System Specification In

VDM-SL

INCUBATOR MONITOR CASE STUDY

 A lightweight approach to formal
program development in VDM

System Specification
The initial part in determining the behavior of the system
through “Requirements Analysis”

Unified Modelling language (UML) is used to express the

system attributes and behaviors.

Then the (UML) is converted to (VDM-SL) to formally

specify the system behavior through mathematical
concepts and predict logic. Finally, we will implement the
VDM specification into Java.
 Specification in VDM - SL
VDM-SL It is a specification language that provides facilities for the functional specifications of sequential
systems with basic support for modular structuring.
We implement the VDM-SL using the “Overture” tool.
We are going to illustrate the formal structure used to properly express the system in VDM-SL using a
“Incubator Monitor” case study.

To Install the Overture:

Install Java Development Kit 8 or higher:
https://www.oracle.com/eg/java/technologies/javase/javase8u211-later-archive-downloads.html
Download Overture : https://www.overturetool.org/download/
 Template for VDM-SL Specifications
The VDM-SL of the system has the following components:

1. Types
2. Values
3. State:
A. Attributes
B. Invariant statement
C. Initialization statement
4. Functions
5. operations
 Incubator Monitor System Specification
• The incubator’s temperature needs to be carefully controlled and monitored in order to provide the
correct conditions for a particular biological experiment to be undertaken.
•As mentioned in Lecture(1), there is “Incubator Monitor” that basically increases or decreases the
temperature by 1 as long as the temperature is between the range of the safety requirements ( -10<= temp
<=10) and retrieves the current temperature. Moreover, it assumes that the initial temperature is 5 degree
Celsius.
•The attributes and the operation for this example are:
• Temp: Is the attribute that holds the value for the Incubator’s temperature.
• Increment(): Is the operation that increases the temperature by one.
• Decrement(): Is the operation that decreases the temperature by one.
• getTemp(): Is the operation that returns the current temperature value.
Converting the UML to VDM-SL
Incubator Monitor Implicit VDM-SL
Specification
 Types
•The first thing to be determined in the system are “types” which are user-defined data
similar to classes and enumerations.
•Types have various structures depending on the data type that should be created whether
it’s a simple “data type” or “enum” or a “composite object”.
•They have the following structure:
o For simple data types : VariableName= data type;
o Enum : EnumName=<choice.1>|<choice.2>|<choice.n>;It is named as quote in VDM
 Values
•Values are considered constants in VDM-SL , they are used to further enhance the
readability of the system.
•They have the following structure :
values
ConstantName : DataType = Value;
 State of the System
• Holds permeant data that needs to be
stored by the system. The data is
accessed by functions and operations.
•It holds both the system invariant and
initialization statements.
•The initial structure of the state is in the
form is as follows :
state <Module Name> of

end;
State of the System (Attributes)
•All the variables to be used in the system should be present in the state .
•They have the structure of : Variable Name : Data type
 State of the System (Invariant)
•The state invariant is a function that sets a global constraint to the whole system.

•It a structure as follows : inv mk_<ModuleName>(att1,att2,…,attn)== conditions

•In our incubator monitor system temperature must be within certain range.
 State of the System (Initialization)
•The state initialization is a function that describes the initial state of the system similar to a
constructor.
•This function is specified after the declaration of the invariant, and prescribes the conditions
that the system must satisfy when it is first brought into being.
•It has a s structure as follows : init initSystem == initSystem = mk_<Module
name>(intialvalue,intialvalue,..)
Functions
• A function receives an input value (or values) and maps this to an output value
according to some rule or logic.
• It has the following structure :
FunctionName: (attribute type) -> return type
Function Name(attribute reference) ==
(
logic
);
 Operations
•Operations are used to specify the
behavior of the system. They access the
state in some way, either by reading or
writing the data, or both.
•It has the following structure :
OperationName: (attributeType) ==> ReturnType
OperationName(attributeRefrence) ==
(
logic
);
increment : it is an operation that increases the value of the temp
attribute exactly one Celsius for the incubator.
 Operations (Cont.)
decrement : it is an operation that decreases the
value of the temp attribute by one Celsius for the
incubator.

Records one degree decrease in the

temperature, only if the temperature is
more than the minimum value.
 Operations (Cont.)
getTemp : an operation that returns the value of the temperature.
 Running Functions & Operations in
Overture
• Each function runs separately one by one.
•Follow these steps on the Overture: Run
 Run Configurations  (on the left-side)
press VDM SL Model  (right click) press
new  write your desired configuration
name  browse your project  In the
“Entry Point”, search for the desired
function in your module. add the
required parameters (if any)  click on
Apply and Run buttons.
 Running Traces in Overture
Follow these steps on the Overture: Open
Perspective  Combinatorial Testing 
press Open In the CT Overview  Right
click on the name of the trace  Press Full
Evaluation  Click on the trace test result
to see the output.