the z specication language - kitbeckert/teaching/spezifikation-ss04/11z.pdf · the z specication...

78
Formal Specification of Software The Z Specification Language Bernhard Beckert U NIVERSITÄT KOBLENZ -L ANDAU B. Beckert: Formal Specification of Software – p.1

Upload: others

Post on 30-Oct-2019

13 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Formal Specification of Software

The Z Specification Language

Bernhard Beckert

UNIVERSITÄT KOBLENZ-LANDAU

B. Beckert: Formal Specification of Software – p.1

Page 2: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

The Z Specification Language

Based on

Typed first-order predicate logic

Zermelo-Fraenkel set theory

Rich notation

Invented/developed by

J.-R. Abrial, Oxford University Computing Laboratory

International standard

ISO/IEC JTC1/SC22

B. Beckert: Formal Specification of Software – p.2

Page 3: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

The Z Specification Language

Based on

Typed first-order predicate logic

Zermelo-Fraenkel set theory

Rich notation

Invented/developed by

J.-R. Abrial, Oxford University Computing Laboratory

International standard

ISO/IEC JTC1/SC22

B. Beckert: Formal Specification of Software – p.2

Page 4: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

The Z Specification Language

Tools

LATEX style

Type checker

Z/Eves deduction system

But

No tools for simulation/execution/testing

B. Beckert: Formal Specification of Software – p.3

Page 5: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Built-in Operators

Logical operators

¬ negation

∧ conjunction

∨ disjunction

⇒ implication (note: not →)

⇔ equivalence (note: not ↔)

Equality

= equality

On all types (but not predicates)

B. Beckert: Formal Specification of Software – p.4

Page 6: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Built-in Operators

Quantification

Q x1 : S1; . . . ; xn : Sn | p • q

where Q is one of ∀ ∃ ∃1

Meaning

∀x1 : S1; . . . ; xn : Sn(p ⇒ q) resp.∃x1 : S1; . . . ; xn : Sn(p ∧ q)

Abbreviation

∀x : T • q for ∀x : T | true • q

B. Beckert: Formal Specification of Software – p.5

Page 7: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Notation for Sets

Enumeration

{e1, . . . , en}

The set of type-compatible elements e1, . . . , en

Example

{3, 5, 8, 4}

B. Beckert: Formal Specification of Software – p.6

Page 8: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Notation for Sets

Set comprehension

{x : T | pred(x) • expr(x)}

The set of all elements that result from evaluating expr(x)for all x of type T for which pred(x) holds

Example

{x : Z | prime(x) • x ∗ x}

The set of all squares of prime numbers

B. Beckert: Formal Specification of Software – p.7

Page 9: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Notation for Sets

Abbreviation

{x : T | pred(x)} for {x : T | pred(x) • x}

Example

N = {x : Z | x ≥ 0}

The empty set

∅ = {x : T | false}

Note:

∅ = ∅[T] is typed

B. Beckert: Formal Specification of Software – p.8

Page 10: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Set Operations

∈ element-of relation

⊆ subset relation

S1 and S2 must have the same type

S1 ⊆ S2 ⇔ (∀x : S1 | x ∈ S2)

P power set operator

S′ ∈ P S ⇔ S′ ⊆ S

× cartesian product

(x1, . . . , xn) ∈ S1 × . . .× Sn ⇔ (x1 ∈ S1 ∧ . . . ∧ xn ∈ Sn)

B. Beckert: Formal Specification of Software – p.9

Page 11: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Set Operations

∪,∪ union

Involved sets must have the same type T

x ∈ S1 ∪ S2 ⇔ (x ∈ S1 ∨ x ∈ S2)

x ∈∪S ⇔ (∃S′ : T • x ∈ S′)

∩,∩ intersection

\ set difference

B. Beckert: Formal Specification of Software – p.10

Page 12: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Types

Pre-defined types

Z with constants: 0, 1, 2, 3, 4, . . .functions: +,−,∗, /predicates: <,≤,>,≥

Sets

Every set can be used as a type

Basic types (given sets)

Example

[Person]

B. Beckert: Formal Specification of Software – p.11

Page 13: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Free Type Definitions

Example

weekDay ::= mon | tue | wed | thu | fri | sat | sun

Example

Tree ::= leaf 〈〈Z〉〉 | node〈〈Tree × Tree〉〉

Meaning

[Tree] generated by leaf , node

∀x1, y1, x2, y2 : Tree | node(x1, y1) = node(x2, y2) • (x1 = x2 ∧ y1 = y2)∀x1, x2 : Z | leaf (x1) = leaf (x2) • x1 = x2∀x : Z; y, z : Tree • leaf (x) 6= node(y, z)

Note: Generatedness is not expressible in first-order logicB. Beckert: Formal Specification of Software – p.12

Page 14: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Compound Types

Set type: P T

The type of sets of elements of type T

Cartesian product type: T1 × · · · × Tn

The type of tuples (t1, . . . , tn) with ti ∈ Ti

B. Beckert: Formal Specification of Software – p.13

Page 15: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Types: Overview

Possible type definitions

T = Z

T = [Type]

T ::= . . . (free type)

T = P T′

T = T1 × · · · × Tn

Note

All types are disjoint (not for sets that are used as types)

All terms have a unique type

B. Beckert: Formal Specification of Software – p.14

Page 16: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Types: Overview

Possible type definitions

T = Z

T = [Type]

T ::= . . . (free type)

T = P T′

T = T1 × · · · × Tn

Note

All types are disjoint (not for sets that are used as types)

All terms have a unique type

B. Beckert: Formal Specification of Software – p.14

Page 17: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Variables

Variable declarations

Example

x : Z

sold : P Seat

Variables can range over types and over sets

B. Beckert: Formal Specification of Software – p.15

Page 18: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Syntactical Abbreviations

Abbreviations

must not be recursive

can be generic

Examples

numberPairs == Z×Z

pairWithNumber[S] == Z× S

Note

Type variables are “meta-variables” (cannot be quantified)

B. Beckert: Formal Specification of Software – p.16

Page 19: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Abbreviations vs. Generated Types

weekDay1 == {mon, tue, wed, thu, fri, sat, sun}

vs.

WeekDay2 ::= mon | tue | wed | thu | fri | sat | sun

Not the same

Type definition implies elements to be different

B. Beckert: Formal Specification of Software – p.17

Page 20: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Abbreviations vs. Generated Types

weekDay1 == {mon, tue, wed, thu, fri, sat, sun}

vs.

WeekDay2 ::= mon | tue | wed | thu | fri | sat | sun

Not the same

Type definition implies elements to be different

B. Beckert: Formal Specification of Software – p.17

Page 21: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Axiomatic Definitions

Form of an axiomatic definition

SymbolDeclarations

ConstrainingPredicates

Example

N1 : PZ

∀ z : Z • (z ∈ N1 ↔ z ≥ 1)

B. Beckert: Formal Specification of Software – p.18

Page 22: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Relations

Relation types/sets

S ↔ T is the type/set of relations between types/sets S and T

S ↔ T = P(S × T)

Notation

a 7→ b for (a, b) if (a, b) ∈ S ↔ T

B. Beckert: Formal Specification of Software – p.19

Page 23: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Operations on Relations

Domain dom R

dom R = {a : S, b : T | a 7→ b ∈ R • a}

Range ran R

ran R = {a : S; b : T | a 7→ b ∈ R • b}

Restrictions of relations

S′C R = {a : S; b : T | a 7→ b ∈ R ∧ a ∈ S′ • a 7→ b}

R B T′= {a : S; b : T | a 7→ b ∈ R ∧ b ∈ T′ • a 7→ b}

S′ −C R = {a : S; b : T | a 7→ b ∈ R ∧ a 6∈ S′ • a 7→ b}

R −B T′= {a : S; b : T | a 7→ b ∈ R ∧ b 6∈ T′ • a 7→ b}

B. Beckert: Formal Specification of Software – p.20

Page 24: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Operations on Relations

Domain dom R

dom R = {a : S, b : T | a 7→ b ∈ R • a}

Range ran R

ran R = {a : S; b : T | a 7→ b ∈ R • b}

Restrictions of relations

S′C R = {a : S; b : T | a 7→ b ∈ R ∧ a ∈ S′ • a 7→ b}

R B T′= {a : S; b : T | a 7→ b ∈ R ∧ b ∈ T′ • a 7→ b}

S′ −C R = {a : S; b : T | a 7→ b ∈ R ∧ a 6∈ S′ • a 7→ b}

R −B T′= {a : S; b : T | a 7→ b ∈ R ∧ b 6∈ T′ • a 7→ b}

B. Beckert: Formal Specification of Software – p.20

Page 25: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Operations on Relations

Inverse relation R−1

R−1= {a : S; b : T | a 7→ b ∈ R • b 7→ a}

Composition R o9 R′ R : S ↔ T and R′ : T ↔ U

R o9 R′

= {a : S; b : T; c : U | a 7→ b ∈ R ∧ b 7→ c ∈ R′ • a 7→ c}

Closures R : S ↔ S

iteration Rn= R o

9 Rn−1

identity R0= {a : S | true • a 7→ a}

refl./trans. R∗=∪{n : N | true • Rn}

transitive R+=∪{n : N | n ≥ 1 • Rn}

symetric Rs= R ∪ R−1

reflexive Rr= R ∪ R0

B. Beckert: Formal Specification of Software – p.21

Page 26: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Operations on Relations

Inverse relation R−1

R−1= {a : S; b : T | a 7→ b ∈ R • b 7→ a}

Composition R o9 R′ R : S ↔ T and R′ : T ↔ U

R o9 R′

= {a : S; b : T; c : U | a 7→ b ∈ R ∧ b 7→ c ∈ R′ • a 7→ c}

Closures R : S ↔ S

iteration Rn= R o

9 Rn−1

identity R0= {a : S | true • a 7→ a}

refl./trans. R∗=∪{n : N | true • Rn}

transitive R+=∪{n : N | n ≥ 1 • Rn}

symetric Rs= R ∪ R−1

reflexive Rr= R ∪ R0

B. Beckert: Formal Specification of Software – p.21

Page 27: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Operations on Relations

Inverse relation R−1

R−1= {a : S; b : T | a 7→ b ∈ R • b 7→ a}

Composition R o9 R′ R : S ↔ T and R′ : T ↔ U

R o9 R′

= {a : S; b : T; c : U | a 7→ b ∈ R ∧ b 7→ c ∈ R′ • a 7→ c}

Closures R : S ↔ S

iteration Rn= R o

9 Rn−1

identity R0= {a : S | true • a 7→ a}

refl./trans. R∗=∪{n : N | true • Rn}

transitive R+=∪{n : N | n ≥ 1 • Rn}

symetric Rs= R ∪ R−1

reflexive Rr= R ∪ R0

B. Beckert: Formal Specification of Software – p.21

Page 28: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Functions

Special relations

Functions are special relations

Notation

Instead of ↔

→ total function

7→ partial function

B. Beckert: Formal Specification of Software – p.22

Page 29: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Functions

Partial functions

f ∈ S 7→ T ⇔

f ∈ S ↔ T ∧∀ a : S, b : T, b′ : T | (a 7→ b ∈ f ∧ a 7→ b′ ∈ f ) • b = b′

Total functions

f ∈ S → T ⇔

f ∈ S 7→ T ∧∀ a : S • ∃ b : T • a 7→ b ∈ f

B. Beckert: Formal Specification of Software – p.23

Page 30: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Functions

Partial functions

f ∈ S 7→ T ⇔

f ∈ S ↔ T ∧∀ a : S, b : T, b′ : T | (a 7→ b ∈ f ∧ a 7→ b′ ∈ f ) • b = b′

Total functions

f ∈ S → T ⇔

f ∈ S 7→ T ∧∀ a : S • ∃ b : T • a 7→ b ∈ f

B. Beckert: Formal Specification of Software – p.23

Page 31: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

λ Notation for Functions

General form

λ a : S | p • e

Example

double : Z 7→ Z

double = λn : Z | n ≥ 0 • n + n

Equivalent to

double : Z 7→ Z

double = {n : N | true • n 7→ n + n}

B. Beckert: Formal Specification of Software – p.24

Page 32: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Prefix and Infix Notation

Notation

Relations and functions can be declared prefix and infix

Parameter positions are indicated with “ ”

Example

even : PZ

∀x : Z • (even x ⇔ (∃y : Z • x = y + y))

Equivalent to

even : PZ

even = {x : Z | (∃y : Z • x = y + y)}

B. Beckert: Formal Specification of Software – p.25

Page 33: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

More Notation for Functions

Notation

7� partial injective function

� total injective function

7→→ partial surjective function

→→ total surjective function

�→ total bijective function

B. Beckert: Formal Specification of Software – p.26

Page 34: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Three Definitions of abs

Relation (in infix notation)

abs : Z ↔ N

∀m : Z, n : N • (m abs n) ↔ (m = n ∨ −m = n)

Function

abs : Z → Z

abs = (λm : Z | m ≤ 0 • −m) ∪ (λm : Z | m ≥ 0 • m)

Function (in prefix notation)

abs : Z 7→ Z

∀x : Z | x ≤ 0 • x = −(abs x)∀x : Z | x ≥ 0 • x = abs x

B. Beckert: Formal Specification of Software – p.27

Page 35: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Three Definitions of abs

Relation (in infix notation)

abs : Z ↔ N

∀m : Z, n : N • (m abs n) ↔ (m = n ∨ −m = n)

Function

abs : Z → Z

abs = (λm : Z | m ≤ 0 • −m) ∪ (λm : Z | m ≥ 0 • m)

Function (in prefix notation)

abs : Z 7→ Z

∀x : Z | x ≤ 0 • x = −(abs x)∀x : Z | x ≥ 0 • x = abs x

B. Beckert: Formal Specification of Software – p.27

Page 36: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Three Definitions of abs

Relation (in infix notation)

abs : Z ↔ N

∀m : Z, n : N • (m abs n) ↔ (m = n ∨ −m = n)

Function

abs : Z → Z

abs = (λm : Z | m ≤ 0 • −m) ∪ (λm : Z | m ≥ 0 • m)

Function (in prefix notation)

abs : Z 7→ Z

∀x : Z | x ≤ 0 • x = −(abs x)∀x : Z | x ≥ 0 • x = abs x

B. Beckert: Formal Specification of Software – p.27

Page 37: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Finite Constructs

Finite subsets of Z

m..n = {n′ : N | m ≤ n′ ∧ n′ ≤ n}

Finite sets

F T consists of the finite sets in P T

[S]F : P(P S)

F = {s : P S | (∃n : N • (∃ f : 1..n �→ s • true))}

B. Beckert: Formal Specification of Software – p.28

Page 38: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Finite Constructs

Finite subsets of Z

m..n = {n′ : N | m ≤ n′ ∧ n′ ≤ n}

Finite sets

F T consists of the finite sets in P T

[S]F : P(P S)

F = {s : P S | (∃n : N • (∃ f : 1..n �→ s • true))}

B. Beckert: Formal Specification of Software – p.28

Page 39: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Finite Sets: Cardinality

Cardinality operator #

[S]# : F S → N

∀ s : F S; n : N • (n = #s ↔ (∃ f : 1..n �→ s • true))

B. Beckert: Formal Specification of Software – p.29

Page 40: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Finite Functions

Notation

7 7→ finite (partial) functions (e.g. arrays)

S 7 7→ T = {f : S 7→ T | dom f ∈ F S}

7 7� finite (partial) injective functions (e.g. duplicate-free arrays)

S 7 7� T = {f : S 7� T | dom f ∈ F S}

B. Beckert: Formal Specification of Software – p.30

Page 41: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Sequences

Definition

seq T == {s : Z 7 7→ T | dom s = 1..#s}

Note

sequences are functions, which are relations, which are sets

the length of s is #s

Notation

The sequence {1 7→ x1, 2 7→ x2, . . . , n 7→ xn}

is written as 〈x1, x2, . . . , xn〉

B. Beckert: Formal Specification of Software – p.31

Page 42: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Sequences

Definition

seq T == {s : Z 7 7→ T | dom s = 1..#s}

Note

sequences are functions, which are relations, which are sets

the length of s is #s

Notation

The sequence {1 7→ x1, 2 7→ x2, . . . , n 7→ xn}

is written as 〈x1, x2, . . . , xn〉

B. Beckert: Formal Specification of Software – p.31

Page 43: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Example: Concatenation of Sequences

s a t ==

s ∪(λn : Z | n ∈ #s + 1..#s + #t • n − #s) o

9 t

B. Beckert: Formal Specification of Software – p.32

Page 44: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Schemata

General form

NameSymbolDeclarations

ConstrainingPredicates

Linear notation

Name =̂ [SymbolDeclarations | ConstrainingPredicates]

B. Beckert: Formal Specification of Software – p.33

Page 45: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Schemata

With empty predicate part

NameSymbolDeclarations

Linear notation

Name =̂ [SymbolDeclarations]

B. Beckert: Formal Specification of Software – p.34

Page 46: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Schemata: Example

Theater tickets

[Seat][Person]

TicketsForPerformance0seating : P Seatsold : Seat 7→ Person

dom sold ⊆ seating

B. Beckert: Formal Specification of Software – p.35

Page 47: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Schemata as Sets/Types

Schema

Namex1 : T1. . .xn : Tn

ConstrainingPredicates

can be seen as the following set (type) of tuples:

Name =

{x1 : T1; . . . ; xn : Tn | ConstrainingPredicates • (x1, . . . , xn)}

B. Beckert: Formal Specification of Software – p.36

Page 48: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Schema Inclusion

Inclusion

Schemata can be used (included) in

– schema– set comprehension– quantification

by adding the schema name to the declaration part

Meaning

– declarations– constraining predicates

are added to the corresponding parts of the includingschema / set comprehension / quantification

Note: Matching names merge and must be type compatible

B. Beckert: Formal Specification of Software – p.37

Page 49: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Schema Inclusion

Example

NumberInSeta : Z

c : PZ

a ∈ c

{NumberInSet | a = 0 • c}

is the same as

{a : Z, c : PZ | a ∈ c ∧ a = 0 • c}

(the set of all integer sets containing 0)

B. Beckert: Formal Specification of Software – p.38

Page 50: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Schemata as Predicates

Schemata can be used as predicates in

– schema– set comprehension– quantification

by adding the schema name to the predicate part(occurring variables must already be declared)

Meaning

The constraining predicates (not: the declaration part)are added to the corresponding part of theschema / set comprehension / quantification

B. Beckert: Formal Specification of Software – p.39

Page 51: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Schemata as Predicates

Example

NumberIn01a : Z

c : PZ

a ∈ cc ⊆ {0, 1}

∀ a : Z; c : PZ | NumberIn01 • NumberInSet

is the same as

∀ a : Z; c : PZ | a ∈ c ∧ c ⊆ {0, 1} • a ∈ c

B. Beckert: Formal Specification of Software – p.40

Page 52: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Generic Schemata

Type/set variables can be used in schema definitions

Example

NumberInSetGeneric[X]a : Xc : P X

a ∈ c

Then

NumberInSetGeneric[Z] = NumberInSet

B. Beckert: Formal Specification of Software – p.41

Page 53: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Variable Renaming in Schemata

Variables in schemata can be renamed

Example

NumberInSet[a/q, c/s]

is equal to

q : Z

s : PZ

q ∈ s

B. Beckert: Formal Specification of Software – p.42

Page 54: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Conjunctions of Schemata

Schemata can be composed conjunctively

Example

Given

ConDis1a : A; b : B

P

ConDis2b : B; c : C

Q

Then the following are equivalent

ConDis1 ∧ ConDis2a : A; b : B; c : C

PQ

B. Beckert: Formal Specification of Software – p.43

Page 55: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Disjunctions of Schemata

Schemata can be composed disjunctively

Example

Given

ConDis1a : A; b : B

P

ConDis2b : B; c : C

Q

Then the following are equivalent

ConDis1 ∨ ConDis2a : A; b : B; c : C

P ∨ Q

B. Beckert: Formal Specification of Software – p.44

Page 56: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Example

Informal specification

Theater: Tickets for first night are only sold to friends

Specification in Z

Status ::= standard | firstNight

Friendsfriends : P Personstatus : Statussold : Seat 7→ Person

status = firstNight ⇒ ran sold ⊆ friends

B. Beckert: Formal Specification of Software – p.45

Page 57: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Example

TicketsForPerformance1 =̂ TicketsForPerformance0 ∧ Friends

and

TicketsForPerformance1FriendsTicketsForPerformance0

are the same as

TicketsForPerformance1friends : P Person; status : Statussold : Seat 7→ Person; seating : P Seat

status = firstNight ⇒ ran sold ⊆ friendsdom sold ⊆ seating

B. Beckert: Formal Specification of Software – p.46

Page 58: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Example

TicketsForPerformance1 =̂ TicketsForPerformance0 ∧ Friends

and

TicketsForPerformance1FriendsTicketsForPerformance0

are the same as

TicketsForPerformance1friends : P Person; status : Statussold : Seat 7→ Person; seating : P Seat

status = firstNight ⇒ ran sold ⊆ friendsdom sold ⊆ seating

B. Beckert: Formal Specification of Software – p.46

Page 59: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Normalisation of Schemata

Normalisation

A schema is normalised if in the declaration part

Variables are typed

but not restricted to subsets of types

Example

The normalisation of

x : N

P

is

x : Z

x ≥ 0P

B. Beckert: Formal Specification of Software – p.47

Page 60: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Normalisation of Schemata

Normalisation

A schema is normalised if in the declaration part

Variables are typed

but not restricted to subsets of types

Example

The normalisation of

x : N

P

is

x : Z

x ≥ 0P

B. Beckert: Formal Specification of Software – p.47

Page 61: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Negation of Schemata

A schema is negated by negating the predicate part inits normalised form

Example

The negation of

x : N

P

which is

x : Z

¬ (x ∈ N ∧ P)

is the negation of

x : Z

x ∈ N

P

B. Beckert: Formal Specification of Software – p.48

Page 62: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Schemata as Operations

States

A state is a variable assignment

A schema describes a set of states

Operations

To describe an operation,a schema must describe pairs of states (pre/post)

Notation

Variables are decorated with ′ to refer to their value in the post state

Whole schemata can be decorated

B. Beckert: Formal Specification of Software – p.49

Page 63: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Schemata as Operations

States

A state is a variable assignment

A schema describes a set of states

Operations

To describe an operation,a schema must describe pairs of states (pre/post)

Notation

Variables are decorated with ′ to refer to their value in the post state

Whole schemata can be decorated

B. Beckert: Formal Specification of Software – p.49

Page 64: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Schemata as Operations

Example

NumberInSet′

is the same as

NumberInSet′a′ : Z

c′ : PZ

a′ ∈ c′

Further decorations

input variables are decorated with “?”

output variables are decorated with “!”

B. Beckert: Formal Specification of Software – p.50

Page 65: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Schemata as Operations

Example

NumberInSet′

is the same as

NumberInSet′a′ : Z

c′ : PZ

a′ ∈ c′

Further decorations

input variables are decorated with “?”

output variables are decorated with “!”B. Beckert: Formal Specification of Software – p.50

Page 66: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Example

Theater: Selling tickets

Purchase0TicketsForPerformance0TicketsForPerformance0′s? : Seatp? : Person

s? ∈ seating\dom soldsold′ = sold ∪ {s? 7→ p?}seating′ = seating

(no output variables in this schema)

B. Beckert: Formal Specification of Software – p.51

Page 67: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Example

Response ::= okay | sorry

Successr! : Response

r! = okay

Then

Purchase0 ∧ Success

is a schema that reports successful ticket sale

B. Beckert: Formal Specification of Software – p.52

Page 68: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Schemata as Operations: General Form

StateSpacex1 : T1; . . . ; xn : Tn

inv(x1, . . . , xn)

OperationStateSpaceStateSpcae′i1? : U1; . . . ; im? : Umo1! : V1; . . . ; op! : Vp

pre(i1?, . . . , im?, x1, . . . , xn)op(i1?, . . . , im?, x1, . . . , xn, x′1, . . . , x′n, o1!, . . . , op!)

B. Beckert: Formal Specification of Software – p.53

Page 69: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

The ∆ Operator

Definition

∆Schema abbreviates Schema ∧ Schema′

General form of operation schema using ∆

Operation∆StateSpacei1? : U1; . . . ; im? : Umo1! : V1; . . . ; op! : Vp

pre(i1?, . . . , im?, x1, . . . , xn)op(i1?, . . . , im?, x1, . . . , xn, x′1, . . . , x′n, o1!, . . . , op!)

B. Beckert: Formal Specification of Software – p.54

Page 70: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

The Ξ Operator

Definition

ΞSchema abbreviates ∆Schema ∧ (x1 = x′1 ∧ . . . ∧ xn = x′n)

where x1, . . .xn are the variables declared in Schema

General form of operation schema using Ξ

OperationΞStateSpacei1? : U1; . . . ; im? : Umo1! : V1; . . . ; op! : Vp

pre(i1?, . . . , im?, x1, . . . , xn)op(i1?, . . . , im?, x1, . . . , xn, o1!, . . . , op!)

Using Ξ indicates that the operation does not change the stateB. Beckert: Formal Specification of Software – p.55

Page 71: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

The Operators ∆ and Ξ: Example

The following schemata are equivalent

ΞNumberInSet

∆NumberInSet

a = a′c = c′

NumberInSetNumberInSet′

a = a′c = c′

B. Beckert: Formal Specification of Software – p.56

Page 72: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Example

Theater: Selling tickets, but only to friends if first night performance

Purchase1∆TicketsForPerformance1s? : Seatp? : Person

s? ∈ seating\dom soldstatus = firstNight ⇒ (p? ∈ friends)sold′ = sold ∪ {s? 7→ p?}seating′ = seatingstatus′ = statusfriends′ = friends

B. Beckert: Formal Specification of Software – p.57

Page 73: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Example

NotAvailableΞTicketsForPerformance1s? : Seatp? : Person

s? ∈ dom sold ∨ (status = firstNight ∧ ¬ p? ∈ friends)

Failurer! : Response

r! = sorry

TicketServiceForPerformance =̂

(Purchase1 ∧ Success) ∨(NotAvailable ∧ Failure)

B. Beckert: Formal Specification of Software – p.58

Page 74: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Quantifying (Hiding) Variables in Schemata

Schema quantification

∀x : S • Schema resp.∃x : S • Schema

(existential quantification is also called “variable hiding”)

Example

∃ a : Z • NumberInSet

is the same as

c : PZ

∃ a : Z • a ∈ c

B. Beckert: Formal Specification of Software – p.59

Page 75: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Quantifying (Hiding) Variables in Schemata

Schema quantification

∀x : S • Schema resp.∃x : S • Schema

(existential quantification is also called “variable hiding”)

Example

∃ a : Z • NumberInSet

is the same as

c : PZ

∃ a : Z • a ∈ c

B. Beckert: Formal Specification of Software – p.59

Page 76: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Composition of Operation Schemata

Definition

Operation schemata can be composed using o9, where

every variable with ′ in the first schema must occur without ′

in the second schema

these variables are identified and

hidden from the outside

B. Beckert: Formal Specification of Software – p.60

Page 77: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Composition: General form

Op1x1 : T1; . . . ; xp : Tpz1 : V1; . . . ; zn : Vnz′1 : V1; . . . ; z′n : Vn

op1(x1, . . . , xp,z1, . . . , zn, z′1, . . . , z′n)

Op2y1 : U1; . . . ; yq : Uqz1 : V1; . . . ; zn : Vnz′1 : V1; . . . ; z′n : Vn

op2(y1, . . . , yq,z1, . . . , zn, z′1, . . . , z′n)

Op1 o9 Op2

x1 : T1; . . . ; xp : Tpy1 : U1; . . . ; yq : Uqz1 : V1; . . . ; zn : Vnz′1 : V1; . . . ; z′n : Vn

∃ z′′1 : V1; . . . ; z′′n : Vn •op1(x1, . . . , xp, z1, . . . , zn, z′′1 , . . . , z′′n)op2(y1, . . . , yq, z′′1 , . . . , zn, z′1, . . . , z′n)

B. Beckert: Formal Specification of Software – p.61

Page 78: The Z Specication Language - KITbeckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel set theory Rich

Example

Purchase1 o9 Purchase1[s?/s2?]

is equivalent to

∆TicketsForPerformance1s? : Seat; s2? : Seat; p? : Person

s? ∈ seating\dom solds2? ∈ seating\dom(sold ∪ {s? 7→ p?})status = firstNight ⇒ (p? ∈ friends)sold′ = sold ∪ {s? 7→ p?, s2? 7→ p?}seating′ = seatingstatus′ = statusfriends′ = friends

B. Beckert: Formal Specification of Software – p.62