Formal Specification and Z
CS3300Fall 2015
Formal Specification Produces a mathematical model Typically associated with analysis Differs from design diagrams because they have formal semantics Currently used in some safety critical applications, but not in
general development Issues with scaling and translation to code
Formal Specification Languages VDM Larch Alloy Z (zed) OCL And a host of others
Z Model-based notation Collection of state variables Operations that change state This is a notation, not a methodology
Specify a Text Editor First we define some primitive types. These are in square brackets:[CHAR]
And then some composite types:TEXT == seq CHAR
These definitions are considered global. Say we have a constraint, for this we use an axiomatic constraint
maxsize :
maxsize <=65535
Then we can define a Schema – combines data and invariants
Editor
left, right : TEXT
# (left ^ right) <= maxsize
Now we specify what happens on initialization, Zed provides a special schema Init
Init
Editor
left = right = < >
Now we need to introduce some operations, but first we need another axiomatic definition
printing : Ƥ CHAR
And now we can define our actual operation schema
Insert
Editorch? : CHAR
ch? ∈ printingleft' = left ^ <ch?>right' = right
What about moving right with the arrow key?We have to recognize the difference with Insert
right_arrow : CHAR
right_arrow ∉ printingForward
Δ Editorch? : CHAR
ch ? = right_arrowleft' = left ^ < head(right) >right' = tail(right)
Forward
Δ Editorch? : CHAR
ch ? = right_arrowright != < >left' = left ^ < head(right) >right' = tail(right)
Completing the preconditions
But what should we do if the right is empty?
T_Forward ≙ Forward ⋁ (EOF ⋀ RightArrow ⋀ Ξ Editor)
EOF
Editor
right = < >
Let'sTry some on our own
DeleteBackward (moves cursor back one)T_Backward
How about a Birthday Book Keep track of names and datesWe define our basic types:
[NAME, DATE]
Basic Schema
BirthdayBookknown : ℙ NAME
birthday : NAME↦ DATE
known = dom birthday
Initialization
Init
BirthdayBook
known = ∅
How about adding a birthday?AddBirthday
∆ BirthdayBookname? : NAMEdate? : DATE
birthday' = birthday ∪ {name? ↦ date?}
name? ∉ known
How about looking up a birthday?
FindBirthdayΞ BirthdayBookname? : NAMEdate! : DATEname? ∊ knowndate! = birthday(name?)
How about find everyone whose birthday is today?
RemindΞ BirthdayBooktoday? : DATEcards! : ℙ NAMEcards! = { n : known | birthday(n) = today? }
How about errors?
REPORT ::= ok | already_known | not_known
Success
result! : REPORT
result! = ok
What about adding an already known name?
AlreadyKnownΞ BirthdayBookname? : NAMEresult! : REPORTname? ∊ knownresult! = already_known
T_AddBirthday = AlreadyKnown ∨ (AddBirthday ∧ Success)