Introduction to VDM Copyright, 2003 © Jerzy R. Nawrocki [email protected] Models and...

Introduction to Introduction to VDMVDM

Copyright, 2003 © Jerzy R. Nawrocki

[email protected]

www.cs.put.poznan.pl/jnawrocki/models/

Models and Analysis of Software Models and Analysis of Software

Lecture Lecture 33

Models and Analysis of Software Models and Analysis of Software

Lecture Lecture 33

J. Nawrocki, Models ... (3)

IntroductionIntroductionIntroductionIntroduction

• VDM = Vienna Development Method, IBM Laboratory

• Model-based: basic types (integer, real, ..) and compound types (sets, sequences, ..)

• Implicit specification (what?) and explicit one (how?).

• No explicit support for concurrency and time.

• Math & text notations.

VDM

VDM = VeryDifficult Method


IntroductionIntroductionIntroductionIntroduction

add (a, b: N) result: Npost result = a + badd (a, b: N) result: Npost result = a + b

Simple example

It’s trivial!


Plan of the lecturePlan of the lecturePlan of the lecturePlan of the lecture

Introduction

Identifiers and commentsInteger numbersBoolean valuesPredicatesImplicit functionsNon-integer numbersSequencesSets


IdentifiersIdentifiersIdentifiersIdentifiers

add (a, b: N) result: Npost result = a + badd (a, b: N) result: Npost result = a + b

Letter (Letter | Digit | Greek_letter | Underscore)*

Letter case is significant.

First_element

First_Element

Value_6

First_element

First_Element

Value_6


CommentsCommentsCommentsComments

-- adding two numbersadd (a, b: N) result: Npost result = a + b

-- adding two numbersadd (a, b: N) result: Npost result = a + b

annotations Author: J.R. Nawrocki Written on: March 6, 2002end annotations

add (a, b: N) result: Npost result = a + b

annotations Author: J.R. Nawrocki Written on: March 6, 2002end annotations

add (a, b: N) result: Npost result = a + b

I prefer double hyphen.



IntroductionIdentifiers and comments

Integer numbersBoolean valuesPredicatesImplicit functionsNon-integer numbersSequencesSets


Integer numbersInteger numbersInteger numbersInteger numbers

Integer types

NN Natural numbers (0, 1, 2, ..)

N1N1 Positive integers (1, 2, ..)

ZZ Integers (.., -2, -1, 0, 1, 2, ..)


Operators


a + b 3 + 2 = 5

a - b 5 - 2 = 3

a b 3 2 = 6

a / b 6 / 4 = 1.5

a div b 11 div 4 = 2

a mod b 11 mod 4 = 3

a b 2 3 = 8

abs a abs -3 = 3

a + b 3 + 2 = 5

a - b 5 - 2 = 3

a b 3 2 = 6

a / b 6 / 4 = 1.5

a div b 11 div 4 = 2

a mod b 11 mod 4 = 3

a b 2 3 = 8

abs a abs -3 = 3

Looks likePascal

except for ‘’.


Example


f(0) = 0f(1) = 1f(2) = 3

-- f(n) = 1 + 2 + .. + nf (n: N) res: Npost res = (n+1) n / 2

-- f(n) = 1 + 2 + .. + nf (n: N) res: Npost res = (n+1) n / 2



IntroductionIdentifiers and commentsInteger numbers

Boolean valuesPredicatesImplicit functionsNon-integer numbersSequencesSets


Boolean valuesBoolean valuesBoolean valuesBoolean values

a = b

a b

a < b

a b

a > b

a b

a = b

a b

a < b

a b

a > b

a b

Relations

true

false

true

false

Constants

a not a

a b a and b

a b a or b

a ba implies b

a b a equivalent to b

a not a

a b a and b

a b a or b

a ba implies b

a b a equivalent to b

Boolean operators

BB Boolean values


Example

Boolean valuesBoolean valuesBoolean valuesBoolean values

Is_CD(12, 16, 4)=true -- CD = Common Divisor

-- Is k a CD for a and b?Is_CD (a, b, k: N) res: Bpost res (a mod k = 0 b mod k = 0)

-- CD = Common Divisor-- Is k a CD for a and b?Is_CD (a, b, k: N) res: Bpost res (a mod k = 0 b mod k = 0)



IntroductionIdentifiers and commentsInteger numbersBoolean values

PredicatesImplicit functionsNon-integer numbersSequencesSets


Quantifiers

PredicatesPredicatesPredicatesPredicates

For all (universal q.)

Exists (existential q.)

!! Exists one (unique q.)


-- A prime number, n, is-- divisible only by 1 and n.

IsPrime (n: N1) res: B

post res k N1 (1 < k k < n)

n mod k 0

-- A prime number, n, is-- divisible only by 1 and n.

IsPrime (n: N1) res: B

post res k N1 (1 < k k < n)

n mod k 0

Example

PredicatesPredicatesPredicatesPredicates

That’s reallydifferent from

Pascal!



IntroductionIdentifiers and commentsInteger numbersBoolean valuesPredicates

Implicit functionsNon-integer numbersSequencesSets


General form

Implicit functionsImplicit functionsImplicit functionsImplicit functions

function_name (Ids1: T1, .., Idsk: Tk) Id_r: T

pre B

post B’

function_name (Ids1: T1, .., Idsk: Tk) Id_r: T

pre B

post B’

Optionalpre-condition


Example

Implicit functionsImplicit functionsImplicit functionsImplicit functions

Quotient (-6, 2) = 3

Quotient (a, b: Z) res: Npre b 0post res = (abs a) div (abs b)

Quotient (a, b: Z) res: Npre b 0post res = (abs a) div (abs b)



IntroductionIdentifiers and commentsInteger numbersBoolean valuesPredicatesImplicit functions

Non-integer numbersSequencesSets


Non-integer numbersNon-integer numbersNon-integer numbersNon-integer numbers

Non-integer types

QQ Rationals (2, 1/4, 3.8, ..)

RR Real numbers (2.0, 3.8, 2, ..)


Operators


a + b 3 + 0.2 = 3.2

a - b 5 - 0.2 = 4.8

a b 3.1 2 = 6.2

a / b 6.0 / 4 = 1.5

a b 2.0 3 = 8.0

abs a abs -3.1 = 3.1

floor a floor 3.9 = 3

a + b 3 + 0.2 = 3.2

a - b 5 - 0.2 = 4.8

a b 3.1 2 = 6.2

a / b 6.0 / 4 = 1.5

a b 2.0 3 = 8.0

abs a abs -3.1 = 3.1

floor a floor 3.9 = 3

Where isdiv and mod?


Example


-- CV = Cuboid VolumeCV (a, b, h: R) res: Rpost res = a b h

-- CV = Cuboid VolumeCV (a, b, h: R) res: Rpost res = a b h

h

ab



IntroductionIdentifiers and commentsInteger numbersBoolean valuesPredicatesImplicit functionsNon-integer numbers

SequencesSets


SequencesSequencesSequencesSequences

Type constructors

T*T* General sequence (possibly empty)

T+T+ Non-empty sequence

What isa sequence?

[ 1, 5, 5, 1]

First Second Third


Operators


[ ] empty sequence

hd X hd [14, 15, 16] = 14

tl X tl [14, 15, 16] = [15, 16]

len X len [14, 15, 16] = 3

inds X inds [14, 15, 16] = {1, 2, 3}

elems X elems [14, 15, 14] = {14, 15}

X(n) [14, 15, 14](2) = 15

X(l,...,u)[14, 15, 16](2,...,3) = [15, 16]

[ ] empty sequence

hd X hd [14, 15, 16] = 14

tl X tl [14, 15, 16] = [15, 16]

len X len [14, 15, 16] = 3

inds X inds [14, 15, 16] = {1, 2, 3}

elems X elems [14, 15, 14] = {14, 15}

X(n) [14, 15, 14](2) = 15

X(l,...,u)[14, 15, 16](2,...,3) = [15, 16]



s1 s2 [6, 5] [2, 4, 9] = [6, 5, 2, 4, 9]s1 s2 [6, 5] [2, 4, 9] = [6, 5, 2, 4, 9]

Sequence concatenation


Sequence comprehension


[ E | Id S Boolean_condition ][ E | Id S Boolean_condition ]

Expression Subset of R Selects a finitesubset of S

Evens_to_10 = [ 2n | n N1 n < 6 ]

Evens_to_10 = [ 2, 4, 6, 8, 10 ]

Evens_to_10 = [ 2n | n N1 n < 6 ]

Evens_to_10 = [ 2, 4, 6, 8, 10 ]


Example (I)


-- CDs = sequence of Common Divisors

CDs (a, b: N1) res: N1+

post res = [k | k N1 a mod k = 0 b mod k = 0]

-- CDs = sequence of Common Divisors

CDs (a, b: N1) res: N1+

post res = [k | k N1 a mod k = 0 b mod k = 0]


Example (II)


-- Max = maximum element of a sequence

Max (s: N1+) m: N1

post (tl s = [ ] m = hd s) (tl s [ ] hd s Max(tl s) m = hd s) (tl s [ ] hd s < Max(tl s) m = Max(tl s))

-- Max = maximum element of a sequence

Max (s: N1+) m: N1

post (tl s = [ ] m = hd s) (tl s [ ] hd s Max(tl s) m = hd s) (tl s [ ] hd s < Max(tl s) m = Max(tl s))

Recursion Recursion


Example (III)


-- GCD = Greatest Common Divisor

GCD (a,b: N1) res: N1

post res= Max (CDs (a, b))

-- GCD = Greatest Common Divisor

GCD (a,b: N1) res: N1

post res= Max (CDs (a, b))

Is Max necessary?Can’t we make it

simpler?



IntroductionIdentifiers and commentsInteger numbersBoolean valuesPredicatesImplicit functionsNon-integer numbersSequences

Sets


B - Boolean (true, false)

N1 - positive integers (1, 2, 3, ..)

N - natural numbers (including 0)

Z - integers

Q - rationals

R - reals

B - Boolean (true, false)

N1 - positive integers (1, 2, 3, ..)

N - natural numbers (including 0)

Z - integers

Q - rationals

R - reals

SetsSetsSetsSets

Basic sets

x BasicSet x BasicSet

Basic setsor

basic types?


T-set a finite set of values of type TT-set a finite set of values of type T

SetsSetsSetsSets

Finite sets

N-set a finite set of natural numbers

R-set a finite set of reals

R-set-set a finite set of finite sets of reals

N-set a finite set of natural numbers

R-set a finite set of reals

R-set-set a finite set of finite sets of reals


{E | B1, B2, ..., Bn Boolean_condition }{E | B1, B2, ..., Bn Boolean_condition }

SetsSetsSetsSets

Set values

{ } empty set

{0, 2, 4} explicit set value

{2, ..., 5} = {2, 3, 4, 5}

{2n | nN n<3} = {0, 2, 4}

{ } empty set

{0, 2, 4} explicit set value

{2, ..., 5} = {2, 3, 4, 5}

{2n | nN n<3} = {0, 2, 4}

{[a, b] | aN, bN b = aa a 3}{[a, b] | aN, bN b = aa a 3}

Onlyfinitesets!


SetsSetsSetsSets

Finite set operators (I)

x S belongs to

x S does not belong to

card S cardinality of S

S1 = S2 equals

S1 S2 does not equal

S1 S2 S1 is a subset of S2

S1 S2 S1 is a proper subset of S2

x S belongs to

x S does not belong to

card S cardinality of S

S1 = S2 equals

S1 S2 does not equal

S1 S2 S1 is a subset of S2

S1 S2 S1 is a proper subset of S2

Onlyfinitesets!


SetsSetsSetsSets

Finite set operators (II)

S1 S2 union

S1 S2 intersection

S1\ S2difference

F S power set of S

S1 S2 union

S1 S2 intersection

S1\ S2difference

F S power set of S

Onlyfinitesets!


SetsSetsSetsSets

A set of decimal digits of a number k

digit = {0, ..., 9}

digits1(k: N) res: digit-setpost res = {k mod 10} digits1(k div 10)

digit = {0, ..., 9}

digits1(k: N) res: digit-setpost res = {k mod 10} digits1(k div 10)

Doesnot

work!


SetsSetsSetsSets

A set of decimal digits of a number k

digits2(k: N) res: digit-setpost (k=0 res = { }) (k>0 res = {k mod 10} digits2(k div 10))

digits2(k: N) res: digit-setpost (k=0 res = { }) (k>0 res = {k mod 10} digits2(k div 10))

Whatif

k=0?

digits3(k: N) res: digit-setpost (k=0 res = { 0 }) (k>0 res = digits2(k))

digits3(k: N) res: digit-setpost (k=0 res = { 0 }) (k>0 res = digits2(k))


SummarySummarySummarySummary

VDM is a formal method.

Its basic types are similar to those in Pascal, C, ..

It contains quantifiers.

Finite sequence is quite a powerful mechanism.

VDM allows for recursion.


Further readingsFurther readingsFurther readingsFurther readings

• A. Harry, Formal Methods Fact File, John Wiley & Sons, Chichester, 1996, pages 93-170.


HomeworkHomeworkHomeworkHomework

• Write a shorter definition of GCD.• Specify the factorial.• Specify the least common

multiply.• Specify a function that checks if

n is an automorphic number (i.e. if n appears in a decimal representation of its square).

• Specify a total of decimal digits of a given number n.


Quality assessmentQuality assessmentQuality assessmentQuality assessment

1. What is your general impression? (1 - 6)

2. Was it too slow or too fast?

3. What important did you learn during the lecture?

4. What to improve and how?

Date post:	02-Jan-2016
Category:	Documents
Upload:	wilfred-lloyd
View:	215 times
Download:	0 times

Introduction to VDM Copyright, 2003 © Jerzy R. Nawrocki [email protected] Models and...

Documents