Formal System Specification

Questions and Answers

In which phase of the System Development Life Cycle (SDLC) is formal modelling typically applied?

• Requirements gathering
• Design, development, and maintenance (correct)
• Initial planning and feasibility study
• Testing and deployment

Which of the following best describes the primary purpose of formal verification in the context of system development?

• To manage and document project timelines.
• To confirm the accuracy of the developed model in relation to the system specification. (correct)
• To create initial informal system specifications.
• To replace traditional testing methods.

Which of the following is a key characteristic of a formal specification language?

• Primary use in generating informal documentation.
• Ambiguous syntax that allows for flexible interpretation.
• A formalism with well-defined syntax and semantics. (correct)
• Dependence on natural language descriptions.

Which statement best describes the relationship between system specification and formal specification?

System specification and formal specification are interrelated, with formal specification further refining the system requirements. (D)

What is the main advantage of using formal methods in the early stages of system development?

Detecting system errors, malfunctioning, or inconsistencies. (A)

In the context of formal specification, which tasks are typically defined by the developer/specialist?

Constructing a complete, consistent, and precise formal specification. (D)

Which aspect of system development focuses on mathematically expressing the system's requirements and functioning?

Formal Specification (A)

What is the relationship between formal specification and informal specification?

Formal specification is associated with informal specification. (A)

Which of the following is a key benefit of using formal specification?

Providing insights into and understanding of the system requirements and design. (B)

What is the primary focus of algebraic techniques in formal specification?

Defining system operations and their relationships. (C)

Which of the following is the most direct benefit of using formal methods in system development?

Early detection of system flaws. (C)

What is the role of automata (or Finite State Machines) in system modelling, according to the content?

Modelling a system's behaviour. (A)

In model-based techniques, how are system operations typically expressed?

With respect to potential state changes. (A)

Which of the following is a practical application of formal specifications?

To serve as a foundation for generating test cases. (D)

What is the main purpose of using formal specification in system development?

To detect defects and ambiguities in system specifications. (D)

A system's behavior is specified through operations and relationships. Which formal specification technique is being used?

Algebraic technique. (D)

What is the principal advantage of using formal specification in system development?

It helps in the early detection of system flaws. (A)

In the context of concurrent systems, what does the symbol 𝜏 (tau) typically represent?

An internal, invisible, or hidden action. (A)

Which of the following is a primary advantage of using formal specifications in system design?

They support automated processing and allow for animation/simulation of a prototype system. (D)

Given a system modeled as a pair of CFSMs, what determines whether the system is treated as a single CFSM or as a pair?

The verification technique applied. (C)

Which of the following is a significant limitation in the widespread adoption of formal specification techniques?

Many designers and developers lack training in formal specification techniques, leading to their underutilization. (D)

In the context of formal modeling, what determines the abstraction level used to represent the system behavior?

The system requirements and which components and functions are considered in the model. (A)

Which of the following best describes how FSMs model system behavior?

By expressing state changes that occur during operation. (A)

Consider a system with two CFSMs, where one transitions from state q0 to q1 upon receiving input 'a?', and the other transitions from r0 to r1 following an internal action '𝜏'. If the system starts in the global state (q0, r0), what is the likely next state after 'a?' followed by '𝜏'?

(q1, r1) (A)

How are formal modeling languages primarily categorized?

By whether they express their models using textual or graphical notations. (D)

Which of the following is NOT an example of a formal modeling language?

Python (B)

What is a primary application of Finite State Machines (FSMs) in the context of system design?

Describing system states abstractly for specification, verification, and testing. (A)

What capability distinguishes Communicating Finite State Machines (CFSMs) from basic Finite State Machines (FSMs)?

CFSMs have the ability to send and receive messages, enabling modeling of interactive behaviors. (A)

What is the result of combining two or more Communicating Finite State Machines (CFSMs)?

The representation of complex, interactive, and concurrent behaviors that can be analyzed. (A)

In the formal definition of a Communicating Finite State Machine (CFSM), what does the 'A' represent?

A finite set of communication actions, also known as the alphabet of F. (C)

Which of the following is NOT a component of the tuple that defines a Communicating Finite State Machine (CFSM)?

R: A set of rules for state transitions. (B)

In the context of CFSMs, what does the notation 'a?' typically represent?

Receiving a message on channel 'a'. (C)

What does the symbol '𝜏' represent in the context of CFSMs?

An internal action invisible to the external environment. (C)

Consider a system composed of a Sender and a Receiver CFSM. If the Sender performs 'a!' and the Receiver performs 'a?', what combined action occurs, and how is it typically represented in a trace?

𝜏, representing an internal action. (B)

Given the traces of a Sender and Receiver CFSM, how is the concurrent composition of the two machines, denoted as System = Sender || Receiver, analyzed?

By interleaving the traces and resolving matching send and receive actions into internal actions. (A)

In a CFSM model, what is the purpose of defining the system as a set of states, actions, and transitions?

To formally describe and analyze the communication behavior of the system. (C)

Consider a CFSM system where a Sender sends a message 'm!' on channel 'x' and a Receiver receives 'm?' on the same channel. If we observe the trace ⟨⟩ ⟨x?⟩ ⟨x?, 𝜏⟩, what does this sequence indicate?

The message 'm!' was successfully sent and 'm?' was successfully received, resulting in an internal action. (D)

Flashcards

Formal Methods

Mathematical techniques and tools to express a system as a mathematical entity.

Uses of Formal Methods

Specify, model, and verify system structure and behavior.

Advantage of FMs

Detecting errors early in development.

Formal Specification

Mathematically express system requirements.

Formal Modelling

Represent system structure and behavior.

Formal Verification

Analyse the correctness of the model against the system specification.

What is formal specification?

Expressing system specs in a mathematical language.

Mathematical Language.

A language with well-defined syntax and semantics.

Abstraction Levels

How detailed the system representation is in the model.

Textual Languages

Languages using text to express formal models.

Graphical Languages

Languages using diagrams to express formal models.

Examples of Textual Languages

VDM and Process Algebra

Examples of Graphical Languages

Automata, Petri Nets, and UML

Finite State Machines (FSMs)

Abstract descriptions of system states.

Communicating Finite State Machines

Can receive, send messages, and change states.

Advantage of Formal Specification

An effective approach for finding errors in system specifications.

Specification Process

System requirements are determined by the client, detailed specifications are defined by the developer.

Algebraic Specification

Describes system operations and their relationships.

Model-Based Specification

Describes a model where operations change system states.

Benefit of Formal Specification

Insights into system requirements and design.

Formal Spec & Testing

Formal specifications can be used as a concrete guide.

System Specification

System specifications are the requirements and the formal specifications are interrelated.

Concurrent FSM (CFSM)

A system composed of multiple FSMs running concurrently.

Global Initial State

A state representing the beginning of a system's execution.

Internal Action (τ)

Actions in a concurrent system that are not visible externally.

Modeling System Behavior with FSMs

Expressing system behavior as state changes during operation.

CFSM Definition

A model defined by a tuple F = (Q, q0, A, T) representing states, initial state, actions, and transitions.

Q in CFSM

Q is a finite, non-empty set of states within the CFSM.

q0 in CFSM

q0 is the initial state, belonging to the set of states Q.

A in CFSM

A is a finite set of communication actions (a!, a?) which are the alphabet of F.

T in CFSM

T : (Q ,(A∪{𝜏})) → Q defines how the machine moves between states based on actions.

a! in CFSM

Sending a message over channel 'a'.

a? in CFSM

Receiving a message over channel 'a'.

τ in CFSM

Represents internal actions invisible to the external environment.

Study Notes

• The lecture covers formal specification and modeling in the design and development of secure systems.
• It recalls formal methods, explains formal specification and modeling, and introduces Automata/Finite State Machines.

Learning Objectives

• Recall formal methods and their use in developing secure systems.
• Explain formal specification, how it is applied to system development, and different approaches.
• Describe automata and their use in modeling system behavior.

Formal Methods (FMs)

• FMs are mathematical-based techniques and tools to express a complex system as a mathematical entity.
• FMs can specify, model, and verify the structure/behavior of a system.
• They can be used in any phase of the System Development Life Cycle (SDLC) to detect errors early.

Formal Methods in Development Life Cycle

• Formal Specification: mathematically expresses system requirements and functioning, associated with Informal Specification.
• Formal Modeling: applied to design, development, and maintenance stages to represent structure and behavior.
• Formal Verification: analyses the correctness of the model against the system specification and is complementary to testing.

Formal Specification

• It is a system specification in a mathematical language with well-defined syntax and semantics.
• Helps detect defects or errors and presents the system specification clearly.
• System Specification and System Design steps overlap.
• System requirements and formal specifications are interrelated.
• Clients define early stages while developers/specialists define complete, consistent, precise formal specifications.

Types of Formal Specification

• Algebraic techniques: describe system operations and their relationships.
• Model-based techniques: describe system operations relative to potential state changes.
• Languages capture sequential or concurrent behaviors.

Sequential and Concurrent Formal Languages

• Algebraic with Sequential examples: Larch and OBJ
• Model-based Sequential examples: Z, VDM, and B
• Algebraic Concurrent examples: Lotos
• Model-based Concurrent examples: CSP and Petri Nets

Example of Algebraic Specification

• Includes specification name, imports of lists, and informal descriptions.
• It shows operation signatures and axioms defining operations.
• Example includes functions like Create, Cons, Head, Length, and Tail

Example of Model-Based Specification

• Provides schema name, signature, and predicate with a mathematical representation.
• Example includes "SUGAR_OK", representing the state change conditions

Benefits and Limitations of Formal Specification

• Benefits: provides insights into system requirements/design, guide test case creation, supports automated processing, and offers animation/simulation.
• Limitations: designers/developers lack training, widespread ignorance, research focuses on notations rather than tool support.

Formal Modelling

• Formal modelling specifies the behaviour and structure of a system using a mathematical model
• It uses sequential or concurrent behaviour and structure of core system components

Formal Modelling Languages

• Textual languages
• Graphical languages
• Examples include: Vienna Development Method, Process Algebra, Automata, Petri Nets and Unified Modeling Language (UML)

Finite State Machines (FSMs)

• It can formally specify, verify, and test systems.
• It provides an abstract description of system states and the system's response to external actions.

Communicating Finite State Machines (CFSMs)

• It can receive/send messages and change internal states.
• It can be combined to represent complex behaviors for analysis.

Formal Definition of Communicating Finite State Machines

• CFSMs are expressed as a tuple: F = (Q, q0, A, T).
• Q: finite non-empty set of states.
• q0: initial state (∈ Q).
• A: finite set of communication actions, called the alphabet of F.
  • T: (Q, (A∪{τ})) → Q is the transition relation.

Example of CFSMs

• It is a simple sender-receiver schemes.
• Sender receives a signal on channel a, transmits to Receiver via channel b, using channel b.
• Receiver accepts/forwards the signal using channel c.

CFSMs Initial States

• q0 and r0 represent initial states.
• a? and a! represent receiving/sending over channel a.
• a? & a! are matching messages or signals.

Observations on Example CFSMs

• The concurrent composition of two CFSMs is denoted as System = Sender || Receiver.
• Sender: <> (a?) (a?, b!) (a?, b!, a?) ...
• Receiver: <> (b?) (b?, c!) (b?, c!, b?) ...
• Traces generated by System: 〈〉 〈a?〉 〈a?, b!&b?) (a?, b!&b?, c!) ...
• There are four global states: (q0, r0), (q0, r1), (q1, r0), (q1, r1)
• When executing a? at initial state (q0, r0), the system moves to state (q1, r0).
• When executing τ (b!&b?) at state (q1, r0), it moves to state (q0, r1).
• The concurrent composition of two CFSMs can be represented by the following graph format. (q0, r0) a? c! (q1, r0) (q0, r1) System c! a? (q1, r1)
• a?/c!: external actions.
• Internal or hidden action.
• Treat system verification as: single CFSM or pair of CFSMs, depending on verification requirements.

Summary

• Formal methods explicitly define sequential or concurrent behavior.
• Formal Specification helps early detection of system flaws.
• Formal modeling provides a range of modelling languages.
• FSMs efficiently model system behavior by expressing the state changes that occur during its operation.