by one.2.If an ordinary car leave the car park, number of ordinary car in the car park reduces by one.3.an entrance of a pass holder will increase the number of pass holders in used by one and will not change the number of ordinary cars in the car park.
![Page 43: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/43.jpg)
43
Proof of PropertiesProof of Properties
Prove that an entrance of a pass holder will increase the number ofpass holders in used by one and will not change the number of ordinary cars in the car park.
Write the above statement in theorem form, i.e, hypothesis conclusion :
![Page 44: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/44.jpg)
44
Proof of PropertiesProof of Properties
Prove that an entrance of a pass holder will increase the number ofpass holders in used by one and will not change the number of ordinary cars in the car park.
Write the above statement in theorem form, i.e, hypothesis conclusion :
![Page 45: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/45.jpg)
45
Prove that an entrance of a pass holder will increase the number ofpass holders in used by one and will not change the number of ordinary cars in the car park.
Write the above statement in theorem form, i.e, hypothesis conclusion :
![Page 46: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/46.jpg)
46
[ Expand schema PassEntryOK ]
Given schema PassEntryOK as follows:
![Page 47: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/47.jpg)
47
[ Expand schema PassEntryOK ]Therefore,
![Page 48: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/48.jpg)
48
[ Expand schema PassEntryOK ](we may not need to fully expand the schema )
![Page 49: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/49.jpg)
49
[ Expand schema PassEntryOK ](we may not need to fully expand the schema )
[ Start the proving…., prove what?]
![Page 50: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/50.jpg)
50
From hypothesis:
![Page 51: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/51.jpg)
51
From hypothesis:and:
![Page 52: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/52.jpg)
52
From hypothesis:and:
Therefore, we can conclude that:
It is also known that:
![Page 53: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/53.jpg)
53
From hypothesis:
![Page 54: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/54.jpg)
54
From hypothesis:
Therefore, we can conclude that:
![Page 55: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/55.jpg)
55
SummarySummaryWrite the property of a specification in natural language
Transform the above statement in theorem form
Prove the theorem
![Page 56: Tr1413 validation process](https://reader033.fdocuments.in/reader033/viewer/2022061220/54ba9be74a7959f81d8b46b1/html5/thumbnails/56.jpg)
56
ExerciseExerciseDiscuss with your friends, properties that should be in your specifications. You may want to refer to your ‘table’.
Prove the existence of the properties in the related specification.