1 / 32

CS 501: Software Engineering

Understand the importance, methods, and limitations of formal specification in software engineering using mathematical notation, diagrams, and tools like Z language. Explore examples and implications of formal specification for programming languages and finite state machines. Discover the application of formal specification for system design and verification in software development.

sallyd
Download Presentation

CS 501: Software Engineering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 501: Software Engineering Lecture 10 Requirements 4

  2. Course Administration Presentations, March 9-10 Read the instructions on the Assignments web page Reserve a time slot by sending email to anat@cs.cornell.edu. Time slots are listed on the home page of the web site. First-come-first-served.

  3. Formal Specification Why? • Precise standard to define and validate software. Why not? • May be time consuming • Methods are not suitable for all applications

  4. Remember Formal specification does not prescribe the implementation With formal specification it is possible, at least theoretically, to generate code automatically from the specification, but this may not be the most effective way: • Writing the generator may be a very large programming task. • The resulting code may perform badly. Formal specification does not guarantee correctness • If the specification is wrong, the system will be wrong.

  5. Formal Specification using Mathematical Notation Mathematical requirements can be specified formally. Example: requirements from a mathematical package: B1, B2, ... Bk is a sequence of m x m matrices 1, 2, ... k is a sequence of m x m elementarymatrices B1-1 = 1 B2-1 = 21 Bk-1 = k ... 21 The numerical accuracy must be such that, for all k, BkBk-1 - I<

  6. digit digit + . E - Formal Specification Using Diagrams Example: Pascal number syntax unsigned integer unsigned number unsigned integer unsigned integer

  7. Formal Specification of Programming Languages Example: Pascal number syntax <unsigned number> ::= <unsigned integer> | <unsigned real> <unsigned integer> ::= <digit> {<digit>} <unsigned real> ::= <unsigned integer> . <digit> {<digit>} | <unsigned integer> . <digit> {<digit>} E <scale factor> | <unsigned integer> E <scale factor> <scale factor> ::= <unsigned integer> | <sign> <unsigned integer> <sign> ::= + | -

  8. Formal Specification using Z ("Zed") Z is a specification language developed by the Programming Research Group at Oxford University around 1980. Z is used for describing and modeling computing systems. It is based on axiomatic set theory and first order predicate logic. Ben Potter, Jane Sinclair, David Till, An Introduction to Formal Specification and Z (Prentice Hall) 1991 Jonathan Jacky The Way of Z (Cambridge University Press) 1997

  9. Example: Specification using Z Informal: The function intrt(a) returns the largest integer whose square is less than or equal to a. Formal (Z): intrt: NN a : N • intrt(a) * intrt(a) < a < (intrt(a) + 1) * (intrt(a) + 1)

  10. Example: Implementation of intrt Static specification does not describe the design of the system. A possible algorithm uses the mathematical identity: 1 + 3 + 5 + ... (2n - 1) = n2

  11. Example: Program for intrt int intrt (int a) /* Calculate integer square root */ { int i, term, sum; term = 1; sum = 1; for (i = 0; sum <= a; i++) { term = term + 2; sum = sum + term; } return i; }

  12. Formal Specification of Finite State Machine Using Z A finite state machine is a broadly used method of formal specification: • Event driven systems (e.g., games) • User interfaces • Protocol specification etc., etc., ...

  13. State Transition Diagram Select field Start Enter Enter (lock off) Beam on Patients Fields Setup Ready Stop (lock on) Select patient

  14. State Transition Table Select Patient Select Field lock on lock off Enter Start Stop Patients Fields Setup Patients Fields Setup Fields Ready Patients Beam on Patients Ready Fields Setup Beam on Ready Setup

  15. Z Specification STATE ::= patients | fields | setup | ready | beam_on EVENT ::= select_patient | select_field | enter | start | stop | lock_off | lock_on FSM == (STATE X EVENT) STATE no_change, transitions, control : FSM Continued on next slide

  16. Z Specification (continued) control = no_change transitions no_change = { s : STATE; e : EVENT • (s, e) s } transitions = { (patients, enter)fields, (fields, select_patient) patients, (fields, enter) setup, (setup, select_patient) patients, (setup, select_field) fields, (setup, lock_off) ready, (ready, select_patient) patients, (ready, select_field) fields, (ready, start) beam_on, (ready, lock_on) setup, (beam_on, stop) ready, (beam_on, lock_on) setup }

  17. Schemas Schema: • The basic unit of formal specification. • Enables complex system to be specified as subsystems • Describes admissible states and operations of a system.

  18. LibSys: An Example of Z Library system: • Stock of books. • Registered users. • Each copy of a book has a unique identifier. • Some books on loan; other books on shelves available for loan. • Maximum number of books that any user may have on loan.

  19. LibSys: Operations • Issue a copy of a book to a reader. • Reader returns a book. • Add a copy to the stock. • Remove a copy from the stock. • Inquire which books are on loan to a reader. • Inquire which readers has a particular copy of a book. • Register a new reader. • Cancel a reader's registration.

  20. LibSys: Modeling Formal Specifications are models. As with all models, it is necessary to decide what should be included and what can be left out. Level of detail Assume given sets: Copy, Book, Reader Global constant: maxloans

  21. Domain and Range ran m X dom m Y m y x m : XY dom m = { x X :  y  Y  xy} ran m = { y Y :  x  X  xy} domain: range:

  22. < LibSys: Schema for Abstract States Name Library stock : CopyBook issued : CopyReader shelved : FCopy readers: FReader shelved dom issued = dom stock shelved dom issued = Ø ran issued readers r : readers• #(issued {r}) maxloans finite subset Declaration part Predicate

  23. < Schema Inclusion LibDB stock : Copy Book readers: FReader LibLoans issued : Copy Reader shelved : FCopy r : Reader• #(issued {r}) maxloans shelved dom issued = Ø

  24. Schema Inclusion (continued) Library LibDB LibLoans dom stock = shelved dom issued ran issued  readers

  25. Schemas Describing Operations Naming conventions for objects: Before: plain variables, e.g., r After: with appended dash, e.g., r' Input: with appended ?, e.g., r? Output: with appended !, e.g., r!

  26. Operation: Issue a Book • Inputs: copy c?, reader r? • Copy must be shelved initially: c?  shelved • Reader must be registered: r?  readers • Reader must have less than maximum number of books on loan: #(issued {r?}) < maxloans • Copy must be recorded as issued to the reader: issued' = issued {c? r?} • The stock and the set of registered readers are unchanged: stock' = stock; readers' = readers

  27. Operation: Issue a Book stock, stock' : Copy Book issued, issued' : Copy Reader shelved, shelved': FCopy readers, readers' : FReader c?: Copy; r? :Reader [See next slide] Issue

  28. < < Operation: Issue a Book (continued) Issue [See previous slide] shelved dom issued = dom stock shelved' dom issued' = dom stock' shelved  dom issued = Ø; shelved'  dom issued' = Ø ran issued  readers; ran issued'  readers' r : readers  #(issued {r}) maxloans r : readers'  #(issued' {r}) maxloans c? shelved; r?  readers; #(issued  {r?}) < maxloans issued' = issued  {c? r?} stock' = stock; readers' = readers

  29. Schema Decoration Issue Library Library' c? : Copy; r? : Reader c? shelved; r?  readers #(issued {r?}) < maxloans issued' = issued  {c? r?} stock' = stock; readers' = readers

  30. Schema Decoration Issue Library c? : Copy; r? : Reader c? shelved; r?  readers #(issued {r?}) < maxloans issued' = issued  {c? r?} stock' = stock; readers' = readers

  31. ^ ^ = = The Schema Calculus Schema inclusion Schema decoration Schema disjunction: AddCopy AddKnownTitle  AddNewTitle Schema conjunction: AddCopyEnterNewCopy  AddCopyAdmin Schema negation Schema composition

  32. In carefully monitored industrial use, Z has been shown to improve the timeliness and accuracy of software development, yet it is widely used in practice.  Complexity of notation makes communication with client difficult.  Few software developers are comfortable with the underlying axiomatic approach.  Heavy notation is awkward to manipulate with conventional tools, such as word processors. Z in Practice

More Related