SlideShare a Scribd company logo

formal method chapter 1 lecture_3_fm.pptlecture_3_fm.ppt

Download as PPT, PDF
A
adnanshaheen425

The document discusses formal methods in software engineering, focusing on formal specification techniques that enhance system requirements and reduce faults, particularly in critical systems engineering. It outlines their benefits, challenges, and cost implications, emphasizing that while formal methods improve quality, they have not become mainstream due to time-to-market pressures and limitations in scalability. The document also details specific formal specification techniques, such as algebraic and model-based specification, and provides examples of their application in subsystems and critical operations.

Education
1 of 28
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Formal Methods in Software Engineering Credit Hours: 3+0
Formal Specification
Objectives  To explain why formal specification techniques help discover problems in system requirements  To describe the use of algebraic techniques for interface specification  To describe the use of model-based techniques for behavioural specification
Topics covered  Formal specification in the software process  Sub-system interface specification  Behavioural specification
Formal methods  Formal specification is part of a more general collection of techniques that are known as ‘formal methods’.  These are all based on mathematical representation and analysis of software.  Formal methods include • Formal specification; • Specification analysis and proof; • Transformational development; • Program verification.
Acceptance of formal methods  Formal methods have not become mainstream software development techniques as was once predicted • Other software engineering techniques have been successful at increasing system quality. Hence the need for formal methods has been reduced; • Market changes have made time-to-market rather than software with a low error count the key factor. Formal methods do not reduce time to market; • The scope of formal methods is limited. They are not well- suited to specifying and analysing user interfaces and user interaction; • Formal methods are still hard to scale up to large systems.
Use of formal methods  The principal benefits of formal methods are in reducing the number of faults in systems.  Consequently, their main area of applicability is in critical systems engineering. There have been several successful projects where formal methods have been used in this area.  In this area, the use of formal methods is most likely to be cost-effective because high system failure costs must be avoided.
Specification in the software process  Specification and design are inextricably intermingled.  Architectural design is essential to structure a specification and the specification process.  Formal specifications are expressed in a mathematical notation with precisely defined vocabulary, syntax and semantics.
Specification and design Increasing contractor involvement Decreasing client involvement Specification Design User requirements definition System requirements specification Architectural design Formal specification High-level design
Specification in the software process System requirements specification Formal specification High-level design User requirements definition System modelling Architectural design
Use of formal specification  Formal specification involves investing more effort in the early phases of software development.  This reduces requirements errors as it forces a detailed analysis of the requirements.  Incompleteness and inconsistencies can be discovered and resolved.  Hence, savings as made as the amount of rework due to requirements problems is reduced.
Cost profile  The use of formal specification means that the cost profile of a project changes • There are greater up front costs as more time and effort are spent developing the specification; • However, implementation and validation costs should be reduced as the specification process reduces errors and ambiguities in the requirements.
Development costs with formal specification Specification Specification Design and implementation Design and implementation Validation Validation Cost
Specification techniques  Algebraic specification • The system is specified in terms of its operations and their relationships.  Model-based specification • The system is specified in terms of a state model that is constructed using mathematical constructs such as sets and sequences. Operations are defined by modifications to the system’s state.
Formal specification languages
Interface specification  Large systems are decomposed into subsystems with well-defined interfaces between these subsystems.  Specification of subsystem interfaces allows independent development of the different subsystems.  Interfaces may be defined as abstract data types or object classes.  The algebraic approach to formal specification is particularly well-suited to interface specification as it is focused on the defined operations in an object.
Sub-system interfaces Inter face objects Sub-system A Sub-system B
The structure of an algebraic specification sort < name > imports < LIST OF SPECIFICA TION NAMES > Inf ormal descr iption of the sor t and its oper ations Oper ation signatures setting out the names and the types of the parameters to the operations defined over the sor t Axioms defining the oper ations o ver the sor t < SP ECIFICATION NAM E >
Specification components  Introduction • Defines the sort (the type name) and declares other specifications that are used.  Description • Informally describes the operations on the type.  Signature • Defines the syntax of the operations in the interface and their parameters.  Axioms • Defines the operation semantics by defining axioms which characterise behaviour.
Systematic algebraic specification  Algebraic specifications of a system may be developed in a systematic way • Specification structuring; • Specification naming; • Operation selection; • Informal operation specification; • Syntax definition; • Axiom definition.
Specification operations  Constructor operations. Operations which create entities of the type being specified.  Inspection operations. Operations which evaluate entities of the type being specified.  To specify behaviour, define the inspector operations for each constructor operation.
Operations on a list ADT  Constructor operations which evaluate to sort List • Create, Cons and Tail.  Inspection operations which take sort list as a parameter and return some other sort • Head and Length.  Tail can be defined using the simpler constructors Create and Cons. No need to define Head and Length with Tail.
List specification Head (Create) = Undefinedexception(empty list) Head (Cons (L, v)) = if L = Create thenv else Head (L) Leng th (Create) = 0 Leng th (Cons (L, v)) = Leng th (L) + 1 Tail (Create ) = Create Tail (Cons (L, v)) = if L = Create thenCreate else Cons (Tail (L), v) sortList imports INTEGER Defines a list where elements are added at the end and remo ved from the front. The oper ations are Create , which br ings an empty list into e xistence , Cons , which creates a ne w list with an added member , Leng th, which e valuates the list siz e, Head, which e valuates the front element of the list, and Tail, which creates a list b y remo ving the head from its input list. Undefined represents an undefined value of type Elem. Create List Cons (List, Elem)  List Head (List)  Elem Leng th (List)  Integer Tail (List)  List LIST ( Elem )
Recursion in specifications  Operations are often specified recursively.  Tail (Cons (L, v)) = if L = Create then Create else Cons (Tail (L), v). • Cons ([5, 7], 9) = [5, 7, 9] • Tail ([5, 7, 9]) = Tail (Cons ( [5, 7], 9)) = • Cons (Tail ([5, 7]), 9) = Cons (Tail (Cons ([5], 7)), 9) = • Cons (Cons (Tail ([5]), 7), 9) = • Cons (Cons (Tail (Cons ([], 5)), 7), 9) = • Cons (Cons ([Create], 7), 9) = Cons ([7], 9) = [7, 9]
Interface specification in critical systems  Consider an air traffic control system where aircraft fly through managed sectors of airspace.  Each sector may include a number of aircraft but, for safety reasons, these must be separated.  In this example, a simple vertical separation of 300m is proposed.  The system should warn the controller if aircraft are instructed to move so that the separation rule is breached.
A sector object  Critical operations on an object representing a controlled sector are • Enter. Add an aircraft to the controlled airspace; • Leave. Remove an aircraft from the controlled airspace; • Move. Move an aircraft from one height to another; • Lookup. Given an aircraft identifier, return its current height;
Primitive operations  It is sometimes necessary to introduce additional operations to simplify the specification.  The other operations can then be defined using these more primitive operations.  Primitive operations • Create. Bring an instance of a sector into existence; • Put. Add an aircraft without safety checks; • In-space. Determine if a given aircraft is in the sector; • Occupied. Given a height, determine if there is an aircraft within 300m of that height.
Sector specification (1) Enter (S, CS, H) = if In-space (S, CS ) then S exception (Aircraft already in sector) elsif Occupied (S, H) then S exception (Height conflict) else Put (S, CS, H) sortSector imports INTEGER, BOOLEAN Enter - adds an aircraft to the sector if safety conditions are satisfed Leave - removes an aircraft from the sector Move - moves an aircraft from one height to another if safe to do so Lookup - Finds the height of an aircraft in the sector Create - creates an empty sector Put - adds an aircraft to a sector with no constraint checks In-space - checks if an aircraft is already in a sector Occupied - checks if a specified height is available Enter (Sector, Call-sign, Height)  Sector Leave (Sector, Call-sign)  Sector Move (Sector, Call-sign, Height)  Sector Lookup (Sector, Call-sign)  Height Create  Sector Put (Sector, Call-sign, Height)  Sector In-space (Sector , Call-sign)  Boolean Occupied (Sector , Height)  Boolean SECTOR

More Related Content

PPT
Formal Specifications in Formal Methods
Haroon Ghazanfar
 
PPTX
Formal Specification Ian Sommerville 9th Edition
RupeshShrestha28
 
PDF
Formal Method lecture_3 software Engineering.pdf
talhaahmad565510
 
PPT
Ch10
phanleson
 
PPT
Formal Specification in Software Engineering SE9
koolkampus
 
PPT
SECh910
Joe Christensen
 
PPT
LECT3A (1).PPThhdfghdfhdfghdhdhdfsfdfgsfd
nandemprasanna
 
PPS
Mca se chapter_9_formal_methods
Aman Adhikari
 
Formal Specifications in Formal Methods
Haroon Ghazanfar
 
Formal Specification Ian Sommerville 9th Edition
RupeshShrestha28
 
Formal Method lecture_3 software Engineering.pdf
talhaahmad565510
 
Ch10
phanleson
 
Formal Specification in Software Engineering SE9
koolkampus
 
SECh910
Joe Christensen
 
LECT3A (1).PPThhdfghdfhdfghdhdhdfsfdfgsfd
nandemprasanna
 
Mca se chapter_9_formal_methods
Aman Adhikari
 

Similar to formal method chapter 1 lecture_3_fm.pptlecture_3_fm.ppt (20)

PPTX
Introduction to formal methods lecture notes
JikAlvin
 
PPTX
Software Engineering - Module 3: Lesson7
ArraLafuente
 
PPTX
#1 formal methods – introduction for software engineering
Sharif Omar Salem
 
PDF
Software Specification Methods 2nd ed Edition Henri Habrias
herdadaleyzr
 
PPT
Data structure and algorithm first chapter
amiyapal2408
 
PDF
nasa-safer-using-b-method
Sylvain Verly
 
PDF
Phil Calçado - Your microservice as a function
Scala Italy
 
PDF
ScalaItaly 2015 - Your Microservice as a Function
Phil Calçado
 
PPT
Week 13-14.ppt ejje jekr krkekr jekek kej
SalmanFarooq58
 
PPT
Lecture 1
RacingKings
 
PPT
sxdcdcfdffvfvfvfvfvfvfvvgvgvgvgvgvgggggg
CharuNangia
 
PDF
Uni cambridge
N/A
 
PPTX
Introduction-to-Formal-Specifications.pptx
AnkitSingh721718
 
PDF
50120140503001
IAEME Publication
 
PDF
50120140503001
IAEME Publication
 
PDF
50120140503001
IAEME Publication
 
PPTX
RTS fault tolerance, Reliability evaluation
4132lenin6497ram
 
PPTX
real time systems fault tolerance, Redundancy
4132lenin6497ram
 
PPT
E3 chap-17
Welly Dian Astika
 
PPTX
Formal Methods lecture 01
Sidra Ashraf
 
Introduction to formal methods lecture notes
JikAlvin
 
Software Engineering - Module 3: Lesson7
ArraLafuente
 
#1 formal methods – introduction for software engineering
Sharif Omar Salem
 
Software Specification Methods 2nd ed Edition Henri Habrias
herdadaleyzr
 
Data structure and algorithm first chapter
amiyapal2408
 
nasa-safer-using-b-method
Sylvain Verly
 
Phil Calçado - Your microservice as a function
Scala Italy
 
ScalaItaly 2015 - Your Microservice as a Function
Phil Calçado
 
Week 13-14.ppt ejje jekr krkekr jekek kej
SalmanFarooq58
 
Lecture 1
RacingKings
 
sxdcdcfdffvfvfvfvfvfvfvvgvgvgvgvgvgggggg
CharuNangia
 
Uni cambridge
N/A
 
Introduction-to-Formal-Specifications.pptx
AnkitSingh721718
 
50120140503001
IAEME Publication
 
50120140503001
IAEME Publication
 
50120140503001
IAEME Publication
 
RTS fault tolerance, Reliability evaluation
4132lenin6497ram
 
real time systems fault tolerance, Redundancy
4132lenin6497ram
 
E3 chap-17
Welly Dian Astika
 
Formal Methods lecture 01
Sidra Ashraf
 
Ad

More from adnanshaheen425 (16)

PPTX
UMWBDS_ jfjf tfutf yuftf fPresentation.pptx
adnanshaheen425
 
PPTX
Blood donation hkekh eio hjqehjq society.pptx
adnanshaheen425
 
PPTX
lecture_EETRYUIOP[SADSFGHJKLTRWETRY2_fm.pptx
adnanshaheen425
 
PPT
lecture GDTDFYRDYRDYDYRDYRDYRDR _1_fm.ppt
adnanshaheen425
 
PPT
ch03_DataRateLimitsGUYUHUHHIUHPUI BKH.ppt
adnanshaheen425
 
PPT
HHDUHDUO UOOYYYOIOUG _MultipleAccess.ppt
adnanshaheen425
 
PPT
ch07_Tra HGH YIGYG G EYGY nsmissionMedia.ppt
adnanshaheen425
 
PPTX
Ad BW nbkhuohb hugugBHH NQHBMQUWHnan.pptx
adnanshaheen425
 
PPTX
nETWORKING LEACTURE 2 HGUYI ULec 2A.pptx
adnanshaheen425
 
PPTX
Networking chapter jkl; dfghyubLec 1.pptx
adnanshaheen425
 
PPT
ch3_3_v1.ppt networking ertyu ghyt y uuiqf
adnanshaheen425
 
PPT
ch2_v1.ppt networking tertyui fdcfjgfybvuu
adnanshaheen425
 
PPT
formal method chapter 1 lecture_1_fm.ppt
adnanshaheen425
 
PPT
SD&C chapter software engineeringLec 5A.ppt
adnanshaheen425
 
PPT
Software designe and constractionLec 4B.ppt
adnanshaheen425
 
PPTX
Cultural Heritage of Mianwali PPT 28-11-2024.pptx
adnanshaheen425
 
UMWBDS_ jfjf tfutf yuftf fPresentation.pptx
adnanshaheen425
 
Blood donation hkekh eio hjqehjq society.pptx
adnanshaheen425
 
lecture_EETRYUIOP[SADSFGHJKLTRWETRY2_fm.pptx
adnanshaheen425
 
lecture GDTDFYRDYRDYDYRDYRDYRDR _1_fm.ppt
adnanshaheen425
 
ch03_DataRateLimitsGUYUHUHHIUHPUI BKH.ppt
adnanshaheen425
 
HHDUHDUO UOOYYYOIOUG _MultipleAccess.ppt
adnanshaheen425
 
ch07_Tra HGH YIGYG G EYGY nsmissionMedia.ppt
adnanshaheen425
 
Ad BW nbkhuohb hugugBHH NQHBMQUWHnan.pptx
adnanshaheen425
 
nETWORKING LEACTURE 2 HGUYI ULec 2A.pptx
adnanshaheen425
 
Networking chapter jkl; dfghyubLec 1.pptx
adnanshaheen425
 
ch3_3_v1.ppt networking ertyu ghyt y uuiqf
adnanshaheen425
 
ch2_v1.ppt networking tertyui fdcfjgfybvuu
adnanshaheen425
 
formal method chapter 1 lecture_1_fm.ppt
adnanshaheen425
 
SD&C chapter software engineeringLec 5A.ppt
adnanshaheen425
 
Software designe and constractionLec 4B.ppt
adnanshaheen425
 
Cultural Heritage of Mianwali PPT 28-11-2024.pptx
adnanshaheen425
 
Ad

Recently uploaded (20)

PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
Pre independence Education in Inndia.pdf
goofy5603
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 

formal method chapter 1 lecture_3_fm.pptlecture_3_fm.ppt

  • 1. Formal Methods in Software Engineering Credit Hours: 3+0
  • 3. Objectives  To explain why formal specification techniques help discover problems in system requirements  To describe the use of algebraic techniques for interface specification  To describe the use of model-based techniques for behavioural specification
  • 4. Topics covered  Formal specification in the software process  Sub-system interface specification  Behavioural specification
  • 5. Formal methods  Formal specification is part of a more general collection of techniques that are known as ‘formal methods’.  These are all based on mathematical representation and analysis of software.  Formal methods include • Formal specification; • Specification analysis and proof; • Transformational development; • Program verification.
  • 6. Acceptance of formal methods  Formal methods have not become mainstream software development techniques as was once predicted • Other software engineering techniques have been successful at increasing system quality. Hence the need for formal methods has been reduced; • Market changes have made time-to-market rather than software with a low error count the key factor. Formal methods do not reduce time to market; • The scope of formal methods is limited. They are not well- suited to specifying and analysing user interfaces and user interaction; • Formal methods are still hard to scale up to large systems.
  • 7. Use of formal methods  The principal benefits of formal methods are in reducing the number of faults in systems.  Consequently, their main area of applicability is in critical systems engineering. There have been several successful projects where formal methods have been used in this area.  In this area, the use of formal methods is most likely to be cost-effective because high system failure costs must be avoided.
  • 8. Specification in the software process  Specification and design are inextricably intermingled.  Architectural design is essential to structure a specification and the specification process.  Formal specifications are expressed in a mathematical notation with precisely defined vocabulary, syntax and semantics.
  • 9. Specification and design Increasing contractor involvement Decreasing client involvement Specification Design User requirements definition System requirements specification Architectural design Formal specification High-level design
  • 10. Specification in the software process System requirements specification Formal specification High-level design User requirements definition System modelling Architectural design
  • 11. Use of formal specification  Formal specification involves investing more effort in the early phases of software development.  This reduces requirements errors as it forces a detailed analysis of the requirements.  Incompleteness and inconsistencies can be discovered and resolved.  Hence, savings as made as the amount of rework due to requirements problems is reduced.
  • 12. Cost profile  The use of formal specification means that the cost profile of a project changes • There are greater up front costs as more time and effort are spent developing the specification; • However, implementation and validation costs should be reduced as the specification process reduces errors and ambiguities in the requirements.
  • 13. Development costs with formal specification Specification Specification Design and implementation Design and implementation Validation Validation Cost
  • 14. Specification techniques  Algebraic specification • The system is specified in terms of its operations and their relationships.  Model-based specification • The system is specified in terms of a state model that is constructed using mathematical constructs such as sets and sequences. Operations are defined by modifications to the system’s state.
  • 16. Interface specification  Large systems are decomposed into subsystems with well-defined interfaces between these subsystems.  Specification of subsystem interfaces allows independent development of the different subsystems.  Interfaces may be defined as abstract data types or object classes.  The algebraic approach to formal specification is particularly well-suited to interface specification as it is focused on the defined operations in an object.
  • 18. The structure of an algebraic specification sort < name > imports < LIST OF SPECIFICA TION NAMES > Inf ormal descr iption of the sor t and its oper ations Oper ation signatures setting out the names and the types of the parameters to the operations defined over the sor t Axioms defining the oper ations o ver the sor t < SP ECIFICATION NAM E >
  • 19. Specification components  Introduction • Defines the sort (the type name) and declares other specifications that are used.  Description • Informally describes the operations on the type.  Signature • Defines the syntax of the operations in the interface and their parameters.  Axioms • Defines the operation semantics by defining axioms which characterise behaviour.
  • 20. Systematic algebraic specification  Algebraic specifications of a system may be developed in a systematic way • Specification structuring; • Specification naming; • Operation selection; • Informal operation specification; • Syntax definition; • Axiom definition.
  • 21. Specification operations  Constructor operations. Operations which create entities of the type being specified.  Inspection operations. Operations which evaluate entities of the type being specified.  To specify behaviour, define the inspector operations for each constructor operation.
  • 22. Operations on a list ADT  Constructor operations which evaluate to sort List • Create, Cons and Tail.  Inspection operations which take sort list as a parameter and return some other sort • Head and Length.  Tail can be defined using the simpler constructors Create and Cons. No need to define Head and Length with Tail.
  • 23. List specification Head (Create) = Undefinedexception(empty list) Head (Cons (L, v)) = if L = Create thenv else Head (L) Leng th (Create) = 0 Leng th (Cons (L, v)) = Leng th (L) + 1 Tail (Create ) = Create Tail (Cons (L, v)) = if L = Create thenCreate else Cons (Tail (L), v) sortList imports INTEGER Defines a list where elements are added at the end and remo ved from the front. The oper ations are Create , which br ings an empty list into e xistence , Cons , which creates a ne w list with an added member , Leng th, which e valuates the list siz e, Head, which e valuates the front element of the list, and Tail, which creates a list b y remo ving the head from its input list. Undefined represents an undefined value of type Elem. Create List Cons (List, Elem)  List Head (List)  Elem Leng th (List)  Integer Tail (List)  List LIST ( Elem )
  • 24. Recursion in specifications  Operations are often specified recursively.  Tail (Cons (L, v)) = if L = Create then Create else Cons (Tail (L), v). • Cons ([5, 7], 9) = [5, 7, 9] • Tail ([5, 7, 9]) = Tail (Cons ( [5, 7], 9)) = • Cons (Tail ([5, 7]), 9) = Cons (Tail (Cons ([5], 7)), 9) = • Cons (Cons (Tail ([5]), 7), 9) = • Cons (Cons (Tail (Cons ([], 5)), 7), 9) = • Cons (Cons ([Create], 7), 9) = Cons ([7], 9) = [7, 9]
  • 25. Interface specification in critical systems  Consider an air traffic control system where aircraft fly through managed sectors of airspace.  Each sector may include a number of aircraft but, for safety reasons, these must be separated.  In this example, a simple vertical separation of 300m is proposed.  The system should warn the controller if aircraft are instructed to move so that the separation rule is breached.
  • 26. A sector object  Critical operations on an object representing a controlled sector are • Enter. Add an aircraft to the controlled airspace; • Leave. Remove an aircraft from the controlled airspace; • Move. Move an aircraft from one height to another; • Lookup. Given an aircraft identifier, return its current height;
  • 27. Primitive operations  It is sometimes necessary to introduce additional operations to simplify the specification.  The other operations can then be defined using these more primitive operations.  Primitive operations • Create. Bring an instance of a sector into existence; • Put. Add an aircraft without safety checks; • In-space. Determine if a given aircraft is in the sector; • Occupied. Given a height, determine if there is an aircraft within 300m of that height.
  • 28. Sector specification (1) Enter (S, CS, H) = if In-space (S, CS ) then S exception (Aircraft already in sector) elsif Occupied (S, H) then S exception (Height conflict) else Put (S, CS, H) sortSector imports INTEGER, BOOLEAN Enter - adds an aircraft to the sector if safety conditions are satisfed Leave - removes an aircraft from the sector Move - moves an aircraft from one height to another if safe to do so Lookup - Finds the height of an aircraft in the sector Create - creates an empty sector Put - adds an aircraft to a sector with no constraint checks In-space - checks if an aircraft is already in a sector Occupied - checks if a specified height is available Enter (Sector, Call-sign, Height)  Sector Leave (Sector, Call-sign)  Sector Move (Sector, Call-sign, Height)  Sector Lookup (Sector, Call-sign)  Height Create  Sector Put (Sector, Call-sign, Height)  Sector In-space (Sector , Call-sign)  Boolean Occupied (Sector , Height)  Boolean SECTOR