An introduction to specification in VDM-SL - PowerPoint PPT Presentation

slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
An introduction to specification in VDM-SL PowerPoint Presentation
Download Presentation
An introduction to specification in VDM-SL

play fullscreen
1 / 36
An introduction to specification in VDM-SL
403 Views
Download Presentation
braden
Download Presentation

An introduction to specification in VDM-SL

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. An introduction to specification in VDM-SL At the end of this lecture you should be able to: • write a formal specification of a system in VDM-SL; • correlate the components of a UML class diagram with those of a VDM specification; • declare constants and specify functions to enhance the specification; • explain the use of a state invariant to place a global constraint on the system; • explain the purpose of the nil value in VDM.

  2. -10 Celsius TEMPERATURE +10 Celsius The Incubator case study The temperature of the incubator needs to be carefully controlled and monitored; Initially we will specify the software needed to monitor the incubator temperature; Later we will specify the software needed to monitor and control the incubator temperature. Safety requirements :

  3. The UML specification IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

  4. Specifying the ‘state’ in VDM-SL in VDM-SL the state refers to the permanent data that must be stored by the system, and which can be accessed by means of operations; It corresponds to the attributes in the class diagram; The state is specified by declaring variables, in a similar manner a programming language and UML. Each variables is given a name, and a VDM-SL type.

  5. The intrinsic types available in VDM-SL  : natural numbers (positive whole numbers) 1 : natural numbers excluding zero : integers (positive and negative whole numbers) : real numbers (positive and negative numbers that can include a fractional part)  : boolean values (true or false) Char : the set of alphanumeric characters

  6. IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer Specifying the state of the Incubator Monitor System UML VDM-SL stateIncubatorMonitorof end temp : 

  7. IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer Specifying the operations in VDM-SL • Each operation specified in VDM-SL as follows: • the operation header • the external clause • the precondition • the postcondition

  8. temp = + 1 temp > + 1 = temp temp - = 1 The increment operation increment() ext ? pre ? post ? wr ? temp :  temp < 10

  9. temp = - 1 The decrement operation decrement() ext ? pre ? post ? wr ? temp :  temp > -10

  10. The getTemp operation getTemp() ext ? pre ? post ? currentTemp :  rdtemp :  TRUE currentTemp = temp

  11. decrement() extwr temp :  pretemp > -10 post temp = - 1 Declaring constants It is possible in VDM-SL to specify constants; It is done by using the keyword values; The declaration would come immediately before the state definition: values MAX :  = 10 MIN :  = -10 MIN

  12. Specifying functions A function is a set of assignments from one set to another; The function receives an input value (or values) and maps this to an output value according to some rule; 46 FALSE   69 hasPassed TRUE 50 There are two ways in which we can specify a function in VDM-SL

  13. Specifying a function explicitly The style of this specification is algorithmic; We explicitly define the method of transforming the inputs to the output. Example add:  add(x, y) ∆x + y signature definition

  14. Specifying a function implicitly We use a pre- and postcondition in the same way as we described for operations; A function, however, does not access the state variables. add( ) pre ? post ? x , y : : z :  TRUE z = x + y

  15. An absolute function defined implicitly abs( ) pre ? post ? z : r :  TRUE z<0 r = -zz  0 r = z

  16. An absolute function defined explicitly abs:  abs(z) ∆ifz < 0 then -z elsez

  17. Recursive functions Some functions can be neatly specified by a recursive definition, whereby the function calls itself. Example a factorial function: factorial:  factorial(n) ∆ifn = 0 then 1 elsen x factorial(n - 1)

  18. State invariants Before we specified local constraint with preconditions. We can also specify a global constraint. In VDM-SL we incorporate such a restriction into the specification with a function called a stateinvariant; The invariant definition uses the keyword inv. Its signature will be: inv: State 

  19. -10 Celsius TEMPERATURE +10 Celsius Adding a state invariant into the IncubatorMonitor system invmk-IncubatorMonitor(t) MINtMAX

  20. Specifying an initialization function An initialization function is given the name init; We will assume that when the incubator is turned on, its temperature is adjusted until a steady 5 degrees Celsius is obtained. initmk-IncubatorMonitor(t) t = 5

  21. The modified state specification values MAX :  = 10 MIN :  = -10 stateIncubatorMonitorof temp :  invmk-IncubatorMonitor(t) MINtMAX initmk-IncubatorMonitor(t) t = 5 end

  22. Improving the Incubator System IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment() : Signal decrement() : Signal getRequestedTemp() : Integer getActualTemp() : Integer

  23. Enumerated types The signal sent to the hardware could be one of 3 possible values: • an instruction to the hardware to increase the temperature; • an instruction to the hardware to decrease the temperature; • an instruction to the hardware to do nothing. A type that consists of a number of named values is often referred to as an enumerated type;

  24. <<enumeration>> Signal INCREASE DECREASE DO_NOTHING Enumerated types in UML A standard method of marking a UML class as an enumerated type is to add <<enumeration>> above the type name:

  25. Enumerated types in VDM-SL In VDM-SL the types clause is the appropriate place to define new types. types Signal = <INCREASE>|< DECREASE>|< DO_NOTHING> values ….. state ….. end

  26. The nil value It is common in the programming world for a value to be undefined; VDM-SL allows for this concept by including the possibility of a term or expression having the value nil, meaning that it is undefined; We do that by placing square brackets around the type name: [] natural numbers or nil [] integers or nil. When the incubator system first comes into being, the actual and requested values will be undefined, and must therefore be set to nil;

  27. IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment() : Signal decrement() : Signal getRequestedTemp() : Integer getActualTemp() : Integer Specifying the IncubatorController state stateIncubatorControllerof requestedTemp : [] actualTemp : []

  28. The invariant The actual temperature must not be allowed to go outside the range of -10 to +10 degrees; However we need now to allow for the possibility that it could be equal to the nil value; The same is true for the requested temperature. invmk-IncubatorController (r, a)   (MIN  r MAX r = nil) (MIN  a MAX a = nil)

  29. Improving the readability of the spec by using a function inRange( ) pre post val :  result :  TRUE result MIN  val MAX invmk-IncubatorController (r, a)  (inRange(r)r = nil) (inRange(a)a = nil)

  30. The initialisation function initmk-IncubatorController (r, a)  r = nila = nil

  31. Specifying the setInitialTempoperation setInitialTemp( ) ext pre post tempIn :  wr actualTemp : []  inRange(tempIn) actualTemp = nil actualTemp = tempIn

  32. The requestChange operation requestChange( ) ext pre post tempIn :  signalOut : Signal wr requestedTemp : [] rd actualTemp : [] inRange(tempIn)  actualTempnil requestedTemp = tempIn  tempIn > actualTemp  ( signalOut = <INCREASE>  tempIn < actualTemp  signalOut = <DECREASE>  tempIn = actualTemp  signalOut = <DO_NOTHING> )

  33. actualTemp = actualTemp + 1 The increment operation increment () ext pre post signalOut : Signal rd requestedTemp : [] wr actualTemp : [] actualTemp < requestedTemp actualTempnil requestedTempnil  ( actualTemp < requestedTemp  signalOut = <INCREASE>  actualTemp = requestedTemp  ) signalOut = <DO_NOTHING>

  34. The getRequestedTemp operation getRequestedTemp() ext pre post currentRequested : [] rd requestedTemp : [] TRUE currentRequested = requestedTemp

  35. The getActualTemp operation getActualTemp() ext pre post currentActual : [] rd actualTemp : [] TRUE currentActual = actualTemp

  36. A standard template for VDM-SL specifications types SomeType = ….. values constantName : ConstantType = someValue state SystemNameof attribute1 : Type : attributen : Type invmk-SystemName(i1:Type, ..., in:Type) Expression(i1, ..., in) initmk-SystemName(i1:Type, ..., in:Type) Expression(i1, ..., in) end functions specification of functions ..... operations specification of operations .....