The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf ·...
Transcript of The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf ·...
![Page 1: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/1.jpg)
Formal Specification of Software
The Z Specification Language
Bernhard Beckert
UNIVERSITÄT KOBLENZ-LANDAU
B. Beckert: Formal Specification of Software – p.1
![Page 2: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/2.jpg)
The Z Specification Language
Based on
Typed first-order predicate logic
Zermelo-Fraenkel set theory
Rich notation
Invented/developed by
J.-R. Abrial, Oxford University Computing Laboratory
International standard
ISO/IEC JTC1/SC22
B. Beckert: Formal Specification of Software – p.2
![Page 3: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/3.jpg)
The Z Specification Language
Based on
Typed first-order predicate logic
Zermelo-Fraenkel set theory
Rich notation
Invented/developed by
J.-R. Abrial, Oxford University Computing Laboratory
International standard
ISO/IEC JTC1/SC22
B. Beckert: Formal Specification of Software – p.2
![Page 4: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/4.jpg)
The Z Specification Language
Tools
LATEX style
Type checker
Z/Eves deduction system
But
No tools for simulation/execution/testing
B. Beckert: Formal Specification of Software – p.3
![Page 5: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/5.jpg)
Built-in Operators
Logical operators
¬ negation
∧ conjunction
∨ disjunction
⇒ implication (note: not →)
⇔ equivalence (note: not ↔)
Equality
= equality
On all types (but not predicates)
B. Beckert: Formal Specification of Software – p.4
![Page 6: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/6.jpg)
Built-in Operators
Quantification
Q x1 : S1; . . . ; xn : Sn | p • q
where Q is one of ∀ ∃ ∃1
Meaning
∀x1 : S1; . . . ; xn : Sn(p ⇒ q) resp.∃x1 : S1; . . . ; xn : Sn(p ∧ q)
Abbreviation
∀x : T • q for ∀x : T | true • q
B. Beckert: Formal Specification of Software – p.5
![Page 7: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/7.jpg)
Notation for Sets
Enumeration
{e1, . . . , en}
The set of type-compatible elements e1, . . . , en
Example
{3, 5, 8, 4}
B. Beckert: Formal Specification of Software – p.6
![Page 8: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/8.jpg)
Notation for Sets
Set comprehension
{x : T | pred(x) • expr(x)}
The set of all elements that result from evaluating expr(x)for all x of type T for which pred(x) holds
Example
{x : Z | prime(x) • x ∗ x}
The set of all squares of prime numbers
B. Beckert: Formal Specification of Software – p.7
![Page 9: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/9.jpg)
Notation for Sets
Abbreviation
{x : T | pred(x)} for {x : T | pred(x) • x}
Example
N = {x : Z | x ≥ 0}
The empty set
∅ = {x : T | false}
Note:
∅ = ∅[T] is typed
B. Beckert: Formal Specification of Software – p.8
![Page 10: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/10.jpg)
Set Operations
∈ element-of relation
⊆ subset relation
S1 and S2 must have the same type
S1 ⊆ S2 ⇔ (∀x : S1 | x ∈ S2)
P power set operator
S′ ∈ P S ⇔ S′ ⊆ S
× cartesian product
(x1, . . . , xn) ∈ S1 × . . .× Sn ⇔ (x1 ∈ S1 ∧ . . . ∧ xn ∈ Sn)
B. Beckert: Formal Specification of Software – p.9
![Page 11: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/11.jpg)
Set Operations
∪,∪ union
Involved sets must have the same type T
x ∈ S1 ∪ S2 ⇔ (x ∈ S1 ∨ x ∈ S2)
x ∈∪S ⇔ (∃S′ : T • x ∈ S′)
∩,∩ intersection
\ set difference
B. Beckert: Formal Specification of Software – p.10
![Page 12: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/12.jpg)
Types
Pre-defined types
Z with constants: 0, 1, 2, 3, 4, . . .functions: +,−,∗, /predicates: <,≤,>,≥
Sets
Every set can be used as a type
Basic types (given sets)
Example
[Person]
B. Beckert: Formal Specification of Software – p.11
![Page 13: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/13.jpg)
Free Type Definitions
Example
weekDay ::= mon | tue | wed | thu | fri | sat | sun
Example
Tree ::= leaf 〈〈Z〉〉 | node〈〈Tree × Tree〉〉
Meaning
[Tree] generated by leaf , node
∀x1, y1, x2, y2 : Tree | node(x1, y1) = node(x2, y2) • (x1 = x2 ∧ y1 = y2)∀x1, x2 : Z | leaf (x1) = leaf (x2) • x1 = x2∀x : Z; y, z : Tree • leaf (x) 6= node(y, z)
Note: Generatedness is not expressible in first-order logicB. Beckert: Formal Specification of Software – p.12
![Page 14: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/14.jpg)
Compound Types
Set type: P T
The type of sets of elements of type T
Cartesian product type: T1 × · · · × Tn
The type of tuples (t1, . . . , tn) with ti ∈ Ti
B. Beckert: Formal Specification of Software – p.13
![Page 15: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/15.jpg)
Types: Overview
Possible type definitions
T = Z
T = [Type]
T ::= . . . (free type)
T = P T′
T = T1 × · · · × Tn
Note
All types are disjoint (not for sets that are used as types)
All terms have a unique type
B. Beckert: Formal Specification of Software – p.14
![Page 16: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/16.jpg)
Types: Overview
Possible type definitions
T = Z
T = [Type]
T ::= . . . (free type)
T = P T′
T = T1 × · · · × Tn
Note
All types are disjoint (not for sets that are used as types)
All terms have a unique type
B. Beckert: Formal Specification of Software – p.14
![Page 17: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/17.jpg)
Variables
Variable declarations
Example
x : Z
sold : P Seat
Variables can range over types and over sets
B. Beckert: Formal Specification of Software – p.15
![Page 18: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/18.jpg)
Syntactical Abbreviations
Abbreviations
must not be recursive
can be generic
Examples
numberPairs == Z×Z
pairWithNumber[S] == Z× S
Note
Type variables are “meta-variables” (cannot be quantified)
B. Beckert: Formal Specification of Software – p.16
![Page 19: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/19.jpg)
Abbreviations vs. Generated Types
weekDay1 == {mon, tue, wed, thu, fri, sat, sun}
vs.
WeekDay2 ::= mon | tue | wed | thu | fri | sat | sun
Not the same
Type definition implies elements to be different
B. Beckert: Formal Specification of Software – p.17
![Page 20: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/20.jpg)
Abbreviations vs. Generated Types
weekDay1 == {mon, tue, wed, thu, fri, sat, sun}
vs.
WeekDay2 ::= mon | tue | wed | thu | fri | sat | sun
Not the same
Type definition implies elements to be different
B. Beckert: Formal Specification of Software – p.17
![Page 21: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/21.jpg)
Axiomatic Definitions
Form of an axiomatic definition
SymbolDeclarations
ConstrainingPredicates
Example
N1 : PZ
∀ z : Z • (z ∈ N1 ↔ z ≥ 1)
B. Beckert: Formal Specification of Software – p.18
![Page 22: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/22.jpg)
Relations
Relation types/sets
S ↔ T is the type/set of relations between types/sets S and T
S ↔ T = P(S × T)
Notation
a 7→ b for (a, b) if (a, b) ∈ S ↔ T
B. Beckert: Formal Specification of Software – p.19
![Page 23: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/23.jpg)
Operations on Relations
Domain dom R
dom R = {a : S, b : T | a 7→ b ∈ R • a}
Range ran R
ran R = {a : S; b : T | a 7→ b ∈ R • b}
Restrictions of relations
S′C R = {a : S; b : T | a 7→ b ∈ R ∧ a ∈ S′ • a 7→ b}
R B T′= {a : S; b : T | a 7→ b ∈ R ∧ b ∈ T′ • a 7→ b}
S′ −C R = {a : S; b : T | a 7→ b ∈ R ∧ a 6∈ S′ • a 7→ b}
R −B T′= {a : S; b : T | a 7→ b ∈ R ∧ b 6∈ T′ • a 7→ b}
B. Beckert: Formal Specification of Software – p.20
![Page 24: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/24.jpg)
Operations on Relations
Domain dom R
dom R = {a : S, b : T | a 7→ b ∈ R • a}
Range ran R
ran R = {a : S; b : T | a 7→ b ∈ R • b}
Restrictions of relations
S′C R = {a : S; b : T | a 7→ b ∈ R ∧ a ∈ S′ • a 7→ b}
R B T′= {a : S; b : T | a 7→ b ∈ R ∧ b ∈ T′ • a 7→ b}
S′ −C R = {a : S; b : T | a 7→ b ∈ R ∧ a 6∈ S′ • a 7→ b}
R −B T′= {a : S; b : T | a 7→ b ∈ R ∧ b 6∈ T′ • a 7→ b}
B. Beckert: Formal Specification of Software – p.20
![Page 25: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/25.jpg)
Operations on Relations
Inverse relation R−1
R−1= {a : S; b : T | a 7→ b ∈ R • b 7→ a}
Composition R o9 R′ R : S ↔ T and R′ : T ↔ U
R o9 R′
= {a : S; b : T; c : U | a 7→ b ∈ R ∧ b 7→ c ∈ R′ • a 7→ c}
Closures R : S ↔ S
iteration Rn= R o
9 Rn−1
identity R0= {a : S | true • a 7→ a}
refl./trans. R∗=∪{n : N | true • Rn}
transitive R+=∪{n : N | n ≥ 1 • Rn}
symetric Rs= R ∪ R−1
reflexive Rr= R ∪ R0
B. Beckert: Formal Specification of Software – p.21
![Page 26: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/26.jpg)
Operations on Relations
Inverse relation R−1
R−1= {a : S; b : T | a 7→ b ∈ R • b 7→ a}
Composition R o9 R′ R : S ↔ T and R′ : T ↔ U
R o9 R′
= {a : S; b : T; c : U | a 7→ b ∈ R ∧ b 7→ c ∈ R′ • a 7→ c}
Closures R : S ↔ S
iteration Rn= R o
9 Rn−1
identity R0= {a : S | true • a 7→ a}
refl./trans. R∗=∪{n : N | true • Rn}
transitive R+=∪{n : N | n ≥ 1 • Rn}
symetric Rs= R ∪ R−1
reflexive Rr= R ∪ R0
B. Beckert: Formal Specification of Software – p.21
![Page 27: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/27.jpg)
Operations on Relations
Inverse relation R−1
R−1= {a : S; b : T | a 7→ b ∈ R • b 7→ a}
Composition R o9 R′ R : S ↔ T and R′ : T ↔ U
R o9 R′
= {a : S; b : T; c : U | a 7→ b ∈ R ∧ b 7→ c ∈ R′ • a 7→ c}
Closures R : S ↔ S
iteration Rn= R o
9 Rn−1
identity R0= {a : S | true • a 7→ a}
refl./trans. R∗=∪{n : N | true • Rn}
transitive R+=∪{n : N | n ≥ 1 • Rn}
symetric Rs= R ∪ R−1
reflexive Rr= R ∪ R0
B. Beckert: Formal Specification of Software – p.21
![Page 28: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/28.jpg)
Functions
Special relations
Functions are special relations
Notation
Instead of ↔
→ total function
7→ partial function
B. Beckert: Formal Specification of Software – p.22
![Page 29: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/29.jpg)
Functions
Partial functions
f ∈ S 7→ T ⇔
f ∈ S ↔ T ∧∀ a : S, b : T, b′ : T | (a 7→ b ∈ f ∧ a 7→ b′ ∈ f ) • b = b′
Total functions
f ∈ S → T ⇔
f ∈ S 7→ T ∧∀ a : S • ∃ b : T • a 7→ b ∈ f
B. Beckert: Formal Specification of Software – p.23
![Page 30: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/30.jpg)
Functions
Partial functions
f ∈ S 7→ T ⇔
f ∈ S ↔ T ∧∀ a : S, b : T, b′ : T | (a 7→ b ∈ f ∧ a 7→ b′ ∈ f ) • b = b′
Total functions
f ∈ S → T ⇔
f ∈ S 7→ T ∧∀ a : S • ∃ b : T • a 7→ b ∈ f
B. Beckert: Formal Specification of Software – p.23
![Page 31: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/31.jpg)
λ Notation for Functions
General form
λ a : S | p • e
Example
double : Z 7→ Z
double = λn : Z | n ≥ 0 • n + n
Equivalent to
double : Z 7→ Z
double = {n : N | true • n 7→ n + n}
B. Beckert: Formal Specification of Software – p.24
![Page 32: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/32.jpg)
Prefix and Infix Notation
Notation
Relations and functions can be declared prefix and infix
Parameter positions are indicated with “ ”
Example
even : PZ
∀x : Z • (even x ⇔ (∃y : Z • x = y + y))
Equivalent to
even : PZ
even = {x : Z | (∃y : Z • x = y + y)}
B. Beckert: Formal Specification of Software – p.25
![Page 33: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/33.jpg)
More Notation for Functions
Notation
7� partial injective function
� total injective function
7→→ partial surjective function
→→ total surjective function
�→ total bijective function
B. Beckert: Formal Specification of Software – p.26
![Page 34: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/34.jpg)
Three Definitions of abs
Relation (in infix notation)
abs : Z ↔ N
∀m : Z, n : N • (m abs n) ↔ (m = n ∨ −m = n)
Function
abs : Z → Z
abs = (λm : Z | m ≤ 0 • −m) ∪ (λm : Z | m ≥ 0 • m)
Function (in prefix notation)
abs : Z 7→ Z
∀x : Z | x ≤ 0 • x = −(abs x)∀x : Z | x ≥ 0 • x = abs x
B. Beckert: Formal Specification of Software – p.27
![Page 35: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/35.jpg)
Three Definitions of abs
Relation (in infix notation)
abs : Z ↔ N
∀m : Z, n : N • (m abs n) ↔ (m = n ∨ −m = n)
Function
abs : Z → Z
abs = (λm : Z | m ≤ 0 • −m) ∪ (λm : Z | m ≥ 0 • m)
Function (in prefix notation)
abs : Z 7→ Z
∀x : Z | x ≤ 0 • x = −(abs x)∀x : Z | x ≥ 0 • x = abs x
B. Beckert: Formal Specification of Software – p.27
![Page 36: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/36.jpg)
Three Definitions of abs
Relation (in infix notation)
abs : Z ↔ N
∀m : Z, n : N • (m abs n) ↔ (m = n ∨ −m = n)
Function
abs : Z → Z
abs = (λm : Z | m ≤ 0 • −m) ∪ (λm : Z | m ≥ 0 • m)
Function (in prefix notation)
abs : Z 7→ Z
∀x : Z | x ≤ 0 • x = −(abs x)∀x : Z | x ≥ 0 • x = abs x
B. Beckert: Formal Specification of Software – p.27
![Page 37: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/37.jpg)
Finite Constructs
Finite subsets of Z
m..n = {n′ : N | m ≤ n′ ∧ n′ ≤ n}
Finite sets
F T consists of the finite sets in P T
[S]F : P(P S)
F = {s : P S | (∃n : N • (∃ f : 1..n �→ s • true))}
B. Beckert: Formal Specification of Software – p.28
![Page 38: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/38.jpg)
Finite Constructs
Finite subsets of Z
m..n = {n′ : N | m ≤ n′ ∧ n′ ≤ n}
Finite sets
F T consists of the finite sets in P T
[S]F : P(P S)
F = {s : P S | (∃n : N • (∃ f : 1..n �→ s • true))}
B. Beckert: Formal Specification of Software – p.28
![Page 39: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/39.jpg)
Finite Sets: Cardinality
Cardinality operator #
[S]# : F S → N
∀ s : F S; n : N • (n = #s ↔ (∃ f : 1..n �→ s • true))
B. Beckert: Formal Specification of Software – p.29
![Page 40: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/40.jpg)
Finite Functions
Notation
7 7→ finite (partial) functions (e.g. arrays)
S 7 7→ T = {f : S 7→ T | dom f ∈ F S}
7 7� finite (partial) injective functions (e.g. duplicate-free arrays)
S 7 7� T = {f : S 7� T | dom f ∈ F S}
B. Beckert: Formal Specification of Software – p.30
![Page 41: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/41.jpg)
Sequences
Definition
seq T == {s : Z 7 7→ T | dom s = 1..#s}
Note
sequences are functions, which are relations, which are sets
the length of s is #s
Notation
The sequence {1 7→ x1, 2 7→ x2, . . . , n 7→ xn}
is written as 〈x1, x2, . . . , xn〉
B. Beckert: Formal Specification of Software – p.31
![Page 42: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/42.jpg)
Sequences
Definition
seq T == {s : Z 7 7→ T | dom s = 1..#s}
Note
sequences are functions, which are relations, which are sets
the length of s is #s
Notation
The sequence {1 7→ x1, 2 7→ x2, . . . , n 7→ xn}
is written as 〈x1, x2, . . . , xn〉
B. Beckert: Formal Specification of Software – p.31
![Page 43: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/43.jpg)
Example: Concatenation of Sequences
s a t ==
s ∪(λn : Z | n ∈ #s + 1..#s + #t • n − #s) o
9 t
B. Beckert: Formal Specification of Software – p.32
![Page 44: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/44.jpg)
Schemata
General form
NameSymbolDeclarations
ConstrainingPredicates
Linear notation
Name =̂ [SymbolDeclarations | ConstrainingPredicates]
B. Beckert: Formal Specification of Software – p.33
![Page 45: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/45.jpg)
Schemata
With empty predicate part
NameSymbolDeclarations
Linear notation
Name =̂ [SymbolDeclarations]
B. Beckert: Formal Specification of Software – p.34
![Page 46: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/46.jpg)
Schemata: Example
Theater tickets
[Seat][Person]
TicketsForPerformance0seating : P Seatsold : Seat 7→ Person
dom sold ⊆ seating
B. Beckert: Formal Specification of Software – p.35
![Page 47: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/47.jpg)
Schemata as Sets/Types
Schema
Namex1 : T1. . .xn : Tn
ConstrainingPredicates
can be seen as the following set (type) of tuples:
Name =
{x1 : T1; . . . ; xn : Tn | ConstrainingPredicates • (x1, . . . , xn)}
B. Beckert: Formal Specification of Software – p.36
![Page 48: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/48.jpg)
Schema Inclusion
Inclusion
Schemata can be used (included) in
– schema– set comprehension– quantification
by adding the schema name to the declaration part
Meaning
– declarations– constraining predicates
are added to the corresponding parts of the includingschema / set comprehension / quantification
Note: Matching names merge and must be type compatible
B. Beckert: Formal Specification of Software – p.37
![Page 49: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/49.jpg)
Schema Inclusion
Example
NumberInSeta : Z
c : PZ
a ∈ c
{NumberInSet | a = 0 • c}
is the same as
{a : Z, c : PZ | a ∈ c ∧ a = 0 • c}
(the set of all integer sets containing 0)
B. Beckert: Formal Specification of Software – p.38
![Page 50: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/50.jpg)
Schemata as Predicates
Schemata can be used as predicates in
– schema– set comprehension– quantification
by adding the schema name to the predicate part(occurring variables must already be declared)
Meaning
The constraining predicates (not: the declaration part)are added to the corresponding part of theschema / set comprehension / quantification
B. Beckert: Formal Specification of Software – p.39
![Page 51: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/51.jpg)
Schemata as Predicates
Example
NumberIn01a : Z
c : PZ
a ∈ cc ⊆ {0, 1}
∀ a : Z; c : PZ | NumberIn01 • NumberInSet
is the same as
∀ a : Z; c : PZ | a ∈ c ∧ c ⊆ {0, 1} • a ∈ c
B. Beckert: Formal Specification of Software – p.40
![Page 52: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/52.jpg)
Generic Schemata
Type/set variables can be used in schema definitions
Example
NumberInSetGeneric[X]a : Xc : P X
a ∈ c
Then
NumberInSetGeneric[Z] = NumberInSet
B. Beckert: Formal Specification of Software – p.41
![Page 53: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/53.jpg)
Variable Renaming in Schemata
Variables in schemata can be renamed
Example
NumberInSet[a/q, c/s]
is equal to
q : Z
s : PZ
q ∈ s
B. Beckert: Formal Specification of Software – p.42
![Page 54: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/54.jpg)
Conjunctions of Schemata
Schemata can be composed conjunctively
Example
Given
ConDis1a : A; b : B
P
ConDis2b : B; c : C
Q
Then the following are equivalent
ConDis1 ∧ ConDis2a : A; b : B; c : C
PQ
B. Beckert: Formal Specification of Software – p.43
![Page 55: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/55.jpg)
Disjunctions of Schemata
Schemata can be composed disjunctively
Example
Given
ConDis1a : A; b : B
P
ConDis2b : B; c : C
Q
Then the following are equivalent
ConDis1 ∨ ConDis2a : A; b : B; c : C
P ∨ Q
B. Beckert: Formal Specification of Software – p.44
![Page 56: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/56.jpg)
Example
Informal specification
Theater: Tickets for first night are only sold to friends
Specification in Z
Status ::= standard | firstNight
Friendsfriends : P Personstatus : Statussold : Seat 7→ Person
status = firstNight ⇒ ran sold ⊆ friends
B. Beckert: Formal Specification of Software – p.45
![Page 57: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/57.jpg)
Example
TicketsForPerformance1 =̂ TicketsForPerformance0 ∧ Friends
and
TicketsForPerformance1FriendsTicketsForPerformance0
are the same as
TicketsForPerformance1friends : P Person; status : Statussold : Seat 7→ Person; seating : P Seat
status = firstNight ⇒ ran sold ⊆ friendsdom sold ⊆ seating
B. Beckert: Formal Specification of Software – p.46
![Page 58: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/58.jpg)
Example
TicketsForPerformance1 =̂ TicketsForPerformance0 ∧ Friends
and
TicketsForPerformance1FriendsTicketsForPerformance0
are the same as
TicketsForPerformance1friends : P Person; status : Statussold : Seat 7→ Person; seating : P Seat
status = firstNight ⇒ ran sold ⊆ friendsdom sold ⊆ seating
B. Beckert: Formal Specification of Software – p.46
![Page 59: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/59.jpg)
Normalisation of Schemata
Normalisation
A schema is normalised if in the declaration part
Variables are typed
but not restricted to subsets of types
Example
The normalisation of
x : N
P
is
x : Z
x ≥ 0P
B. Beckert: Formal Specification of Software – p.47
![Page 60: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/60.jpg)
Normalisation of Schemata
Normalisation
A schema is normalised if in the declaration part
Variables are typed
but not restricted to subsets of types
Example
The normalisation of
x : N
P
is
x : Z
x ≥ 0P
B. Beckert: Formal Specification of Software – p.47
![Page 61: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/61.jpg)
Negation of Schemata
A schema is negated by negating the predicate part inits normalised form
Example
The negation of
x : N
P
which is
x : Z
¬ (x ∈ N ∧ P)
is the negation of
x : Z
x ∈ N
P
B. Beckert: Formal Specification of Software – p.48
![Page 62: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/62.jpg)
Schemata as Operations
States
A state is a variable assignment
A schema describes a set of states
Operations
To describe an operation,a schema must describe pairs of states (pre/post)
Notation
Variables are decorated with ′ to refer to their value in the post state
Whole schemata can be decorated
B. Beckert: Formal Specification of Software – p.49
![Page 63: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/63.jpg)
Schemata as Operations
States
A state is a variable assignment
A schema describes a set of states
Operations
To describe an operation,a schema must describe pairs of states (pre/post)
Notation
Variables are decorated with ′ to refer to their value in the post state
Whole schemata can be decorated
B. Beckert: Formal Specification of Software – p.49
![Page 64: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/64.jpg)
Schemata as Operations
Example
NumberInSet′
is the same as
NumberInSet′a′ : Z
c′ : PZ
a′ ∈ c′
Further decorations
input variables are decorated with “?”
output variables are decorated with “!”
B. Beckert: Formal Specification of Software – p.50
![Page 65: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/65.jpg)
Schemata as Operations
Example
NumberInSet′
is the same as
NumberInSet′a′ : Z
c′ : PZ
a′ ∈ c′
Further decorations
input variables are decorated with “?”
output variables are decorated with “!”B. Beckert: Formal Specification of Software – p.50
![Page 66: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/66.jpg)
Example
Theater: Selling tickets
Purchase0TicketsForPerformance0TicketsForPerformance0′s? : Seatp? : Person
s? ∈ seating\dom soldsold′ = sold ∪ {s? 7→ p?}seating′ = seating
(no output variables in this schema)
B. Beckert: Formal Specification of Software – p.51
![Page 67: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/67.jpg)
Example
Response ::= okay | sorry
Successr! : Response
r! = okay
Then
Purchase0 ∧ Success
is a schema that reports successful ticket sale
B. Beckert: Formal Specification of Software – p.52
![Page 68: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/68.jpg)
Schemata as Operations: General Form
StateSpacex1 : T1; . . . ; xn : Tn
inv(x1, . . . , xn)
OperationStateSpaceStateSpcae′i1? : U1; . . . ; im? : Umo1! : V1; . . . ; op! : Vp
pre(i1?, . . . , im?, x1, . . . , xn)op(i1?, . . . , im?, x1, . . . , xn, x′1, . . . , x′n, o1!, . . . , op!)
B. Beckert: Formal Specification of Software – p.53
![Page 69: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/69.jpg)
The ∆ Operator
Definition
∆Schema abbreviates Schema ∧ Schema′
General form of operation schema using ∆
Operation∆StateSpacei1? : U1; . . . ; im? : Umo1! : V1; . . . ; op! : Vp
pre(i1?, . . . , im?, x1, . . . , xn)op(i1?, . . . , im?, x1, . . . , xn, x′1, . . . , x′n, o1!, . . . , op!)
B. Beckert: Formal Specification of Software – p.54
![Page 70: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/70.jpg)
The Ξ Operator
Definition
ΞSchema abbreviates ∆Schema ∧ (x1 = x′1 ∧ . . . ∧ xn = x′n)
where x1, . . .xn are the variables declared in Schema
General form of operation schema using Ξ
OperationΞStateSpacei1? : U1; . . . ; im? : Umo1! : V1; . . . ; op! : Vp
pre(i1?, . . . , im?, x1, . . . , xn)op(i1?, . . . , im?, x1, . . . , xn, o1!, . . . , op!)
Using Ξ indicates that the operation does not change the stateB. Beckert: Formal Specification of Software – p.55
![Page 71: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/71.jpg)
The Operators ∆ and Ξ: Example
The following schemata are equivalent
ΞNumberInSet
∆NumberInSet
a = a′c = c′
NumberInSetNumberInSet′
a = a′c = c′
B. Beckert: Formal Specification of Software – p.56
![Page 72: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/72.jpg)
Example
Theater: Selling tickets, but only to friends if first night performance
Purchase1∆TicketsForPerformance1s? : Seatp? : Person
s? ∈ seating\dom soldstatus = firstNight ⇒ (p? ∈ friends)sold′ = sold ∪ {s? 7→ p?}seating′ = seatingstatus′ = statusfriends′ = friends
B. Beckert: Formal Specification of Software – p.57
![Page 73: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/73.jpg)
Example
NotAvailableΞTicketsForPerformance1s? : Seatp? : Person
s? ∈ dom sold ∨ (status = firstNight ∧ ¬ p? ∈ friends)
Failurer! : Response
r! = sorry
TicketServiceForPerformance =̂
(Purchase1 ∧ Success) ∨(NotAvailable ∧ Failure)
B. Beckert: Formal Specification of Software – p.58
![Page 74: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/74.jpg)
Quantifying (Hiding) Variables in Schemata
Schema quantification
∀x : S • Schema resp.∃x : S • Schema
(existential quantification is also called “variable hiding”)
Example
∃ a : Z • NumberInSet
is the same as
c : PZ
∃ a : Z • a ∈ c
B. Beckert: Formal Specification of Software – p.59
![Page 75: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/75.jpg)
Quantifying (Hiding) Variables in Schemata
Schema quantification
∀x : S • Schema resp.∃x : S • Schema
(existential quantification is also called “variable hiding”)
Example
∃ a : Z • NumberInSet
is the same as
c : PZ
∃ a : Z • a ∈ c
B. Beckert: Formal Specification of Software – p.59
![Page 76: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/76.jpg)
Composition of Operation Schemata
Definition
Operation schemata can be composed using o9, where
every variable with ′ in the first schema must occur without ′
in the second schema
these variables are identified and
hidden from the outside
B. Beckert: Formal Specification of Software – p.60
![Page 77: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/77.jpg)
Composition: General form
Op1x1 : T1; . . . ; xp : Tpz1 : V1; . . . ; zn : Vnz′1 : V1; . . . ; z′n : Vn
op1(x1, . . . , xp,z1, . . . , zn, z′1, . . . , z′n)
Op2y1 : U1; . . . ; yq : Uqz1 : V1; . . . ; zn : Vnz′1 : V1; . . . ; z′n : Vn
op2(y1, . . . , yq,z1, . . . , zn, z′1, . . . , z′n)
Op1 o9 Op2
x1 : T1; . . . ; xp : Tpy1 : U1; . . . ; yq : Uqz1 : V1; . . . ; zn : Vnz′1 : V1; . . . ; z′n : Vn
∃ z′′1 : V1; . . . ; z′′n : Vn •op1(x1, . . . , xp, z1, . . . , zn, z′′1 , . . . , z′′n)op2(y1, . . . , yq, z′′1 , . . . , zn, z′1, . . . , z′n)
B. Beckert: Formal Specification of Software – p.61
![Page 78: The Z Specication Language - KITformal.iti.kit.edu/~beckert/teaching/Spezifikation-SS04/11Z.pdf · The Z Specication Language Based on Typed r st-order predicate logic Zermelo-Fraenkel](https://reader034.fdocuments.us/reader034/viewer/2022051305/5a79d0f37f8b9ab05f8ca9fc/html5/thumbnails/78.jpg)
Example
Purchase1 o9 Purchase1[s?/s2?]
is equivalent to
∆TicketsForPerformance1s? : Seat; s2? : Seat; p? : Person
s? ∈ seating\dom solds2? ∈ seating\dom(sold ∪ {s? 7→ p?})status = firstNight ⇒ (p? ∈ friends)sold′ = sold ∪ {s? 7→ p?, s2? 7→ p?}seating′ = seatingstatus′ = statusfriends′ = friends
B. Beckert: Formal Specification of Software – p.62