The University of New South Wales

Model Exam
Revision: 1.2 of Date: 2013/06/02 11:54:07

Session 1, 2013

COMP2111 System Modelling & Design

Time allowed: 2 hour Total number of questions: 13 Maximum number of marks: 50 Not all questions are worth the same. Answer all questions. Textbooks, lecture notes, etc. are not permitted, except for up to 2 double-sided A4 sheets containing handwritten notes. Calculators may not be used. Answers must be written in ink. Use a pencil or the back of the booklet for rough work. Your rough work will not be marked. You can answer the questions in any order. You may take this question paper out of the exam. Write your answers into the answer booklet provided. In the real exam: The concise Event-B summary would be appended for your convenience. Questions should be slightly less verbose to reduce the time you need to spend on reading them. Given how subjective diculty ratings are, I might omit those. The marks for each question havent been weighted with any thorough thought yet. 2 hours should be adequate to answer all questions. Id avoid having that many questions built upon previous answers.

Unless stated otherwise, questions are to be answered using Event-B notation. The rst group of questions deals with bags, also known as multisets. Bags are often used as data structures, e.g., to model inventories. Given a carrier set T a bag over T associates a multiplicity with each element of T . If bag b has the multiplicity mt for t T then that means that b contains mt copies of t. The bags we want to model will be nite, which means that every multiplicity is a natural number, and only nitely many of them can be non-zero. One notation for bags uses double-braces. Example: { {4, 3, 2, 2, 4} } is a bag over the integers where the multiplicity of 4 and 2 is 2 and the multiplicity of 3 is 1. The size of a bag is the the sum of its multiplicites. In the example, the size is 2+2+1 = 5. We call a bag bounded if its size is. (This notion makes more sense once we introduce operations to change bags.)

Question 1 (3 marks)
(easy) Dene a context to x the element type T of the bag machines youll be dening later and to help with expressing boundedness. Were content with integers as bag contents. To make life really easy, we limit the absolut value of those integers to not exceed a positive constant MAXT. Moreover, we want to restrict our attention to bounded bags whose size never exceeds M, another positive constant.

Question 2 (3 marks)
(easy) Provide a machine BA that abstractly describes a bag b as a member of a particular form of binary relations between T and N1. Use the most appropriate and restrictive class of relations for the task. Initialise to the empty bag { {} }.

Question 3 (3 marks)
(moderately challenging) Event-B lacks a big sum operator, making it not immediately obvious how to express the boundedness condition of our bags. Add axioms to your context to provide a bs function that maps each nite bag over T to its size.

Question 4 (3 marks)
(very easy) Add an invariant to BA to enforce the boundedness of b. Add a variable c and invariants to mandate that c always contains the size of b. Initialise it accordingly.

Question 5 (3 marks)
(easy) Add an event add that takes an element t of T as a parameter and adds it to the bag, that is, increases ts multiplicity by one. Dene appropriate guards and actions such that invariants are maintained and the event is enabled whenever that is reasonable.

To be remotely useful, one would also add a remove event. For practice, dene one that reduces the multiplicity of a random element by one and stores the removed element in a result variable.

Question 6 (3 marks)
(moderate) Express the POs you should expect to be raised by the introduction of add and prove that they are valid.

Question 7 (3 marks)
(easy) Rene add into two events: addnew for adding an element that isnt present in the bag yet and addold for incrementing the multiplicity of an already present element. (Just write the new events, not an entire new machine.)

Question 8 (3 marks)
(moderate) Express the POs you should expect to be raised by the renement of add into addnew and addold. Prove that they are valid.

Question 9 (10 marks)

(moderate) Dene a machine BB that is a data renement of BA (with remove and the original add, not the renements) which uses a circular bounded buer bb to represent b. The buer should again be able to store M elements. Use two more variables, lo for pointing at the lower end and hi for the higher end of the active segment of the circular buer.
lo

-4 3 bb 2 2 -4 hi

Dene rened version of the initialisation and the add and remove events such that add increments hi and remove increments lo (both modulo the buer size).

Question 10 (6 marks)
(moderate) Express the POs you should expect to be raised by the data renement step above. Limit your attention to those related to the initialisation and add. Sketch a proof that they are valid.

Question 11 (5 marks)
(challenging) In the context of abstract data types A and C, suppose A5 = a := fA (a, x) and C5 = c := fC (c, x), i.e., theyre deterministic actions that dont change normal variables, one at the abstract level and one on the concrete level. Express as a Hoare triple that C5 is the concrete operation that renes A5 , assuming the gluing invariant is given by the predicate I (a, c, x).

Question 12 (2 marks)
(easy) Consider the context

and machine

What fairness constraints are required minimally to ensure that its maximal executions (respecting the fairness constraints) end with final = TRUE?

Question 13 (3 marks)
(moderate) Suppose a skip event is added to the FactorialCalc machine. It does not change the state and its guard is final = FALSE. What fairness constraints are now required minimally to ensure that maximal executions (respecting these fairness constraints) are nite and end with final = TRUE? Sketch a proof of (n = 3) (final = TRUE f = 6).