FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd:...
Transcript of FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd:...
![Page 1: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/1.jpg)
FormalZ : Playful Formal Method
E R A S M U S +Project 2017-1-NL01-KA203-035259
Wishnu Prasetya, Craig Leek, Orestis Melkonian, Jorris ten TusscherUniversiteit Utrecht
IMPRESS Projecthttps://impress-project.eu/
![Page 2: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/2.jpg)
Why is it difficult to write bug-free software?
Programinput output
pre-condition post-condition
Unfortunately in practice people do not make these “guards” explicit enough.
![Page 3: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/3.jpg)
Benefit of formal specifications● One source of truth● General, as opposed to concrete value test oracles● Facilitate automated testing● No, it does not require separate tooling --with !-
expression we can write specifications in-code.
● But yes... it does require some learning to appreciate it and become proficient with it.
![Page 4: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/4.jpg)
Example of in-code specifications
![Page 5: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/5.jpg)
A lesson in writing formal specifications
● A formula is either:
○ a simple formula
○ ∀identifier∈simple-expression● formula
○ ∃identifier∈simple-expression● formula ● For example:
○ ∀x∈Students● x.age ≥ 16
○ ∃x∈Students● x.age = 16
![Page 6: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/6.jpg)
A lesson in writing formal specifications
![Page 7: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/7.jpg)
FormalZ : playfully formal
![Page 8: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/8.jpg)
The game concept● It is an “educative game”, but not a trainer software.● A cross-genre game of tower-defense and construction
game
○ along the way, you also learn to formalize requirements.
● Deploy it in your course as a means to improve the students engagement.
![Page 9: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/9.jpg)
FormalZ Architecture
FormalZclient
FormalZclient
FormalZclient
game serverweb server
data
specification checker
![Page 10: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/10.jpg)
Tutorial FormalZ
https://science-vs160.science.uu.nl/
uname: funteacherpwd: forall(h,a->h[a]<3)
![Page 11: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/11.jpg)
Classroom management
![Page 12: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/12.jpg)
Defining a “problem”
![Page 13: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/13.jpg)
Few examples● int add1p(int x)
If x is a positive integer, this program returns x+1. Use "retval" to denote the return value.
pre: x > 0
post: retval == (x + 1)
![Page 14: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/14.jpg)
Few examples● boolean allzero(int[] a, int i, boolean retval)
Given a non-null array a, the program allzero checks if a consists of only 0's. The return value (represented by retval) will indicate this.
pre: a != null
post: retval == forall(a, i -> a[i] == 0)
![Page 15: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/15.jpg)
Classroom progress
![Page 16: FormalZ: Playful Formal Method - impress-project.eu€¦ · Tutorial FormalZ uname: funteacher pwd: forall(h,a->h[a]](https://reader034.fdocuments.net/reader034/viewer/2022050107/5f456f1eeca24356c87b82fa/html5/thumbnails/16.jpg)
Formalz future work
● Graphics.● Analytics.● Strengthening the gamification elements.● Studying these innovations in actual class rooms.● Public release.