A Short Introduction to Formal Specifications

Similar documents
Techniques for the unambiguous specification of software

Programming Languages Third Edition

Topic Formal Methods. ICS 121 Lecture Notes. What are Formal Methods? What are Formal Methods? Formal Specification in Software Development

Chapter 27 Formal Specification

Introduction to Formal Methods

A Small Interpreted Language

CSC 501 Semantics of Programming Languages

Chapter 10 Formal Specification

Methods for requirements engineering

Computing Fundamentals 2 Introduction to CafeOBJ

Q Body of techniques supported by. R precise mathematics. R powerful analysis tools. Q Rigorous, effective mechanisms for system.

ΗΜΥ 317 Τεχνολογία Υπολογισμού

! Use of formal notations. ! in software system descriptions. ! for a broad range of effects. ! and varying levels of use. !

Reading assignment: Reviews and Inspections

Lecture 7: Requirements Modeling III. Formal Methods in RE

Page 1. Reading assignment: Reviews and Inspections. Foundations for SE Analysis. Ideally want general models. Formal models

SOFTWARE ENGINEERING DESIGN I

A REVIEW OF BASIC KNOWLEDGE OF DATABASE SYSTEM

Module 3. Requirements Analysis and Specification. Version 2 CSE IIT, Kharagpur

Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 22 Slide 1

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

Chapter 3. Describing Syntax and Semantics

Part 5. Verification and Validation

CIS 1.5 Course Objectives. a. Understand the concept of a program (i.e., a computer following a series of instructions)

Programming Languages 3. Definition and Proof by Induction

3.7 Denotational Semantics

Formal Specification. Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 10 Slide 1

Presented by Jack G. Nestell. Topics for Discussion. I. Introduction. Discussion on the different logics and methods of reasonings of Formal Methods

Proving the Correctness of Distributed Algorithms using TLA

Chapter 4. Capturing the Requirements. 4th Edition. Shari L. Pfleeger Joanne M. Atlee

Goals: Define the syntax of a simple imperative language Define a semantics using natural deduction 1

Propositional Logic. Part I

Chapter 3 (part 3) Describing Syntax and Semantics

A Michael Jackson presentation. CSE503: Software Engineering. The following slides are from his keynote at ICSE 1995

COSC252: Programming Languages: Semantic Specification. Jeremy Bolton, PhD Adjunct Professor

3.4 Deduction and Evaluation: Tools Conditional-Equational Logic

Verification and Validation

1.1 - Introduction to Sets

CS 242. Fundamentals. Reading: See last slide

ACONCURRENT system may be viewed as a collection of

Sub- PPL Unit-I Class-SE Comp

LOGIC AND DISCRETE MATHEMATICS

ΗΜΥ 317 Τεχνολογία Υπολογισμού

Formal Methods in Software Design. Markus Roggenbach

Contents. Chapter 1 SPECIFYING SYNTAX 1

Handout 9: Imperative Programs and State

Axiomatic Specification. Al-Said, Apcar, Jerejian

Requirements Validation and Negotiation

6.001 Notes: Section 6.1

Multi-paradigm Declarative Languages

Formal Methods. CITS5501 Software Testing and Quality Assurance

The Maude LTL Model Checker and Its Implementation

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27

Denotational Semantics. Domain Theory

Cover Page. The handle holds various files of this Leiden University dissertation

Testing! Prof. Leon Osterweil! CS 520/620! Spring 2013!

Foundations. Yu Zhang. Acknowledgement: modified from Stanford CS242

Virtual World Development

Data types for mcrl2

Verification and Validation

Chapter 3. Describing Syntax and Semantics ISBN

Chapter 3. Describing Syntax and Semantics

Introduction to Software Specifications and Data Flow Diagrams. Neelam Gupta The University of Arizona

PdOd Kev Events I Re-world war I1 rwa

Organization of Programming Languages CS3200/5200N. Lecture 11

Recommended Practice for Software Requirements Specifications (IEEE)

CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Dan Grossman Spring 2011

1.1 Software Life Cycle

Chapter 3: Propositional Languages

SEMANTIC ANALYSIS TYPES AND DECLARATIONS

Chapter 3. Semantics. Topics. Introduction. Introduction. Introduction. Introduction

Formal Verification. Lecture 10

6.001 Notes: Section 8.1

OpenMath and SMT-LIB

EXTENSIONS OF FIRST ORDER LOGIC

Specification and Analysis of Contracts Tutorial

Logic Programming Languages

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011

1 Introduction. 3 Syntax

(Refer Slide Time: 4:00)

Modeling Issues Modeling Enterprises. Modeling

Programming Languages (PL)

«Computer Science» Requirements for applicants by Innopolis University

Category Theory in Ontology Research: Concrete Gain from an Abstract Approach

Evaluation of Predicate Calculus By Arve Meisingset, retired research scientist from Telenor Research Oslo Norway

A Small Permutation Group Engine by: Gregory Kip. COMS W4115 Programming Languages and Translators Prof. Stephen Edwards

Local Specialization in Open-Axiom

Simulation and Verification of Timed and Hybrid Systems

Talen en Compilers. Jurriaan Hage , period 2. November 13, Department of Information and Computing Sciences Utrecht University

Z Notation. June 21, 2018

From Types to Sets in Isabelle/HOL

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

This book is licensed under a Creative Commons Attribution 3.0 License

Formal Modelling of Railway Interlockings Using Event-B and the Rodin Tool-chain

Software Engineering: A Practitioner s s Approach, 6/e Roger Pressman. Chapter 28 Formal Methods

Post and Jablonsky Algebras of Compositions (Superpositions)

Logic as a framework for NL semantics. Outline. Syntax of FOL [1] Semantic Theory Type Theory

Sequence-Based Specification

Using LNT Formal Descriptions for Model-Based Diagnosis

An Introduction to ProofPower

Transcription:

A Short Introduction to Formal Specifications Prof. Dr. Hans J. Schneider Lehrstuhl für Programmiersprachen und Programmiermethodik Friedrich-Alexander-Universität Erlangen-Nürnberg 30.11.2000 Methods and Languages Algebraic Specification Model-Oriented, Operational Specification Temporal Logic FAU - Programmiersprachen und Programmiermethodik 30.11.2000/1

Formal Specification Categories of formalism: Informal : These techniques do not have complete sets of rules to constrain the models that can be created. Semiformal : These techniques have defined syntax. Typical instances are diagrammatic techniques. Formal : These techniques have rigorously defined syntax and semantics. There is an underlying theoretical model against which a description can be verified. Methods and languages Model-oriented vs. algebraic methods FAU - Programmiersprachen und Programmiermethodik 30.11.2000/2

Formal Specification Categories of formalism Methods and languages: Formal specification methods enable a software engineer to specify, develop, and verify a computer-based system by applying a rigorous, mathematical notation for describing system properties. Using a formal specification language, a formal method provides a means for specifying a system so that consistency, completeness, and correctness can be assessed in a systematic fashion. Model-oriented vs. algebraic methods FAU - Programmiersprachen und Programmiermethodik 30.11.2000/3

Formal Specification Categories of formalism: Methods and languages: Model-oriented vs. algebraic methods: Model oriented : A system is modeled using mathematical entities and describing their modification. Algebraic : Object classes are specified in terms of the relationships between the operations defined on the classes. FAU - Programmiersprachen und Programmiermethodik 30.11.2000/4

Formal Specification Languages Aspects of a formal specification language: a syntax that defines the specific notation with which the specification is represented, a semantics that helps to define a universe of objects that will be used to describe the system, and a set of relations that defines the rules that indicate which objects properly satisfy the specification. The syntactic domain of a formal specification language is often based on a syntax that is derived from standard set theory notation and predicate calculus. The semantic domain of a specification language indicates how the language represents system requirements. Some examples FAU - Programmiersprachen und Programmiermethodik 30.11.2000/5

Formal Specification Languages Aspects of a formal specification language Some examples: Larch is an algebraic, sequential language. A mnemonic notation rather than specialized symbols is used. Z is a model oriented, sequential language based on typed set theory. Z allows specifications to be integrated (reused) and has graphical highlighting. Temporal Logic is a model-oriented, concurrent language that supports statements allowing to describe properties of sequences of states using temporal operators. FAU - Programmiersprachen und Programmiermethodik 30.11.2000/6

Advantages and Disadvantages of Formal Methods The desired properties of a formal specification lack of ambiguity, consistency, and completeness are the objectives of all specification methods. However, the use of formal methods results in a much higher likelihood of achieving these ideals. Advantages: Enhanced insight into and understanding specifications by revealing contradictions, ambiguities, incompleteness, Help in verification of the specification and their implementations, Possible assistance in moving from requirements specification to their programming implementation. Disadvantages FAU - Programmiersprachen und Programmiermethodik 30.11.2000/7

Advantages and Disadvantages of Formal Methods Desired properties Advantages Disadvantages: Application of formal methods needs tool support. Writing (and reading) a formal specification requires some familiarity with mathematical notation. The very formality which makes formal specifications desirable during the later phases makes them an inappropriate tool for communicating with the end user. Formal specifications may not be an ideal tool for exploring and discovering the problem structure. The payoff of the upfront investment is not immediate and difficult to quantify. FAU - Programmiersprachen und Programmiermethodik 30.11.2000/8

Formal Methods Are Recognized to be Necessary Electronic Mail of Oct. 6th, 2000: Intel Texas Development Center is offering positions in its Formal Verification Group. Wall Street Journal of Nov. 21st, 2000: Early shipments of Intel s new Pentium 4 microprocessor contained an incorrect piece of software code, the chipmaker announced yesterday. (http://www.msnbc.com/493028.asp) FAU - Programmiersprachen und Programmiermethodik 30.11.2000/9

A Short Introduction to Formal Specifications Prof. Dr. Hans J. Schneider Lehrstuhl für Programmiersprachen und Programmiermethodik Friedrich-Alexander-Universität Erlangen-Nürnberg 30.11.2000 Methods and Languages Algebraic Specification Model-Oriented, Operational Specification Temporal Logic FAU - Programmiersprachen und Programmiermethodik 30.11.2000/10

Algebraic Specification An algebraic specification consists of three parts: a syntactic specification, a semantic specification, a restriction specification. The syntactic specification lists the names of the type, its operations and the types of the arguments and of the result of the operations. The semantic specification consists of a set of algebraic equations which describe the properties of the operations in a representation independent manner. The restriction specification states conditions which must be satisfied before the operations can be applied (or after they are completed). FAU - Programmiersprachen und Programmiermethodik 30.11.2000/11

Algebraic Specification of Queues The syntactic specification lists the names of the type, its operations and the types of the arguments and of the result of the operations. Example: init qu : queue append : queue item queue f ront : queue item remove : queue queue is emty qu : queue bool FAU - Programmiersprachen und Programmiermethodik 30.11.2000/12

Algebraic Specification of Queues The semantic specification consists of a set of algebraic equations which describe the properties of the operations in a representation independent manner. Example: is empty qu(init qu) is empty qu(append(q, i)) f ront(append(init qu), i) front(append(append(q, i), i )) = true = f alse = i = front(append(q, i)) remove(append(init qu), i) = init qu remove(append(append(q, i), i )) = append(remove(append(q, i)), i ) FAU - Programmiersprachen und Programmiermethodik 30.11.2000/13

Algebraic Specification of Queues The restriction specification states conditions which must be satisfied before the operations can be applied (or after they are completed). Example: f ront(init qu) = error remove(init qu) = error FAU - Programmiersprachen und Programmiermethodik 30.11.2000/14

Algebraic Specification: Consistency And Completeness Semantics: is empty qu(init qu) is empty qu(append(q, i)) f ront(append(init qu), i) front(append(append(q, i), i )) = true = f alse = i = front(append(q, i)) remove(append(init qu), i) = init qu remove(append(append(q, i), i )) = append(remove(append(q, i)), i ) Consistency: If the specifier has understood the problem, (s)he does not write an inconsistent specification. Completeness: The specification is sufficiently complete if each term that ends in a primitive sort can be reduced to a term that does not contain any of the new operations. FAU - Programmiersprachen und Programmiermethodik 30.11.2000/15

Parcel Distribution Machine Schema of a switch: Entry Exit Exit FAU - Programmiersprachen und Programmiermethodik 30.11.2000/16

Parcel Distribution Machine Datatypes dir = {l, r} req dir = dir {a} l = left, r = right, a = arbitrary Operations on the switch: init sw : dir sw shif t : sw req dir sw entry : sw sw exit : sw dir sw is empty sw : sw bool act dir : sw dir FAU - Programmiersprachen und Programmiermethodik 30.11.2000/17

Algebraic Specification of the Switch is empty sw returns true if and only if each parcel that has entered the switch has also left it: is empty sw(init) = true is empty sw(entry(s)) = f alse is empty sw(exit(entry(s), d)) = is empty(s) is not affected by the shift operation: is empty sw(shift(s, d)) = is empty sw(s) Error indicating combinations: Missing entry signal: exit(init sw(d), d ) Switch does not work: exit(shift(s, d), d ) with d d FAU - Programmiersprachen und Programmiermethodik 30.11.2000/18

Algebraic Specification of the Switch act dir is set initially: act dir(init sw(d)) = d is influenced by shifting the switch: act dir(shift(s, d)) = act dir(s) if d = a = act dir(s) if is empty sw(s) = d otherwise is checked by parcels passing an exit: act dir(exit(s, d)) = d is not influenced by parcels entering the switch area: act dir(entry(s)) = act dir(s) FAU - Programmiersprachen und Programmiermethodik 30.11.2000/19

Problems in Specifying Concurrent Processes An operation may affect operations belonging to other objects. Example: A parcel arriving at the entry point of a distribution station affects the state of the arriving queue, the state of the internal queue, the state of the switch. An operation can not be executed until a specific condition is satisfied. There are timing aspects. FAU - Programmiersprachen und Programmiermethodik 30.11.2000/20

A Short Introduction to Formal Specifications Prof. Dr. Hans J. Schneider Lehrstuhl für Programmiersprachen und Programmiermethodik Friedrich-Alexander-Universität Erlangen-Nürnberg 30.11.2000 Methods and Languages Algebraic Specification Model-Oriented, Operational Specification Temporal Logic FAU - Programmiersprachen und Programmiermethodik 30.11.2000/21

Z: A State-Based Technique A Z specification consists of a set of schemas, usually accompanied by corresponding and complementary informal description. A schema consists of a name (which may be omitted in some cases), a set of characteristic entities, a (possibly empty) set of constraints on these entities. Schemas are used to describe the admissible states of a system, the effect operations of the system have on the states, the relationship between the states of the system at different levels of abstraction. FAU - Programmiersprachen und Programmiermethodik 30.11.2000/22

Z: A State-Based Technique Schema defining admissible states: Name Declarations of entities Constraints Schema defining the effect of an operation: Name of Operation States affected by operation Parameters Relations between entities FAU - Programmiersprachen und Programmiermethodik 30.11.2000/23

Distribution Machine: Z-Definitions Directions: Directions dir, req dir : Set dir = {l, r} req dir = dir {a} Switches: Switch act dir : dir is empty sw : Bool no prc : N is empty sw = (no prc = 0) FAU - Programmiersprachen und Programmiermethodik 30.11.2000/24

Distribution Machine: Z-Definitions Directions Switches Distribution stations: DistStat sw : Switch arr prc, int prc : Queue succ : dir Stat Stations: Stat = DistStat T gtstat no prc may be replaced by length(int prc). FAU - Programmiersprachen und Programmiermethodik 30.11.2000/25

Effect of a Parcel Entering a Station Announce: Announce DistStat p? : P arcel arr prc = append(arr prc, p?) int prc = int prc lg(int prc) = 0 sw = sw.shift(nxt dir(p?)) Shift Entry FAU - Programmiersprachen und Programmiermethodik 30.11.2000/26

Effect of a Parcel Entering a Station Announce Shift: Shift Switch d? : req dir d? dir lg(int prc) = 0 act dir = d? d? dir lg(int prc) 0 act dir = act dir no prc = no prc Entry FAU - Programmiersprachen und Programmiermethodik 30.11.2000/27

Effect of a Parcel Entering a Station Announce Shift Entry: Entry DistStat Switch int prc = append(int prc, front(arr prc)) arr prc = remove(arr prc) no prc = no prc + 1 act dir = act dir succ = succ FAU - Programmiersprachen und Programmiermethodik 30.11.2000/28

Effect of a Parcel Leaving a Station Exit: Exit DistStat Switch d? : dir act dir = d? no prc = no prc 1 arr prc = arr prc int prc = remove(int prc) succ(d?).announce(f irst(int prc)) lg(arr prc) 0 lg(int prc) = 0 sw = sw.shift(nxt dir(front(arr prc))) FAU - Programmiersprachen und Programmiermethodik 30.11.2000/29

Z: A Conclusion Schemas are used to describe the admissible states of a system, the effect operations of the system have on the states, the relationship between the states of the system at different levels of abstraction. Advanced notations allow to simplify specifications by modularization: Schema inclusion, Schema disjunction and schema conjunction, Restricting the constraint part to variables that change their value. FAU - Programmiersprachen und Programmiermethodik 30.11.2000/30

A Short Introduction to Formal Specifications Prof. Dr. Hans J. Schneider Lehrstuhl für Programmiersprachen und Programmiermethodik Friedrich-Alexander-Universität Erlangen-Nürnberg 30.11.2000 Methods and Languages Algebraic Specification Model-Oriented, Operational Specification Temporal Logic FAU - Programmiersprachen und Programmiermethodik 30.11.2000/31

Temporal Logic We assume a linearly ordered, infinite sequence of states x = (s 0, s 1, s 2,...) Each state is associated with a point of time. There is an initial state. Notations: x i = (s i, s i+1, s i+2,...), especially: x 0 = x. x = p means that p is true in the first state of sequence x. Standard operations: x = p q x = p x = q x = p (x = p) FAU - Programmiersprachen und Programmiermethodik 30.11.2000/32

Temporal Logic Basic temporal operations: Next time: X p Definition: x = X p x 1 = p Until: p U q Definition: x = p U q ( j)(x j = q ( k < j)(x k = p) Comment: There is a future state satisfying q, and p is valid in the meantime. (May be that p also holds later on.) Please note that these definitions are recursive: p and q may be composed of temporal operations. Example: is empty qu(arr prc(s)) is empty qu(int prc(s)) X act dir(s) = nxt dir(front(arr prc(s))) FAU - Programmiersprachen und Programmiermethodik 30.11.2000/33

Derived Temporal Operations Basic temporal operations: Next time: X p Until: p U q Sometimes: x = p ( j)(x j = p) p true U p Always: x = p ( j)(x j = p) p p FAU - Programmiersprachen und Programmiermethodik 30.11.2000/34

Derived Temporal Operations Basic temporal operations: Next time: X p Until: p U q Unless: x = p W q (x = p U q x = p) Temporal consequence: If p holds sometimes, then at a later point of time, q will hold: x = (p q) Infinitely often: x = q ( j)( k > j)(q holds in s k ) FAU - Programmiersprachen und Programmiermethodik 30.11.2000/35

Conclusion Importance of mathematical techniques In fields of engineering such as mechanical engineering and electrical engineering, mathematical techniques based on geometry, calculus and complex function theory have been developed and put to invaluable industrial use for more than two hundred years. Mathematical techniques for specification, development and verification of software systems, often termed formal methods, are now coming into use for the construction of real systems,... in particular for the development of systems whose function or malfunction may seriously affect lives, property and society. Testing vs. correctness proof Effects of formal methods FAU - Programmiersprachen und Programmiermethodik 30.11.2000/36

Conclusion Importance of mathematical techniques It is important to distinguish between testing and correctness proofs. Testing is performed by executing the product in a known environment using selected test data. A correctness proof is a formal mathematical verification that the product is correct with respect to a given specification. Effects of formal methods FAU - Programmiersprachen und Programmiermethodik 30.11.2000/37

Conclusion Importance of mathematical techniques Testing vs. correctness proof Effects of formal methods: The need to write precisely concerning what is meant by the operations required by a user can cause many points of clarification to arise. The fewer of these left outstanding, the less the scope for error in subsequent stages. It would seem feasible to use formal specifications to direct the testing process into corners of the operational envelope of the system where errors are most likely to lurk. An inevitable consequence of the application of rigorous mathematical analysis to the specification phase of a project is the calling into question of many of the assumptions made thus. FAU - Programmiersprachen und Programmiermethodik 30.11.2000/38

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback