1. No category

the z notation

Z NOTES
Terry Marris July 2004
CONTENTS
1
2
3
4
5
6
7
8
9
Sets
Basic Types
The Integer Type
Predicates
Schemas
Set Types
Set Operations
Schema Calculus
Binary Relations
2
1 SETS
INTRODUCTION
Sets are the foundation of all mathematics and our attempts to describe the world about us.
We look at the properties of sets and some simple ways of describing them. We explain that a
set is a collection of similar objects. We see how to display a set. We see that a set has no
duplicates and no order. We examine a convention for naming sets. We look at some
standard sets. We learn how to define number ranges. We examine the concepts of
cardinality, membership and equality.
1.1 OBJECTS AND SETS
An object is anything we can see, smell, hear, taste, touch or think about. A collection of
similar objects is called a set. Examples of sets include
• the collection of people who have enrolled on this year's Access course
• the collection of leap years since 1986
• the collection of three letter passwords that can be generated from the letters a, b
and c
EXERCISE 1.1
Identify five sets drawn from your surroundings and experience.
3
1.2 SET DISPLAY
One way to describe a set is to list its contents. For example:
{ tom, anne, jerry }
{ 1988, 1992, 1996, 2000, 2004 }
{ abc, bca, cab, acb, bac, cba }
We use curly brackets to separate the list from its surroundings. The objects that make up a
set are known as its elements or members. We separate one member from the next by a
comma.
Describing a set by listing its contents is called set display.
A set is defined by its contents alone. So the order in which you write the elements in a set
display is not important. It makes no sense to talk about the first or last element in a set, or to
say that one element comes before another.
{ tom, anne, jerry } is the same as { anne, jerry, tom }
If two elements in a set are the same, the repeated element is ignored. Writing the same
element more than once is harmless but confusing. So we leave out repeats.
{ tom, tom, jerry, anne } is better written { tom, jerry, anne }
EXERCISE 1.2
Use set display notation to describe the sets given below.
1 the set of days you are timetabled to be in college.
2 the set of digits used in base 10 arithmetic (denary).
3 the set of digits used in base two arithmetic (binary).
4 the set of colours seen on a rainbow.
5 the set of departments in a small, manufacturing business.
4
1.3 NAMING A SET
If a set has too many members to conveniently list, we can simply give them descriptive
names.
PERSON - the set of all people
LEAPYEAR - the set of all leap years ever
PASSWORD - the set of all possible passwords
We follow the convention that names we choose for our sets
• are written entirely in capital letters - PERSON not Person
• are singular - PASSWORD not PASSWORDS
• do not contain spaces, underscores or hyphens - LEAPYEAR not LEAP YEAR
EXERCISE 1.3
Evaluate the names for the set of book titles shown below against the convention for naming
sets described in section 1.3 above.
1 BOOKTITLE
2 BOOK TITLE
3 BookTitle
4 BOOK_TITLE
5 BOOKTITLES
5
1.4 SOME STANDARD SETS
Some sets have names already assigned to them.
Z (say fat zed) - the set of all whole numbers, negative, zero and positive. -1, 0, 1 are
members of this set.
N (say fat en) - the set of natural numbers including zero. 0, 1, 2 are members of this set.
0 - the empty set, the set with no members. Think of an empty bag - there is nothing in it.
Z and Z are not the same thing. Z is the name of a notation that uses maths to specify
computer systems. Z is the set of all whole numbers. Whole numbers are also known as
integers.
EXERCISE 1.4
Explain the difference between
1 Z and Z
2 0 and {}
6
1.5 NUMBER RANGE
If a sequence of integers form a set, we can use number range notation.
1..7 (say 1 up to 7) is the set of all integers between 1 and 7 inclusive.
1..7 is the set { 1, 2, 3, 4, 5, 6, 7 }. Note that there are just two dots between the two integers
that mark the beginning and end of the sequence.
EXERCISE 1.5
Use number-range notation to define the sets described below.
1 the number of people who may be allowed in a lift if its capacity is five people.
2 the set of hours used in 24-hour clock notation.
3 the set of numbers that define any person's age in years.
7
1.6 CARDINALITY
Some sets contain more members than we can count. Think of Z, the set of all possible
integers for example. No matter how many we count, there is always another one to be
counted. Such sets are called infinite sets.
Some sets contain a finite number of elements - we can count the number of elements they
contain. Look at the set { tom, anne, jerry }. We can see it has three elements.
The number of elements in a finite set is known as its cardinality. The symbol for cardinality
is #. So for example:
#{ tom, anne, jerry } = 3
#{ 1988, 1992, 1996, 2000, 2004 } = 5
#{ abc, bca, cab, acb, bac, cba } = 6
#Z is undefined
EXERCISE 1.6
State the value of
1 #{ spaceKey, tabKey, returnKey, arrowKey, functionKey }
2 #0
3 #N
8
1.7 MEMBERSHIP
If we look at the set { 1988, 1992, 1996, 2000, 2004 } we can see that 2000 is an element of
the set but 2001 is not. We write
2000 e { 1988, 1992, 1996, 2000, 2004 }
where e means is-a-member-of
And
2001 ‰ { 1988, 1992, 1996, 2000, 2004 }
where ‰ means is-not-a-member-of.
EXERCISE 1.7
Which of the following expressions are true and which are false? Explain why.
1 end e { if, else, while, repeat, until, end }
2 Key e { spaceKey, tabKey, returnKey, arrowKey, functionKey }
3 0‰0
4 3.142 e Z
5 -1 e N
9
1.8 EQUALITY
Two sets are equal if they both have exactly the same elements. For example
{ 1988, 1992, 1996, 2000, 2004 } = { 2000, 1996, 1988, 2004, 1992 }
= means is-the-same-as.
But if two sets do not have exactly the same elements, they are not equal. For example
{ 1988, 1992, 1996, 2000, 2004 } Î { 1988, 1992, 1996, 2000 }
are not equal because 2004 is a member of one set but not the other.
Î means is-not-the-same-as.
EXERCISE 1.8
Which of the following expressions are true and which are false? Explain why.
1 { robin, thrush, starling, sparrow, blackbird } = { wren, swallow, hawk, crow, magpie }
2 { 0, 1 } Î { 1, 0 }
3 { 1, 2, 4, 8, 16 } = { 16, 8, 4, 2, 1 }
10
REVIEW
We defined what a set is - a collection of similar objects. We saw how to display a set. We
learned that a set has no duplicates and no order. We saw how to choose names for a set. We
looked at some standard sets. We learned how to define number ranges. We examined the
concepts of cardinality, membership and equality.
Next, we look at basic types.
BIBLIOGRAPHY
BARDEN R., STEPNEY S. & COOPER D. 1994 Z in Practice Prentice Hall pp 377
JACKY J 1997 The Way of Z Cambridge pp 63
SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 25, 111
WOODCOCK J. & DAVIES J. 1996 Using Z: Specification, Refinement & Proof Prentice
Hall pp 57, 112
11
2 BASIC TYPES
INTRODUCTION
In the last chapter we looked at sets and some of their properties. We noted that elements in a
set are similar. It is this similarity that we focus on in this chapter.
To help describe the world about us, we classify objects into sets called types. We go on to
look at how we can represent any element in a set, no matter how large that set is. We look at
the properties of variables.
We see the importance of types in detecting errors and inconsistencies.
2.1 BASIC TYPES
There is just one inbuilt type that is part of the Z Notation; it is Z, the set of all integers. We
define all other types ourselves. We are in charge here.
We use a basic type when we want to just focus on essentials and hold off looking at details.
For example, a person has a name, a date of birth and an address. If we do not need to be
concerned with details such as title, forename, middle names and surname, we introduce the
type NAME, the set of all possible names. If we do not need to bother with days, months,
years and calendars (e.g. Chinese, Bengali and Gregorian) we introduce the type DATE, the
set of all possible dates. If we do not need to bother with house number, street, city and
postcode, we introduce the type ADDRESS, the set of all postal addresses. Focussing on
essentials is called abstraction.
To define basic types of our own choosing we just list them (in alphabetical order) as given
sets between square brackets, and explain what we mean by them. For example:
We introduce as given sets ADDRESS, DATE and NAME. ADDRESS is the set of all postal
addresses anywhere. DATE, the set of all possible dates in all possible calendars. NAME is
the set of all names in full that any person might have.
[ ADDRESS, DATE, NAME ]
12
EXERCISE 2.1
1 Explain what is meant by the term abstraction. Illustrate your explanation with an
example.
2 We are looking at defining a video rental system. A video has a title and a subject by
which it is classified. We do not need to know anything about the internal details of titles
and subjects. Introduce titles and subjects as given sets.
3 Each room in a hotel is given a number or a name. No two rooms have the same number
or name. Since the number or name uniquely identifies a room, introduce room id as a
given set.
2.2 DECLARATIONS
PERSON, the set of all possible people on this planet, is pretty large. If we want to refer to
just one of them we write
aPerson : PERSON
aPerson represents just one, any one, of all the possible elements in PERSON.
aPerson : PERSON is an example of a declaration. A declaration has two parts.
To the right of the colon is the name of a set; this name is PERSON.
To the left of the colon is a name for any element from that set; this name is aPerson. Since
we do not necessarily know which element aPerson represents, aPerson is called a variable.
A variable has a name (e.g. aPerson) a type (e.g. PERSON) and a value taken from the type.
Look at this declaration.
aPersonsAge : 0..130
The name of the variable is aPersonsAge. Its type is Z because the values 0, 1, 2, and so on
up to 130 are all elements from the larger set Z. We think of a type as an inclusive set. Each
element in the same set has the same type.
13
We cannot make a variable declaration if its type has not yet been introduced. For example,
we cannot declare
aRoom : ROOM
before introducing ROOM as a given set (by writing [ ROOM ] and describing what we mean
by ROOM).
We define it before we use it. This is known as the definition before use principle. But note
that the type Z is pre-defined; it is part of the Z notation. So you do not have to define Z
before you use it.
EXERCISE 2.2
1 An employee has an annual salary that is always a whole number of pounds. Declare a
variable to represent an employee's annual salary.
2 My car's thermometer displays air temperature to the nearest 0.5 degree Celsius. Thinking
that 18.5 degrees C could be represented by 185, and 19 degrees by 190, declare a variable
to represent the temperature displayed by my car's thermometer.
3 The printable characters found on a keyboard include letters of the alphabet, e.g. a, b, c, X,
Y, Z, digits e.g. 1, 2, 3, symbols e.g. /, >, &, and white space such as tab and spacebar.
Introduce a suitable type and declare a variable that could represent one of these printable
characters.
4 In an office supplies catalogue, items of stationery are identified by their catalogue
number. Introduce suitable types and declare variables that could represent items of
stationery and their catalogue numbers.
5 Snakes and Ladders is a game played on a board of 100 squares, numbered 1 to 100.
Declare a variable that could represent the position of a square on the board.
14
2.3 NAMING VARIABLES
We choose our own names for variables. We choose descriptive names whenever clarity is
required. For example.
aPersonsAge : 0..130 rather than a : 0..130
We choose a single letter when there is no doubt about clarity (but readers often appreciate
more descriptive names).
p : PERSON is ok but
aPerson : PERSON
might be preferable.
We follow the convention that names we choose for our variables
• start with a lower case letter - person not Person
• are written entirely in lower case except the first letter of each word in the name aPersonsAge not apersonsage
• do not contain spaces, underscores or hyphens - anAddress not an Address
Writing variable names in a mixture of lower and upper case (capital) letters helps us to tell
them apart from type names, which are written entirely in upper case.
EXERCISE 2.3
Evaluate the variable names shown below against the convention for naming variables
described in section 2.3 above.
1 numberOfPersons : 0..5
2 NumberOfPersons : 0..5
3 number Of Persons : 0..5
4 NUMBEROFPERSONS : 0..5
5 n : 0..5
15
2.4 CONSISTENCY
Every Z object is a type of one kind or another. This is important because it helps us discover
inconsistencies in what we write.
For example, given the type
[ PERSON ]
and the declarations
p, q : PERSON
r:Z
p = q is consistent because both p and q are variables of type PERSON.
But to say p = r is a nonsense because p is of type PERSON and r is of type integer. How
can you say that a person and an integer are the same object?
EXERCISE 2.4
1 Comment on the validity of the expression { red, blue, green } = { 1, 2, 3 }
2 Given CHARACTER is the set of all printable characters found on any computer keyboard
for any country,
[ CHARACTER ]
and the declaration
ch : CHARACTER
comment on the validity of the expression
ch e Z
3 Given the declaration
capacity : Z
comment on the validity of the expression
capacity = 5
16
REVIEW
We have seen that a basic type is a given set name. We think of a type as being an inclusive
set. We noted that all the elements of a set belong to the same type.
We looked at declarations. A declaration introduces a variable and associates it with a type.
We looked at the importance of types in reducing inconsistencies and errors.
We shall look at composite types such as set types, Cartesian product types and schema types
in later chapters.
Next, we look at the integer type.
BIBLIOGRAPHY
BOTTACI L & JONES J. 1995 Formal Specification Using Z Thompson pp 139
JACKY J. 1997 The Way of Z Cambridge University Press pp 64
NORCLIFFE A. & SLATER G. 1991 Mathematics of Software Construction Ellis Horwood
pp 43
SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 7, 24, 51
WOODCOCK J. & DAVIES J. 1996 Using Z: Specification, Refinement and Proof Prentice
Hall pp 70
17
3 THE INTEGER TYPE
INTRODUCTION
In the last chapter we looked at types. A type is an inclusive set and all the elements of a set
belong to the same type. We looked at declarations. A declaration introduces a variable and
associates it with a type. We looked at how consideration of types helps us to detect
inconsistencies and errors.
Now we go on to look at the integer type in more detail. We review the arithmetic operations
+, - and *, div and mod. We introduce max and min. We look at the numerical comparison
operators <, ¯, > and ˘. And we look at rules of precedence.
3.1 THE ARITHMETIC OPERATORS
The type Z is the set of all possible integers.
... -3, -2, -1, 0, 1, 2, 3, ...
We can add two integers together.
7 + 3 = 10
We can subtract one from another.
10 - 7 = 3
7 - 10 = -3
We can multiply two integers.
7 * 3 = 21
But we have a problem with division.
7 / 3 = 2.3333
2.3333 is not an integer.
Z provides the div and mod operators so the problem does not arise.
[ * means multiply ]
[ 21/3 = 2.3333 ]
18
3.2 THE div AND mod OPERATORS
We may remember from our days at junior school, before we learned about decimal points
and how to use a calculator, that
7 ÷ 3 = 2 remainder 1
[ because 7 = 3 x 2 + 1 ]
div (for integer division) works in a similar way to ÷ but without the remainder. So
7 div 3 = 2
div gives the integer result after dividing one integer by another. Any remainder or fractional
part is truncated, cut off and lost.
mod (for modulo) works in a way similar to remainder. So
7 mod 3 = 1
mod gives the integer remainder after dividing one integer by another.
We remember that division by zero is not defined. So both
7 div 0 and 7 mod 0
have no defined answer.
div and mod are part of the Z Notation.
EXERCISE 3.1
1 Evaluate
a 16 div 3
b 20 div 4
c 5 div 5
d 4 div 5
e 7 div 5
b 20 mod 4
c 5 mod 5
d 4 mod 5
e 7 mod 5
2 Evaluate
a 16 mod 3
19
3.3 ARITHMETIC OPERATOR PRECEDENCE
Precedence is the order in which operations are always carried out. In arithmetic:
brackets have the highest priority
then *, div and mod in the order written from left to right
then + and - in the order written from left to right.
For example:
(40 - 32) * 5 div 9
= 8 * 5 div 9
= 40 div 9
= 4
[ brackets first ]
[ multiply ]
[ integer division ]
EXERCISE 3.2
Evaluate
1 5+7*9
2 (5 + 7) * 9
3 5 div 9 * (212 - 32)
4 Given the declaration n : Z and the observation n div 2 = 0, what can you conclude about
n?
5 Given the declaration n : Z, what is the set of possible results of n mod 5?
20
3.4 max AND min
Z also provides the max and min operators. max gives the largest value in a non-empty set of
integers, and min the least value. For example:
max{ 11, 7, 13, 3, 5 } = 13
min{11, 7, 13, 3, 5 } = 3
EXERCISE 3.3
Evaluate
1 min{ -1, 0, 1 }
2 max{ 3, 4, 7, 1, 2 }
3 max{ }
21
3.4 THE NUMERICAL COMPARISON OPERATORS
40% is a critical mark in some exams. A mark of 40 or more is a pass. A mark of 39 or less
is a fail. The boundary between fail and pass is shown on the number line below.
number line
37
38
39
fail
41
40
42
43
pass
39 is-less-than 40. We write 39 < 40. < means is-less-than.
41 is-more-than 40. We write 41 > 40. > means is-more-than.
< and > are known as comparison or relational operators. They are easy to remember. Less
than has its point on the Left. MoRe than has its point on the Right.
Evidently
39 < 40
40 < 39
is true
is false
40 > 39
39 > 40
is true
is false
And
¯ means less-than-or-equal-to. ˘ means more-than-or-equal-to. So
39 ¯ 40
40 ¯ 40
41 ¯ 40
is true
is true
is false
40 ˘ 39
40 ˘ 40
40 ˘ 41
is true
is true
is false
And
22
EXERCISE 3.4
1 Given the declaration n : Z and that n ˘ 0 and n < 10 are both true, write down the set of
values that n belongs to.
2 Given the declaration n : Z and that n div 10 > 0 and n div 10 ¯ 20 are both true, write
down the set of values that n belongs to.
3 Given the declaration n : Z and that n < 0 and n > 9 are both true, what can you conclude
about the values of n?
REVIEW
We looked at the integer type in more detail. We reviewed the arithmetic operations +, - and
*, div (integer division) and mod (integer remainder) We introduced max and min - the
largest and least values in a non-empty set of integers. We looked at the numerical
comparison operators < (less than), ¯ (less than or equal to), > (more than) and ˘ (more than
or equal to). And we looked at rules of precedence (brackets, times and divide, add and
subtract) for the arithmetic operations.
Next, we see how the values of variables may be constrained by predicates.
BIBLIOGRAPHY
SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 108
23
4 PREDICATES
INTRODUCTION
In the last chapter we looked at the integer type. We reviewed the arithmetic operations +, and *, div and mod. We introduced max and min. We looked at the numerical comparison
operators <, ¯, > and ˘. And we looked at rules of precedence for the arithmetic operations.
Now we see how the values of variables may be constrained by predicates and how satisfying
a predicate defines a set. The types of predicate we shall discuss include
=, e
<, >
¶, v
equals and membership
relations: less than and more than
connectives: conjunction (and) and disjunction (or)
4.1 PREDICATES
A declaration introduces a variable. For example
n:Z
introduces the variable named n, of type Z, without any constraints or bounds on the values
that n may have.
Suppose we require n to be not less than one, values 1, 2, 3, ... are what we require. To
declare that n is more than zero we would write
n>0
n > 0 is an example of a predicate. Values 1, 2, 3, ... and so on are said to satisfy the
predicate n > 0, i.e. make n > 0 true.
Putting the declaration and predicate together, as shown below, specifies a set.
{ n:Z|n>0}
The declaration and predicate parts are separated by a | symbol. The declaration to the left of
the | is the source of the elements of the set. The predicate to the right of the | is like a filter:
only elements whose values are more than zero pass through the filter. The set just defined
24
above is the set of all integers greater than zero, that is, the set of natural counting numbers
from one upwards.
{ n : Z | n > 0 } = { 1, 2, 3, ... }
[ Note: the ... is not Z. It means and so on.
We write it to help our understanding. ]
We define a predicate in terms of the set of objects that satisfy it.
Look at this example.
{ n : Z | n e 1..5 } = { 1, 2, 3, 4, 5 }
The declaration n : Z is the source. The predicate n e 1..5 is the filter. It says n is a member
of the set of integers from 1 up to 5 inclusive. Only elements from Z that satisfy the
predicate pass through the filter .
A predicate puts a constraint on the values a variable might have. For example
capacity : Z
capacity = 10
says capacity is 10.
We could use the declaration and predicate together to define the set containing just one
integer element, 10.
{ n : Z | n = 10 } = { 10 }
EXERCISE 4.1
Using set display notation write out the contents of the sets defined below. If the set is too
large to conveniently list, write down just five elements from the set.
a {n:Z|n˘0}
b { n : Z | n e 0..5 }
c { n : 1..9 | n mod 2 = 0 }
d { h : 0..23 | h < 12 }
25
4.2 THE CONNECTIVES
The connectives include conjunction (and) and disjunction (or). They allow us to connect
smaller predicates together to form larger ones.
For example, given the declaration n : Z, here are two small predicates that say n is more than
zero and n is less than 6.
n>0
n<6
Now join them together with a ¶, which means and-at-the-same-time.
n>0¶n<6
We then have a composite predicate known as a conjunction. This predicate is true if n is
more than 0 and, at the same time, n is less than 6.
{ n : Z | n > 0 ¶ n < 6 } = { 1, 2, 3, 4, 5 }
n>0¶n<6
number line
...
-1
0
1
2
3
4
5
6
...
26
Here are two small predicates that say n is less than 1 and n is more than 5.
n<1
n>5
Now join them together with v, meaning or.
n<1v n>5
We then have a composite predicate known as a disjunction. The predicate is true if either n
is less than 1 or n is more than 5.
{ n : Z | n < 1 v n > 5 } = { ..., -2, -1, 0, 6, 7, 8, ...}
This is the set of all integers excluding { 1, 2, 3, 4, 5 }
n<1
n>5
number line
-2
-1
0
1
2
3
4
5
6
7
It is easy to remember what the two symbols ¶ and v mean when you notice that the ¶ looks
a bit like the A in And.
EXERCISE 4.2
Using set display notation enumerate (list) the contents of the sets defined below. If the set is
too large to enumerate then list just five elements from the set.
a { n : Z | n ˘ -1 ¶ n ¯ 1 }
b {d:Z|d˘1¶d¯7}
c {n:Z|n=0v n=1}
d { n : Z | n ˘ 0 ¶ n mod 10 = 0 ¶ n div 10 ¯ 10 }
e { m, n : Z | n > 1 ¶ m > 2 ¶ n mod m Î 0 }
27
REVIEW
We saw how the values of variables may be constrained by predicates. We saw how to define
a predicate in terms of the set of objects that satisfy it. We discussed predicates including
=, e
<, >
¶, v
equals and membership
the relations less than and more than
the connectives conjunction and disjunction
Next we see how schemas describe computer systems, a named combination of declarations
with predicates.
BIBLIOGRAPHY
JACKY J. 1997 The Way of Z Cambridge University Press pp 63, 66, 74, 96
SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 28, 67
WOODCOCK J. & DAVIES J Using Z: Specification, Refinement and Proof Prentice Hall
pp 28, 81
28
5 SCHEMAS
INTRODUCTION
In the last chapter we saw how the values of variables may be constrained by predicates and
how satisfying a predicate defines a set. The types of predicate discussed included
=, e equals and membership
<, > the relations less than and more than
¶, v the connectives conjunction (and) and disjunction (or)
Now we see how to combine declarations and predicates into structures called schemas. A
schema represents a system's state. A collection of schemas models the behaviour of a
computer system. We look at pre-conditions.
5.1 SYSTEM
The system we shall look at is a simple counter. A counter would be used, for example, to
count the number of vehicles passing a census point, the number of people entering a stadium
or the number of fleas in a bird's nest.
EXERCISE 5.1
Describe three other situations where a counter might be used.
29
5.2 STATE
The contents of a system's memory are called its state. For our counter system that would be
the current value of the count together with the maximum it can reach.
We would have the initial state when the count is zero, maximum is 9999 (say).
Initial state: count = 0, maximum = 9999
We might have an interim state when the count is between zero and the maximum value that
count can have.
Interim state: count = 147, maximum = 9999
We might have an end state when the count has reached it maximum value and cannot be
advanced any further.
End state: count = 9999, maximum = 9999
Effectively, the state of a system is the collection of values stored in its variables.
EXERCISE 5.2
A cash point machine has a number of £10 notes available for issue to customers. Describe
three distinct states of the cash point machine.
30
5.3 ABBREVIATION DEFINITION
Count and maximum are whole numbers. We could represent them as integers of type Z, but
that will allow negative values for count and maximum. So we introduce N (say fat N) as an
abbreviation for the set of all natural (integer) counting numbers including zero but excluding
negative values.
N == { n : Z | n ˘ 0 }
Declaring N in this way allows us to use the relational operators < and .> as well as =. The
type of N is Z.
If we had introduced N as a given set like this
[N]
and if we had variables a, b : N, then for sure we could write a = b, but we could not write,
for example, a < b. The only number type that is part of the Z Notation is Z.
The == is known as the definition symbol. We cannot use = because its is reserved for the
equals predicate.
EXERCISE 5.3
Introduce and define the set N1, the set of all natural counting numbers from 1 upwards,
excluding zero and negative numbers.
31
5.4 SYSTEM STATE SCHEMA
A counter has just two variables, one that we shall name count, one that we shall name
maximum. count can equal, but never exceed, maximum. Variables are derived from what an
object has.
A schema is a set of variables together with a set of predicates constraining those variables.
A schema is drawn as an open box - see below.
Counter
count : N
maximum : N
count ¯ maximum
Our schema, named Counter and shown above, has two variables, count and maximum, and
one predicate count ¯ maximum. count is constrained to be a value between zero (because its
values are drawn from the set N) and maximum (whatever value that is) inclusive.
We (nearly) always start schema names with an uppercase letter. A schema name cannot
contain spaces.
The variables are declared above the line that separates declarations from predicates. The
variables' scope is strictly confined to the schema. This means that you cannot refer
Counter's variables count and maximum outside the schema.
The predicates are described below the dividing line. If there were more than one predicate,
they would all be joined by conjunction - the ¶ symbol is assumed - by default.
The variables of a schema are described as its components. The predicates of a schema are
described as its property.
The schema shown is the system state schema. No matter what process we define, add 1 to
count, report on the value stored in count, subtract one from count, for example, we are
obliged to ensure that the predicate count ¯ maximum is always satisfied.
The schema that describes a system's variables, and predicates on those variables, is called a
system state schema. It represents an object's state, the collection of values stored in its
variables at a moment in time. Its variables are called state variables.
The processes that we shall describe in other schemas both update and report the values
stored in the state variables, count and maximum.
32
5.5 THE INITIAL STATE
We describe the state the system is in when it is first started. The InitCounter schema defined
below describes the initial state of Counter.
InitCounter
Counter
count = 0
maximum = 9999
The line Counter says include all the variables defined in the Counter schema (count and
maximum in this instance) and all the predicates (count ¯ maximum in this instance).
InitCounter written out in full is shown below.
InitCounter
count : N
maximum : N
count ¯ maximum
count = 0
maximum = 9999
The initial state is that count is zero, maximum is 9999. There is nothing special about 9999 it is a randomly chosen value.
We can see at a glance that the predicates are consistent - there are no contradictions.
The mechanism of schema inclusion, just by quoting the schema's name, allows us to
• concentrate on just a few things at a time
• keep schemas small and simple
• re-use pre-written schemas in different contexts or situations.
33
5.6 QUERY SYSTEM STATE
The schema QueryCount shown below outputs the current value of count.
QueryCount
XCounter
count! : N
count! = count
XCounter (say Xi Counter) says include all the variables and predicates defined in the
Counter schema; the values stored in these variables will not change.
The declaration count! : N says count output is drawn from the set N. The ! mark stands for
output.
The predicate count! = count says count output is the same as the (system variable) count.
34
5.7 CHANGE SYSTEM STATE
Not only does a schema define and report on a system's state, it also describes changes in that
state.
The value of count does not remain the same forever. From time to time the counter will be
clicked and the value stored in count will be moved on. The Click schema shown below
updates the count system state variable but leaves the maximum variable unchanged.
Click
DCounter
count < maximum
count' = count + 1
maximum' = maximum
DCounter (say delta Counter) says
• include all the variables and predicates defined in the Counter schema
• the values stored in some (or all) of these variables may well change
• decorate each variable with a ' to represent the state after an update has taken place
Writing out the schema in full we get
35
Click
count : N
maximum : N
count' : N
maximum' : N
count ¯ maximum
count < maximum
count' = count + 1
maximum' = maximum
count' = count + 1 says the updated value of count is the same as the original value of count
plus one. So, for example, if count was 4, count' would be 5. count' and count are both the
same variable. The ' in count' means the state of count after an update has taken place.
maximum' = maximum says the value after an update is the same as the one before the update.
In other words, its value remains unchanged.
The essential requirement is that count ¯ maximum at all times. If count = maximum how can
count' = count + 1 be met? We need ensure that count is strictly less than maximum before
adding 1 to it. We do this by specifying the pre-condition
count < maximum
A pre-condition of an operation schema describes the set of states for which the outcome of
the operation is defined. In our Click operation schema, the set of states for which the
outcome is defined is count e 1..9998. If count = 9999 for example, then the outcome of the
schema is undefined - we have no way of knowing what it will be; it could be anything.
EXERCISE 5.4
1 Write and fully explain a schema named Cancel, which undoes a Click operation. Does
the cancel operation have a pre-condition? If so, what is it? If not, why not?
2 Write and fully explain a set of schemas for the car park system described below.
A car park has a capacity - a limited number of spaces. A count is maintained of the number
of cars currently occupying spaces. When a car enters the car park, the count is increased.
When a car leaves the car park the count is decreased. The system outputs the number of
spaces left in the car park.
36
REVIEW
We combined declarations and predicates into structures called schemas. We saw that a
schema represents a system's state. We saw how a collection of schemas models the
behaviour of a computer system. We looked at an example of a pre-condition. Next we look
at set types. A set type variable represents a collection of similar objects.
BIBLIOGRAPHY
BARDEN R., STEPNEY S. & COOPER D 1994 Z In Practice Prentice Hall pp 370
JACKY J. 1997 The Way of Z Cambridge University Press pp 49, 122
SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 7, 28, 48, 82, 128
WOODCOCK J. & DAVIES 1996 Using Z: Specification, Refinement and Proof Prentice
Hall pp 203
37
6 SET TYPES
INTRODUCTION
In Chapter One we looked at sets. In Chapter Two we looked at basic types and saw that a
type is itself a set. A variable of a basic type represents just a single element drawn from the
type set. Now we look at set types. A variable of a set type is itself a set and is used to
represent collections such as a class of students, a herd of cows and a set of hotel rooms.
6.1 PROPER SUBSETS
In Chapter Three we introduced Z, the set of all integers, negative, zero and positive. In
Chapter Five we defined N, the set of all positive integers including zero and excluding the
negative integers.
N == { n : Z | n ˘ 0 }
We say that N is a proper subset of Z because every element in N is also in Z and N Î Z. We
write
NcZ
where c means is-a-proper-subset-of.
EXERCISE 6.1
1 Which of the following expressions are true, which are false? Give reasons for your
answers.
a { mon, wed, fri } c { tue, thu, sat, mon, wed, fri, sun }
b { key } c { hotKey, deleteKey, escapeKey }
c { 1, 2, 5, 7, 11 } c { 11, 7, 5, 2, 1}
38
6.2 SUBSETS
A subset is part of a set, a set within a set. A is a subset of B if every element in A is also in
B. We write
AzB
where z means is-a-subset-of. To illustrate the point we list all the subsets of { 1, 2, 3 }.
They are
{1}
{2}
{3}
[the singletons]
{1,2}
{1,3}
{2,3}
[the sets of pairs]
{1,2,3}
[because every element in {1, 2, 3 } is also in { 1, 2, 3 }]
{}
[because if it was not, there would be an element in { }
that is not in { 1, 2, 3 }. But { } has no elements.
So { } must be a subset of { 1, 2, 3 }]
The empty set is a subset of every set.
If we make the following variable declaration:
x : F{1,2,3}
then x could be any one of the elements in
{ {}, {1}, {2}, {3}, {1,2}, {1,3}, {2,3}, {1,2,3} }
where each element is itself a set. x could be { } or { 1 } or { 2 } or { 3 } or { 1, 2 } or { 1, 3 }
or { 2, 3 } or { 1, 2, 3 }.
We say that x is a finite set of elements drawn from { 1, 2, 3 }. In short, x is a set.
Compare this with the declaration y : { 1, 2, 3 } which says y could be 1, or it could be 2, or it
could be 3, and nothing else. In short, y is a single value from the set { 1, 2, 3 }. The
difference in the two declarations is the presence or absence of fat F.
F { 1, 2, 3 } means the set of all subsets of { 1, 2, 3 }.
39
EXERCISE 6.2
1 List the possible values of b if b : F{ 0, 1 }
2 Explain the difference between a subset and a proper subset.
3 Explain the meaning of each of the expressions shown below:
a a e { a, b, c }
b { a } c { a, b, c }
c { a } e F { a, b, c }
40
6.3 SET TYPE DECLARATIONS
Access students study a number of subjects. Types here could include
STUDENT - the set of all students
SUBJECT - the set of all subjects
We might define
accessStudents : F STUDENT
accessCourse : F SUBJECT
and say accessStudents is a finite set of STUDENTs, accessCourse is a finite set of
SUBJECTs.
An example of accessStudents is { tom, deepak, harriet, anita, mayuri }.
An example of accessCourse is { maths, formalMethods, programming, systemsAnalysis }.
EXERCISE 6.3
1 Explain the difference between e and z.
2 Given [ PERSON ] the set of all people, explain the difference between
p : PERSON and q : F PERSON
3 A hotel system reserves rooms for guests from an arrival date to a departure date. Types
here could include
HOTEL - the set of all hotels
RESERVATION - the set of all reservations
ROOM - the set of all rooms
GUEST - the set of all guests
DATE - the set of all dates
Declare and explain variables to represent a single hotel, a finite set of rooms, a single
reservation and a finite set of guests.
41
REVIEW
We listed the subsets of a small set. We saw that set type variables store collections of
similar objects.
Next we look at the set operations union, intersection and difference.
BIBLIOGRAPHY
JACKY J. 1997 The Way of Z Cambridge University Press pp 69
SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 90
42
7 SET OPERATIONS
INTRODUCTION
In Chapter One we looked at sets. In Chapter Six we looked at subsets and set types. Now
we look at the set operations union, intersection and difference and see how sets may be
combined to create new sets. We look at set operator precedence.
7.1 SET UNION
The union of two sets is itself a set with all the elements from both sets combined.
{ 1, 2, 3, } U { 2, 3, 4 } = { 1, 2, 3, 4 }
The union operator, U, looks a bit like the u in union - only there is no tail.
EXERCISE 7.1
Evaluate each of the expressions shown below.
a { 1, 2, 3, 5, 8, 13 } U { 3, 5, 7, 11, 13 }
b { bigJ, littleJ, may, pat, alice } U { tom, denise, may }
c { daisy, buttercup } U { rani }
d { daisy, buttercup } U rani
43
7.2 SET INTERSECTION
The intersection of two sets is itself a set with elements that are common to both sets.
{ 1, 2, 3, } I { 2, 3, 4 } = { 2, 3 }
The intersection symbol, I, looks a bit like the n in intersection, only there is no tail.
EXERCISE 7.2
Evaluate each of the expressions shown below.
a { 1, 2, 3, 5, 8, 13 } I { 3, 5, 7, 11, 13 }
b { bigJ, littleJ, may, pat, alice } I { tom, denise, may }
c { daisy, buttercup } I { rani }
d { daisy, buttercup } I rani
44
7.3 SET DIFFERENCE
The difference of two sets is itself a set with the elements of the second set removed from the
first set.
{ 1, 2, 3, 4 } \ { 2, 3 } = { 1, 4 }
A useful trick here is to write out the first set, then cross out elements that are in the second
set. For example:
{ a, c, b, d }
\
{ a, f, e, b }
=
=
{ a, c, b d }
{ c, d }
EXERCISE 7.3
Evaluate each of the expressions shown below.
a { 1, 2, 3, 5, 8, 13 } \ { 3, 5, 7, 11, 13 }
b { bigJ, littleJ, may, pat, alice } \ { tom, denise, may }
c { daisy, buttercup } \ { rani }
d { daisy, buttercup } \ rani
45
7.4 PRECEDENCE
Precedence is the priority given to operations; those with the highest priority are evaluated
before those with the lower priority.
brackets ( ) have the highest priority
then intersection I
then union U and difference \
EXERCISE 7.4
Evaluate each of the set expressions shown below.
a { 1, 2, 3 } U { 2, 3, 4 } I { 3, 4, 5 }
b ({ 1, 2, 3 } U { 2, 3, 4 }) I { 3, 4, 5 }
c { 1, 2, 3 } U { 2, 3, 4 } \ { 3, 4, 5 }
d { 1, 2, 3 } \ { 2, 3, 4 } U { 3, 4, 5 }
e { 2, 3, 4 } \ { 3, 4, 5 } I { 1, 2, 3 }
46
REVIEW
We looked at the set operations union, intersection and difference.
The union of { 1, 2, 3 } and { 2, 3, 4 } is { 1, 2, 3, 4 } - the combined elements from both sets.
The intersection of { 1, 2, 3 } and { 2, 3, 4 } is { 2, 3 } - the elements in common to both sets.
The difference { 1, 2, 3, 4 } \ { 2, 3 } is { 1, 4 } - the elements from the first set with elements
in the second set removed .
We looked at the order of precedence: brackets first, then intersection, then union and
difference in the order they are written.
Next we look at the Schema Calculus - how to create larger schemas from smaller ones by
using conjunction and disjunction.
BIBLIOGRAPHY
JACKY J. 1997 The Way of Z Cambridge University Press pp 73
SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 90
STEWART I 1975 Concepts of Modern Mathematics Penguin pp 50
47
8 SCHEMA CALCULUS
INTRODUCTION
In Chapter Six we saw how declarations and predicates were combined in structures called
schemas. We saw that a schema represents a system's state, that a schema can change a
system's state, and that a collection of schemas models the behaviour of a computer system.
Now we go on to see how larger schemas may be formed by combining smaller ones using
conjunction (and) and disjunction (or).
8.1 THE CLASS SYSTEM
First, we set the scene.
Students may join the Z class providing the class is not full. Those who successfully
complete all the assignments may leave with a certificate.
We are not concerned with details such as students' number, name, date of birth and so on.
So we introduce the basic type STUDENT as a given set.
[ STUDENT ]
There is a limit to the number of students who can join the class. To define this we first
introduce N, the set of all natural counting numbers including zero.
N == { n : Z | n ˘ 0 }
48
Then we define maxClassSize, the maximum number of students that can be in the class.
Here, we have set this size arbitrarily (for no special reason) to 20 even though its actual
value is not relevant.
maxClassSize : N
maxClassSize = 20
We model the class system as two sets of students. enrolled is the set of students who have
joined the class. passed is a subset of enrolled and represents the set of enrolled students who
have passed their assignments. The size of the class is constrained by maxClassSize.
Class
enrolled : F STUDENT
passed : F STUDENT
#enrolled ¯ maxClassSize
passed z enrolled
To begin with there are no enrolled students and no student has passed.
InitClass
Class
enrolled = 0
passed = 0
49
A student may join the class if the class is not already full and if the student has not already
enrolled. A new student cannot have passed all their assignments.
EnrolOk
DClass
student? : STUDENT
#enrolled < maxClassSize
student? ‰ enrolled
enrolled' = enrolled U { student? }
passed' = passed
The ? in student? means input.
An existing student is transferred to the passed set provided they have passed all their
assignments and have not already been transferred. Every student in passed must also be in
enrolled.
CompleteOk
DClass
student? : STUDENT
student? e enrolled
student? ‰ passed
enrolled' = enrolled
passed' = passed U { student? }
Only those existing students who have passed may leave with a certificate.
LeaveWithCertificateOk
DClass
student? : STUDENT
student? e passed
enrolled' = enrolled \ { student? }
passed' = passed \ { student? }
50
EXERCISE 8.1
1 Explain each line of Z introduced so far in Section 8.1 above as if to a beginning Access
student.
2 Write and explain the schema LeaveWithoutCertificateOk that specifies the process of a
student leaving the class without having passed all their assignments.
3 Write and explain the schema ReportNumberEnrolled that outputs the number of students
who are currently enrolled.
8.2 FREE TYPE DEFINITION
In Section 8.1 above, in which we introduced the Class system, we were concerned with the
simple, straightforward, no problem scenarios. For example, we did not concern ourselves
with the possibility that the class is full and so no one can be enrolled on it. We ignored the
possibility that a student could be enrolled twice. We ignored the possibility that a student
who is not enrolled could be transferred to the passed set. We now address these error
scenarios.
First, we draw up a table of pre-conditions, the set of states for which successful outcomes
are defined. We add on to that table the conditions for failure.
Schema
EnrolOk
CompleteOk
LeaveWithCertificate
Pre-condition for
success
#enrolled < maxClassSize
student? ‰ enrolled
student? ee enrolled
student? ‰ passed
student? e passed
Conditions for failure
class is full: #enrolled ˘ maxClassSize
student already enrolled: student? e enrolled
student not enrolled: student? ‰ enrolled
student already passed: student? e passed
student not passed: student? ‰ passed
Then, in a free type definition, we define REPORT to be the set of values that describe either
a schema's success or the reasons for its failure.
REPORT ::= success | classFull | alreadyEnrolled | notEnrolled | alreadyPassed | notPassed
::= stands for free type definition. The | separates one element from the next. A variable of
type REPORT has a value drawn from the given list. Notice that each element name begins
with a lower case letter and contains no spaces.
51
EXERCISE 8.2
1 For the schema LeaveWithoutCertificateOk written in Exercise 8.1 above define and
explain
a the pre-conditions for success
b the conditions for failure
2 extend the REPORT type defined in Section 8.2 above to include the reasons why the
LeaveWithoutCertificateOk process could fail.
8.3 SUCCESS AND ERROR SCHEMAS
The Success schema has just one declaration and one predicate. It will be combined with
other schemas to indicate their successful outcome.
Success
report! : REPORT
report! = success
We define a schema for each identified error case. We do not expect an error case to update
any system variables.
The class is full if the number of enrolled students has reached (or by some mistake has
exceeded) the maximum class size.
ClassFull
XClass
report! : REPORT
#enrolled ˘ maxClassSize
report! = classFull
52
A student cannot be enrolled again if they are already enrolled.
AlreadyEnrolled
XClass
student? : STUDENT
report! : REPORT
student? e enrolled
report! = alreadyEnrolled
If a student is not enrolled they cannot be passed.
NotEnrolled
XClass
student? : STUDENT
report! : REPORT
student? ‰ enrolled
report! = notEnrolled
The same student cannot be passed twice.
AlreadyPassed
XClass
student? : STUDENT
report! : REPORT
student? e passed
report! = alreadyPassed
53
A student who has not passed cannot leave with a certificate.
NotPassed
XClass
student? : STUDENT
report! : REPORT
student? ‰ passed
report! = notPassed
EXERCISE 8.2
Explain each line of Z introduced in Section 8.3 above, as if to a beginning Access student.
8.4 SCHEMA CALCULUS
We use conjunction (and) to combine two schemas.
EnrolOk ¶ Success
Say enrol ok and success.
We use disjunction (or) to represent alternatives.
(EnrolOk ¶ Success) v classFull v alreadyEnrolled
Say enrol ok and success, or class full, or already enrolled.
Now we can define the total, complete version of the enrol process.
Enrol Í (EnrolOk ¶ Success) v classFull v alreadyEnrolled
Í stands for schema definition. So, the Enrol schema is defined to be EnrolOk and Success,
or ClassFull, or AlreadyEnrolled.
54
Similarly,
Complete Í (CompleteOk ¶ Success) v NotEnrolled v AlreadyPassed
LeaveWithCertificate Í (LeaveWithCertificateOk ¶ Success) v NotPassed
EXERCISE 8.3
1 Explain each line of Z introduced in Section 8.4 above, as if to a beginning Access student.
2 Write and explain the total process LeaveWithoutCertificate.
3 A hotel maintains a record of the current state of its rooms, whether occupied or not. Write
and explain a Z specification for the system described below.
Use Case: Commission
Purpose: to add a new room to the hotels rooms for guests system
Pre-conditions: the room has not already been added
Initiating Actor: accommodation manager
1 manager inputs details of the new room
2 system confirms new room added
3 exit success
Exceptions
2a room already in the system
2a1 exit failure
Use Case: Occupy
Purpose: to inform the system that a room is now occupied by a hotel guest
Pre-conditions: the room is in the hotel rooms for guests system
the room is not currently occupied
Initiating Actor: receptionist
1 receptionist inputs room
2 system confirms room now occupied
3 exit success
Exceptions
2a room not in the system
2a1 exit failure
2b room already occupied
2b1 exit failure
55
Use Case: Vacate
Purpose: to inform the system that a room is now vacant
Pre-conditions: the room is in the hotel rooms for guests system
the room is currently occupied
Initiating Actor: receptionist
1 receptionist inputs room
2 system confirms room now vacant
3 exit success
Exceptions
2a room not in the system
2a1 exit failure
2b room already vacant
2b1 exit failure
Notes
A use case describes a sequence of interactions between a system and its users. The users are
known as actors. Exceptions are the error scenarios - what can go wrong. The pre-conditions
of a use case describe the set of states for which the successful outcome is defined. The precondition for the add a new room use case, Commission, is that the room has not already been
added.
REVIEW
We defined a class of students system in terms of two sets, enrolled and passed, where
passed is a subset of enrolled. We looked at the error cases that could occur and expressed
them in a table of pre-conditions and in schemas. We combined schemas using conjunction
and disjunction to form larger, more complete schemas.
Next, we look at binary relations.
BIBLIOGRAPHY
JONES and WORDSWORTH, both cited in BARDEN et al, described the classic two sets
pattern used in the Class system example.
BARDEN R., STEPNEY S. & COOPER D 1994 Z In Practice Prentice Hall pp 126, 166
JACKY J. 1997 The Way of Z Cambridge University Press pp 122
JONES C.B. 1980 Software Development: a Rigorous Approach Prentice Hall
NORCLIFFE A & SLATER G 1991 Mathematics of Software Construction Ellis Horwood
pp 50
WORDSWORTH J.B. 1992 Software Development with Z Addison-Wesley
56
9 BINARY RELATIONS
INTRODUCTION
We find pairs of objects all around us: wives and their husbands, friends and their telephone
numbers, students and the subjects they study, customers and their bank accounts, guests and
their hotel reservations. We see that a binary relation is just a set of ordered pairs. We see
how the first and second functions split an ordered pair into its coordinates. We look at the
domain and range, and the source and target, of a binary relation.. We see how domain and
range restriction work like database queries. We see how relational image works like a table
lookup. We look at the inverse function. We see how two binary relations may be composed
to form a third binary relation.
9.1 BINARY RELATIONS
A binary relation is just a set of pairs.
a pair
{ (madge, homer), (wilma, fred) }
{ (kylie, 1), (kylie, 2), (robbie, 3) }
{ (sue, formalMethods), (sam, formalMethods), (tim, maths) }
We can use the usual set operations on binary pairs.
{ (1, a), (2, b) } U { (2, b), (3, c) } = { (1, a), (2, b), (3, c) }
{ (1, a), (2, b) } I { (2, b), (3, c) } = { (2, b) }
{ (1, a), (2, b) } \ { (2, b) (3, c) } = { (1, a) }
#{ (1, a), (2, b), (3, c) } = 3
Each element in a binary relation is a pair of objects.
EXERCISE 9.1
1 Describe five further examples of binary relations.
2 Evaluate
a
b
c
d
{ (a, x), (b, y) } U { (a, z), (b, w) }
{ (a, x), (b, y) } I { (a, z), (b, y) }
{ (a, x), (b, y) } \ { (a, x), (b, w) }
#{ (a, x), (b, y), (c, z), (d, w) }
57
9.2 FIRST AND SECOND
Each element in a binary relation is a pair of objects, e.g. (madge, homer).
(madge, homer) is not the same pair as (homer, madge). Order matters.
The ordered pair (madge, homer) may be written as madge å homer. This is known as
maplet notation, and madge å homer is known as a maplet.
(madge, homer) = madge å homer
In general, we use maplet notation to represent an element in a binary relation, we use
coordinate notation to represent a pair by itself.
partners = { madge å homer, wilma å fred) }
aPair = (madge, homer)
The Z functions first and second split an ordered pair into its first and second coordinates.
first (madge, homer) = madge
second (madge, homer) = homer
first and second are known as the projection functions for ordered pairs.
EXERCISE 9.2
Evaluate (first(a, 1), second(a, 1))
58
9.3 DOMAIN AND RANGE
Look at this binary relation:
{ 1 å a, 2 å b, 3 å c }
The set formed by all the the first coordinates
{ 1, 2, 3 }
is known as its domain. We write
dom { 1 å a, 2 å b, 3 å c } = { 1, 2, 3 }
where dom is Z for domain.
The set formed by all the second coordinates
{ a, b, c }
is known as its range. We write
ran { 1 å a, 2 å b, 3 å c } = { a, b, c }
where ran is Z for range.
EXERCISE 9.3
Evaluate
a dom { A301 å office, a302 å classRoom, A303 å lab, A304 å classRoom }
b ran { A301 å office, a302 å classRoom, A303 å lab, A304 å classRoom }
c dom { terry å Access, garry å ECDL, kanti å ALevel, kanti åHND }
d ran { terry å Access, garry å ECDL, kanti å ALevel, kanti åHND }
e dom { richardI å 1921, richardII å 1952, richardIII å 1976 }
f ran { richardI å 1921, richardII å 1952, richardIII å 1976 }
59
9.4 SOURCE AND TARGET
Look at the binary relation shown below.
{ 1 å 23, 2 å 29, 3 å 31, 4 å 37, 5 å 41 }
Its domain is 1..5, a subset of Z. A domain is a subset of its source.
dom { 1 å 23, 2 å 29, 3 å 31, 4 å 37, 5 å 41 } z Z
source
The range of { 1 å 23, 2 å 29, 3 å 31, 4 å 37, 5 å 41 } is { 23, 29, 31, 37, 41 } and is also
a subset of Z. A range is a subset of its target.
ran { 1 å 23, 2 å 29, 3 å 31, 4 å 37, 5 å 41 } z Z
target
60
9.5 DECLARING A BINARY RELATION
We introduce as given types the set of all dates and the set of all people.
[ DATE, PERSON ]
We define appointments as a binary relation from DATE to PERSON like this:
appointments : DATE j PERSON
appointments = { 7Nov å tom, 7Nov å ann, 8Nov å jerry }
j is the binary relation operator. Even though it looks like a double-headed arrow, it
associates from left to right.
EXERCISE 9.4
Introduce appropriate types and declare the binary relations described below, and give an
example of an element in each binary relation
a debtors and the money they owe
b driving instructors and their pupils
c owners and their horses
d students and the subjects they study
e authors and the titles of the books they have had published
61
9.6 DOMAIN RESTRICTION
Domain restriction works like a database query, a bit like using an internet search engine to
list all entries that contain the phrase "Z Notation". You might get many entries listed, or
none at all.
Look at this binary relation:
{ 1 å a, 2 å b, 3 å c }
Its domain is { 1, 2, 3 }
If we restrict the binary relation so that its domain is { 2 } we get
{2åb}
We write
{ 2 } r { 1 å a, 2 å b, 3 å c } = { 2 å b }
where r means domain restriction. r is known as the domain restriction operator.
The domain restriction operator defines a subset of a given binary relation. For example:
{ 4 } r { 1 å a, 2 å b, 3 å c } = { }
{ 1, 3 } r { 1 å a, 2 å b, 3 å c } = { 1 å a, 3 å c }
62
9.7 RANGE RESTRICTION
Look at this binary relation:
{ 1 å a, 2 å b, 3 å c }
Its range is { a, b, c }.
If we restrict the binary relation so that its range is { b } we get
{2åb}
We write
{ 1 å a, 2 å b, 3 å c } t { b } = { 2 å b }
where t means range restriction. t is known as the range restriction operator.
The range restriction operator defines a subset of a given binary relation. For example:
{ 1 å a, 2 å b, 3 å c } t { d } = { }
{ 1 å a, 2 å b, 3 å c } t { a, c } = { 1 å a, 3 å c }
EXERCISE 9.5
1 Evaluate
a { A, C }r { A å carrots, B1 å pasta, C å potatoes, C å tomatoes, D å milk }
b { redå1, brownå2, greenå3, yellowåfour, blueå5, pinkå6, blackå7 } t 3..5
c { king } r { pawn å 1, rook å 5, knight å 3, bishop å 3, queen å 9 }
d { pawn å 1, rook å 5, knight å 3, bishop å 3, queen å 9 }t { n : Z | n > 3 }
2 Given R = { 1 å a, 2 å b, 3 å c }, X = { 1, 2, 3 } and A = { 1, 3 } evaluate (X \ A)r R
63
9.8 RELATIONAL IMAGE
The relational image operator works like a table look-up. For example, look at this table:
colour
red
brown
green
yellow
blue
pink
black
value
1
4
3
2
5
6
7
You ask: what is blue's numerical value? You look down the table and see that it is 5.
Look at this binary relation.
{ 1 å a, 2 å b, 3 å c }
What is the second coordinate of the pair whose first coordinate is 2? The answer is b.
We write
{ 1 å a, 2 å b, 3 å c } · { 2 } ‚ = { b }
where · ... ‚ is the relational image operator. You provide a subset of a binary relation's
source, it gives you the corresponding elements in the binary relation's range. For example:
{ 1 å a, 2 å b, 3 å c } · { 4 } ‚ = { }
{ 1 å a, 2 å b, 3 å c } · { 1, 3 } ‚ = { a, c }
64
EXERCISE 9.6
1 Evaluate
a { eatsMeat å tom, vegetarian å ann, eatsMeat å jerry } · { eatsMeat } ‚
b { 65 å A, 66 å B, 67 å C, 68 å D, 69 å E } · { 65, 67, 69 } ‚
c { tea å50, coffee å 75, hotChocolate å 75 } · { soup } ‚
d { tom å 12:00, ann å 12:20, jerry å 12:40 } · { ann } ‚
e { 1 å 2, 2 å 3, 3 å 5, 4 å 7, 5 å 11 } · 1..5 ‚
2 If R = { (1, a), (2, b), (3, c), (4, d), (5, e) } and S = 2..4 evaluate
a R·S‚
b ran(S r R)
What do you notice about your answers to 2a and 2b above?
65
9.9 INVERSE
The binary relation symbol, j, associates from left to right. We introduce as a given type
DRINK, the set of all drinks. We define costs as a binary relation from drink to price.
costs : DRINK j Z
costs = { tea å50, coffee å 75, hotChocolate å 75, soup å 75 }
So, for example, tea costs 50 pence.
If we reversed the binary relation, if we made it from price to drink and called it buys, so, for
example, 50 pence buys tea:
buys : Z j DRINK
buys = { 50 å tea, 75 å coffee, 75 å hotChocolate, 75 å soup }
then buys is the inverse of costs. We write
costs~ = buys
(say costs inverse equals buys). ~ (tilde) is the inverse operator. The inverse of a binary
relation is another binary relation with the coordinates of their ordered pairs reversed.
66
EXERCISE 9.7
1 Given [ PERSON, EMAIL ] the set of all people and the set of all e-mail addresses, and
hasAddress : PERSON j EMAIL
hasAddress = { terry å [email protected], garry å [email protected],
kanti å [email protected], terry å [email protected],
garry å [email protected]
}
evaluate
a hasAddress~
b { terry } r hasAddress
c hasAddress · { terry }‚
d dom (hasAddress \ { terry, kanti })r hasAddress
e hasAddress t (ran hasAddress \ { xmail.com, basucks.com })
2 We introduce the type NAME, the set of all people's names, and define
alias : NAME jNAME
alias = { tom å dopey, sam å dozy, stu å dreamy, tom å sleepy, sam å titch }
evaluate
a alias~
b alias t { dozy, dreamy }
c alias · { tom, sam } ‚
d alias · { sue }‚‚
e alias~· { dreamy, dozy } ‚
f (dom alias \ { tom, sam }) r alias
67
9.9 COMPOSITION
Given the types
[ PERSON, ROOM ]
the set of all persons and rooms respectively, look at the two binary relations, hasPhone and
phoneInRoom, given below.
hasPhone : PERSON j Z
hasPhone = { roy å317, tom å 208, tom å 209, jim å326, lee å 225 }
phoneInRoom : Z j ROOM
phoneInRoom = { 317 å A306, 208 å A39, 209 å A39, 326 å A306,
225 å A39 }
roy has phone 317 that is in room A306. Therefore, we can conclude that roy is in room
A306. Starting from PERSON we can reach ROOM via Z (their phone number).
The composition of two binary relations is another binary relation where the range of one is a
subset of the domain of the other.
ran hasPhone z dom phoneInRoom
We write
hasPhone ; phoneInRoom = { roy å A306, tom å A39, jim å A306, lee å A39 }
68
EXERCISE 9.8
In a horse trials competition, an owner may enter more than one horse and a rider may ride
more than one horse. Given the types [ OWNER, HORSE, RIDER ] and the binary relations
entered : OWNER j HORSE
entered = { sam å merryTom, sam å jumpingJack, pam å hissingSid,
jan å ticTac, tel å isAGas }
riddenBy : HORSE j RIDER
riddenBy = merryTom å jones, ticTac å jan, jumpingJack å french,
isAGas å jan, hissingSid å fraser }
write down the contents of ridesFor when ridesFor = riddenBy~ ; entered~
REVIEW
We find pairs of objects all around us: wives and their husbands, friends and their telephone
numbers, students and the subjects they study, customers and their bank accounts, guests and
their hotel reservations. We noted that a binary relation is just a set of ordered pairs. We
saw how the first and second functions extracted the first and second coordinates of an
ordered pair. We saw how domain and range restriction work like database queries. We saw
how relational image works like a table lookup. We looked at the inverse and composition
functions.
BIBLIOGRAPHY
BARDEN R., STEPNEY S. & COOPER D. 1994 Z in Practice Prentice Hall Hemel
Hempstead UK pp 57, 179
JACKY J. 1997 The Way of Z Cambridge University Press Cambridge UK pp 82
SPIVEY J.M. 1992 The Z Notation Prentice Hall Hemel Hempstead UK pp 93, 95
WOODCOCK J. & DAVIES J 1996 Using Z Prentice Hall Hemel Hempstead UK pp 83

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz