Formal Methods: Z CS 415, Software Engineering II Mark Ardis, Rose-Hulman Institute March 18, 2003
2 Outline Types of Formal Methods Introduction to Z Examples
3 Formal Methods Specification and verification methods Have formal (mathematical) semantics unambiguous facilitate proofs of correctness In use since late 1970s more popular in Europe than US still only a niche market
4 Types of Formal Methods Model-theoretic VDM, Z Algebraic ACT One, Larch, OBJ Concurrent processes CCS, CSP, Petri Nets Finite State Machines Esterel, Statecharts Hybrid LOTOS, SDL
5 Model-theoretic Methods Vienna Development Method (VDM) invented at IBM Vienna lab in late 1970s used for compilers (Denmark, Germany) and for information processing (England) Z Invented by Jean-Raymond Abrial (France) Developed by Programming Research Group (PRG) at Oxford Used at IBM Hursley in mid 1980s
6 Foundations of Z Model theoretic method abstract model is constructed properties of the model are proven Set theory (and other discrete math) First order predicate calculus Schema calculus provides incrementality
7 Predicate Logic Variables ranging over arbitrary sets Predicates: assertions about variables Operators: conjunction: A B disjunction: A B negation: A implication: A B Quantifiers universal: x: T R(…x…) existential: x: T R(…x…)
8 Set Theory Membership: x S, x T Union: S T Intersection: S T
9 Functions and Relations element mapping: x y domain, range: dom(R), ran(R) overriding: R S partial function: x y
10 Sequences definition: <>, concatenation: length: #S functions: head(S) first element tail(S) all but the first element last(S) last element front(S) all but the last element
11 Schema Operators conjunction: S T disjunction: S T hiding: S \ (v 1, …, v n ) hiding: S \ T overriding: S T
12 Names Variables input: name? output: name! postcondition: name' Schema changes state: Name constant state: Name
13 Schemas Name declarations predicates
14 Birthday Book [Spivey 92] Example of use of schemas Describes a calendar with birthdates
15 BirthdayBook known: P NAME birthday: NAME DATE known = dom birthday
16 Examples known = { Mark, Cheryl, Eric, Paul } birthday = { Mark April 7, Cheryl July 9, Eric July 14, Paul April 30}
17 AddBirthday BirthdayBook name? : NAME date? : DATE name? known birthday' = birthday {name? date?}
18 FindBirthday BirthdayBook name? : NAME date! : DATE name? known date! = birthday(name?)
19 Remind BirthdayBook today? : DATE cards! : P NAME cards! = { n: known | birthday(n) = today? }
20 InitBirthday BirthdayBook known = Ø Initialization
21 Deriving Properties known' = dom birthday' = dom ( birthday {name? date?} ) = dom birthday dom {name? date?} = dom birthday { name? } = known { name? }
22 Cartoon of the Day
23 Cartoon of the Day (cont.)
24 Symbol Table [Hayes 87] Describes a relation between symbols and values Illustrates use of schema operators
25 Initial Definitions ST SYM VAL st ST st 0 Ø
26 Retrieve ST s? : SYM v! : VAL s? dom(st) v! = st(s?)
27 Declare ST s? : SYM v? : VAL st' = st { s? v? }
28 NotPresent ST s? : SYM rep! : REPORT s? dom(st) rep! = "Symbol not present"
29 Success rep! : REPORT rep! = "OK"
30 Combining Schemas STRetrieve ( Retrieve Success) NotPresent STDeclare Declare Success
31 Overriding Definitions Introduce a new symbol table for each level of scope Need to override the previous definitions of symbols: { s v } { s w } Need to introduce a distributed override operator for sequences of symbol tables
32 Block-Structured Symbol Tables BST seq ST / : seq ST ST / <> = Ø / ( s ) = ( / s ) t bst 0
33 BStart 0 BST bst' = bst BEnd 0 BST bst bst' = front( bst )
34 Z Method 1. Introduce basic sets 2. Define an abstract state in terms of sets, functions, relations, sequences, etc. 3. Specify the initial state 4. Define pre- and post-conditions of operations 5. State and prove theorems
35 References Ian Hayes (editor), Specification Case Studies, Prentice-Hall International, 1987, ISBN J.M. Spivey, The Z Notation: A Reference Manual, Prentice-Hall International, 1992, ISBN