Scribd
Upload
74 views21 pages

Vienna Development Method Guide

The document summarizes the Vienna Development Method (VDM), a formal method for developing computer systems. Key features include: (1) basic types like booleans, integers, and strings; (2) type constructors for unions, products, records, sets, sequences, mappings; (3) functional modeling using pre/postconditions; (4) state-based modeling using state variables and operations. An example models a queue abstract data type as a sequence.

Uploaded by

ABDUL MOIZ HUSSAIN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
74 views21 pages

Vienna Development Method Guide

The document summarizes the Vienna Development Method (VDM), a formal method for developing computer systems. Key features include: (1) basic types like booleans, integers, and strings; (2) type constructors for unions, products, records, sets, sequences, mappings; (3) functional modeling using pre/postconditions; (4) state-based modeling using state variables and operations. An example models a queue abstract data type as a sequence.

Uploaded by

ABDUL MOIZ HUSSAIN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 21

VIENNA

DEVELOPMENT
METHOD
Group Members:
Abdul Moiz Hussain 17-Arid-1699
Faizan Tariq 17-Arid-1709
Mudassar Iqbal 17-Arid-1724
Usama Ali Qadri 17-Arid-1750
INTRODUCTION:
one of the longest-established Formal Methods for
the development of computer-based systems
Originating in work done at IBM's Vienna
Laboratory in the 1970s
 has grown to include a group of techniques and
tools based on a formal specification language - the
VDM Specification Language (VDM-SL)
VDM FEATURES 
 Basic Types: numeric, character, token and quote types
 bool, boolean datatype, false, true
 nat, natural numbers (including zero)0, 1, 2, 3,…
 nat1, natural numbers (excluding zero)1, 2, 3, 4,..
 int, integers, ..., -3, -2, -1, 0, 1, 2, 3, ...
 rat, rational numbers a/b, where a and b are integers, b is not 0
 real, real numbers, ...
 char, characters, A, B, C, ...
 token, structureless tokens...
 <A>, the quote type containing the value <A>...
VDM
FEATURES
Type Constructors
  (CON’T)
Union of types T1,...,Tn
o
T1 | T2 | ... | Tn
• Example : SignalColour = <Red> | <Amber> |

<FlashingAmber> | <Green>
 Cartesian product of types T1,...,Tn
 T1*T2*...*Tn
 Composite (Record) type
T :: f1:T1 ... fn:Tn
The composite or record type is a Cartesian product
with labels for the fields. The type
T :: f1:A1
f2:A2
...
fn:An
is the Cartesian product with fields labelled f1,…,fn.
For example, the type 
Date :: day:nat1
month:nat1
year:nat
inv mk_Date(d,m,y) == day <=31 and
month<=12
COLLECTION 
The set type constructor (written set of T where
T is a predefined type) constructs the type
composed of all finite sets of values drawn
from the type T.
 For example, the type definition
UGroup = set of UserId
SEQUENCE
The finite sequence type constructor (written seq of T where T is a
predefined type) constructs the type composed of all finite lists of values
drawn from the type T.
 For example, the type definition

String = seq of char

 Defines a type String composed of all finite strings of characters


FINITE MAPPING
 A finite mapping is a correspondence between two sets, the domain
and range, with the domain indexing elements of the range. It is
therefore similar to a finite function.
 The mapping type constructor (written map T1 to T2) where T1 and
T2 are predefined types) constructs the type composed of all finite
mappings from sets of T1 values to sets of T2 values.
 For example, the type definition

Birthdays = map String to Date

Defines a type Birthdays which maps character strings to Date


FUNCTIONAL MODELLING 
 Functions are defined over the data types defined in a model
 Support for abstraction requires that it should be possible to characterize the
result that a function should compute without having to say how it should be
computed
 The main mechanism for doing this is the implicit function definition in which,
instead of a formula computing a result, a logical predicate over the input and
result variables, termed a postcondition, gives the result's properties
 For example, a function SQRT for calculating a square root of a natural number
might be defined as follows:

SQRT(x:nat)r:real

post r*r = n
 A more constrained function specification is arrived at
by strengthening the postcondition.
 For example the following definition constrains the
function to return the positive root.

SQRT(x:nat)r:real

post r*r = x and r>=0


 All function specifications may be restricted by preconditions
which are logical predicates over the input variables only and
which describe constraints that are assumed to be satisfied when the
function is executed.
 For example, a square root calculating function that works only on
positive real numbers might be specified as follows:
SQRTP(x:real)r:real

pre x >=0

post r*r = x and r>=0


 The precondition and postcondition together form a contract that to
be satisfied by any program claiming to implement the function
 In an explicit function definition, the result is defined
by means of an expression over the inputs.
 For example, a function that produces a list of the squares of a

list of numbers might be defined as follows:

SqList: seq of nat -> seq of nat

SqList(s) == if s = [ ] then [ ] else [(hd s)**2] ^ SqList(tl s)


STATE-BASED MODELLING 
 Functions do not have side-effects such as changing the state of a persistent
global variable. This is a useful ability in many programming languages, so a
similar concept exists; instead of functions, operations are used to change state
variables (AKA global).
For example, if we have a state consisting of a single variable
someStateRegister : nat, we could define this as:

state Register of

someStateRegister : nat

end
 An operation to load a value into this variable might
be specified as:

LOAD(i:nat)

ext wr someStateRegister:nat

post someStateRegister = i
 The externals clause (ext) specifies which parts of the state
can be accessed by the operation; rd indicating read-only
access and wr being read/write access
 Sometimes it is important to refer to the value of a
state before it was modified
 For example, an operation to add a value to the variable may
be specified as:
ADD(i:nat)

ext wr someStateRegister : nat


post someStateRegister = someStateRegister~ + i

 Where the ~ symbol on the state variable in the


postcondition indicates the value of the state variable before
execution of the operation
QUEUE ABSTRACT DATA
TYPE
The queue is modelled as a sequence composed of elements of a

type Qelt. The representation is Qelt is immaterial and so is defined
as a token type.
types

Qelt = token;
Queue = seq of Qelt;

state TheQueue of

q : Queue

end
ENQUEUE(e:Qelt) 
ext wr q:Queue
post q = q~ ^ [e];

DEQUEUE()e:Qelt
ext wr q:Queue
pre q <> [ ]
post q~ = [e]^q;

IS-EMPTY()r:bool
ext rd q:Queue
post r <=> (len q = 0)

You might also like