## Are you sure?

This action might not be possible to undo. Are you sure you want to continue?

**Course Learning Outcomes
**

After completing this course, students should be able to: } explain the role of formal methods within software engineering; } formulate formal specifications for simple software components; } refine and implement formal specifications in an imperative programming language.

Course administration

}

Course assessment:

} } }

60% Final exam 20% quizzes 20% mid-term test A. Diller, An Introduction to Formal Methods, John Wiley & Sons. J.M. Spivey, The Z Notation: A Reference Manual, Prentice-Hall. } Softcopy obtainable from http://spivey.oriel.ox.ac.uk/mike/zrm/

}

Text Books:

} }

.Outline } } } } } Introduction Why formal methods? Mathematical preliminaries Applying mathematical notations for formal specifications: An example. Formal specification languages.

Introduction • What is Software Engineering? • The formal methods approach to software construction: • Views program and its execution as mathematical objects. . • Employs mathematical and logical techniques to specify and analyze the properties and behavior of these objects.

produce I. Two tasks: • Verification – Given S and I. validate that I is a correct implementation of S. . called an implementation. • Synthesis – Given S.What can software engineers do with formal methods? Given two distinct description of the same system: • S is an abstract description called a specification. • I is a concrete description.

. • Many applications of formal methods in the development of safety-critical software. development of communication protocols.How successful is the application of formal methods? • Successful in the development of of hardware. embedded software.

Why formal methods? .

What is a formal method? A method is formal if } It has a sound mathematical basis (formal specification language) Consistency Completeness Correctness Object constraint language (OCL) Vienna Development Method (VDM) Z How do we show the correctness of software? What about UML diagrams… are they formal or informal? .

Why should we use formal methods? • Mandatory in certain circumstances: • UK Defense Standard 0055 – The Procurement of safety critical software in defense equipment. . • Potential cost savings through reduced testing time. • UK Defense Standard 0056 – Hazard analysis and safety classification of the computer and programmable electronic system elements of defense equipment.

the password consists of six digits. may state that the system must monitor all temperatures in a chemical reactor. while another part (maybe written by another person) may state that only temperatures occurring within a certain range are to be monitored. It should be displayed on the security VDU and deposited in the login file when an operator logs into the system . } Ambiguities } Eg: The operator identity consists of the operator name and password.Deficiencies of less formal approaches (1) } Contradictions } Eg: One part of system spec.

.Deficiencies of less formal approaches (2) } Incompleteness Suppose we have a storage requirement like this one: } The system should maintain the hourly level of the reservoir from depth sensors situated in the reservoir. What happens if there is a command such as: } The function of the AVERAGE command is to display on a PC the average water level for a particular sensor between two times. These values should be stored for the past six months.

and thus is useful for modeling. Provides a high-level validation tool: to show that a design matches a specification. object or the outcome of an action. It is an exact medium. It supports abstraction. Specifications can be mathematically validated for contradictions and incompleteness. .Why mathematics in software development? } } } } } Succinctly and exactly describe a physical situation. hence minimizing ambiguity.

Possible operations: • add • remove . State: Collection of the systems stored data (for the case of Z). Operation: Action that takes place within a system. Symbol table keeping names of OS users. Precondition: Condition(s) that must be fulfilled before an operation takes place.Formal methods concepts: A soft introduction Example 1: A symbol table } } } } } Data invariant: condition that is true throughout the execution of the system that contains a collection of data. It may or may not affect the system state. Postcondition: Condition(s) that are guaranteed to be true after the completion of an operation.

Example 2: A block handler .

.and post-conditions of these operations? Examples of invariants: } } } } } No block will be marked as both used and unused. The collection of used blocks will have no duplicate numbers. Check whether the queue of blocks is empty. } } What are the pre.) } } What defines the state of this system? Two possible operations are } } Add a collection of blocks to the end of the queue.Block handler (cont. The queue does not contain elements with the same block numbers The collection of unused blocks will have no duplicate numbers. ….

Mathematical preliminaries .

‘pending’} These two are equivalent report ::= ‘pass’ | ‘fail’ | ‘pending’. 94} .. ‘fail’. 93. 92. 91. } Enumeration: Writing down all the elements.Sets There are two ways of specifying a set. 90. 94 = {89. report = {‘pass’. 89 .

4.} Set comprehension { n: ℕ | n ≠0 ˄ n mod 2 = 0 ∙ n } declaration formula term } What does the following mean? ∀x: ℤ | x ∈ {1.8} ∙ x < 11 ∃x: Europe | x borders albania ∙ ec x .2.7.

2}} ℙ1({1. {1.2}) = {{1}. {1}. {1. ℙ({1. {2}.Power sets } The powerset of a set X is the set containing all the subset of X. {2}.2}} The set of non-empty subsets } } .2}) = {∅.

formal. Example of a sequence: <intro.Sequences } } } A sequence is a mathematical structure that models the fact that its elements are ordered. to. methods> Operations on sequences: } Concatenation .

2).3} × {2.4).3} × {2. 4} A relation F between X and Y is a subset of the cartesian product X × Y. Examples: {1. (3. 4} = {(1. (3. then X × Y is their Cartesian product (also known as cross product).4)} (3.Cartesian products and relations (1) } } } } If X and Y are sets. .2). That is.2) ∈ {1. (1. 4} 3 ↦ 2 ∈ {1.3} × {2. F ⊆ X × Y The set of all relations between elements drawn from X and Y is written as X ↔ Y.

Cartesian products and relations (2) } X ↔ Y == ℙ(X × Y) Further notations: } F: X ↔ Y (F is a relation between X and Y) } 3 ↦ 2 ∈ F (The ordered pair (3.2) is a member of the relation F) .

Applying mathematical notation for formal specification: An example .

Introduce another set called AllBlocks. The state can be described as: } Data invariant can be described as follows: . which is a set of blocks that lie between 1 and MaxBlocks.Block handler (from earlier example) } } } Introduce a set named BLOCKS that consists of every block number.

} } Precondition Postcondition Notice that the three variables after the operation is primed .} Operation 1: Remove an element from the head of the block queue.

} } } Precondition: Postcondition: . to the block queue. Ablocks.} Operation 2: Add a collection of blocks.

Formal specification languages .

Main components of a formal specification language } Syntax } } Defines the specific notation with which the specification is represented. However it is difficult to express the following in a programming language: } “For all x in an infinite set A. Derived from standard set theory notation and predicate calculus (First order logic). A programming language has a set of semantics that enables the programmer to specify how an input can be turned into output. } Semantics } } } Defines how a specification language represents system requirements. there exists a y in an infinite set B such that property P holds for x and y” .

.} A set of relations } Example: a relation called telephones that relates staff names of a university to the phone numbers.

} relations. . } Schemas are used to describe a specification’s state space and operations.A brief overview of Z (‘zed’) } Z applies typed sets. and } functions within the context of first order predicate logic to build } schemas } } A schema in Z gives structure to a formal specification.

Summary of Z notation (1) This is how a schema looks .

Summary of Z notation (2) .

.Learning outcomes After completion of this lecture. } Recall a simple Z schema. and how it compliments the conventional software design process. } Recall and understand the fundamental mathematical structures essential to formal methods. you should be able to: } Explain why formal methods is important.

Journal of Universal Computer Science.Further reading Hall. 13(5). 669-678. . (2007). Realizing the benefits of formal methods. A.

- DBMS IntroductionDinesh Reddy P
- 10.1.1.10.5066Paraiba da Paraiba
- introtosim-1224785738768258-8Renglones En Blanco
- SUPERVISORY GUIDANCE ON MODEL RISK MANAGEMENT - April 4, 2011subramanianganapathy
- DBMS q5.docdebbie
- Analysis of Real-Time Scheduling Problems in Time PEtri Net Modelsxbarretox
- Logic Jnl IGPL-2009-Caicedo-91-129(1)Cain Pinto
- UML NOTES (2)(1)pulijala09
- Bab-005_QueueCecep Sz
- RE-DFA very small n simplifiedchinmayy
- data_modelingbusi_2
- 03 1 Modelling Methodmmanoj
- OJS_fileTariq Rahim
- ai-FOLAmimul Ihsan
- 10.1.1.18Shazim Surmawala
- Artificial Neural Networks for Machining Processes Surfacevaalgatamilram
- Entity Relationship e r Modeling Mine Ee (1)Izza Nasir
- Actualism, Ontological Commitment, And Possible World Semantics-Christopher MenzelAnonymous ZS464aL
- Dbms Units Notesshanutinku
- fcps13Soham Chatterjee
- dbdesign-condgnsambashivarao
- Models of CB & Industrial Buying Behaviourshivali_kamal4622
- Dsdm Development Techniques:)
- 05-PolymorphismPutu Rara EY
- Design+ +Part+1Vincenzo Raimondi
- MC0067Nakul Vegad
- Design of Flexible and Adaptable Healthcare Buildings of the Future - A BIM ApproachFausto Favia
- DBMSDivya Elangovan
- Keller Et Al2010 ICMCAna Barros
- C3 DB DataModels FinAndrei Ardelean

- tmpDB70.tmpFrontiers
- UT Dallas Syllabus for se3306.001.09s taught by Joao Cangussu (jwc021000)UT Dallas Provost's Technology Group
- UT Dallas Syllabus for se3306.001.07f taught by Ying Liu (yxl059100)UT Dallas Provost's Technology Group
- UT Dallas Syllabus for se3306.001.08f taught by Jason Jue (jjue)UT Dallas Provost's Technology Group

- UT Dallas Syllabus for math3303.501 05f taught by Thomas Butts (tbutts)UT Dallas Provost's Technology Group
- nullM-NCPPC
- As NZS ISO 19136-2008 Geographic Information - Geography Markup Language (GML)SAI Global - APAC
- tmpFF5C.tmpFrontiers
- As NZS 2777.1-1998 Information Processing Systems - Open Systems Interconnection - Basic Reference Model TheSAI Global - APAC
- A Conceptual Model for Ontology Based LearningWhite Globe Publications (IJORCS)
- A Survey On Mining Conceptual Rule and Ontological Matching For Text SummarizationInternational Journal for Scientific Research and Development
- As ISO 13584.20-2004 Industrial Automation Systems and Integration - Parts Library Logical Resource- LogicalSAI Global - APAC
- As ISO 10303.104-2004 Industrial Automation Systems and Integration - Product Data Representation and ExchangSAI Global - APAC
- nullM-NCPPC
- As NZS ISO 19109-2006 Geographic Information - Rules for Application SchemaSAI Global - APAC
- UT Dallas Syllabus for arts3365.581.07u taught by Greg Metz (glmetz)UT Dallas Provost's Technology Group
- As NZS ISO 19101-2003 Geographic Information - Reference ModelSAI Global - APAC
- As NZS ISO 19120-2006 Geographic Information - Functional StandardsSAI Global - APAC
- As NZS ISO 19117-2006 Geographic Information - PortrayalSAI Global - APAC
- HB 312-2006 B2B Registry Service - Product Business RequirementsSAI Global - APAC
- As NZS ISO 19103-2006 Geographic Information - Conceptual Schema LanguageSAI Global - APAC
- As NZS ISO 19121-2006 Geographic Information - Imagery and Gridded DataSAI Global - APAC
- RDA: Designed for Current and Future EnvironmentsAmerican Library Association
- As NZS ISO 19123-2006 Geographic Information - Schema for Coverage Geometry and FunctionsSAI Global - APAC
- As NZS ISO 19107-2005 Geographic Information - Spatial SchemaSAI Global - APAC
- As NZS ISO 19111-2008 Geographic Information - Spatial Referencing by CoordinatesSAI Global - APAC
- As NZS ISO IEC 15909.1-2006 Software and System Engineering - High-Level Petri Nets Concepts Definitions AndSAI Global - APAC
- As NZS ISO 19131-2008 Geographic Information - Data Product SpecificationsSAI Global - APAC
- As 10303.46-1998 Industrial Automation Systems and Integration - Product Data Representation and Exchange IntSAI Global - APAC
- tmpADB6.tmpFrontiers

Sign up to vote on this title

UsefulNot usefulClose Dialog## Are you sure?

This action might not be possible to undo. Are you sure you want to continue?

Loading