1 / 22

Formal Methods 2

Formal Methods 2. Lecture 17 March 24, 2011. Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson). Some Mathematics is Implicit. We view programming integers as though they are mathematical integers (subject to bounds, of course)

hung
Download Presentation

Formal Methods 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Formal Methods 2 Lecture 17 March 24, 2011 Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson) CS 315 Spring 2011

  2. Some Mathematics is Implicit • We view programming integers as though they are mathematical integers (subject to bounds, of course) • We associate mathematical operators (e.g., +) with operations we can do on integers in programs (e.g., +) • This association can be made explicit CS 315 Spring 2011

  3. Mathematical Modeling • Type Integer is modeled by Z; For all i: Integer, min_int <= i <= max_int; CS 315 Spring 2011

  4. Alternatively • Type Integer is modeled by Z; Let i be an example; Constraints for all i: Integer; min_int<= i <= max_int; CS 315 Spring 2011

  5. Alternatively • Type Integer is modeled by Z; exemplar i; constraintsmin_int<= i <= max_int; CS 315 Spring 2011

  6. Initial Value Specification • Type Integer is modeled by Z; exemplar i; constraintsmin_int <= i <= max_int; initialization ensures i= 0; CS 315 Spring 2011

  7. Specification of Operations • Type Integer is modeled by Z; … • Specification of operations, e.g., i++ Operation Increment (updates i: Integer) requires i < max_int ensures i = #i +1 CS 315 Spring 2011

  8. More Examples • What is a suitable way to model the state of a lightbulb? CS 315 Spring 2011

  9. More Examples Type Light_Bulb_Stateis modeled by B; exemplar b; Initializationensures b = false; Exercises: specification of operations Turn_on, Turn_off, and Is_On CS 315 Spring 2011

  10. More Examples • How would you model the state of a traffic light? • Alternative models and discussion CS 315 Spring 2011

  11. More Examples • How would you model a paper weight? CS 315 Spring 2011

  12. Data Abstraction Examples • How would you mathematically model the contents of a stack? • Is a set model appropriate? • Why or why not? • What about modeling a queue? CS 315 Spring 2011

  13. Mathematical Modeling Summary • To write formal specifications, we need to model the state mathematically • Some objects we use in programming, such as Integers and Reals, have implicit models • For others, such as stacks, queues, lists, etc., we need to conceive explicit mathematical models CS 315 Spring 2011

  14. Formal Specification of Java Interfaces CS 315 Spring 2011

  15. Basics • An interface • Describes what classes or components do • Does not describe how they should do it • An interface • Is a contract between component users (clients) and developers (implementers) • If the users satisfy the requirements for using the component, the component will provide guarantees CS 315 Spring 2011

  16. Principles of Interface Design • Information Hiding • Hide details unnecessary to use the component • Abstraction • Provide a “cover story” or explanation in user-oriented terms so they can understand the interface CS 315 Spring 2011

  17. Contract Specification • Requirements and guarantees • Requires clauses are preconditions • Ensures clauses are postconditions • Who is responsible for requires clauses? • What are the consequences of this? CS 315 Spring 2011

  18. Specification of Stacks • Mathematical modeling • How can we think of stacks “mathematically”? CS 315 Spring 2011

  19. Mathematical Strings • Unlike sets, strings have order • Example: Str(Z) for String of integers • Notations • Empty string (Written empty_string or L) • Concatenation (alpha o beta) • Length ( |alpha| ) • String containing one entry ( <5>) CS 315 Spring 2011

  20. Specification of IntStack Interface • Suppose IntStack is an interface • usesInteger_Theory, String_Theory; • Think of stacks of Integers as “math strings” of integers • this: Str(Z); • Specification of Constructor • initialization ensures this = empty_string; • Exercises: Specification of other stack operations CS 315 Spring 2011

  21. Specification of IntStack Interface Operation push (int x) updates this; restores x; ensures this = <x> o #this; intOperation pop (); updates this; requires this /= empty_string; ensures #this = <result of pop()> o this; boolOperationis_empty(); preserves this; ensures result of is_empty = (this = empty_string) CS 315 Spring 2011

  22. Java Specification Questions • What is the specification of “=“ to assign one IntStack object to another? • If you defined a “clone” method, what is its specification? • What are the advantages of using “=“ over “clone”? • What are the advantages of using “clone” over “=“? CS 315 Spring 2011

More Related