1 Z Schemas Chapter 6 Formal Specification using Z
2 Schemas A specification document in Z consists of narrative text interspersed with formal Z notation called schemas. S _________ a,b: N ________ a < b __________ This schema is called S and it declares two variables a and b. It contains a constraining predicate which states that a must be less than b.
3 Schemas The general form of a schema is. SchemaName _____ Declarations ________ Predicate __________ A schema can also be written in a linear form: SchemaName == [ Declarations | Predicate] The previous example would be written in linear form as: S == [a,b: N | a<b]
4 Schemas It is possible to have an anonymous schema, no name. It is possible to have a schema with no predicate. Variables are local to a schema. If you require variables from another schema you must include it in your current schema. Global variables are available to all schemas, they are introduced by axiomatic definition and cannot be changed by any operation. For example: | capacity: N If you wish to constrain a variable, the general form is Declarations ________ Predicate __________
5 Schemas For example MaxOnCourse ________ MaxOnCourse 6…30 __________ Schemas can make reference to capacity and MaxOnCourse without explicitly including their defining schemas. Course _____ numberEnrolled: ________ numberEnrolled MaxOnCourse __________
6 Schemas Each line of declaration part is separated by a semicolon. Each line of predicate part is connected with the ‘and’ operation Class _____ lecturer: PERSON student: P PERSON ________ lecturer student #student MaxOnCourse __________ Is an abbreviation for: Class _____ lecturer: PERSON; student: P PERSON; ________ lecturer student L #student MaxOnCourse __________
7 Schema Calculus Schemas can be regarded as units and manipulated by various operators that are analogous to the logical operators ( L, v, ¬ etc. ) The schema name S decorated with a prime (S’) is defined to be the same as the schema S with all its variables decorated with a prime. It is used to signify the value of a schema after some operation. Before operation S ______ a,b: N ______ a < b ______ _ After operation S’ ______ a’,b’: N ______ a’ < b’ _______ _
8 Inclusion The name of a schema can be included in the declaration of another schema. When a schema is textually imported its declarations are merged with those of the including schema and its predicate part is conjoined (anded) with that of the including schema. Any variables that have the same name must have the same type.
9 Inclusion Including a schema IncludeS ___ c: N S ______ c < 10 _______ Is a short way of writing includeS _ c: N a,b: N ______ c < 10 a < b ________
10 Schema Conjunction Definition of S S ___ a,b: N ______ a < b _______ SandT == S L T SandT _ a,b,c: N ______ a < b b < c ________ Definition of T T ___ b,c: N ______ b < c _____
11 Schema Disjunction Definition of S S ___ a,b: N ______ a < b _______ SorT == S v T SorT ___ a,b,c: N ______ ( a < b) v ( b < c) ________ Definition of T T ___ b,c: N ______ b < c _____
12 Delta Convention Definition of Delta S D S ___ a,b: N a’,b’: N ______ a < b a’ < b’ _______ The convention that a value of a variable before an operation is denoted by an undecorated name of the variable, and the value after an operation is decorated by a prime (‘) is used in the delta naming convention. A schema with a capital delta ( D often denotes some change) as the first character of its name is defined as:
13 Xi Convention Definition of Xi S X S ___ a,b: N a’,b’: N ______ a < b a’ < b’ a’ = a b’ = b _______ The convention a schema with the Greek capital letter xi ( X ) as the first character of its name, such as X S, is defined as the same as D S but with the constraint that the new value of every variable is the same as the old. The state of does not change. For example a query is an operation that produces a result that should not change the state of a database.
14 Schema Input Output Definition of Add Add ___ a?,b?: N sum!: N ______ sum! = a? + b? _______ Finishing variable names with a question mark (?) indicates input to the schema. Finishing variable names with a exclamation mark (!) indicates output from the schema.
15 Schema Example KEY ::= home | return | left | right | up | down numLines: N numColumns: N ______ 1 numLines 1 numColumns _______ A computer display shows lines of characters with each line consisting of a fixed number of columns containing a character in a fixed-width typeface. A cursor marks the current position of interest on the display. The user can press cursor-control keys on the keyboard, some of which directly control the position of the cursor.
16 Schema Example The lines are numbered from 1 to numLines down the display and the columns are numbered 1 to numColumns across the display. 1 1 numLines numColumns line column cursor
17 The State At any time the cursor is within the bounds of the display. The state of the cursor can be described by the schema Cursor. Cursor ___ line: N column: N ______ line 1..numLines column 1..numColumns _______
18 Home Key The operations for moving the cursor can be built up one at a time. The simplest is to respond to the home key. It causes the cursor to the top left corner of the display. HomeKey ___ D Cursor key?: KEY ______ key? = home line’ = 1 column’ = 1 ________
19 Home Key We are using the delta convention with D cursor defined as: D Cursor ___ line, line’ : N column, column’ : N ______ line 1..numLines line’ 1..numLines column 1..numColumns column’ 1..numColumns _______
20 Down Key The operation for moving the cursor down, in the normal case, can be defined as: DownKeyNormal ___ D Cursor key?: Key ______ key? = down line < numLines line’ = line + 1 column’ = column ________
21 Down Key The operations for moving the cursor down, when the cursor is at the bottom of the display, can be defined as: DownKeyAtBottom ___ D Cursor key?: KEY ______ key? = down line = numLines line’ = 1 column’ = column ________
22 Down Key The operation for moving the cursor down is defined to ‘wrap round’ to the top of the display. The full behaviour is given by: DownKey == DownKeyNormal v DownKeyAtBottom The operation defined by oring the two behaviours.
23 Return Key The response to the return key is to move the cursor to the leftmost column of the next line down or the top of the screen if the cursor is already on the bottom line. This can be defined as: ReturnKey ___ D Cursor key?: KEY ______ key? = return column’ = 1 (( line < numLines L line’ = line’+1) v ( line = numLines L line’=1)) ________
24 Right Key First we deal with the case where the cursor is not at the far right of the display: RightKeyNormal ___ D Cursor key?: KEY ______ key? = right column < numColumns column’ = column+1 line’ = line ________
25 Right Key Next we deal with the case where the cursor is at the far right of the display: RightKeyAtEnd ___ D Cursor key?: KEY ______ key? = right column = numColumns column’ = 1 line < numLines line’ = line + 1 ________
26 Right Key Finally we deal with the case where the cursor is at the far right of the bottom line of the display: RightKeyAtBottom ___ D Cursor key?: KEY ______ key? = right column = numColumns column’ = 1 line = numLines line’ = 1 ________
27 Right Key These three schemas can be combined to form one schema that defines the response of the cursor to the right key being pressed in all initial positions of the cursor: RightKey= RightKeyNormal v RightKeyAtEnd v RightKeyAtBottom
28 Cursor-control key action The action of the cursor on pressing any of these cursor- control keys can be defined as: CursorControlKey= RightKey v HomeKey v ReturnKey UpKey v DownKey v LeftKey
29 Schema Composition The composition of a schema S with schema T is written: S ; T and signifies the effect of doing S, and then doing T. For example, to show the effect of pressing the right-key and then the left-key on the display using the existing definition of CursorControlKey. We first write the definitions of pressing the left and right keys. PressRight == CursorControlKey L [k?=right] PressLeft == CursorControlKey L [k?=left] The composition of the two actions is written PressRight ; PressLeft
30 The overall structure of a Z specification A Z specification document consists of mathematical text in Z notation, interleaved with explanatory text in natural language. The text should be expressed in terms of the problem and should not refer directly to the mathematical formulation, however for tutorial work this restriction is relaxed.
31 Sections of a Z specification Introduction. The types used. The state and its invariant properties An initialisation operation. Operations and queries. Error handling. Final versions of operations and enquiries.
32 Chapter 6 Exercises Q1 Define schema linesRemaining which delivers the number of lines below the cursor as output.
33 Chapter 6 Exercises Q1 Define schema linesRemaining which delivers the number of lines below the cursor as output. LinesRemaining ___ X Cursor lines! : N ______ lines! = numLines - line ________
34 Chapter 6 Exercises Q2 Define schema UpKey to define the operation of pressing the up key.
35 Chapter 6 Exercises Q2 Define schema UpKey to define the operation of pressing the up key. UpKeyAtTop ___ D Cursor key?: KEY ______ key? = up line = 1 line’ = numLines column’ = column ________ UpKeyNormal ___ D Cursor key?: KEY ______ key? = up line > 1 line’ = line - 1 column’ = column ________ UpKey == UpkeyNormal v UpKeyAtTop The cursor wraps around to the bottom of the display.
36 Chapter 6 Exercises Q3 Define schema LeftKey to define the operation of pressing the up key.
37 Chapter 6 Exercises Q3 Solution Define schema LeftKey to define the operation of pressing the up key. LeftKeyAtStart ___ D Cursor key?: KEY ______ key? = left column =1 column’ = numColumns line > 1 line’ = line - 1 ________ LeftKeyNormal ___ D Cursor key?: KEY ______ key? = left column > 1 column’ = columns -1 line’ = line ________ LeftKey == LeftKeyNormal v LeftKeyAtStart v LeftKeyAtTop The cursor wraps around to the bottom of the display. LeftKeyAtTop ___ D Cursor key?: KEY ______ key? = left column =1 column’ = numColumns line = 1 line’ = numLines ________