Model-based Specification-Software Engineering-Lecture 11 Slides-Computer Science, Slides of Software Engineering

The course is intended to develop an understanding of the problems associated with the development of significant computing systems (that is, systems that are too large to be designed and developed by a single person, and are designed to be used by many users) and to appreciate the techniques and tools necessary to develop such systems efficiently, in a cost-effective manner. Model-based Specification, Schemas, Z Schema, State Space Schemas, Operation Schemas, CADIZ, Z Specifications

Typology: Slides

2011/2012

Uploaded on 02/03/2012

gustavott
gustavott 🇬🇧

3.9

(14)

253 documents

1 / 14

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
LECTURE 11: Z
Software Engineering
Mike Wooldridge
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe

Partial preview of the text

Download Model-based Specification-Software Engineering-Lecture 11 Slides-Computer Science and more Slides Software Engineering in PDF only on Docsity!

LECTURE 11: Z

Software Engineering

1 Introduction

  • In this lecture, we introduce schemas, the most distinctive feature of the Z specification language.
  • We show how a simple computer system can be specified in Z.
  • The most fundamental operation we use is the assignment statement, ‘:=’... such statements change the state of a system.
  • In Z, we represent the state space of a system as a collection of functions, sets, relations, sequences, bags, etc., together with a collection of invariant properties on these objects.
  • These invariant properties describe regularities between state changes.
  • How about operations? What level of abstraction to we deal with them? Lowest level would be assignment statement level. We start with more abstract descriptions.
  • Operations are usually defined in terms of pre- and post- conditions.
  • Operations define acceptable state transitions.

2 Schemas

  • The Z schema is a 2-dimensional graphical notation for describing: - state spaces; - operations.
  • Definition: A vertical-form schema is either of the form SchemaName Declarations Predicate 1 ; · · · ; Predicaten

or of the form SchemaName Declarations

  • In the latter case, the predicate part is assumed to be ‘true’.

2.1 State Space Schemas

  • Here is an example state-space schema, representing part of a system that records details about the phone numbers of staff. (Assume that NAME is a set of names, and PHONE is a set of phone numbers.) PhoneBook known : IP NAME tel : NAME → 7 PHONE dom tel = known
  • The declarations part of this schema introduces two variables: known and tel.
  • The value of known will be a subset of NAME, i.e., a set of names. This variable will be used to represent all the names that we know about — those that we can give a phone number for.
  • The value of tel will be a partial function from NAME to PHONE, i.e., it will associate names with phone numbers.
  • The declarations part is separated from the predicate part by the horizontal line.
  • The predicate part contains the following invariant: The domain of tel is always equal to the set known.
  • Return to the telephone book example, and consider the ‘lookup’ operation: we put a name in, and get a phone number out. - this operation accesses the PhoneBook schema; - it does not change it; - it takes a single ‘input’ — a name for which we want to find a phone number; - it produces a single output — a phone number. - it has the pre-condition that the name is known to the database.
  • Here is a Z schema specifying the lookup operation: Find ΞPhoneBook name? : NAME phone! : PHONE name? ∈ known phone! = tel(name?)

This illustrates the following Z conventions:

  • placing the name of the schema in the declarations part ‘includes’ that schema — it is as if the variables were declared where the name is;
  • ‘input’ variable names are terminated by a question mark; -... the only input is name?
  • ‘output’ variables are terminated by an exclamation mark; -... the only output is phone!
  • the Ξ (Xi) symbol means that the PhoneBook schema is not changed;
  • if we have written a ∆ (delta) instead of Ξ, it would mean that the PhoneBook schema did change.
  • the pre-condition is that name? is a member of known;
  • the post-condition is that phone! is set to tel(name?).
  • EXERCISE. Rewrite this schema to get rid of post-condition, and allow overwriting of existing names.

3 CADIZ

  • CADIZ is an automated checker and typesetter for Z specifications.
  • It takes as its input a plain ASCII file, prepared using an ordinary text editor. This file contains various instructions describing Z schemas.
  • It then performs some checks on this specification, and depending on what command-line options you gave, it will: - typeset your spec., producing a binary file with a .dit extension, which can be printed off with the printz command; - allow you to browse through the spec., and get feedback on certain parts of it.