Z Schemas

1
Z Schemas

• Chapter 7
• Formal Specification using Z
• Example of Z specification Document

2
Schemas

• A specification document in Z consists of
  narrative text interspersed with formal Z
  notation called schemas.
• ?S_________
• ? a,b N
• ?________
• ? a lt b
• ?__________
• This schema is called S and it declares two
  variables a and b. It contains a constraining
  predicate which states that a must be less than b.

3
Schemas

• The general form of a schema is.
• ?SchemaName_____
• ? Declarations
• ?________
• ? Predicate
• ?__________
• A schema can also be written in a linear form
• SchemaName Declarations Predicate
• The previous example would be written in linear
  form as
• S a,b N altb

4
Schemas

• It is possible to have an anonymous schema, no
  name.
• It is possible to have a schema with no
  predicate.
• Variables are local to a schema. If you require
  variables from another schema you must include it
  in your current schema.
• Global variables are available to all schemas,
  they are introduced by axiomatic definition and
  cannot be changed by any operation. For example
• capacity N
• If you wish to constrain a variable, the general
  form is
• ? Declarations
• ?________
• ? Predicate
• ?__________

5
Schemas

• For example
• ? MaxOnCourse
• ?________
• ? MaxOnCourse 630
• ?__________
• Schemas can make reference to capacity and
  MaxOnCourse without explicitly including their
  defining schemas.
• ?Course_____
• ? numberEnrolled
• ?________
• ? numberEnrolled MaxOnCourse
• ?__________

6
Schemas

• Each line of declaration part is separated by a
  semicolon.
• Each line of predicate part is connected with
  the and operation
• ?Class_____
• ? lecturer PERSON
• ? student PPERSON
• ?________
• ? lecturer student
• ? student MaxOnCourse
• ?__________

Is an abbreviation for ?Class_____ ? lecturer
PERSON ? student PPERSON ?________ ? lecturer
student L ? student MaxOnCourse
?__________
7
Schema Calculus

• Schemas can be regarded as units and manipulated
  by various operators that are analogous to the
  logical operators (L ,v, etc. )
• The schema name S decorated with a prime (S) is
  defined to be the same as the schema S with all
  its variables decorated with a prime. It is used
  to signify the value of a schema after some
  operation.

After operation ?S______? ? a,b N ?______ ?
a lt b ?________
Before operation ?S______ ? a,b N ?______ ? a lt
b ?_______
8
Inclusion

• The name of a schema can be included in the
  declaration of another schema. When a schema is
  textually imported its declarations are merged
  with those of the including schema and its
  predicate part is conjoined (anded) with that of
  the including schema. Any variables that have the
  same name must have the same type.

9
Inclusion
Including a schema ?IncludeS___ ? c N ?
S ?______ ? c lt 10 ?_______
Is a short way of writing ?includeS_ ? c N ?
a,b N ? ?______ ? c lt 10 ? a lt b ?________
10
Schema Conjunction
Definition of T ?T___ ? b,c N ?______ ? b lt
c ?_____
Definition of S ?S___ ? a,b N ?______ ? a lt
b ?_______
SandT S L T ? SandT _ ?a,b,c N? ?______ ? a lt
b ? b lt c ?________
11
Schema Disjunction
Definition of T ?T___ ? b,c N ?______ ? b lt
c ?_____
Definition of S ?S___ ? a,b N ?______ ? a lt b
?_______
SorT S v T ? SandT ___ ?a,b,c N? ?______ ? (a
lt b) v ? (b lt c) ?________
12
Delta Convention
The convention that a value of a variable before
an operation is denoted by an undecorated name of
the variable, and the value after an operation is
decorated by a prime () is used in the delta
naming convention. A schema with a capital delta
(D often denotes some change) as the first
character of its name is defined as

Definition of Delta S ?DS___ ? a,b N ? a,b
N ?______ ? a lt b ? a lt b ?_______
13
Xi Convention
The convention a schema with the Greek capital
letter xi (X) as the first character of its
name, such as XS, is defined as the same as DS
but with the constraint that the new value of
every variable is the same as the old. The state
of does not change. For example a query is an
operation that produces a result that should not
change the state of a database.

Definition of Xi S ?XS___ ? a,b N ? a,b
N ?______ ? a lt b ? a lt b ? a a ? b
b ?_______
14
Schema Input Output
Finishing variable names with a question mark (?)
indicates input to the schema. Finishing variable
names with a exclamation mark (!) indicates
output from the schema.
Definition of Add ?Add___ ? a?,b? N ? sum!
N ?______ ? sum! a? b? ?_______
15
Schema Example
A computer display shows lines of characters with
each line consisting of a fixed number of columns
containing a character in a fixed-width typeface.
A cursor marks the current position of interest
on the display. The user can press
cursor-control keys on the keyboard, some of
which directly control the position of the
cursor.
KEY home return left right up
down ? numLines N ? numColumns N ?______ ? 1
numLines ? 1 numColumns ?_______
16
Schema Example
The lines are numbered from 1 to numLines down
the display and the columns are numbered 1 to
numColumns across the display.
numColumns
column
1
1
line
cursor
numLines
17
The State

• At any time the cursor is within the bounds of
  the display. The state of the cursor can be
  described by the schema Cursor.
• ?Cursor___
• ? line N
• ? column N
• ?______
• ? line 1..numLines
• ? column 1..numColumns
• ?_______

18
Home Key

• The operations for moving the cursor can be
  built up one at a time. The simplest is to
  respond to the home key. It causes the cursor to
  the top left corner of the display.
• ?HomeKey___
• ? Dcursor
• ? key? KEY
• ?______
• ? key? home
• ? line 1
• ? column 1
• ?________

19
Home Key

• We are using the delta convention with Dcursor
  defined as
• ? Dcursor ___
• ? line, line N
• ? column, column N
• ?______
• ? line 1..numLines
• ? line 1..numLines
• ? column 1..numColumns
• ? column 1..numColumns
• ?_______

20
Down Key

• The operation for moving the cursor down, in the
  normal case, can be defined as
• ?DownKeyNormal___
• ? Dcursor
• ? key? Key
• ?______
• ? key? down
• ? line lt numLines
• ? line line 1
• ? column column
• ?________

21
Down Key

• The operations for moving the cursor down, when
  the cursor is at the bottom of the display, can
  be defined as
• ?DownKeyAtBottom___
• ? Dcursor
• ? key? KEY
• ?______
• ? key? down
• ? line numLines
• ? line 1
• ? column column
• ?________

22
Down Key

• The operation for moving the cursor down is
  defined to wrap round to the top of the
  display. The full behaviour is given by
• DownKey DownKeyNormal v DownKeyAtBottom
• The operation defined by oring the two
  behaviours.

23
Return Key

• The response to the return key is to move the
  cursor to the leftmost column of the next line
  down or the top of the screen if the cursor is
  already on the bottom line. This can be defined
  as
• ?ReturnKey___
• ? Dcursor
• ? key? KEY
• ?______
• ? key? return
• ? column 1
• ? ((line lt numLines L line line1)
• ? v
• ? (line numLines L line1))
• ?________

24
Right Key

• First we deal with the case where the cursor is
  not at the far right of the display
• ?RightKeyNormal___
• ? Dcursor
• ? key? KEY
• ?______
• ? key? right
• ? column lt numColumns
• ? column column1
• ? line line
• ?________

25
Right Key

• Next we deal with the case where the cursor is at
  the far right of the display
• ?RightKeyAtEnd___
• ? Dcursor
• ? key? KEY
• ?______
• ? key? right
• ? column numColumns
• ? column 1
• ? line lt numLines
• ? line line 1
• ?________

26
Right Key

• Finally we deal with the case where the cursor is
  at the far right of the bottom line of the
  display
• ?RightKeyAtBottom___
• ? Dcursor
• ? key? KEY
• ?______
• ? key? right
• ? column numColumns
• ? column 1
• ? line numLines
• ? line 1
• ?________

27
Right Key

• These three schemas can be combined to form one
  schema that defines the response of the cursor to
  the right key being pressed in all initial
  positions of the cursor
• RightKey RightKeyNormal v RightKeyAtEnd v
  
• 
  RightKeyAtBottom

28
Cursor-control key action

• The action of the cursor on pressing any of these
  cursor-control keys can be defined as
• CursorControlKey RightKey v HomeKey v ReturnKey
• UpKey v DownKey
  v LeftKey

29
Schema Composition

• The composition of a schema S with schema T is
  written
• ST
• and signifies the effect of doing S, and the
  doing T. For example, to show the effect of
  pressing the right-key and then the left-key on
  the display in this case using the definition of
  CursorControlKey
• PressRight CursorControlKey L k?right
• PressLeft CursorControlKey L k?left
• The composition of the two actions is written
• PressRight PressLeft

30
Answer to Q7.1

• Base types and initialization
• PERSON the set of all uniquely identifiable
  persons
• RESPONSE OK AlreadyAUser NotAUser
  LoggedIn NotLoggedIn
• ?Computer___
• ? users, loggedIn ?PERSON
• ?______
• ? loggedIn z users
• ?________
• ?InitComputer___
• ? Computer
• ?______
• ? loggedIn ?
• ? users ?
• ?________

31
Answer to Q7.2

• Add user
• PERSON the set of all uniquely identifiable
  persons
• RESPONSE OK AlreadyAUser NotAUser
  LoggedIn NotLoggedIn
• ?AddUser0___
• ? ?Computer
• ? p? PERSON
• ?______
• ? p? ? users
• ? users users ? p?
• ? loggenIn loggedIn
• ?________

32
Answer to Q7.2

• Add user error
• PERSON the set of all uniquely identifiable
  persons
• RESPONSE OK AlreadyAUser NotAUser
  LoggedIn NotLoggedIn
• ?AddUserError___
• ? ?Computer
• ? p? PERSON
• ? reply! RESPONSE
• ?______
• ? p?? users
• ? reply! AlreadyAUser
• ?________
• AddUser (AddUser0 ? reply!RESPONSE
  reply!OK) ? AddUserError

33
Answer to Q7.3

• Remove user
• PERSON the set of all uniquely identifiable
  persons
• RESPONSE OK AlreadyAUser NotAUser
  LoggedIn NotLoggedIn
• ?RemoveUser0___
• ? ?Computer
• ? p? PERSON
• ?______
• ? p?? users
• ? p? ? loggenIn
• ? users users \ p?
• ? loggenIn loggedIn
• ?________

34
Answer to Q7.3

• Remove user error
• ?RemoveUserError___
• ? ?Computer
• ? p? PERSON
• ? reply! RESPONSE
• ?______
• ? (p? ? users ?
• ? reply! NotAUser)
• ? ?
• ?(p? ? users ?
• ? p? ? loggedIn ?
• ?reply! LoggedIn)
• ?________
• RemoveUser (RemoveUser0 ? reply!RESPONSE
  reply!OK) ? RemoveUserError

35
Answer to Q7.4

• Log in
• PERSON the set of all uniquely identifiable
  persons
• RESPONSE OK AlreadyAUser NotAUser
  LoggedIn NotLoggedIn
• ?Login0________
• ? ?Computer
• ? p? PERSON
• ?_________
• ? p?? users
• ? p? ? loggenIn
• ? users users
• ? loggenIn loggedIn ? p?
• ?________________

36
Answer to Q7.4

• Log in Error
• ?LoginError________
• ? ? Computer
• ? p? PERSON
• ? reply! RESPONSE
• ?_________
• ? (p? ? users ?
• ? reply! NotAUser)
• ? ?
• ?(p? ? users ?
• ? p? ? loggedIn ?
• ?reply! LoggedIn)
• ?________
• Login (Login0 ? reply!RESPONSE
  reply!OK) ? LoginError

37
The overall structure of a Z specification

• A Z specification document consists of
  mathematical text in Z notation, interleaved with
  explanatory text in natural language. The text
  should be expressed in terms of the problem and
  should not refer directly to the mathematical
  formulation, however for tutorial work this
  restriction is relaxed.

38
Sections of a Z specification

• Introduction.
• The types used.
• The state and its invariant properties
• An initialisation operation.
• Operations and queries.
• Error handling.
• Final versions of operations and enquiries.