Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to formal methods using Z An aircraft example

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "An Introduction to formal methods using Z An aircraft example"— Presentation transcript:

1 An Introduction to formal methods using Z An aircraft example
From Chapter 3 Formal Specification using Z David Lightfoot

2 Sets: Aircraft passengers
Using only the mathematics of sets we will describe a simple system. This example example concerns recording the passengers aboard an aircraft. There are no seat numbers. Passengers are allowed aboard on a first-come-first-served basis. The aircraft has a fixed capacity which must never be exceeded. The only base type is: [PERSON] the set of all possible uniquely identified persons

3 Sets: Aircraft System All PERSONS are uniquely identified by passport number. The capacity of the aircraft is a natural number: capacity: N the seating capacity of the aircraft.

4 Sets: Aircraft System We define:
Variables that give our system a state. An invariant, where the variables have a particular value or range of values. An initialize operation on the variables which set the system to some initial state. A set of operations that change the state of the system while preserving the invariant properties. A set of enquiries that do not change the state of the system

5 Sets: Aircraft System, Variables
The state of the system is given by the set of people on board the aircraft: onboard: PPERSON The number of persons on board must never exceed the capacity: #onboard capacity This is the invariant property of the system. No operation will be permitted to lead the system into a state for which it does not hold.

6 Sets: Aircraft System, Initialize
The initial state is where the aircraft is empty. The operation to initialize the system can be specified as: onboard’ = 0 In Z a variable name is said to be undecorated before operation and decorated after an operation. The decoration (‘) is called prime.

7 Sets: Aircraft System, Operations
The boarding operation allows person p to board the aircraft: onboard’ = onboard U {p} {p} is a singleton set containing the element p. The new value of onboard is the same as the union of its own value and the singleton set containing p. The necessary precondition of the boarding operation is: #onboard < capacity

8 Aircraft System Operations, Boarding
It would be an error to record the boarding of a person who was already onboard, so a further precondition is: p onboard Decision regarding the behavior of the of the system when the preconditions are not satisfied is deferred.

9 Aircraft System Operations, Boarding
To summarize the boarding operation: p:PERSON p onboard #onboard<capacity onboard’ = onboard U {p} .p .p onboard’ onboard

10 Aircraft System Operations, Disembark
To summarize the disembark operation: p:PERSON p onboard onboard’ = onboard \ {p} .p .p onboard onboard’

11 Aircraft System, Enquiries
Enquiries do not change the state of the system. We need an operation to find the number of people on board. numOnBoard: N number of person on the aircraft. numOnBoard = #onboard onboard’ = onboard The fact that the operation causes no change of state needs to be stated explicitly. There is no precondition.

12 Sets: Aircraft System, Enquiries
We need an operation to tell us if a given person is on board. RESPONSE ::= yes | no p: PERSON reply:RESPONSE ((p onboard and reply = yes) or (p onboard and reply = no)) onboard’ = onboard

13 Recall from chapter 2 Certain people are registered as users of a computer system. At any given time, some of these users are logged in to the computer. There is a limit (unspecified) to the number of users logged in at any one time. All users are either staff users or customers.

14 Solution from Q1 Chapter 2
[PERSON] the set of all uniquely identifiable persons loggedIn, users: PPERSON loggedIn z users

15 Exercises For the computer system described in Question 1 Chapter 2 :
1 Discover any invariant properties. 2 Define a suitable initialisation operation for the system. 3 Define an operation to register a person as a new user, who is initially not logged in. 4 Define an operation to remove a user’s registration, when the user is not logged in. 5 Define operations for user’s to login and logout.

16 Solutions 1. Invariant property. Only registered users can be logged in. loggedIn z users 2. Initialisation operation; no-one is logged in. users’ = q loggedIn’ = q

17 Solutions 3. Add new user. Person p must not already be a user. Person p is added to users. p:PERSON p users users’ = users U {p} loggedIn’ = loggedIn

18 Solutions 4. Remove user. Person p must already be a user. Person p is removed users. p:PERSON p users p loggedIn users’ = users \ {p} loggedIn’ = loggedIn

19 Solutions 5. Login. p: PERSON p users p loggedIn
loggedIn’ = loggedIn U {p} users’ = users

20 Solutions 5(b). Logout. p: PERSON p users p loggedIn
loggedIn’ = loggedIn \ {p} users’ = user

Download ppt "An Introduction to formal methods using Z An aircraft example"

Similar presentations

Formal Methods in Software Engineering

Formal Methods in Software Engineering
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
CPU Review and Programming Models CT101 – Computing Systems.

CPU Review and Programming Models CT101 – Computing Systems.
22C:19 Discrete Structures Induction and Recursion Fall 2014 Sukumar Ghosh.

22C:19 Discrete Structures Induction and Recursion Fall 2014 Sukumar Ghosh.
Introduction to Sensitivity Analysis Graphical Sensitivity Analysis

Introduction to Sensitivity Analysis Graphical Sensitivity Analysis
1 CHAPTER 4 RELATIONAL ALGEBRA AND CALCULUS. 2 Introduction - We discuss here two mathematical formalisms which can be used as the basis for stating and.

1 CHAPTER 4 RELATIONAL ALGEBRA AND CALCULUS. 2 Introduction - We discuss here two mathematical formalisms which can be used as the basis for stating and.
Chapter 8: Long-Term Dynamics or Equilibrium 1.(8.1) Equilibrium 2.(8.2) Eigenvectors 3.(8.3) Stability 1.(8.1) Equilibrium 2.(8.2) Eigenvectors 3.(8.3)

Chapter 8: Long-Term Dynamics or Equilibrium 1.(8.1) Equilibrium 2.(8.2) Eigenvectors 3.(8.3) Stability 1.(8.1) Equilibrium 2.(8.2) Eigenvectors 3.(8.3)
Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.

Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.
1 Introduction to Computability Theory Lecture15: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture15: Reductions Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture3: Regular Expressions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture3: Regular Expressions Prof. Amos Israeli.
CHAPTER 3 COLLECTIONS Abstract Data Types. 2 A data type consists of a set of values or elements, called its domain, and a set of operators acting on.

CHAPTER 3 COLLECTIONS Abstract Data Types. 2 A data type consists of a set of values or elements, called its domain, and a set of operators acting on.
Formal Specification Sets Based on chapter 2 of Formal Specification Using Z David Lightfoot.

Formal Specification Sets Based on chapter 2 of Formal Specification Using Z David Lightfoot.
Discrete Mathematics Lecture 4: Sequences and Mathematical Induction

Discrete Mathematics Lecture 4: Sequences and Mathematical Induction
SwE 313 Case Study Registration System.

SwE 313 Case Study Registration System.
Discrete Mathematics Lecture 4 Harper Langston New York University.

Discrete Mathematics Lecture 4 Harper Langston New York University.
CS 206 Introduction to Computer Science II 10 / 20 / 2008 Instructor: Michael Eckmann.

CS 206 Introduction to Computer Science II 10 / 20 / 2008 Instructor: Michael Eckmann.
Schema Operators. State We can use the language of schemas to describe the state of a system, and operations upon it. Different aspects of the state --

Schema Operators. State We can use the language of schemas to describe the state of a system, and operations upon it. Different aspects of the state --
1 Z Schemas Chapter 7 Formal Specification using Z Example of Z specification Document.

1 Z Schemas Chapter 7 Formal Specification using Z Example of Z specification Document.
1 The Extended Example Chapter 5 Formal Specification using Z.

1 The Extended Example Chapter 5 Formal Specification using Z.

Similar presentations

Ads by Google