1. No category

Modelling unordered collections

Modelling unordered collections
Peter Gorm Larsen
TIVDM1
Modelling unordered collections
1
Agenda
 Set Characteristics and Primitives
• The Minimum Safety Altitude Warning System
• The Robot Controller
TIVDM1
Modelling unordered collections
2
Set Characteristics
• Sets are unordered collections of elements
• There is only one copy of each element
• The elements themselves can be arbitrary
complex, e.g. they can be sets as well
• Sets in VDM++ are finite
• Set types in VDM++ are written as:
• set of Type
TIVDM1
Modelling unordered collections
3
Set Membership
• If an object x is a member (an element) of a
set A, then we write “x  A”; if it is not a
member then we write “x  A”.
• “x  A” can be written as “x in set A”
• “x  A” can be written as “x not in set
A”
TIVDM1
Modelling unordered collections
4
Set Enumeration
• A set enumeration consists of a commaseparated list enclosed between curly braces,
”{…}”
• For example
•
•
•
•
•
{1,5,8,1,3}
{true, false}
{{}, {4,3},{2,4}}
{‘g’,’o’,’d’}
{3.567, 0.33455,7,7,7,7}
Are all sets
• The empty set can be written as “{ }” or “”
TIVDM1
Modelling unordered collections
5
The Subset Relation
• The set A is said to be a subset of the set B
if every element of A is also an element of
B.
• The subset relation is written as ”A  B” or
as ”A subset B”
• Quick examples:
• {1,2,3}  {1,2,3,4,5}
• { }  {1,2,3}
• {3,2,3,2}  {2,3}
TIVDM1
Modelling unordered collections
6
Set Equality
• Two sets are equal if both are subsets of each
other i.e.
• A  B and B  A implies that A = B
• Quick examples:
•
•
•
•
TIVDM1
{2,4,1,2} = {4,1,2}
{true, true, false} = {false, true}
{1,1,1,1,1,1,1,1,1,1,1,1} = {1}
{3,4,5} = {3,5,5}
Modelling unordered collections
7
Proper Subsets
• The set A is said to be a proper subset of the
set B if every element of A is also an element
of B and B has at least member that is not a
member of A.
• The subset relation is written as ”A  B” or
as ”A psubset B”
• Quick examples:
• {1,2,3}  {1,2,3,4,5}
• { }  {1,2,3}
• {3,2,3,2}  {2,3}
TIVDM1
Modelling unordered collections
8
Set Cardinality
• The cardinality of a set is the number of
distinct elements i.e. its size
• The cardinality of a set S is written as “card S”
• Quick examples:
• card {1,2,3}
• card { }
• card {3,2,3,2}
TIVDM1
Modelling unordered collections
9
Powersets
• If S is a set then the power set of S is the set of
all subsets of S.
• The powerset of a set S is written as “P S” or
“power S”
• Quick examples:
•
•
•
•
TIVDM1
power {1,2,2}
power { }
power {3,2,3,1}
power power {6,7}
Modelling unordered collections
10
Set Union
• The union of two sets combines all their
elements into one set
• The union of two sets A and B is written as
”A  B” or ”A union B”
• Quick examples:
• {1,2,2} union {1,6,5}
• { } union {true}
• {3,2,3,1} union {4}
TIVDM1
Modelling unordered collections
11
Set Intersection
• The intersection of two sets is the set of all
elements that are in both of the original sets
• The intersection of two sets A and B is written
as ”A  B” or ”A inter B”
• Quick examples:
• {1,2,2} inter {1,6,5}
• { } inter {true}
• {3,2,3,1} inter {4}
TIVDM1
Modelling unordered collections
12
Distributed Set Operators
• Union and intersection can be distributed over a set of
sets
• Distributed set union
•
•
•
•
To be written as  (or dunion in ASCII)
dunion {{ 2,4},{3,1,2},{2,3,4,3}}
dunion {{ 2,4},{3,1,1},{}}
dunion {{true},{false},{}}
• Distributed set intersection
•
•
•
•
TIVDM1
To be written as  (or dinter in ASCII)
dinter {{ 2,4},{3,1,2},{2,3,4,3}}
dinter {{ 2,4},{3,1,1},{}}
dinter {{true},{false},{}}
Modelling unordered collections
13
Set Difference
• The set difference of two sets A and B is the
set of elements from A which is not in B
• The set difference of two sets A and B is
written as ”A \ B”
• Quick examples:
• {1,2,2} \ {1,6,5}
• { } \ {true}
• {3,2,3,1} \ {4}
TIVDM1
Modelling unordered collections
14
Overview of Set Operators
e in set s1
Membership ()
A * set of A -> bool
e not in set s1 Not membership () A * set of A -> bool
s1 union s2
Union ()
set of A * set of A -> set of A
s1 inter s2
Intersection ()
set of A * set of A -> set of A
s1 \ s2
Difference (\)
set of A * set of A -> set of A
s1 subset s2
Subset ()
set of A * set of A -> bool
s1 psubset s2
Proper subset ()
set of A * set of A -> bool
s1 = s2
Equality (=)
set of A * set of A -> bool
s1 <> s2
Inequality (≠)
set of A * set of A -> bool
card s1
Cardinality
set of A -> nat
dunion s1
Distr. Union ()
set of set of A -> set of A
dinter s1
Distr. Intersection () set of set of A -> set of A
power s1
Finite power set (P)
TIVDM1
set of A -> set of set of A
Modelling unordered collections
15
Set Comprehensions
• Using predicates to define sets implicitly
• In VDM++ formulated like:
• {element | list of bindings & predicate}
• The predicate part is optional
• Quick examples:
• {3 * x | x : nat & x < 3} or {3 * x | x in set {0,…,2}}
• {x | x : nat & x < 5} or {x | x in set {0,…,4}}
TIVDM1
Modelling unordered collections
16
Questions
• What are the set enumerations for:
•
•
•
•
•
•
•
TIVDM1
{x|x : nat & x < 3}
{x|x : nat & x > 3 and x < 6}
{{y}| y in set {3,1,7,3}}
{x+y| x in set {1,2}, y in set {7,8}}
{mk_(x,y)| x in set {1,2,7}, y in set {2,7,8} & x > y}
{y|y in set {0,1,2} & exists x in set {0,…,3} & x = 2 * y}
{x = 7| x in set {1,…,10} & x < 6}
Modelling unordered collections
17
Set Range Expressions
• The set range expression is a special case of a set
comprehension. It has the form
• {e1, ..., e2}
• where e1 and e2 are numeric expressions. The set
range expression denotes the set of integers from e1 to
e2 inclusive.
• If e2 is smaller than e1 the set range expression denotes
the empty set.
• Examples:
•
•
•
•
TIVDM1
{2.718,...,3.141}
{3.141,...,2.718}
{1,...,5}
{8,...,6}
Modelling unordered collections
18
Agenda
 Set Characteristics and Primitives
 The Minimum Safety Altitude Warning System
• The Robot Controller
TIVDM1
Modelling unordered collections
19
MSAW General Monitoring
Minimum Safe Altitude (MSA)
500´
Threshold
Terrain Clearance Altitude
TIVDM1
Modelling unordered collections
20
MSAW Approach Path Monitoring
Glideslope Path
Alarm Trigger Area
(100´ below glideslope path)
TIVDM1
Modelling unordered collections
1 nm
Runway
21
UK Civil Aviation Authority
Minimum Safe Altitude Warning (MSAW) utilises secondary
surveillance radar (SSR) responses from aircraft transponders
and trajectory tracking to determine whether it is likely that the
aircraft may be exposed to an unacceptable risk of Controlled
Flight Into Terrain (CFIT). MSAW is normally implemented locally
within the radar display system software and compares predicted
aircraft trajectories with a database of levels at which an alert will
be triggered within specific geographic areas. The system is
technically complex (due to the need to compensate for radar
processing delays) and requires careful installation,
commissioning and operation to ensure that false alert
occurrences do not present a hazard to operations.
TIVDM1
Modelling unordered collections
22
MSAW Requirements
• Radar(s) must track flying objects using their
transponders
• Height of obstacles must be known statically
• Flying objects must be warned against obstacles
close to their flight path
• New areas with obstacles can be defined
• The MSAW system must ensure the safety of flying
objects against static obstacles
• Other flying objects (dynamic) is NOT a part of MSAW
(dealt with using TCAS)
TIVDM1
Modelling unordered collections
23
UML Class Diagram
TIVDM1
Modelling unordered collections
24
A Collection of Flying Objects
• What instance variables should
the FO class have?
• How should the airspace
association between the
Airspace and FO be made?
class FO
instance variables
id
: Id;
coord : Coordinates;
alt
: Altitude;
end FO
class Airspace
instance variables
airspace : set of FO;
inv forall x,y in set airspace &
x <> y => x.getId() <> y.getId()
end Airspace
TIVDM1
Modelling unordered collections
25
Adding New Flying Objects
It must be possible to add new flying objects to an
airspace:
public addFO : FO ==> ()
addFO(fo) ==
airspace := airspace union {fo}
pre fo.getId() not in set
{f.getId() | f in set airspace}
TIVDM1
Modelling unordered collections
26
Get Hold of a Particular FO
Given a particular identifier we need to be able to find the
flying object with that transponder
public getFO : Id ==> FO
getFO(id) ==
find that value fo in the set airspace where fo.getId() equals id
VDM++ Construct (let-be-such-that expression):
let x in set s be st predicate on x
in
expression using x
TIVDM1
Modelling unordered collections
27
Get Hold of a Particular FO
Using the let-be-such-that expression we get
public getFO : Id ==> FO
getFO(id) ==
let fo in set airspace be st fo.getId() = id
in
return fo
pre FOExists(id,airspace);
and
functions
FOExists: Id * set of FO -> bool
FOExists(id,space) ==
exists fo in set space & fo.getId() = id
TIVDM1
Modelling unordered collections
28
Removing Existing Flying Objects
It must also be possible to remove existing flying
objects from an airspace:
public removeFO : Id ==> ()
removeFO(id) ==
airspace := airspace \ {getFO(id)}
pre FOExists(id,airspace)
where we reuse the getFO operation
TIVDM1
Modelling unordered collections
29
Complete AirSpace Class
•
•
•
•
TIVDM1
This completes the AirSpace class
Visibility shown with icons
Stereotypes used to seperate operations and functions
Signatures can be listed
Modelling unordered collections
30
Constructor for Flying Objects
• Constructors in VDM++ use operation syntax
• Return type is implicit, so no return is needed
public FO : Id * Coordinates * Altitude ==> FO
FO(i,co,al) ==
(id
:= i;
coord := co;
alt
:= al;
);
TIVDM1
Modelling unordered collections
31
What Instance Variables in Radar?
• What information is needed for each radar?
instance variables
location : Coordinates;
range
: nat1;
detected : set of FO
TIVDM1
Modelling unordered collections
32
What can a radar see?
• Scanning from a radar
public Scan : AirSpace ==> ()
Scan(as) ==
detected := { x | x in set as.airspace & InRange(x) };
private InRange : FO ==> bool
InRange(obj) ==
let foLocation = obj.getCoordinates()
in
return isPointInRange(location,range,foLocation);
TIVDM1
Modelling unordered collections
33
A circle from a given point
• In the GLOBAL class general functionality is present
functions
protected isPointInRange : Coordinates * nat1 *
Coordinates -> bool
isPointInRange(center,range,point) ==
(center.X - point.X)**2 + (center.Y - point.Y)**2 <=
range**2;
TIVDM1
Modelling unordered collections
34
The Obstacles Class
What information do we need about an obstacle?
instance variables
MSA
location
radius
securityRadius
type
:
:
:
:
:
MinimumSafetyAltitude ;
Coordinates;
nat1;
nat;
ObstacleType;
Where we inherit the following types
public
ObstacleType = <Natural>|<Artificial>|<Airport>|<Military_Area>;
public FOWarning = ObstacleType;
public RadarWarning = <Saturated>;
public MinimumSafetyAltitude = nat | <NotAllowed>;
TIVDM1
Modelling unordered collections
35
The AirTrafficController Class
class AirTrafficController is subclass of GLOBAL
instance variables
radars
: set of Radar
:= {};
obstacles : set of Obstacle := {};
operations
public addRadar : Radar ==> ()
addRadar(r) ==
radars := {r} union radars;
public addObstacle : Obstacle ==> ()
addObstacle(ob) ==
obstacles := {ob} union obstacles;
TIVDM1
Modelling unordered collections
36
Finding Treats for FOs
public findThreats : () ==> ()
findThreats() ==
let allFOs = dunion { r.getDetected() | r in set radars }
in
(for all fo in set allFOs
do
for all ob in set obstacles
do
if isFOinVicinities(ob,fo) and not isFOatSafeAltitude(ob,fo)
then writeObjectWarning(ob,fo);
for all r in set radars
do
if r.saturatedRadar()
then writeRadarWarning(r)
);
TIVDM1
Modelling unordered collections
37
Conditions for Warnings
isFOinVicinities : Obstacle * FO -> bool
isFOinVicinities(obs,fo) ==
let obsloc
= obs.getCoordinates(),
secureRange = obs.getSecureRange(),
foloc
= fo.getCoordinates()
in
isPointInRange(obsloc,secureRange,foloc);
isFOatSafeAltitude : Obstacle * FO -> bool
isFOatSafeAltitude(obs,fo) ==
let msa = obs.getMSA()
in
if msa = <NotAllowed>
then false
else msa < fo.getAltitude();
TIVDM1
Modelling unordered collections
38
Saturating a radar
There is a limit to how many FO´s a radar can deal with at one time. We
call this saturation of a radar.
class Radar
values
maxFOs : nat1 = 4;
instance variables
range
: nat1;
detected : set of FO
…
operations
public saturatedRadar : () ==> bool
saturatedRadar() ==
return card detected > range / maxFOs;
end Radar
TIVDM1
Modelling unordered collections
39
Detecting FOs with multiple radars
Some radars will have overlap so it may be interesting to
collect the FOs that are detected by at least 2 radars:
public detectedByTwoRadars : set of Radar -> set of FO
detectedByTwoRadars(radars) ==
dunion {a.getDetected() inter b.getDetected()
| a,b in set radars & a <> b};
FOs that are detected by all radars may also be interesting:
public detectedByAllRadars : set of Radar -> set of FO
detectedByAllRadars(radars) ==
dinter {x.getDetected()
| x in set radars};
TIVDM1
Modelling unordered collections
40
The World Class
class World
instance variables
public static env : [Environment] := nil;
public static timerRef : Timer := new Timer();
operations
public World : () ==> World
World() ==
(env := new Environment("scenario.txt");
env.setAirSpace(MSAW`airspace);
MSAW`atc.addRadar(MSAW`radar1);
MSAW`atc.addRadar(MSAW`radar2);
MSAW`atc.addObstacle(MSAW`militaryZone));
public Run : () ==> ()
Run() == env.Run();
end World
TIVDM1
Modelling unordered collections
41
The Environment Class (1)
class Environment is subclass of GLOBAL
operations
public Environment : String ==> Environment
Environment(fname) ==
def mk_(-,input) = io.freadval[seq of inline](fname)
in
inlines := input;
public Run : () ==> ()
Run() ==
(while not isFinished()
do
(updateFOs();
MSAW`atc.Step();
World`timerRef.StepTime();
);
showResult()
);
…
end Environment
TIVDM1
Modelling unordered collections
42
The Environment Class (2)
class Environment is subclass of GLOBAL
operations
updateFOs : () ==> ()
updateFOs() ==
(if len inlines > 0
then (dcl curtime : Time := World`timerRef.GetTime(),
done
: bool := false;
while not done do
def mk_(id,x,y, altitude,pt) = hd inlines
in
if pt <= curtime
then (airspace.updateFO(id,mk_Coordinates(x,y),altitude);
inlines := tl inlines;
done := len inlines = 0 )
else done := true)
else busy := false
);
…
end Environment
TIVDM1
Modelling unordered collections
43
Updating a Flying Objects
Since flying objects move we need to be able to update them:
class AirSpace
public updateFO : Id * Coordinates * Altitude ==> ()
updateFO(id,coord,alt) ==
if FOExists(id,airspace)
then let fo = getFO(id)
in
(fo.setCoordinates(coord);
fo.setAltitude(alt))
else let newfo = new FO(id,coord,alt)
in
airspace := airspace union {newfo}
…
end AirSpace
where we reuse the getFO operation again
TIVDM1
Modelling unordered collections
44
Stepping in ATC
Now all radars needs to have a chance to scan:
class AirTrafficController is subclass of GLOBAL
…
public Step : () ==> ()
Step() ==
(for all r in set radars do
r.Scan(MSAW`airspace);
findThreats();
);
end AirTrafficController
TIVDM1
Modelling unordered collections
45
Agenda
 Set Characteristics and Primitives
 The Minimum Safety Altitude Warning System
 The Robot Controller
TIVDM1
Modelling unordered collections
46
The Robot Controller
• A system for navigating a
robot from a start point, via a
collection of waypoints to a
final destination, where it
performs some task, e.g.,
delivering a payload.
TIVDM1
Modelling unordered collections
47
Existing Subsystems
• Position Sensor: This is used to find the
robot's current location and the direction in
which it is moving.
• Steering Controller: This controls the direction
in which the robot travels.
• Steering Monitor: A system used to ensure
that the steering controller is operating within
known safe boundaries.
TIVDM1
Modelling unordered collections
48
Controller Requirements
1. The robot's current position is always available to the
controller from a position sensor.
2. The robot has a predetermined journey plan based on a
collection of waypoints.
3. The robot must navigate from waypoint to waypoint
without missing any.
4. The robot moves only horizontally or vertically in the
Cartesian plane. It is not physically capable of changing
direction with an angle greater than 90o. Attempts to do
so should be logged.
5. If the robot is off-course, i.e., it cannot find a route to the
next waypoint, it should stop in its current position.
6. The robot is able to detect obstacles in its path.
TIVDM1
Modelling unordered collections
49
Class Diagram for Robot
Controller
TIVDM1
Modelling unordered collections
50
A Collection of Points
• What instance variables should
the Point class have?
• How should the journeyPlan
association between the
Controller and Point be made?
class Point
instance variables
x: nat;
y: nat;
index: nat
end Point
class Controller
instance variables
journeyPlan : set of Point;
end Controller
TIVDM1
Modelling unordered collections
51
Example Journey Plan
{new
new
new
new
new
new
new
TIVDM1
Point(1, 4, 1),
Point(4, 5, 2),
Point(6, 8, 3),
Point(10, 8, 4),
Point(9, 11, 5),
Point(8, 13, 6),
Point(11, 13, 7)}
Modelling unordered collections
52
Getting a Point at a Particular
Index
public static GetPointAtIndex: set of Point * nat ->
Point
GetPointAtIndex(pts, index) ==
find that value p in the set pts where p.GetIndex() equals index
VDM++ Construct:
let x in set s be st predicate on x
in
expression using x
TIVDM1
Modelling unordered collections
53
The GetPointAtIndex Operation
public static GetPointAtIndex: set of Point * nat ->
Point
GetPointAtIndex(pts, index) ==
let p in set pts be st p.GetIndex() = index
in
p
pre exists p in set pts & p.GetIndex() = index;
TIVDM1
Modelling unordered collections
54
Checking Coordinates
• What is the value of:
• new Point(1,1,1) in set {new Point(1,1,1)}
• Assume we have an operation inside Point:
• GetCoord: () ==> nat * nat
• How can we then test whether a waypoint has been
reached?
• wp.GetCoord() in set {o.GetCoord()|o in set obs}
TIVDM1
Modelling unordered collections
55
Arriving at a Waypoint
•
journeyPlan desirable index properties
1. Next waypoint has index 1
2. Final waypoint has index equal to number of
waypoints
3. Indices are numbered consecutively
•
Modeled as invariant inside Controller:
•
TIVDM1
inv {p.GetIndex() | p in set journeyPlan} =
{1,..., card journeyPlan};
Modelling unordered collections
56
Taking a Step on a Journey
• Inside the Point class:
public TakeStep: () ==> Point
TakeStep() ==
( index := index - 1;
return self
)
pre index > 1;
• Inside Route:
static public TakeStep: set of Point -> set of Point
TakeStep(pts) ==
let laterPoints = {pt | pt in set pts
& pt.GetIndex() <> 1}
in
{p.TakeStep() | p in set laterPoints};
TIVDM1
Modelling unordered collections
57
Controlling the Robot
1. Find out the robot's current position.
2. Find out the next waypoint that the robot must visit.
3. If this waypoint has the same location as the current
position then there are two possibilities:
•
•
Either this is the last waypoint, i.e., the robot has reached its
final destination and can therefore complete its journey
or there are further waypoints to visit, in which case the journey
plan must be updated.
Otherwise do nothing.
4. Calculate the commands needed by the steering
controller to get the robot to this next waypoint.
5. Give these commands to the steering controller.
TIVDM1
Modelling unordered collections
58
The Update Operation
Update: () ==> ()
Update() ==
let currentPosition = ins.GetPosition()
in
( if Route`GetPointAtIndex(journeyPlan,1).GetCoord() =
currentPosition.GetCoord()
then
if card journeyPlan = 1
then CompleteJourney()
else
( journeyPlan := Route`TakeStep(journeyPlan);
let obstacles = obs.GetData(),
route
= PlotCourse(obstacles)
in
if route = nil
then emergencyBrake.Enable()
else
def dfps = ComputeDesiredSteerPosition(
ins.GetDirection(),
route.GetPoint(2),
str.GetPosition())
in AdjustSteering(dfps)
)
);
TIVDM1
Modelling unordered collections
59
Neighbours of a Journey Point
class Point
…
public Neighbour: () ==> set of Point
Neighbour () ==
return {new Point(x, y1, index + 1)
| y1 in set {y-1,y+1}
& y1 >= 0} union
{new Point(x1, y, index + 1)
| x1 in set {x-1,x+1}
& x1 >= 0};
end Point
TIVDM1
Modelling unordered collections
60
Plotting a Course
class Controller
…
PlotCourse: set of (nat * nat) ==> [Route]
PlotCourse(obstacles) ==
let nextWaypoint = Route`GetPointAtIndex(journeyPlan, 1),
posRoutes = Route`AvoidanceRoutes(obstacles,
ins.GetPosition(),
nextWaypoint)
in
if posRoutes = {}
then return nil
else ShortestFeasibleRoute(posRoutes);
end Controller
TIVDM1
Modelling unordered collections
61
Avoiding Obstacles
class Route
…
static
public AvoidanceRoutes(
obstacles: set of (nat * nat),
currentPosition: Point,
nextWaypoint: Point) routes:set of Route
post forall r in set routes &
r.GetFirst().GetCoord() =
currentPosition.GetCoord() and
r.GetLast().GetCoord() =
nextWaypoint.GetCoord() and
r.GetCoords() inter obstacles = {};
end Route
Does this work?
TIVDM1
Modelling unordered collections
62
An Invariant for the Route Class
class Route
…
instance variables
points: set of Point;
inv forall p1, p2 in set points &
p1.GetCoord() = p2.GetCoord() => p1 = p2 and
forall p in set points &
p.GetIndex() <> card points
=> GetNext(p).GetCoord() in set
{n.GetCoord() | n in set p.Neighbour()}
end Route
TIVDM1
Modelling unordered collections
63
Summary
• What have I presented today?
•
•
•
•
The notion of sets as unordered collections
The basic operations in VDM++ for manipulating sets
The MSAW system
The robot controller example
• What do you need to do now?
• Continue with your project
• Present your status to all of us
• Read chapter 7 before next lecture
TIVDM1
Modelling unordered collections
64
Quote of the day
Do not worry about your difficulties in Mathematics.
I can assure you mine are still greater.
By Albert Einstein
(1879 - 1955)
TIVDM1
Modelling unordered collections
65

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz