Introducing data decomposition into VDM for tractable development of programs

Introducing data decomposition into VDM for tractable development of programs

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Introducing Data Decomposition into VDM for Tractable Development of Programs Jian Lu (Institute of Computer Software at Nanjing University. Nar~jing 210093. P.R, China) Abstract Formal program development by VDM comprises not only data reifications from abstract model to concrete model but also suitable operation decompositions. Usually, these two kinds of development steps are done independently with the order of " operation decompositions after data reifications". Furthermore, data reifications and operation decompositions are based on the whole model because no model split is allowed. If, however, larger specifications are aimed at, it is very important to provide support for model split and suitably interweave it with data reifieation and operation decomposition. In this paper, we introduce a new concept---data decomposition which is based on the ideas of model split, modularisation and operation decomposition, and combine it with VDM to form a more general formal development method DD-VDM. As a result, a more flexible development strategy can be adopted and the development complexity can bc cffectively controlled. 1. Introduction VDM is denotational and model-based [11131171. It embraces formal specification and verified design. The formal specification comprises: (1) a definition of the set of states(normally including invariants); (2) a definition of possible initial states (often exactly one); (3) a collection of operations whose external variables are the part of the states. Usually, the state-space(i.e, set of states) is described by using very abstract mathematically oriented data types such as sets, sequences and mappings. Each operation is described by a pair of predicates: the pre-condition and the post-condition. For an operation to be valid, the satisfiability rule must be met. The verified design includes data reification and operation decomposition. In the data reification, certain design decisions are made and a reified model is produced. Then, a retrieve function which relates the concrete states to the abstract states is given. The reified specification (i.e., specification on reified model) can then be shown to satisfy the abstract specification (i.e., specification on abstract model) by discharging proof obligations such as the Adequacy rule tbr states, the Domain and Result rules for operations. The reified specification becomes the abstract specification for the next step in the development, and the process is continued until a model is reached which is expressed in the implementation language. At this stage, however, the operations are still specified: their pre- and post-condition say what should be done and not how to do it. Post-conditions are not--in general---executable. Thus, a procedure of operation decomposition is necessary. The process of operation decomposition develops implementations(for operations) in terms of the primitives available in the language and support software. The following observations can be made about VDM.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/31/2010 for the course CAS 707 taught by Professor Ridhakhedri during the Spring '10 term at McMaster University.

Page1 / 10

Introducing data decomposition into VDM for tractable development of programs

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online