diff --git a/pub/dissertation/chapters/design.tex b/pub/dissertation/chapters/design.tex index a6c8895..cd43002 100644 --- a/pub/dissertation/chapters/design.tex +++ b/pub/dissertation/chapters/design.tex @@ -43,33 +43,67 @@ chapter. %%%%% FORMAL METHOD %%%%% \section{Formal Method} -\begin{itemize} - \item Formal modelling is the heart of the logic for testing checklists - \item Formal model created using VDM-SL - \item It allows to test that the checklists have been completed properly - - and that it is provable - \item Model keeps track of - \begin{itemize} - \item Aircraft state - \item Checklist state - \end{itemize} - \item If an error were to occur in the model, this can be relayed that there was - something wrong with running the test for the checklist, such as: - \begin{itemize} - \item Procedure compromises integrity of aircraft - \item There is not enough time to complete the procedure - \item There is a contradiction with the steps of the checklist - \end{itemize} -\end{itemize} +% \begin{itemize} +% \item Formal modelling is the heart of the logic for testing checklists +% \item Formal model created using VDM-SL +% \item It allows to test that the checklists have been completed properly +% - and that it is provable +% \item Model keeps track of +% \begin{itemize} +% \item Aircraft state +% \item Checklist state +% \end{itemize} +% \item If an error were to occur in the model, this can be relayed that there was +% something wrong with running the test for the checklist, such as: +% \begin{itemize} +% \item Procedure compromises integrity of aircraft +% \item There is not enough time to complete the procedure +% \item There is a contradiction with the steps of the checklist +% \end{itemize} +% \end{itemize} +Formal modelling is the heart of the logic for testing checklists in this project +and is created using VDM-SL. +The formal model is the logic behind the actions of running through a checklist +and checking if the checklist has been completed in the correct manner. + +To be able to check that the checklist has been properly completed, +the formal model keeps track of aircraft states, such as what state each switch +in the aircraft is in; and the state of the checklist, such as what steps in the +checklist has been completed. + +As there are invariants, pre-, and post-conditions, which are used for setting +well-formedness conditions for types or functions, provide type and input safety, +which will result in an error when broken. This is useful to make sure that +the actions taken when completing the checklist is done correctly, such as making +sure that a switch that may have 3 possible states is moved in properly, such as +moving from off, middle, to on in order, rather than skipping from off to on. +The cases where errors would occur is when these well-formed conditions are broken, +which can be a sign that the checklist has been completed incorrectly, such as +when the checklist is not completed in order, could signify that a step in the checklist +failed, which could mean that the step in the checklist is problematic. \subsubsection{Testing} -\begin{itemize} - % TODO add references - \item Since VDMJ version 4.5, it provides the QuickCheck tool - \item This allows for providing counter examples to the model - \item The counter examples were helpful to create pre and post conditions - to avoid any unexpected results from the model -\end{itemize} +% \begin{itemize} +% % TODO add references +% \item Since VDMJ version 4.5, it provides the QuickCheck tool +% \item This allows for providing counter examples to the model +% \item The counter examples were helpful to create pre- and post-conditions +% to avoid any unexpected results from the model +% \end{itemize} + +Making sure that the formal model does not have well-formed conditions that can +be broken by the formal model itself is important, as the goal of the formal model +is to have a rigorous specification that is verifiable. + +Since \textit{VDMJ} version 4.5.0, the VDM interpreter has included the \textit{QuickCheck} tool,~\cite{vdmj:4.5.0} +which is an automated testing tool to prove and find counter examples to specifications.~\cite{quickcheck} + +There were multiple counter examples that was produced by \textit{QuickCheck} that aided +the development of the formal model, as the \lstinline|qc|\footnote{The command to run \textit{QuickCheck} on the formal model in \textit{VDMJ}} +command in \textit{VDMJ} every time a new function was created to find potential counter +examples and fix them. +Checking every time when creating a new function was useful as it would avoid having to +refactor more of the model. %%%%% CHECKLIST TESTER %%%%% diff --git a/pub/dissertation/dissertation.pdf b/pub/dissertation/dissertation.pdf index d0f56c0..64bf5a0 100644 Binary files a/pub/dissertation/dissertation.pdf and b/pub/dissertation/dissertation.pdf differ diff --git a/pub/dissertation/references.bib b/pub/dissertation/references.bib index 1b26692..5cf43f4 100644 --- a/pub/dissertation/references.bib +++ b/pub/dissertation/references.bib @@ -328,6 +328,13 @@ of Emergency and Abnormal Checklists}, urldate = {2024-04-21}, } +@online{vdmj:4.5.0, + author = {Nick Battle}, + title = {Release 4.5.0 Release · nickbattle/vdmj}, + url = {https://github.com/nickbattle/vdmj/releases/tag/4.5.0-release}, + urldate = {2024-05-22}, +} + @online{vdmj:license, author = {Nick Battle}, title = {vdmj/LICENCE at master · nickbattle/vdmj}, @@ -351,6 +358,17 @@ of Emergency and Abnormal Checklists}, urldate = {2024-05-14}, } +@article{quickcheck, +author = {Claessen, Koen and Hughes, John}, +year = {2002}, +month = {06}, +pages = {}, +title = {Testing Monadic Code with QuickCheck}, +volume = {37}, +journal = {Proceedings of the 2002 ACM SIGPLAN Haskell Workshop}, +doi = {10.1145/636517.636527} +} + @online{xpc:pom, author = {Mike Frizzell}, title = {Maven Folder Structure Re-org by frizman21 · Pull Request \#227 ·