Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 2.4 The Z Notation [Reference: M. Spivey: The Z Notation, Prentice Hall]

Similar presentations


Presentation on theme: "© Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 2.4 The Z Notation [Reference: M. Spivey: The Z Notation, Prentice Hall]"— Presentation transcript:

1 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 2.4 The Z Notation [Reference: M. Spivey: The Z Notation, Prentice Hall]

2 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 2 Formal Languages A language is formal if its syntax and semantics are formally defined (mathematically) (e.g. Petri Nets, Finite Automata, Predicate Logic) Formal languages allow for the design, the development, the verification, the testing and the maintenance of a system: remove ambiguities and introduce precision, structure information at an appropriate abstraction level. support the verification of design properties, are supported by tools and systems. Using mathematics (and formal methods) may appear to be expensive, but in the long run it pays off (and how!) The Z Notation

3 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 3 The Z Notation Properties of Z Is a very expressive formal language. Based on first-order logic with equality and typed set-theory. Has a mathematical toolkit: a library of mathematical definitions and abstract data-types (sets, lists, bags, …). Supports the structured modeling of a system, both static and dynamic: modeling/specification of data of the system, functional description of the system (state transitions). Is supported by several tools and systems

4 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 4 The Z Notation Z and other Formal Languages/Methods A number of successfully employed Formal Methods are based on first order logic with type-theory, e.g. VDM (Vienna Development Method, 80s), B (applied extensively in France) Other formal languages: Equational logic or Horn logic (in algebraic specifications), Higher-order logic (HOL). Z: Applied successfully since 1989 (Oxford University Computing Laboratory), e.g. British government requires Z-specifications for security-critical systems. Is an ISO standard

5 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 5 The Z Notation The Birthday Book Example A system which records peoples birthdays System issues a reminder when the birthday comes around

6 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 6 The Z Notation The Birthday Book Example - Schema Variable declaration BirthdayBook known: P NAME birthday: NAME DATE known = dom birthday One instance satisfying the invariant: known = {John, Mike, Susan} birthday= {John 25. Mar, Mike 20. Dec, Susan 20. Dec.} Invariants (variable relationships) Schema name |

7 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 7 Z syntax overview A specification in Z is presented as a collection of schemas Each schema consists of: Schema name Variable declaration (static description part) Identification of variables Invariants (dynamic part) Definition of operations Input/Output relation State changes Z uses only rigourous mathematical notations from (typed) set theory and first order logic The Z Notation

8 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 8 The Z Notation The Birthday Book Example – Details to BirthdayBook P: power set, : partial function dom domain The set known is the same as the domain of the function birthday – the set of names to which it can be validly applied. Facts about dom (examples of the laws obeyed by mathematical data types): dom(f g) = (dom f ) (dom g) dom {a b} = {a} BirthdayBook known: P NAME birthday: NAME DATE known = dom birthday | |

9 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 9 The Z Notation AddBirthday BirthdayBook name? : NAME date? : DATE name? known birthday = birthday {name? date?} introduces a schema describing a change Introduces variables: known, birthday (state before change) known, birthday (state after the change) ? Input variables ! output variables Constraint: All variables with the same name have the same type The Birthday Book Example - Operation

10 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 10 The Z Notation A simple proof of a system property Expectation: set of known names will be augmented with the new name Property: known = known {name?} Proof: known = dom birthday [invariant after] = dom (birthday {name? date?} [spec. of AddBirthday] = dom birthday dom {name? date?} [fact about dom] = dom birthday {name?} [fact about dom] = known {name?} [invariant before] Proof based on mathematical laws and axioms

11 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 11 The Z Notation Find operation Finds birthday (date) for a given name Ξ introduces a schema without a change Constraint: all variables with the same name are of the same type FindBirthday BirthdayBook name? : NAME date! : DATE name? known date! = birthday (name?)

12 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 12 The Z Notation Remind BirthdayBook today? : DATE cards! : P NAME cards! = { n : known birthday (n) = today? } Remind operation Finds people who have birthday on a given date (to send them birthday cards) No precondition!

13 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 13 The Z Notation InitBirthdayBook BirthdayBook known = Initial state

14 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 14 The Z Notation Strengthen the specification (1/2) What is the problem with this spec? Assumes everything works according to plan No provision for mistake What happens if user attempts to add a birthday for someone already known to the system? Or if we try to find a birthday of someone not known to the system? Should the system ignore such behavior? Should the system break down by displaying rubbish? Does this mean we should write a brand new spec?

15 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 15 The Z Notation Strengthen the specification (2/2) How to strengthen the specification? Combine separate schema Add an extra output (or report) to each operation on the system Outputs can be: Ok Already-known Not-known

16 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 16 The Z Notation Success result!: REPORT result! = ok Success Operation To combine schema use conjunction or disjunction: AddBirthday Success is a schema which produces an entry in the birthday book (for correct inputs) and reports success The result is an operation which, for correct input, both acts as described by AddBirthday and produces the result ok

17 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 17 The Z Notation AlreadyKnown BirthdayBook name? : NAME result! : REPORT name? known result! = already_known AlreadyKnown Operation Define a schema for each possible error in the input RAddBirthday = (AddBirthday Success) v AlreadyKnown ^

18 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 18 The Z Notation RAddBirthday BirthdayBook name? : NAME date? : DATE result! : REPORT (name? known birthday = birthday {name? date?} result! = ok) (name? known birthday = birthday result! = already_known) A robust version of AddBirthday

19 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 19 The Z Notation A robust version of FindBirthday RFindBirthday = (FindBirthday Success) v NotKnown NotKnown BirthdayBook name? : NAME result! : REPORT name? known result! = not_known ^

20 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 20 A robust version of FindBirthday It is not enforced that output values are set cf. page 20http://spivey.oriel.ox.ac.uk/mike/zrm/zrm.pdf RFindBirthday checks whether a given name is present, returning a report and, if possible, the date itself The Z Notation


Download ppt "© Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 2.4 The Z Notation [Reference: M. Spivey: The Z Notation, Prentice Hall]"

Similar presentations


Ads by Google