Formal Reasoning in Z Ch 9 from Potter
- Slides: 16
Formal Reasoning in Z Ch 9 from Potter, Sinclair and Till Sec 9. 1 thru 9. 4 and 9. 8 swe 623 Duminda Wijesekera 1
Proving Properties of Z Schemas • Z schemas are expressions in Predicate Logic • Can use proof rules to derive properties. swe 623 Duminda Wijesekera 2
Example Library stock: Copy -|-> Book issued: Copy -|-> Reader shelved: F Copy readers: F Readers shelved U dom issued = dom stock shelved / dom issued = {} ran (= readers r: readers #(issued |>{r}) < maxloans swe 623 Duminda Wijesekera 3
Example Continued • Can show that sheleved = dom stock dom issued • Proof: dom stock dom issued =(shelved U dom issued) dom issued =(shelved U dom issued)U(dom issued dom issued) =(shelved U dom issued)U {} =shelved swe 623 Duminda Wijesekera 4
Deriving Properties of Schemas • What we have proved is that: All statements of the can be taken as assumptions of a proof in which the required property is derived. • This can stated as: Assumptions |- property • Therefore: schema = sentence • Recall: Schema operations = logical operations swe 623 Duminda Wijesekera 5
Going Back to the Example • What is the “sentence” of the library schema? stock: Copy -|-> Book / issued: Copy -|-> Reader / shelved: F Copy / readers: F Readers / shelved U dom issued = dom stock / shelved / dom issued = {} / ran (= readers / r: readers #(issued |>{r}) < maxloans / definitions used in Z swe 623 Duminda Wijesekera 6
Initialization Theorem • Initial “state” of a Z schema is the state in which the schema starts in. State = Variables -> values assignment • If variables of Schema 1 are the vector X, and it takes the initial value Xint, then: |- Schema 1 (Xint /X) (I. e. Schema 1 (Xint /X) is an assumption) • Then: (by -introduction rule) |- X Schema 1(X) (I. e X Schema 1 is a theorem) swe 623 Duminda Wijesekera 7
Example Fid members: ID >-|-> PERSON banned: P ID banned (= dom members Init. Fid’ members= {} banned = {} swe 623 Duminda Wijesekera 8
Example Continued • Sentence of “Fid”: members: ID >-|-> PERSON / banned: P ID / banned (= dom members • Sentence of “Fidinit” members: ID >-|-> PERSON / members = {} / banned = {} swe 623 Duminda Wijesekera 9
Example Continued • Therefore: members’ : ID >-|-> PERSON, banned’: P ID. banned’ (= dom members / members = {} / banned = {} swe 623 Duminda Wijesekera 10
Precondition Simplification • Operations (=methods, =functions) may have pre-conditions. • A operation can be executed in a “state” iff the state => the precondition of the operation. swe 623 Duminda Wijesekera 11
Example add. Member D Fid applicant: PERSON id!: ID applicant? e ran members id e dom members’ members U {id! |-> applicant? } banned’ = banned swe 623 Duminda Wijesekera 12
Example Continued • Requirements of add. Member: – Pre Conditions • Applicant must not be a member • ID must not be assigned. – Post Conditions • members updated with a new pair (applicant|->ID) • banned remains unchanged swe 623 Duminda Wijesekera 13
Another Example ban. Member D Fid id!: ID ban? e dom member pre condition banned’ = banned U{ban? } post condition members’ = members post condition swe 623 Duminda Wijesekera 14
Example Continued • Show that adding an already banned member does not alter the state. • That is show that – if ban? e banned state’ = state. • Note state = [members, banned] • Hence must show that ban? e banned => members’ = members / banned’ = banned • Proof: banned’ = banned U {ban? } = banned swe 623 Duminda Wijesekera 15
swe 623 Duminda Wijesekera 16