Download - Formal Methods - Lecture01.pdf

Nazir Ahmad Zafar

M. Sc. Mathematics:

Quaid-i-Azam University, Islamabad, 1991

M. Phil Mathematics:

Quaid-i-Azam University, Islamabad, 1993,

M. Sc. Nuclear Engineering:

Quaid-i-Azam University, Islamabad,1994,

PhD. Computer Science:

Kyushu University, Japan, 2004.Dr. Nazir A. Zafar Formal Methods

Formal Methods

Dr. Nazir A. Zafar Formal Methods

Lecture No. 1

Introduction


Introduction to Formal Approaches

• Approaches based on mathematical tools for specifying properties of software systems

• These techniques usually drawn from areas of discrete mathematics, such as

– Logic,

– Set theory,

– Graph theory etc.

• Formal Methods have rigorous tool support

• Formal methods increase quality of software



• Presently more than 90 tools/languages

• Z, VDM, Petri-nets, B, RAISE, CCS, CSP, ..

• Notation Coverage, Description v.s. Proof

• Sets, Relations, Mapping etc.

• Useful tools and a first step to abstraction

• Modeling example:

• Reference models

• Basis for rigorous discussion & analysis

• Community over Internet: http://archive.comlab.ox.ac.uk/formal-methods.html



• Existing methods offer large amounts of text, pictures, and diagrams, but these are often imprecise and ambiguous.

• Important information is hidden among irrelevant details.

• Design flaws are discovered too late, making them expensive or impossible to correct.

• One way to improve the quality of software is changing the software design

• An alternative is using Formal Approaches at all stages of software development.



• Formal methods can be used to produce precise, unambiguous specification at every level of software development

• Information is structured and presented at an appropriate level of abstraction.

• Some approaches can be used to subsequent processes i.e., testing, and maintenance.

• Use of formal methods may be argued as expensive but experience applying Formal methods shows, it actually reduces costs.



• Formal methods can be applied in any area of computer science and engineering

• Example are: • Software engineering, information security,• Data bases e.g. use of the relational calculus

in database theory• Formal methods can be used for the description

of state of a statement and properties defining relationship between change of states

• It includes a theory of refinement that allows mathematics to be used at every stage of program development


Software Development using Formal Methods

• Validation: Are we building the right system?

• Verification: Are we building the system right?


An Introduction to Z Notations

• Abstract data types and sequential programs• Describes state space of a system, operations over it

– Operation are relations over pair of state spaces• Advancing to object oriented-ness• Z is based upon set theory and mathematical logic.

– Set theory used includes set operators, set comprehensions, cartesian products, power sets.

– Mathematical logic is a first order predicate calculus.

• Together, they make up a mathematical language that is easy to learn and to apply.

• However, this language is only one aspect of Z.



• Another aspect is the way in which the mathematics can be structured.

• Mathematical objects and their properties can be collected together in schemas which are patterns of declaration and constraint.

• The schema language can be used to describe the state of a system, and the ways in which that state may change.

• It is also used to describe system properties, and to reason about possible refinements



• A characteristic feature of Z is: types• Every object in mathematical language has a

unique type, represented as a maximal set in the current specification.

• This provides a useful link to programming• Notion of types means, in an algorithm, type of

object can be checked in specification• Several type-checking tools exist e.g. Z/eves• A third aspect is, we use natural languages to

relate the mathematics to objects in real world• A well-written specification should be perfectly

obvious to the readerDr. Nazir A. Zafar Formal Methods


• A fourth aspect is refinement.

• We may develop a system by constructing a model of a design, using simple mathematical data types to identify the desired behavior.

• We may then refine this description by constructing another model which respects the design decisions made, and yet is closer to implementation.

• This process of refinement can be continued until executable code is produced.



• Z is not intended for the description of non-functional properties, such as usability, performance, size, and reliability.

• Neither it is intended for the description of timed or concurrent behavior.

• However, there are other formal methods that are well suited for these purposes.

• We may use these methods combining with Z to relate state and state-change information as a complement


An Example : Designing A Birthday Book

• For a moment, we choose a simple system, e.g., a birthday book

• It is a system which records people’s birthdays, and is able to issue a reminder when the birthday comes

• We require names and dates. At this stage do not care how names and dates will be implemented.

[NAME], [DATE] OR [NAME, DATE]

• Given known is the set of names with birthdays recordedbirthday is a function which, when applied to certain name, gives the birthday of associated one.


Requirements

Formal Specification1. Define a book2. Possible operations

– add a new person in the birthday book – Deleting an existing person from the book– Finding date of a person whose name is given– Issuing a reminder when birthday of a particular

person comes


Defining A Birthday Book

[NAME, DATE ]

BirthdayBookknown : P NAME

birthday : NAME ß DATE

known = dom birthday


Changing State

Decoration

BirthdayBook’known’ : P NAME

birthday’ : NAME ß DATE

known’ = dom birthday’


Recording Birthday of a New Comer

AddBirthdayBirthdayBookBirthdayBook’name? : NAMEdate? : DATE

name? ∉ known birthday’ = birthday U {name? → date?}



AddBirthday∆ BirthdayBookname? : NAMEdate? : DATE

name? ∉ known birthday’ = birthday U {name? → date?}



AddBirthdayknown : P NAMEbirthday : NAME ß DATE Known’ : P NAMEBirthday’ : NAME ß DATE name? : NAMEdate? : DATE

known = dom birthdayKnown’ = dom birthday’name? ∉ known birthday’ = birthday U {name? → date?}


Finding Birthday of a Person

FindBirthdayknown : P NAMEbirthday : NAME ß DATEname? : NAMEdate! : DATE

name? ∈ known date! = birthday (name?)


Issuing a Reminder

Remindknown : P NAMEbirthday : NAME ß DATE today? : DATE cards! : P NAME

cards! = {n : known | birthday (n) = today?}

Note: today? Is (Input variable) andcards! (output variable)


Chapter No. 2

Propositional Logic


Propositional Logic

Definition: Propositional logic deals with the statement of alleged facts which must be either true or false, but not both.

Example 2.1: The following statements are propositions:

• A tomato is a fruit.• An orange is a fruit.• Oranges are not the only fruit.


Logical Connectives

• In logical language, propositions may be connected in various ways.

• Table shows five propositional connectives, in descending order of operator precedence

Symbol Name Pronunciation

¬ negation not∧ conjunction and∨ disjunction or⇒ implication implies⇔ equivalence if and only if


Logical Connectives and compound propositions

¬p ∧ q ∨ r ⇔ p ⇒ r is equivalent to version (((¬p) ∧ q) ∨ r) ⇔ (p ⇒ r)

Example 2.21. ¬ (jaffa cakes are biscuits)2. your cat is rich ∧ your dog is good looking3. economy has recovered ∨ minister is lying4. Jim is thirty-something ⇒ Jim is under forty5. Jim is thirty-something ⇔ Jim is under forty


Conjunction

• The conjunction p ∧ q is true only if p and q both are true otherwise false

• The conjunction follows the commutative property i.e. p ∧ q = q ∧ p

p q p ∧ q

t t tt f ff t ff f f


Disjunctions

• The disjunction p ∨ q is false if both p and q are false otherwise true

• The disjunction follows the commutative property as well, i.e., p ∨ q = q ∨ p

p q p ∨ q

t t tt f tf t tf f f


Implications

• The p is antecedent and q is consequent• The antecedent is stronger than consequent. • Commutative property does not hold, i.e.,

(p ⇒ q) ≠ (q ⇒ p)

p q p ⇒ qt t tt f ff t tf f t


Example 2.7: Prove (p ∧ q ⇒ r) ⇒ (p ⇒ (q ⇒ r))

p q r (p ∧ q ⇒ r) ⇒ (p ⇒ (q ⇒ r))t t t t t t t t tt t f t f t f f tt f t f t t t t t t f f f t t t t tf t t f t t t t tf t f f t t t f tf f t f t t t t tf f f f t t t t t


Equivalence

The equivalence p ⇔ q means p ⇒ q & q ⇒ pCommutative property does hold, i.e.,

(p ⇔ q) = (q ⇔ p)

p q p ⇔ qt t tt f ff t ff f t


Negation

• ¬ p is true if and only if p is false. The truth table is simple

• It is to be noted that (p ∧ ¬p) = false(p ∨ ¬p) = true

p ¬pt f

f t


de Morgan’s Laws

1. ¬(p ∧ q) = ¬ p ∨ ¬ q)

p q p ∧ q ¬(p ∧ q) ¬p ¬q ¬p ∨ ¬q

t t t f f f ft f f t f t tf t f t t f tf f f t t t t


de Morgan’s Laws

2. ¬(p ∨ q) = ¬ p ∧ ¬ q)

p q p ∨ q ¬(p ∨ q) ¬p ¬q ¬p ∧ ¬q

t t t f f f ft f t f f t ff t t f t f ff f f t t t t


Tautologies and Contradictions

Tautology : Propositions which evaluate to t in every combination of their propositional variables are known as tautologies

Contradiction : If, on the other hand, propositions evaluate to fin every combination, then they are known as contradictions.

Note: Of course, negation of a contradiction is a tautology, and vice versa.


Examples 2.12

Examples of Tautologies:1. p ∨ ¬ p 2. p ⇒ p3. p ⇒ (q ⇒ p)

Examples of Contradiction1. p ∧ ¬ p)2. p ⇔¬ p3. ¬ (p ⇒ (q ⇒ p))


Examples 2.13

Prove that following are tautologies• ¬ p ∨ q ⇔ p ⇒ q• ¬ (p ∧ q) ⇒ ¬ p ∨ ¬ q• ¬ (p ∨ q) ⇒ ¬ p ∧ ¬ q
