COMSATS

Department of Computer Science

Lecture 4: More Fundamentals, Z Example

Formal Methods of S/W Development

Dr. Saif U. R. Malik

Assistant Professor
Agenda
 Review of Lecture 3
 Specifying Sequential Systems
 More Fundamentals: Set Theory
 Z Example: A Birthday Book
 Z Tools and Online Resources

2
Logic
 Propositional: uses declarative statements or assertions
𝑝 ¬𝑝 p∧𝑞 p∨𝑞 p→𝑞 p≡𝑞

 Predicate: extends propositional logic with relationships

𝑃(x) 𝑆(y, z)

 1st Order Predicate Logic: quantifiers on variables

∀ 𝑥 ⋅ 𝑃(𝑥) ∃𝑦 ∃𝑧 ⋅ 𝑆(𝑦, 𝑧)

3
Sets
 Collection of Elements
 Elements do not repeat {a, a, b}
 Elements are not ordered {a, b, c} is same as {b, a, c}

 Special Sets
 ℕ = {0, 1, 2, 3, … } natural numbers
 ℤ = {… , −2, −1, 0, 1, 2, … } integers
 ∅ empty set

 Set Membership
 𝑥 ∈ 𝑋 is true if 𝑥 is in the set 𝑋, otherwise 𝑥 ∉ 𝑋
4
Set Expressions
 Can express a set by listing its elements
 𝐴 = {𝑎, 𝑏, 𝑐}
 Impractical for large sets, impossible for infinite sets

 Sets can also be defined by giving a predicate that specifies

precisely what elements are in the set
 𝐵 = 𝑥 ∶ ℕ 𝑥 < 99 }
 More generally, 𝑥 ∶ 𝑋 𝑃 𝑥 }

Is there a difference between 𝑥 ∶ 𝑋 and 𝑥 ∈ 𝑋 ?

5
Subset
Subset (⊆)
 If 𝐴 and 𝐵 are sets, 𝐴 ⊆ 𝐵
is a predicate equivalent to:
∀𝑥 ∶ 𝐴 ⋅ 𝑥 ∈ 𝐵

Strict Subset (⊂)

 If 𝐴 and 𝐵 are sets, 𝐴 ⊂ 𝐵
is a predicate equivalent to:
𝐴⊆𝐵 ∧ 𝐴≠𝐵
6
Power Set and Cross Product
Power Set (ℙ)
 If 𝑋 is a set, ℙ 𝑋 is the set of all possible subsets of 𝑋
 ℙ {a, b, c} = {∅, 𝑎 , 𝑏 , 𝑐 , 𝑎, 𝑏 , 𝑏, 𝑐 , 𝑎, 𝑐 , 𝑎, 𝑏, 𝑐 }
 If 𝑋 has 𝑘 elements ℙ 𝑋 has 2𝑘 elements

Cross Product (×)

 If 𝐴 and 𝐵 are sets, 𝐴 × 𝐵 is the set of all ordered pairs 𝑎, 𝑏
with 𝑎 ∈ 𝐴 and 𝑏 ∈ 𝐵
 a, b × 𝑎, 𝑐 = { a, a , a, c , b, a , b, c }
7
Intersection and Union
Set Intersection (∩)
 If 𝐴, 𝐵 ∶ ℙ 𝑋 then 𝐴 ∩ 𝐵
is a set equal to:
𝑥∶𝑋 𝑥∈𝐴 ∧ 𝑥∈𝐵}

Set Union (∪)

 If 𝐴, 𝐵 ∶ ℙ 𝑋 then 𝐴 ∪ 𝐵
is a set equal to:
𝑥∶𝑋 𝑥∈𝐴 ∨ 𝑥∈𝐵}
8
Difference and Cardinality
Set Difference (−)
 If 𝐴, 𝐵 ∶ ℙ 𝑋 then 𝐴 − 𝐵
is a set equal to:
𝑥∶𝑋 𝑥∈𝐴 ∧ 𝑥∉𝐵}
 𝑎, 𝑏, 𝑐 − 𝑏, 𝑔 = {𝑎, 𝑐}

Cardinality
 If 𝐴 is a finite set then |𝐴| is a natural number denoting the
number of elements in 𝐴. For example, 𝑎, 𝑏, 𝑐 = 3

Finite, Countably Infinite, and Uncountable Sets? 9

Relations
 A relation 𝑅 from 𝐴 to 𝐵
denoted 𝑅 ∶ 𝐴 ↔ 𝐵 is a
subset of 𝐴 × 𝐵

 Notation
 𝑐, 𝑧 ∈ 𝑅
 𝑐↦𝑧∈𝑅
 𝑐𝑅𝑧 𝑅 = { 𝑐, 𝑥 , 𝑐, 𝑧 , 𝑑, 𝑥 , 𝑑, 𝑦 , (𝑑, 𝑧)}
 Domain and Range
 𝑑𝑜𝑚 𝑅 = 𝑎 ∶ 𝐴 ∃𝑏 ∶ 𝐵 ⋅ 𝑎 𝑅 𝑏 }
 𝑟𝑎𝑛 𝑅 = 𝑏 ∶ 𝐵 ∃𝑎 ∶ 𝐴 ⋅ 𝑎 𝑅 𝑏 } 10
Functions
 A partial function 𝑓 from 𝐴 to 𝐵, denoted 𝑓 ∶ 𝐴 ⟶ 𝐵, is a
subset of 𝐴 × 𝐵 with the property that for each 𝑎 ∈ 𝐴 there
is at most one 𝑏 ∈ 𝐵 with 𝑎, 𝑏 ∈ 𝑓

𝑑𝑜𝑚 𝑓 𝑟𝑎𝑛 𝑓
𝑎 ∶ 𝐴 ∃𝑏 ∶ 𝐵 ⋅ 𝑎, 𝑏 ∈ 𝑓 } 𝑏 ∶ 𝐵 ∃𝑎 ∶ 𝐴 ⋅ 𝑎, 𝑏 ∈ 𝑓 }
11
Functions (cont’d)
 Function Application
 Suppose 𝑎 ∈ 𝑑𝑜𝑚 𝑓,
then 𝑓(𝑎) denotes the
unique image in 𝐵 that
a is mapped to by 𝑓

 Notation
 𝑎, 𝑏 ∈ 𝑓 and 𝑓 𝑎 = 𝑏 are equivalent

 Total Functions
 A function 𝑓 is a total function, denoted 𝑓 ∶ 𝐴 ⟶ 𝐵
if and only if 𝑑𝑜𝑚 𝑓 is the set 𝐴 12
Z Example: A Birthday Book
 Description
 A system that records people’s birthdays and is able to
issue a reminder when the day comes around
 Spivey - Z Reference Manual, chapter one (pages 1-10)

 State Space Schema

13
States
 Initial State Schema

 In consequence, the function 𝑏𝑖𝑟𝑡ℎ𝑑𝑎𝑦 is empty too

𝑘𝑛𝑜𝑤𝑛 = { 𝐽𝑜ℎ𝑛, 𝑀𝑖𝑘𝑒, 𝑆𝑢𝑠𝑎𝑛 }

What do the states of
𝑏𝑖𝑟𝑡ℎ𝑑𝑎𝑦 = { 𝐽𝑜ℎ𝑛 ↦ 25 𝑀𝑎𝑟,
this system look like?
𝑀𝑖𝑘𝑒 ↦ 20 Dec,
Susan ↦ 20 Dec } 14
Operations
 Specify an operation to add a new birthday entry
 Consider: convention, inputs, and pre/post- conditions

Add Birthday Operation

15
Operations (cont’d)
 Specify an operation to find (retrieve) a person’s birthday
 Consider: convention, inputs, outputs, and pre/post-

Find Birthday Operation

16
Operations (cont’d)
 Specify an operation to remind you who’s birthday is it today
 Consider: convention, inputs, outputs, and pre/post-

Remind Operation

17
Considering All Scenarios
 An implementation of the Birthday Book specification will
work as long as there are no mistakes in the input, i.e., if
the pre-conditions have been met.

 For completeness, we should also specify error cases:

 Adding the birthday of someone that is already known
 Trying to find the birthday of someone that is not known

 To help achieve this, a new type definition is introduced to

describe success and error conditions.
 𝑅𝐸𝑃𝑂𝑅𝑇 ≔ 𝑜𝑘 𝑎𝑙𝑟𝑒𝑎𝑑𝑦_𝑘𝑛𝑜𝑤𝑛 𝑛𝑜𝑡_𝑘𝑛𝑜𝑤𝑛
18
Combining Schemas
 Z facilitates combining new schemas with existing schemas,
which promotes modularization and reuse

 A reusable schema to describe successful completion of an

operation can first be defined:

and then integrated through schema conjunction.

e.g., 𝐴𝑑𝑑𝐵𝑖𝑟𝑡ℎ𝑑𝑎𝑦 ∧ 𝑆𝑢𝑐𝑐𝑒𝑠𝑠

19
Handling Error Cases
 Error condition of adding an already known birthday

Putting it together, we get a robust version of AddBirthday

𝑅𝐴𝑑𝑑𝐵𝑖𝑟𝑡ℎ𝑑𝑎𝑦 =
ෝ 𝐴𝑑𝑑𝐵𝑖𝑟𝑡ℎ𝑑𝑎𝑦 ∧ 𝑆𝑢𝑐𝑐𝑒𝑠𝑠 ∨ 𝐴𝑙𝑟𝑒𝑎𝑑𝑦𝐾𝑛𝑜𝑤𝑛
20
Handling Error Cases (cont’d)
 Error condition of searching for a person that is not known

Putting it together, we get a robust version of FindBirthday

𝑅𝐹𝑖𝑛𝑑𝐵𝑖𝑟𝑡ℎ𝑑𝑎𝑦 =
ෝ 𝐹𝑖𝑛𝑑𝐵𝑖𝑟𝑡ℎ𝑑𝑎𝑦 ∧ 𝑆𝑢𝑐𝑐𝑒𝑠𝑠 ∨ 𝑁𝑜𝑡𝐾𝑛𝑜𝑤𝑛
21
 Assignment # 2
Requirements:
Develop a Z specification for a library system in which members can register to
become a member, borrow (checkout) available books and return (check-in)
previously borrowed books.

Grading:
(1) Provide a brief and clear description of the functionalities to be specified
and assumptions / restrictions made,
(2) Correct use of Z symbols / notations,
(3) Correct specification (completeness, consistency, preciseness etc.),
(4) Proper description and clear explanation.

22