1. Home
  2. Lainnya

Axiomatic Representation

4.5.2 Axiomatic Representation

We propose to represent the relation of a specification by means of an inductive nota- tion, where we do induction on the structure of the input history; this notation includes two parts, which are as follows:

• Axioms, which represent the behavior of the system for trivial input histories. • Rules, which represent the behavior of the system for complex input histories as a

function of its behavior for simpler input histories.

4.5 STATE-BASED SYSTEMS

4.5.2.1 Specification of a Stack As an illustration, we represent the specifica- tion of the stack using axioms and rules. Throughout this presentation, we let a be an arbitrary element of itemtype and y an arbitrary element of Y; also, we let h, h , h be arbitrary elements of H and h+ an arbitrary non-null element of H.

Axioms. We use axioms to represent the output of input histories that end with an operation in set VX (that reports on the state), namely in this case top, size, and empty. It is understood that input histories that end with an operation in set AX (that affects the state) produce no meaningful output; hence we assume that for such input histories, the output is any element of Y.

• Top Axioms ○ stack(init.top) = error. Seeking the top of an empty stack returns an error. ○ stack(init.h.push(a).top) = a. Operation top returns the most recently stacked item. • Size Axiom ○ stack(init.size) = 0. The size of an empty stack is zero. • Empty Axioms ○ stack(init.empty) = true. An initial stack is empty. ○ stack(init.push(a).empty) = false.

A stack that contains element a is not empty. Rules: Whereas axioms characterize the behavior of the stack for simple input sequences,

rules establish relations between the behavior of the stack for complex input histories and their behavior for simpler input histories.

• Init Rule ○ stack(h’.init.h) = stack(init.h). Operation init reinitializes the stack; whether sequence h intervened prior to init or did not makes no difference for the future behavior (h) of the stack.

• Init Pop Rule ○ stack(init.pop.h) = stack(init.h).

A pop operation on an empty stack has no effect: whether it occurred or did not occur makes no difference for the future behavior (h) of the stack. • Push Pop Rule ○ stack(init.h.push(a).pop.h+) = stack(init.h.h+).

A pop operation cancels the most recent push: whether the sequence push(a). pop occurred or did not makes no difference to the future behavior of the stack, though not to the present (if h ends with an operation in VX, we could not say that stack(init.h)=stack(init.h.push(a).pop) as the left-hand side returns a spe- cific value but the right-hand side returns an arbitrary value).

66 SOFTWARE SPECIFICATIONS

• Size Rule ○ stack(init.h.push(a).size) = 1+stack(init.h.size). We assume that the stack is unbounded; hence any push operation increases the size by 1.

• Empty Rules ○ stack(init.h.push(a).h’.empty)

stack(init.h.h’.empty). ○ stack(init.h.h’.empty)

stack(init.h.pop.h’.empty). Removing a push or adding a pop to the input history of a stack makes it more empty (i.e., if it was empty prior to removing push or adding pop, it is a fortiori empty afterward).

VX Rules ○ stack(init.h.top.h+) = stack(init.h.h+).

○ stack(init.h.size.h+) = stack(init.h.h+). ○ stack(init.h.empty.h+) = stack(init.h.h+).

VX operations leave no trace of their passage; once they are serviced and another operation follows them, they are forgotten: whether they occurred or did not occur has no impact on the future behavior of the stack.

We have written a closed-form specification of the stack in such a way that we describe solely the externally observable properties of the stack, without any reference to how a stack ought to be implemented; a programmer who reviews this specification has all the latitude he/she needs to implement this stack as he/she sees fit.

4.5.2.2 Specification of a Queue We discuss how to represent the specifica- tion of a queue, in the same way that we wrote the specification of a stack earlier. We represent in turn the input space (from which we infer the set of input histories), then the output space, then the relation, which we denote by queue.

Input Space. We let X be defined as X = {init, dequeue, front, size, empty} {enqueue} × itemtype. We partition this set into AX = {init, enqueue, dequeue} and VX = {front, size, empty}. We let H be the set of sequences of elements of X.

Output Space. We let the output space be defined as Y = itemtype integer Boolean {error}.

Axioms. We propose the following axioms: • Front Axioms

○ queue(init.front) = error. Invoking front on an empty queue returns an error. ○ queue(init.enqueue(a).enqueue ∗ ().front) = a,

where enqueue(_)∗ designates an arbitrary number (including zero) of

4.5 STATE-BASED SYSTEMS

enqueue operations, involving arbitrary items as parameters. Interpretation: Invoking front on a non-empty queue returns the first element enqueued.

• Size Axioms ○ queue(init.size) = 0. The size of an empty queue is zero. • Empty Axioms ○ queue(init.empty) = true. ○ queue(init.enqueue(a).empty) = false.

An initial queue is empty. A queue in which an element has been enqueued is not empty.

Rules: We propose the following rules. • Init Rule

○ queue(h’.init.h) = queue(init.h). The init operation reinitializes the stack, that is, renders all past input history

immaterial. • Init Dequeue Rule ○ queue(init.dequeue.h) = queue(init.h)

A dequeue operation executed on an empty queue has no effect. • Enqueue Dequeue Rule

○ queue(init.enqueue(a).enqueue ∗ (_).dequeue.h) = queue(init.enqueue ∗ (_).h)

A dequeue operation cancels the first enqueue, by virtue of the first in, first out (FIFO) policy of queues. • Size Rule ○ queue(init.h.enqueue(a).size) = 1+queue(init.h.size). Assuming queues of unbounded size, any enqueue operation increases the size of the queue by 1.

• Empty Rules ○ queue(init.h.enqueue(a).h’.empty)

queue(init.h.h’.empty). ○ stack(init.h.h’.empty)

stack(init.h.dequeue.h’.empty). Removing an enqueue or adding a dequeue to the input history of a queue makes it more empty (i.e., if it was empty prior to removing enqueue or adding dequeue, it is a fortiori empty afterward).

VX Rules ○ queue(init.h.front.h+) = queue(init.h.h+).

○ queue(init.h.size.h+) = queue(init.h.h+). ○ queue(init.h.empty.h+) = queue(init.h.h+).

VX operations leave no trace of their passage; once they are serviced and another operation follows them, they are forgotten: whether they occurred or did not occur has no impact on the future behavior of the queue.

68 SOFTWARE SPECIFICATIONS

4.5.2.3 Specification of a Set As a third illustrative example, we discuss how to represent the specification of a set, in the same way that we wrote the specifications of a stack and a queue earlier. We represent in turn the input space (from which we infer the set of input histories), then the output space, then the relation, which we denote by set.

Input Space: Before we introduce the input space, let us review quickly what we want this set abstract data type (ADT) to do: we want the ability to reinitialize the set, pick a random element of the set, enumerate all its elements, and return its smallest element and its largest element (assuming its elements are ordered). Also, we want to

be able to insert, delete, and search designated elements of the set. Hence, we let X be defined as

X = {init, pick, min, max, enumerate, size} {insert, delete, search}× itemtype.

We partition this set into AX = {init, insert, delete} and VX = {pick, min, max, size, enumerate, search}. We let H be the set of sequences of elements of X.

Output Space: We let the output space be defined as Y = itemtype P( itemtype) {error} integer boolean,

where P(itemtype) is the power set of itemtype. Axioms: We propose the following axioms: • Pick Axioms

○ set(init.pick) = error.One cannot pick an element from an empty set. ○ Set(init.h.insert(a).pick) = a.If a is an element of the set, then it is a possible

pick; we will add a commutativity rule later to make it possible to pick other elements than the most recently inserted element.

• Size Axiom ○ set(init.size) = 0. The size of an empty set is zero. • Enumerate Axiom ○ set(init.enumerate) = . The enumeration of an empty set returns empty. • Search Axiom ○ set(init.search(a)) = false. The search of a in an empty set returns false. • Min Axiom ○ set(init.min) = +∞.

4.5 STATE-BASED SYSTEMS

• Max Axiom ○ set(init.max) = −∞. Minus infinity is the neutral element of operation max.

Rules: We propose the followng rules: • Init Rule

○ set(h’.init.h) = set(init.h). Operation init makes the previous history irrelevant. • Null Delete Rule ○ set(init.delete(a).h) = set(init.h).

A delete operation has no effect on an empty set. • Insert Delete Rule ○ set(init.insert(a).delete(a).h) = set(init.h). Operation delete cancels the effect of operation insert. • Idempotence Rule ○ Insert Insert Rule set(init.h’.insert(a).insert(a).h) = set(init.h’.insert(a).h) if is already in the set, inserting it makes no difference.

• Commutativity Rule ○ set(init.h’.op1(a).op2(b).h) = set(init.h’.op2(b).op1(a).h). where op1 and op2 are any of insert and delete and a and b are distinct. Inter- pretation: The order of operations of insert and delete of distinct elements is immaterial.

• Size Rules

○ If set(init.h.search(a)) = true then set(init.h.insert(a).size) = set(init.h.size). ○ If set(init.h.search(a)) = false then set(init.h.insert(a).size) = 1+set(init.h.size).

Operation insert(a) increases the size of the set only if element a is not in the set prior to insertion.

• Inductive Rules ○ set(init.h.insert(a).search(b)) = (a=b)

set(init.h.search(b)). If (a=b) then return true (since b is found in the set), else check prior to the insertion of a.

○ set(init.h.insert(a).enumerate) = {a} set(init.h.enumerate). If a has been inserted, it should be enumerated. ○ set(init.h.insert(a).min) = MIN (a, set(init.h.min)). Inductive argument on the min. ○ set(init.h.insert(a).max) = MAX (a, set(init.h.max)). Inductive argument on the max. •

VX Rules ○ set(init.h.search(a).h+) = set(init.h.h+).

○ set(init.h.pick.h+) = set(init.h.h+).

70 SOFTWARE SPECIFICATIONS

○ set(init.h.enumerate.h+) = set(init.h.h+). ○ set(init.h.size.h+) = set(init.h.h+). ○ set(init.h.min.h+) = set(init.h.h+). ○ set(init.h.max.h+) = set(init.h.h+).

VX operations leave no trace of their passage once they have been passed.

Dokumen yang terkait

Analisis Komparasi Internet Financial Local Government Reporting Pada Website Resmi Kabupaten dan Kota di Jawa Timur The Comparison Analysis of Internet Financial Local Government Reporting on Official Website of Regency and City in East Java

19 819 7

ANTARA IDEALISME DAN KENYATAAN: KEBIJAKAN PENDIDIKAN TIONGHOA PERANAKAN DI SURABAYA PADA MASA PENDUDUKAN JEPANG TAHUN 1942-1945 Between Idealism and Reality: Education Policy of Chinese in Surabaya in the Japanese Era at 1942-1945)

1 29 9

Improving the Eighth Year Students' Tense Achievement and Active Participation by Giving Positive Reinforcement at SMPN 1 Silo in the 2013/2014 Academic Year

7 202 3

Improving the VIII-B Students' listening comprehension ability through note taking and partial dictation techniques at SMPN 3 Jember in the 2006/2007 Academic Year -

0 63 87

The Correlation between students vocabulary master and reading comprehension

16 145 49

Improping student's reading comprehension of descriptive text through textual teaching and learning (CTL)

8 140 133

The correlation between listening skill and pronunciation accuracy : a case study in the firt year of smk vocation higt school pupita bangsa ciputat school year 2005-2006

9 128 37

Perancangan Sistem Informasi Akuntansi Laporan Keuangan Arus Kas Pada PT. Tiki Jalur Nugraha Ekakurir Cabang Bandung Dengan Menggunakan Software Microsoft Visual Basic 6.0 Dan SQL Server 2000 Berbasis Client Server

32 174 203

Pengaruh Kualitas Software Aplikasi pengawasan kredit (C-M@X) Pt.PLN (PERSERO) Distribusi Jawa Barat Dan Banten (DJBB) Terhadap Produktivitas Kerja karyawan UPJ Bandung Utara

5 72 130

Transmission of Greek and Arabic Veteri

0 1 22