from use cases to post conditions
play

From Use Cases to Post Conditions Martin Giese and Rogardt Heldal - PowerPoint PPT Presentation

Oct 04, 2022 •31 likes •391 views

From Use Cases to Post Conditions Martin Giese and Rogardt Heldal Chalmers Tekniska Hgskola, Gteborg, Sweden KeY Workshop, June 7, 2004 p.1/26 Motivation . . . for the crowd: Until now, the KeY method starts at the design phase:

  1. From Use Cases to Post Conditions Martin Giese and Rogardt Heldal Chalmers Tekniska Högskola, Göteborg, Sweden KeY Workshop, June 7, 2004 – p.1/26

  2. Motivation . . . for the crowd: Until now, the KeY method starts at the design phase: • add OCL pre/post conditions to methods • instantiate design patterns • Constraints like argument ranges, objects being non-null What is missing is the analysis phase: • Specifications that correspond to customer requirements • Done before the first class diagram • Textual descriptions KeY Workshop, June 7, 2004 – p.2/26

  3. Informal Specification in UML • UML use cases are a means for informal specification • Describe the system’s behaviour • Suitable for communication with customers • Parts of use case: • name • main flow • alternative flows • pre and post conditions • . . . KeY Workshop, June 7, 2004 – p.3/26

  4. Example: Automated Teller Machine • In this case study, look only at withdrawal: • Main flow: insert card, enter PIN, request cash amount, get money, return card • Alternative flows: wrong PIN, cash amount exceeds balance, etc. • In this work: put a more precise informal description in the post condition of the use case. . . KeY Workshop, June 7, 2004 – p.4/26

  5. Post Condition of Withdraw • If the customer entered the PIN on the Card, and the customer’s balance was greater or equal to the requested amount, then the customer got the requested amount and the amount was deducted from the balance. • If the customer entered the wrong PIN three times, the card was retained. • If the customer requested too much money, the card was returned to the customer. KeY Workshop, June 7, 2004 – p.5/26

  6. Main Scenario: Sequence Diagram KeY Workshop, June 7, 2004 – p.6/26

  7. Main Scenario: Sequence Diagram ➠ Last Operation (giveAmount) must ensure post condition of use case KeY Workshop, June 7, 2004 – p.6/26

  8. Informal to Formal Specification • Want to give the formal post-condition for the final operation in the scenario, for example operation giveAmount • Guarantee that the formal post-condition of the operation satisfy the informal post-condition of the use case • Problem: • There might be several scenarios of the use case • The final operation can vary for different scenarios ➠ Gather possible scenarios in state chart KeY Workshop, June 7, 2004 – p.7/26

  9. State Chart for ATM Example KeY Workshop, June 7, 2004 – p.8/26

  10. State Chart for ATM Example • A: givePin(userPin1)[userPin1 = cardPin1] KeY Workshop, June 7, 2004 – p.8/26

  11. State Chart for ATM Example • A: givePin(userPin1)[userPin1 = cardPin1] • B: givePin(userPin1)[userPin1 <> cardPin1] KeY Workshop, June 7, 2004 – p.8/26

  12. State Chart for ATM Example • A: givePin(userPin1)[userPin1 = cardPin1] • B: givePin(userPin1)[userPin1 <> cardPin1] • C: [balance >= amount] KeY Workshop, June 7, 2004 – p.8/26

  13. State Chart for ATM Example • A: givePin(userPin1)[userPin1 = cardPin1] • B: givePin(userPin1)[userPin1 <> cardPin1] • C: [balance >= amount] • D: [balance < amount] KeY Workshop, June 7, 2004 – p.8/26

  14. Condition to Satisfy: First Attempt Given a path π : op 1 ( args 1 ) op 2 ( args 2 ) op k ( args k ) s 0 s 1 s 2 s k . . . • Last operation for path: final ( π ) : = op k • Post cond. of last method should ensure post cond. of use case: Post final ( π ) → Post UC KeY Workshop, June 7, 2004 – p.9/26

  15. Condition to Satisfy: First Attempt Given a path π : op 1 ( args 1 ) op 2 ( args 2 ) op k ( args k ) s 0 s 1 s 2 s k . . . • Last operation for path: final ( π ) : = op k • Post cond. of last method should ensure post cond. of use case: wrong! Post final ( π ) → Post UC • Problem: Holds only if we add information about the path taken KeY Workshop, June 7, 2004 – p.9/26

  16. Information about a Path Let Cond ( π ) gather information about the path taken. op 1 a ( args 1 a )[ cond 1 a ] op 2 ( args 2 )[ cond 2 ] s 0 s 1 a s 2 . . . op 1 b ( args 1 b )[ cond 1 b ] s 1 b . . . KeY Workshop, June 7, 2004 – p.10/26

  17. Information about a Path Let Cond ( π ) gather information about the path taken. op 1 a ( args 1 a )[ cond 1 a ] op 2 ( args 2 )[ cond 2 ] s 0 s 1 a s 2 . . . op 1 b ( args 1 b )[ cond 1 b ] s 1 b . . . • For simplicity, take conjunction of guards: Cond ( π ) = cond 1 a ∧ cond 2 KeY Workshop, June 7, 2004 – p.10/26

  18. Information about a Path Let Cond ( π ) gather information about the path taken. op 1 a ( args 1 a )[ cond 1 a ] op 2 ( args 2 )[ cond 2 ] s 0 s 1 a s 2 . . . op 1 b ( args 1 b )[ cond 1 b ] s 1 b . . . • For simplicity, take conjunction of guards: Cond ( π ) = cond 1 a ∧ cond 2 ➠ Restriction: • Guards in state chart do not refer to attribute values • Distinct names for event arguments KeY Workshop, June 7, 2004 – p.10/26

  19. Condition to Satisfy • If we are on this path, the post cond. of the final method ensures that of the use case: Cond ( π ) → ( Post final ( π ) → Post UC ) KeY Workshop, June 7, 2004 – p.11/26

  20. Condition to Satisfy • If we are on this path, the post cond. of the final method ensures that of the use case: Cond ( π ) → ( Post final ( π ) → Post UC ) • or equvialently: ( Cond ( π ) ∧ Post final ( π ) ) → Post UC KeY Workshop, June 7, 2004 – p.11/26

  21. Condition to Satisfy • If we are on this path, the post cond. of the final method ensures that of the use case: Cond ( π ) → ( Post final ( π ) → Post UC ) • or equvialently: ( Cond ( π ) ∧ Post final ( π ) ) → Post UC • Finally, this should be the case for all possible paths π : � � � ( Cond ( π ) ∧ Post final ( π ) ) → Post UC π ∈ Σ KeY Workshop, June 7, 2004 – p.11/26

  22. OCL Post-Condition for giveAmount Context ATMController::giveAmount(amount:long) post: if ( amount <= bank.getBalance(card.getID()) ) then cashDispenser^giveOutCash(amount) and bank.getBalance(card.getID()) = bank.getBalance@pre(card.getID()) - amount and card^returnCard() else not cashDispenser^giveOutCash(?) and bank.getBalance(card.getID()) = bank.getBalance@pre(card.getID()) and card^returnCard() KeY Workshop, June 7, 2004 – p.12/26

  23. Case Study: Normal Flow • Consider: The “normal flow” with no wrong PIN entered and a sufficient balance • Call this path π 1 . • Combined conditions from guards: Cond ( π 1 ) = ( userPin1 = cardPin ∧ balance >= amount ) • Final operation on π 1 : final ( π 1 ) = giveAmount KeY Workshop, June 7, 2004 – p.13/26

  24. Case Study: Relationship between specifications Need to show: ( Cond ( π 1 ) ∧ Post final ( π 1 ) ) → Post UC KeY Workshop, June 7, 2004 – p.14/26

  25. Case Study: Relationship between specifications Need to show: userPin1 = cardPin and balance >= amount and if ( amount <= bank.getBalance(card.getID()) ) then cashDispenser^giveOutCash(amount) and bank.getBalance(card.getID()) = bank.getBalance@pre(card.getID()) - amount and card^returnCard() else not cashDispenser^giveOutCash(?) and bank.getBalance(card.getID()) = bank.getBalance@pre(card.getID()) and card^returnCard() implies Post UC . KeY Workshop, June 7, 2004 – p.15/26

  26. Case Study: Relationship between specifications Need to show: userPin1 = cardPin and balance >= amount and cashDispenser^giveOutCash(amount) and bank.getBalance(card.getID()) = bank.getBalance@pre(card.getID()) - amount and card^returnCard() implies Post UC . KeY Workshop, June 7, 2004 – p.16/26

  27. Informal Proof 1 userPin1 = cardPin and balance >= amount and cashDispenser^giveOutCash(amount) and bank.getBalance(card.getID()) = bank.getBalance@pre(card.getID()) - amount and card^returnCard() ⇓ If the customer entered the PIN on the Card, and the customer’s balance was greater or equal to the requested amount, then the customer got the requested amount and the amount was deducted from the balance. KeY Workshop, June 7, 2004 – p.17/26

  28. Informal Proof 2 userPin1 = cardPin and balance >= amount and cashDispenser^giveOutCash(amount) and bank.getBalance(card.getID()) = bank.getBalance@pre(card.getID()) - amount and card^returnCard() ⇓ If the customer entered the wrong PIN three times, the card was retained. KeY Workshop, June 7, 2004 – p.18/26

  29. Informal Proof 3 userPin1 = cardPin and balance >= amount and cashDispenser^giveOutCash(amount) and bank.getBalance(card.getID()) = bank.getBalance@pre(card.getID()) - amount and card^returnCard() ⇓ If the customer requested too much money, the card was returned to the customer. KeY Workshop, June 7, 2004 – p.19/26

  30. Reflection We have considered whether • every behavior allowed by the formal specification is also allowed according to the informal one We have not yet considered whether • every behavior the informal specification allows is still allowed by the formal one, stated as: � � � ( Cond ( π ) ∧ Post UC ) → Post final ( π ) π ∈ Σ KeY Workshop, June 7, 2004 – p.20/26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Post-Closing Indemnity Negotiating and Structuring Closing Conditions, Termination Rights and

Post-Closing Indemnity Negotiating and Structuring Closing Conditions, Termination Rights and

Presenting a live 90-minute webinar with interactive Q&amp;A Private Equity M&amp;A Key Deal Terms: Reverse Break Fees, Seller Remedies, Post-Closing Indemnity Negotiating and Structuring Closing Conditions, Termination Rights and Post-Closing

541 views • 27 slides
Axiomatic semantics Pre- and post conditions We use program variables (e.g. x , y ), and

Axiomatic semantics Pre- and post conditions We use program variables (e.g. x , y ), and

Axiomatic semantics Pre- and post conditions We use program variables (e.g. x , y ), and Proofs based on semantics are too detailed logical variables (e.g. n ) Restriction to certain kinds of properties partial correctness Example:

283 views • 6 slides
Assertions, pre/post- conditions and invariants Programming as a contract Specifying what

Assertions, pre/post- conditions and invariants Programming as a contract Specifying what

Assertions, pre/post- conditions and invariants Programming as a contract Specifying what each method does Specify it in a comment before method's header Precondition What is assumed to be true before the method is executed

409 views • 21 slides
Assertions, pre/post- conditions Assertions: Section 4.2 in Savitch (p. 239) Programming as a

Assertions, pre/post- conditions Assertions: Section 4.2 in Savitch (p. 239) Programming as a

Assertions, pre/post- conditions Assertions: Section 4.2 in Savitch (p. 239) Programming as a contract n Specifying what each method does q Specify it in a comment before method's header n Precondition q What is assumed to be true

625 views • 33 slides
Florida COVID-19 Cases COVID-19 Cases Hillsborough COVID-19 Cases Orange COVID-19 Cases

Florida COVID-19 Cases COVID-19 Cases Hillsborough COVID-19 Cases Orange COVID-19 Cases

Florida COVID-19 Cases COVID-19 Cases Hillsborough COVID-19 Cases Orange COVID-19 Cases Duval Suspended visitation and Developed 120 ambulance Deployed Rapid mandated staff screening assessment teams to Emergency Support Teams

394 views • 12 slides
Pre-Trial Issues in DWI Cases Mary Cunningham Judicial Program Manager Texas Association of

Pre-Trial Issues in DWI Cases Mary Cunningham Judicial Program Manager Texas Association of

Pre-Trial Issues in DWI Cases Mary Cunningham Judicial Program Manager Texas Association of Counties Topics Special Bond Conditions Pre-trial Discovery Pre-trial Hearings Motions to Suppress Notices Special Bond Conditions

932 views • 35 slides
Life Post-Janus: Upcoming SCOTUS cases that could affect your union 42 nd Annual National Labor

Life Post-Janus: Upcoming SCOTUS cases that could affect your union 42 nd Annual National Labor

PITTA LLP Labor, Employment &amp; Employee Benefits Law Firm Life Post-Janus: Upcoming SCOTUS cases that could affect your union 42 nd Annual National Labor Management Conference February 14, 2019-February 19, 2019 The Diplomat Beach Resort

794 views • 17 slides
THE RESEARCH Assault 82,235 cases of assault on 64,519 cases Women Kidnapping women /

THE RESEARCH Assault 82,235 cases of assault on 64,519 cases Women Kidnapping women /

THE RESEARCH Assault 82,235 cases of assault on 64,519 cases Women Kidnapping women / 38,947 rape cases / 54,723 cases - Children Missing 55,625 not found Stalking 18,000 cases Children Burglary 1,11,746 cases Robbery 31,906 cases

352 views • 7 slides
QUALITATIVE COMPARATIVE ANALYSIS WHAT, WHY, HOW, AND UNDER WHAT CONDITIONS JENEEN R. GARCIA 24

QUALITATIVE COMPARATIVE ANALYSIS WHAT, WHY, HOW, AND UNDER WHAT CONDITIONS JENEEN R. GARCIA 24

QUALITATIVE COMPARATIVE ANALYSIS WHAT, WHY, HOW, AND UNDER WHAT CONDITIONS JENEEN R. GARCIA 24 FEBRUARY 2016 WHAT IS QCA? method to systematically compare cases and find common patterns using set theory/ Boolean algebra bridges

268 views • 25 slides
Customized HVAC for demanding conditions MKK Company presentation 2015 OUR MISSION WHO WE

Customized HVAC for demanding conditions MKK Company presentation 2015 OUR MISSION WHO WE

Mosjen Kulde og Klimaservice AS Lensegata 12, 8656 Mosjen, Norway Tel: +47 751 13 090 Fax: +47 751 13 091 www.mkk.ac post@mkk.ac H e a t V e n t i l a t i o n a n d A i r C o n d i t i o n Customized HVAC for demanding conditions

65 views • 4 slides
Use Cases Use Cases Use Use cases cases 2003 Giorgini Information Acquisition -- 1 Basi

Use Cases Use Cases Use Use cases cases 2003 Giorgini Information Acquisition -- 1 Basi

Basi di Dati e Sistemi Informativi II Use Cases Use Cases Use Use cases cases 2003 Giorgini Information Acquisition -- 1 Basi di Dati e Sistemi Informativi II Use Cases Diagrams Textual descriptions of the functionality of the system

437 views • 9 slides
COVID-19 Press Briefing May 1, 2020 CCBH Cases Lab-confirmed cases 1,237 Probable

COVID-19 Press Briefing May 1, 2020 CCBH Cases Lab-confirmed cases 1,237 Probable

COVID-19 Press Briefing May 1, 2020 CCBH Cases Lab-confirmed cases 1,237 Probable cases 441 Total cases 1,678 Age range 1week 101 years old Sex Female 54% Male 46% CCBH Cases Date of illness onset

159 views • 15 slides
Enforcement System and Recent Violation Cases December 2018 Trade Control Department Ministry

Enforcement System and Recent Violation Cases December 2018 Trade Control Department Ministry

Enforcement System and Recent Violation Cases December 2018 Trade Control Department Ministry of Economy, Trade and Industry (METI), Japan Contents 1. Post Shipment Verification 2. Recent Cases of Violations 1 Cooperation for Effective

220 views • 17 slides
Something very different - We can use this graph to fi nd mutations in new cases - Perhaps

Something very different - We can use this graph to fi nd mutations in new cases - Perhaps

Covid-19 genome variation graph Something very different - We can use this graph to fi nd mutations in new cases - Perhaps mutations which increase virulence Covid-19 phylogeny De Brujn graph - Genome assembly - Inferred using post order

445 views • 10 slides
COVID-19 Press Briefing June 12, 2020 CCBH Jurisdiction Cases Overview Lab-confirmed cases

COVID-19 Press Briefing June 12, 2020 CCBH Jurisdiction Cases Overview Lab-confirmed cases

COVID-19 Press Briefing June 12, 2020 CCBH Jurisdiction Cases Overview Lab-confirmed cases 3,082 Probable cases 612 Total cases 3,694 Date of illness onset February 28 June 9 Recovered cases 1441 Number

670 views • 29 slides
Current numbers of Spain Cases in Spain Confirmed cases Deaths Recovered COVID-19 Cases by age

Current numbers of Spain Cases in Spain Confirmed cases Deaths Recovered COVID-19 Cases by age

Javier Benito Director Pediatric Emergency Department Cruces University Hospital Bilbao Basque Country - Spain Chairman Spanish Society of PEM Current numbers of Spain Cases in Spain Confirmed cases Deaths Recovered COVID-19 Cases

749 views • 20 slides
. BP = T where VP of a L is = atm P Triple pt. = s, l and g states Normal BP = boiling T at 1 atm

. BP = T where VP of a L is = atm P Triple pt. = s, l and g states Normal BP = boiling T at 1 atm

Vapor pressure of liquid determined by: Phase Diagram Pure substance in closed system Strength of IMFs T Topic 7.5 S Pressure atm L Define BP in terms of VP: phase diagrams . BP = T where VP of a L is = atm P Triple pt. = s, l and

38 views • 3 slides
Excep&amp;ons and Threads Excep&amp;ons What do you do when

Excep&amp;ons and Threads Excep&amp;ons What do you do when

Excep&amp;ons and Threads Excep&amp;ons What do you do when a program encounters an anomalous, unusual event? Try to open a file and it's

559 views • 37 slides
UNDERSTANDING SECURITY MISTAKES DEVELOPERS MAKE Qualitative Analysis From Build It, Break It, Fix

UNDERSTANDING SECURITY MISTAKES DEVELOPERS MAKE Qualitative Analysis From Build It, Break It, Fix

UNDERSTANDING SECURITY MISTAKES DEVELOPERS MAKE Qualitative Analysis From Build It, Break It, Fix It Daniel Votipka , Kelsey Fulton, James Parker, Matthew Hou, Michelle Mazurek, and Mike Hicks University of Maryland, College Park 1 SOLVED

1.64k views • 148 slides
Regulation E Background Electronic Funds Transfer Act Rights, liabilities, and

Regulation E Background Electronic Funds Transfer Act Rights, liabilities, and

Regulation E Background Electronic Funds Transfer Act Rights, liabilities, and responsibilities of the parties involved in an electronic funds transfer (EFT) The CFPB has rulemaking authority 12 CFR 1005 Examples of EFTs

608 views • 40 slides
CSE 105 THEORY OF COMPUTATION Fall 2016 http://cseweb.ucsd.edu/classes/fa16/cse105-abc/ T

CSE 105 THEORY OF COMPUTATION Fall 2016 http://cseweb.ucsd.edu/classes/fa16/cse105-abc/ T

CSE 105 THEORY OF COMPUTATION Fall 2016 http://cseweb.ucsd.edu/classes/fa16/cse105-abc/ T odays lecture Examples of undecidable languages Examples of decidable languages Reductions Reading: Chapter 5 Previously Diag

569 views • 20 slides
Today Computer Security Embedded system security This is a huge area General

Today Computer Security Embedded system security This is a huge area General

Today Computer Security Embedded system security This is a huge area General principles Prof Kasera teaches a good course on it Examples Today we are not talking about Protocol design (another huge area) Password

403 views • 4 slides
HEAT AND WORK UNIT 4 Day 1 What are we going to learn today? Chemical and Physical changes are

HEAT AND WORK UNIT 4 Day 1 What are we going to learn today? Chemical and Physical changes are

Sparks CH301 THERMODYNAMICS HEAT AND WORK UNIT 4 Day 1 What are we going to learn today? Chemical and Physical changes are accompanied by changes in energy Energy moves in the form of HEAT (q) and WORK (w) Get a feel for heat and work Get a

591 views • 29 slides
Investor Update Chairman, President &amp; CEO Kent Yee COVID Discussions: May 22, 2020 Senior

Investor Update Chairman, President &amp; CEO Kent Yee COVID Discussions: May 22, 2020 Senior

Presented by: David Little Investor Update Chairman, President &amp; CEO Kent Yee COVID Discussions: May 22, 2020 Senior Vice President &amp; CFO (Quarter Ending March 31, 2020) F ORWARD L OOKING S TATEMENTS This presentation contains

465 views • 24 slides

More recommend