tr1413 validation process

1

TR1413: Discrete TR1413: Discrete Mathematics For Computer Mathematics For Computer

ScienceScience

Lecture 26&27: Lecture 26&27: Validation ProcessValidation Process

2

IntroductionIntroduction• A Z formal specification is a mathematical

system.• It consists of • Undefined terms• Define terms• Axioms – in the form of state schemas and

operation schemas.

3

IntroductionIntroduction• A mathematical system needs to be validated

to ensure that it is complete and consistent.• Validation of a Z specification can be done by:1.Proving of the initial state theorem2.Calculating preconditions3.Proof of properties

– Prov

– P

4

Initial State TheoremInitial State Theorem• There exists at least one state for the

system

5

Initial State TheoremInitial State Theorem• There exists at least one state for the

system• The example of the state is initial

state.

6

Initial State TheoremInitial State Theorem• There exists at least one state for the

system• The example of the state is initial

state.

7

Initial State TheoremInitial State Theorem• There exists at least one state for the

system• The example of the state is initial

state.

Prove the above theorem

8

Initial State TheoremInitial State Theorem

[ expand schema InitialCarPark ]

9

Initial State Theorem

[schema CarPark is redundant,

10

Initial State Theorem

[schema CarPark is redundant, remove the second schema ]

11

Initial State TheoremInitial State Theorem

[ expand schema CarPark ]

12

Initial State TheoremInitial State Theorem

[ expand schema CarPark ]

13

Initial State TheoremInitial State Theorem

[ use ( D | P Q ) ( D P Q ), therefore, ]

14

Initial State TheoremInitial State Theorem

[ use ( D | P Q ) ( D P Q ), therefore, ]

15

Initial State TheoremInitial State Theorem

[ apply One Point Rule, ]

16

Initial State TheoremInitial State Theorem

[ apply One Point Rule, ]

17

Initial State TheoremInitial State Theorem

[ apply One Point Rule, , therefore.. ]

true

18

Initial State TheoremInitial State Theorem

[ apply One Point Rule, , therefore.. ]

From Library of laws, L11, true

19

Initial State TheoremInitial State Theorem

[ apply One Point Rule, , therefore.. ]

true

20

Initial State TheoremInitial State Theorem

[ apply One Point Rule, , therefore.. ]

From axiomatic description

21

Initial State TheoremInitial State Theorem

[ apply One Point Rule, , therefore.. ]

true

22

Initial State TheoremInitial State Theorem

[ apply One Point Rule, , therefore.. ]

This proves that there exists a state for the system.

23

SummarySummary[ expand schema Initial State Schema ]

[ expand state schema]

[ use ( D | P Q ) ( D P Q ) ]

[ apply One Point Rule, ]

[ Conclusion ]

24

ExerciseExercise• Prove initialisation theorems for all

your case studies.• If you have not written any initial

schema, write it now…

25

Precondition calculationPrecondition calculation

Which states it can be successfully applied?

Does it provide a total interface?

26

Precondition calculationPrecondition calculationExample:

Calculating the precondition of schema OrdinaryDepartureOK

Given the schema as follows:

27

Precondition CalculationPrecondition CalculationExpand the schema, we get:

28

Precondition CalculationPrecondition CalculationExpand the schema, we get:

29

Precondition CalculationPrecondition CalculationWrite PreSchema, that is by hiding the after state variables (prime) and output variables.‘Hiding’ means remove the variables from the declaration part andquantify the variables using existential quantifier.

30

Precondition CalculationPrecondition CalculationWrite PreSchema, that is by hiding the after state variables (prime)and output variables.‘Hiding’ means remove the variables from the declaration part andquantify the variables using existential quantifier.

31

Precondition CalculationPrecondition CalculationWrite PreSchema, that is by hiding the after state variables (prime)and output variables.‘Hiding’ means remove the variables from the declaration part andquantify the variables using existential quantifier.

By using One Point Rule, we get ….

32

33

34

35

Simplify the schema above, we get ….

36

Simplify the schema above, we get ….

37

The above is the simplified version of the schema.Therefore, we can say that for an ordinary car to be successfullydepart, the state should be:• the number of ordinary cars in the car park should be at least one and should not be greater than the car park capacity.

38

SummarySummaryWrite the schema.

Expand the schema.

Write its PreSchema, (that is by hiding all prime variables and output variables.)

Use One Point Rule

Simplify the schema

Conclusion

39

ExerciseExerciseTake one example of schema operation/observation from each of your case study and calculate its precondition.

40

TotalityTotalityDoes it provide a total interface?

An operation is total if it is defined on every state which satisfies the state invariant.

The operation OrdinaryDepartureOK is not total, because it does not say what happens when ordinaryCars = 0.

However, we have specified the total operation of an ordinarydeparting in schema OrdinaryDeparture.

Prove that schema OrdinaryDeparture is total.

Proof of PropertiesProof of Properties

41

Every mathematical system must have certain properties.Similarly, since a formal specification is a mathematical system it must have some properties.Completeness of a formal specification can be shown by showing that these properties can be derived from the specification.

Proof of PropertiesProof of Properties

42

In CarPark System:1.If an ordinary car arrive, then the number of ordinary car in the car park increases by one.2.If an ordinary car leave the car park, number of ordinary car in the car park reduces by one.3.an entrance of a pass holder will increase the number of pass holders in used by one and will not change the number of ordinary cars in the car park.

43

Proof of PropertiesProof of Properties

Prove that an entrance of a pass holder will increase the number ofpass holders in used by one and will not change the number of ordinary cars in the car park.

Write the above statement in theorem form, i.e, hypothesis conclusion :

44

Proof of PropertiesProof of Properties

Prove that an entrance of a pass holder will increase the number ofpass holders in used by one and will not change the number of ordinary cars in the car park.

Write the above statement in theorem form, i.e, hypothesis conclusion :

45

Prove that an entrance of a pass holder will increase the number ofpass holders in used by one and will not change the number of ordinary cars in the car park.

Write the above statement in theorem form, i.e, hypothesis conclusion :

46

[ Expand schema PassEntryOK ]

Given schema PassEntryOK as follows:

47

[ Expand schema PassEntryOK ]Therefore,

48

[ Expand schema PassEntryOK ](we may not need to fully expand the schema )

49

[ Expand schema PassEntryOK ](we may not need to fully expand the schema )

[ Start the proving…., prove what?]

50

From hypothesis:

51

From hypothesis:and:

52

From hypothesis:and:

Therefore, we can conclude that:

It is also known that:

53

From hypothesis:

54

From hypothesis:

Therefore, we can conclude that:

55

SummarySummaryWrite the property of a specification in natural language

Transform the above statement in theorem form

Prove the theorem

56

ExerciseExerciseDiscuss with your friends, properties that should be in your specifications. You may want to refer to your ‘table’.

Prove the existence of the properties in the related specification.