Scribd Logo
Upload

Welcome to Scribd!

  • 8K views

    An Introduction To Specification in VDM-SL: at The End of This Lecture You Should Be Able To

    Uploaded by

    yoges_0695
    The document provides an introduction to specifying systems using the VDM-SL formal specification language. It explains how to define the state, operations, constants, functions, and invariants of a system in VDM-SL based on its UML class diagram. As an example, it specifies the state and operations of an incubator monitoring and control system, including defining enumerated types, nil values, and improving the specification with additional components and constraints. The key aspects of VDM-SL specifications are explained through this example.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd

    An Introduction To Specification in VDM-SL: at The End of This Lecture You Should Be Able To

    Uploaded by

    yoges_0695
    8K views36 pages
    The document provides an introduction to specifying systems using the VDM-SL formal specification language. It explains how to define the state, operations, constants, functions, and invariants of a system in VDM-SL based on its UML class diagram. As an example, it specifies the state and operations of an incubator monitoring and control system, including defining enumerated types, nil values, and improving the specification with additional components and constraints. The key aspects of VDM-SL specifications are explained through this example.

    Original Description:

    Lecture 3

    Original Title

    FOrmal Mehod

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document provides an introduction to specifying systems using the VDM-SL formal specification language. It explains how to define the state, operations, constants, functions, and invariants of a system in VDM-SL based on its UML class diagram. As an example, it specifies the state and operations of an incubator monitoring and control system, including defining enumerated types, nil values, and improving the specification with additional components and constraints. The key aspects of VDM-SL specifications are explained through this example.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    8K views36 pages

    An Introduction To Specification in VDM-SL: at The End of This Lecture You Should Be Able To

    Uploaded by

    yoges_0695
    The document provides an introduction to specifying systems using the VDM-SL formal specification language. It explains how to define the state, operations, constants, functions, and invariants of a system in VDM-SL based on its UML class diagram. As an example, it specifies the state and operations of an incubator monitoring and control system, including defining enumerated types, nil values, and improving the specification with additional components and constraints. The key aspects of VDM-SL specifications are explained through this example.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    of 36

    An introduction to specification in VDM-SL

    At the end of this lecture you should be able to:

    write a formal specification of a system in VDM-SL;

    correlate the components of a UML class diagram with those


    of a VDM specification;

    declare constants and specify functions to enhance the


    specification;

    explain the use of a state invariant to place a global constraint


    on the system;

    explain the purpose of the nil value in VDM.

    The Incubator case study


    The temperature of the incubator needs to be carefully controlled
    and monitored;
    Initially we will specify the software needed to monitor the
    incubator temperature;
    Later we will specify the software needed to monitor and control
    the incubator temperature.
    Safety requirements :

    -10 Celsius

    TEMPERATURE

    +10 Celsius

    The UML specification


    IncubatorMonitor
    temp : Integer
    increment()
    decrement()
    getTemp() : Integer

    Specifying the state in VDM-SL


    in VDM-SL the state refers to the permanent data that must
    be stored by the system, and which can be accessed by
    means of operations;
    It corresponds to the attributes in the class diagram;
    The state is specified by declaring variables, in a similar
    manner a programming language and UML.
    Each variables is given a name, and a VDM-SL type.

    The intrinsic types available in VDM-SL


    :

    natural numbers (positive whole numbers)

    1 :

    natural numbers excluding zero

    integers (positive and negative whole numbers)

    real numbers (positive and negative numbers


    that can include a fractional part)

    boolean values (true or false)

    Char : the set of alphanumeric characters

    Specifying the state of the Incubator Monitor System

    UML

    VDM-SL

    IncubatorMonitor

    state IncubatorMonitor of
    temp :

    temp : Integer
    increment()
    decrement()
    getTemp() : Integer

    end

    Specifying the operations in VDM-SL

    IncubatorMonitor
    temp : Integer
    increment()
    decrement()
    getTemp() : Integer

    Each operation specified in


    VDM-SL as follows:
    the operation header
    the external clause
    the precondition
    the postcondition

    The increment operation


    increment()
    wr
    ? :
    ? temp
    < 10
    pre temp
    ?
    ext

    temp => temp


    post temp
    ?
    temp + 1

    temp + 1 = temp
    temp - temp = 1

    The decrement operation


    decrement()
    wr
    ? :
    ? temp
    > -10
    pre temp
    ?
    ext

    temp = temp - 1
    post ?

    The getTemp operation


    getTemp() currentTemp :
    ext

    rd
    ?

    temp :

    pre

    TRUE
    ?

    = temp
    post currentTemp
    ?

    Declaring constants
    It is possible in VDM-SL to specify constants;
    It is done by using the keyword values;
    The declaration would come immediately before the state definition:
    values
    MAX : = 10
    MIN : = -10
    decrement()
    ext

    wr

    temp :

    pre

    MIN
    temp > -10

    post

    temp =

    temp

    -1

    Specifying functions
    A function is a set of assignments from one set to another;
    The function receives an input value (or values) and maps this
    to an output value according to some rule;

    46

    79

    hasPassed

    FALSE
    TRUE

    50

    There are two ways in which we can specify a function in VDM-SL

    Specifying a function explicitly


    The style of this specification is algorithmic;
    We explicitly define the method of transforming the inputs to the output.
    Example

    add:
    add(x, y) x + y
    signature

    definition

    Specifying a function implicitly


    We use a pre- and postcondition in the same way as we
    described for operations;
    A function, however, does not access the state variables.

    add( x : , y : ) z :
    pre ?TRUE
    z=x+y
    post ?

    An absolute function defined implicitly

    abs(z : ) r :
    pre TRUE
    ?
    post z<0
    ? r = -z z 0 r = z

    An absolute function defined explicitly


    abs:
    abs(z) if z < 0
    then -z
    else z

    Recursive functions
    Some functions can be neatly specified by a recursive definition,
    whereby the function calls itself.
    Example
    a factorial function:

    factorial:
    factorial(n) if n = 0
    then 1
    else n x factorial(n - 1)

    State invariants
    Before we specified local constraint with preconditions.
    We can also specify a global constraint.
    In VDM-SL we incorporate such a restriction into the specification
    with a function called a state invariant;
    The invariant definition uses the keyword inv.
    Its signature will be:
    inv : State

    Adding a state invariant into


    the IncubatorMonitor system

    -10 Celsius

    TEMPERATURE

    +10 Celsius

    inv mk-IncubatorMonitor(t) MIN t MAX

    Specifying an initialization function


    An initialization function is given the name init;
    We will assume that when the incubator is turned on, its
    temperature is adjusted until a steady 5 degrees Celsius is
    obtained.

    init mk-IncubatorMonitor(t) t = 5

    The modified state specification


    values
    MAX : = 10
    MIN : = -10
    state IncubatorMonitor of
    temp :
    inv mk-IncubatorMonitor(t) MIN t MAX
    init mk-IncubatorMonitor(t) t = 5
    end

    Improving the Incubator System


    IncubatorController
    requestedTemp : Integer
    actualTemp : Integer
    setIInitialTemp(Integer)
    requestChange(Integer) : Signal
    increment() : Signal
    decrement() : Signal
    getRequestedTemp() : Integer
    getActualTemp() : Integer

    Enumerated types
    The signal sent to the hardware could be one of 3 possible values:
    1.

    an instruction to the hardware to increase the temperature;

    2.

    an instruction to the hardware to decrease the


    temperature;

    3.

    an instruction to the hardware to do nothing.

    A type that consists of a number of named values is often referred


    to as an enumerated type;

    Enumerated types in UML


    A standard method of marking a UML class as an
    enumerated type is to add <<enumeration>> above the
    type name:
    <<enumeration>>
    Signal
    INCREASE
    DECREASE
    DO_NOTHING

    Enumerated types in VDM-SL


    In VDM-SL the types clause is the appropriate place to define
    new types.

    types
    Signal = <INCREASE>|< DECREASE>|< DO_NOTHING>
    values
    ..
    state
    ..
    end

    The nil value


    It is common in the programming world for a value to be undefined;
    VDM-SL allows for this concept by including the possibility of a term
    or expression having the value nil, meaning that it is undefined;
    We do that by placing square brackets around the type name:
    [] natural numbers or nil
    []

    integers or nil.

    When the incubator system first comes into being, the actual and
    requested values will be undefined, and must therefore be set to nil;

    Specifying the IncubatorController


    state
    IncubatorController
    requestedTemp : Integer
    actualTemp : Integer
    setIInitialTemp(Integer)
    requestChange(Integer) : Signal
    increment() : Signal
    decrement() : Signal
    getRequestedTemp() : Integer
    getActualTemp() : Integer

    state IncubatorController of
    requestedTemp : []
    actualTemp : []

    The invariant
    The actual temperature must not be allowed to go outside the
    range of -10 to +10 degrees;
    However we need now to allow for the possibility that it could be
    equal to the nil value;
    The same is true for the requested temperature.

    inv mk-IncubatorController (r, a)


    (MIN r MAX r = nil)

    (MIN a MAX a = nil)

    Improving the readability of the


    spec by using a function
    inRange( val : ) result :
    pre TRUE
    post result MIN val MAX

    inv mk-IncubatorController (r, a)


    (inRange(r) r = nil) (inRange(a) a = nil)

    The initialisation function

    init mk-IncubatorController (r, a)

    r = nil a = nil

    Specifying the setInitialTemp operation

    setInitialTemp( tempIn : )
    ext

    wr actualTemp : []

    pre

    inRange(tempIn) actualTemp = nil

    post actualTemp = tempIn

    The requestChange operation


    requestChange( tempIn : ) signalOut : Signal
    ext

    wr requestedTemp : []
    rd

    actualTemp : []

    pre

    inRange(tempIn) actualTemp nil

    post

    requestedTemp = tempIn
    ( tempIn > actualTemp signalOut = <INCREASE>

    tempIn < actualTemp signalOut = <DECREASE>


    tempIn = actualTemp signalOut = <DO_NOTHING> )

    actualTemp

    The increment operation


    increment () signalOut : Signal
    ext

    pre

    rd

    requestedTemp : []

    wr

    actualTemp : []

    actualTemp < requestedTemp

    actualTemp nil requestedTemp nil


    post

    ( actualTemp < requestedTemp signalOut = <INCREASE>

    actualTemp = requestedTemp signalOut = <DO_NOTHING> )


    actualTemp = actualTemp + 1

    The getRequestedTemp operation

    getRequestedTemp() currentRequested : []
    ext

    rd

    requestedTemp : []

    pre

    TRUE

    post

    currentRequested = requestedTemp

    The getActualTemp operation

    getActualTemp() currentActual : []
    ext

    rd

    actualTemp : []

    pre

    TRUE

    post

    currentActual = actualTemp

    A standard template for VDM-SL specifications


    types
    SomeType = ..
    values
    constantName : ConstantType = someValue
    state SystemName of
    attribute1 : Type
    :
    attributen : Type
    inv mk-SystemName(i1:Type, ..., in:Type) Expression(i1, ..., in)
    init mk-SystemName(i1:Type, ..., in:Type) Expression(i1, ..., in)
    end
    functions
    specification of functions .....
    operations
    specification of operations .....

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy