Download - Formal Methods in SE Lecture 16 Formal Methods in SE Qaisar Javaid Assistant Professor.

Formal Methods in SE

Lecture 16


Qaisar Javaid

Assistant Professor


Lecture 16

• Specification team. Responsible for developing and

maintaining the system specification.

• Development team. Responsible for developing and

verifying the software. The software is NOT executed or

even compiled during this process.

• Certification team. Responsible for developing a set of

statistical tests to exercise the software after development.

Reliability growth models used to determine when

reliability is acceptable.

Cleanroom process teams


Lecture 16

• The results of using the Cleanroom process have been very impressive with few discovered faults in delivered systems.

• Independent assessment shows that the process is no more expensive than other approaches.

• There were fewer errors than in a 'traditional' development process.

• However, the process is not widely used. It is not clear how this approach can be transferred to an environment with less skilled or less motivated software engineers.

Cleanroom process evaluation


Lecture 16

Free and Bound Variables

4

• In the expression Q x : A/B • p we say that variable x is bound by the quantifier.

• The scope of x extends from the vertical bar (or the spot if there is no constraint) to the next closing bracket.

• If the variable x appears in a predicate q but is not bound by any quantifier, we say that x is free in q.


Lecture 16

Substitution

5

• We write p[t/x ] to denote the predicate that results from substituting t for each free occurrence of x in predicate p.

• The substitute expression t need not be another variable; it can be any expression whose possible values match those of x.


Lecture 16

Universal Quantification

6

• The universal quantifier ∀ is a generalized form of .∧


Lecture 16

Existential Quantification

7

• The existential quantifier ∃ is a generalized form of ∨.


Lecture 16

Universal Quantification

8


Lecture 16

Existential Quantification

9


Lecture 16

Equality

10

• The = (equality) symbol is used to show that expressions are identical

• Equalities are one form of atomic propositions in our logical language (the other form is set membership).


Lecture 16

Equality

11


Lecture 16

• If the identity of a bound variable is revealed within the quantified expression, then we may replace all instances of that variable, and remove the existential quantier.

• Consider following predicate.

• This states that there is a value of x in a for which p ^ x = t is true.

• If t is in the set a and p holds then we can replace x by t.

One Point Rule

12


Lecture 16

Data Structures

• Objects from discrete mathematics can model data structures.

– Tuples (records) – Relations (tables, linked data structures) – Functions (lookup tables, trees and lists) – Sequences (lists, arrays)

13


Lecture 16

TUPLES• Tuples can resemble C structures or Pascal records. • Tuples are instances of Cartesian product types. • First declare types for each component. • [NAME] • ID == N• DEPT ::= admin | manufacturing | research• Define the Cartesian product type EMPLOYEE. • EMPLOYEE == ID X NAME X DEPT • Declare tuples which are instances of the type.

14


Lecture 16

RELATIONS• Relations are sets of tuples. They

can resemble tables or databases.

• In Z this can be expressed

15


Lecture 16

PAIRS

• The projection operators first and second extract the components of a pair.

• first(aki,4117) = aki • second(aki, 4117) = 4117

•Pairs are tuples with just two components. (aki, 4117)

•The maplet arrow provides alternate syntax without parentheses.

16


Lecture 16

BINARY RELATIONS

• Binary relations are sets of pairs.

• P (NAME X PHONE)OR

• NAME PHONE

• Binary relations can model lookup tables

• Binary relations are many-to-many relations

NAME PHONE

Aki 4019

Philip 4107

Doug 4107

Doug 4136

Philip 0113

Frank 0110

Frank 6190

… …

17


Lecture 16

BINARY RELATIONS

18


Lecture 16

RELATIONAL CALCULUS

•Restriction operators can model database queries. •Domain restriction selects pairs based on their first component.

19


Lecture 16

RELATIONAL CALCULUS

• Overriding can model database updates.

20


Lecture 16

RELATIONAL CALCULUS

• Inverse reverses domain and range by exchanging the components of each pair.

21


Lecture 16

RELATIONAL CALCULUS contd..

• Composition merges two relations by combining pairs that share a matching component.

22


Lecture 16

OPERATOR SYMBOLS

Domain & Range restriction operators can also be combined

23


Lecture 16

FUNCTIONS

• Functions are binary relations where each element in the domain appears just once. Each domain element is a unique key.

• A function cannot be a many-to-many or even one-to-many relation

Function application is a special case of relational image. It associates a domain element with its unique range element.

24


Lecture 16

Types of Functions

Surjective Function• A function is surjective (onto) if every element of the

domain is mapped to some element of the range. some domain elements may be mapped to more than one range elements. (Total Injections)

Injective Function• Injections are the functions that associate each element

in their domain with a different element in their range. It’s a one-to-one relation. (Partial injections)

Bijective Function• A function is bijective (one-to-one and onto) iff it is both

injective and surjective. (Equivalently, every element of the domain is mapped to exactly one element of the range.) A bijective function is a bijection (one-to-one correspondence), and is reversible.

25


Lecture 16

Examples

26


Lecture 16

BINARY RELATIONS AND FUNCTIONS

27