Axiomatic Specification, Examples in ANNA - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Axiomatic Specification, Examples in ANNA

Description:

ANNA features utilized. Quantified expressions, most of the annotations ... Experience with Anna, Further info (on going research) not available ... – PowerPoint PPT presentation

Number of Views:115
Avg rating:3.0/5.0
Slides: 23
Provided by: ebru
Category:

less

Transcript and Presenter's Notes

Title: Axiomatic Specification, Examples in ANNA


1
Axiomatic Specification, Examples in ANNA
  • Ebru Dincel
  • Ali Rampurwala

2
A Brief Overview of Anna
  • A Specification Language for ADA
  • Extensions
  • Generalization of existing constructs eg.
    subprograms
  • new constructs eg. exceptions
  • Formal comments
  • virtual Ada text ( -- ) programming concepts
    not implemented eg. Length of stack
  • annotations (-- ) Boolean valued expressions
  • Quantified expressions forall, exists

3
Anna Formal Comments
  • Type used to constrain a type/subtype
  • Subtype EVEN is INTEGER
  • -- where X EVEN X mod 2 0
  • Statement used to specify properties of
    statement
  • XX1 -- X in X 1

4
Anna Formal Comments
  • Exception
  • Procedure PUSH(E in ITEM)
  • -- where in STACK.LENGTHSIZEraise OVERFLOW,
  • -- raise OVERFLOW STACK in STACK

5
Gas Station Example
  • package body STATION is
  • -- limited to TANK_REGULAR_LEFT,TANK_PLUS_LEFT,T
    ANK_PREMIUM_LEFT,THRESHOLD
  • -- UNDER_THRESHOLD, IOVERPAID exception
  • type GRADE is (REGULAR,PLUS,PREMIUM)
  • --function GET_AMOUNT_LEFT(GGRADE) return
    FLOAT
  • --function GET_UNIT_PRICE(GGRADE) return FLOAT
  • --function REFILL_TANK_MAX(GGRADE)

6
Gas Station Example
  • type PUMP is
  • record
  • PUMP_NUMBER NATURAL range 0..3
  • GAS_GRADE GRADE
  • IS_ENABLED BOOLEAN FALSE
  • IS_GRADE_CHOSEN BOOLEAN FALSE
  • METER_READING FLOAT 0
  • LEVER_POSITION_UP BOOLEAN FALSE
  • CURRENT_SPENT, PAID_AMOUNT INTEGER
  • end record
  • -- where PPUMP P.METER_READING GET_AMOUNT_LEFT(P.GAS_GRADE)

7
Gas Station Example
  • type PUMP_GROUP is array (POSITIVE RANGE ) of
    PUMP
  • PG PUMP_GROUP(0..3)
  • for all PG PUMP_GROUP PG(I) PG(J) IJ
  • procedure enable(P in out PUMP)
  • -- where in P.IS_ENABLED FALSE,
  • -- out (P.IS_ENABLED TRUE and
    P.METER_READING0 and P.CURRENT_SPENT0)

8
Gas Station Example
  • procedure disable(P in out PUMP)
  • -- where in P.IS_ENABLED TRUE,
  • -- out P.IS_ENABLED FALSE

9
Gas Station Example
  • procedure fill(P in out PUMP PAID_AMOUNT in
    FLOAT) is
  • begin
  • -- where in (P.IS_ENABLED TRUE and
    P.IS_GRADE_CHOSEN TRUE and P.METER_READING 0
    and P.CURRENT_SPENT 0 and P.LEVER_POSITION_UP
    TRUE)
  • -- where out (P.IS_ENABLED FALSE and
    (P.LEVER_POSITION_UP FALSE or C.TANK_FULL
    TRUE or P.CURRENT_SPENT P.PAID_AMOUNT))
  • --where C is an instance of the car Package
  • While (P.CURRENT_SPENTC.TANK_FULLFALSE OR P. LEVER_POSITION_UPTRUE)
  • fill_discrete(P,P.CURRENT_SPENT,P.PAID_AMOUNT)
  • Loop
  • end fill

10
Gas Station Example
  • procedure fill_discrete(P in out PUMP
    CURRENT_SPENT in out FLOAT PAID_AMOUNT in
    FLOAT) is
  • begin
  • -- raise UNDER_THRESHOLD (GET_AMOUNT_LEFT(P.
    GAS_GRADE)
  • -- where out (P.PAID_AMOUNT P.CURRENT_SPENT
    and P.LEVER_POSITION_UP FALSE) raise IOVERPAID,
  • -- raise IOVERPAID P.IS_ENABLED FALSE
  • CURRENT_SPENT GET_UNIT_PRICE(P.GAS_GRADE)
    P.METER_READING
  • end fill_discrete

11
Gas Station Example
  • procedure choose_grade(P in out PUMP)
  • -- where in (P.IS_ENABLED TRUE)
  • -- out (P.IS_GRADE_CHOSEN TRUE)
  • --axiom
  • -- for all SS STATION'TYPE
  • -- P.CURRENT_SPENT
  • end STATION

12
Cruise Control Example
  • Assumptions/Clarification
  • four CC buttons CC, set_speed, resume,
    cruise_accelerate
  • CC turns Cruise Control on, set_speed enables
    Cruise Control.
  • two pedals pedal_accelerate, brake
  • pedal_decelerate is releasing the pedal.
  • Exceptions SpeedTooLow, SpeedTooHigh,
    CruiseOutofBounds
  • Procedures cruise on/off, engine on/off, cruise
    en/disable, set_speed, pedal/cruise accelerate,
    brake, pedal_decelerate, resume

13
Cruise Control Example
  • Cruise package embodies both the cruise control
    and the manual operations of the car
  • BOOLEAN IS_ENGINE_ON, IS_CC_ON,
    IS_ENGINE_ENABLED, IS_CC_ENABLED
  • INTEGER SPEED, CRUISE_SPEED
  • --SPEED is the physical speed dynamically updated
    by calculate_speed function, and CRUISE_SPEED is
    only set when the Cruise Control is enabled
  • --SpeedTooLowException calls the
    pedal_accelerate function, SpeedTooHighException
    calls the brake function internally. Finally,
    CruiseOutOfBounds calls cruise_disable function
  • procedure set_speed
  • -- where in IS_ENGINE_ONTRUE AND IS_CC_ONTRUE
    AND 30
  • -- out IS_ENGINE_ONTRUE AND IS_CC_ONTRUE AND
    IS_CC_ENABLEDTRUE AND CRUISE_SPEEDSPEED

14
Cruise Control Example
  • procedure pedal_accelerate
  • -- where in IS_ENGINE_ONTRUE ,
  • -- out (if in IS_CC_ONTRUE AND in
    IS_CC_ENABLEDTRUE) then
  • -- IS_ENGINE_ONTRUE AND IS_CC_ONTRUE AND
    IS_CC_ENABLEDFALSE AND SPEED in CRUISE_SPEED,
  • -- else IS_ENGINE_ONTRUE AND IS_CC_ONin
    IS_CC_ON AND IS_CC_ENABLEDin IS_CC_ENABLED AND
    SPEED in SPEED
  • procedure cruise_accelerate
  • -- where in IS_ENGINE_ONTRUE AND IS_CC_ONTRUE
    AND IS_CC_ENABLEDTRUE,
  • -- out IS_ENGINE_ONTRUE AND IS_CC_ONTRUE AND
    ((SPEEDCRUISE_SPEED in CRUISE_SPEED) (SPEED90
    AND IS_CC_ENABLEDFALSE AND SPEED in CRUISE
    SPEED))

15
Cruise Control Example
  • procedure brake
  • -- where in IS_ENGINE_ONTRUE,
  • -- out (if in IS_ENGINE_ONTRUE AND in
    IS_CC_ONTRUE AND in IS_CC_ENABLEDTRUE) then
  • -- IS_ENGINE_ONTRUE AND in IS_CC_ONTRUE AND
    in IS_CC_ENABLEDFALSE AND SPEED CRUISE_SPEED,
  • -- else IS_CC_ON in IS_CC_ON AND IS_CC_ENABLED
    in IS_CC_ENABLED AND SPEED
  • procedure resume
  • -- where in IS_ENGINE_ONTRUE AND IS_CC_ONTRUE
    AND IS_CC_ENABLEDFALSE,
  • -- out IS_ENGINE_ONTRUE AND in IS_CC_ONTRUE
    AND in IS_CC_ENABLEDTRUE AND CRUISE_SPEED in
    CRUISE_SPEED

16
Cruise Control Example
  • -- axiom if (speed90) raise
    CruiseOutofBoundsException
  • procedure adjust (SPEED in out Integer,
    CRUISE_SPEED in out Integer)
  • -- where in IS_ENGINE_ONTRUE AND
    IS_CC_ONTRUE AND IS_CC_ENABLEDTRUE
  • -- if SPEED SpeedTooLowException
  • -- if SPEED CRUISE_SPEED then raise
    SpeedTooHighException

17
ANNA features utilized
  • Quantified expressions, most of the annotations
  • Attempt for package states

18
Merits of Axiomatic Specs
  • Widely applicable
  • Semi-Hard to understand
  • Semantics supported by logic/set formalism

19
Demerits of Axiomatic Specs
  • Not easily scalable
  • Limit to expressiveness
  • No visual representation

20
Experience with Anna ?
  • Not so hard to understand
  • Supports many program constructs
  • Tool support, executable

21
Experience with Anna, ?
  • Further info (on going research) not available
  • Writing annotations takes time
  • Limited to ADA
  • Need ADA familiarity
  • No visual representation
  • No abstraction/decomposition/timing constraints
    like statechart formalism

22
Discussion, Q A
  • Others VDM, Z
  • OTHERS ANNA
  • Popular Dead
  • Math-like Program-like
  • Model oriented Property oriented
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Axiomatic Specification, Examples in ANNA" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!