Software Abstractions

Download PDF
20 downloads 93 Views 339KB Size Report
Comment
Formal methods. ⊛ In software engineering,formal methods are a particular kind of mathematically-based techniques for the specification,development.
(

Software Abstractions With Alloy Analyzer

)

(

Formal methods



In software engineering,formal methods are a particular kind of mathematically-based techniques for the specification,development and verification of software systems.

)

(

Formal methods ⊛

Model checking › Analyzing state machine model

›NuSMV



Code verification ›Writing bug-free code with checking tools

›JML--The Java Modeling Language

⊛ Software abstractions ›Designing & analyzing Abstractions with Alloy

)

(

Software is built on abstractions

)

(

Picking good abstractions

pick good ones, and you get › clean interfaces (they’re simple and fit well) › maintainable code (they match the problem) › a more useable system (they’re the user’s concepts) pick bad ones, and you get › a mess that gets worse over time › the only refactoring that works is starting over › special cases, hard to use

)

(

What makes a good abstraction?

⊛ Simplicity › a few small notions, uniformly combined › expressed clearly & succinctly

⊛ depth › captures the complexities that matter

)

(

What’s wrong with other approaches? Waterfall model

›“ wishful thinking”

)

(

What’s wrong with other approaches? Why?



It’s surely not because the design you choose were perfect in every respect except for their realizability in code.



Rather, it was because the environment of programming is so much more exacting than the environment of sketching design.

)

(

What’s wrong with other approaches?

Extreme Programming



Code is poor medium for exploring abstractions

›clumsy and verbose ›Simple global change may require extensive edits

)

(

Approach with Alloy ⊛ A modeling notation › Alloy,based on relational logic › Simple and small but expressive

⊛ An analysis › Fully automatic ›User specifies properties,not test cases

)

(

Alloy Analyzer



Alloy Analyzer can model and domain of individuals and relations between them



All Alloy models will be built using relations(set of tuples)

)

(

Review:Sets



Collection of distinct objects



Examples:



Union,Intersection and Difference



Sets are disjoint if they share no elements



Often when modeling,we will take some set S and divide its members into disjoint subsets called partitions.

{2,4,5,6,...} set of integers {true, false} set of boolean values

› Each member of S belongs to exactly one partition

)

(

Review:Relation

⊛ A binary relation R between A and B is an element of Pow(A x B), i.e., R ⊆ A x B

⊛ Examples:

Father : Person x Man Square:ZxN Square == {(1,1), (-1,1), (-2,4)}

)

(

Alloy Analyzer ⊛

Create Models ----Designing The goal of a writing a model is to describe some aspect of a system (but not the entire system), constrain it to exclude ill-formed examples, and check properties about it



Perform finite scope checks on these models. ----analyzing Alloy would then either say "this property always holds for problems up to size X" or "this property does not always hold, and here is a counter example".

Finite scope check - once you go to actually analyze the model,you must specify a scope(size) for your model

)

designing & analyzing abstractions

(

An Example: Self-Grandpas

)

(

self-grandpa Model abstract sig Person

{ father: lone Man, mother: lone Woman } sig Man extends Person { wife: lone Woman } sig Woman extends Person { husband: lone Man }

)

(

self-grandpa constraints ⊛ you can’t be your own ancestor fact Biology { ›no p: Person | p in p.^(mother+father)}

⊛ no person should marry a parent, grandparent, and so on

⊛ if someone is your husband then you are his wife, and vice versa.

)

(

Check the model ⊛

fun grandpas [p: Person] : set Person {

let parent = mother + father + father.wife +mother.husband | p.parent.parent & Man }

› predicates: constraints › functions: reusable expressions

pred ownGrandpa [p: Person] { p in p.grandpas } run ownGrandpa for 4 Person //find a instance within 4 people

)

(

Reference ⊛ "Alloy Analyzer 4.1.10” MIT,http://

alloy.mit.edu/ community/software

⊛ Dennis. G . (2006). Alloy Modeling Language and Analyzer at http:// alloy.mit.edu/community/ node/176 (as of 16 August 2011).

⊛ “Light weighted formal methods”

MIT http://sdg.csail.mit.edu/6.894/

)