【正文】 c o r d t h e l a s t 3 r e a d i n g s t a k e nc a p a c i t y : a l a r m ! : { o f f , o n }p u m p ! : d i s p l a y 1 ! , d i s p l a y 2 ! : S T R I N Gd o s e ? c a p a c i t y ? d o s e ? 5 ? c u m u l a t i v e _ d o s e ? 5 0c a p a c i t y 4 0 ? d i s p l a y 1 ! = c a p a c i t y ? 3 9 ? c a p a c i t y 1 0 ? d i s p l a y 1 ! = I n s u l i n l o w c a p a c i t y ? 9 ? a l a r m ! = o n ? ? d i s p l a y 1 ! = I n s u l i n v e r y l o w r 2 = r e a d i n g ?169。Ian Sommerville 2021 Software Engineering, 6th edition. Chapter 9 Slide 35 The dosage putation ? The insulin pump putes the amount of insulin required by paring the current reading with two previous readings ? If these suggest that blood glucose is rising then insulin is delivered ? Information about the total dose delivered is maintained to allow the safety check invariant to be applied ? Note that this invariant always applies there is no need to repeat it in the dosage putation 169。Ian Sommerville 2021 Software Engineering, 6th edition. Chapter 9 Slide 36 DOSAGE schema D O S A G E? I n s u l i n _ P u m p(d o s e = 0 ??? (? ? r 1 r 0 ) ? ? ( r 2 = r 1 ) ) ?( ( r 1 r 0 ) ? ( r 2 ? r 1 ) ) ?( ( r 1 r 0 ) ? ( ( r 1 r 2 ) ( r 0 r 1 ) ) ) ) ? d o s e = 4 ? ( ( ( r 1 ? r 0 ) ? ( r 2 = r 1 ) ) ? ( ( r 1 r 0 ) ? ( ( r 1 r 2 ) ? ( r 0 r 1 ) ) ) ) ?d o s e = ( r 2 r 1 ) * 4 ? (( ( r 1 ? r 0 ) ? ( r 2 r 1 ) ) ?( ( r 1 r 0 ) ? ( ( r 2 r 1 ) ( r 1 r 0 ) ) ) ))c a p a c i t y 39。 = c a p a c i t y d o s ec u m u l a t i v e _ d o s e 39。 = c u m u l a t i v e _ d o s e + d o s er 0 39。 = r 1 ? ? r 1 39。 = r 2169。Ian Sommerville 2021 Software Engineering, 6th edition. Chapter 9 Slide 37 Output schemas ? The output schemas model the system displays and the alarm that indicates some potentially dangerous condition ? The output displays show the dose puted and a warning message ? The alarm is activated if blood sugar is very low this indicates that the user should eat something to increase their blood sugar level 169。Ian Sommerville 2021 Software Engineering, 6th edition. Chapter 9 Slide 38 Output schemas D I S P L A Y? I n s u l i n _ P u m pd i s p l a y 2 ! 39。 = N a t _ t o _ s t r i n g ( d o s e ) ?( r e a d i n g ? 3 ? d i s p l a y 1 ! 39。 = S u g a r l o w ?r e a d i n g ? 3 0 ? d i s p l a y 1 ! 39。 = S u g a r h i g h ?r e a d i n g ? 3 a n d r e a d i n g ? ? 3 0 ? d i s p l a y 1 ! 39。 = O K )A L A R M? I n s u l i n _ P u m p( r e a d i n g ? 3 ? r e a d i n g ? 3 0 ) ? a l a r m ! 39。 = o n ??? ? r e a d i n g ? 3 ? ?r e a d i n g ? ? 3 0 ) ? a l a r m ! 39。 = o f f169。Ian Sommerville 2021 Software Engineering, 6th edition. Chapter 9 Slide 39 Schema consistency ? It is important that schemas are consistent. Inconsistency suggests a problem with the system requirements ? The INSULIN_PUMP schema and the DISPLAYare inconsistent ? display1! shows a warning message about the insulin reservoir (INSULIN_PUMP) ? display1! Shows the state of the blood sugar (DISPLAY) ? This must be resolved before implementation of the system 169。Ian Sommerville 2021 Software Engineering, 6th edition. Chapter 9 Slide 40 Key points ? Formal system specification plements informal specification techniques ? Formal specifications are precise and unambiguous. They remove areas of doubt in a specification ? Formal specification forces an analysis of the system requirements at an early stage. Correcting errors at this stage is cheaper than modifying a delivered system 169。Ian Sommerville 2021 Software Engineering, 6th edition. Chapter 9 Slide 41 Key points ? Formal specification techniques are most applicable in the development of critical systems and standards. ? Algebraic techniques are suited to interface specification where the interface is defined as a set of object classes ? Modelbased techniques model the system using sets and functions. This simplifies some types of behavioural specification