| Date post: | 28-Mar-2015 |
| Category: |
Documents |
| Upload: | jayden-payne |
| View: | 214 times |
| Download: | 0 times |
IntroductionIntroduction
Copyright, 2003 © Jerzy R. Nawrocki
www.cs.put.poznan.pl/jnawrocki/mse/models/
Models and Analysis of Software Models and Analysis of Software
Lecture Lecture 22
Models and Analysis of Software Models and Analysis of Software
Lecture Lecture 22
J. Nawrocki, Models & Analysis (2)
From the last lecture ...From the last lecture ...From the last lecture ...From the last lecture ...
4.34
Rational Robot isn’t as good as Rational claims.
Rational Robot is too difficult and time consuming.
More info about Cactus and DOM (with a little help of students ).
We should try to solve some more practical problems, not only the easy Notice Board.
I think this subject should be done during laboratories.
There was a little bit of „jumping” between the slides.
J. Nawrocki, Models & Analysis (2)
Plan of the lecturePlan of the lecturePlan of the lecturePlan of the lecture
• Specification styles• A model-based specification• An axiomatic specification• An unexpected specification• Course organisation
J. Nawrocki, Models & Analysis (2)
Specification stylesSpecification stylesSpecification stylesSpecification styles
Formal methodsFormal methodsFormal methodsFormal methods
Model-basedModel-basedModel-basedModel-based AxiomaticAxiomaticAxiomaticAxiomatic
ImperativeImperativeImperativeImperative DeclarativeDeclarativeDeclarativeDeclarative
FunctionalFunctionalFunctionalFunctional LogicalLogicalLogicalLogical
AlgebraicAlgebraicAlgebraicAlgebraic
J. Nawrocki, Models & Analysis (2)
Plan of the lecturePlan of the lecturePlan of the lecturePlan of the lecture
• Specification styles
• A model-based specification• An axiomatic specification• An unexpected specification• Course organisation
J. Nawrocki, Models & Analysis (2)
A model-based specificationA model-based specificationA model-based specificationA model-based specification
Directory = Name Directory = Name TelephoneNo TelephoneNo
statestate telbook telbook ofof
dir: Directorydir: Directory
endend
Directory = Name Directory = Name TelephoneNo TelephoneNo
statestate telbook telbook ofof
dir: Directorydir: Directory
endendINIT()INIT()
extext wrwr dir: Directory; dir: Directory;
postpost dir = {}; dir = {};
INIT()INIT()
extext wrwr dir: Directory; dir: Directory;
postpost dir = {}; dir = {};
mm
J. Nawrocki, Models & Analysis (2)
A model-based specificationA model-based specificationA model-based specificationA model-based specification
Directory = Name Directory = Name TelephoneNo TelephoneNo
statestate telbook telbook ofof
dir: Directorydir: Directory
endend
Directory = Name Directory = Name TelephoneNo TelephoneNo
statestate telbook telbook ofof
dir: Directorydir: Directory
endendINIT()INIT()
extext wrwr dir: Directory; dir: Directory;
postpost dir = {}; dir = {};
INIT()INIT()
extext wrwr dir: Directory; dir: Directory;
postpost dir = {}; dir = {};
ADD (name: Name, telno: TelephoneNo)ADD (name: Name, telno: TelephoneNo)
extext wrwr dir: Directory; dir: Directory;
postpost dir = dir dir = dir {name {name telno}; telno};
ADD (name: Name, telno: TelephoneNo)ADD (name: Name, telno: TelephoneNo)
extext wrwr dir: Directory; dir: Directory;
postpost dir = dir dir = dir {name {name telno}; telno};
mm
J. Nawrocki, Models & Analysis (2)
A model-based specificationA model-based specificationA model-based specificationA model-based specification
Directory = Name Directory = Name TelephoneNo TelephoneNo
statestate telbook telbook ofof
dir: Directorydir: Directory
endend
Directory = Name Directory = Name TelephoneNo TelephoneNo
statestate telbook telbook ofof
dir: Directorydir: Directory
endendINIT()INIT()
extext wrwr dir: Directory; dir: Directory;
postpost dir = {}; dir = {};
INIT()INIT()
extext wrwr dir: Directory; dir: Directory;
postpost dir = {}; dir = {};
ADD (name: Name, telno: TelephoneNo)ADD (name: Name, telno: TelephoneNo)
extext wrwr dir: Directory; dir: Directory;
postpost dir = dir dir = dir {name {name telno}; telno};
ADD (name: Name, telno: TelephoneNo)ADD (name: Name, telno: TelephoneNo)
extext wrwr dir: Directory; dir: Directory;
postpost dir = dir dir = dir {name {name telno}; telno};
LOOKUP (name: Name) r: TelephoneNoLOOKUP (name: Name) r: TelephoneNo
extext rdrd dir: Directory; dir: Directory;
prepre name name domdom dir; dir;
postpost dir (name); dir (name);
LOOKUP (name: Name) r: TelephoneNoLOOKUP (name: Name) r: TelephoneNo
extext rdrd dir: Directory; dir: Directory;
prepre name name domdom dir; dir;
postpost dir (name); dir (name);
mm
J. Nawrocki, Models & Analysis (2)
A model-based specificationA model-based specificationA model-based specificationA model-based specification
Directory = Name Directory = Name TelephoneNo TelephoneNo
statestate telbook telbook ofof
dir: Directorydir: Directory
endend
Directory = Name Directory = Name TelephoneNo TelephoneNo
statestate telbook telbook ofof
dir: Directorydir: Directory
endendINIT()INIT()
extext wrwr dir: Directory; dir: Directory;
postpost dir = {}; dir = {};
INIT()INIT()
extext wrwr dir: Directory; dir: Directory;
postpost dir = {}; dir = {};
ADD (name: Name, telno: TelephoneNo)ADD (name: Name, telno: TelephoneNo)
extext wrwr dir: Directory; dir: Directory;
postpost dir = dir dir = dir {name {name telno}; telno};
ADD (name: Name, telno: TelephoneNo)ADD (name: Name, telno: TelephoneNo)
extext wrwr dir: Directory; dir: Directory;
postpost dir = dir dir = dir {name {name telno}; telno};
LOOKUP (name: Name) r: TelephoneNoLOOKUP (name: Name) r: TelephoneNo
extext rdrd dir: Directory; dir: Directory;
prepre name name domdom dir; dir;
postpost dir (name); dir (name);
LOOKUP (name: Name) r: TelephoneNoLOOKUP (name: Name) r: TelephoneNo
extext rdrd dir: Directory; dir: Directory;
prepre name name domdom dir; dir;
postpost dir (name); dir (name);
DELETE (name: Name)DELETE (name: Name)
extext wrwr dir: Directory; dir: Directory;
postpost dir = {name} dir dir = {name} dir ; ;
DELETE (name: Name)DELETE (name: Name)
extext wrwr dir: Directory; dir: Directory;
postpost dir = {name} dir dir = {name} dir ; ;
mm
J. Nawrocki, Models & Analysis (2)
Plan of the lecturePlan of the lecturePlan of the lecturePlan of the lecture
• Specification styles• A model-based specification
• An axiomatic specification• An unexpected specification• Course organisation
J. Nawrocki, Models & Analysis (2)
An axiomatic specificationAn axiomatic specificationAn axiomatic specificationAn axiomatic specificationschemescheme DIRECTORY = DIRECTORY =classclass typetype Name, PhoneNo, Dir Name, PhoneNo, Dirvaluevalue empty: Dir, empty: Dir, add: Name x PhoneNo x Dir add: Name x PhoneNo x Dir Dir, Dir, lookup: Name x Dir lookup: Name x Dir PhoneNo, PhoneNo, delete: Name x Dir delete: Name x Dir Dir Dir
schemescheme DIRECTORY = DIRECTORY =classclass typetype Name, PhoneNo, Dir Name, PhoneNo, Dirvaluevalue empty: Dir, empty: Dir, add: Name x PhoneNo x Dir add: Name x PhoneNo x Dir Dir, Dir, lookup: Name x Dir lookup: Name x Dir PhoneNo, PhoneNo, delete: Name x Dir delete: Name x Dir Dir Dir
axiomaxiom forallforall name, name1: Name, t: PhoneNo, d: Dir name, name1: Name, t: PhoneNo, d: Dir delete (name, empty) delete (name, empty) empty empty delete (name, add(name1, t, d)) delete (name, add(name1, t, d)) ifif name = name1 name = name1 thenthen delete (name, d)delete (name, d) elseelse add (name1, t, add (name1, t, delete (name, d)delete (name, d))) endend
axiomaxiom forallforall name, name1: Name, t: PhoneNo, d: Dir name, name1: Name, t: PhoneNo, d: Dir delete (name, empty) delete (name, empty) empty empty delete (name, add(name1, t, d)) delete (name, add(name1, t, d)) ifif name = name1 name = name1 thenthen delete (name, d)delete (name, d) elseelse add (name1, t, add (name1, t, delete (name, d)delete (name, d))) endend
Not ‘d’ ?
J. Nawrocki, Models & Analysis (2)
An axiomatic specificationAn axiomatic specificationAn axiomatic specificationAn axiomatic specification
axiomaxiom forallforall name, name1: Name, t: PhoneNo, d: Dir name, name1: Name, t: PhoneNo, d: Dir lookup (name, add(name1, t, d)) lookup (name, add(name1, t, d)) ifif name = name1 name = name1 thenthen t t elseelse lookup (name, d) lookup (name, d) endend prepre name = name1 name = name1 name name dd
axiomaxiom forallforall name, name1: Name, t: PhoneNo, d: Dir name, name1: Name, t: PhoneNo, d: Dir lookup (name, add(name1, t, d)) lookup (name, add(name1, t, d)) ifif name = name1 name = name1 thenthen t t elseelse lookup (name, d) lookup (name, d) endend prepre name = name1 name = name1 name name dd
schemescheme DIRECTORY = DIRECTORY =classclass typetype Name, PhoneNo, Dir Name, PhoneNo, Dirvaluevalue empty: Dir, empty: Dir, add: Name x PhoneNo x Dir add: Name x PhoneNo x Dir Dir, Dir, lookup: Name x Dir lookup: Name x Dir PhoneNo, PhoneNo, delete: Name x Dir delete: Name x Dir Dir Dir
schemescheme DIRECTORY = DIRECTORY =classclass typetype Name, PhoneNo, Dir Name, PhoneNo, Dirvaluevalue empty: Dir, empty: Dir, add: Name x PhoneNo x Dir add: Name x PhoneNo x Dir Dir, Dir, lookup: Name x Dir lookup: Name x Dir PhoneNo, PhoneNo, delete: Name x Dir delete: Name x Dir Dir Dir
J. Nawrocki, Models & Analysis (2)
Plan of the lecturePlan of the lecturePlan of the lecturePlan of the lecture
• Specification styles• A model-based specification• An axiomatic specification
• An unexpected specification• Course organisation
J. Nawrocki, Models & Analysis (2)
Another axiomatic specificationAnother axiomatic specificationAnother axiomatic specificationAnother axiomatic specificationtypetype ext_nat_numbers ext_nat_numbers isis sortssorts nat nat opnsopns 0 0 nat nat suc: nat suc: nat nat nat _ + _ : nat, nat _ + _ : nat, nat nat nat
typetype ext_nat_numbers ext_nat_numbers isis sortssorts nat nat opnsopns 0 0 nat nat suc: nat suc: nat nat nat _ + _ : nat, nat _ + _ : nat, nat nat nateqnseqns forallforall x,y x,y ofsortofsort nat nat
x + 0 = x;x + 0 = x;
x + succ(y) = succ(x+y);x + succ(y) = succ(x+y);
eqnseqns forallforall x,y x,y ofsortofsort nat nat
x + 0 = x;x + 0 = x;
x + succ(y) = succ(x+y);x + succ(y) = succ(x+y);
int zero ()int zero ()
int succ (int x)int succ (int x)
int plus (int x, int y)int plus (int x, int y)
int zero ()int zero ()
int succ (int x)int succ (int x)
int plus (int x, int y)int plus (int x, int y)xx plus(x, zero())= x plus(x, zero())= x
x,yx,y plus(x,succ(y))= succ(plus(x,y)) plus(x,succ(y))= succ(plus(x,y))
xx plus(x, zero())= x plus(x, zero())= x
x,yx,y plus(x,succ(y))= succ(plus(x,y)) plus(x,succ(y))= succ(plus(x,y)) Our intuition:Our intuition:
plus(2, 3)= 5plus(2, 3)= 5Our intuition:Our intuition:
plus(2, 3)= 5plus(2, 3)= 5
J. Nawrocki, Models & Analysis (2)
An unexpected implementationAn unexpected implementationAn unexpected implementationAn unexpected implementation
int zero ()int zero ()
int succ (int x)int succ (int x)
int plus (int x, int y)int plus (int x, int y)
int zero ()int zero ()
int succ (int x)int succ (int x)
int plus (int x, int y)int plus (int x, int y)xx plus(x, zero())= x plus(x, zero())= x
x,yx,y plus(x,succ(y))= succ(plus(x,y)) plus(x,succ(y))= succ(plus(x,y))
xx plus(x, zero())= x plus(x, zero())= x
x,yx,y plus(x,succ(y))= succ(plus(x,y)) plus(x,succ(y))= succ(plus(x,y)) Our intuition:Our intuition:
plus(2, 3)= 5plus(2, 3)= 5Our intuition:Our intuition:
plus(2, 3)= 5plus(2, 3)= 5
int zero ()int zero ()
{ return 1; }{ return 1; }int zero ()int zero ()
{ return 1; }{ return 1; }
J. Nawrocki, Models & Analysis (2)
An unexpected implementationAn unexpected implementationAn unexpected implementationAn unexpected implementation
int zero ()int zero ()
int succ (int x)int succ (int x)
int plus (int x, int y)int plus (int x, int y)
int zero ()int zero ()
int succ (int x)int succ (int x)
int plus (int x, int y)int plus (int x, int y)xx plus(x, zero())= x plus(x, zero())= x
x,yx,y plus(x,succ(y))= succ(plus(x,y)) plus(x,succ(y))= succ(plus(x,y))
xx plus(x, zero())= x plus(x, zero())= x
x,yx,y plus(x,succ(y))= succ(plus(x,y)) plus(x,succ(y))= succ(plus(x,y)) Our intuition:Our intuition:
plus(2, 3)= 5plus(2, 3)= 5Our intuition:Our intuition:
plus(2, 3)= 5plus(2, 3)= 5
int zero ()int zero ()
{ return 1; }{ return 1; }int zero ()int zero ()
{ return 1; }{ return 1; }
int succ (int x)int succ (int x)
{ return 2*x; }{ return 2*x; }int succ (int x)int succ (int x)
{ return 2*x; }{ return 2*x; }
J. Nawrocki, Models & Analysis (2)
An unexpected implementationAn unexpected implementationAn unexpected implementationAn unexpected implementation
int zero ()int zero ()
int succ (int x)int succ (int x)
int plus (int x, int y)int plus (int x, int y)
int zero ()int zero ()
int succ (int x)int succ (int x)
int plus (int x, int y)int plus (int x, int y)xx plus(x, zero())= x plus(x, zero())= x
x,yx,y plus(x,succ(y))= succ(plus(x,y)) plus(x,succ(y))= succ(plus(x,y))
xx plus(x, zero())= x plus(x, zero())= x
x,yx,y plus(x,succ(y))= succ(plus(x,y)) plus(x,succ(y))= succ(plus(x,y)) Our intuition:Our intuition:
plus(2, 3)= 5plus(2, 3)= 5Our intuition:Our intuition:
plus(2, 3)= 5plus(2, 3)= 5
int zero ()int zero ()
{ return 1; }{ return 1; }int zero ()int zero ()
{ return 1; }{ return 1; }
int succ (int x)int succ (int x)
{ return 2*x; }{ return 2*x; }int succ (int x)int succ (int x)
{ return 2*x; }{ return 2*x; }
int plus (int x, int y)int plus (int x, int y)
{ return x * y; }{ return x * y; }int plus (int x, int y)int plus (int x, int y)
{ return x * y; }{ return x * y; }
J. Nawrocki, Models & Analysis (2)
An unexpected implementationAn unexpected implementationAn unexpected implementationAn unexpected implementation
xx plus(x, zero())= x plus(x, zero())= x
x,yx,y plus(x,succ(y))= succ(plus(x,y)) plus(x,succ(y))= succ(plus(x,y))
xx plus(x, zero())= x plus(x, zero())= x
x,yx,y plus(x,succ(y))= succ(plus(x,y)) plus(x,succ(y))= succ(plus(x,y)) Our intuition:Our intuition:
plus(2, 3)= 5plus(2, 3)= 5Our intuition:Our intuition:
plus(2, 3)= 5plus(2, 3)= 5
int zero ()int zero ()
{ return 1; }{ return 1; }int zero ()int zero ()
{ return 1; }{ return 1; }
int succ (int x)int succ (int x)
{ return 2*x; }{ return 2*x; }int succ (int x)int succ (int x)
{ return 2*x; }{ return 2*x; }
int plus (int x, int y)int plus (int x, int y)
{ return x * y; }{ return x * y; }int plus (int x, int y)int plus (int x, int y)
{ return x * y; }{ return x * y; }... but
plus(2,3)= 6
The implementation satisfies those
conditions
J. Nawrocki, Models & Analysis (2)
Plan of the lecturePlan of the lecturePlan of the lecturePlan of the lecture
• Specification styles• A model-based specification• An axiomatic specification• An unexpected specification
• Course organisation
J. Nawrocki, Models & Analysis (2)
LecturesLecturesLecturesLectures12.03 GUI Testing and Rational Robot19.03 Introduction to Software Models26.03 VDM – part I 2.04 VDM – part II 9.04 Z16.04 Statecharts 7.05 Petri Nets14.05 Introduction to Software Test Automation21.05 Advanced Topics in Test Automation28.05 Tools for Automate Testing 4.06 Test Automation Case Studies11.06 Summary
J. Nawrocki, Models & Analysis (2)
LabsLabsLabsLabs
Extreme 90Rational SitecheckRational Robot – part IRational Robot – part IIRational Robot – part IIIVDM + ZStatecharts + Petri Nets
J. Nawrocki, Models & Analysis (2)
SummarySummarySummarySummary
Model-based specifications:• an abstract implementation
Axiomatic specifications:• relations and superposition
Problem of unexpected implementations
J. Nawrocki, Models & Analysis (2)
Further readingsFurther readingsFurther readingsFurther readings
A. Harry, Formal Methods Fact File, John Wiley & Sons, Chichester, 1996 (Chapters 1 - 3).
J. Nawrocki, Models & Analysis (2)
Quality assessmentQuality assessmentQuality assessmentQuality assessment
1. What is your general impression? (1 - 6)
2. Was it too slow or too fast?
3. What important did you learn during the lecture?
4. What to improve and how?
