Example - A Computer System

Dr. Rong Qu

[email protected]

http://www.cs.nott.ac.uk/£ rxq/#g53fsp

G53FSP Formal Specification 1 State Schema USERS the set of all possible names FILE NAMES the set of all possible file names NOS the set of all possible block numbers

G53FSP Formal Specification 2 owns owns is a function mapping usernames to sets of filenames

owns = (Eric, file1, file2 ), (Edmund, prog1 ) { { } { } } We can then as true logical statements

owns Eric = file1, file2 { }

owns Edmund = prog1 { }

G53FSP Formal Specification 3 occupies Further, occupies will be a function mapping each filename of an existing file to be the set of block numbers which it occupies

occupies = { (file1, 1, 9, 6, 10 ), { } (file2, 2, 3, 4 ), { } (prog1, 5, 7, 8 ) { } }

G53FSP Formal Specification 4 occupies

rng occupies = 1, 9, 6, 10 , 2, 3, 4 , 5, 7, 8 {{ } { } { }} To obtain the set of all occupied blocks as a simple set, we need the generalised union operator applied as in

rng occupies = 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 S { }

G53FSP Formal Specification 5 English Specification

a. There will be a set of users system users.

b. The number of users will be no users.

c. A list of free (unoccupied) blocks will be maintained.

d. No block is to be in more than one file.

e. Every block which is not in a file is to be on the free list.

f. The maximum number of users will be max user.

G53FSP Formal Specification 6 State Schema

[USERS, FILE NAMES, BLOCK NOS]

G53FSP Formal Specification 7 State Schema

FileSystem owns : USER + P FILE NAMES occupies : FILE→ NAMES + P BLOCK NOS file store : P FILE NAMES→ all blocks : P BLOCK NOS free blocks : P BLOCK NOS max users : N no users : N system users : P USERS

...

G53FSP Formal Specification 8 State Schema

FileSystem ...

#system users max users #system users =≤ no users file : dom occupies !user : dom owns file owns user ∀ file : dom occupies;•block ∃ : all blocks • ∈ ∀ block occupies file block /•free blocks dom owns = ∈system users ⇒ ∈ file store = rng owns file store = domS occupies block set1, block set2 : rng occupies ∀ • block set1 = block set2 block set1 block set2 = 6 ⇒ ∩ {}

G53FSP Formal Specification 9 State Schema another way: no two files contain a common block

file1, file2 : dom occupies ∀ • file1 = file2 occupies file1 occupies file2 = 6 ⇒ ∩ {}

no block occurs in the free list

block set : rng occupies block set free blocks = ∀ • ∩ {} or rng occupies free blocks = S ∩ {}

G53FSP Formal Specification 10 Operation Schema

There is to be a command to remove a file from the system.

The command will be given the name of the file owner, and of the file.

All blocks occupied by the file must be returned to the free list.

G53FSP Formal Specification 11 Operation Schema

RemoveFile ∆FileSystem username?: USERS file name?: FILE NAMES

...

G53FSP Formal Specification 12 Operation Schema

RemoveFile ...

username? system users file name? owns username? ∈ ∧ ∈ occupies0 = file name? ¡occupies { }− owns0 = owns (usernameL ?, (owns username? file name? )) { − { } } free blocks0 = free blocks occupies file name? ∪ file store0 = file store file mame? − { } no users0 = no users system users0 = system users ∧

G53FSP Formal Specification 13 NewFile Schema

NewFile ∆FileSystem username?: USERS file name?: FILE NAMES

...

G53FSP Formal Specification 14 NewFile Schema

NewFile ...

username? system users file name? / file store ∈ ∧ ∈ owns0 = owns (usernameL ?, (owns username? file name? ) ) { ∪ { } } occupies0 = occupies file name? ∪ { 7→ {}} free blocks0 = free blocks file store0 = file store file mame? ∪ { } no users0 = no users system users0 = system users ∧

G53FSP Formal Specification 15 RemoveUser

The remove user command will remove all that user’s files and return their blocks to the free space list

The given user’s name will be deleted from the system.

G53FSP Formal Specification 16 RemoveUser

RemoveUser ∆FileSystem username?: USERS

...

G53FSP Formal Specification 17 RemoveUser

RemoveUser ...

username? system users ∈ owns0 = username? ¡owns { }− occupies0 = owns username?¡occupies − free blocks0 = free blocks rng(owns username? ¡ occupies) ∪ S file store0 = file store owns username? − no users0 = no users 1 − system users0 = system users username? − { }

G53FSP Formal Specification 18 Alternative

The line defining free blocks could be written

free blocks0 = free blocks ∪ occupies( owns username? ) S | |

G53FSP Formal Specification 19 AddNewUser

AddNewUser ∆FileSystem username?: USERS

...

G53FSP Formal Specification 20 AddNewUser

AddNewUser ...

username? / system users ∈ owns0 = owns username? ∪ { 7→ {}} occupies0 = occupies free blocks0 = free blocks file store0 = file store no users0 max users no users0 = no users + 1 ≤ ∧ system users0 = system users username? ∪ { }

G53FSP Formal Specification 21 NewBlockToFile

NewBlockToFile ∆FileSystem file name?: FILE NAMES block no : BLOCK NOS

...

G53FSP Formal Specification 22 NewBlockToFile

NewBlockToFile ...

filename? dom occupies ∈ block no free block owns0 = owns ∈ ∧ occupies0 = occupies file name?, occupiesL file name? block no { ∪ { }} free blocks0 = free blocks block no − { } file store0 = file store no users0 = no users ∧ system users0 = system users

G53FSP Formal Specification 23 Observation Schema

There will be a command ListFileNames to list a named user’s file names and .

The given user must already exist.

G53FSP Formal Specification 24 Observation Schema

ListFileNames ΞFileSystem user name?: USERS message!: FILE NAMES + N → user name? system users ∈ message! = filename : own username? { • (filename, #occupies filename) }

G53FSP Formal Specification 25 User File Count

For an observation schema

to represent a command which accepts a username, and

replies with the total number of files owned by that user.

G53FSP Formal Specification 26 User File Count

UserFileCount ΞFileSystem user name?: USERS user file no!: N

user name? system users ∈ user file no! = #owns username?

G53FSP Formal Specification 27 User Block Count

For an observation schema

to represent a command which accepts a username, and

replies with the total number of blocks owned by that user.

G53FSP Formal Specification 28 User Block Count

UserBlockCount ΞFileSystem user name?: USERS user blocks!: N

user name? system users ∈ user blocks! = # occupies( owns username? ) S | |

G53FSP Formal Specification 29 Axiom Schema

For example, for the functions to give

the number of blocks in a named file

the number of files owned by a named user

the number of blocks owned by a named user

We could have a schema as follows, which merely decalres the functions.

G53FSP Formal Specification 30 Axiom Schema

This is called an axiom schema, and must be declared before use.

The schema itself has no name;

Its purpose is purely to the functions available.

G53FSP Formal Specification 31 Axiom Schema

FileSystem user file no : USERS + N → user blocks : USERS + N → file blocks : FILE NAMES + N → user : system users ∀ • user file no user = #owns user user : system users user blocks user = ∀ • ( f : owns user #occupies f ) • file : Pfile store file blocks file = #occupies file ∀ •

G53FSP Formal Specification 32