1 / 22

Axiomatic Specification, Examples in ANNA

Axiomatic Specification, Examples in ANNA. Ebru Dincel Ali Rampurwala. A Brief Overview of Anna. A Specification Language for ADA Extensions: Generalization of existing constructs eg. subprograms new constructs : eg. exceptions Formal comments:

eli
Download Presentation

Axiomatic Specification, Examples in ANNA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Axiomatic Specification, Examples in ANNA Ebru Dincel Ali Rampurwala CS599 Formal Methods in Software Architectures

  2. A Brief Overview of Anna • A Specification Language for ADA • Extensions: • Generalization of existing constructs eg. subprograms • new constructs : eg. exceptions • Formal comments: • virtual Ada text ( --: ): programming concepts not implemented eg. Length of stack • annotations (--| ) : Boolean valued expressions • Quantified expressions: forall, exists CS599 Formal Methods in Software Architectures

  3. Anna Formal Comments • Type: used to constrain a type/subtype Subtype EVEN is INTEGER; --| where X: EVEN => X mod 2 = 0; • Statement: used to specify properties of statement X:=X+1; --| X = in X +1; CS599 Formal Methods in Software Architectures

  4. Anna Formal Comments • Exception: Procedure PUSH(E: in ITEM); --| where in STACK.LENGTH=SIZE=>raise OVERFLOW, --| raise OVERFLOW=> STACK= in STACK CS599 Formal Methods in Software Architectures

  5. Gas Station Example • package body STATION is --| limited to TANK_REGULAR_LEFT,TANK_PLUS_LEFT,TANK_PREMIUM_LEFT,THRESHOLD; --| UNDER_THRESHOLD, IOVERPAID: exception; type GRADE is (REGULAR,PLUS,PREMIUM); • --:function GET_AMOUNT_LEFT(G:GRADE) return FLOAT; • --:function GET_UNIT_PRICE(G:GRADE) return FLOAT; • --:function REFILL_TANK_MAX(G:GRADE); CS599 Formal Methods in Software Architectures

  6. Gas Station Example • type PUMP is record PUMP_NUMBER : NATURAL range 0..3; GAS_GRADE : GRADE; IS_ENABLED : BOOLEAN := FALSE; IS_GRADE_CHOSEN : BOOLEAN := FALSE; METER_READING : FLOAT := 0; LEVER_POSITION_UP : BOOLEAN := FALSE; CURRENT_SPENT, PAID_AMOUNT: INTEGER; end record; • --| where P:PUMP => P.METER_READING <= GET_AMOUNT_LEFT(P.GAS_GRADE); CS599 Formal Methods in Software Architectures

  7. Gas Station Example • type PUMP_GROUP is array (POSITIVE RANGE <>) of PUMP; PG : PUMP_GROUP(0..3); for all PG : PUMP_GROUP => PG(I) = PG(J) => I=J • procedure enable(P : in out PUMP); --| where in P.IS_ENABLED = FALSE, --| out (P.IS_ENABLED = TRUE and P.METER_READING=0 and P.CURRENT_SPENT=0); CS599 Formal Methods in Software Architectures

  8. Gas Station Example • procedure disable(P : in out PUMP); --| where in P.IS_ENABLED = TRUE, --| out P.IS_ENABLED = FALSE; CS599 Formal Methods in Software Architectures

  9. Gas Station Example • procedure fill(P: in out PUMP; PAID_AMOUNT : in FLOAT) is begin • --| where in (P.IS_ENABLED = TRUE and P.IS_GRADE_CHOSEN = TRUE and P.METER_READING = 0 and P.CURRENT_SPENT = 0 and P.LEVER_POSITION_UP = TRUE); • --| where out (P.IS_ENABLED = FALSE and (P.LEVER_POSITION_UP = FALSE or C.TANK_FULL = TRUE or P.CURRENT_SPENT = P.PAID_AMOUNT)); --where C is an instance of the car Package While (P.CURRENT_SPENT<P.PAID_AMOUNT OR C.TANK_FULL=FALSE OR P. LEVER_POSITION_UP=TRUE) fill_discrete(P,P.CURRENT_SPENT,P.PAID_AMOUNT); Loop; end fill; CS599 Formal Methods in Software Architectures

  10. Gas Station Example • procedure fill_discrete(P: in out PUMP; CURRENT_SPENT: in out FLOAT; PAID_AMOUNT : in FLOAT) is begin • --| raise UNDER_THRESHOLD => (GET_AMOUNT_LEFT(P.GAS_GRADE) < THRESHOLD) • --| where out (P.PAID_AMOUNT> P.CURRENT_SPENT and P.LEVER_POSITION_UP = FALSE) raise IOVERPAID, • --| raise IOVERPAID => P.IS_ENABLED = FALSE; CURRENT_SPENT = GET_UNIT_PRICE(P.GAS_GRADE) * P.METER_READING ; end fill_discrete; CS599 Formal Methods in Software Architectures

  11. Gas Station Example • procedure choose_grade(P: in out PUMP); --| where in (P.IS_ENABLED = TRUE) --| out (P.IS_GRADE_CHOSEN = TRUE) • --|axiom --| for all SS: STATION'TYPE => --| P.CURRENT_SPENT <= P.AMOUNT_PAID; end STATION; CS599 Formal Methods in Software Architectures

  12. Cruise Control Example • Assumptions/Clarification: four CC buttons: CC, set_speed, resume, cruise_accelerate CC turns Cruise Control on, set_speed enables Cruise Control. two pedals: pedal_accelerate, brake pedal_decelerate is releasing the pedal. • Exceptions: SpeedTooLow, SpeedTooHigh, CruiseOutofBounds • Procedures: cruise on/off, engine on/off, cruise en/disable, set_speed, pedal/cruise accelerate, brake, pedal_decelerate, resume CS599 Formal Methods in Software Architectures

  13. Cruise Control Example • Cruise package embodies both the cruise control and the manual operations of the car BOOLEAN IS_ENGINE_ON, IS_CC_ON, IS_ENGINE_ENABLED, IS_CC_ENABLED; INTEGER SPEED, CRUISE_SPEED; --SPEED is the physical speed dynamically updated by calculate_speed function, and CRUISE_SPEED is only set when the Cruise Control is enabled --SpeedTooLowException calls the pedal_accelerate function, SpeedTooHighException calls the brake function internally. Finally, CruiseOutOfBounds calls cruise_disable function • procedure set_speed; --| where in IS_ENGINE_ON=TRUE AND IS_CC_ON=TRUE AND 30<SPEED AND SPEED<90 , --| out IS_ENGINE_ON=TRUE AND IS_CC_ON=TRUE AND IS_CC_ENABLED=TRUE AND CRUISE_SPEED=SPEED; CS599 Formal Methods in Software Architectures

  14. Cruise Control Example • procedure pedal_accelerate ; --| where in IS_ENGINE_ON=TRUE , --| out (if in IS_CC_ON=TRUE AND in IS_CC_ENABLED=TRUE) then --| IS_ENGINE_ON=TRUE AND IS_CC_ON=TRUE AND IS_CC_ENABLED=FALSE AND SPEED > in CRUISE_SPEED, --| else IS_ENGINE_ON=TRUE AND IS_CC_ON=in IS_CC_ON AND IS_CC_ENABLED=in IS_CC_ENABLED AND SPEED> in SPEED; • procedure cruise_accelerate ; --| where in IS_ENGINE_ON=TRUE AND IS_CC_ON=TRUE AND IS_CC_ENABLED=TRUE, --| out IS_ENGINE_ON=TRUE AND IS_CC_ON=TRUE AND ((SPEED<90 AND IS_CC_ENABLED=TRUE AND CRUISE_SPEED > in CRUISE_SPEED) || (SPEED>=90 AND IS_CC_ENABLED=FALSE AND SPEED> in CRUISE SPEED)); CS599 Formal Methods in Software Architectures

  15. Cruise Control Example • procedure brake; --| where in IS_ENGINE_ON=TRUE, --| out (if in IS_ENGINE_ON=TRUE AND in IS_CC_ON=TRUE AND in IS_CC_ENABLED=TRUE) then --| IS_ENGINE_ON=TRUE AND in IS_CC_ON=TRUE AND in IS_CC_ENABLED=FALSE AND SPEED < in CRUISE_SPEED, --| else IS_CC_ON= in IS_CC_ON AND IS_CC_ENABLED = in IS_CC_ENABLED AND SPEED < in SPEED ; • procedure resume; --| where in IS_ENGINE_ON=TRUE AND IS_CC_ON=TRUE AND IS_CC_ENABLED=FALSE, --| out IS_ENGINE_ON=TRUE AND in IS_CC_ON=TRUE AND in IS_CC_ENABLED=TRUE AND CRUISE_SPEED= in CRUISE_SPEED ; CS599 Formal Methods in Software Architectures

  16. Cruise Control Example • --| axiom if (speed<30 ) || (speed>90) raise CruiseOutofBoundsException; • procedure adjust (SPEED: in out Integer, CRUISE_SPEED: in out Integer) --| where in IS_ENGINE_ON=TRUE AND IS_CC_ON=TRUE AND IS_CC_ENABLED=TRUE --| if SPEED < CRUISE_SPEED then raise SpeedTooLowException; --| if SPEED > CRUISE_SPEED then raise SpeedTooHighException; CS599 Formal Methods in Software Architectures

  17. ANNA features utilized • Quantified expressions, most of the annotations • Attempt for package states CS599 Formal Methods in Software Architectures

  18. Merits of Axiomatic Specs • Widely applicable • Semi-Hard to understand • Semantics supported by logic/set formalism CS599 Formal Methods in Software Architectures

  19. Demerits of Axiomatic Specs • Not easily scalable • Limit to expressiveness • No visual representation CS599 Formal Methods in Software Architectures

  20. Experience with Anna  • Not so hard to understand • Supports many program constructs • Tool support, executable CS599 Formal Methods in Software Architectures

  21. Experience with Anna,  • Further info (on going research) not available • Writing annotations takes time • Limited to ADA • Need ADA familiarity • No visual representation • No abstraction/decomposition/timing constraints like statechart formalism CS599 Formal Methods in Software Architectures

  22. Discussion, Q& A • Others: VDM, Z OTHERSANNA Popular Dead Math-like Program-like Model oriented Property oriented CS599 Formal Methods in Software Architectures

More Related