VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions,...
Transcript of VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions,...
![Page 1: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/1.jpg)
VDM(Vienna Development Method)
Affiliation:
Andreas Müller – 0555284Bachelor Presentation – “Technical Mathematics”
Johannes Kepler Universität – Linz, Austriae-mail: [email protected]
![Page 2: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/2.jpg)
VDM
• Collection of techniques for– modeling
– specification
– and design
of computer based systems
• Origins: IBM laboratories in Vienna
• VDM-SL standardized
![Page 3: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/3.jpg)
Content
1. Historical context
2. VDM
3. A proof framework for VDM (mural)
4. VDMTools
![Page 4: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/4.jpg)
History
• 3 phases
– Origin of VDM (1970s)
– Rigorous Proofs (1980s and 90s)
– Formalisation: Tools support
![Page 5: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/5.jpg)
Origin of VDM
• Roots: programming language definition– definition of PL/I
• Proofs– 1968: Peter Lucas – equivalence of programming
language concepts
• 1975: dispersal of the group– Different approaches
![Page 6: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/6.jpg)
Rigorous specification and proof
• 1980s: from definition language to development ‘method’
• Standardization process gathered momentum
– VDM symposia FME FM Symposia
• VDM-SL: emphasis on implicit style of operation specification
![Page 7: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/7.jpg)
Example – „biased queue“
taken from Dines Björner, Matrin C. Henson -
“Logics of Specification Languages”
![Page 8: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/8.jpg)
Proof Obligations
• Invariants, preconditions, post-conditions
– Arbitrarily complex logical expressions
– In general: model may not be correct
Proof Obligations
• Satisfiability Obligation
![Page 9: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/9.jpg)
Rigorous Proof
![Page 10: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/10.jpg)
Rules of inference
• Proof is not formal
– Couldn‘t be checked by a machine
• Justifications
– Data type properties
– Symbols defined elsewhere
– Rules of inference
![Page 11: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/11.jpg)
Formalization
• Work on tool support
– Prolog-based animation of a VDM model
– SpecBox
• Syntax checking
• Basig semantic checking
– VDM Toolbox
– VDMTools
• Most robust of tools for VDM-SL
![Page 12: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/12.jpg)
Tools support
• Tool development & industrial engagement
– Different capabilities
• Afrodite project
– Object-oriented extensions
– Real-time extensions
VDM++
• 2004: VDMTools sold to CSK (Japan)
– Develop and promote the toolset
![Page 13: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/13.jpg)
Content
1. Historical context
2. VDM
3. A proof framework for VDM (mural)
4. VDMTools
![Page 14: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/14.jpg)
VDM
• Functions
• Operators
• Set notations
• Composite objects
• Invariants
![Page 15: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/15.jpg)
Functions
• Defining explicit functions
– Example
– Conditions
– Usage of “let”
![Page 16: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/16.jpg)
Functions
• Implicit definition
– What is to be computed (not how)
• Maximum function:
• Specification:
![Page 17: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/17.jpg)
Functions
• Pre-condition:
– Assumptions about arguments
– Partial function
• Post-condition:
• Notice that:
![Page 18: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/18.jpg)
Meaning of implicit specification
• Informally, such a specification requires that, to be correct with respect to the specification, a function must - when applied to arguments (of the right type) which satisfy the pre-condition - yield a result (of the right type) which satisfies the post-condition.
![Page 19: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/19.jpg)
Implicit functions
• Each implementation may yield another result
• Quantifiers
– Avoid recursion required in direct definition
![Page 20: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/20.jpg)
Advantages
• direct description of (multiple) properties which are of interest to the user
• characterizing a set of possible results by a post-condition
• explicit record (by Boolean expression) of the pre-condition
• less commitment to a specific algorithm
• provision of a name for the result
![Page 21: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/21.jpg)
Operations
• Implicit specification
• Functions: fixed mapping
– Input Output
– double(2) = 4
• Operations: hidden state to record values
– e.g.: Subsequent sum
– sum(2) = 2, sum(99) = 101, sum(2) = 103,…
![Page 22: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/22.jpg)
Example: Calculator (1)
• Load operation
• Convention: CAPITAL letters
• First line: similar to functions
![Page 23: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/23.jpg)
Example: Calculator (2)
• Load operation
• Second part:
– External access (ext): read (rd) or read/write (wr)
– Name followed by type
• Post-condition:
– Truth valued function (parameter, ext. variables)
![Page 24: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/24.jpg)
Example: Calculator (3)
• Show operation
• Alternative definitions
![Page 25: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/25.jpg)
Example: Calculator (4)
• Preconditions
– Omitted preconditions are assumed to be true
• Divide operation
![Page 26: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/26.jpg)
Set notations
• Set
– Unordered collection of distinct objects
– Values marked by braces e.g. {a,b}
• Forming of sets
– Enumeration of their elements
– Set comprehension
– Intervals
– Empty set {}
![Page 27: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/27.jpg)
Set notations
• The “-set” constructor
– Applied to a known set
– Yields a set of sets
• For finite sets: power set
• Cardinality: card operator
– card {} = 0
![Page 28: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/28.jpg)
Partitions
• Set is partitioned split into disjoint subsets
• Example
![Page 29: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/29.jpg)
Composite Objects
• make-functions
– Given appropriate values for fields
– Yields value of composite type
• Example: Datec
• Types are disjoint
![Page 30: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/30.jpg)
Decomposing Objects
• Selectors
– Functions to yield component values
– Signature:
– e.g.
• Several other ways of decomposing objects
![Page 31: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/31.jpg)
Decomposing Objects
• Notation for defining local values
• Using selectors
• Using extension of let
• Shorter
![Page 32: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/32.jpg)
Decomposing Objects
• Case construct
– If -then-else-Notation
– “cases”-Notation
![Page 33: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/33.jpg)
Defining composite types
• Definition of a composite type
– Name of composite object
• compose [name] of
– Variable number of fields
• [field-name]: [field-type],
– end
![Page 34: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/34.jpg)
Defining composite types
• If a value is never decomposed by a selector
• ‘is composed of’
• Names for types
![Page 35: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/35.jpg)
Modifying composite objects
• The function
– Create composite values which differ only in one field
– e.g.
![Page 36: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/36.jpg)
ADJ diagram (Datec)
![Page 37: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/37.jpg)
Data type invariants
• Truth-valued functions to record restrictions
• Part of the type definition (Keyword: inv)
• Defines the set
• where
![Page 38: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/38.jpg)
Content
1. Historical context
2. VDM
3. A proof framework for VDM (mural)
4. VDMTools
![Page 39: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/39.jpg)
mural
• Developed as part of IPSE 2.5 project
• User-guided proofs
– Convincing arguments for conjectures made on VDM models
• Users need expertise in structuring a formal proof
– User completes proofs
• Book-keeping and selection of applicable rules
![Page 40: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/40.jpg)
Constants and Expressions
• Symbols
– Variables
• Collections of values
– Constants
• Value and type constructors ({} = empty set,…)
• Fixed arity (x,y): x…value arguments, y…type arguments
– Binders
• Introduce and bind new variables (quantifiers,…)
![Page 41: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/41.jpg)
Constants and Expressions
• Expression
– Variable symbol
– Constant symbol (correct number of arguments)
– Binder
• Binding a variable in another expression
![Page 42: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/42.jpg)
Rules of inference
• Inference rules
– Above: Hypothesis
– Below: Conlcusion
• Axiom
– “Ax” to the rightof the rule
![Page 43: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/43.jpg)
Proofs
• Arguments from hypotheses to conclusion
• Organized into blocks
– from
– infer
• Inference steps are numbered lines
– Formula
– Justification
![Page 44: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/44.jpg)
Proofs
• Example:
– Conjecture
– Proof
![Page 45: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/45.jpg)
Proofs
• Sub-proofs
![Page 46: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/46.jpg)
Proofs
• Syntactic definitionof constants
![Page 47: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/47.jpg)
Theories
• Theory is a collection of
– Constants
– Binder definitions
– Derived results (+ proofs)
• Theory store
– Collection of theories
• Advantages
– Reuse
– Limits the scope
![Page 48: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/48.jpg)
Example: mural proof (1)
• Inference rule:
• mural
– Status: ‘unproved’
– Selection: proof display opens
![Page 49: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/49.jpg)
Example: mural proof (2)
• Conclusion line flagged ‘unjustified’
• User is free to decide how to approach
– Backwards from the goal
– Forwards from the knowns
• Tools to search theory store for applicable rules
• Expert
– Choose a specific rule
– Tool manages the pattern-matching
![Page 50: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/50.jpg)
Example: mural proof (3)
• User chooses to work backwards
– Definition of as
![Page 51: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/51.jpg)
Example: mural proof (4)
• Rules with sequent hypothesis sub-proof
![Page 52: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/52.jpg)
Example: mural proof (5)
• Proof is completed by forward reasoning within the sub-proof
![Page 53: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/53.jpg)
Content
1. Historical context
2. VDM
3. A proof framework for VDM (mural)
4. VDMTools
![Page 54: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/54.jpg)
VDMTools
• Works with VDM++
– Extended version of VDM-SL
– Object-orientated
• Features
– Syntax checking
– Type checking
– Code generation (Java, C++)
![Page 55: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/55.jpg)
VDM++
![Page 56: VDM - Research Institute for Symbolic Computation · 2008. 6. 18. · •Invariants, preconditions, post-conditions –Arbitrarily complex logical expressions –In general: model](https://reader035.fdocuments.in/reader035/viewer/2022071112/5fe7ced0f27db92de0398f66/html5/thumbnails/56.jpg)
Resources
• Literature
– Dines Bjørner, Martin C. Henson – “Logic of Specification Languages”
– Cliff B. Jones – “Systematic Software Development using VDM”
– Peter Gorm Larsen – “VDM++ Tutorial”
• Software
– VDMTools – www.vdmtools.jp/en/