Example File System DirEntry Name Object contents. name[r]
Trang 1Abstract Model Specification
Trang 2 The flexibility to model a specification
which can directly lead to the code.
Easy to understand
A large class of structural models can be
described in Z without higher – order
features, and can thus be analyzed
efficiently.
Independent Conditions can be added later
Trang 3CHAM: for architectural description and
analysis.
Software Systems chemicals (whose
reactions are controlled by explicitly stated rules).
Where floating molecules can only interact
according to a stated set of reaction rules.
Trang 4 Chemical reactions
Molecules (components)
Reactions (Connectors)
Solutions (States of CHAM)
This is used in areas where intended
architecture will tend to be large, complex, and assembled from existing components.
Trang 5Modeling Notation
Trang 6• Alloy
– Is a modeling notation that describes structural properties
– Has a declaration syntax compatible with
graphical object models
– Has a “setbased” formula syntax
Trang 7File System
DirEntry Name Object
contents
!
name
! Parent
(~children)
entries
! Dir
File
Trang 8state {
partition File, Dir: static Object
Root: fixed Dir!
entries: Dir! > DirEntry
name: DirEntry > static Name!
contents: DirEntry > static Object!
parent (~children) : Object > Dir
}
def parent {all o | o.parent = o.~contents.~entries}
inv UniqueNames {all d | all e1, e2: d.entries | e1.name = e2.name > e1 = e2}
inv Parents {
no Root.parent
all d: Dir – Root | one d.parent}
inv Acyclic {no d | d in d.+parent}
inv Reachable {Object in Root.*children}
cond TwoDeep {some Root.children.children}
assert FileHasEntry {all o | sole o.parent}
assert AtMostOneParent {all o | sole o.parent}
op NewDirEntries (d: Dir, es: DirEntry’) {
no es & DirEntry
d.entries’ = d.entries + es
Trang 9• Structure of the model
– Domain paragraph
– State paragraph
– Definition paragraph
– Invariants
– Condition
– Assertions
– Operations
Trang 10• Alloy supports two kinds of analysis
– Simulation: Consistency of an invariant or
operation is demonstrated by generating a state or transition.
– Checking: A consequence of a specification is
tested by attempting to generate a counterexample.