380 likes | 1.05k Views
Comparative Formal Methods. By the end of this lecture you will be able to. explain the problem of implementation bias ; distinguish between model based and algebraic formal methods; use the algebraic approach to specify types;
E N D
Comparative Formal Methods By the end of this lecture you will be able to • explain the problem of implementation bias; • distinguish between model based and algebraic formal methods; • use the algebraic approach to specify types; • identify the issues raised by concurrent system specification; • list some international standards governing the use of formal methods.
Classifying formal methods Algebraic Model-based Vienna Development Method (VDM) Z B Sequential systems Larch Calculus of Communicating Systems (CCS) OBJ Concurrent Systems Prototype Verification System (PVS) Concurrent Sequential Processes (CSP)
Specifier Client Problems with a model based approach "the cardinality of the register set must not be greater than 50". "there cannot be more than 50 patients on the register" Model Implementation Bias
Implementation bias: An example types Patient = TOKEN values LIMIT := 200 statePatientRegisterof reg: Patient-set invmk-PatientRegister (r) card r LIMIT initmk-PatientRegister (r) r = { } Patient * len r LIMIT i,j inds i j r(i) r(j) r = [ ]
addPatient (patientIn: Patient) ext wrreg: Patient* pre patientInelemsreg postreg = ^ [patientIn] This model allows patients A, B and C to be recorded in either of the following 6 ways: [A, B, C] [A, C, B] [B, A, C] [B, C, A] [C, A, B] [C, B, A]
A test for bias "If there are two or more different data values that cannot be distinguished by any of the operations, the model is biased." addPatient (Patient) removePatient (Patient) getPatients ( ): Patient [*] isRegistered (Patient): Boolean numberRegistered ( ):Integer getFirst( ) : Patient
Algebraic methods • The algebraic approach to formal software development is one that does not require a model to be constructed. • Instead of describing the behaviour of operations via a model, the behaviour is described by the relationship between operations. • Some algebraic methods (such as LARCH) are suitable sequential system specification and others (such as CCS) are suitable for concurrent systems. • We will look at a LARCH-like specification of a Stack.
Algebraic specification of a Stack STACK (Elem) <SPECIFICATION NAME> sort < name> imports <LIST OF SPECIFICATION NAMES> Operation Signatures Axioms sort Stack imports BOOL, INT
Operation Signatures init: push: pop: top: isEmpty: size: Stack Elem Stack Stack Stack Stack Stack Elem Bool Stack Int Stack
Creating Stacks From the list of operations, there must always be : • one operation that creates an empty value of the type • and one operation that allows new values to be constructed init push [A, B, C] push (C, ) init push (B, ) push (C, init) push (A, ) push (B, ) push (C, init)
Axioms Each operation is described by specifying its effect on the empty value and the non-empty value. isEmpty ( ) init = true isEmpty ( ) push (e, stk) = false pop ( init ) = ERROR pop ( push (e, stk) ) = stk top ( init ) = ERROR top ( push (e, stk) ) = e
The Size Operation size ( init ) = 0 size ( push (e, stk) ) = 1 + size( stk ) size ( push (A, push (B, push (C, init))) = 1 + size (push (B, push (C, init)) ) = 1 + 1 + size (push (C, init) ) = 1 + 1 + 1 + size ( init ) = 1 + 1 + 1 + 0 = 3
Concurrent Methods precondition balance - amount > MIN withdraw deposit
Livelock and deadlock livelock ? deadlock
Examples of use: Standards MOD 00-55 This is a standard from the UK Ministry of Defence for defence software procurement. DO-178B This is an industry standard in the field of civil avionics. IEC 61508 This is a generic standard for critical systems development for those industries (such as civil avionics) that do not yet have their own specific standards. ITSEC This is a security standard developed jointly by France, Germany, the Netherlands and the United Kingdom.
Examples of use: Industry Medical Instruments Control Systems London Air Traffic Control System Factory Control System Operating System Security Railway Signalling Systems Information Control System Smart Cards