1 CS 501 Spring 2003

CS 501: Software Engineering

Lecture 12

Requirements IV

2 CS 501 Spring 2003

Course Administration

Quiz 2, Question 1(a)

Grading of this part of Question 1 was inconsistent. If you would like me to regrade your solution, please return you answer book.

Quiz 1 and Quiz 2

The quizzes have been mounted on the Web site. If you have questions abour grading, please compare your solution to the question.

3 CS 501 Spring 2003

Formal Specification

Why?

• Precise standard to define and validate software.

Why not?

• May be time consuming

• Methods are not suitable for all applications

4 CS 501 Spring 2003

Formal Specification using Mathematical Notation

Example from a mathematical software package:

B1, B2, ... Bk is a sequence of m x m matrices

1, 2, ... k is a sequence of m x m elementary matrices

B1-1 = 1

B2-1 = 21

Bk-1 = k ... 21

The numerical accuracy must be such that, for all k,

BkBk-1 - I <

5 CS 501 Spring 2003

Formal Specification Using Diagrams

digitunsigned integer

digit. E

+

-

unsigned integerunsigned integer

unsigned number

Pascal number syntax

6 CS 501 Spring 2003

Formal Specification of Programming Languages

<unsigned number> ::= <unsigned integer> | <unsigned real>

<unsigned integer> ::= <digit> {<digit>}

<unsigned real> ::= <unsigned integer> . <digit> {<digit>} | <unsigned integer> . <digit> {<digit>} E <scale factor> | <unsigned integer> E <scale factor>

<scale factor> ::= <unsigned integer> | <sign> <unsigned integer>

<sign> ::= + | -

Pascal number syntax

7 CS 501 Spring 2003

Formal Specification using Z ("Zed")

Ben Potter, Jane Sinclair, David Till,

An Introduction to Formal Specification and Z

(Prentice Hall) 1991

Jonathan Jacky

The Way of Z

(Cambridge University Press) 1997

8 CS 501 Spring 2003

Remember

• Formal specification does not guarantee correctness

• Formal specification does not prescribe the implementation

9 CS 501 Spring 2003

Informal: The function intrt(a) returns the largest integer whose square is less than or equal to a.

Formal (Z):

intrt: N N

a : N •

intrt(a) * intrt(a) < a < (intrt(a) + 1) * (intrt(a) + 1)

Example: Specification using Z

10 CS 501 Spring 2003

Example: Algorithm

1 + 3 + 5 + ... (2n - 1) = n2

Static specification does not describe the design of the system.

A possible algorithm uses the mathematical identity:

11 CS 501 Spring 2003

Example: Program

int intrt (int a)/* Calculate integer square root */{ int i, term, sum; term = 1; sum = 1; for (i = 0; sum <= a; i++) { term = term + 2; sum = sum + term; } return i;}

12 CS 501 Spring 2003

Formal Specification of Finite State Machine Using Z

A finite state machine is a broadly used method of formal specification:

• Event driven systems (e.g., games)

• User interfaces

• Protocol specification

etc., etc., ...

13 CS 501 Spring 2003

State Transition Diagram

Patients Fields Setup ReadyBeam

on

Enter Enter Start

Stop

Select field

Select patient(interlock)

(ok)

14 CS 501 Spring 2003

State Transition Table

SelectPatient

SelectField

Enter ok Start Stop interlock

Patients

Fields

Setup

Ready

Beamon

Fields

Fields

Fields

Patients

Patients

Patients

Setup

Setup

Setup

Ready

Beamon

Ready

15 CS 501 Spring 2003

Z Specification

STATE ::= patients | fields | setup | ready | beam_on

EVENT ::= select_patient | select_field | enter | start | stop | ok | interlock

FSM == (STATE X EVENT) STATE

no_change, transitions, control : FSM

Continued on next slide

16 CS 501 Spring 2003

Z Specification (continued)

control = no_change transitions

no_change = { s : STATE; e : EVENT • (s, e) s }

transitions = { (patients, enter) fields,

(fields, select_patient) patients, (fields, enter) setup,

(setup, select_patient) patients, (setup, select_field) fields, (setup, ok) ready,

(ready, select_patient) patients, (ready, select_field) fields, (ready, start) beam_on, (ready, interlock) setup,

(beam_on, stop) ready, (beam_on, interlock) setup }

17 CS 501 Spring 2003

Schemas

Schema:

• The basic unit of formal specification.

• Enables complex system to be specifed as subsystems

• Describes admissible states and operations of a system.

18 CS 501 Spring 2003

LibSys: An Example of Z

Library system:

• Stock of books.

• Registered users.

• Each copy of a book has a unique identifier.

• Some books on loan; other books on shelves available for loan.

• Maximum number of books that any user may have on loan.

19 CS 501 Spring 2003

LibSys: Operations

• Issue a copy of a book to a reader.

• Reader returns a book.

• Add a copy to the stock.

• Remove a copy from the stock.

• Inquire which books are on loan to a reader.

• Inquire which readers has a particular copy of a book.

• Register a new reader.

• Cancel a reader's registration.

20 CS 501 Spring 2003

LibSys

Level of Detail:

Assume given sets:

Copy, Book, Reader

Global constant:

maxloans

21 CS 501 Spring 2003

Domain and Range

dom mX Yx

ran my

m : X Y

dom m = { x X : y Y x y}

ran m = { y Y : x X x y}

m

domain:

range:

22 CS 501 Spring 2003

LibSys: Schema for Abstract States

Library

stock : Copy Bookissued : Copy Readershelved : F Copyreaders: F Reader

shelved dom issued = dom stockshelved dom issued = Øran issued readersr : readers • #(issued {r}) maxloans<

23 CS 501 Spring 2003

Schema Inclusion

LibDB

stock : Copy Bookreaders: F Reader

LibLoansissued : Copy Readershelved : F Copy

r : Reader • #(issued {r}) maxloansshelved dom issued = Ø

<

24 CS 501 Spring 2003

Schema Inclusion (continued)

Library

LibDBLibLoans

dom stock = shelved dom issuedran issued readers

25 CS 501 Spring 2003

Schemas Describing Operations

Naming conventions for objects:

Before: plain variables, e.g., r

After: with appended dash, e.g., r'

Input: with appended ?, e.g., r?

Output: with appended !, e.g., r!

26 CS 501 Spring 2003

Operation: Issue a Book

• Inputs: copy c?, reader r?

• Copy must be shelved initially: c? shelved

• Reader must be registered: r? readers

• Reader must have less than maximum number of books on loan: #(issued {r?}) < maxloans

• Copy must be recorded as issued to the reader: issued' = issued {c? r?}

• The stock and the set of registered readers are unchanged: stock' = stock; readers' = readers

27 CS 501 Spring 2003

Operation: Issue a Book

stock, stock' : Copy Book

issued, issued' : Copy Reader

shelved, shelved': F Copy

readers, readers' : F Reader

c?: Copy; r? :Reader

[See next slide]

Issue

28 CS 501 Spring 2003

Operation: Issue a Book (continued)

[See previous slide]

Issue

shelved dom issued = dom stockshelved' dom issued' = dom stock'shelved dom issued = Ø; shelved' dom issued' = Øran issued readers; ran issued' readers'r : readers #(issued {r}) maxloansr : readers' #(issued' {r}) maxloansc? shelved; r? readers; #(issued {r?}) < maxloansissued' = issued {c? r?}stock' = stock; readers' = readers

<<

29 CS 501 Spring 2003

Schema Decoration

Issue

LibraryLibrary'c? : Copy; r? : Reader

c? shelved; r? readers#(issued {r?}) < maxloansissued' = issued {c? r?}stock' = stock; readers' = readers

30 CS 501 Spring 2003

Schema Decoration

Issue

Libraryc? : Copy; r? : Reader

c? shelved; r? readers#(issued {r?}) < maxloansissued' = issued {c? r?}stock' = stock; readers' = readers

31 CS 501 Spring 2003

The Schema Calculus

Schema inclusion

Schema decoration

Schema disjunction:

AddCopy AddKnownTitle AddNewTitle

Schema conjunction:

AddCopy EnterNewCopy AddCopyAdmin

Schema negation

Schema composition

=̂

=̂