tivdm1modelling relationships1 peter gorm larsen
TRANSCRIPT
TIVDM1 Modelling relationships 1
Modelling relationships
Peter Gorm Larsen
TIVDM1 Modelling relationships 2
Agenda
Mapping Characteristics and Primitives• The MSAW Example Revisited• The Congestion Warning System Revisited
TIVDM1 Modelling relationships 3
Mapping Characteristics
• Mappings are unordered collections of pairs of elements (a maplet) with a unique relationship
• There can be many copies of each maplet• The elements themselves can be arbitrary
complex, e.g. they can be mappings as well• Mappings in VDM++ are finite• Mapping types in VDM++ are written as:
• map Type1 to Type2• inmap Type1 to Type2 (for injective mappings)
TIVDM1 Modelling relationships 4
Mapping Enumeration
• A maplet is written with curly brackets: “{ domv |-> rngv}”• A mapping enumeration consists of a comma-separated
list of maplets enclosed between curly brackets, ”{…}”• For example
• {1 |-> 5,8 |->1,3|-> 9}• {true|->1, false|->0,false|->0}• {“Peter”|->{}, “Frodo”|->{4,3},”John”|->{2,4}}• {‘g’|->1,’o’|->0,’d’|->1}• {3.567|->3, 0.33455|->0,7|->7,7|->,7|->7,7|->7}
Are all mappings• The empty mapping can be written as “{ |-> }”
TIVDM1 Modelling relationships 5
Mapping Domain
• The domain of a mapping is the collection of the first elements in the maplets of a mapping
• Multiple occurrences of the same value does not count
• The domain of a mapping M is written as “ dom M”
• Quick examples:• dom {“Peter”|->1,”Nico”|->2,”Paul”|->3} • dom { |-> }
• dom {3|->2,3|->2,1|->8}
TIVDM1 Modelling relationships 6
Mapping Range
• The range of a mapping is the collection of the second elements in the maplets of a mapping
• Multiple occurrences of the same value does not count
• The range of a mapping M is written as “rng M”• Quick examples:
• rng {“Peter”|->1,”Nico”|->2,”Paul”|->3} • rng { |-> } • rng {3|->2,3|->2,1|->8}
TIVDM1 Modelling relationships 7
Mapping Equality
• Two mappings are equal if • both have the same domain and
• for all elements in the domain the corresponding range values are equal
• Quick examples:• {2|->4,1|->2} = {1|->2,2|->4}• {true|->1, true|->1, false|->0} = {false|->1, true|->1}• {1|->3,3|->8,8|->1} = {8|->3,3|->1,1|->8}• {1|->{3,4,5},2|->{4}} = {3|->{3,5,4},2|->{4,4,4}}
TIVDM1 Modelling relationships 8
Mapping Application
• Looking up in a mapping for a given domain value yields the corresponding range value
• Mapping application is written as function application, i.e. mapping(domain expression)
• Quick examples:• {1|->2,3|->4,5|->6}(3)• {true|->1,false|->2,}(true)• {[5]|->1,[6,1]|->2,[4,4,4]|->3}([6,1])• {5|->[5],6|->[6,1],4|->[4,4,4]}(6)
TIVDM1 Modelling relationships 9
Mapping Domain Restrictions
• It is possible to restrict the domain of a mapping to or by a given set of elements
• Domain restrictions are written as:• s <: m (restricting domain to the set s)• s <-: m (restricting domain by the set s)
• Quick examples:• {1,2,2} <: {1 |->5,4|->2}• {3,4} <: {1|->7,2|->4}• {1,3} <-: {3|->8,5|->1}• {2,4} <-: {8|->4,3|->6}
TIVDM1 Modelling relationships 10
Mapping Range Restrictions
• It is possible to restrict the range of a mapping to or by a given set of elements
• Range restrictions are written as:• m :> s (restricting range to the set s)• m :-> s (restricting range by the set s)
• Quick examples:• {1 |->5,4|->2} :> {1,2,2} • {1|->7,2|->4} :> {3,4} • {3|->8,5|->1} :-> {1,3} • {8|->4,3|->6} :-> {6,4}
TIVDM1 Modelling relationships 11
Mapping Override and Merge• It is possible to combine two mappings by either merging
them together (similar to set union) or by letting one mapping override another mapping
• Merging is written with munion using infix notation• munion requires mappings to be conformant, i.e. if
domains have common elements they map to the same range value
• Overriding is written with ++ using infix notation and the mapping from the second argument overrides the maplets from the first argument
• Quick examples:• {1|->2,3|->4} munion {2|->3,4|->1}• {5|->7,8|->0} munion {6|->3,5|->7}• {1|->2,3|->4,2|->8} ++ {2|->3,4|->1}• {5|->7,8|->0,6|->9} ++ {6|->3,5|->9}
TIVDM1 Modelling relationships 12
Distributed Mapping Merge
• Given a set of mappings it is possible to take a distributed merge if all the mappings are conformant
• Distributed mapping merge is written as “merge ms” where ms is a set of mappings
• Quick examples• merge {{2|->4},{3|->4,1|->2},{2|->4,7|->3}}• merge {{5|->”me”,7|->”too”},{6|->”what”,8|->”now”}}• merge {}
TIVDM1 Modelling relationships 13
Mapping Inverse
• A mapping is injective if all its domain elements map to different range elements
• For injective mappings it is possible to construct the inverse mapping (swapping domain and range elements)
• This is written as “inverse m” using prefix notation
• Quick examples:• inverse {1|->2,3|->4,2|->3,4|->1}• inverse {5|->7,8|->0,6|->3,5|->7}• inverse {1|->2,3|->4,2|->8,6|->3,4|->1}• inverse {|->}
TIVDM1 Modelling relationships 14
Map Operators
dom m Domain (map A to B) -> set of A
rng m Range (map A to B) -> set of B
m1 munion m2 Merge (map A to B) * (map A to B) -> (map A to B)
m1 ++ m2 Override (map A to B) * (map A to B) -> (map A to B)
merge ms Distr. merge set of (map A to B) -> map A to B
s <: m Dom. restr. to set of A * (map A to B) -> map A to B
s <-: m Dom. restr. by set of A * (map A to B) -> map A to B
m :> s Rng. restr. to (map A to B) * set of A -> map A to B
m :-> s Rng. restr. by (map A to B) * set of A -> map A to B
m(d) Map apply (map A to B) * A -> B
inverse m Map inverse inmap A to B -> inmap B to A
m1 = m2 Equality (map A to B) * (map A to B) -> bool
m1 <> m2 Inequality (map A to B) * (map A to B) -> bool
TIVDM1 Modelling relationships 15
Mapping Comprehensions
• Using predicates to define mappings implicitly• In VDM++ formulated like:
• {maplet | list of bindings & predicate}
• The predicate part is optional• Quick examples
• {i |-> i*i | i: nat1 & i <= 4}• {i**2 |-> i/2 | i in set {1,…,5}}
TIVDM1 Modelling relationships 16
Questions
• What are the mapping enumerations for:• {x |-> x|x in set {8,…,1} & x < 3}• {x |-> 2*x|x in set {1,…,10} & x > 3 and x < 6}• {{y} |-> y - 8| y in set {3,1,7,3}}• {x |-> x+6| x in set {1,2}}• {x|->mk_(x,8)| x in set {1,2,7} & x > 4}• {y|->y|y in set {0,1,2} & exists x in set {0,…,3} & x = 2 * y}• {x|->x = 7| x in set {1,…,10} & x < 6}
TIVDM1 Modelling relationships 17
Agenda
Mapping Characteristics and Primitives The MSAW Example Revisited• The Congestion Warning System Revisited
TIVDM1 Modelling relationships 18
Making use of FO Identification
• In the set version of the MSAW model we had:class AirSpace is subclass of GLOBAL
instance variables
airspace : set of FO := {};
inv forall x,y in set airspace &
x <> y => x.getId() <> y.getId();
• If we use mappings this can be done simplerclass AirSpace is subclass of GLOBAL
instance variables
airspace : map FOId to FO := {|->};
TIVDM1 Modelling relationships 19
An Updated Class Diagram
TIVDM1 Modelling relationships 20
Adding and Removing Flying Objects
class AirSpace is subclass of GLOBAL
operations
public addFO : FO ==> ()
addFO(fo) ==
airspace := airspace munion {fo.getId() |-> fo}
pre forall x in set rng airspace & fo.getId() <> x.getId();
public removeFO : FOId ==> ()
removeFO(id) ==
airspace := {id} <-: airspace;
…
TIVDM1 Modelling relationships 21
Getting Hold of a FO and Airspace
class AirSpace
…
public getFO : FOId ==> FO
getFO(id) ==
return airspace(id)
pre id in set dom airspace;
public getAirspace : () ==> set of FO
getAirspace() ==
return rng airspace;
TIVDM1 Modelling relationships 22
Can Radars use Mappings?class Radar is subclass of GLOBAL instance variables
location : Coordinates; range : nat1; detected : map FOId to FO; priority : seq of FO := [];operations
public Scan : AirSpace ==> ()Scan(as) == (detected := { x.getId() |-> x | x in set as.getAirspace() & InRange(x) }; UpdatePriorityList() );
TIVDM1 Modelling relationships 23
Removing and Adding FOsremoveNotDetected : set of FO ==> ()removeNotDetected(fos) == priority := [priority(i) | i in set inds priority & priority(i) in set fos]; addNewlyDetected : map FOId to FO ==> ()addNewlyDetected(newlyDetect) == priority := priority ^ set2seqFO(rng newlyDetect);
functionsset2seqFO : set of FO -> seq of FOset2seqFO(fos) == if fos = {} then [] else let fo in set fos in [fo] ^ set2seqFO(fos\{fo})
TIVDM1 Modelling relationships 24
Updating Priority List
UpdatePriorityList : () ==> ()
UpdatePriorityList() ==
let notDetect = elems priority \ rng detected,
newlyDet = detected :-> elems priority
in
( removeNotDetected(notDetect);
addNewlyDetected(newlyDet)
);
TIVDM1 Modelling relationships 25
Overview in Air Traffic Controllerclass Radar…public getDetectedMap : () ==> map FOId to FOgetDetectedMap() == return detected;end Radarclass AirTrafficeController
operations
OverviewAllRadars: () ==> map FOId to FOOverviewAllRadars() == merge {r.getDetectedMap() | r in set radars}
end AirTrafficeController
TIVDM1 Modelling relationships 26
Agenda
Mapping Characteristics and Primitives The MSAW Example Revisited The Congestion Warning System Revisited
TIVDM1 Modelling relationships 27
The CWS Revisited
• Introducing a more realistic road network• Introducing the notion of lanes• Introducing name servers• Adding sensors and actuators gradually
TIVDM1 Modelling relationships 28
The Revised CWS System
TIVDM1 Modelling relationships 29
Two Injective Mappings at VDM++ Level
class CWS
instance variablesroadNetwork: inmap Location to CongestionMonitor := {|->}
sensors: inmap Location to (inmap Lane to PassageSensor) := {|->};
typespublic Location = nat1;public Lane = nat1
…end CWS
TIVDM1 Modelling relationships 30
Class Diagram for Revised CWS
-roadNetwork
CWS
sensors : inmap Location to (inmap Lane to PassageSensor) = {|->}
AddSensor()AddCongestionMonitor()
OperatorControl
-op
NameServer
-ns
CongestionMonitor
LocationLocation
-operator -nameServer
TIVDM1 Modelling relationships 31
Adding a new Sensor
class CWS
…
operations
public AddSensor: Location * Lane ==> ()
AddSensor(loc, lane) ==
def passageSensor = new PassageSensor(loc, lane)
in
let sensorAtLane = {lane |-> passageSensor}
in
if loc in set dom sensors
then sensors(loc) := sensors(loc) munion
sensorAtLane
else sensors := sensors munion
{loc |-> sensorAtLane};
end CWS
TIVDM1 Modelling relationships 32
Dealing with Name Servers
• Control over the actuation managers• Each control manager control multiple locations
class NameServer
instance variables
am: map ActuatorManager to
(set of CWS`Location) := {|->}
…
end NameServer
TIVDM1 Modelling relationships 33
Setting Actuation Managers in control
class NameServer
operations
public SetActuatorManager: ActuatorManager *
set of CWS`Location ==> ()
SetActuatorManager(actuatorManager, locations) ==
am := am ++ {actuatorManager |-> locations};
end NameServer
TIVDM1 Modelling relationships 34
Getting an Actuation Manager
class NameServeroperationspublic GetActuatorManager: [CWS`Location] ==> [ActuatorManager]GetActuatorManager(loc) == if loc = nil then return nil else let locations = inverse am in let locationSet in set dom locations be st loc in set locationSet in return locations (locationSet);end NameServer
TIVDM1 Modelling relationships 35
Message Logs inside Congestion Sensors
class CongestionSensor is subclass of Sensor
…
instance variables
passageSensors: map CWS`Lane to PassageSensor := {|->}
end CongestionSensorNotice that the
first box on page 180 in the book is
wrong. This is the right version.
TIVDM1 Modelling relationships 36
Issue Congestion Warnings
class CongestionSensor is subclass of Sensorpublic IssueCongestionStatus: () ==> CongestionSensor`CongestionStatus IssueCongestionStatus() == def averagespeed = min ({passageSensors(lane). AverageSpeed(NoPassages) | lane in set dom passageSensors}) in if averagespeed < CongestionThreshold then return <Congestion> elseif averagespeed > NoCongestionThreshold then return <NoCongestion> else return <Doubt>
end CongestionSensor
TIVDM1 Modelling relationships 37
Managing Actuators
class ActuationManager
…
instance variables
as: inmap CWS`Location to Actuator := {|->};
ns: NameServer
end ActuationManager
TIVDM1 Modelling relationships 38
Adding Actuator at a given Locationclass ActuationManager… operations
public AddActuator: CWS`Location ==> ()AddActuator(loc) == def actuator = new Actuator() in (as := merge {as, {loc |-> actuator}}; ns.SetLocation(self, loc) )pre loc not in set dom as;
end ActuationManager
TIVDM1 Modelling relationships 39
Removing Actuatorsclass ActuationManager…operations
public RemoveActuator: Actuator ==> ()RemoveActuator(actuator) == as := as :-> {actuator};
end ActuationManager
TIVDM1 Modelling relationships 40
Replacing Actuators
class ActuationManager
…
operations
public
ReplaceActuator: Actuator * Actuator ==> ()
ReplaceActuator(actuator, newActuator) ==
as := as ++ {(inverse as)(actuator) |-> newActuator};
end ActuationManager
TIVDM1 Modelling relationships 41
Showing Signal at a given Locationclass OperatorControl…public ShowSignal: CWS`Location * CongestionMonitor`Signal ==> ()ShowSignal(location, signal) ==( def downstreamLocation = Downstream(location, ns.GetLocations()); downstreamManager = ns.GetActuatorManager(downstreamLocation); downstreamSignal = if downstreamManager <> nil then downstreamManager.GetSignal(downstreamLocation) else nil; actuator = as(location); upstreamLocation = Upstream(location, ns.GetLocations()); upstreamManager = ns.GetActuatorManager(upstreamLocation); upstreamSignal = if upstreamManager <> nil then upstreamManager.GetSignal(upstreamLocation) else nil in ( ShowSignalAtLoc(signal,downstreamLocation, downstreamSignal,actuator); ShowSignalUpstream(signal,upstreamLocation,upstreamManager,upstreamSignal) ) ) pre location in set dom as;end OperatorControl
TIVDM1 Modelling relationships 42
Operator Utilitiesclass OperatorControl…operations
public WriteLog: seq1 of char * CWS`Location ==> ()WriteLog(message, location) == let newMessage = message ^ int2String(location), messages = if location in set dom messageLog then messageLog(location) ^ [ newMessage ] else [ newMessage ] in messageLog := messageLog ++ {location |-> messages};
public CongestionSpots: () ==> set of CWS`LocationCongestionSpots() == return dom messageLog;
end OperatorControl
TIVDM1 Modelling relationships 43
Summary
• What have I presented today? • The notion of mappings as ordered collections
• The basic operations in VDM++ for manipulating mappings
• The MSAW example again
• The congestion warning system example again
• What do you need to do now?• Complete your project
• Provide report and source model to me
• Fill out evaluation form
• Tell me whether you would like an exam trial session
TIVDM1 Modelling relationships 44
Quote of the day
By Herbert Hoover(1874 - 1964)
Engineering is a great profession. There is the satisfaction of watching a figment of the imagination emerge through the aid of science to a plan on paper. Then it
moves to realization in stone or metal or energy. Then it brings homes to men or women. Then it elevates the standard of living and adds to the comforts of life.
This is the engineer's high privilege.