M'Sc Computing Science Software Engineering Lecture 11

1
M.Sc Computing Science Software Engineering
Lecture 11

• Niki Trigoni
• Department of Computer Science
• and Information Systems
• Birkbeck College, University of London
• Email niki_at_dcs.bbk.ac.uk
• Web Page http//www.dcs.bbk.ac.uk/niki

2
Review of lecture 10
The Z specification process
Write informal specification
Decompose system
Specify system components
Compose component specification
Define given sets and types
Define state variables
Define initial state
Define correct operations
Define exceptional operations
Combine operation schemas
3
Review of lecture 10

• Z specifications show the system state and
  transitions of state (as a result of operations)
• A Z specification is presented as a number of
  schemas
• Schemas are combined to make new schemas
• Operations are specified incrementally as
  schemata, where they define how they update the
  system state
• Functions (and sequences)
• Z functions are a set of pairs, where the domain
  of the function is the set of valid inputs. The
  range is the set of associated outputs.
• A sequence is a special type of function whose
  domain is the consecutive integers.

4
Review of lecture 10
Data dictionary specification with Z
DataDictionaryEntry
name NAME desc seq CHAR type
Sem_Model_Types creation_date DATE desc lt
2000
5
Review of lecture 10
Data dictionary specification with Z
Add-OK
? DataDictionary name? NAME entry?
DataDictionaryEntry name? dom ddict ddict
ddict name??entry?
Lookup-OK
? DataDictionary name? NAME entry!
DataDictionaryEntry name? dom ddict entry!
ddict(name?)
6
Review of lecture 10
Data dictionary specification with Z
Add-Error
? DataDictionary name? NAME error! seq
CHAR name? dom ddict error! Name
already in dictionary
Lookup-Error
? DataDictionary name? NAME error! seq
CHAR name? dom ddict error! Name not in
dictionary
7
Review of lecture 10
Data dictionary specification with Z
Replace-OK
? DataDictionary name? NAME entry?
DataDictionaryEntry name? dom
ddict ddictddict name?? entry?)
Delete-OK
? DataDictionary name? NAME name? dom
ddict ddict name? ddict
8
Review of lecture 10
Data dictionary specification with Z
Add
Add-OK V Add-Error
Lookup
Lookup-OK V Lookup-Error
Replace
Replace-OK V Lookup-Error
Delete
Delete-OK V Lookup-Error
9
Review of lecture 10
Data dictionary specification with Z
Extract
DataDictionary rep! seq DataDictionaryEntry in_typ
e? Sem_model_types n dom ddict
ddict(n).typein_type? ? ddict(n) rng rep!
i1ltiltrep! rep!(i).type in_type?
i1ltiltrep! rep!(i) rng ddict i,
j dom rep! (iltj) ? rep.name(i)ltNAMErep.name
(j)
10
Review of lecture 10
Data dictionary specification with Z
The-Data-Dictionary
DataDictionary Init-DataDictionary Add Lookup Dele
te Replace Extract
11
Overview of lecture 11

• Summary of mathematical notation in Z (revisited)
• Formal specification examples using the Z
  language
• Dentist data management example
• Bank account management example
• Questions

12
Mathematical notation (sets)
S is a set of X-s
x is a member of S
x is not a member of S
all members of S are also members of T
set of all elements of S and T
set of elements of S that are not in T
set of all elements x in S, such that P(x) is true
set of all elements f(x), where x is drawn from S
set of three elements x, y and z
0,1, 2 , 1,2, ,-2, -1, 0, 1, 2,
set of elements greater or equal to m and less
than or equal to n
13
Mathematical notation (functions)
partial function from X to Y
total function from X to Y
value of f at argument x
domain of f (set of values of x for which f is
defined)
a function that agrees with f, except that x is
mapped to y
a function that agrees with f, except inside the
domain of g, where it agrees with g
a function that agrees with f, except that it is
not defined for elements in S
a function that agrees with f, only for values x,
such that f(x) is a member of S
14
Mathematical notation (predicates)
both P and Q are true
P or Q are true (or both)
if P holds then Q holds too
P holds if and only if Q holds
for each x in S, P(x) holds
exists x in S such that P(x) holds
15
Dentist data management example

• A dentist keeps records of his patients in a
  personal computer database. A model of the system
  uses a function called record which maps each
  patients computer number (of type PNUMBER) to a
  set which contains information about the patient
  (of type RECORD). A further function name maps
  each computer number in the system to the name of
  the patient (of type NAME). PNUMBER, RECORD and
  NAME are given sets. The Z specification language
  schema Dentist below, gives the state space of
  the system
• Explain why partial functions are used in the
  signature part of the schema and describe in
  English and in technical terms the predicate part
  of the schema.
• Answer 1
• Partial functions are used because not all
  numbers of type PNUMBER are associated with a
  patient at all times, e.g. when the practice
  first opens, there might be no patients.
  Predicate part of the schema
• In English Every patient in the system has a
  record
• In technical terms The domain of function
  record is equal to the domain of the function
  name.

Dentist
record PNUMBER ? RECORD name PNUMBER ?
NAME dom record dom name
16
Dentist data management example

• Explain in English the overall operation of the
  schema. SchemaName below, giving it a more
  appropriate name related to its operation.
  Explain it also line by line in more technical
  terms.
• Answer 2
• In English This schema updates information kept
  in the records about a particular patient with
  patient number n to a new record r. A more
  appropriate name for this schema could
  UpdateRecords. In technical terms
• Line 1 The operation of the schema SchemaName
  changes some or all of the state variables of the
  schema Dentist (indicated by the letter ?).
• Line 2 n is an input of type PNUMBER
• Line 3 r is an input of type RECORD
• Line 4 this is a pre-condition predicate
  stating that n belongs to the domain of record
• Line 5 the new info, i.e. the new updated
  record r for the patient with number n overrides
  the old information in the record changing
  therefore the state variable record
• Line 6 the state variable name remains unchanged

SchemaName
? Dentist n? PNUMBER r? RECORD n? dom
record record record n? ? r? name
name
17
Dentist data management example

• Specify the following Z schemas operating on the
  state schema Dentist
• AddPatient for adding to the database a new
  patient named p with record r and patient number
  n. Define both the successful and unsuccessful
  operations (AddPatientOk and AddPatientError).
• DelPatient for deleting successfully a patient
  with a number n from the records
• GetPatientDetails for successfully providing a
  patients name p and record r, given the number
  of the patient n
• Answer 3a.

AddPatientError
AddPatientOK
? Dentist n? PNUMBER r? RECORD p? NAME msg!
seq CHAR n? dom record msg! Patient
already added
? Dentist n? PNUMBER r? RECORD p? NAME n?
dom record record record n? ?
r? name? name n? ? p?
AddPatient AddPatientOk AddPatientError
18
Dentist data management example

• Answer 3b.
• Answer 3c.

DelPatient
? Dentist n? PNUMBER n? dom
record record n? record name n?
name
GetPatientDetails
? Dentist n? PNUMBER r! RECORD p! NAME n?
dom record r! record(n?) p! name(n?)
19
Bank account management example

• A banking system has a given set ACC, whose
  members are all possible account numbers to be
  used by the bank. The Z spec. language state
  schema BANK defined below, attempts to describe
  the set of all possible accounts and their
  stages. In particular, the signature of the state
  schema BANK declares a function balance (positive
  or negative) held in any account in use. The
  balances are in pence, so they are integers.
  There are also a set active which consists of
  the account numbers which are currently in use a
  set overdrawn which consists of all account
  numbers of accounts that are overdrawn a set
  deposit which consists of the account numbers of
  deposit accounts, and a set current which
  consists of the account numbers of current
  accounts.

BANK
balance ACC ? Z active, overdrawn, deposit,
current P ACC active dom balance active
current deposit current deposit O
overdrawn dom ( balance nZ nlt0
) overdrawn deposit O
20
Bank account management example

• Explain in English the meaning of the statements
  in the predicate part of the schema BANK.
• Answer 1
• Line 1 The active accounts are those for which
  there is a balance recorded
• Line 2 The active accounts are the current
  accounts and the deposit accounts taken together
• Line 3 No account can be both current account
  and a deposit account
• Line 4 The overdrawn accounts are active
  accounts for which the balance is negative
• Line 5 No deposit account can be overdrawn
• Construct schemas for the following successful
  operations on the state schema BANK
• Opening a deposit account the input is an
  integer being the sum to be deposited and the
  outputs are an account number and a response
  message account opened.
• Closing an account the input is an account
  number and the outputs are an integer, being the
  sum of money in the account, and a response
  message account closed there should be a
  precondition in this operation that the account
  is not overdrawn.

21
Bank account management example

• Answer 2a Answer 2b.

OpenDepAccount
CloseAccount
? BANK amount? Z accno! ACC r! seq
CHAR accno! active amount? gt 0 current
current deposit deposit accno! balance
balance accno! ? amount? r! account
opened
? BANK amount! Z accno? ACC r! seq
CHAR accno? active accno?
overdrawn amount! balance (accno?) deposit
deposit \ accno? current current \
accno? balance accno? balance r!
account closed
22
Summary

• Dentist data management example. We used schemata
  to define
• A dentists practice
• How to update patient records
• How to add or delete a patients record
• How to get the details of a patient
• Bank account management example. We used schemata
  to define
• A banks accounts
• How to open a deposit account
• How to close an account