Lecturer: Sebastian Coope
Ashton Building, Room G.18
E-mail: coopes@liverpool.ac.uk
COMP 201 web-page:
http://www.csc.liv.ac.uk/~coopes/comp201
Lecture 12 – Formal Specifications
COMP201 - Software Engineering
1
Recap on Formal Specification
Objectives:
 To explain why formal specification techniques help
discover problems in system requirements
 To describe the use of:
 algebraic techniques (for interface specification) and
 model-based techniques (for behavioural specification)
 To introduce Abstract State Machine Model (ASML)
COMP201 - Software Engineering
2
Behavioural Specification
 Algebraic specification can be cumbersome when the
object operations are not independent of the object
state
 Model-based specification exposes the system state
and defines the operations in terms of changes to
that state
COMP201 - Software Engineering
3
OSI Reference Model
Model-based
specification
7
Application
Application
Application
6
Presentation
5
Session
4
Transport
3
Network
Network
Network
2
Data link
Data link
Data link
1
Physical
Physical
Physical
Presentation
Algebraic
specification
Session
Transport
Communica tions medium
COMP201 - Software Engineering
4
Abstract State Machine Language (AsmL)
 AsmL is a language for modelling the structure and
behaviour of digital systems. We will see a basic
introduction to ASML and how some concepts can be
encoded formally.
 (We will not go into too many details but just see the overall format
ASML uses).
 AsmL can be used to faithfully capture the abstract
structure and step-wise behaviour of any discrete systems,
including very complex ones such as:
 Integrated circuits
 Software components
 Devices that combine both hardware and software
COMP201 - Software Engineering
5
Abstract State Machine Language
 An AsmL model is said to be abstract because it
encodes only those aspects of the system’s structure
that affect the behaviour being modelled
The goal is to use the minimum amount of detail that
accurately reproduces (or predicts) the behaviour of
the system that we wish to model
 This means we may obtain an overview of the system
without becoming bogged down in irrelevant
implementation details and concentrate on
important concerns such as concurrency.
COMP201 - Software Engineering
6
Abstract State Machine Language
 Abstraction helps us reduce complex problems into
manageable units and prevents us from getting lost
in a sea of details
AsmL provides a variety of features that allows us to
describe the relevant state of a system in a very
economical and high-level way
COMP201 - Software Engineering
7
Abstract State Machines and Turing Machines
 An abstract state machine is a particular kind of
mathematical machine, like a Turing machine (TM)
 But unlike a TM, abstract state machines may be
defined by a very high level of abstraction
 An easy way to understand ASMs is to see them as
defining a succession of states that may follow an
initial state
COMP201 - Software Engineering
8
Sets Described Algorithmically
Sometimes, we may wish to describe a set algorithmically.
We shall now see how this may be done is ASML.
Problem:
Suppose we have a set that includes the integers from
1 to 20 and we want to find those numbers that, when
doubled, still belong to the set.
Informal
Solution:
A = {1..20}
C = {i | i in A where 2*i in A}
Main()
step
WriteLine(C)
Formal
(ASML)
9
Sequences
 A Sequence is a collection of elements of the
same type, just as a set is but they differ from
sets in two ways:
 A sequence is ordered while a set is not.
 A sequence can contain duplicate elements while a
set does not.
 Elements of sequences are contained within square
brackets: [ ]: e.g. [1,2,3,4], [4,3,2,1], [a,e,i,o,u],
[a,a,e,i,o,u]
10
Sequences
X={1,2,3,4}
Y={1,1,2,3,4}
Z=[1,1,2,3,4]
Main()
step WriteLine(“X=” +X)
step WriteLine (“Y=” +Y)
step WriteLine (“Y=” +Y)
The result is:
X = {1,2,3,4}
Y = {1,2,3,4}
Z = [1,1,2,3,4]
11
SORT Algorithm
We shall now consider a simple specification of a one-swapat-a-time sorting algorithm and how it can be written in
ASML.
COMP201 - Software Engineering
12
Sorting Example
4
1
5
2
3
1
2
3
4
5
COMP201 - Software Engineering
13
ASML Example
var A as Seq of Integer
swap()
Method
declaration
A is a sequence (i.e. Ordered
set) of integers
choose i in {0..length(A)-1}, j in {0..length(A)-1} where i < j and A(i) > A(j)
A(j) := A(i)
A(i) := A(j)
sort()
step until fixpoint
swap()
Continue to do next
operation ( swap() ) until
“fixpoint”, i.e. no more
changes occur.
Main()
step A := [-4,6,9,0, 2,-12,7,3,5,6]
step
WriteLine(“Sequence A : ")
step
sort()
step
WriteLine("after sorting: " + A)
COMP201 - Software Engineering
14
ASML Example
var A as Seq of Integer
swap()
choose i in {0..length(A)-1}, j in {0..length(A)-1} where i < j and A(i) > A(j)
A(j) := A(i)
A(i) := A(j)
sort()
step until fixpoint
Swap elements
A(i) and A(j)
swap()
Main()
step A := [-4,6,9,0, 2,-12,7,3,5,6]
Choose indices i,j such that i < j and
A(i) < A(j) (thus the array elements i,j
are not currently ordered).
Continue to call swap() until there
are no more updates possible (thus
the sequence is ordered)
step
WriteLine(“Sequence A : ")
step
sort()
step
WriteLine("after sorting: " + A)
COMP201 - Software Engineering
15
Hoare’s Quicksort


Quicksort was discovered by Tony Hoare (published in
1962).
Here is the outline
•
•
•
Pick one item from the array--call it the pivot
Partition the items in the array around the pivot so all
elements to the left are smaller than the pivot and all
elements to the right are greater than the pivot
Use recursion to sort the two partitions
COMP201 - Software Engineering
16
An Example
Initial array
4
1
0
0
1
3
1
1
3
0
3
2
8
2
2
3
COMP201 - Software Engineering
0
4
4
4
2
8
5
5
11 9 5
11 9 5
8 11 9
8 9 11
17
Hoare's Quicksort using Sequences and Recursion
qsort(s as Seq of Integer) as Seq of Integer
if s = [] then
return []
else
pivot = Head(s)
rest = Tail(s)
return qsort([y | y in rest where y < pivot]) +
[pivot] + qsort([y | y in rest where y ≥ pivot])
A sample main program sorts the Sequence [7, 8, 2, 42] and prints the result:
Main()
WriteLine(qsort([7, 8, 2, 42]))
COMP201 - Software Engineering
18
Shortest Paths Algorithm



Specification of Shortest Paths from a given node s.
The nodes of the graph are given as a set N.
The distances between adjacent nodes are given by a
map D, where D(n,m)=infinity denotes that the two
nodes are not adjacent.
COMP201 - Software Engineering
19
What is the Shortest Distance from SeaTac
to Redmond?
11
SeaTac
Seattle
11
9
13
9
5
Redmond
COMP201 - Software Engineering
5
5
5
Bellevue
20
Graph
Declaration
N = {SeaTac, Seattle, Bellevue, Redmond}
D = {(SeaTac, SeaTac) -> 0,
(SeaTac, Seattle) -> 11,
(SeaTac, Bellevue) -> 13,
(SeaTac, Redmond) -> infinity, // to be calculated
structure Node
(Seattle, SeaTac) -> 11,
s as String
(Seattle, Seattle) -> 0,
(Seattle, Bellevue) -> 5,
infinity = 9999
SeaTac = Node("SeaTac")
(Seattle, Redmond) -> 9,
(Bellevue, SeaTac) -> 13,
Seattle = Node("Seattle“)
(Bellevue, Seattle) -> 5,
Bellevue = Node("Bellevue")
(Bellevue, Bellevue) -> 0,
Redmond = Node("Redmond")
(Bellevue, Redmond) -> 5,
(Redmond, SeaTac) -> infinity, // to be calculated
(Redmond, Seattle) -> 9,
(Redmond, Bellevue) -> 5,
(Redmond, Redmond) -> 0}
COMP201 - Software Engineering
21
Shortest Path Implementation
shortest( s as Node,
N as Set of Node,
D as Map of (Node, Node) to Integer) as Map of Node to Integer
var S = {s -> 0} merge {n -> infinity | n in N where n ne s}
step until fixpoint
forall n in N where n ne s
S(n) := min({S(m) + D(m,n) | m in N})
step return S
min(s as Set of Integer) as Integer
require s ne {}
return (any x | x in s where forall y in s holds x lte y)
COMP201 - Software Engineering
22
S(n) := min({S(m) + D(m,n) | m in N})
m
S(m)
D(m,n)
s
n
?
COMP201 - Software Engineering
23
The Main Program
Main()
// … Graph specification …
shortestPathsFromSeaTac = shortest(SeaTac, N, D)
WriteLine("The shortest distance from SeaTac to Redmond is” +
shortestPathsFromSeaTac(Redmond) + " miles.")
The shortest distance from SeaTac to Redmond is
18 miles.
COMP201 - Software Engineering
24
Lecture Key Points
 Formal system specification complements informal
specification techniques.
 Formal specifications are precise and unambiguous.
They remove areas of doubt in a specification.
 Formal specification forces an analysis of the system
requirements at an early stage. Correcting errors at
this stage is cheaper than modifying a delivered
system.
 Formal specification techniques are most applicable
in the development of critical systems and standards.
COMP201 - Software Engineering
25
Lecture Key Points
 Algebraic techniques are suited to interface
specification where the interface is defined as a set of
object classes.
 Model-based techniques model the system using sets
and functions. This simplifies some types of
behavioural specification.
 Operations are defined in a model-based spec. by
defining pre and post conditions on the system state.
 AsmL is a language for modelling the structure and
behaviour of digital systems.
COMP201 - Software Engineering
26