Correct By Design

1 Correct By Design

Correct By Design i.e., "Correct By Intention/Effort" is a core idea of this course.
How do we judge if a design is "correct"?
1. Particularly, in the absence of specs? [Cannot]
2. Is it a judge/jury system? [Yes]
A design D satisfies/ meets a spec S
1. This can be precisely stated, S \(\models\) D
A spec S is consistent with a requirements document R
1. This will remain in the judge/jury system.

Def: D "satisfies" S, notationally S \(\models\) D. Every property of specs S can be observed in D. Not necessarily vice versa.
S is written in a spec language, SL
D is written in a design language, DL
SL and DL: Plenty in research literature, but not in wide use
S \(\models\) D₁, S \(\models\) D₂, …, S \(\models\) D_n, … [Multiple designs meet a spec S]
We will use: Discrete math and Logic.

Design D satisfies Spec S, S \(\models\) D
D2 refines D1 versus D2 is an alternate design cf D1
1. refines: provides more detail
2. refines: gets closer to the implementation language
3. alternate: explores a different design idea
4. alternate: better in some spec axes, worse in others
Design Levels S \(\models\) D1 \(\models\) D2 | … \(\models\) Dn \(\models\) I
1. In general, this is a tree with many leaves
2. Siblings are alternates.
3. One path from the root to an implementation: S \(\models\) D1 \(\models\) D2 | … \(\models\) Dn \(\models\) I
Implementation I: Source Code in a PL
Can/Should we have levels in Specs? Yes! S \(\models\) S1 \(\models\) S2 … \(\models\) Sk