• CIT 308

• Formal Methods and Software Development

Facilitator: Alamu, F.O. Ph.D.

• Lesson Plan
• Introduce the student to the modules to be thought and
expectations throughout the course

• Modules include
• AN OVERVIEW OF FORMAL METHODS AND SOFTWARE DEVELOPMENT
• FORMAL METHODS
• SOFTWARE DEVELOPMENT OVERVIEW
• OVERVIEW OF SOFTWARE DESIGN, ANALYSIS AND DESIGN TOOLS, DESIGN
STRATEGIES AND USER INTERFACE BASICS
• OVERVIEW OF DESIGN COMPLEXITY, SOFTWARE IMPLEMENTATION, TESTING,
MAINTENANCE AND CASE TOOLS

The modules will be broken down into Unit for easy

understanding
• THE USE OF MODEL IN SCIENCE AND ENGINEERING
• In most fields, designs are based on models.

• This is because it is often impossible or impractical to test whether a

problem’s solution is adequate by directly applying it to the real world.

• For instance building a bridge or a house without any previous design

decisions based on some modelling of the problem would not be a good
idea

• The models may be physical; where observation and measures on a real

bridge can help predict the behavior of the actual bridge to be built.

• However, physical models cannot solve all problems for obvious reasons
• It may be difficult or highly expensive to build a physical model
of the phenomenon under study

• A physical model maybe helpful after all major design decision

have been taken; as an experimental tool for quality assurance.

• Building several different physical model to explore entirely

different design would be unacceptable and expensive.

• Physical models are more supportive of design evaluation rather

than design synthesis

• It may be difficult to translate the result of experiments

performed on the model into results holding for the real case

• It may be difficult to achieve acceptable control over the

accuracy of measures performed on the physical model
Designs can also be supported by the use of formal models

A formal model deals with mathematical objects that represents

abstraction of the real entities to be modelled

• Formal models allow the user to apply the rigor of mathematical

reasoning in the derivation of properties of the entities being
modelled

• For example, a set of mathematical equations can describe the

structure of the bridge and the forces applied on it

• After solving such equations the designer can foresee internal

efforts of the bridge to be designed
Formal models basically requires
(1) to formalize the problem. That is translate the real problem
into a denotation within some mathematical formalism

(2) to solve the formalized problem by means of the tools provided

by the chosen formalism

(3) to interpret the result obtained from the model in order to

derive or evaluate design decisions

Several errors can occur during this process too, both during the
informal steps 1 and 3 and during computation of step 2.

Thus design of a complex engineering project often requires a

• Models plays an essential role also in every branch of science.
• The fundamental emphasis of modelling in science is more oriented towards
interpretation of reality, whereas in engineering, it is more oriented toward design.

• A model in science embodies our understanding of a certain phenomenon.

• As such it abstract away from many fine details and reflects only on certain
macroscopic properties of their aggregate behavior

• It is exactly through abstraction that our models allow us to master the enormous
complexity of real phenomena

• A model is adequate if the result obtained by experimenting or reasoning on the

model reflect observable properties of the phenomenon under study, within
acceptable approximation limits

• In other words the abstraction embodied by the model captures exactly all
properties of the phenomenon which embodies certain abstraction
Example
In a yard there are both chickens and rabbits. The total
number is 20. furthermore, the total number of legs is 60. how
many chickens and rabbits are in the yard?

Suggestions ?
A background knowledge of equation would probably be required
And the thinking may be in the following ways

“let x and y be the number of chicken and rabbit respectively”

“ there exists animals with two legs and 4 legs”
“Total animals is 20”
“Total legs is 60”

• The known facts about the animals in the yard can be represented
by the following equations

X + y =20 ........... (1)

2x +4Y= 60 ...........(2)
• The solution to the equation yield x = 10 and y =10

• Thus in the yard we have ten chicken and 10 rabbits

• Solving this equation would be much difficult for a student who

is not familiar with equations.

• The reason for this difficulty is essentially in the inability to

abstract away from the actual problem, that’s is translating it
into a suitable formal notation-the equation-that also provides
some mechanical tools for its solution
Example
• Suppose a ripe apple falls from the top of an h-meter high tree. We
wish to evaluate the time t required by the apple to reach the
earth.
• Your Opinion ?
• From physics a simple abstraction under material particle is
needed, the only applied force is it weight.

• According to Newton’s gravity law, the apple has an acceleration

of g=9.81m/s2

• H= U + ½.g.t2

• Since the starting velocity of the apple is zero, the relation

between h and t is represented by

H=1/2.g.t2

Hence a knowledge of the formalism and abstraction should be a

familiar terrain for the student of modelling
• Notice!

• Your reading materials contains the details of the formal method for
this course. Please do well to o a thorough study for this facilitation
to be of help to your understanding
• Finite state automata basics and
theory
The theory of computation begins with a question: What is a computer? It is
perhaps a silly question, as everyone knows that this “thing I type on” is a
computer.

But these real computers are quite complicated-too much so to allow us to

set up a manageable mathematical theory of them directly.

Instead we use an idealized computer called a computational model.

As with any model in science, a computational model may be accurate in

some ways but perhaps not in others.

Thus we will use several different computational models, depending on the

features we want to focus on.

We begin with the simplest model, called the finite state machine or finite
automaton.
• FINITE AUTOMATA
Finite automata are good models for computers with an extremely limited amount of
memory.

What can a computer do with such a small memory? Many useful things!

In fact, we interact with such computers all the time, as they lie at the heart of
various electromechanical devices.

The controller for an automatic door is one example of such a device. Often found at
supermarket entrances and exits, automatic doors swing open when sensing that a
person is approaching.

An automatic door has a pad in front to detect the presence of a person about to
walk through the doorway.

Another pad is located to the rear of the doorway so that the controller can hold the
door open long enough for the person to pass all the way through and also so that the
door does not strike someone standing behind it as it opens. This configuration is
shown in the following figure.
 The controller is in either of two states: "OPEN"
or "CLOSED," representing the corresponding
condition of the door.

As shown in the following figures, there are four

possible input conditions:

"FRONT" (meaning that a person is standing on

Top view of an automatic door the pad in front of the doorway),

"REAR" (meaning that a person is standing on the

pad to the rear of the doorway),

"BOTH" (meaning that people are standing on both

pads), and

State diagram for automatic "NEITHER" (meaning that no one is standing on

door controller either pad).
 State transition table for automatic door controller

The controller moves from state to state, depending on the input it

receives. When in the CLOSED state and receiving input NEITHER or
REAR, it remains in the CLOSED state.

In addition, if the input BOTH is received, it stays CLOSED because

opening the door risks knocking someone over on the rear pad.

But if the input FRONT arrives, it moves to the OPEN state. In the
OPEN state, if input FRONT, REAR, or BOTH is received, it remains in
OPEN. If input NEITHER arrives, it returns to CLOSED.
• For example, a controller might start in state CLOSED and receive the series of
input signals FRONT, REAR, NEITHER, FRONT, BOTH, NEITHER, REAR, and
NEITHER.

• It then would go through the series of states CLOSED (starting), OPEN, OPEN,
CLOSED, OPEN, OPEN, CLOSED, CLOSED, and CLOSED

• This controller is a computer that has just a single bit of memory, capable of
recording which of the two states the controller is in.

• Other common devices have controllers with somewhat larger memories. In an

elevator controller a state may represent the floor the elevator is on and the
inputs might be the signals received from the buttons.
• This computer might need several bits to keep track of this
information. Controllers for various household appliances such as
dishwashers and electronic thermostats, as well as parts of
digital watches and calculators, are additional examples of
computers with limited memories.

• The design of such devices requires keeping the methodology and

terminology of finite automata in mind.
• Propositions and Truth Functions

Definition: A proposition is a statement for

which it is meaningful to say that it is true or
false (but not both).

The truth value of a proposition p is T or F

according as the proposition is false or true.

• T = TRUE F = FALSE
• Compound Propositions
Compound propositions can be made up from simpler ones in such
a way that their truth value can be determined from those of
their constituents using truth tables.

These set out the truth value of compound statements based on

the truth values of their constituents.

Note that you don’t need to know what the statements are –
just whether they are true or false.

If p is TRUE and q is FALSE then “p and q” is FALSE while “p

or q” is TRUE.
• NOT, AND, OR
The simplest truth operator is “NOT” which only involves
one constituent. Its truth table is:
The truth tables for “AND” and “OR” are :
Notice that “p or q” is defined to be TRUE even when both are true.
Sometimes in everyday English we use “or” in an exclusive sense, but in
logic, and in mathematics, it always includes the possibility of both.
• In order to work at the level of the underlying logical
structure we denote primitive propositions (ones which
are not built up from simpler ones) by letters of the
alphabet just as in algebra we represent numbers by
letters.

• The above three truth operators are denoted by special

symbols
−, ∧ , ∨ respectively.

−p denotes “not p”;

p ∧ q denotes “p and q”;
p ∨ q denotes “p or q”;
• Several variations are in common use

“not p” is often denoted by p' , ¬p

“p and q” is denoted by p.q and

“p or q” by p + q.
Implication
• very much misunderstood — implication. The
definition of “p implies q” is given by its truth table
• Notation: We denote “p implies q” by p → q. Sometimes
this is written as p ⇒ q or p ⊃ q.
• The problem with this definition is the third row which says that a false
proposition implies a true one

• In fact all it shows is that the technical definition of implication differs

somewhat from the ordinary sense of the word.

• In normal usage implication involves a causal connection.

• It might be the case that I’m wealthy and that I’m honest. In the ordinary
sense of the word we would not say however that “being wealthy implies that I am
honest”. Wealth does not cause honesty.

• However if both propositions are true for me then, in the sense of propositional
logic, “I am wealthy” implies “I am honest”.

• Because propositional logic deals with isolated propositions it cannot express the
notion of wealthy people always being honest (or its negation). That requires
• Equivalence
• We say that p is (logically) equivalent to q if they have the same
truth value.
• It is denoted by “p is equivalent to q” and p ↔ q.
• Other notations in use are p ≡ q and p ⇔ q.
• This definition can be set out in a truth table:
Summary of Truth Operators
• Tautologies
• A tautology is a proposition built up from primitive propositions, which is
always true irrespective of the truth values of the constituent
propositions.
• Tautologies are logical theorems.
For example
• “(p and q) implies (q and p)” doesn’t give us any information about the
statements p and q. Rather it tells us about the symmetry of the “and”
operator.

The following three propositions are tautologies:

• p↔p
• p → (p ∨ q)
• (p ∧ q) ↔ (q ∧ p)
But (p ∨ q) → (p ∧ q) is not a tautology.
 Translating From English
• p → q might be expressed as:
if p then q
p implies q
q is implied by p
q, if p
p only if q
p is a sufficient condition for q
q is a necessary condition for p
• p ↔ q might be expressed as:
p is equivalent to q
p if and only if q (sometimes this is abbreviated to “p iff q”)
p is a necessary and sufficient condition for q

• p ∧ q might be expressed as:

p and q
not only p, but q

• p ∨ q might be expressed as:

p or q
unless p then q
p, unless q
at least one of p and q
• Laws of Logic
• Commutative Laws:
(1) p ∨ q ↔ q ∨ p
(2) p ∧ q ↔ q ∧ p
• Associative Laws:
(3) (p ∨ q) ∨ r ↔ p ∨ (q ∨ r)
(4) (p ∧ q) ∧ r ↔ p ∧ (q ∧ r)
• Distributive Laws:
(5) p ∧ (q ∨ r) ↔ (p ∧ q) ∨ (p ∧ r)
(6) p ∨ (q ∧ r) ↔ (p ∨ q) ∧ (p ∨ r)
• Idempotent Laws:
(7) p ∨ p ↔ p
(8) p ∧ p ↔ p
• De Morgan Laws:
(9) − (p ∨ q) ↔ −p ∧ −q
(10) − (p ∧ q) ↔ −p ∨ −q
• Miscellaneous Laws:
(11) p ∧ q → p
(12) p → p ∨ q
(13) − (−p) ↔ p
(14) p ∨ −p
(15) − (p ∧ −p)
• These last two assert that a proposition must either be true
or false but not both.
• Syllogism:

(16) (p → q) ∧ p → q
A syllogism is a logical argument of the form:
p→q
But p.
Therefore q.

• Proof by Contradiction:
(17) (p → q) ∧ −q → −p

• Transitive Property of Implication:

(18) (p → q) ∧ (q → r) → (p → r)
• Quantifiers
• A predicate is a statement that involves variables. Predicates become
propositions when particular objects (e.g. numbers) are substituted for the
variables.

• The resulting propositions have truth values that depend on those elements.
• An n-ary predicate is one which applies to a combination of n elements.
Special terms are unary if n = 1, binary if n = 2 and ternary if n = 3. A unary
predicate is what we usually think of as a property, such as “x is even” or “x is
female”.

• We could write these symbolically as Ex for “x is even” and Fx for “x is

female”. There must be some underlying set over which the variables range.

• In the case of E it might be the set of integers and in the case of F it might
be the set of all students in a particular class.
• Software Engineering
• Industrial manufacturing and distribution is completely
computerized, as is the financial system.

• Entertainment, including the music industry, computer games, and

film and television, is software intensive.

• Therefore, software engineering is essential for the functioning

of national and international societies.

• Software systems are abstract and intangible.

• They are not constrained by the properties of materials,

governed by physical laws, or by manufacturing processes.
• This simplifies software engineering, as there are no natural limits to the
potential of software.

• However, because of the lack of physical constraints, software systems

can quickly become extremely complex, difficult to understand, and
expensive to change.

• There are many different types of software systems, from simple

embedded systems to complex, worldwide information systems.

• Software engineering is an engineering discipline that is concerned with

all aspects of software production from the early stages of system
specification through to maintaining the system after it has gone into
use.

• Software Engineering are methods and techniques for building a software

 • History of software engineering
• The notion of ‘software engineering’ was first proposed in 1968 at
a conference held to discuss what was then called the ‘software
crisis’ (Naur and Randell, 1969).

• It became clear that individual approaches to program

development did not scale up to large and complex software
systems.

• These were unreliable, cost more than expected, and were

delivered late.
• Professional software, intended for use by someone apart from its
developer, is usually developed by teams rather than individuals.

• It is maintained and changed throughout its life.

• Software engineering is intended to support professional software

development, rather than individual programming.

• It includes techniques that support program specification, design,

and evolution, none of which are normally relevant for personal
software development.
Software products
• Software products are generic software systems that provide functionality that
is useful to a range of customers.

• Many different types of products are available from large-scale business

systems (e.g. MS Excel) through personal products (e.g. Evernote) to simple
mobile phone apps and games (e.g. Suduko).

• Software product engineering methods and techniques have evolved from

software engineering techniques that support the development of one-off,
custom software systems.

• Custom software systems are still important for large businesses, government
and public bodies.
Project-based
software
 • Thank you for listening

• This is an intellectual property and should not be used without prior

permission from the author.

• Dr. Alamu Femi Ololade

• Department of Computer Sciences
• University of Lagos