1 / 62

An introduction to specification in VDM-SL

An introduction to specification in VDM-SL. At the end of this lecture you should be able to:. write a formal specification of a system in VDM-SL ; correlate the components of a UML class diagram with those of a VDM specification ;

vaughan-mckenzie
Download Presentation

An introduction to specification in VDM-SL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An introduction to specification in VDM-SL At the end of this lecture you should be able to: • write a formal specification of a system in VDM-SL; • correlate the components of a UML class diagram with those of a VDM specification; • declare constants and specify functions to enhance the specification; • explain the use of a state invariant to place a global constraint on the system; • explain the purpose of the nil value in VDM.

  2. -10 Celsius TEMPERATURE +10 Celsius The Incubator case study The temperature of the incubator needs to be carefully controlled and monitored; Safety requirements :

  3. The UML specification IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

  4. Specifying the ‘state’ in VDM-SL

  5. IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

  6. The VDM state refers to the permanent data stored by the system. IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer In VDM-SL we use mathematical types

  7. The intrinsic types available in VDM-SL

  8.  : natural numbers (positive whole numbers) 1 : natural numbers excluding zero : integers (positive and negative whole numbers) : real numbers (positive and negative numbers that can include a fractional part)  : boolean values (true or false) Char : the set of alphanumeric characters

  9. Specifying the state of the Incubator Monitor System

  10. IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer UML VDM-SL stateIncubatorMonitorof end temp : 

  11. Specifying the operations in VDM-SL

  12. IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer • Each operation specified in VDM-SL as follows: • the operation header • the external clause • the precondition • the postcondition

  13. IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

  14. temp = + 1 temp > + 1 = temp temp - = 1 increment() ext ? pre ? post ? wr ? temp :  temp < 10

  15. IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

  16. temp = - 1 decrement() ext ? pre ? post ? wr ? temp :  temp > -10

  17. IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

  18. getTemp( ) ext ? pre ? post ? currentTemp :  rdtemp :  TRUE currentTemp = temp

  19. Declaring constants

  20. decrement() extwr temp :  pretemp > -10 post temp = - 1 Constants are specified using the keyword values. The declaration would come immediately before the state definition: values MAX :  = 10 MIN :  = -10 MIN

  21. Specifying functions

  22. 36 FALSE   79 hasPassed TRUE 50

  23. Explicitly and implicitly There are two ways in which we can specify a function in VDM-SL:

  24. Specifying a function explicitly Example add:  add(x, y) ∆x + y signature definition

  25. Specifying a function implicitly add( ) pre ? post ? x , y : : : z TRUE z = x + y

  26. An absolute function defined implicitly abs( ) pre ? post ? z : r :  TRUE z<0 r = -zz  0 r = z

  27. An absolute function defined explicitly abs:  abs(z) ∆ifz < 0 then -z elsez

  28. Two special functions The state invariant and initialisation

  29. State  inv Returns true if the state meets global constraint and false otherwise

  30. -10 Celsius TEMPERATURE +10 Celsius Adding a state invariant into the IncubatorMonitor system inv ?  ?

  31. -10 Celsius TEMPERATURE +10 Celsius Adding a state invariant into the IncubatorMonitor system invmk-IncubatorMonitor(t) ?

  32. -10 Celsius TEMPERATURE +10 Celsius Adding a state invariant into the IncubatorMonitor system invmk-IncubatorMonitor(t)  MINtMAX

  33. State  init Returns true if the correct initial values have been given to the state and false otherwise

  34. Specifying an initialization function We will assume that when the incubator is turned on, its temperature should be adjusted until a steady 5 degrees Celsius is obtained. init ?  ?

  35. Specifying an initialization function We will assume that when the incubator is turned on, its temperature should be adjusted until a steady 5 degrees Celsius is obtained. initmk-IncubatorMonitor(t) ?

  36. Specifying an initialization function We will assume that when the incubator is turned on, its temperature should be adjusted until a steady 5 degrees Celsius is obtained. initmk-IncubatorMonitor(t)  t = 5

  37. The modified state specification values MAX :  = 10 MIN :  = -10 stateIncubatorMonitorof temp :  invmk-IncubatorMonitor(t) MINtMAX initmk-IncubatorMonitor(t) t = 5 end

  38. Improving the Incubator System IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment( ) : Signal decrement( ) : Signal getRequestedTemp( ) : Integer getActualTemp( ) : Integer

  39. Improving the Incubator System IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment( ) : Signal decrement( ) : Signal getRequestedTemp( ) : Integer getActualTemp( ) : Integer Signal is an enumerated type

  40. <<enumeration>> Signal INCREASE DECREASE DO_NOTHING Enumerated types in UML A standard method of marking a UML class as an enumerated type is to add <<enumeration>> above the type name:

  41. Enumerated types in VDM-SL In VDM-SL the types clause is the appropriate place to define new types. types Signal = <INCREASE>|< DECREASE>|< DO_NOTHING> values ….. state ….. end

  42. The nil value It is common in the programming world for a value to be undefined VDM-SL allows for this concept by including the possibility of a term or expression having the value nil, meaning that it is undefined; x :  ‘x’ must be a natural number

  43. The nil value It is common in the programming world for a value to be undefined VDM-SL allows for this concept by including the possibility of a term or expression having the value nil, meaning that it is undefined; x : [] ‘x’ can be a natural number or nil

  44. The nil value It is common in the programming world for a value to be undefined VDM-SL allows for this concept by including the possibility of a term or expression having the value nil, meaning that it is undefined; x : [] When the incubator system first comes into being, the actual and requested values will be undefined, and must therefore be set to nil.

  45. IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment() : Signal decrement() : Signal getRequestedTemp() : Integer getActualTemp() : Integer Specifying the IncubatorController state stateIncubatorControllerof requestedTemp : ? actualTemp : ?

  46. IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment() : Signal decrement() : Signal getRequestedTemp() : Integer getActualTemp() : Integer Specifying the IncubatorController state stateIncubatorControllerof requestedTemp :  actualTemp : 

  47. IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment() : Signal decrement() : Signal getRequestedTemp() : Integer getActualTemp() : Integer Specifying the IncubatorController state stateIncubatorControllerof requestedTemp : [] actualTemp : []

  48. The invariant stateIncubatorControllerof requestedTemp : [] actualTemp : [] The requested temperature must be in the range of -10 to +10 degrees invmk-IncubatorController (r, a)  MIN rMAX

  49. The invariant The requested temperature could be nil stateIncubatorControllerof requestedTemp : [] actualTemp : [] The requested temperature must be in the range of -10 to +10 degrees invmk-IncubatorController (r, a)  MIN  r MAX r = nil

  50. The invariant The requested temperature could be nil stateIncubatorControllerof requestedTemp : [] actualTemp : [] The requested temperature must be in the range of -10 to +10 degrees invmk-IncubatorController (r, a)  (MIN  r MAX r = nil)

More Related