From requirements to specification Specification is a refinement of requirements Can be included together as Software Requirements Specifications (SRS)

From requirements to specification

• Specification is a refinement of requirements• Can be included together as Software

Requirements Specifications (SRS)• Elaborate on the WHAT? the software system

is supposed to do– As opposed to HOW it will do it– Should not be very constraining– Leave the details to the design

Software modeling

• Modeling techniques – visual, executable, general, readable, …..

• Modeling– Behavior: Finite state machine (FSM), Petri net

(PN), Sequence diagram, Activity diagram, and other UML diagrams

– Data: Entity relationship diagram (ERD)– Process: Data flow diagram (DFD), Decision table,

decision tree

The Finite State Machine Model (FSM)

• Used to describe:– State-based behavior of a process within a software

systems. – Whole system as one process.

• FSM is used when the number of states the process can be in is small, and the next state of a process is determined by its current state and the inputs applied to the process.

• Typically, the process behavior is be described by the next process state and the output the process delivers after accepting an input.

Algebraic definition of an FSM

Properties of an FSM model

• Completeness• Determinism• Fully connected• Strongly connected• Minimal

• Can be verified

Complete FSM

• An FSM is said to be complete or completely specified, if and only if, at each state, there exists a transition for each input i I.

• In other words, the FSM should react to every input at every state, and this reaction should be captured and specified in the model.

Complete FSM

• To produce a robust software system, it is desirable to specify what to do when both valid (good) and invalid (bad or unexpected) inputs are applied at each state of the system.

• Specification completeness would allow the implementation of a robust process, a process capable of dealing with both correct and wrong inputs.

Deterministic FSM

• An FSM is said to be deterministic, if and only if, at any state, the reaction to an input is unique and unambiguously determined.

• Uniqueness means that for the same input at the same state, the FSM should move to the same next state and delivers the same output, any time it executes.

Example

• Describe the FSM in both the algebraic and tabular forms.

• Can you describe in English what does this FSM specify? • Add the necessary transitions and states to the FSM

diagram. Is the FSM complete and deterministic? why? if incomplete, can you suggest a modification to complete it.

Limitations of the FSM

• Conditional behavior specification• Time specification• Data manipulation specification• Concurrency specification

• The Extended FSM – EFSM

Timing and Timeout Specification

• We want to specify that if at a state S no input is present within t time units, a transition should take place and an output should be delivered. – This situation would occur in many real-time processes, and in

user-oriented interfaces and systems. • We would like to have certain delayed transitions, in which a time

delay is specified instead of an input symbol. • Presence of an input symbol or time delay is mutually exclusive.

Conditional Transitions• To specify that, at a given state S, in addition to the

availability of an input symbol, certain predicate(s) should evaluate to True– Predicated or conditional transitions. – Transition takes place only if the predicate evaluates to

true.• Modified definition: EFSM is said to be

deterministic, if at the same state, for the same input and the same predicate, the same transition (next state and output) must occur.

Is this deterministic?

Variable Manipulation• If at given state of the FSM, the reaction to the

next input symbol must change a certain variable value needed in future transitions (i.e., in a predicate evaluation).

• For example, in a user interface driven process, at the logon state, the reaction to a bad login input may depend on the number of times a bad login input was performed earlier.– A variable holding a counter of the number of bad

logins is needed.

Concurrency Specification

• Due to its inherently sequential nature, a basic finite state machine cannot model concurrent behaviors that may be needed to describe complex concurrent applications.

• Extensions to the FSM were added in the UML statechart diagram to model concurrent execution by specifying concurrent substates.

Example

• Suppose that at any state (except the initial idle state) if we do not receive an input within 10 time units, we want the system to be blocked for 5 time units and then move to the locked state again. Add the necessary transitions and states to the FSM diagram.

Example• Partial behavior of ATM: – “First the user inserts the bank card in the ATM’s card

reader. – Then, the ATM expects the user to enter the PIN within 20

seconds, otherwise the ATM will beep and eject the card. – If the PIN is valid, the user is allowed to proceed with a

choice of banking transactions. – Otherwise if the PIN is invalid, the user can retry for a

maximum of two more trials. – After 3 wrong trials, the card is confiscated by the ATM,

and the user has to contact the main branch.”