Computer Science School of Computing Clemson University

Introduction to Formal Specification

Murali SitaramanClemson University

School of Computing Clemson University

Requirements vs. Specifications

Requirements definition Intended for customers in addition to

software developers Informal descriptions are necessary

Specification For use by members of a software

development team Formal (mathematical) descriptions are

necessary

School of Computing Clemson University

Interface Specification

Serves as a contract between component users (clients) and developers (implementers)

Typically describes the demands on users and responsibilities for implementers

Should present the essentials in “user-oriented” terms (abstraction) and hide the inessentials (information hiding)

School of Computing Clemson University

Informal Specification Examples

Examples C++ STL Template specifications Java util component specifications

Questions for discussion Do they support information hiding? Do they support abstraction? Can they generalize? Is it possible to make them unambiguous?

School of Computing Clemson University

Informal Specifications

Straightforward descriptions Push pushes an object on a stack How much do they help?

Use of metaphors A Queue is like a line at a fast food

restaurant Do they generalize?

Use of implementation details Push behaves like AddElement method on

Vector Is this appropriate for a user-oriented

cover story?

School of Computing Clemson University

Informal Specifications

See Bertrand Meyer’s article on Formal Specification in IEEE Computer

Problems with even very carefully designed informal specs Contradiction Noise …

School of Computing Clemson University

Formal Interface Specification

Communicates precisely the demands and responsibilities to component users and developers

Allows for independent development of client and implementation components in parallel in a team environment

Minimizes integration costs

School of Computing Clemson University

Reasoning Benefits

Formal specifications make it possible to reason about correctness of software formally

Such reasoning may be manual or mechanical (i.e., with automated support)

School of Computing Clemson University

Characteristics of Good Specifications

Simple Clear Precise Concise Implementation-independent Consistent Sufficient completeness Others …

School of Computing Clemson University

Languages for Formal Specification

ANNA (and SPARK) for Ada JML for Java Larch/C++ for C++ Spec# for C# … Eiffel RESOLVE … VDM Z

School of Computing Clemson University

Specification Language Summary

Some specification languages are designed for particular programming languages

Some are general-purpose Some specification languages are integrated

with programming constructs A few additionally integrate the ability to

perform formal mathematical reasoning