PRINCE 2 for Managers Copyright, 2003 © Jerzy R. Nawrocki [email protected]
Introduction to VDM Copyright, 2003 © Jerzy R. Nawrocki [email protected] Models and...
-
Upload
wilfred-lloyd -
Category
Documents
-
view
216 -
download
0
Transcript of Introduction to VDM Copyright, 2003 © Jerzy R. Nawrocki [email protected] Models and...
Introduction to Introduction to VDMVDM
Copyright, 2003 © Jerzy R. Nawrocki
www.cs.put.poznan.pl/jnawrocki/models/
Models and Analysis of Software Models and Analysis of Software
Lecture Lecture 33
Models and Analysis of Software Models and Analysis of Software
Lecture Lecture 33
J. Nawrocki, Models ... (3)
IntroductionIntroductionIntroductionIntroduction
• VDM = Vienna Development Method, IBM Laboratory
• Model-based: basic types (integer, real, ..) and compound types (sets, sequences, ..)
• Implicit specification (what?) and explicit one (how?).
• No explicit support for concurrency and time.
• Math & text notations.
VDM
VDM = VeryDifficult Method
J. Nawrocki, Models ... (3)
IntroductionIntroductionIntroductionIntroduction
add (a, b: N) result: Npost result = a + badd (a, b: N) result: Npost result = a + b
Simple example
It’s trivial!
J. Nawrocki, Models ... (3)
Plan of the lecturePlan of the lecturePlan of the lecturePlan of the lecture
Introduction
Identifiers and commentsInteger numbersBoolean valuesPredicatesImplicit functionsNon-integer numbersSequencesSets
J. Nawrocki, Models ... (3)
IdentifiersIdentifiersIdentifiersIdentifiers
add (a, b: N) result: Npost result = a + badd (a, b: N) result: Npost result = a + b
Letter (Letter | Digit | Greek_letter | Underscore)*
Letter case is significant.
First_element
First_Element
Value_6
First_element
First_Element
Value_6
J. Nawrocki, Models ... (3)
CommentsCommentsCommentsComments
-- adding two numbersadd (a, b: N) result: Npost result = a + b
-- adding two numbersadd (a, b: N) result: Npost result = a + b
annotations Author: J.R. Nawrocki Written on: March 6, 2002end annotations
add (a, b: N) result: Npost result = a + b
annotations Author: J.R. Nawrocki Written on: March 6, 2002end annotations
add (a, b: N) result: Npost result = a + b
I prefer double hyphen.
J. Nawrocki, Models ... (3)
Plan of the lecturePlan of the lecturePlan of the lecturePlan of the lecture
IntroductionIdentifiers and comments
Integer numbersBoolean valuesPredicatesImplicit functionsNon-integer numbersSequencesSets
J. Nawrocki, Models ... (3)
Integer numbersInteger numbersInteger numbersInteger numbers
Integer types
NN Natural numbers (0, 1, 2, ..)
N1N1 Positive integers (1, 2, ..)
ZZ Integers (.., -2, -1, 0, 1, 2, ..)
J. Nawrocki, Models ... (3)
Operators
Integer numbersInteger numbersInteger numbersInteger numbers
a + b 3 + 2 = 5
a - b 5 - 2 = 3
a b 3 2 = 6
a / b 6 / 4 = 1.5
a div b 11 div 4 = 2
a mod b 11 mod 4 = 3
a b 2 3 = 8
abs a abs -3 = 3
a + b 3 + 2 = 5
a - b 5 - 2 = 3
a b 3 2 = 6
a / b 6 / 4 = 1.5
a div b 11 div 4 = 2
a mod b 11 mod 4 = 3
a b 2 3 = 8
abs a abs -3 = 3
Looks likePascal
except for ‘’.
J. Nawrocki, Models ... (3)
Example
Integer numbersInteger numbersInteger numbersInteger numbers
f(0) = 0f(1) = 1f(2) = 3
-- f(n) = 1 + 2 + .. + nf (n: N) res: Npost res = (n+1) n / 2
-- f(n) = 1 + 2 + .. + nf (n: N) res: Npost res = (n+1) n / 2
J. Nawrocki, Models ... (3)
Plan of the lecturePlan of the lecturePlan of the lecturePlan of the lecture
IntroductionIdentifiers and commentsInteger numbers
Boolean valuesPredicatesImplicit functionsNon-integer numbersSequencesSets
J. Nawrocki, Models ... (3)
Boolean valuesBoolean valuesBoolean valuesBoolean values
a = b
a b
a < b
a b
a > b
a b
a = b
a b
a < b
a b
a > b
a b
Relations
true
false
true
false
Constants
a not a
a b a and b
a b a or b
a ba implies b
a b a equivalent to b
a not a
a b a and b
a b a or b
a ba implies b
a b a equivalent to b
Boolean operators
BB Boolean values
J. Nawrocki, Models ... (3)
Example
Boolean valuesBoolean valuesBoolean valuesBoolean values
Is_CD(12, 16, 4)=true -- CD = Common Divisor
-- Is k a CD for a and b?Is_CD (a, b, k: N) res: Bpost res (a mod k = 0 b mod k = 0)
-- CD = Common Divisor-- Is k a CD for a and b?Is_CD (a, b, k: N) res: Bpost res (a mod k = 0 b mod k = 0)
J. Nawrocki, Models ... (3)
Plan of the lecturePlan of the lecturePlan of the lecturePlan of the lecture
IntroductionIdentifiers and commentsInteger numbersBoolean values
PredicatesImplicit functionsNon-integer numbersSequencesSets
J. Nawrocki, Models ... (3)
Quantifiers
PredicatesPredicatesPredicatesPredicates
For all (universal q.)
Exists (existential q.)
!! Exists one (unique q.)
J. Nawrocki, Models ... (3)
-- A prime number, n, is-- divisible only by 1 and n.
IsPrime (n: N1) res: B
post res k N1 (1 < k k < n)
n mod k 0
-- A prime number, n, is-- divisible only by 1 and n.
IsPrime (n: N1) res: B
post res k N1 (1 < k k < n)
n mod k 0
Example
PredicatesPredicatesPredicatesPredicates
That’s reallydifferent from
Pascal!
J. Nawrocki, Models ... (3)
Plan of the lecturePlan of the lecturePlan of the lecturePlan of the lecture
IntroductionIdentifiers and commentsInteger numbersBoolean valuesPredicates
Implicit functionsNon-integer numbersSequencesSets
J. Nawrocki, Models ... (3)
General form
Implicit functionsImplicit functionsImplicit functionsImplicit functions
function_name (Ids1: T1, .., Idsk: Tk) Id_r: T
pre B
post B’
function_name (Ids1: T1, .., Idsk: Tk) Id_r: T
pre B
post B’
Optionalpre-condition
J. Nawrocki, Models ... (3)
Example
Implicit functionsImplicit functionsImplicit functionsImplicit functions
Quotient (-6, 2) = 3
Quotient (a, b: Z) res: Npre b 0post res = (abs a) div (abs b)
Quotient (a, b: Z) res: Npre b 0post res = (abs a) div (abs b)
J. Nawrocki, Models ... (3)
Plan of the lecturePlan of the lecturePlan of the lecturePlan of the lecture
IntroductionIdentifiers and commentsInteger numbersBoolean valuesPredicatesImplicit functions
Non-integer numbersSequencesSets
J. Nawrocki, Models ... (3)
Non-integer numbersNon-integer numbersNon-integer numbersNon-integer numbers
Non-integer types
QQ Rationals (2, 1/4, 3.8, ..)
RR Real numbers (2.0, 3.8, 2, ..)
J. Nawrocki, Models ... (3)
Operators
Non-integer numbersNon-integer numbersNon-integer numbersNon-integer numbers
a + b 3 + 0.2 = 3.2
a - b 5 - 0.2 = 4.8
a b 3.1 2 = 6.2
a / b 6.0 / 4 = 1.5
a b 2.0 3 = 8.0
abs a abs -3.1 = 3.1
floor a floor 3.9 = 3
a + b 3 + 0.2 = 3.2
a - b 5 - 0.2 = 4.8
a b 3.1 2 = 6.2
a / b 6.0 / 4 = 1.5
a b 2.0 3 = 8.0
abs a abs -3.1 = 3.1
floor a floor 3.9 = 3
Where isdiv and mod?
J. Nawrocki, Models ... (3)
Example
Non-integer numbersNon-integer numbersNon-integer numbersNon-integer numbers
-- CV = Cuboid VolumeCV (a, b, h: R) res: Rpost res = a b h
-- CV = Cuboid VolumeCV (a, b, h: R) res: Rpost res = a b h
h
ab
J. Nawrocki, Models ... (3)
Plan of the lecturePlan of the lecturePlan of the lecturePlan of the lecture
IntroductionIdentifiers and commentsInteger numbersBoolean valuesPredicatesImplicit functionsNon-integer numbers
SequencesSets
J. Nawrocki, Models ... (3)
SequencesSequencesSequencesSequences
Type constructors
T*T* General sequence (possibly empty)
T+T+ Non-empty sequence
What isa sequence?
[ 1, 5, 5, 1]
First Second Third
J. Nawrocki, Models ... (3)
Operators
SequencesSequencesSequencesSequences
[ ] empty sequence
hd X hd [14, 15, 16] = 14
tl X tl [14, 15, 16] = [15, 16]
len X len [14, 15, 16] = 3
inds X inds [14, 15, 16] = {1, 2, 3}
elems X elems [14, 15, 14] = {14, 15}
X(n) [14, 15, 14](2) = 15
X(l,...,u)[14, 15, 16](2,...,3) = [15, 16]
[ ] empty sequence
hd X hd [14, 15, 16] = 14
tl X tl [14, 15, 16] = [15, 16]
len X len [14, 15, 16] = 3
inds X inds [14, 15, 16] = {1, 2, 3}
elems X elems [14, 15, 14] = {14, 15}
X(n) [14, 15, 14](2) = 15
X(l,...,u)[14, 15, 16](2,...,3) = [15, 16]
J. Nawrocki, Models ... (3)
SequencesSequencesSequencesSequences
s1 s2 [6, 5] [2, 4, 9] = [6, 5, 2, 4, 9]s1 s2 [6, 5] [2, 4, 9] = [6, 5, 2, 4, 9]
Sequence concatenation
J. Nawrocki, Models ... (3)
Sequence comprehension
SequencesSequencesSequencesSequences
[ E | Id S Boolean_condition ][ E | Id S Boolean_condition ]
Expression Subset of R Selects a finitesubset of S
Evens_to_10 = [ 2n | n N1 n < 6 ]
Evens_to_10 = [ 2, 4, 6, 8, 10 ]
Evens_to_10 = [ 2n | n N1 n < 6 ]
Evens_to_10 = [ 2, 4, 6, 8, 10 ]
J. Nawrocki, Models ... (3)
Example (I)
SequencesSequencesSequencesSequences
-- CDs = sequence of Common Divisors
CDs (a, b: N1) res: N1+
post res = [k | k N1 a mod k = 0 b mod k = 0]
-- CDs = sequence of Common Divisors
CDs (a, b: N1) res: N1+
post res = [k | k N1 a mod k = 0 b mod k = 0]
J. Nawrocki, Models ... (3)
Example (II)
SequencesSequencesSequencesSequences
-- Max = maximum element of a sequence
Max (s: N1+) m: N1
post (tl s = [ ] m = hd s) (tl s [ ] hd s Max(tl s) m = hd s) (tl s [ ] hd s < Max(tl s) m = Max(tl s))
-- Max = maximum element of a sequence
Max (s: N1+) m: N1
post (tl s = [ ] m = hd s) (tl s [ ] hd s Max(tl s) m = hd s) (tl s [ ] hd s < Max(tl s) m = Max(tl s))
Recursion Recursion
J. Nawrocki, Models ... (3)
Example (III)
SequencesSequencesSequencesSequences
-- GCD = Greatest Common Divisor
GCD (a,b: N1) res: N1
post res= Max (CDs (a, b))
-- GCD = Greatest Common Divisor
GCD (a,b: N1) res: N1
post res= Max (CDs (a, b))
Is Max necessary?Can’t we make it
simpler?
J. Nawrocki, Models ... (3)
Plan of the lecturePlan of the lecturePlan of the lecturePlan of the lecture
IntroductionIdentifiers and commentsInteger numbersBoolean valuesPredicatesImplicit functionsNon-integer numbersSequences
Sets
J. Nawrocki, Models ... (3)
B - Boolean (true, false)
N1 - positive integers (1, 2, 3, ..)
N - natural numbers (including 0)
Z - integers
Q - rationals
R - reals
B - Boolean (true, false)
N1 - positive integers (1, 2, 3, ..)
N - natural numbers (including 0)
Z - integers
Q - rationals
R - reals
SetsSetsSetsSets
Basic sets
x BasicSet x BasicSet
Basic setsor
basic types?
J. Nawrocki, Models ... (3)
T-set a finite set of values of type TT-set a finite set of values of type T
SetsSetsSetsSets
Finite sets
N-set a finite set of natural numbers
R-set a finite set of reals
R-set-set a finite set of finite sets of reals
N-set a finite set of natural numbers
R-set a finite set of reals
R-set-set a finite set of finite sets of reals
J. Nawrocki, Models ... (3)
{E | B1, B2, ..., Bn Boolean_condition }{E | B1, B2, ..., Bn Boolean_condition }
SetsSetsSetsSets
Set values
{ } empty set
{0, 2, 4} explicit set value
{2, ..., 5} = {2, 3, 4, 5}
{2n | nN n<3} = {0, 2, 4}
{ } empty set
{0, 2, 4} explicit set value
{2, ..., 5} = {2, 3, 4, 5}
{2n | nN n<3} = {0, 2, 4}
{[a, b] | aN, bN b = aa a 3}{[a, b] | aN, bN b = aa a 3}
Onlyfinitesets!
J. Nawrocki, Models ... (3)
SetsSetsSetsSets
Finite set operators (I)
x S belongs to
x S does not belong to
card S cardinality of S
S1 = S2 equals
S1 S2 does not equal
S1 S2 S1 is a subset of S2
S1 S2 S1 is a proper subset of S2
x S belongs to
x S does not belong to
card S cardinality of S
S1 = S2 equals
S1 S2 does not equal
S1 S2 S1 is a subset of S2
S1 S2 S1 is a proper subset of S2
Onlyfinitesets!
J. Nawrocki, Models ... (3)
SetsSetsSetsSets
Finite set operators (II)
S1 S2 union
S1 S2 intersection
S1\ S2difference
F S power set of S
S1 S2 union
S1 S2 intersection
S1\ S2difference
F S power set of S
Onlyfinitesets!
J. Nawrocki, Models ... (3)
SetsSetsSetsSets
A set of decimal digits of a number k
digit = {0, ..., 9}
digits1(k: N) res: digit-setpost res = {k mod 10} digits1(k div 10)
digit = {0, ..., 9}
digits1(k: N) res: digit-setpost res = {k mod 10} digits1(k div 10)
Doesnot
work!
J. Nawrocki, Models ... (3)
SetsSetsSetsSets
A set of decimal digits of a number k
digits2(k: N) res: digit-setpost (k=0 res = { }) (k>0 res = {k mod 10} digits2(k div 10))
digits2(k: N) res: digit-setpost (k=0 res = { }) (k>0 res = {k mod 10} digits2(k div 10))
Whatif
k=0?
digits3(k: N) res: digit-setpost (k=0 res = { 0 }) (k>0 res = digits2(k))
digits3(k: N) res: digit-setpost (k=0 res = { 0 }) (k>0 res = digits2(k))
J. Nawrocki, Models ... (3)
SummarySummarySummarySummary
VDM is a formal method.
Its basic types are similar to those in Pascal, C, ..
It contains quantifiers.
Finite sequence is quite a powerful mechanism.
VDM allows for recursion.
J. Nawrocki, Models ... (3)
Further readingsFurther readingsFurther readingsFurther readings
• A. Harry, Formal Methods Fact File, John Wiley & Sons, Chichester, 1996, pages 93-170.
J. Nawrocki, Models ... (3)
HomeworkHomeworkHomeworkHomework
• Write a shorter definition of GCD.• Specify the factorial.• Specify the least common
multiply.• Specify a function that checks if
n is an automorphic number (i.e. if n appears in a decimal representation of its square).
• Specify a total of decimal digits of a given number n.
J. Nawrocki, Models ... (3)
Quality assessmentQuality assessmentQuality assessmentQuality assessment
1. What is your general impression? (1 - 6)
2. Was it too slow or too fast?
3. What important did you learn during the lecture?
4. What to improve and how?