Vous êtes sur la page 1sur 18

Ren Witte

Chapter 10 Key Points

Formal Requirements Specification with Z


Introduction

Foundations

Requirements Specification & Documentation (V) Sets


Functions
Relations

SOEN 6481, Winter 2015/16 Specification with Z


Data Schemas
Operation Schemas
Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Conclusions

Notes and Further


Reading

Ren Witte
Department of Computer Science
and Software Engineering
Concordia University
10.1

Key Points Ren Witte

Key Points

Introduction

Foundations
Sets
Functions
State-based Specification Relations

Specification with Z
Z is a well-known formal specification language Data Schemas
Operation Schemas
model-based specification Reasoning
BirthdayBook Example

describe legal system states through pre-/post-conditions and invariants Strengthening the
Specification

mathematical foundations are (typed) sets, relations, and functions; as well as


Combining Schemas

Conclusions
first-order predicate logic and lambda calculus Notes and Further
Reading
ISO Standard (2002) 13568

10.2

Outline Ren Witte

1 Introduction
Key Points

Introduction
2 Foundations Foundations
Sets Sets
Functions
Functions Relations

Relations Specification with Z


Data Schemas
Operation Schemas

3 Specification with Z
Reasoning
BirthdayBook Example

Data Schemas Strengthening the


Specification

Operation Schemas Combining Schemas

Reasoning Conclusions

Notes and Further


BirthdayBook Example Reading

Strengthening the Specification


Combining Schemas

4 Conclusions

5 Notes and Further Reading

10.3
Requirements Specification & Documentation Ren Witte

Key Points

Introduction

Foundations
Sets
Functions
Relations

Specification with Z
Data Schemas
Operation Schemas
Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Conclusions

Notes and Further


Reading

Copyright 2009 by John Wiley & Sons Ltd, [vL09]

10.4

State-Based Specification Ren Witte

Key Points

Introduction

Foundations
Sets

Specify State of a System at defined Snapshots Functions


Relations

Logic-based specification for requirements, assumptions, and domain properties: Specification with Z
Data Schemas
Pre-Condition: Must hold before an operation can be applied Operation Schemas
Reasoning
Post-Condition: Must hold after executing an operation BirthdayBook Example
Strengthening the

Invariant: Must always hold (at defined snapshots) during an operation Specification
Combining Schemas

Core idea: define a system through a set of types (a schema) and operations Conclusions

performed on these types. Notes and Further


Reading

Focus on properties, not algorithms

10.5

BirthdayBook Example Ren Witte

Z Schema Definition Key Points

The BirthdayBook schema defines the state space of the birthday book system: Introduction

Foundations

[NAME, DATE]
Sets
Functions
Relations
BirthdayBook Specification with Z
known : PNAME Data Schemas
Operation Schemas
birthday : NAME
7 DATE Reasoning
BirthdayBook Example

known = dom birthday Strengthening the


Specification
Combining Schemas

Conclusions

Notes and Further


Z Notation Reading

Given Sets: here NAME and DATE (basic types)


Schema Name: here BirthdayBook
State Variables: here known and birthday
Site Invariant: here known= dom birthday

10.6
Example System State Ren Witte

Schema Definition Key Points

Introduction

BirthdayBook Foundations
Sets
known : PNAME Functions

birthday : NAME
7 DATE
Relations

Specification with Z
Data Schemas
known = dom birthday Operation Schemas
Reasoning
BirthdayBook Example
Strengthening the

known: set of names for which we store the birthday Specification


Combining Schemas

birthday: function; when applied to a name, gives the corresponding birthday Conclusions

Notes and Further


Reading

State (at a certain snapshot)


known = { David, Judy, Robert } PNAME
birthday = { David 7 24-June, Judy 7 26-August, Robert 7 8-July }
The invariant is satisfied: known = dom birthday (because birthday records the date
for exactly the names in known)

10.7

Features Ren Witte

Key Points

Introduction

Foundations
Observations Sets
Functions
There is: Relations

Specification with Z
No limit on the number of entries Data Schemas
Operation Schemas
No implied order of entries Reasoning
BirthdayBook Example
No restriction on format Strengthening the
Specification

But there is a precise statement that: Combining Schemas

Conclusions
Each person has only one birthday Notes and Further
Reading
Two people may share a birthday
Some people may not be in the database

10.8

Outline Ren Witte

Key Points

1 Introduction Introduction

Foundations
Sets

2 Foundations
Functions
Relations

Sets Specification with Z

Functions
Data Schemas
Operation Schemas

Relations Reasoning
BirthdayBook Example
Strengthening the
Specification

3 Specification with Z
Combining Schemas

Conclusions

Notes and Further


Reading
4 Conclusions

5 Notes and Further Reading

10.9
Set membership Ren Witte

Key Points

Introduction
x S denotes that x is contained in S. Foundations
Sets
Functions
Relations

Specification with Z
Data Schemas
Operation Schemas
Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Conclusions

Notes and Further


Reading

Listing elements of a set: S = {x1 , x2 , . . . , xn }


Denoting defining property of a set: {x S | x has property p}

10.10

Set containment Ren Witte

Key Points

A B means ( x)(x A x B). Introduction

Foundations
Sets
Functions
Relations

Specification with Z
Data Schemas
Operation Schemas
Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Conclusions

Notes and Further


Reading

For example,
N Z Q R.

10.11

Identities from propositional logic Ren Witte

Key Points
The inference rules for propositional logic give identities for set theory. For example, Introduction

the addition inference rule Foundations

p pq
Sets
Functions
Relations

allows us to prove the identity Specification with Z

AAB Data Schemas


Operation Schemas
Reasoning

in set theory. BirthdayBook Example


Strengthening the
Specification
Combining Schemas
Proof Conclusions

Notes and Further


Reading
[Proof that A A B] Let x A. By the addition rule, (x A)
(x B). By the definition of set union, x A B, as required.

10.12
Union and Intersection Ren Witte

Definition of set union: A B = {x | (x A) (x B)}.


In predicate logic: ( x)(x A B (x A) (x B)) Key Points

Introduction

Foundations
Sets
Functions
Relations

Specification with Z
Data Schemas
Operation Schemas
Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Definition of set intersection: A B = {x | (x A) (x B)}. Conclusions

In predicate logic: ( x)(x A B (x A) (x B)) Notes and Further


Reading

10.13

Complement Ren Witte

Set Complement Key Points

Define: A0 = {x U | x 6 A}. Introduction

Foundations
Sets
Functions
Relations

Specification with Z
Data Schemas
Operation Schemas
Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Conclusions
Note that we could also write A0 = {x U | (x A)} to make the use of the Notes and Further
connective explicit. Reading

De Morgans Laws
Let A and B be sets. Then
1 (A B)0 = A0 B 0
2 (A B)0 = A0 B 0

10.14

Cartesian products and power sets Ren Witte

Key Points

Introduction
Cartesian Product Foundations

The Cartesian product A B of two sets A and B is the set of all ordered pairs Sets
Functions

where the first item comes from the first set and the second item comes from the Relations

second set. Formally, Specification with Z


Data Schemas
Operation Schemas

A B = {(a, b) | a A and b B}. Reasoning


BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Power Set Conclusions

The power set P(S) of the set S is the set of all subsets of S: Notes and Further
Reading

P(S) = {X | X S}.

(Note: the power set of S is written as PS in the van Lamsweerde [vL09] textbook).

10.15
Function Ren Witte

Key Points

Introduction

Foundations
Sets
Functions
Definition Relations

A function from a set X to a set Y is a well-defined rule that assigns a single Specification with Z
Data Schemas
element of Y to every element of X . If f is such a function, we write Operation Schemas
Reasoning
BirthdayBook Example
f : X Y Strengthening the
Specification
Combining Schemas

and we denote the element of Y assigned to x X by f (x). The set X is called the Conclusions

domain of the function (written dom), and the set Y is called the codomain or range Notes and Further
Reading
(written ran).

10.16

Examples Ren Witte

Key Points

Introduction

Foundations

A simple function and its diagram


Sets
Functions

Let X = {1, 2, 3} and Y = {1, 2, 3, 4}. The formula f (x) = x + 1 defines a function Relations

Specification with Z
f : X Y . For this function, f (1) = 2, f (2) = 3 and f (3) = 4. Data Schemas
Operation Schemas
Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Conclusions

Notes and Further


Reading

10.17

Relations Ren Witte

Key Points

Introduction

Foundations
Sets
Functions
Relations

Specification with Z
Definition Data Schemas

A relation on a set S is a subset of S S. Operation Schemas


Reasoning

If R is a relation on S, we say that a is related to b if (a, b) R, which we BirthdayBook Example


Strengthening the

sometimes write as a R b. Specification


Combining Schemas

If (a, b) 6 R, then a is not related to b; in symbols, a R


6 b. Conclusions

Notes and Further


Reading

10.18
Relations (II) Ren Witte

Key Points

Introduction
Examples of Relations Foundations
Sets

The symbols =, <, >, , all define relations on Z (or on any set of numbers). Functions
Relations

For example, if S = {1, 2, 3}, then the relation on S defined by < is the set Specification with Z

{(1, 2), (1, 3), (2, 3)}. Data Schemas


Operation Schemas

Let P be the set of all people, living or dead. For any a, b P, let a R b if a and Reasoning
BirthdayBook Example

b are (or were) siblings. Then R is a relation on P, and the ordered pair Strengthening the
Specification

(Luke, Leia) R. Combining Schemas

Conclusions
Let W be the set of all web pages. Then Notes and Further
Reading

L = {(a, b) W W | a has a link to b}

is a relation on W . In other words, a L b if page a links to page b.

10.19

Operations on Relations Ren Witte

Key Points

Introduction
Domain and Range Foundations
Sets
dom R Functions
Relations

ran R Specification with Z


Data Schemas

If R is a binary relation between X and Y , then the domain of R (dom R) is the set of Operation Schemas
Reasoning
all members of X which are related to at least one member of Y by R. BirthdayBook Example

The range of R (ran R) is the set of all members of Y to which at least one member
Strengthening the
Specification

of X is related by R.
Combining Schemas

Conclusions

Notes and Further


Relational Image Reading

(| |) Relational image
The relational image R(| S |) of a set S through a relation R is the set of all objects y
to which R relates some member x of S.

10.20

Domain and Range Restrictions Ren Witte

Key Points
Restriction Introduction

C Domain restriction Foundations


Sets

B Range restriction Functions


Relations

The domain restriction S C R of a relation R to a set S relates x to y if and only if R Specification with Z
Data Schemas

relates x to y and x is a member of S. The range restriction R B T of R to a set T Operation Schemas


Reasoning
relates x to y if and only if R relates x to y and y is a member of T . BirthdayBook Example
Strengthening the
Specification

Anti-Restriction Combining Schemas

Conclusions
C Domain anti-restriction
Notes and Further
Reading
B Range anti-restriction

These two operations are the complemented counterparts of the restriction
operations C and B. An object x is related to an object y by the relation S C R if
and only if x is related to y by R and x is not a member of S. Similarly, x is related
B T if and only if x is related to y by R and y is not a member of T .
to y by R

10.21
Outline Ren Witte

1 Introduction Key Points

Introduction

Foundations
2 Foundations Sets
Functions
Relations

Specification with Z
3 Specification with Z Data Schemas

Data Schemas Operation Schemas


Reasoning

Operation Schemas BirthdayBook Example


Strengthening the
Reasoning Specification
Combining Schemas
BirthdayBook Example Conclusions
Strengthening the Specification Notes and Further
Combining Schemas Reading

4 Conclusions

5 Notes and Further Reading

10.22

Specification with Z Ren Witte

Key Points

Introduction
Z Specification Foundations

Complete specification is collection of schemas together with textual definitions. In Sets


Functions

each schema, we have Relations

Specification with Z
Declaration Part: variables used in the schema are declared Data Schemas
Operation Schemas
Assertion Part: contains assertions constraining state space Reasoning
BirthdayBook Example
Strengthening the
Specification
Z Schema Types Combining Schemas

Two types of schemas in Z: Conclusions

Notes and Further


Data Schema: Systems state space, defined by state variables and invariants Reading

Operation Schema: Systems operations, each with input and output variables and
pre- and post-conditions
Additionally, initialization schemas define initial system state.

10.23

Data Schemas Ren Witte

Key Points

General Format Introduction

Foundations

SchemaName Sets
Functions

declarations Relations

Specification with Z

stateinvariant Data Schemas


Operation Schemas
Reasoning
BirthdayBook Example
Strengthening the
Specification

Example Combining Schemas

Conclusions

BirthdayBook Notes and Further


Reading

known : PNAME
birthday : NAME
7 DATE
known = dom birthday

10.24
Operation Schemas Ren Witte

Operations
A state transition of a system is also described by a schema: Key Points

Introduction

SchemaName Foundations
Sets
State Functions

input/output declarations Relations

Specification with Z

preconditions Data Schemas


Operation Schemas

postconditions Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Conclusions
Example: Add a birthday
Notes and Further
Reading

AddBirthday
BirthdayBook
name? : NAME
date? : DATE
name? 6 known
birthday 0 = birthday {name? 7 date?}

10.25

Operation Schemas: Z Syntax Ren Witte

AddBirthday Key Points

AddBirthday Introduction

Foundations
BirthdayBook Sets

name? : NAME Functions


Relations
date? : DATE Specification with Z
Data Schemas
name? 6 known Operation Schemas

birthday 0 = birthday {name? 7 date?}


Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Conclusions
Z Syntax Notes and Further
Reading
prefix modifier: indicates an operation that changes (some) state variables
in a schema
prefix observer: indicates read-only operation (query state) of a schema
? suffix input variable, e.g., name?
! suffix output variable, e.g., date!
suffix used in postconditions to indicate state change, e.g., birthday 0

10.26

Operation Pre- and Post-Conditions Ren Witte

Key Points

Introduction
Pre-Condition
Foundations
A necessary condition on input variables Sets
Functions
captures operations applicability Relations

must hold before the operation can be applied Specification with Z


Data Schemas

In SRS, we are interested in the least restrictive applicability condition (i.e., the
Operation Schemas
Reasoning

weakest pre-condition) BirthdayBook Example


Strengthening the
Specification
Combining Schemas
Post-Condition Conclusions
Condition on output variables if the operation is applied Notes and Further
Reading
captures the operations effects
must hold in the state after the operation has been applied
In SRS, we are interested in the most complete effect condition (i.e., the strongest
post-condition).

10.27
Pre- and Postcondition Example Ren Witte

Key Points

AddBirthday Introduction

Foundations
AddBirthday Sets
Functions
BirthdayBook Relations

name? : NAME Specification with Z

date? : DATE Data Schemas


Operation Schemas
Reasoning

name? 6 known BirthdayBook Example


Strengthening the
birthday 0 = birthday {name? 7 date?} Specification
Combining Schemas

Conclusions

Notes and Further


Reading
Precondition
name? 6 known

Postcondition
birthday 0 = birthday {name? 7 date?}

10.28

Mind your Postconditions! Ren Witte

AddBirthday
Key Points
AddBirthday Introduction
BirthdayBook Foundations

name? : NAME Sets


Functions

date? : DATE Relations

Specification with Z
name? 6 known Data Schemas
Operation Schemas
birthday 0 = birthday {name? 7 date?} Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

AddBirthday Conclusions

Notes and Further


AddBirthday Reading

BirthdayBook
name? : NAME
date? : DATE
name? 6 known
{name? 7 date?} birthday 0

10.29

Reasoning on the Specification Ren Witte

Key Points

Consider known Introduction

We specified in the postcondition that Foundations


Sets
Functions

birthday = birthday {name? 7 date?}


0 Relations

Specification with Z
Data Schemas
But what about known? Shouldnt we add Operation Schemas
Reasoning
BirthdayBook Example

known0 = known {name?} Strengthening the


Specification
Combining Schemas

as well? Conclusions

Notes and Further


Reading
BirthdayBook Schema
Remember the BirthdayBook schema invariant

known = dom birthday

10.30
Deriving change of known Ren Witte

Can we prove this fact about known? Key Points

known0 = known {name?} Introduction

Foundations
Sets
Proof using invariant Functions
Relations

known0 = dom birthday 0 Specification with Z


Data Schemas
= dom(birthday {name? 7 date?}) Operation Schemas

= dom birthday dom {name? 7 date?} Reasoning


BirthdayBook Example

= dom birthday {name?} Strengthening the


Specification

= known {name?}. Combining Schemas

Conclusions

Notes and Further


Reading

Useful Facts about dom


Used in this proof:

dom(f g) = (dom f ) (dom g)


dom{a 7 b} = {a}.

10.31

BirthdayBook: Initial State Ren Witte

Key Points

Introduction

Foundations
Sets
InitBirthdayBook Functions
Relations
This InitBirthdayBook specifies the initial state of the birthday book system. Specification with Z
Data Schemas

InitBirthdayBook
Operation Schemas
Reasoning

BirthdayBook BirthdayBook Example


Strengthening the
Specification

known = Combining Schemas

Conclusions

Notes and Further


Reading
It does not say explicitly that birthday is empty, but that is implicit, because its
domain is empty.

10.32

Operations Ren Witte

Key Points

AddBirthday Introduction

Foundations
Next we have several operation schemas to define the normal (non-error) behaviour Sets

of the system. Functions


Relations

Specification with Z
AddBirthday Data Schemas
Operation Schemas
BirthdayBook Reasoning

name? : NAME BirthdayBook Example


Strengthening the

date? : DATE Specification


Combining Schemas

Conclusions
name? 6 known Notes and Further
birthday 0 = birthday {name? 7 date?} Reading

Z Notation
indicates an operation that changes the state of the variables

10.33
More Operations Ren Witte

FindBirthday and Remind


Key Points

Introduction
FindBirthday
Foundations
BirthdayBook Sets

name? : NAME Functions


Relations

date! : DATE Specification with Z


Data Schemas

name? known Operation Schemas


Reasoning

date! = birthday (name?) BirthdayBook Example


Strengthening the
Specification

Remind
Combining Schemas

Conclusions
BirthdayBook Notes and Further
today ? : DATE Reading

cards! : PNAME
cards! = {n : known | birthday (n) = today ?}

Z Notation
indicates an operation that does not change the state.
10.34

Non-Deterministic Operations Ren Witte

Key Points

Introduction

Foundations

RemindOne Sets
Functions

RemindOne reminds us of just one person who has a birthday on the given day. Relations

Specification with Z
Data Schemas
RemindOne Operation Schemas
Reasoning
BirthdayBook BirthdayBook Example

today ? : DATE Strengthening the


Specification

card! : NAME Combining Schemas

Conclusions

card! known Notes and Further


Reading
birthday (card!) = today ?

10.35

Exercise Ren Witte

RemoveBirthday Key Points

Introduction
Write the Z specification for RemoveBirthday Foundations
input variable is the name to be removed Sets
Functions
Relations

Specification with Z
Solution Data Schemas
Operation Schemas
Reasoning
RemoveBirthday BirthdayBook Example
Strengthening the
BirthdayBook Specification

name? : NAME Combining Schemas

Conclusions

name? known Notes and Further


Reading
birthday 0 = birthday \ {name? 7 birthday (name?)}

Note: \ is the set difference (sometimes written as ).


For two sets A and B,
A \ B = {x A : x 6 B}

10.36
Error Handling Ren Witte

Key Points

Error Cases Introduction

So far, we defined Foundations


Sets

State space Functions


Relations

Fragile operations Specification with Z


Data Schemas

What do we do in case a precondition is violated? Operation Schemas


Reasoning

ignore the operation? BirthdayBook Example


Strengthening the
Specification
Might result in unexpected behavior later! Combining Schemas

Conclusions

Solution Notes and Further


Reading
Add error handling to the specification
Define error schemas
Combine operations with error schemas
Z provides an elegant way of combining schemas through logical combinations.

10.37

Strengthening the Specification Ren Witte

Key Points

Introduction

Foundations
Adding Error Handling Sets
Functions
Now we strengthen the specification by adding error handling. Relations

Specification with Z

REPORT ::= ok | already known | not known Data Schemas


Operation Schemas
Reasoning
BirthdayBook Example
First, we define auxiliary schemas that capture various success and error cases: Strengthening the
Specification
Combining Schemas

Success Conclusions

result! : REPORT Notes and Further


Reading

result! = ok

10.38

More Error Schemas Ren Witte

AlreadyKnown and NotKnown


Key Points

Introduction
AlreadyKnown Foundations
BirthdayBook Sets
Functions
name? : NAME Relations

result! : REPORT Specification with Z


Data Schemas
Operation Schemas
name? known Reasoning

result! = already known BirthdayBook Example


Strengthening the
Specification
Combining Schemas

Conclusions

NotKnown Notes and Further


Reading
BirthdayBook
name? : NAME
result! : REPORT
name? 6 known
result! = not known

10.39
Robust Operations Ren Witte

Operations with added Error Handling Key Points

Introduction
Finally, we define robust versions of all the operations by specifying how errors are
Foundations
handled. For illustration purposes, we leave the RemindOne operation non-robust. Sets
Functions

RAddBirthday = (AddBirthday Success) AlreadyKnown Relations

Specification with Z
RFindBirthday = (FindBirthday Success) NotKnown Data Schemas

RRemind = Remind Success Operation Schemas


Reasoning
BirthdayBook Example
Strengthening the
Specification
Schema Combination Combining Schemas

Note how we defined a new schema (e.g., RAddBirthday ) through logical Conclusions

combination of existing schemas (e.g., (AddBirthday Success) AlreadyKnown). Notes and Further
Reading

This is a particular strength of Z


Allows to build complex specifications from simpler ones
and provides a re-use mechanism for schemas
Now he have to examine how this combination works.

10.40

Schema Combination Example Ren Witte

Lets combine AddBirthday and Success:


AddBirthday Success Key Points
BirthdayBook result! : REPORT Introduction
name? : NAME Foundations
result! = ok
date? : DATE Sets
Functions
Relations
name? 6 known Specification with Z
birthday 0 = Data Schemas

birthday {name? 7 date?} Operation Schemas


Reasoning
BirthdayBook Example

AddBirthday Success Strengthening the


Specification
Combining Schemas
AddBirthdayAndSuccess Conclusions
BirthdayBook Notes and Further

name? : NAME Reading

date? : DATE
result! : REPORT
name? 6 known
birthday 0 = birthday {name? 7 date?}
result! = ok

10.41

Combining Schemas Ren Witte

Key Points
General Approach Introduction

To combine multiple schemas: Foundations


Sets

1 Merge all declarations from individual schemas Functions


Relations

2 Join all assertions with the logical connective(s) Specification with Z


Data Schemas
Operation Schemas

Example
Reasoning
BirthdayBook Example

For NewSchema = (Schema1 Schema2) Schema3 we obtain the specification Strengthening the
Specification
Combining Schemas

NewSchema Conclusions

Notes and Further


All declarations from Schema1, Schema2, Schema3 Reading

(AssertionSchema1 AssertionSchema2)
AssertionSchema3

where AssertionSchema represents the conjunction from all assertions in Schema.

10.42
Outline Ren Witte

Key Points

Introduction

1 Introduction Foundations
Sets
Functions
Relations

2 Foundations Specification with Z


Data Schemas
Operation Schemas

3 Specification with Z
Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas
4 Conclusions Conclusions

Notes and Further


Reading
5 Notes and Further Reading

10.43

Z Summary Ren Witte

Key Points

Introduction

Foundations
Sets
Functions
Features Relations

Z is a simple mathematical framework in which to: Specification with Z


Data Schemas

describe systems (as state machines) abstractly yet precisely Operation Schemas
Reasoning

compose a system out of small pieces BirthdayBook Example


Strengthening the
Specification
use old specifications to build new specifications Combining Schemas

Conclusions
reason about properties of a system
Notes and Further
relate views of a system Reading

10.44

Tools Support Ren Witte

Z Tools
Lack of (good) tool support has been a major hindrance to wider adoption of Z.
Key Points
Z proof environment Isabelle/HOL-Z Introduction

Z Community Tools (ZCT) Foundations


Sets
Java Framework, Z XML Specification Functions

End-User Tools (e.g., Eclipse, jEdit plug-ins) Relations

Specification with Z
Data Schemas
Operation Schemas
Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Conclusions

Notes and Further


Reading

10.45
Z Community Tools (CZT): BirthdayBook Example in Eclipse Ren Witte

Key Points

Introduction

Foundations
Sets
Functions
Relations

Specification with Z
Data Schemas
Operation Schemas
Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Conclusions

Notes and Further


Reading

Copyright P. Malik and M. Utting, A Framework for Z Tools, http://czt.sourceforge.net/

10.46

Z Community Tools (CZT): BirthdayBook Example in jEdit Ren Witte

Key Points

Introduction

Foundations
Sets
Functions
Relations

Specification with Z
Data Schemas
Operation Schemas
Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Conclusions

Notes and Further


Reading

10.47
Copyright P. Malik and M. Utting, A Framework for Z Tools, http://czt.sourceforge.net/

Z Community Tools (CZT) Architecture Ren Witte

Key Points

Introduction

Foundations
Sets
Functions
Relations

Specification with Z
Data Schemas
Operation Schemas
Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Conclusions

Notes and Further


Reading

Copyright P. Malik and M. Utting, A Framework for Z Tools 10.48


Application Example Ren Witte

Key Points

Introduction
W3C Standard WSDL
Foundations
The World Wide Web Consortium (W3C) standard for the Web Services Description Sets

Language (WSDL) contains specifications in Z: Functions


Relations

Specification with Z
Data Schemas
Operation Schemas
Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas

Conclusions

Notes and Further


Reading

(see http://www.w3.org/TR/wsdl20/wsdl20-z.html)

10.49

Outline Ren Witte

Key Points

Introduction

1 Introduction Foundations
Sets
Functions
Relations

2 Foundations Specification with Z


Data Schemas
Operation Schemas

3 Specification with Z
Reasoning
BirthdayBook Example
Strengthening the
Specification
Combining Schemas
4 Conclusions Conclusions

Notes and Further


Reading
5 Notes and Further Reading

10.50

Reading Material Ren Witte

Key Points

Introduction

Foundations
Sets

Required Functions
Relations

[vL09, Chapter 4.4.3] Specification with Z


Data Schemas
Operation Schemas
Reasoning
BirthdayBook Example
Supplemental Strengthening the
Specification

[Spi] (Z Reference Card)


Combining Schemas

Conclusions
[Spi92, Chapter 1: Tutorial Introduction] Notes and Further
Reading
[czt, The Community Z Tools (CZT) project]

10.51
References Ren Witte

Key Points

[czt] The Community Z Tools (CZT) project. Introduction

http://czt.sourceforge.net. Foundations
Sets
Functions

[Spi] Mike Spivey. Relations

Z Reference Card. Specification with Z


Data Schemas

http://spivey.oriel.ox.ac.uk/mike/fuzz/refcard-3up.pdf. Operation Schemas


Reasoning
BirthdayBook Example
[Spi92] J. M. Spivey. Strengthening the
Specification
The Z Notation: A Reference Manual. Combining Schemas

Prentice Hall, second edition, 1992. Conclusions

http://spivey.oriel.ox.ac.uk/mike/zrm/index.html. Notes and Further


Reading

[vL09] Axel van Lamsweerde.


Requirements Engineering: From System Goals to UML Models to
Software Specifications.
John Wiley & Sons, 2009.

10.52