1 / 19

VDM to Java

VDM to Java. Learning Outcomes. At the end of this lecture you should be able to:. Evaluate the suitability of Java for the implementation of VDM specifications; Translate simple VDM-SL types into Java types; Translate a VDM specification into a Java class;

sheryl
Download Presentation

VDM to Java

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. VDM to Java Learning Outcomes At the end of this lecture you should be able to: • Evaluate the suitability of Java for the implementation of VDM specifications; • Translate simple VDM-SL types into Java types; • Translate a VDM specification into a Java class; • Incorporate run-time assertions into Java implementations.

  2. The choice of Java as a programming language 1. Java is object-oriented 2. Java is portable 3. Java is robust 4. Java is high level

  3. INFORMAL SPECIFICATION (UML class diagram) FORMAL SPECIFICATION (VDM specification) IMPLEMENTATION (Java class) Lightweight Formal Methods

  4. From VDM-SL types to Java types  int int 1  int  double boolean  Char char

  5. Implementing the IncubatorMonitor specification values MAX :  = 10 MIN :  = -10 state IncubatorMonitor of temp :  inv mk-IncubatorMonitor(t) MINt MAX init mk-IncubatorMonitor(t) t = 5 end operations increment() ext wr temp :  pre temp < MAX post temp = + 1 -- more operations here Java class IncubatorMonitor { // code goes here } VDM-SL

  6. Translating a 'values' clause into Java values MAX :  = 10 MIN :  = -10 public static final int MAX = 10; int MIN = -10; public static final

  7. Translating a 'state' clause into Java state IncubatorMonitor of temp :  private int temp;

  8. Translating an 'invariant' into Java public boolean inv() { return (MIN <= temp && temp <= MAX); } inv mk-IncubatorMonitor(t) MIN t  MAX

  9. implements InvariantCheck

  10. Using the conjunction and disjunction operators in Java VDM-SL expression: Java x  y > 1  y  0 y!= 0 && x/y > 1 x/y > 1 && y!= 0 undefined  false undefined  false false undefined false undefined false

  11. x > y y + x > 1 VDM.implies(x > y, y +x > 1)

  12. Translating the 'initialization' clause into Java The initialization clause of the VDM specification defines valid initial values for attributes of the corresponding class; A constructor is the mechanism used to initialise class attributes in Java; public IncubatorMonitor() { temp = 5; } init mk-IncubatorMonitor(t) t = 5 VDM.invTest(this);

  13. increment() extwr temp :  pretemp < MAX posttemp = + 1 Translation of the increment operation public void increment() { temp = temp + 1; } VDM.preTest(temp < MAX); VDM.invTest(this);

  14. decrement() extwr temp :  pretemp > MIN posttemp = - 1 Translation of the decrement operation public void decrement() { temp = temp - 1; } VDM.preTest(temp > MIN); VDM.invTest(this);

  15. The getTemp operation getTemp() currentTemp :  extrdtemp :  pre true postcurrentTemp = temp public int getTemp() { return temp; }

  16. class IncubatorMonitor implements InvariantCheck { // constants public static final int MAX = 10; public static final int MIN = -10; // attributes private int temp; public boolean inv() // invariant { return (MIN <= temp && temp <= MAX); } public IncubatorMonitor() // initialisation { temp = 5; } // operations }

More Related