TMA2053 Formal Methods

Modelling Unordered Collections

Resources
1. P.G. Larsen, Lecture Note, Defining Data and Functionality, iha.dk.
2. John Fitzgerald, et al., Validate Designs for OO Systems, Springer, 2005.
3. CSK Corp, VDMTools: The VDM++ Language, Ver6.8.1, 2005

Assoc Prof Dr Edwin Mit

Dept of Computing and Software Engineering
Faculty of Computer Sc. & IT., UNIMAS
Tel : 082-58(3799)
edwin@fit.unimas.my

TMA2053 FM 1
 VDM++ Class Outline
class <class-name>
instance variables
... Internal object state
types
values
functions Definitions
operations
...

thread
... Dynamic behaviour
sync
... Synchronization control

TMA2053 FM
end <class-name>
2
 Agenda

 To understand the syntax and semantic, and the

application of unorder collection (set):

– Set Characteristics.
– The Robot Controller

TMA2053 FM 3
 Set Characteristics
• Sets are unordered collections of elements
• There is only one copy of each element
• The elements can be sets as well, i.e., sets in set.
• Example
set of set of Student
Note: Student is user define type (e.g., record, mapping, etc)
Student = map ID to Name;
• Sets in VDM++ are finite
• Set types in VDM++ are written as:
– set of Type
• Example
set of nat
TMA2053 FM 4
 Set Membership

• If an object x is a member (an element) of a set

A, then we write “x  A”; if it is not a member
then we write “x  A”.

• “x  A” can be written as “x in set A”

• “x  A” can be written as “x not in set A”

TMA2053 FM 5
 Set Enumeration

A set enumeration consists of a comma-separated list

enclosed between curly braces, ”{…}”

For examples
{1,5,8,1,3}
{true, false}
{{}, {4,3},{2,4}}
{‘G’,’O’,’D’}
{3.567, 0.33455,7.777}
are all sets.

The empty set can be written as “{ }” or “”

TMA2053 FM 6
 The Subset Relation
The set A is said to be a subset of the set B
if every element of A is also an element of B.

The subset relation is written as ”A  B”

or as ”A subset B”

Examples;
{1,2,3}  {1,2,3,4,5}
{ }  {1,2,3}
{3,2,3,2}  {2,3}
{x,y,z}  {y,z} {SE students}  {UNIMAS students}?

The examples yield true, true, true and false (element x

of set A not in set B) respectively
TMA2053 FM 7
 Set Equality

Two sets are equal if both are subsets of each other

i.e., A  B and B  A implies that A = B

Examples:
Order not important.
{2,4,2,1} = {4,1,2} One copy of each element.
{true, true, false} = {false, true}
{1,1,1,1,1,1,1,1,1,1,1,1} = {1}
{3,4,5} = {3,5,5} A not subset B.

The examples yield true, true, true and false (set

A is not subset of B) respectively.
TMA2053 FM
8
 Proper Subsets
The set A is said to be a proper subset of the set B if every
element of A is also an element of B and B has at least
member that is not a member of A.

The proper subset relation is written as ”A  B”

or as ”A psubset B”

Examples:
{1,2,3}  {1,2,3,4,5}
{ }  {1,2,3} {SE students}  {UNIMAS students}?
{3,2,3,2}  {2,3} {UNIMAS students}  {SE Students}?

The examples yield true, true and false (i.e., none of B

that is not member of A) respectively
TMA2053 FM 9
 Set Cardinality

The cardinality of a set is the number of different

elements i.e., its size

The cardinality of a set S is written as “card S”

Examples:
card {1,2,3}
card { }
card {3,2,3,2}

The quick examples yield 3, 0 and 2 respectively

TMA2053 FM 10
 Powersets
• If S is a set then the power set of S is the set of
all subsets of S.
• The powerset of a set S is written as “P S” or
“power S”
• Quick examples:
The quick examples yield
(a) power {1,2,} (a) {{},{1},{2},{1,2}}
(b) {{}}
(b) power { } (c){{},{1},{2},{3},{1,2},{1,3},{2,3},{1,2,3}}

(c) power {3,2,3,1} (d) { {},{ {} },{ { 6 } },{ { 7 } },

{ { 6,7 } },{ { },{ 6 } },{ { },{ 7 } },{ {
(d) power power {6,7} },{ 6,7 } },{ { 6 },{ 7 } },{ { 6 },{ 6,7 } },
{ { 7 },{ 6,7 } },{ { },{ 6 },{ 7 } },{ { },
{ 6 },{ 6,7 } },{ { },{ 7 },{ 6,7 } },
{ { 6 },{ 7 },{ 6,7 } },{ { },{ 6 },{ 7 },
{ 6,7 } } } respectively.
TMA2053 FM 11
 Set Union
The union of two sets combines all their elements
into one set.
The union of two sets A and B is written as ”A  B”
or ”A union B”

Examples:
{1,2,2} union {1,6,5}
{ } union {true}
{3,2,3,1} union {4}

The examples yield {1,2,5,6}, {true}

and{1,2,3,4} respectively
TMA2053 FM 12
 Set Intersection
The intersection of two sets is the set of all elements
that are in both of the original sets.

The intersection of two sets A and B is written as

”A  B” or ”A inter B”

Examples:
{1,2,2} inter {1,6,5}
{ } inter {true}
{3,2,3,1} inter {4} {SE students take 3rd year courses} inter
{SE students take 4th year courses}?
The examples yield {1}, {} and {} respectively.
TMA2053 FM 13
 Distributed Set Operators

• Union and intersection can be distributed

over a set of sets
• Distributed set union
– To be written as  (or dunion in ASCII)
– dunion {{ 2,4},{3,1,2},{2,3,4,3}} Will yield
{1,2,3,4}
– dunion {{ 2,4},{3,1,1},{}} {1,2,3,4}
{true, false}
– dunion {{true},{false},{}}
• Distributed set intersection
– To be written as  (or dinter in ASCII)
– dinter {{ 2,4},{3,1,2},{2,3,4,3}} Distributed set intersection
– dinter {{ 2,4},{3,1,1},{}} {2}
{}
– dinter {{true},{false},{}} {}
TMA2053 FM 14
 Set Difference

The set difference of two sets A and B is the set of

elements from A which is not in B

The set difference of two sets A and B is written as

”A \ B”

Examples:
{1,2,2} \ {1,6,5}
{ } \ {true}
{3,2,3,1} \ {4}
{UNIMAS students} \ {SE students}?

TMA2053 FM
The examples yield {2}, {} and{1,2,3} 15
 Overview of Set Operators
e in set s1 Membership () A * set of A -> bool
e not in set s1 Not membership () A * set of A -> bool
s1 union s2 Union () set of A1 * set of A2 -> set of A
s1 inter s2 Intersection () set of A1 * set of A2 -> set of A
s1 \ s2 Difference (\) set of A1 * set of A2 -> set of A
s1 subset s2 Subset () set of A1 * set of A2 -> bool
s1 psubset s2 Proper subset () set of A1 * set of A2 -> bool
s1 = s2 Equality (=) set of A1 * set of A2 -> bool
s1 <> s2 Inequality (≠) set of A1 * set of A2 -> bool
card s1 Cardinality set of A -> nat
dunion s1 Distr. Union () set of set of A -> set of A
dinter s1 Distr. Intersection () set of set of A -> set of A
power s1 Finite power set (P) set of A -> set of set of A

TMA2053 FM 16
 Set Range Expressions
• The set range expression is a special case of
a set comprehension. It has the form
{e1, ..., e2}
• where e1 and e2 are numeric expressions.
The set range expression denotes the set of
values from e1 to e2 inclusive.
– Examples:
{2.718,...,3.141}
{1,...,5}
• If e2 is smaller than e1 the set range
expression denotes the empty set.
– Examples:
{3.141,...,2.718}
TMA2053 FM
{8,...,6} 17
 Set Comprehensions
Using predicates to define sets implicitly
In VDM++ formulated like:
{element | list of bindings & predicate}
The predicate part is optional

Examples:
{3 * x | x : nat & x < 3} or {3 * x | x in set {0,…,2}}
{x | x : nat & x < 5} or {x | x in set {0,…,4}}

The examples yield

{0,3,6},
{0,1,2,3,4} respectively.
TMA2053 FM 18
 Example from Lecture 4
Set Comprehension
Set comprehension has the form:
{e | b1, b2, …,bn & P}

Expression e = inv k
Binding = forall k and set {1..50}
Predicate p = k<30

TMA2053 FM 19
 Reflection Exercise QL11(a)
What are the set enumerations for:
(a) {x|x : nat & x < 3}
(b) {x|x : nat & x > 3 and x < 6}
(c) {{y}| y in set {3,1,7,3}}
(d) {x+y| x in set {1,2}, y in set {7,8}}
(e) {mk_(x,y)| x in set {1,2,7}, y in set {2,7,8} & x > y}
(f) {y|y in set {0,1,2} & exists x in set {0,…,3} & x = 2 * y}
(g) {x = 7| x in set {1,…,10} & x < 6}

TMA2053 FM 20
 Agenda

 To understand the syntax and semantic, and

the application of unorder collection (set):

– Set Characteristics.
– The Robot Controller

TMA2053 FM 21
 The Robot Controller
• A system for navigating a
robot from a start point, via a
collection of waypoints to a
final destination, where it
performs some task, e.g.,
delivering a payload

TMA2053 FM 22
 Existing Subsystems

Position Sensor: This is used to find the robot's

current location and the direction in which it is
moving.
Steering Controller: This controls the direction in
which the robot travels.
Steering Monitor: A system used to ensure that the
steering controller is operating within known safe
boundaries.

TMA2053 FM 23
 Controller Requirements
1. The robot's current position is always available to
the controller from a position sensor.
2. The robot has a predetermined journey plan based
on a collection of waypoints.
3. The robot must navigate from waypoint to waypoint
without missing any.
4. The robot moves only horizontally or vertically in the
Cartesian plane. It is not physically capable of
changing direction with an angle greater than 90o.
Attempts to do so should be logged.
5. If the robot is off-course, i.e., it cannot find a route
to the next waypoint, it should stop in its current
position.
6. The robot is able to detect obstacles in its path.
TMA2053 FM 24
 Class Diagram for Robot
Controller

TMA2053 FM 25
 A Collection of Points
• What instance variables class Point
should the Point class instance variables
x: nat;
have? y: nat;
• How should the index: nat
end Point
journeyPlan association
between the Controller and
Point be made?
class Controller
instance variables
journeyPlan : set of Point;
end Controller

TMA2053 FM 26
 Example Journey Plan

{new Point(1, 4, 1),

new Point(4, 5, 2),
new Point(6, 8, 3),
new Point(10, 8, 4),
new Point(9, 11, 5),
new Point(8, 13, 6),
new Point(11, 13, 7)}

TMA2053 FM 27
 The GetPointAtIndex Operation

public GetPointAtIndex: set of Point * nat ==> Point

GetPointAtIndex(pts, index) ==

let p in set pts be st p.GetIndex() = index

in p

pre exists p in set pts & p.GetIndex() = index;

TMA2053 FM 28
TMA2053 FM 29
 Arriving at a Waypoint
• journeyPlan desirable index properties
1. Next waypoint has index 1
2. Final waypoint has index equal to number of
waypoints
3. Indices are numbered consecutively
• Modeled as invariant inside Controller:
inv {p.GetIndex() | p in set journeyPlan &
index in set {1,..., card journeyPlan};

TMA2053 FM 30
 Example

TMA2053 FM 31
 Summary

• We already discuss :
– The notion of sets as unordered collections
– The basic operations in VDM++ for manipulating
sets
– The robot controller example

TMA2053 FM 32
 Thanks

If you have any

question(s)/comment(s)/
suggestion(s), please email
to me at edwin@unimas.my
or post in eLEAP forum.

TMA2053 FM 33