Constraint Animation Using an Object-Oriented Declarative

Download Report

Transcript Constraint Animation Using an Object-Oriented Declarative 

Deriving executable
prototype from formal
specification in Z
Behnaz Changizi
Supervisor: Dr Mirian
Sharif University Of Technology
Overview
➲
➲
➲
➲
➲
➲
Introduction (Z, SetL2)
Weakest Precondition
Refinement
Translation
Correctness Proof
Example
Introduction (Z Notation)
Z is a formal specification notation
based on set theory & predicate logic
➲ Primary construct in Z is schema
➲ A schema consists
 Declaration part
 Predicate part
➲
v
T
v
a
r
a
b
e
v
o
f
y
p
e
T
y
p
e
s
s
Declaration Part
P
r
e
d
c
a
e
p
a
r
c
o
n
s
s
s
o
f
p
r
Predicate Part
Variables
•
•
•
•
Unprimed var - before execution
Primed var- after execution of operation
Variable ending in `?' - an input
Variable ending in `!' - an output
SetL2
➲
➲
➲
The SETL2 programming language is a
very high level language based on the
theory and notation of finite sets
Evolved from SETL
Adds to SETL a syntax closer to more
recent imperative languages



full block structure
Procedures
...
SetL2
➲
➲
Some of SETL aggregate data types:



unordered set
tuple
map

membership, union, intersection, and
power set construction
universal and existential quantifiers of firstorder predicate ¿logic.
,
Primitive operations in SETL:

SetL2
➲
sample SetL2 line of code:




read(n);
primes := { };
p := 2;
while p < n loop

if not (exists t in primes | p mod t = 0) then





print(p);
primes with:= p;
p := p + 1;
end if
end loop;
Weakest precondition
➲
➲
[Morgan] operation of a specification:
"If the initial state satisfies the
precondition then change only the
variables listed in frame so that the
resulting final state satisfies the
postcondition.“
weakest precondition
➲
If for any postcondition we know which
preconditions will guarantee termination
in a final state satisfying the
postcondition, then we know the
meaning of the command
➲
prog (command) and A (postcondition)
wp(prog, A)
➲
weakest precondition
➲
➲
➲
The weakest precondition sufficient to ensure
termination in a state described by A.
In that way we can see prog as a predicate
transformer, because it transforms the postcondition
A into the weakest precondition wp(prog, A).
And precondition B will guarantee that prog
terminates in a state described by A precisely when
B => wp(prog, A).
weakest precondition
➲
➲
➲
➲
Example:
x:=E
The weakest pre-condition of this statement for A
post-condition is that if x variable in expression is
replaced by E, A -will be hold.
wp(x:=E, A) =def A[x\E]
Refinement
➲
➲
➲
Refinement
is a relation between
commands
Refinement: For any command prog1
and prog2, we say that prog1 is refined
by prog2 when for all postcondition A w
wp(prog1, A)
wp(prog2, A).
Translation
➲
Not all predicates in a formal
specification are directly executable
➲
A study of the Z specifications
collected in Specifications Case
Studies 94% of the operation schemas
are explicit or can be made explicit with
minor modifications
Translation
➲
➲
➲
Condition predicate. has before state
& input variables
Operation predicate. at least an after
state or output variable
Simple predicate. E1 & E2
expressions, inrel an infix relational
operator : prerel prefix relational
operator : #, a predicate

E1 inrel E2 or prerel E1 is simple
Z
O
p
Translation
s
e
o
f
Z
o
p
e
r
a
o
r
s
S
O
p
s
e
➲
Map function
Correctness
➲
➲
It is easy to show that this map is
semantically correct. It can be done by
reasoning on the characteristics of
each pair of this map
Sample map of cardinality operators
Report function
➲
Report function:

➲
➲
schema predicates -> the set of SetL2
statements
NonDef be a non-definitive operation
predicate
Report function converts NonDef to a
text comment in SetL2
Trans function
➲
➲
➲
Trans function
set of Z var -> SetL2 vars
Trans function converts Z variables to
SetL2 variables
 transformer
➲
➲
A translatable predicate is an explicit and definitive predicate.
It means that there is enough information on how to calculate
results of that predicate
We translate the predicates which are detected as nontranslatable into text comment in prototype
 transformer
Correctness proof
Predicate transformers of Z
Predicate transformers of
SetL2 used for prototyping
Sample proof
g
g
g
g
g
g

s
'
=
s

s
?

v
?
­

Example
Example
•
•
•
•
•
•
•
•
•
•
J. M. Spivey, the Z Notation: A Reference Manual, Third Edition, US, Prentice Hall, 2001.
William Hasselbring, Prototyping Parallel Algorithms in a Set-Oriented Language,
Hamburg, Kovač, 1994.
C. B. Jones, Systematic Software Development Using VDM, Prentice Hall International
Series in Computer Science, 1990.
Ali E. Abdallah, Alexandra Barros ,Jose B.Barros, Jonathan P Bowen., Deriving Correct
Prototypes from Formal Z Specifications, Technical Report SBU-CISM-00-27, SCISM,
South Bank University, London, UK, 2000.
Thomas Tilley, "Formal Concept Analysis Applications to Requirements Engineering and
Design", Ph.D. Thesis, the University of Queensland, Australia, 2003.
W. Kirk Synder, the SetL2 Programming Language, Technical Report 490, Courant
Institute, New York University, New York, 1990.
Paulo Borba ,Silvio Meira, A System for Translating Executable VDM Specifications into
Lazy ML, Software - Practice and Experience, Vol. 27, No 3, pp. 271-289, 1997.
Ernst-Erich Doberkat, Wolfgang Frank, Ulrich Gutenbeil, Wilhelm Hasselbring, Ulrich
Lammers, Claus Pahl, ProSet – A Language for Prototyping with Sets, 3rd International
Workshop on Rapid System Prototyping, IEEE Computer Society Press, Research
Triangle Park, NC, pp. 235--248., 1992.
Xiaoping Jia, An Approach to Animating Z Specifications, 19th Annual IEEE International
Computer Software and Applications Conference (COMPSAC'95), Dallas, Texas, USA,
pp. 108-113, 1995.
Petra Malik, Mark Utting, CZT: A Framework for Z Tools, 4th International Conference of
B and Z Users
•
•
•
•
•
•
•
•
(ZB'05), Springer Berlin / Heidelberg, Vol. 3455/2005, pp. 65-84,
2005.
G. O'Neil, Automatic Translation of VDM Specifications into Standard
ML Programs, the Computer Journal, Vol. 35, No 6, 1992.
Borba Paulo, Romero Silvio, From VDM Specifications to Functional
Prototypes, Journal of Systems and Software, Vol. 21, No 3, pp. 267278, 1993.
Tim Miller, Paul Strooper, A Case Study in Specification and
Implementation Testing, 11th Asia-Pacific Software Engineering
Conference, pp 130-139, IEEE Computer Society, 2004.
P. T. Breuer, J. P Bowen., Towards correct executable semantics for
Z, Z User Workshop, Cambridge, Workshops in Computing, pp. 185–
209, Springer-Verlag, 1994.
Christopher Browne, Computer Languages,
http://cbbrowne.com/info/functional.html
Mark Utting, Petra Malik, Community Z Tools (CZT) project, http://
czt.sourceforge.net
Morgan Carroll, "Programming from Specifications", Second Edition,
Prentice Hall, 1994.