Formal Specifications

1
Lecture 89

• Formal Specifications

2
Formal Specification - Techniques for the
unambiguous specification of software

• Objectives
• To explain why formal specification techniques
  help discover problems in system requirements
• To describe the use of
• algebraic techniques (for interface
  specification) and
• model-based techniques(for behavioural
  specification)
• To introduce Abstract State Machine Model

3
Formal methods

• Formal specification is part of a more general
  collection of techniques that are known as
  formal methods COMP313 Formal Methods
• These are all based on mathematical
  representation and analysis of software
• Formal methods include
• Formal specification
• Specification analysis and proof
• Transformational development
• Program verification

4
Acceptance of formal methods

• Formal methods have not become mainstream
  software development techniques as was once
  predicted
• Other software engineering techniques have been
  successful at increasing system quality. Hence
  the need for formal methods has been reduced
• Market changes have made time-to-market rather
  than software with a low error count the key
  factor. Formal methods do not reduce time to
  market
• The scope of formal methods is limited. They are
  not well-suited to specifying and analysing user
  interfaces and user interaction
• Formal methods are hard to scale up to large
  systems

5
Use of formal methods

• Their principal benefits are in reducing the
  number of errors in systems so their main area of
  applicability is critical systems
• Air traffic control information systems,
• Railway signalling systems
• Spacecraft systems
• Medical control systems
• In this area, the use of formal methods is most
  likely to be cost-effective
• Formal methods have limited practical
  applicability

6
Specification in the software process

• Specification and design are inextricably mixed.
• Architectural design is essential to structure a
  specification.
• Formal specifications are expressed in a
  mathematical notation with precisely defined
  vocabulary, syntax and semantics.

7
Specification and design
8
Specification in the software process
9
Specification techniques

• Algebraic approach
• The system is specified in terms of its
  operations and their relationships
• Model-based approach
• The system is specified in terms of a state model
  that is constructed using mathematical constructs
  such as sets and sequences.
• Operations are defined by modifications to the
  systems state

10
Formal specification languages
11
Use of formal specification

• Formal specification involves investing more
  effort in the early phases of software
  development
• This reduces requirements errors as it forces
  a detailed analysis of the requirements
• Incompleteness and inconsistencies can be
  discovered and resolved !!!
• Hence, savings as made as the amount of rework
  due to requirements problems is reduced

12
Development costs with formal specification
13
1. Interface specification

• Large systems are decomposed into subsystems with
  well-defined interfaces between these subsystems
• Specification of subsystem interfaces allows
  independent development of the different
  subsystems
• Interfaces may be defined as abstract data types
  or object classes
• The algebraic approach to formal specification
  is particularly well-suited to interface
  specification

14
Sub-system interfaces
15
The structure of an algebraic specification
lt SPECIFICA
TION NAME gt (Gener
ic P
ar
ameter)
sort
lt name gt
introduction
imports
lt LIST
OF SPECIFICA
TION NAMES gt
description
Inf
or
mal descr
iption of the sor
t and its oper
ations
Oper
ation signatures setting out the names and the
types of
signature
the parameters to the operations defined over the
sort
Axioms defining the oper
ations o
v
er the sor
t
axioms
16
Behavioural specification

• Algebraic specification can be cumbersome when
  the object operations are not independent of the
  object state
• Model-based specification exposes the system
  state and defines the operations in terms of
  changes to that state

17
OSI reference model
Model-based specification
Application
Algebraic specification
18
Abstract State Machine Language (AsmL)

• AsmL is a language for modelling the structure
  and behaviour of digital systems
• AsmL can be used to faithfully capture the
  abstract structure and step-wise behaviour of any
  discrete systems, including very complex ones
  such as
• Integrated circuits, software components, and
  devices that combine both hardware and software

19
Abstract State

• An AsmL model is said to be abstract because it
  encodes only those aspects of the systems
  structure that affect the behaviour being
  modelled
• The goal is to use the minimum amount of detail
  that accurately reproduces (or predicts) the
  behaviour of the system
• Abstraction helps us reduce complex problems into
  manageable units and prevents us from getting
  lost in a sea of details
• AsmL provides a variety of features that allow
  you to describe the relevant state of a system in
  a very economical, high-level way

20
Abstract State Machine and Turing Machine

• An abstract state machine is a particular kind of
  mathematical machine, like the Turing machine
  (TM)
• But unlike a TM, ASMs may be defined a very high
  level of abstraction
• An easy way to understand ASMs is to see them as
  defining a succession of states that may follow
  an initial state

21
State transitions

• The behaviour of a machine (its run) can always
  be depicted as a sequence of states linked by
  state transitions

• Moving from state A to state B is a state
  transition

22
Configurations

• Each state is a particular configuration of the
  machine
• The state may be simple or it may be very large,
  with complex structure
• But no matter how complex the state might be,
  each step of the machines operation can be seen
  as a well-defined transition from one particular
  state to another

23
Evolution of state variables

• We can view any machines state as a dictionary
  of
• (Name, Value)
• pairs, called state variables

(Colour, Red) is a variable, where Colour is
the name of variable, Red is the value
24
Evolution of state variables

• Names are given by the machines symbolic
  vocabulary
• Values are fixed elements, like numbers and
  strings of characters

The run of a machine is a series of states and
state transitions that results form applying
operations to each state in succession
25
Example

• Diagram shows the run of a machine that models
  how orders might be
• processed

• Each transition operation
• can be seen as the result of invoking the
  machines control logic on the current state
• calculates the subsequence state as output

26
Control Logic

• The machines control logic
• behaves like a fix set of transition
• rules that say how state may evolve

Typical form of the operational text is if
condition then update
We can think of the control logic as a text
that precisely specifies, for any given state,
what the values of the machines variables will
be in the following step
27
Control Logic as a Black Box

• The machine control logic is a black box that
  takes as input a state dictionary S1 and gives as
  output a new dictionary S2

input
output

• The two dictionaries S1 and S2 have the same set
  of keys, but the values associated with each
  variable name may differ between S1 and S2

28
Run of the Machine

• The run of the machine can be seen as what
  happens when the control logic is applied to each
  state in turn
• The run starts form initial state
• S1 ? S2 ? S3 ?
• S1 is given to the black box yielding S2,
  processing S2 results in S3,
• and so on
• When no more changes to state are possible, the
  run is complete

29
Update operations

• We use the symbol
• (reads as gets)
• to indicate the value that a name will have in
  the resulting state
• For example modeActive
• Update can be seen only during the following step
  (this is in contrast to Java, C, Pascal, )
• All changes happen simultaneously, when you
  moving from one step to another. Then, all
  updates happen at once.(atomic transaction)

30
Programs

• Example 1. Hello, world
• Main()
• step WriteLine(hello, world!)

ASML uses indentations to denote block structure,
and blocks can be places inside other
blocks Statement block affect the scope of
variables Whitespace includes blanks and new-line
character, ASML does not recognize tab character
for indentation !!!!!!! An operation names run()
gives the top-level operational definition of the
model (Main() is like main() in Java and C )
31
Example 2. Reading a file

• var F as File? undef
• var Fcontents as String
• var Mode as String Initial
• Main()
• step until fixpoint
• if Mode Initial then
• F open(mfile.txt)
• Mode Reading
• if Mode Reading and length(FContents) 0
  then FContents fread (F,1)
• if Mode Reading and length(FContents) 1
  then FContents
  FContents fread (F,1)
• if Mode Reading and length(FContents) gt1
  then
• WriteLine (FContents)
• Mode Finished

32
Example 2. Graph representation
Step 1
Step 2
Step 3
Step5
Step 4
33
Key points

• Formal system specification complements informal
  specification techniques
• Formal specifications are precise and
  unambiguous. They remove areas of doubt in a
  specification
• Formal specification forces an analysis of the
  system requirements at an early stage. Correcting
  errors at this stage is cheaper than modifying a
  delivered system

34
Key points

• Formal specification techniques are most
  applicable in the development of critical systems
  and standards.
• Algebraic techniques are suited to interface
  specification where the interface is defined as a
  set of object classes
• Model-based techniques model the system using
  sets and functions. This simplifies some types of
  behavioural specification