1

Z Schemas

Chapter 6

Formal Specification using Z

2

Schemas

• A specification document in Z consists of narrative text interspersed with formal Z notation called schemas.

Sa,b: a < b• This schema is called S and it declares two variables a and

b. It contains a constraining predicate which states that a must be less than b.

3

Schemas

• The general form of a schema is.

SchemaNameDeclarations

Predicate• A schema can also be written in a linear form:

• SchemaName == [ Declarations | Predicate]

• The previous example would be written in linear form as:

• S == [a,b: | a<b]

4

Schemas

• It is possible to have an anonymous schema, no name.

• It is possible to have a schema with no predicate.

• Variables are local to a schema. If you require variables from another schema you must include it in your current schema.

• Global variables are available to all schemas, they are introduced by axiomatic definition and cannot be changed by any operation. For example:

• | capacity: • If you wish to constrain a variable, the general form is Declarations

Predicate

5

Schemas

• For example

MaxOnCourse

MaxOnCourse 6…30

Schemas can make reference to capacity and MaxOnCourse without explicitly including their defining schemas.

CoursenumberEnrolled:

numberEnrolled MaxOnCourse

6

Schemas

• Each line of declaration part is separated by a semicolon.

• Each line of predicate part is connected with the ‘and’ operation

Classlecturer: PERSON

student: PERSON

lecturer student

#student MaxOnCourse

Is an abbreviation for:

Classlecturer: PERSON;student: PERSON;lecturer student #student MaxOnCourse

7

Schema Calculus

Schemas can be regarded as units and manipulated by various operators that are analogous to the logical operators ( ,¬ etc. )

The schema name S decorated with a prime (S’) is defined to be the same as the schema S with all its variables decorated with a prime. It is used to signify the value of a schema after some operation.

Before operation

Sa,b: a < b

After operation

S’a’,b’: a’ < b’

8

Inclusion

• The name of a schema can be included in the declaration of another schema. When a schema is textually imported its declarations are merged with those of the including schema and its predicate part is conjoined (anded) with that of the including schema. Any variables that have the same name must have the same type.

9

Inclusion

Including a schema

IncludeSc: Sc < 10

Is a short way of writing

includeSc: a,b: c < 10a < b

10

Schema ConjunctionDefinition of S

Sa,b: a < b

SandT == S T

SandT a,b,c: a < bb < c

Definition of T

Tb,c: b < c

11

Schema DisjunctionDefinition of S

Sa,b: a < b

SorT == S T

SorT a,b,c: a < b) b < c)

Definition of T

Tb,c: b < c

12

Delta Convention

Definition of Delta S

Sa,b: a’,b’: a < b a’ < b’

The convention that a value of a variable before an operation is denoted by an undecorated name of the variable, and the value after an operation is decorated by a prime (‘) is used in the delta naming convention. A schema with a capital delta ( often denotes some change) as the first character of its name is defined as:

13

Xi Convention

Definition of Xi S

Sa,b: a’,b’: a < b a’ < b’ a’ = a b’ = b

The convention a schema with the Greek capital letter xi () as the first character of its name, such as S, is defined as the same as S but with the constraint that the new value of every variable is the same as the old. The state of does not change. For example a query is an operation that produces a result that should not change the state of a database.

14

Schema Input Output

Definition of Add

Adda?,b?: sum!: sum! = a? + b?

Finishing variable names with a question mark (?) indicates input to the schema.

Finishing variable names with a exclamation mark (!) indicates output from the schema.

15

Schema Example

KEY ::= home | return | left | right | up | down

numLines: numColumns: 1 numLines1 numColumns

A computer display shows lines of characters with each line consisting of a fixed number of columns containing a character in a fixed-width typeface. A cursor marks the current position of interest on the display. The user can press cursor-control keys on the keyboard, some of which directly control the position of the cursor.

16

Schema ExampleThe lines are numbered from 1 to numLines down the display and the columns are numbered 1 to numColumns across the display.

1

1

numLines

numColumns

line

column

cursor

17

The State

• At any time the cursor is within the bounds of the display. The state of the cursor can be described by the schema Cursor.

Cursorline: column: line1..numLines

column1..numColumns

18

Home Key• The operations for moving the cursor can be

built up one at a time. The simplest is to respond to the home key. It causes the cursor to the top left corner of the display.

HomeKey

Cursor

key?: KEY

key? = home

line’ = 1

column’1

19

Home Key• We are using the delta convention with cursor

defined as:

Cursor line, line’ : column, column’ : line1..numLines

line’1..numLines

column1..numColumns

column’1..numColumns

20

Down Key• The operation for moving the cursor down, in

the normal case, can be defined as:DownKeyNormal

Cursor

key?: Key

key? = down

line < numLines

line’ = line + 1

column’column

21

Down Key• The operations for moving the cursor down,

when the cursor is at the bottom of the display, can be defined as:

DownKeyAtBottom

Cursor

key?: KEY

key? = down

line = numLines

line’ = 1

column’column

22

Down Key• The operation for moving the cursor down is

defined to ‘wrap round’ to the top of the display. The full behaviour is given by:

DownKey == DownKeyNormal DownKeyAtBottom

• The operation defined by oring the two behaviours.

23

Return Key

• The response to the return key is to move the cursor to the leftmost column of the next line down or the top of the screen if the cursor is already on the bottom line. This can be defined as:

ReturnKey

Cursor

key?: KEY

key? = return

column’1line < numLines line’ = line’+1)

line = numLines line’=1))

24

Right Key

• First we deal with the case where the cursor is not at the far right of the display:

RightKeyNormal

Cursor

key?: KEY

key? = right

column <numColumns

column’ = column+1

line’ = line

25

Right Key

• Next we deal with the case where the cursor is at the far right of the display:

RightKeyAtEnd

Cursor

key?: KEY

key? = right

column =numColumns

column’ = 1

line < numLines

line’ = line + 1

26

Right Key

• Finally we deal with the case where the cursor is at the far right of the bottom line of the display:

RightKeyAtBottom

Cursor

key?: KEY

key? = right

column =numColumns

column’ = 1

line = numLines

line’ = 1

27

Right Key

• These three schemas can be combined to form one schema that defines the response of the cursor to the right key being pressed in all initial positions of the cursor:

•

RightKey= RightKeyNormal RightKeyAtEnd RightKeyAtBottom

28

Cursor-control key action

• The action of the cursor on pressing any of these cursor-control keys can be defined as:

•

CursorControlKey= RightKey HomeKey ReturnKey

UpKey DownKey LeftKey

29

Schema Composition

• The composition of a schema S with schema T is written:

• S;T• and signifies the effect of doing S, and then doing T. For

example, to show the effect of pressing the right-key and then the left-key on the display using the existing definition of CursorControlKey. We first write the definitions of pressing the left and right keys.

• PressRight == CursorControlKey [k?=right]

• PressLeft == CursorControlKey [k?=left]

The composition of the two actions is written

PressRight ; PressLeft

30

The overall structure of a Z specification

• A Z specification document consists of mathematical text in Z notation, interleaved with explanatory text in natural language. The text should be expressed in terms of the problem and should not refer directly to the mathematical formulation, however for tutorial work this restriction is relaxed.

31

Sections of a Z specification

• Introduction.

• The types used.

• The state and its invariant properties

• An initialisation operation.

• Operations and queries.

• Error handling.

• Final versions of operations and enquiries.

32

Chapter 6 Exercises Q1

• Define schema linesRemaining which delivers the number of lines below the cursor as output.

33

Chapter 6 Exercises Q1

• Define schema linesRemaining which delivers the number of lines below the cursor as output.

LinesRemaining

Cursor

lines! : lines! = numLines - line

34

Chapter 6 Exercises Q2

• Define schema UpKey to define the operation of pressing the up key.

35

Chapter 6 Exercises Q2• Define schema UpKey to define the operation of pressing the up

key.

UpKeyAtTopCursorkey?: KEYkey? = upline = 1line’ = numLinescolumn’column

UpKeyNormalCursorkey?: KEYkey? = upline > 1line’ = line - 1column’column

UpKey == UpkeyNormal UpKeyAtTop

The cursor wraps around to the bottom of the display.

36

Chapter 6 Exercises Q3

• Define schema LeftKey to define the operation of pressing the up key.

37

Chapter 6 Exercises Q3 Solution • Define schema LeftKey to define the operation of pressing the up

key.

LeftKeyAtStartCursorkey?: KEYkey? = leftcolumn =1column’numColumns line > 1line’ = line - 1

LeftKeyNormalCursorkey?: KEYkey? = leftcolumn > 1column’columns -1line’ = line

LeftKey == LeftKeyNormal LeftKeyAtStart LeftKeyAtTop

The cursor wraps around to the bottom of the display.

LeftKeyAtTopCursorkey?: KEYkey? = leftcolumn =1column’numColumns line = 1line’ = numLines