Formal Specification and Z

CS3300Fall 2015

Formal Specification Produces a mathematical model Typically associated with analysis Differs from design diagrams because they have formal semantics Currently used in some safety critical applications, but not in

general development Issues with scaling and translation to code

Formal Specification Languages VDM Larch Alloy Z (zed) OCL And a host of others

Z Model-based notation Collection of state variables Operations that change state This is a notation, not a methodology

Specify a Text Editor First we define some primitive types. These are in square brackets:[CHAR]

And then some composite types:TEXT == seq CHAR

These definitions are considered global. Say we have a constraint, for this we use an axiomatic constraint

maxsize :

maxsize <=65535

Then we can define a Schema – combines data and invariants

Editor

left, right : TEXT

# (left ^ right) <= maxsize

Now we specify what happens on initialization, Zed provides a special schema Init

Init

Editor

left = right = < >

Now we need to introduce some operations, but first we need another axiomatic definition

printing : Ƥ CHAR

And now we can define our actual operation schema

Insert

Editorch? : CHAR

ch? ∈ printingleft' = left ^ <ch?>right' = right

What about moving right with the arrow key?We have to recognize the difference with Insert

right_arrow : CHAR

right_arrow ∉ printingForward

Δ Editorch? : CHAR

ch ? = right_arrowleft' = left ^ < head(right) >right' = tail(right)

Forward

Δ Editorch? : CHAR

ch ? = right_arrowright != < >left' = left ^ < head(right) >right' = tail(right)

Completing the preconditions

But what should we do if the right is empty?

T_Forward ≙ Forward ⋁ (EOF ⋀ RightArrow ⋀ Ξ Editor)

EOF

Editor

right = < >

Let'sTry some on our own

DeleteBackward (moves cursor back one)T_Backward

How about a Birthday Book Keep track of names and datesWe define our basic types:

[NAME, DATE]

Basic Schema

BirthdayBookknown : ℙ NAME

birthday : NAME↦ DATE

known = dom birthday

Initialization

Init

BirthdayBook

known = ∅

How about adding a birthday?AddBirthday

∆ BirthdayBookname? : NAMEdate? : DATE

birthday' = birthday ∪ {name? ↦ date?}

name? ∉ known

How about looking up a birthday?

FindBirthdayΞ BirthdayBookname? : NAMEdate! : DATEname? ∊ knowndate! = birthday(name?)

How about find everyone whose birthday is today?

RemindΞ BirthdayBooktoday? : DATEcards! : ℙ NAMEcards! = { n : known | birthday(n) = today? }

How about errors?

REPORT ::= ok | already_known | not_known

Success

result! : REPORT

result! = ok

What about adding an already known name?

AlreadyKnownΞ BirthdayBookname? : NAMEresult! : REPORTname? ∊ knownresult! = already_known

T_AddBirthday = AlreadyKnown ∨ (AddBirthday ∧ Success)