CS 501: Software EngineeringCourse AdministrationFormal SpecificationFormal Specification using Mathematical NotationFormal Specification Using DiagramsFormal Specification of Programming LanguagesFormal Specification using Z ("Zed")RememberExample: Specification using ZExample: AlgorithmExample: ProgramFormal Specification of Finite State Machine Using ZState Transition DiagramState Transition TableZ SpecificationZ Specification (continued)SchemasLibSys: An Example of ZLibSys: OperationsLibSysDomain and RangeLibSys: Schema for Abstract StatesSchema InclusionSchema Inclusion (continued)Schemas Describing OperationsOperation: Issue a BookSlide 27Operation: Issue a Book (continued)Schema DecorationSlide 30The Schema Calculus1CS 501 Spring 2003CS 501: Software EngineeringLecture 12Requirements IV2CS 501 Spring 2003Course AdministrationQuiz 2, Question 1(a)Grading of this part of Question 1 was inconsistent. If you would like me to regrade your solution, please return you answer book.Quiz 1 and Quiz 2The quizzes have been mounted on the Web site. If you have questions abour grading, please compare your solution to the question.3CS 501 Spring 2003Formal SpecificationWhy?• Precise standard to define and validate software.Why not?• May be time consuming• Methods are not suitable for all applications4CS 501 Spring 2003Formal Specification using Mathematical NotationExample from a mathematical software package:B1, B2, ... Bk is a sequence of m x m matrices1, 2, ... k is a sequence of m x m elementary matrices B1-1 = 1B2-1 = 21Bk-1 = k ... 21The numerical accuracy must be such that, for all k, BkBk-1 - I < 5CS 501 Spring 2003Formal Specification Using Diagramsdigitunsigned integerdigit.E+-unsigned integerunsigned integerunsigned numberPascal number syntax6CS 501 Spring 2003Formal Specification of Programming Languages<unsigned number> ::= <unsigned integer> | <unsigned real><unsigned integer> ::= <digit> {<digit>}<unsigned real> ::= <unsigned integer> . <digit> {<digit>} | <unsigned integer> . <digit> {<digit>} E <scale factor> | <unsigned integer> E <scale factor><scale factor> ::= <unsigned integer> | <sign> <unsigned integer><sign> ::= + | -Pascal number syntax7CS 501 Spring 2003Formal Specification using Z ("Zed")Ben Potter, Jane Sinclair, David Till,An Introduction to Formal Specification and Z(Prentice Hall) 1991Jonathan JackyThe Way of Z(Cambridge University Press) 19978CS 501 Spring 2003Remember• Formal specification does not guarantee correctness• Formal specification does not prescribe the implementation9CS 501 Spring 2003Informal: The function intrt(a) returns the largest integer whose square is less than or equal to a.Formal (Z):intrt: N N a : N • intrt(a) * intrt(a) < a < (intrt(a) + 1) * (intrt(a) + 1)Example: Specification using Z10CS 501 Spring 2003Example: Algorithm1 + 3 + 5 + ... (2n - 1) = n2Static specification does not describe the design of the system.A possible algorithm uses the mathematical identity:11CS 501 Spring 2003Example: Programint intrt (int a)/* Calculate integer square root */{ int i, term, sum; term = 1; sum = 1; for (i = 0; sum <= a; i++) { term = term + 2; sum = sum + term; } return i;}12CS 501 Spring 2003Formal Specification of Finite State Machine Using ZA finite state machine is a broadly used method of formal specification:• Event driven systems (e.g., games)• User interfaces• Protocol specificationetc., etc., ...13CS 501 Spring 2003State Transition DiagramPatientsFieldsSetup ReadyBeamonEnter EnterStartStopSelect fieldSelect patient(interlock)(ok)14CS 501 Spring 2003State Transition TableSelectPatientSelectFieldEnterokStart StopinterlockPatientsFieldsSetupReadyBeamonFieldsFieldsFieldsPatientsPatientsPatientsSetupSetupSetupReadyBeamonReady15CS 501 Spring 2003Z SpecificationSTATE ::= patients | fields | setup | ready | beam_onEVENT ::= select_patient | select_field | enter | start | stop | ok | interlockFSM == (STATE X EVENT) STATE no_change, transitions, control : FSMContinued on next slide16CS 501 Spring 2003Z Specification (continued)control = no_change transitionsno_change = { s : STATE; e : EVENT • (s, e) s }transitions = { (patients, enter) fields, (fields, select_patient) patients, (fields, enter) setup, (setup, select_patient) patients, (setup, select_field) fields, (setup, ok) ready, (ready, select_patient) patients, (ready, select_field) fields, (ready, start) beam_on, (ready, interlock) setup, (beam_on, stop) ready, (beam_on, interlock) setup }17CS 501 Spring 2003SchemasSchema:• The basic unit of formal specification.• Enables complex system to be specifed as subsystems• Describes admissible states and operations of a system.18CS 501 Spring 2003LibSys: An Example of ZLibrary system: • Stock of books.• Registered users.• Each copy of a book has a unique identifier.• Some books on loan; other books on shelves available for loan.• Maximum number of books that any user may have on loan.19CS 501 Spring 2003LibSys: Operations• Issue a copy of a book to a reader.• Reader returns a book.• Add a copy to the stock.• Remove a copy from the stock.• Inquire which books are on loan to a reader.• Inquire which readers has a particular copy of a book.• Register a new reader.• Cancel a reader's registration.20CS 501 Spring 2003LibSysLevel of Detail:Assume given sets: Copy, Book, ReaderGlobal constant: maxloans21CS 501 Spring 2003Domain and Rangedom mX Yxran mym : X Ydom m = { x X : y Y x y}ran m = { y Y : x X x y}mdomain:range:22CS 501 Spring 2003LibSys: Schema for Abstract StatesLibrarystock : Copy Bookissued : Copy Readershelved : F Copyreaders: F Readershelved dom issued = dom stockshelved dom issued = Øran issued readersr : readers • #(issued {r}) maxloans<23CS 501 Spring 2003Schema InclusionLibDBstock : Copy Bookreaders: F ReaderLibLoansissued : Copy Readershelved : F Copyr : Reader • #(issued {r}) maxloansshelved dom issued = Ø<24CS 501 Spring 2003Schema Inclusion (continued)LibraryLibDBLibLoansdom stock = shelved dom issuedran issued readers25CS 501 Spring 2003Schemas Describing OperationsNaming conventions for objects:Before: plain
View Full Document
Unlocking...