3SFE618 Formal Methods 2007
3SFE618 Formal Methods 2007
3SFE618 Formal Methods 2007
School of Informatics
Instructions to Candidates:
Answer ALL questions in Section A and TWO
questions from Section B. Section A is worth a
total of 50 marks. Each question in section B is
worth 25 marks. You may wish to consult Ap-
pendix C.
Section A
Answer ALL questions from this section
Question 1
Given the following Z schemas:
First
x, y : N
A, B : P N
x <y
x ∈A
A⊆B
Second
z :N
B, C : P N
z ∈B
B ⊆C
(a) State and explain the formal definitions of ∆S and ΞS for any schema S .
[5 marks]
Question 2
The textual definition of the generic Z function domain anti-restriction −
C is:
Question 3
(a) In relation to the type of a Z schema, explain what a binding is and how
it is used to define a schema type. [10 marks]
S
x :N
y :N
A : PN
x <y
x ∈A
y 6∈ A
give the schema type of schema S , and two bindings for S , one that
satisfies it and one that does not. [6 marks]
Question 4
Given the following type declarations and abbreviations:
Day == 1 . . 31
(a) Define a Date schema that represents a valid date, i.e., day, month & year.
The dates must be valid in that the day value must not exceed the number
of days for the month. For example, for Apr that is 30 and for Jan that
is 31, but you can ignore leap years and assume that Feb has at most 28
days. [5 marks]
(b) Use your Date schema to declare a global variable called today and assign
it today’s date. (See front page of the exam paper.) [3 marks]
(c) Use your Date schema to declare a global variable called FirstExamWeek
that represents the dates that make up this year’s first exam week from
Monday to Friday, i.e., 14 May 2007 to 18 May 2007. [6 marks]
Section B
Answer TWO questions from this section
Question 5
The following is part of a Library specification.
The following definitions represent the set of books, copies (i.e. instances) of
books and borrowers.
maxloans : N
LibraryDataBase
stock : COPY → 7 BOOK
registeredborrowers : F BORROWER
LibraryLoans
onloan : COPY → 7 BORROWER
inlibrary : F COPY
∀ b : BORROWER • #(onloan B { b }) ≤ maxloans
inlibrary ∩ dom onloan = ∅
Library
LibraryDataBase
LibraryLoans
dom stock = inlibrary ∪ dom onloan
ran onloan ⊆ registeredborrowers
IssueBook
∆Library
c? : COPY
b? : BORROWER
c? ∈ inlibrary
stock 0 = stock
inlibrary 0 = inlibrary \ { c? }
#(onloan B { b? }) < maxloans
registeredborrowers 0 = registeredborrowers
b? ∈ registeredborrowers
onloan 0 = onloan ⊕ { c? 7→ b? }
(a) Explain in “plain English” (i.e. do not give a literal translation) the meaning
of each line of the following schemas:
(b) Explain in “plain English” the meaning of each line of the constraint part
of the IssueBook schema and the role it plays in the specification of the
operation. [7 marks]
(c) Specify the ReturnBook operation which is used when a borrower returns
a book to the library. The specification of this operation must be total and
output appropriate success and error reports. In addition the specification
should be as modular as possible and make full use of the schema calculus.
[12 marks]
Question 6
Write a Z specification for a buffer of items that has a maximum length.
Your specification should deal with error handling where required and should
include the following:
(a) Any types, states and invariants that the buffer requires. [6 marks]
Question 7
The partial Z specification of a VDU screen which allows cursor key movements
is given in Appendix A.
(a) Discuss how the two Z tools ZTC and ZANS assist in the development of
a Z specification? [4 marks]
(b) The ZTC type checker output for the cursor key specification is given
in Appendix B. For each error give an explanation and the necessary
corrections. [11 marks]
(c) Once all of the errors detailed in part (b) have been eliminated from the
cursor keys specification, explain what additions and modifications must
be made to the specification to permit it to be animated by ZANS. [10 marks]
79
80 Left_Success =^= ( Left_NotFirstColumn
81 \/ Left_FirstColumnNotFirstRow )
82 /\ ReportSuccess
83
84 Left_Errors =^= Left_AtHome_CanNotMove
85
86
87 Left =^= Pressed_LeftKey
88 /\ ( Left_Success \/ Left_Errors )
XY COORDINATE == N × N
numbcols, numbrows : N1
SCREEN : N ↔ N
HomePosition : XY COORDINATE
Cursor
position : XY COORDINATE
position ⊆ SCREEN
InitialCursor
Cursor
position = HomePosition
Down NotLastRow
∆Cursor
second (position) < numbrows
position 0 = (first(position), second (position) + 1)
Left NotFirstColumn
∆Cursor
first(position) > 1
position 0 = {first(position) − 1, second (position)}
Left FirstColumnNotFirstRow
Cursor
first(position) = 1
second (position) > 1
position 0 = (numbcols, second (position) − 1)
C.1 Sets
Notation Description
N Set of natural numbers from 0
N1 Set of natural numbers from 1
Z Set of integers
x ∈S x is an element of S
x 6∈ S x is not an element of S
S ⊆T S is a subset of T
∅, { } Empty set
PS Power set of S
FS Finite power set of S
F1 S Non-empty finite subsets of S
S ∪T Union of S and T
S ∩T Intersection of S and T
S \T Set difference of S and T
#S Number of elements in set S
{D |P •t } Set comprehension
S
SS Distributed union of SS
T
SS Distributed intersection of SS
C.2 Logic
Notation Description
¬P not P
P ∧Q P and Q
P ∨Q P or Q
P ⇒Q P implies Q
P ⇔Q P is equivalent to Q
∀x : T • P All elements x of type T satisfy P
∃x : T • P There exists an element x of type T which satisfies P
C.4 Relations
Notation Description
X ↔Y Set of relations between X and Y
dom R Domain of relation R
ran R Range of relation R
S CR Domain restriction of R to the set S
S−CR Domain anti-restriction of R to the set S
RBS Range restriction of R to the set S
R− BS Range anti-restriction of R to the set S
R1 ⊕ R2 R1 overridden by relation R2
R o9 Q Relational composition
R(| S |) Relational Image of the set S of relation R
id X Identity relation
R −1 Inverse relation
R+ Transitive closure of R
R∗ Reflexive-transitive closure of R
C.5 Functions
Notation Description
→
7 Partial function
→ Total function
7 Partial injection
Total injection
→
→ 7 Partial surjection
→
→ Total surjection
→ Bijection
( λx : T | P • E ) Lambda Expression
( µx : T | P • E ) Mu Expression
C.6 Sequences
Notation Description
seq X Finite sequences of type X
seq1 X Non-empty finite sequences of type X
iseq X Injective finite sequences of type X
hi Empty sequence
s at Concatenation of the sequences s and t
head s First element of a non empty sequence
tail s All but first element of a non empty sequence
last s Last element of a non empty sequence
front s All but last element of a non empty sequence
rev s Sequence Reverse
squash s Sequence Compaction
s prefix t s is a prefix of t
s suffix t s is a suffix of t
s in t s is a sub-sequence of t
C.7 Bags
Notation Description
bag X Bag of type X
[[ ]] Empty bag
x@ −B Bag membership
x@ 6− B Bag non-membership
B1 v B2 Sub-bag
B1 @ B2 Strict Sub-bag
B1 ] B2 Bag Union
B1 ∪- B2 Bag Difference
count B x Bag Count of x
B ]x Bag Count of x
n ⊗B Bag Scaling
items s Bag of the sequence s
C.8 Schemas
Schema Type Schema Box
declarations
Axiom
constraints
[X , . . .]
Generic declarations
constraints
S
State/Operation declarations
constraints
S [X , . . .]
Generic State/Operation declarations
constraints