1 / 26

Algebraic Specification Software Specification Lecture 34

Algebraic Specification Software Specification Lecture 34. Prepared by Stephen M. Thebaut, Ph.D. University of Florida. Overview. Algebraic Specification involves specifying operations on an object in terms of their interrelationships .

vmoriarty
Download Presentation

Algebraic Specification Software Specification Lecture 34

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Algebraic Specification Software SpecificationLecture 34 Prepared by Stephen M. Thebaut, Ph.D. University of Florida

  2. Overview • Algebraic Specification involves specifying operations on an object in terms of their interrelationships. • Particularly appropriate for specifying the interfaces between systems. • First proposed by GUTTAG (1977) for the specification of abstract data types. • Easiest to scale-up when an object-oriented design approach is taken.

  3. Four Specification Components • Introduction – defines the sort (abstract data type) and declares other specifications that are used (“imported”). • Description – informally describes the operations on the sort.

  4. Four Specification Components (cont’d) • Signature – defines the syntax of the operations in the interface and their parameters. • Axioms – defines the operation semantics by defining axioms which characterize behavior.

  5. SPECIFICATION NAME (Generic Parameter) (Introduction) sort < name > imports < LIST OF SPECIFICATION NAMES > Informal Description of the sort and its operations Operation signatures setting out the names and the types of the parameters to (and the results of) the operations Axiomsdefining the operations over the sort Graphical Representation

  6. Types of Operations • Constructor operations: operations which create / modify entities of the type • Inspection operations: operations which evaluate entities of the type being specified --------------------------------------------- Rule of Thumb for Defining Axioms: define an axiom which sets out what is always true for each inspection operation over each constructor.

  7. Operations on a Generic “ARRAY” Abstract Data Type • Constructor operations: Create, Assign • Inspection operations: First, Last, Eval

  8. ARRAY ( Elem: [Undefined → Elem]) sort Array imports INTEGER Arrays are collections of elements of generic type Elem. They have a lower and upper bound (discovered by the operations First and Last). Individual elements are accessed via their numeric index. Create takes the array bounds as parameters and creates the array, initializing its values to Undefined. Assign creates a new array which is the same as the input with the specified element assigned the given value. Eval reveals the value of a specified element. If an attempt is made to access a value outside the bounds of the array, the value is undefined. Create (Integer, Integer) → Array Assign (Array, Integer, Elem) → Array First (Array) → Integer Last (Array) → Integer Eval (Array, Integer) → Elem First (Create (x, y)) = x First (Assign (a, n, v)) = First (a) Last (Create (x, y)) = y Last (Assign (a, n, v)) = Last (a) Eval (Create (x, y), n) = Undefined Eval (Assign (a, n, v), m) = if m < First (a) or m > Last (a) then Undefined else if m = n then v else Eval (a, m)

  9. Informal Description of Array Arrays are collections of elements of generic type Elem. They have a lower and upper bound (discovered by the operations First and Last). Individual elements are accessed via their numeric index.

  10. Informal Description of Array (cont’d) Create takes the array bounds as parameters and creates the array, initializing its values to Undefined. Assign creates a new array which is the same as the input with the specified element assigned the given value. Eval reveals the value of a specified element. If an attempt is made to access a value outside the bounds of the array, the value is undefined.

  11. Array Signatures • Create (Integer, Integer) → Array • Assign (Array, Integer, Elem) → Array • First (Array) → Integer • Last (Array) → Integer • Eval (Array, Integer) → Elem

  12. Array Axioms • First (Create (x, y)) = x • First (Assign (a, n, v)) = First (a) • Last (Create (x, y)) = y • Last (Assign (a, n, v)) = Last (a) • Eval (Create (x, y), n) = Undefined • Eval (Assign (a, n, v), m) = if m < First (a) or m > Last (a) then Undefined else if m = n then v else Eval (a, m) Note RECURSIVE definition

  13. Example Let: A1 := Assign (Create (1, 3), 3, c) A2 := Assign (A1, 2, b) A2 = [Undefined, b, c] 1 2 3 What is the value of: Eval (Assign (A2, 1, a), 2) ? b Use axiom 6 to prove this.

  14. Proof By axiom 6, Eval (Assign (A2, 1, a), 2) = if 2 < First (A2) = 1 or 2 > Last (A2) = 3 then Undefined else if 2 = 1 then a else Eval (A2, 2) = Eval (A2, 2) = Eval (Assign (A1, 2, b), 2)

  15. Proof (cont’d) Again, by axiom 6, Eval (Assign (A1, 2, b), 2) = if 2 < First (A1) = 1 or 2 > Last (A1) = 3 then Undefined else if 2 = 2 then b else Eval (A1, 2) = b

  16. More generally… • Can you prove that the axioms allow one to deduce appropriate values of First, Last, and Eval for any syntactically correct sequence of constructor operations? • In other words, can you prove that the algebraic specification of sort Array is complete w.r.t. our understanding of how arrays work? • If so, how?

  17. More Examples What are the values of the following operation sequences: • Eval (Assign (Create (-3, 0), -2, a), -2)

  18. A Visual Interpretation of Operation Effects Eval(Assign (Create (-3, 0),-2, a),-2) (Undefined, Undefined, Undefined, Undefined) -3 -2 -1 0 (Undefined, a , Undefined, Undefined) -3 -2 -1 0 a

  19. More Examples What are the values of the following operation sequences: • Eval (Assign (Create (-3, 0), -2, a), -2) = a • Eval (Assign (Create (5, 5), 5, b), 5) = b • Eval (Assign (Create (3, -2), 1, c), 1) = Undefined

  20. Why “Undefined”? By axiom 6, Eval (Assign (Create (3, -2), 1, c), 1) = if 1< 3 or 1 > -2 then Undefined else… = Undefined

  21. Exercise 1 Modify the definition of sort ARRAY to allow use (via Assigns and Evals) of arrays such as Create (3, -2).

  22. CHAR_ARRAY: ARRAY sort Char_array instantiates Array (Elem:=Char) imports INTEGER Specification Instantiation • A simple form of reuse. • An existing specification utilizing a generic parameter is instantiated with some other sort, e.g.:

  23. Exercise 2 Write an algebraic specification for an abstract data type representing a STACK with operations: New – Bring a stack into existence Push – Add an element to the top of a stack Top – Evaluate the top element of a stack (without removing it) Retract – Remove the top element from a stack and return the modified stack Is_Empty – True if and only if there are no elements on a stack

  24. Key Points • Algebraic specifications should be constructed by identifying constructor operations which create instances of the type or class, and inspection operations which inspect the values of these instances. The semantics of each inspection operation should be defined for each constructor.

  25. Key Points (cont’d) • It can be difficult to prove that algebraic specifications are complete and consistent. • Formal specifications should always have an associated informal description to make the formal semantics more understandable.

  26. Algebraic Specification Software SpecificationLecture 34 Prepared by Stephen M. Thebaut, Ph.D. University of Florida

More Related