An introduction to specification in VDM-SL - PowerPoint PPT Presentation
1 / 62
Title:
An introduction to specification in VDM-SL
Description:
decrement() getTemp() : Integer. The VDM state refers to the permanent data stored by the system. ... decrement( ) : Signal. getRequestedTemp( ) : Integer ... – PowerPoint PPT presentation
Number of Views:453
Avg rating:3.0/5.0
Title: An introduction to specification in VDM-SL
1
An introduction to specification in VDM-SL
At the end of this lecture you should be able to
- write a formal specification of a system in
VDM-SL - correlate the components of a UML class diagram
with those of a VDM specification - declare constants and specify functions to
enhance the specification - explain the use of a state invariant to place a
global constraint on the system - explain the purpose of the nil value in VDM.
2
The Incubator case study
The temperature of the incubator needs to be
carefully controlled and monitored Safety
requirements
3
The UML specification
IncubatorMonitor
temp Integer
increment() decrement() getTemp() Integer
4
Specifying the state in VDM-SL
5
IncubatorMonitor
temp Integer
increment() decrement() getTemp() Integer
6
The VDM state refers to the permanent data stored
by the system.
IncubatorMonitor
temp Integer
increment() decrement() getTemp() Integer
In VDM-SL we use mathematical types
7
The intrinsic types available in VDM-SL
8
? natural numbers (positive whole numbers) ?1
natural numbers excluding zero ? integers
(positive and negative whole numbers) ? real
numbers (positive and negative numbers that can
include a fractional part) ? boolean values
(true or false) Char the set of alphanumeric
characters
9
Specifying the state of the Incubator Monitor
System
10
UML
VDM-SL
state IncubatorMonitor of end
temp
?
11
Specifying the operations in VDM-SL
12
Each operation specified in VDM-SL as
follows the operation header the external
clause the precondition the postcondition
13
(No Transcript)
14
increment() ext ? pre ? post ?
wr ?
temp ?
temp lt 10
15
IncubatorMonitor
temp Integer
increment() decrement() getTemp() Integer
16
decrement() ext ? pre ? post ?
wr ?
temp ?
temp gt -10
17
IncubatorMonitor
temp Integer
increment() decrement() getTemp() Integer
18
getTemp( ) ext ? pre ? post ?
currentTemp ?
rd temp ?
TRUE
currentTemp temp
19
Declaring constants
20
Constants are specified using the keyword
values. The declaration would come immediately
before the state definition
values MAX ? 10 MIN ? -10
MIN
21
Specifying functions
22
36
FALSE
?
?
hasPassed
79
TRUE
50
23
There are two ways in which we can specify a
function in VDM-SL
24
Specifying a function explicitly
Example
add ? ? ? ?? add(x, y) ? x y
signature
definition
25
Specifying a function implicitly
add( ) pre ? post ?
x
, y
?
?
?
z
TRUE
z x y
26
An absolute function defined implicitly
abs( ) pre ? post ?
z ?
r ?
TRUE
zlt0 ? r -z ? z ? 0 ? r z
27
An absolute function defined explicitly
abs ? ? ? abs(z) ? if z lt 0 then -z else z
28
Two special functions
The state invariant and initialisation
29
State
?
inv
Returns true if the state meets global constraint
and false otherwise
30
Adding a state invariant into the
IncubatorMonitor system
inv ? ?
?
31
Adding a state invariant into the
IncubatorMonitor system
inv mk-IncubatorMonitor(t) ? ?
32
Adding a state invariant into the
IncubatorMonitor system
inv mk-IncubatorMonitor(t) ?
MIN ? t ? MAX
33
State
?
init
Returns true if the correct initial values have
been given to the state and false otherwise
34
Specifying an initialization function
We will assume that when the incubator is turned
on, its temperature should be adjusted until a
steady 5 degrees Celsius is obtained.
init ? ?
?
35
Specifying an initialization function
We will assume that when the incubator is turned
on, its temperature should be adjusted until a
steady 5 degrees Celsius is obtained.
init mk-IncubatorMonitor(t) ? ?
36
Specifying an initialization function
We will assume that when the incubator is turned
on, its temperature should be adjusted until a
steady 5 degrees Celsius is obtained.
init mk-IncubatorMonitor(t) ?
t 5
37
The modified state specification
values MAX ? 10 MIN ? -10 state
IncubatorMonitor of temp ? inv
mk-IncubatorMonitor(t) ? MIN ? t ? MAX init
mk-IncubatorMonitor(t) ? t 5 end
38
Improving the Incubator System
IncubatorController requestedTemp
Integer actualTemp Integer setIInitialTemp(Inte
ger) requestChange(Integer) Signal increment( )
Signal decrement( ) Signal getRequestedTemp(
) Integer getActualTemp( ) Integer
39
Improving the Incubator System
IncubatorController requestedTemp
Integer actualTemp Integer setIInitialTemp(Inte
ger) requestChange(Integer) Signal increment( )
Signal decrement( ) Signal getRequestedTemp(
) Integer getActualTemp( ) Integer
Signal is an enumerated type
40
Enumerated types in UML
A standard method of marking a UML class as an
enumerated type is to add ltltenumerationgtgt above
the type name
41
Enumerated types in VDM-SL
In VDM-SL the types clause is the appropriate
place to define new types.
types Signal ltINCREASEgtlt DECREASEgtlt
DO_NOTHINGgt values .. state .. end
42
The nil value
It is common in the programming world for a value
to be undefined VDM-SL allows for this concept by
including the possibility of a term or expression
having the value nil, meaning that it is
undefined
x ?
x must be a natural number
43
The nil value
It is common in the programming world for a value
to be undefined VDM-SL allows for this concept by
including the possibility of a term or expression
having the value nil, meaning that it is
undefined
x ?
x can be a natural number or nil
44
The nil value
It is common in the programming world for a value
to be undefined VDM-SL allows for this concept by
including the possibility of a term or expression
having the value nil, meaning that it is
undefined
x ?
- When the incubator system first comes into being,
the actual and requested values will be
undefined, and must therefore be set to nil.
45
Specifying the IncubatorController state
state IncubatorController of requestedTemp
? actualTemp ?
46
Specifying the IncubatorController state
state IncubatorController of requestedTemp ?
actualTemp ?
47
Specifying the IncubatorController state
state IncubatorController of requestedTemp ?
actualTemp ?
48
The invariant
state IncubatorController of requestedTemp ?
actualTemp ?
The requested temperature must be in the range of
-10 to 10 degrees
inv mk-IncubatorController (r, a) ?
MIN ? r ? MAX
49
The invariant
The requested temperature could be nil
state IncubatorController of requestedTemp ?
actualTemp ?
The requested temperature must be in the range of
-10 to 10 degrees
inv mk-IncubatorController (r, a) ?
MIN ? r ? MAX
r nil
50
The invariant
The requested temperature could be nil
state IncubatorController of requestedTemp ?
actualTemp ?
The requested temperature must be in the range of
-10 to 10 degrees
inv mk-IncubatorController (r, a) ?
(MIN ? r ? MAX ? r nil)
51
The invariant
state IncubatorController of requestedTemp ?
actualTemp ?
The actual temperature must be in the range of
-10 to 10 degrees
inv mk-IncubatorController (r, a) ?
(MIN ? r ? MAX ? r nil)
MIN ? a ? MAX
52
The invariant
state IncubatorController of requestedTemp ?
actualTemp ?
The actual temperature must be in the range of
-10 to 10 degrees
The actual temperature could be nil
inv mk-IncubatorController (r, a) ?
(MIN ? r ? MAX ? r nil)
MIN ? a ? MAX
a nil
53
The invariant
The requested temperature must be in the range of
-10 to 10 degrees
The requested temperature could be nil
state IncubatorController of requestedTemp ?
actualTemp ?
The actual temperature must be in the range of
-10 to 10 degrees
The actual temperature could be nil
inv mk-IncubatorController (r, a) ?
(MIN ? r ? MAX ? r nil)
(MIN ? a ? MAX ? a nil)
54
The invariant
state IncubatorController of requestedTemp ?
actualTemp ?
inv mk-IncubatorController (r, a) ?
?
(MIN ? r ? MAX ? r nil)
(MIN ? a ? MAX ? a nil)
55
Improving the readability of the spec by using a
function
inRange( ) pre post
val ?
result ?
TRUE
result ? MIN ? val ? MAX
inv mk-IncubatorController (r, a) ?
(inRange(r) ? r nil) ? (inRange(a) ? a nil)
56
The initialisation function
init mk-IncubatorController (r, a) ?
r nil ? a nil
57
Specifying the setInitialTemp operation
setInitialTemp( ) ext pre
post
tempIn ?
wr
actualTemp ?
?
inRange(tempIn)
actualTemp nil
actualTemp tempIn
58
The requestChange operation
requestChange( ) ext pre
post
tempIn ?
signalOut Signal
requestedTemp ?
wr
actualTemp ?
rd
actualTemp ? nil
?
inRange(tempIn)
requestedTemp tempIn
?
tempIn gt actualTemp ?
(
signalOut ltINCREASEgt
tempIn lt actualTemp ?
?
signalOut ltDECREASEgt
tempIn actualTemp ?
?
)
signalOut ltDO_NOTHINGgt
59
The increment operation
increment () ext pre post
signalOut Signal
requestedTemp ?
rd
actualTemp ?
wr
actualTemp lt requestedTemp
? requestedTemp ? nil
? actualTemp ? nil
?
(
actualTemp lt requestedTemp ?
signalOut ltINCREASEgt
?
)
actualTemp requestedTemp ?
signalOut ltDO_NOTHINGgt
60
The getRequestedTemp operation
getRequestedTemp() ext pre post
currentRequested ?
requestedTemp ?
rd
TRUE
currentRequested requestedTemp
61
The getActualTemp operation
getActualTemp() ext pre post
currentActual ?
actualTemp ?
rd
TRUE
currentActual actualTemp
62
A standard template for VDM-SL specifications
types SomeType .. values constantName
ConstantType someValue state SystemName
of attribute1 Type attributen
Type inv mk-SystemName(i1Type, ..., inType)
? Expression(i1, ..., in) init
mk-SystemName(i1Type, ..., inType) ?
Expression(i1, ..., in) end functions specificat
ion of functions ..... operations specification
of operations .....
