UNIVERSITY OF WESTMINSTER® ELECTRONICS AND COMPUTER SCIENCE 2012-2013 Code: ECSE610 Title: Formal Specification Date: 14 May 2013 Time: 10:00 Duration: 2 Hours Module Leader: Paul Howells INSTRUCTIONS TO CANDIDATES Answer ALL questions in Section A and TWO questions from Section B. Section A is worth a total of 50 marks. Each question in section B is worth 25 marks. You may wish to consult the Z notation given in Appendix C. © University of Westminster 2013Give the expanded versions of the following two schemas: (a) (b) MODULE CODE: ECSE610 Page 1 of 18 MODULE TITLE: Formal Specification Section A ‘Answer ALL questions from this section, You may wish to consult the Z notation given in Appendix C. Question 1 Given the following axiom schema and two state schemas: MazLength : N MaxLength = 10 Sets A,B: PN a,y:N 2>y zea yGB Sequences [” tist, lést2 : seq N a:N listl prefix list2 #list2 < MazLength (0,1,2,2) in Hist2 ASets [4 marks] ESequences [6 marks} © University of Westminster 2013MODULE CODE: ECSE610 Page 2 of 18 MODULE TITLE: Formal Specific Question 2 Given the following Z declarations: SHAPE ::= Oval | Circle | Triangle | Rectangle | Square | Rhombus | Pentagon | Hexagon. Quadrilaterals : P SHAPE NonPolygons : P SHAPE p = { Rectangle, Square, Rhombus } NonPolygons = { Oval, Circle } edges : SHAPE +N { (Oval, 1), (Circle,1), (Triangle, 3), (Rectangle, 4), (Square, 4), (Rhombus, 4), (Pentagon, 5), (Hexagon, 6) } edges Evaluate the following expressions: (a) Quadrilaterals U NonPolygons (b) Quadrilaterals \ { Rhombus} (c) ftedges (a) dom edges (e) ran edges (Ff) edges( Pentagon) (g) PNonPolygons (h) edges > {4} (i) NonPolygons < edges Gi) ( Quadrilaterals U NonPolygons ) < edges © University of Westminster 2013 [1 mark] [1 mark] [1 mark] [1 mark] [1 mark] {1 mark] [2 marks] [2 marks] [2 marks} [3 marks]MODULE CODE: ECSE610 Page 3 of 18 MODULE TITLE: Formal Specification Question 3 Given the following definitions of the two relations R and Q: | BiNeON Q:NON R={0+40, 1-42, 2143, 3443, 344, 345, 45} Q={ 01, 3443, 4475, 46, 5445, 647} (a) Evaluate the following expressions: (@) @¢ {3,4} D [2 marks} (i) Q@{ (3,7) } [2 marks] R@{ (3,7) } [3 marks] (wv) B8Q [5 marks] (b) Explain why R and Q are relations but not functions. {3 marks} Question 4 The following are examples of the standard mathematical functions for increment, decrement, addition and subtraction respectively, for natural numbers (N) inc(7) = 8 dec(1) = 0 add(9,3) = 12 sub(11,5) = 6 Define the signatures of these functions. Note that you are not required to give ‘heir definitions. (a) fine and dec [4 marks] (b) add and minus [6 marks} © University of Westminster 2033MODULE CODE: ECSE610 Page 4 of 18 MODULE TITLE: Formal Specification Section B Answer TWO questions from this section. You may wish to consult the Z notation given in Appendix C. Question 5 The following is part of a specification for the MobilesRUs mobile phone shop. ‘The following types are used to represent individual phones, mobile manufacturers and unique mobile serial numbers. MOBILE mobl | mob2 | mob3 | mobd | mob5 |... MANUFACTURER «:= Samsung | HTC | Apple | Nokia | Blackberry | . SERIAL.NO MP111| MPO12 | MP212| MP008 | MP099 | ‘The current state of the MobilesIUs shop is represented by the state schema: MobilesRUs stock : manufacturers serialNumber : make : price (a) Copy and complete the definition of the MobilesUs state schema by: (i) Completing the definition of the following state variables © stock are the mobile phones waiting to be sold © manufacturers are the chosen phone manufacturers, e.g., Nokia, Samsung, HTC, etc, whose phones MobilesRUs sells. ‘© serialNumber maps each mobile to its unique serial number. ‘© make maps each mobile to its make, ie, manufacturer price maps each phone to its price in (whole) pounds [9 marks} (ii) Including the state invariant that MobilesRUs only sells phones ‘that are made by its chosen manufacturers. [3 marks} [Continued Overleaf] © University of Westminster 2013MODULE COD! MODULE TITL! CSE610 Page 5 of 18 ‘ormal Specification I state schema for the first day of opening for the Mo- bilesRUs shop, when it has just two phones to sell The two phones are mobl and mob2. # The chosen manufacturers are Samsung, Nokia, HTC and Black- berry. The registration numbers for mobl is MP111 and for mob2 is MP212, ©The make of mobl is HTC and mob2 is Samsung. ‘* The cost of the mobiles are as follows: mobl is worth £350 and mob2 is £225. ee) (c) The MobilesRUs shop manager realises that he needs to keep track of what operating system (OS) each phone runs, as lots of customers want to make sure they have a phone with a particular OS. For example, not a Windows phone, but an Android one. Define a suitable Z type to represent the types of phone OS and give the signature for a new state variable called phoneOS that could be added to the state schema to record this information for each phone [5 marks] © University of Westminster 2013MODULE CODE: ECSE610 Page 6 of 18 MODULE TIT! Formal Specification Question 6 The following is part of a Car Hire Company specification. The following definitions represent the models of car they hire out, the actual cars they have to hire out and companies that hire them. [ MODEL, CAR, COMPANY | HireLimit : N neni a eee hireCars : CAR -» MODEL registeredCompanies : F COMPANY _—Hirings _aee hiredto : CAR ++ COMPANY inGarage : F CAR | Vco: COMPANY © #(hiredto > { co }) < HireLimit esl Car Hire Carapanty See = =e en See CarDataBase Hirings dom hireCars = inGarage U dom hiredto ran hiredto C registeredCompanies [Continued Overteaf} © University of Westminster 2013MODULE CODE: ECSE610 Page 7 of 18 MODULE TITLE: Formal Specification ‘Hires Car = ee ee. 2 a es ‘\CarHireCompany car? : CAR company? : COMPANY car? € inGarage hireCars! = hireCars inGarage’ = inGarage \ { car? } #(hiredto > { company? }) < HireLimit registered Companies! = registered Companies company? € registeredCompanies hiredto! = hiredto ® { car? +> company? } (a) Explain in “plain English” (i.e. do not give a literal translation) the meaning of each line of the following schemas: Hirings {3 marks] CarHireCompany [3 marks} ( (b) Explain in “plain English” the meaning of each line of the constraint part of the HireACar schema and the role it plays in the speci of the operation. [7 marks] (c) Specify the ReturnHireCar operation which is used when a Company returns a hire car to the Car Hire Company. The specification of this operation must be total and output appropriate success and error reports. In addition the specification should be as modular as possible and make full use of the schema calculus [Marks Guide: types 1 mark, successful case 6 marks, error cases 4 marks, total operation 1 mark.| [12 marks] © University of Westminster 2013,MODULE CODE: ECSE610 Page 8 of 18 MODULE TITLE: Formal Specification Question 7 The partial Z specification of a VDU screen which allows cursor key movements Cursor Keys, is given in Appendix A (a) Discuss how the two Z tools ZTC and ZANS assist in the development of aZ specification? (b) The ZTC type checker output for the cursor key specification is given in Appendix B. For each error give an explanation and the necessary corrections. (c) Once all of the errors detailed in part (bb) have been eliminated from the cursor keys specification, explain what additions and modifications must be made to the specification to permit it to be animated by ZANS © University of Westminster 2013 {F marks] [10 marks] [8 marks]MODULE CODE: ECSE610 Page 9 of 18 MODULE TITLE: Formal Specific Appendix A. Cursor Keys Specification Al ZTC Box Style Version 30 31 32 33 34 35 36 37 specification XY_COORDINATE == N & N | numbeols, numbrows : Ni KEY DownKEY | LeftKey | CurrentPositionkey REPORT ::= Success | ERROR_OnLastfRow_CanNotMove_Down | ERROR_AtHome_CanNotNove_Left | SCREEN : N <-> N | HomePosition : XY_COORDINATE ; --- Carsor -- | position : XY_CODRDINATE | position subseteq SCREEN ReportSuccess ="= [ report! : REPORT | report! = Success ] Pressed_DownKey [ key? : KEY | Key? = DownKey ] === Down_NotLastRow ~ | Delta Cursor (= | second(position) < numbrows | position’ = ( first(position), second(position) + i) © University of Westminsssr 2013MODULE CODE: ECSE610 Page 10 of 18 MODULE TITLE: Formal Specification 38 39 40 --- Down_OnLastRow_CanNotMove ~ 41 | Xi Cursor ; 2 | report : REPORT 43 [ — 44 | second(position) = numbrows ; 45 | report! = ERROR_OnLastRowCanNotove_Down 46 - == 47 48 Down_Success == Down_NotLastRow /\ ReportSuccess 49 50 Down_Errors ="= Down_OnLastRo¥_CamNotMove 51 52 Down ="= Pressed_Downkey /\ ( Down_Success \/ Down ERRORS ) 53 Pressed_LeftKey ="= [ key? : KEY | key? = LeftKey ] 56 --- Left_NotFirstColum -- 87 | Delta Cursor 58 (= 59 | first (position) > 1 ; 60 | position’ = { first(position) - 1, second(position) } 61 -o 2 63 --- Left_FirstColumntlotFirstRow -- 64 | Cursor ; 65 <- 66 | first(position) = 1 ; 67 I second(position) > 1 ; 68 | position’ = ( numbcols, second(position) - 1 ) 69 - —- 0 1 Left_ktHome_CanNotMove ~ 2 | Xi Cursor ; 3 | report! : REPORT 74 la 5 | position = HomePosition ; 76 | report! = ERROR_AtHome_CanNotMove_Left 7 - B © University of Westminster 2013MODULE CODE: ECSE610 Page 11 of 18 MODULE TIT! Eormal Specification 79 Left_Success == ( Left_NotFirstColum 80 \/ Left_FirstColumnlNotFirstRow ) 81 7\ ReportSuccess 82 83 Left_Errors ="= Left_AtHome_CanNotMove 84 85 86 Left Pressed_LeftKkey 87 /\ ( Left_Success \/ Left_Errors ) A.2 BMgX 2e Version XY_COORDINATE == N xN | numbeols, numbrowe : Ni KEY DownKEY | LeftKey | CurrentPositionKey REPORT ::= Success | BRROR_OnLastRow-CanNotMove_Down | BRROR_AtHome_CanNotMove_Lejft | SCREEV :NON | HomePosition : XY_COORDINATE Cursor position : XY COORDINATE position C SCREEN InitialCursor position = HomePosition © University of Westminster 2013MODULE CODE: ECSE610 Page 12 of 18 MODULE TITLE: Formal Specification ReportSuccess © [report! : REPORT | report! = Success] Pressed_DownKey © key? : KEY | key? = DownKey) _—Down_NotLastRow — ACursor second(position) < numbrows position’ = (first(posttion), second(position) + 1) _—Down_OnLastRow_CanNotMove —— —__________ Jursor report : REPORT second (position) = numbrows report! = ERROR_OnLastRow_CanNotMove_Down, Down Success = Down_NotLastRow A ReportSuccess Down_Brrors = Down_OnLastow.CanNotMove rressed_DownKey \ (DownSuccess V Down.ERRORS) Down Pressed_LeftKey © (key? : KEY | key? = LeftKey] Left..NotFirstColumn ACursor ‘first(position) > 1 position’ = {first(position) — 1, second(position)} _—Left_FirstColumnNotFirstRow — Cursor (first(position) = 1 second(position) > 1 position! = (numbcals, second(position) — 1) © Uoiversty af Westminstor 2013,MODULE CODE: ECSE610 Page 13 of 18 MOOULE TITLE: Formal Specification — Left-AtHomeCanNotMove — ECursor report! : REPORT position = HomePosition report! = ERROR_AtHome_CanNotMove_L Left Success = (Left_NotPFirstColumn V Left_FirstColumnNotFirstRow) A ReportSuecess Left-Errors = Lejt_AtHome_CanNotMove Left = Pressed LeftKey \ (Left. Success V Left-Errors) © University of Westminster 2013MODULE CODE: ECSEG10 Page 14 of 18 MODULE TITLI ‘ormal Specification Appendix B. ZTC Type Check Log File . Initializing. . Loading 2 mathematical tools Library: mathO.zbx Parsing main file: cursor.zbx . Type checking Equivalence definition: XY_COORDINATE. "cursor.zbx" Line 3 .. Type checking Axiom box. "cursor.zbx" Line 5 . Type checking Free type definition: KEY. "cursor.zbx" Line 7 .. Type checking Free type definition: ERROR. "cursor.zbx" Lines 9-10 . Type checking Free type definition: REPORT. “cursor.zbx" Line 12 Type checking Axiom box. "cursor.zbx" Line 14 . Type checking Axiom box. "cursor.zbx" Line 16 Type checking Schema box: Cursor, “cursor.zbx" Lines 18-21 Typing error. "cursor.zbx" Line 21. Type mismatch: Infix relation Type checking Schema box: InitialCursor. "cursor.zbx" Lines 24-27 . Type checking Schema definition: ReportSuccess. "cursor.zbx" Line 30 Type checking Schema definition: Pressed_DownKey. "cursor.zbx" Line 32 Typing error. "cursor.zbx" Line 32. Undefined name: DownKey ‘Type checking Schema box: Down _NotLastRow. "cursor.zbx" Lines 34-38 Typing error. "cursor.zbx" Line 37. Mapping expected: » Type checking Schema box: Down_OnLastRow_CanNotNove. "cursor.zbx" Lines 41-46 Typing error. "cursor.zbx" Line 46. Type mismatch: . Type checking Schema definition: Down_Success. "cursor.zbx" Line 49 . Type checking Schema definition: Down_Errors. "“cursor.2bx" Lane 51 Syntax error. "cursor.zbx" Line 53, near "Down_ERRORS" ..» Type checking Schema definition: Pressed_LeftKey. “cursor.zbx" Line 55 ..+ Type checking Schema box: Left_NotFirstColumn. "cursor.zbx" Lines 67-61 --- Typing error. "cursor.zbx" Line 61. Type mismatch: . Type checking Schema box: Left_FirstColumNotFirstRow. "cursor.zbx" Lines 64-69 --- Typing error. "cursor.zbx" Line 69. Undefined name: position’ « Type checking Schema box: Left_AtHome_CanNotMove. "cursor.zbx" Lines 72-77 Typing error. "cursor.zbx" Line 77. Undefined name: report! ..+ Type checking Schema definition: Left_Success. "cursor.zbx" Lines 80-82 .» Type checking Schema definition: Left_Errors. "cursor.zbx" Line 84 - Reached the ena of the main file while parsing. ... Type checking Schema definition: Left. "cursor.zbx" Lines 87-88 End of main file: cursor.zbx Log written in "cursor.log" © University of Westminster 2013MODULE CODE: ECSE610 Page 15 of 18 Appendix C, Table of Z Syntax This appendix contains the Z notation for: sets, logic, ordered pairs, relations, functions, sequences, schemas and the schema calculus. C.1 Sets Z Notation ZiCi Description 7 } N N Set of natural numbers from 0 ] Nh [at z | Set of natural numbers from 1 Zz Zz _ Set of integers [ees x in S is an element of 5 a a¢s x notin 8 is not an element of S a Sor 8 subset T Sis a subset of T Siew! 8 subseteq T Sis a strict subset of T @. {} ES a Empty set wr Poo [Ps Power set of 7 | FS |FS 5 Finite power set of & Sur sit cs Union of 5 and T (sar StT Intersection of S and T SNe SNe Set difference of S and T #5 #8 7 | Number of elements in set 5 {D]PeB} |{diPCEy | Set comprehension Uss ~_ [Union 88 __| Distributed union of 5 * 3s Intersection 88 Distributed intersection of 5 iF Bee | Range of integers from i to j inclusive | disjoint (A, B, Cy disjoint << A, B, C >> | Disjoint sets A, B and C (A,B, CY partition 5 |<< A, B, © o> partition S| Sets A, B and C partition the set S © University of Westminster 2013MODULE CODE: ECSE610 MODULE TITLE: Formal Spécification Page 16 of 18 C.2 Logic Z Notation | ZTC _ Description [SP not Po not P PAQ |? and Q P and Q v@ Por Q Po @ +Q P= Q = P implies Q Pag P <> Q ___| Pis equivalent to @ S Wa:TeP | forall x: All elements = of type T satisfy P| Sc: TeP | exists x: P P| There exists an element x of type T| which satisfies P [a,2:TeP| existsi x : f @ P| There exists a unique element « of type T which satisfies P C.3 Ordered Pairs Notation | ZTC Description — ONE TEEN ~_| Cartesian product of X and ¥ (ay) Gy) Ordered pair rsy x>y Ordered pair, (maplet) first(,y) _| first, y) | Ordered pair projection function second(z,y) | second(x, y) | Ordered pair projection function C.4 Relations ion [ZTC__| Description > Set. of relation PO & ¥)_| Set of relations between X and Y between X and ¥ | main of relation Domain restriction of Rtotheset S| Domain anti-restriction of Z by the set S_| Range restriction of to the set 5 Range anti-restriction of Rt by the set 5 | i overridden by relation Ii [R => Q__ | Relational composition R (1S 1) | Relational Image of the set Sof relation | id X__| Identity relation Re __[Tnverse relation c jj [Re Transitive closure of Re Reflexive-transitive closure of R © University of Westminster 2013MODULE CODE: ECSE610 MODULE TITLE: Formal Specification C.5 Functions [ Notation | ZTC | Description +4 _| Finite function >#45 | Finite injection +=>_| Partial function Total function Partial injection Total injec Partial surjection Tglejr]zfsjelate C.6 Sequences Page 17 of 18 Fronts Notation [ ZTC Description seq X seq X Finite sequences of type X = seq, X__ | seqi X Non-empty finite sequences of type X | iseq X injective finite sequences of type X ) __| Empty sequence att Concatenation of the sequences s and ¢ head 8 First element of a non empty sequence tail 8 | All but first element of a non empty sequence last s Last element of a non empty sequence All but last element of a non empty sequence revs rev s Sequence Reversal ‘squash s | squash s | Sequence Compaction $prefix t |s prefix t | s is a prefix of t a. ssuffixt |s suffix t | ssa suffix of t sint s subseq t | 5 is a sub-sequence of t | C.7 Schema Calculus Description Ts; D I CJ [Schema inclusion s? ‘[/Schema decoration Delta § ‘A (Delta) Convention = (Xi) Convention © Universiy of Westminster 2013 T __| Schema Conjunction (Sand T) | | Schema Disjunction (S or T)MODULE CODE: ECSE610 Page 18 of 18 MODULE TITLE: Formal Specification ©.8 Schemas Types: Z & ZTC Schema Boxes Axiom Schema declarations constraints | declarations ie | constraints Generic eit. declarations =(X, Y]= | declarations = a | constraints Linear Schema 5 © [declarations | constraints] S == [ declarations | constraints ] State/Operation Schema — Operation declarations constraints --- Operation - | declarations ie a | constraints © University of Westminster 2013