Scribd
Upload
21 views

L02 VDM Structure Q

The document discusses the structure of VDM++, an object-oriented extension of VDM-SL (Vienna Development Method - Specification Languages). It describes the key components of a VDM++ class including type definitions, value definitions, function definitions, operation definitions, instance variable definitions, synchronization definitions, and thread definitions. The document also introduces Backus-Naur form which is used to define the syntax of VDM++.

Uploaded by

johndeuterok
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
21 views

L02 VDM Structure Q

The document discusses the structure of VDM++, an object-oriented extension of VDM-SL (Vienna Development Method - Specification Languages). It describes the key components of a VDM++ class including type definitions, value definitions, function definitions, operation definitions, instance variable definitions, synchronization definitions, and thread definitions. The document also introduces Backus-Naur form which is used to define the syntax of VDM++.

Uploaded by

johndeuterok
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 24

TME4013 Formal Methods

VDM++ Structure

Refs
1. Lecture Note CSC264 Modelling and Computation, Steve Riddle, John Fitzgerald, Maciej Koutny.
2. John Fitzgerald, et.al, Validate Designs for OO Systems, Springer, 2005.
3. CSK group, VDMTools User Manual (VDM++) ver 1.1, 2007

Assoc Prof Dr Edwin Mit


Dept of Computing and Software Engineering
Faculty of Computer Sc. & IT., UNIMAS
Tel : 082-58 (3799)
[email protected]

Oct 30, 2023 1


Agenda

• What is VDM++
• VDM++ Class Structure
– Data Definitions
– Functions & Operations definition
– Dynamic Behaviour
• Backus-Naur Form

Oct 30, 2023 2


What is VDM++?
• VDM ++ is an Object-Oriented Extension of VDM-SL
(Vienna Development Method – Specification
Languages), that supports OO concepts such as
class, concurrent behaviours (e.g., thread definitions
and synchronization definitions)

– VDM-SL is model-oriented and builds data structures from


algebraically defined data types, its semantics required set
theory, three-valued logic, impose more structure,
distinguishes invariant and split operations into pre- and
post-conditions

Oct 30, 2023 3


What is VDM++? (cont…)

• VDM++ develop in 1992, based on ISO/VDM-SL


standard and was supported by IFAD VDM++
Toolbox, now the work/research on VDM++ and
support tools is under CSK Corp (see/google
Overture tool project).

– VDM-SL most mature FM, developed at IBM’s Vienna


Laboratory in 1960’s and 70’s, develop in industrial
environment, under auspices of ISO and BSI (British
Standard Institution).

Oct 30, 2023 4


VDM++ Structure

• The syntax of a
class is described
as (CSK, 2006):

`class', identifier
(class body),
`end', identifier

Oct 30, 2023 5


VDM++ Structure (cont…)

• The optional class body may consist of:


class body =
type definitions | value
definitions | function definitions |
synchronization definitions | thread
definitions| operation definitions |
instance variable definitions

• Class body definitions will be discussed


in details in lecture 4 & lecture 5.

Oct 30, 2023 6


Type Definitions

Used to define data types in VDM++ and give them


appropriate names. Such an equation might look like:

types
amount = nat;

Here we have defined a data type with the name


“amount” and stated that the values which belong
to this type are natural numbers (nat)

Syntax
access, identifier, ‘=’, type,
[‘inv’, pattern, ‘==’, expression, ‘;’]

Oct 30, 2023 7


VDM++ Types
• VDM++ basic types
Type VDM++ Example/Values
symbol
Natural Numbers nat 0,1,2, …, n
Positive Natural Numbers nat1 1,2,3,…, n
Integer Numbers int -n,…, 1,0,1,..,n
rat
Rational Numbers a
/b, where a and b are integers, b is not 0
Real Numbers real
a.b, where a and b are integer
(e.g., -2.34, 3.123)
Boolean Values bool true, false
Character Type char ‘a’, ‘b’…, ‘1’, ‘2’, ‘@’, ‘&’ (value in between
quote as char)
Token Type token token
Quotation Type
Oct 30, 2023 <quote> <quote1> | <quote2> | … | <quote3>
8
VDM++ Types (cont…)
• VDM++ compound/constructed types.
Type VDM++ symbol Example/Values

Set Constructor set of <type> Set of type


Sequence Constructor seq of <type> Seq of type
Map Constructor map <type> to <type> map typeX to typeY
Product Constructor tuple of <type>
type1 * type2 * … * typeN

Record Constructor compose <tag> of


Tag :: field1 :Type
<field-list>
field2 : Type

fieldN : Type

Oct 30, 2023 9


Example : Type
access, identifier, ‘=’, type

private identifier =
nat|nat1|int|rat|real|bool|char|token
|<identifier>|set of ‘type’|seq of ‘type’
|map ‘typei’ to ‘typej’| type1 * type2 *…*typeN
|identifier :: identifier1:’type’ … identifierN:’type’;

Example

Oct 30, 2023 10


Value Definitions
VDM++ supports the definition of constant values.
A value definition corresponds to a constant definition in
traditional programming languages.

The global values (defined in a value definition) can be


referenced at all levels in a VDM++ specification.
However, these values must be defined before they are
used in the sequence of value definitions.

Oct 30, 2023 11


Example : Value

Oct 30, 2023 12


Instance Variable Definitions

• An instance variable is an internal state variable of an


object instantiated from a class.
types
Date :: dd :nat1
• For example
mm:seq of char
yy: nat1
instance variables
ID : nat1 class Date
ISBN : seq of char --
borrowDate : Date end Date
returnDate : Date

Oct 30, 2023 13


Agenda

• What is VDM++
• VDM++ Class Structure
– Data Definitions
– Functions & Operations definition
– Dynamic Behaviour
• Backus-Naur Form

Oct 30, 2023 14


Functions & Operation Definitions

• Function
– takes input parameters and produce results, with
no reference to instance variables of the objects.
– Function returns a function as result or a function
can takes functions as arguments
• Operation
– take inputs and returns a result, but may read or
modify instance variables.
– can manipulate both the global variables
and any local variables.

Oct 30, 2023 15


Function Example
Convert degree Celcius to Fahrenheit.

Oct 30, 2023 16


Example : Operation

Oct 30, 2023 17


synchronization definitions
used to state rules for accepting the execution of
concurrently callable operations, VDM++ provides
permission predicates (per)
For example,
sync
per returnBook ==> returnDate <= date.getDate();
per renewBook ==> renewDate > date.getDate();
mutex (returnBook, renewBook);

The mutex predicate is used to ensure that a list of


operations are to be executed mutually exclusively of
each other. This is important if the operations operate
on shared data, for example during execution of a call to
operation returnBook, calls to operation renewBook are
blocked until the condition is true, and vice versa
Oct 30, 2023 18
Thread Definitions
In VDM++, concurrent systems can be modelled using threads. Multiple
threads communicate with each other using shared objects and may be
executed at the same time.
class Borrowrecord
operations
returnBook:() ==> ()

returnBook:() ==
returnDate := date.getDate()

thread
periodic(24)(returnBook)

The operation returnBook() is executed periodically by the
BorrowRecord's thread, and is used to determine the returnDate
instance variable
Oct 30, 2023 19
Backus-Naur Form (BNF).
• Before we go further, the VDM++ syntax define by using BNF:
Symbol Description

, the concatenation symbol

= the definition symbol

| the definition separator symbol (alternatives)

[] encloses optional syntactic items

{} encloses syntactic items that may occur zero or more times

‘’ single quotes are used to enclose terminal symbols

meta non-terminal symbols written in lower case letters (possibly including space)
identifier It is of the form α -> β where α is a Non-Terminal Symbol which can be replaced by β which is a
string of Terminal Symbols (or can be non-terminal sysmbols)
; terminal symbol to denote the end of a rule

() used for grouping, e.g., a,(b|c) is equivalent to a,b|a,c

- denotes subtraction from a set of terminal symbols, e.g., character -(`"') denotes all characters
excepting the double quote character

Oct 30, 2023 20


Example of BNF
Example BNF used to define Value Definitions

value definitions = ‘values’,[access value definition,


{ ‘;’, access value definition }, [ ‘;’ ] ] ;

access value definition = ([ access ], [ ‘static’ ])


|([ ‘static’ ], [ access ]), value definition ;

value definition = pattern, [ ‘:’, type ], ‘=’,


expression ;
More readable…

vds = ‘values’,[access vd,


{‘;’, access vd}, [ ‘;’ ] ] ;

access vd = ([ access ], [ ‘static’ ])


|([ ‘static’ ], [ access ]),
vd;

vd = pattern, [ ‘:’, type ], ‘=’, expression ;


Oct 30, 2023 21
Summary

• What is VDM-SL and VDM++?


• VDM++ Structure.
• Introduction to VDM++
Elements & Specification.
• Barkus-Naur Form (BNF)

Oct 30, 2023 22


Reflection Exercise (QL2)
Take a piece of paper, write your name and matric
number at the top-right side (1%).

Given BNF to define element ‘wow’.


wow definition = ‘wow’, a, [b], {c};
a = ‘I’, what?
what? = ‘like FM’ | ‘dont like FM’
b = ‘and really’, what?
c = b,{b}.

Give ONE (1) example of ‘wow’ specification (4%)

Submit your answer to eLEAP


(see the submission deadline in eLEAP)
Oct 30, 2023 23
Questions?

If you have any


question(s)/comment(s)/
suggestion(s), please email
to me at [email protected]
or post in eLEAP forum.

Oct 30, 2023 24

You might also like