200 likes | 378 Views
VDM to Java. Learning Outcomes. At the end of this lecture you should be able to:. Evaluate the suitability of Java for the implementation of VDM specifications; Translate simple VDM-SL types into Java types; Translate a VDM specification into a Java class;
E N D
VDM to Java Learning Outcomes At the end of this lecture you should be able to: • Evaluate the suitability of Java for the implementation of VDM specifications; • Translate simple VDM-SL types into Java types; • Translate a VDM specification into a Java class; • Incorporate run-time assertions into Java implementations.
The choice of Java as a programming language 1. Java is object-oriented 2. Java is portable 3. Java is robust 4. Java is high level
INFORMAL SPECIFICATION (UML class diagram) FORMAL SPECIFICATION (VDM specification) IMPLEMENTATION (Java class) Lightweight Formal Methods
From VDM-SL types to Java types int int 1 int double boolean Char char
Implementing the IncubatorMonitor specification values MAX : = 10 MIN : = -10 state IncubatorMonitor of temp : inv mk-IncubatorMonitor(t) MINt MAX init mk-IncubatorMonitor(t) t = 5 end operations increment() ext wr temp : pre temp < MAX post temp = + 1 -- more operations here Java class IncubatorMonitor { // code goes here } VDM-SL
Translating a 'values' clause into Java values MAX : = 10 MIN : = -10 public static final int MAX = 10; int MIN = -10; public static final
Translating a 'state' clause into Java state IncubatorMonitor of temp : private int temp;
Translating an 'invariant' into Java public boolean inv() { return (MIN <= temp && temp <= MAX); } inv mk-IncubatorMonitor(t) MIN t MAX
Using the conjunction and disjunction operators in Java VDM-SL expression: Java x y > 1 y 0 y!= 0 && x/y > 1 x/y > 1 && y!= 0 undefined false undefined false false undefined false undefined false
x > y y + x > 1 VDM.implies(x > y, y +x > 1)
Translating the 'initialization' clause into Java The initialization clause of the VDM specification defines valid initial values for attributes of the corresponding class; A constructor is the mechanism used to initialise class attributes in Java; public IncubatorMonitor() { temp = 5; } init mk-IncubatorMonitor(t) t = 5 VDM.invTest(this);
increment() extwr temp : pretemp < MAX posttemp = + 1 Translation of the increment operation public void increment() { temp = temp + 1; } VDM.preTest(temp < MAX); VDM.invTest(this);
decrement() extwr temp : pretemp > MIN posttemp = - 1 Translation of the decrement operation public void decrement() { temp = temp - 1; } VDM.preTest(temp > MIN); VDM.invTest(this);
The getTemp operation getTemp() currentTemp : extrdtemp : pre true postcurrentTemp = temp public int getTemp() { return temp; }
class IncubatorMonitor implements InvariantCheck { // constants public static final int MAX = 10; public static final int MIN = -10; // attributes private int temp; public boolean inv() // invariant { return (MIN <= temp && temp <= MAX); } public IncubatorMonitor() // initialisation { temp = 5; } // operations }