Lecturer: Sebastian Coope

Ashton Building, Room G.18

E-mail: [email protected]

COMP 201 web-page: http://www.csc.liv.ac.uk/~coopes/comp201

Lecture 12 – Formal Specifications COMP201 - Software Engineering 1

Recap on Formal Specification

Objectives:

 To explain why formal specification techniques help discover problems in system requirements 

To describe the use of:

 algebraic techniques (for interface specification) and  model-based techniques (for behavioural specification) 

To introduce

Abstract State Machine Model (ASML) COMP201 - Software Engineering 2

Behavioural Specification



Algebraic specification

can be cumbersome when the object operations are not independent of the object state 

Model-based specification

exposes the system state and defines the operations in terms of changes to that state COMP201 - Software Engineering 3

2 1 7 6 5 4 3

OSI Reference Model

Model-based specification Application Presentation Presentation Session Transport Network Data link Physical Algebraic specification Network Data link Physical Communica tions medium Session Transport Network Data link Physical COMP201 - Software Engineering 4

Abstract State Machine Language (AsmL)



AsmL

is a language for modelling the

behaviour

encoded formally.

structure

and of digital systems. We will see a basic introduction to ASML and how some concepts can be  (We will not go into too many details but just see the overall format ASML uses).



AsmL

can be used to faithfully capture the abstract structure and step-wise behaviour of any discrete systems, including very complex ones such as:    Integrated circuits Software components Devices that combine both hardware and software COMP201 - Software Engineering 5

Abstract State Machine Language

  An

AsmL model

is said to be

abstract

because it encodes only those aspects of the system’s structure that affect the behaviour being modelled

The goal

is to use the minimum amount of detail that accurately reproduces (or predicts) the behaviour of the system that we wish to model This means we may obtain an overview of the system without becoming bogged down in irrelevant implementation details and concentrate on important concerns such as concurrency.

COMP201 - Software Engineering 6

Abstract State Machine Language



Abstraction

helps us reduce complex problems into manageable units and prevents us from getting lost in a sea of details

AsmL provides a variety of features that allows us to describe the relevant state of a system in a very economical and high-level way

COMP201 - Software Engineering 7

Abstract State Machines and Turing Machines

 An

abstract state machine

is a particular kind of mathematical machine, like a Turing machine (TM)  But unlike a TM,

abstract state machines

may be defined by a very high level of abstraction  An easy way to understand ASMs is to see them as defining a succession of states that may follow an initial state COMP201 - Software Engineering 8

Sets Described Algorithmically

Sometimes, we may wish to describe a set algorithmically. We shall now see how this may be done is ASML.

Problem: Suppose we have a set that includes the integers from 1 to 20 and we want to find those numbers that, when doubled, still belong to the set. Informal Solution: A = {1..20} C = {i | i in A where 2*i in A} Main() step WriteLine(C) Formal (ASML) 9

Sequences



A Sequence

is a collection of elements of the same type, just as a set is but they differ from sets in two ways:

 A sequence is ordered while a set is not.

 A sequence can contain duplicate elements while a set does not.



Elements of sequences are contained within square brackets: [ ]:

e.g. [1,2,3,4], [4,3,2,1], [a,e,i,o,u], [a,a,e,i,o,u] 10

Sequences

X={1,2,3,4} Y={1,1,2,3,4} Z=[1,1,2,3,4] Main() step WriteLine(“X=” +X) step WriteLine (“Y=” +Y) step WriteLine (“Y=” +Y) The result is: X = {1,2,3,4} Y = {1,2,3,4} Z = [1,1,2,3,4] 11

SORT Algorithm

We shall now consider a simple specification of a one-swap at-a-time sorting algorithm and how it can be written in ASML.

COMP201 - Software Engineering 12

4

Sorting Example

1 5 2 3 1 2 3 4 5 COMP201 - Software Engineering 13

Method declaration

ASML Example

var A as Seq of Integer swap() A is a sequence (i.e. Ordered set) of integers choose i in {0..length(A)-1}, j in {0..length(A)-1} where i < j and A(i) > A(j) A(j) := A(i) A(i) := A(j) sort() step until fixpoint swap() Main() Continue to do next operation ( swap() ) until “ fixpoint step A := [-4,6,9,0, 2,-12,7,3,5,6] step WriteLine(“ Sequence A

:

") step sort() step WriteLine(" after sorting: " + A) ”, i.e. no more changes occur.

COMP201 - Software Engineering 14

var A as Seq of Integer

ASML Example

swap() choose i in {0..length(A)-1}, j in {0..length(A)-1} where i < j and A(i) > A(j) sort() A(j) := A(i) A(i) := A(j) step until fixpoint Swap elements A(i) and A(j) Choose indices i,j such that i < j and A(i) < A(j) (thus the array elements i,j are not currently ordered).

swap() Main() step A := [-4,6,9,0, 2,-12,7,3,5,6] Continue to call swap() until there are no more updates possible (thus the sequence is ordered) step WriteLine(“ Sequence A

:

") step sort() step WriteLine(" after sorting: " + A) COMP201 - Software Engineering 15

Hoare’s Quicksort

 

Quicksort

1962).

was discovered by Tony Hoare (published in Here is the outline • Pick one item from the array--call it the pivot • • Partition the items in the array around the pivot so all elements to the left are smaller than the pivot and all elements to the right are greater than the pivot Use recursion to sort the two partitions COMP201 - Software Engineering 16

Initial array

An Example

4 1 0 0 1 3

1

1 3 0 3 2 8 2 2 3 0

4 4

4 2 8 5 5 11 11

8

8 9 9 11 9 5 5 9 11 COMP201 - Software Engineering 17

Hoare's Quicksort using Sequences and Recursion

qsort(s as Seq of Integer) as Seq of Integer if s = [] then return [] else pivot = Head(s) rest = Tail(s) return qsort([y | y in rest where [pivot] + qsort([y | y in y < pivot]) + rest where y ≥ pivot]) A sample main program sorts the Sequence [7, 8, 2, 42] and prints the result: Main() WriteLine(qsort([7, 8, 2, 42])) COMP201 - Software Engineering 18

Shortest Paths Algorithm

   Specification of Shortest Paths from a given node

s

. The nodes of the graph are given as a set

N

. The distances between adjacent nodes are given by a map

D

, where

D(n,m)=infinity

nodes are not adjacent.

denotes that the two COMP201 - Software Engineering 19

What is the Shortest Distance from SeaTac to Redmond?

11 SeaTac Seattle 11 5 Redmond 9 9 5 5 13 COMP201 - Software Engineering 5 Bellevue 20

Graph Declaration

structure Node s as String infinity = 9999 SeaTac = Node("SeaTac") Seattle = Node("Seattle“) Bellevue = Node("Bellevue") Redmond = Node("Redmond") N = {SeaTac, Seattle, Bellevue, Redmond} D = {(SeaTac, SeaTac) -> 0, (SeaTac, Seattle) -> 11, (SeaTac, Bellevue) -> 13, (SeaTac, Redmond) -> infinity, // to be calculated (Seattle, SeaTac) -> 11, (Seattle, Seattle) -> 0, (Seattle, Bellevue) -> 5, (Seattle, Redmond) -> 9, (Bellevue, SeaTac) -> 13, (Bellevue, Seattle) -> 5, (Bellevue, Bellevue) -> 0, (Bellevue, Redmond) -> 5, (Redmond, SeaTac) -> infinity, // to be calculated (Redmond, Seattle) -> 9, (Redmond, Bellevue) -> 5, (Redmond, Redmond) -> 0}

COMP201 - Software Engineering 21

Shortest Path Implementation

shortest

(

s

as Node,

N

as Set of Node, D as Map of (Node, Node) to Integer)

as Map of Node to Integer

var S = {s -> 0} merge {n -> infinity | n in N where n ne s} step until fixpoint forall n in N where n ne s S(n) := min({S(m) + D(m,n) | m in N}) step return S min(s as Set of Integer) as Integer require s ne {} return (any x | x in s where forall y in s holds x lte y) COMP201 - Software Engineering 22

s

S(n) := min({S(m) + D(m,n) | m

in

N})

m S(m) D(m,n) n

?

COMP201 - Software Engineering 23

The Main Program

Main() // … Graph specification … shortestPathsFromSeaTac = shortest(SeaTac, N, D) WriteLine("The shortest distance from SeaTac to Redmond is” + shortestPathsFromSeaTac(Redmond) + " miles.") The shortest distance from SeaTac to Redmond is 18 miles.

COMP201 - Software Engineering 24

Lecture Key Points

 Formal system specification complements informal specification techniques.

 Formal specifications are precise and unambiguous. They remove areas of doubt in a specification.

 Formal specification forces an analysis of the system requirements at an early stage. Correcting errors at this stage is cheaper than modifying a delivered system.

 Formal specification techniques are most applicable in the development of critical systems and standards.

COMP201 - Software Engineering 25

Lecture Key Points

 Algebraic techniques are suited to interface specification where the interface is defined as a set of object classes.

 Model-based techniques model the system using sets and functions. This simplifies some types of behavioural specification .

 Operations are defined in a model-based spec. by defining pre and post conditions on the system state.



AsmL

is a language for modelling the structure and behaviour of digital systems.

COMP201 - Software Engineering 26