1

CIT Phone DirectoryZ Specification Document

2

Sections of a Z document

• Introduction• Types used in the specification• State and its invariant properties• Initial state• Operations and enquiries• Error handling• Final versions of operations and enquiries

3

1. Introduction

• The CIT wants to write Z specifications for their phone directory. Some people have two phones, and others may share the same phone.

4

2. The Types

[PERSON, PHONE] RESPONSE :: = OK | alreadyKnown |notKnown

5

3. State definition

Directory staff: PERSONℙ dir: PERSON PHONE

staff = dom dir

X Yis the set of relations between X and Y

6

4. Initial State

InitDirectory

staff =

7

5. Operations (AddItemOK)

AddItemOK Directory name?: PERSON num? : PHONE; r!: RESPONSE {name? num?} ↦ dir staff’ = staff {name?} dir’ = dir {name? num?} ↦ r!=OK

8

5. Operations (DeleteItemOK)

DeleteitemOK Directory name? : PERSON num? : PHONE

name? Œ num? dir dir’ = dir \ {name? num?}↦

9

Using maplet notation

• The maplet Œ symbol is used to describe the relation elements:

TeacherCourse == { bb ΠITBP120, hh ΠITBP220,

ya ΠITBP120, bb ΠSWEB320}

bb Œ ITBP120 is read as “bb maps to ITBP120”.

10

• Teacher-Course == { b Œ ITBP120, hh Œ ITBP220,

ya ΠITBP120, bb ΠSWEB320}

• Domain:

dom Teacher-Course = { bb, hh, ya }

• Range:

ran Teacher-Course = { ITBP120, ITBP220, SWEB320}

Relations: domain and range

11

Operations on relations• Teacher-Course ==

{ bb ΠITBP120, hh ΠITBP220, ya ΠITBP120, bb ΠSWEB320}

• Domain restriction Restricts the relation to only those pairs in which the first element is contained in the set provided:

{ hh } Teacher-Course = { hh ΠITBP220 }

12

Operations on relations

• Range restriction Restricts the relation to only those pairs in which the second element is contained in the set provided:

Teacher-Course {ITBP120} = { ya ΠITBP120, bb ΠITBP120 }

13

Operations on relations (continued)

• Domain subtraction (also known as domain anti-restriction)

Restricts the relation to only those pairs in which the first element is not contained in the set provided:

{ bb } Teacher-Course = {hh ΠITBP220, ya ΠITBP120}

14

Operations on relations (continued)

• Range subtraction (also known as range anti-

restriction)

Restricts the relation to only those pairs in which the second element is not contained in the set provided:

Teacher-Course { ITBP120 } = {hh ΠITBP220, bb ΠSWEB320}

15

5. Operations (DeleteNameOK)

DeleteNameOK Directory name? : PERSON

name? staff dir’ = ?????

means the tuples whose first element is “name?” will not appear in dir’.

16

5. Operations (DeleteNameOK)

DeleteNameOK Directory name? : PERSON

name? staff dir’ = {name?} dir

means the tuples whose first element is “name?” will not appear in dir’.

17

5. Operations (DeleteNumOK)

DeleteNumOK Directory num? : PHONE

num? ran dir dir’ = ?????

means the tuples whose second element is “num?” will not appear in dir’.

18

5. Operations (DeleteNumOK)

DeleteNumOK Directory num? : PHONE

num? ran dir dir’ = dir {num?}

means the tuples whose second element is “num?” will not appear in dir’.

19

5. Operations (ListNumOK)

ListNumOK Directory name? : PERSON phones! : P PHONE

name? staff

phones! = {n: PHONE | (name? n) ↦ dir}

20

5. Operations (ListNamesOK)

ListNameOK Directory num? : PHONE names! : P PERSON

num? rang dir

names! = {n: PERSON | (n num?) ↦ dir}

21

5. Error Handling

AddItemError UAEUSystem name? : PERSON num? : PHONE reply! : RESPONSE

(name? num?) ↦ dir reply! = alreadyKnown

22

6. Final Versions of Operations and Enquiries

The final versions of operations can be specified, in a linear form, as follows:

AddItem ≡ AddItemOK v AddItemError

23

Modification of functionsConsider the following function:

studentproject: PERSON PROJECT studentproject = { Noura Œ projectA, Aisha Œ projectB }If Noura has changed a project, we should change our function. How? We can use Union: studentproject’ = studentproject { Noura Œ newProject }But this produces a relation, not a function: studentproject’ = {Noura Œ projectA, Aisha Œ projectB ,

Noura ΠnewProject }

24

Modification of functions (continued)

As a solution, Z provides the function override operator studentproject’ =

studentproject { Noura ΠnewProject }

So the new studentproject set is:

{Noura ΠnewProject , Aisha ΠprojectB }

25

Function override operator

Function override adds pairs from f1 to f2 such that it:• acts as a set union when no element of f2 is mapped

anywhere by f1 (dom f1 dom f2 = ),

{Noura ΠprojectA } { Khadija ΠprojectC } =

{Noura ΠprojectA } {Khadija ΠprojectC }

26

Function override operator

Function override adds pairs from f1 to f2 such that it:• acts as a domain subtraction and a set union, if any

element of f2 is mapped anywhere by f1,{Noura ΠprojectA } {Noura ΠnewProj}

=

({Noura } studentproject) {Noura ΠnewProj}

27

The Exam Schedule Z Specification4. Operations (AddExam)

AddExam ExamSchedule

course? : COURSEdate?: DATE

course? coursescourses’=courses {course?}exam’ = exam {course? date?}

Difference between and

28

The Exam Schedule Z Specification4. Operations (ChangeDate)

ChangeDate ExamSchedule

course? : COURSEdate?: DATE

course? courses

exam’ = exam {course? date?}

Difference between and