### Specification
1. Need to know what a program is supposed to do before you begin to write it
1. Called a specification, may come from
    1.  cusotmer
    1. the end user
    1. analyst team
1. might be provided in 
    1. informal text
    1. in a structured document
    1. using a formal mathematical notation
1. This class focuses on precise specification using mathematical notations

### FOL
1. Use two notations
    1. Mathematical logic
        1. first order logic (FOL)
        1. predicate calculus
    1. OCL
1. First Order Logic
1. Enables you to precisely express propositions, combine them and quantify them

### OCL
1. Object Constraint language, part of UML 
1. Provides a syntax for FOL that can be used to annotate UML diagrams

### Sorting
1. Simple example
1. Specify a program that could sort vectors of inegers in ascending order
1. SORT takes an input argument named X and it returns another vector of integers Y

#### Input type
1. Did your specification state what the input looked like?
1. Program would allow the vector <Apples, Oranges, Rambutan, Physalis, Pepino> to be sorted in meaningful way
1. Given is a vector of integers named X
1. Output is a vector of integers named Y
1. Did your specification  indicate taht Y was ordered in ascending order?

### Circularity
1. Did your specification use the word "sort"?
1. Run the risk of having a circular definition: "sort" is defined with "sort".

### SORT in English
1. One answer addressing these issues:
    1. Given is a vector of integers named X
    1. Produced is a vector of integers named Y
    1. The output vector Y must be ordered
    1. The contents of Y must be the "same as" the contents of X
        1. Everything in X must be in Y
        1. Everything in Y must have come from X
        1. The number of occurrences of each item in Y must be the same as its number of occurences in X

## In mathmatical Notations
### Process
1. First Order Logic used to avoid these kinds of problems
1. Typically break the specification into three pieces
    1. the signature
        1. Gives 
            1. the name of the program
            1. the names and types of the input arguments
            1. the name and type of the results
        1. For SORT, the signature looks like the following
            1. Vector\<int> Y = SORT<Vector\<int> X)
        1. SORT takes a single argument named X that has the datatype Vector\<int> and produces a result Vector Y
        1. X and Y have explicit names so we can use them in the pre and post conditions
        1. int could actually be any data type which supports a comparison (>) operator
    1. the precondition 
    1. the postcondition

![image.png](attachment:image.png)
Real Y = SQRT(Real X)

### Precondition
1. takes the form of an assertion about the function's input arguments
1. check if the inputs are valid
1. the set of those conditions is the precondition of the funtion's execution

### Postconditions
1. Says what must be true about the output produced by a function
1. Expressing how the output relates the input

![image.png](attachment:image.png)
A, B

#### Comments on Postconditions
1. So far, we have only been concerned with pure functions
1. A pure function is one in which the output is completely determined by the input
1. However, in real programming languages, computational units like functions, procedures and methods may be impure. 
1. For impure functions, in addition to describing how the output relates to the input, you should also indicate any side effects
1. These include changes to global variables and side effects like input or output.

#### Postconditions for SORT
1. We would now like to revisti our natural language specification of sort and indicate how it might be expressed in FOL
1. Recall that once we removed the statements about data types, it looked like the following:
    1. The output vector Y must be ordered
    1. The contents of Y must be the "same as" the contents of X
        1. Everything in X must be in Y
        1. Everything in Y must have come from X
        1. The number of occurrences of each item in Y must be the same as its number of occurences in X
        ![image.png](attachment:image.png)

### ORDERED

![image.png](attachment:image.png)
A

### Thrid step: the post condition for ordered
#### ORDERED Postcondition
1. in predicate logic:
    1. &forall;: 1<=i<|Y| * Y[i]<=Y[i+1]	
1. For all positions in Y from the first through the one before the last, the value stored in the vector at that position is no greater than the value stored at the next position
1.  &forall;: reads "for all"
1. Vectors have an indexing operation []
1. Indexing of Vectors  starts from 1
1. |Y| is the length of Y


![image.png](attachment:image.png)
Bool Y = RORDERED(Vector\<int>X)

1. Postcondition
    1. &forall;: 1<=i<|X| * X[i]<=X[i+1]	

 ### SAME_ELEMENTS_AS
 1. Bool Z = SAME_ELEMENTS_AS(Vector\<int> X, Vector\<int> Y)
 1. |X| = |Y|

### Permutation
1. predefined mathematical construct 
1. X has the same elements as Y if the elements of X are a permutation of the elements of Y 
1. Permutation is a well-defined mathematical property
1. Build a formal specification in FOL for the Permutation function 

![image.png](attachment:image.png)

1. Bool Z = PERMUTATION(Vector<int>X, Vector<int>Y)
1. Postcondition
    1. break down the specification of permutation into several different special cases. Typical approach for tricky specifications or even for tricky programs
    1. The first case is that both Vectors are empty
    1. If the Vectors do have elements, then there are two more cases depending on whether or not the first element in X and Y are identical
    1. The second case: the determination of whether X and Y are permutations biols down to whether or not the tails of X and Y are permutations
        1. The tail of a Vector is everything except the first element
        1. In FOL this becomes:
            1. |X| > 0 ^ X[1] = Y[1] ^ Permutation(tail(X), tail(Y)) => Permutation(X,Y)
        1. Note that this is a recursive definition - defining permutations in terms of themselves
    1. The third case: if the first elements don't match
        1. In this case divide Y up into three pieces, depending on where in the Vector Y the first element of X (X[1]) occurs
        1. It occurs at position j, where j is greater than 1 and no larger than the length of Y
        1. three segments will be
            1. all of the elements from the first up to but not include the jth
            1. jth position all by itself
            1. j plus first position all teh way to the nth position
        1. stated in logic, we have the following 
            1. &exist;j: 1<j<=|Y| * (X[1] = Y[j])
            1. Already checked for equality between X[1] and Y[j]
            1. Now we want to recurse on the rest
            1. the rest of X is tail(X)
            1. Pasting
                1. the rest of Y comes from pasting together the first segment of Y and the third segment of Y
                1. Pasting together is accomplished by the concatenation operation on Vectors (&frown;)
                1. Y[1 .. j-1] &frown; Y[j+1..|Y|]
                1. Permutation (tail(X), (Y[1 .. j-1] &frown; Y[j+1..|Y|])) 

### All together
![image.png](attachment:image.png)

### OCL
1. Expressed specifications in first order logic
1. UML includes a variant of FOL called the Object Constraint Language 
1. Cover OCL in more detail in subsequent lessons
![image-2.png](attachment:image-2.png)

### Notes
1. Uses the vertical bar "|" to separate the designation of the variable i from the proposition
1. The limitation on the value of i appear as part of the proposition
1. The limitations on the value of i are separated from the proposition itself by the use of the "implies" OCL keyword
1. Used OCL's built in SEQUENCE class instead of Vectors

### Summary
1. Sometimes you need a means to precisely express exactly what funcionality is required by a system
1. A variety of formal languages and tools exists for writing such specifications
1. The effort can save a lot of rework resultnig from misunderstood requirements