Docstoc

Personal Home at UEL

Document Sample
Personal Home at UEL Powered By Docstoc
					An introduction to specification in VDM-SL

At the end of this lecture you should be able to:

 •   write a formal specification of a system in VDM-SL;
 •   correlate the components of a UML class diagram with
     those of a VDM specification;
 •   declare constants and specify functions to enhance the
     specification;
 •   explain the use of a state invariant to place a global
     constraint on the system;
 •   explain the purpose of the nil value in VDM.
        The Incubator case study

The temperature of the
incubator needs to be carefully
controlled and monitored;


Safety requirements :



-10 Celsius      TEMPERATURE      +10 Celsius
The UML specification


    IncubatorMonitor

   temp : Integer

   increment()
   decrement()
   getTemp() : Integer
Specifying the ‘state’ in VDM-SL
 IncubatorMonitor

temp : Integer

increment()
decrement()
getTemp() : Integer
The VDM
state refers
to the
permanent
data stored
by the          IncubatorMonitor
system.
               temp : Integer

               increment()
               decrement()
               getTemp() : Integer


    In VDM-SL we use mathematical types
The intrinsic types available in VDM-SL
:     natural numbers (positive whole numbers)

1 :   natural numbers excluding zero

:     integers (positive and negative whole numbers)

:     real numbers (positive and negative numbers
       that can include a fractional part)

:     boolean values (true or false)

Char : the set of alphanumeric characters
Specifying the state of the Incubator Monitor System
      UML                    VDM-SL
 IncubatorMonitor     state IncubatorMonitor of
temp : Integer              temp :   
                      end
increment()
decrement()
getTemp() : Integer
Specifying the operations in VDM-SL
IncubatorMonitor
                      Each operation specified in
temp : Integer        VDM-SL as follows:

                          the operation header
increment()               the external clause
decrement()               the precondition
getTemp() : Integer       the postcondition
IncubatorMonitor

temp : Integer

increment()
decrement()
getTemp() : Integer
increment()
ext  ?    ?
    wr temp : 
pre temp < 10
     ?
      ?
post temp = temp + 1
      temp > temp

      temp + 1 = temp
      temp - temp = 1
IncubatorMonitor

temp : Integer

increment()
decrement()
getTemp() : Integer
decrement()
ext  ?    ?
    wr temp : 
pre temp > -10
     ?
post ?
     temp = temp - 1
IncubatorMonitor

temp : Integer

increment()
decrement()
getTemp() : Integer
getTemp( ) currentTemp :
           
ext rd temp :
     ?
    
    ?
pre TRUE
post currentTemp = temp
          ?
Declaring constants
Constants are specified using the keyword values.
The declaration would come immediately before the state
definition:

              values
                       MAX :  = 10
                       MIN :  = -10


               decrement()
               ext      wr      temp : 
               pre             MIN
                       temp > -10
               post    temp =    temp - 1
Specifying functions
    36
                     FALSE
   79   hasPassed   TRUE    
    50
There are two ways in which we can
specify a function in VDM-SL:


     Explicitly and implicitly
   Specifying a function explicitly


Example




           add:    
           add(x, y) ∆ x + y

          signature   definition
Specifying a function implicitly




  add( x :  , y :  ) z : 
  pre ?  TRUE
        z
  post ? = x + y
An absolute function defined implicitly


 abs(z : ) r : 
 pre  TRUE
        ?
 post z<0  r = -z  z  0  r = z
        ?
An absolute function defined explicitly


      abs:   
      abs(z) ∆ if z < 0
               then -z
               else z
       Two special functions

The state invariant and initialisation
State


        inv            
              Returns true if the
              state meets global
              constraint and false
              otherwise
        Adding a state invariant into
        the IncubatorMonitor system


-10 Celsius    TEMPERATURE      +10 Celsius




  inv            ?             ?
        Adding a state invariant into
        the IncubatorMonitor system


-10 Celsius     TEMPERATURE      +10 Celsius




  inv mk-IncubatorMonitor(t)    ?
        Adding a state invariant into
        the IncubatorMonitor system


-10 Celsius    TEMPERATURE         +10 Celsius




  inv mk-IncubatorMonitor(t)  MIN  t  MAX
State


        init           
           Returns true if the
           correct initial values
           have been given to the
           state and false otherwise
Specifying an initialization function


 We will assume that when the incubator is turned
 on, its temperature should be adjusted until a
 steady 5 degrees Celsius is obtained.



init              ?                   ?
Specifying an initialization function


 We will assume that when the incubator is turned
 on, its temperature should be adjusted until a
 steady 5 degrees Celsius is obtained.



init mk-IncubatorMonitor(t)           ?
Specifying an initialization function


 We will assume that when the incubator is turned
 on, its temperature should be adjusted until a
 steady 5 degrees Celsius is obtained.



init mk-IncubatorMonitor(t)  t = 5
 The modified state specification

values
      MAX :  = 10
      MIN :  = -10

state IncubatorMonitor of
      temp : 
inv mk-IncubatorMonitor(t)  MIN  t  MAX
init mk-IncubatorMonitor(t)  t = 5
end
Improving the Incubator System

           IncubatorController

    requestedTemp : Integer
    actualTemp : Integer

    setIInitialTemp(Integer)
    requestChange(Integer) : Signal
    increment( ) : Signal
    decrement( ) : Signal
    getRequestedTemp( ) : Integer
    getActualTemp( ) : Integer
Improving the Incubator System

           IncubatorController

    requestedTemp : Integer           Signal is an
    actualTemp : Integer
                                      enumerated
    setIInitialTemp(Integer)          type
    requestChange(Integer) : Signal
    increment( ) : Signal
    decrement( ) : Signal
    getRequestedTemp( ) : Integer
    getActualTemp( ) : Integer
   Enumerated types in UML

A standard method of marking a UML class as an
enumerated type is to add <<enumeration>> above
the type name:


               <<enumeration>>
                    Signal

                  INCREASE
                  DECREASE
                 DO_NOTHING
    Enumerated types in VDM-SL

In VDM-SL the types clause is the appropriate
place to define new types.

types
        Signal = <INCREASE>|< DECREASE>|< DO_NOTHING>

values
      …..
state
      …..
end
                      The nil value
It is common in the programming world for a value to be undefined

VDM-SL allows for this concept by including the possibility of a term
or expression having the value nil, meaning that it is undefined;




                          x:
                                           ‘x’ must be a
                                           natural number
                      The nil value
It is common in the programming world for a value to be undefined

VDM-SL allows for this concept by including the possibility of a term
or expression having the value nil, meaning that it is undefined;




                          x : []              ‘x’ can be a
                                               natural
                                               number or nil
                      The nil value
It is common in the programming world for a value to be undefined

VDM-SL allows for this concept by including the possibility of a term
or expression having the value nil, meaning that it is undefined;




                          x : []
  When the incubator system first comes into being, the actual
  and requested values will be undefined, and must therefore be
  set to nil.
Specifying the IncubatorController state


       IncubatorController         state IncubatorController of

 requestedTemp : Integer                  requestedTemp : ?
 actualTemp : Integer
                                          actualTemp : ?
 setIInitialTemp(Integer)
 requestChange(Integer) : Signal
 increment() : Signal
 decrement() : Signal
 getRequestedTemp() : Integer
 getActualTemp() : Integer
Specifying the IncubatorController state


       IncubatorController         state IncubatorController of

 requestedTemp : Integer                  requestedTemp : 
 actualTemp : Integer
                                          actualTemp : 
 setIInitialTemp(Integer)
 requestChange(Integer) : Signal
 increment() : Signal
 decrement() : Signal
 getRequestedTemp() : Integer
 getActualTemp() : Integer
Specifying the IncubatorController state


       IncubatorController         state IncubatorController of

 requestedTemp : Integer                  requestedTemp : [ 
 actualTemp : Integer              ]

 setIInitialTemp(Integer)                 actualTemp : [  ]
 requestChange(Integer) : Signal
 increment() : Signal
 decrement() : Signal
 getRequestedTemp() : Integer
 getActualTemp() : Integer
                      The invariant
                  state IncubatorController of
The requested
 temperature             requestedTemp : [ 
must be in the    ]
range of -10 to
 +10 degrees             actualTemp : [  ]




   inv mk-IncubatorController (r, a) 
          MIN  r  MAX
                      The invariant              The requested
                                                  temperature
                                                  could be nil
                  state IncubatorController of
The requested
 temperature             requestedTemp : [ 
must be in the    ]
range of -10 to
 +10 degrees             actualTemp : [  ]




   inv mk-IncubatorController (r, a) 
          MIN  r  MAX       r = nil
                      The invariant              The requested
                                                  temperature
                                                  could be nil
                  state IncubatorController of
The requested
 temperature             requestedTemp : [ 
must be in the    ]
range of -10 to
 +10 degrees             actualTemp : [  ]




   inv mk-IncubatorController (r, a) 
         (MIN  r  MAX  r = nil)
                      The invariant
                  state IncubatorController of

                         requestedTemp : [ 
  The actual      ]
 temperature
must be in the           actualTemp : [  ]
range of -10 to
 +10 degrees



    inv mk-IncubatorController (r, a) 
          (MIN  r  MAX  r = nil)       MIN  a  MAX
                      The invariant
                  state IncubatorController of

                         requestedTemp : [ 
  The actual      ]
                                                     The actual
 temperature                                        temperature
must be in the           actualTemp : [  ]         could be nil
range of -10 to
 +10 degrees



    inv mk-IncubatorController (r, a) 
          (MIN  r  MAX  r = nil)        MIN  a  MAX    a = nil
                      The invariant
The requested                                         The requested
 temperature                                           temperature
must be in the    state IncubatorController of         could be nil
range of -10 to
 +10 degrees
                         requestedTemp : [ 
  The actual      ]
                                                      The actual
 temperature                                         temperature
must be in the           actualTemp : [  ]          could be nil
range of -10 to
 +10 degrees



    inv mk-IncubatorController (r, a) 
          (MIN  r  MAX  r = nil)       (MIN  a  MAX  a = nil)
              The invariant
          state IncubatorController of

                 requestedTemp : [ 
          ]

                 actualTemp : [  ]




inv mk-IncubatorController (r, a) 
   (MIN  r  MAX  r = nil)      (MIN  a  MAX  a = nil)
  Improving the readability of the
  spec by using a function

        inRange( val : ) result : 
        pre TRUE 
        post result  MIN  val  MAX



inv mk-IncubatorController (r, a) 
     (inRange(r)  r = nil)  (inRange(a)  a = nil)
          The initialisation function


init mk-IncubatorController (r, a)    r = nil  a = nil
Specifying the setInitialTemp operation


  setInitialTemp( tempIn : )
  ext   wr actualTemp : []
  pre   inRange(tempIn)  actualTemp = nil
  post actualTemp = tempIn
        The requestChange operation

requestChange( tempIn : ) signalOut : Signal
               
ext   wr requestedTemp : []
       rd   actualTemp : []
pre    inRange(tempIn)  actualTemp  nil

post    requestedTemp = tempIn 
       ( tempIn > actualTemp  signalOut = <INCREASE>
        tempIn < actualTemp  signalOut = <DECREASE>
        tempIn = actualTemp  signalOut = <DO_NOTHING> )
actualTemp




                    The increment operation

      increment () signalOut : Signal
      ext      rd    requestedTemp : []
               wr   actualTemp :
                    []
               actualTemp < requestedTemp
      pre
                         actualTemp  nil  requestedTemp  nil
      post    actualTemp = actualTemp + 1  
             ( actualTemp < requestedTemp  signalOut = <INCREASE>
                                     
               actualTemp = requestedTemp  signalOut = <DO_NOTHING> )
The getRequestedTemp operation


getRequestedTemp() currentRequested : []
ext    rd     requestedTemp : []
pre    TRUE

post   currentRequested = requestedTemp
  The getActualTemp operation


getActualTemp() currentActual : []
ext    rd     actualTemp : []
pre    TRUE

post   currentActual = actualTemp
A standard template for VDM-SL specifications
types
         SomeType = …..

values
        constantName : ConstantType = someValue
state SystemName of
        attribute1 : Type
                          :
        attributen : Type

         inv mk-SystemName(i1:Type, ..., in:Type)  Expression(i1, ..., in)

         init mk-SystemName(i1:Type, ..., in:Type)  Expression(i1, ..., in)
end
functions
        specification of functions .....
operations
        specification of operations .....

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:10
posted:6/28/2011
language:English
pages:62