Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Z NOTES 1 SETS
Sets are the foundation of all mathematics and our attempts to describe the world about us.
We look at the properties of sets and some simple ways of describing them. We explain that a
CONTENTS set is a collection of similar objects. We see how to display a set. We see that a set has no
duplicates and no order. We examine a convention for naming sets. We look at some
1 Sets standard sets. We learn how to define number ranges. We examine the concepts of
2 Basic Types cardinality, membership and equality.
3 The Integer Type
4 Predicates
5 Schemas
6 Set Types 1.1 OBJECTS AND SETS
7 Set Operations
8 Schema Calculus An object is anything we can see, smell, hear, taste, touch or think about. A collection of
9 Binary Relations similar objects is called a set. Examples of sets include
the collection of people who have enrolled on this year's Access course
the collection of leap years since 1986
the collection of three letter passwords that can be generated from the letters a, b
and c
EXERCISE 1.1
One way to describe a set is to list its contents. For example: If a set has too many members to conveniently list, we can simply give them descriptive
names.
We use curly brackets to separate the list from its surroundings. The objects that make up a
set are known as its elements or members. We separate one member from the next by a We follow the convention that names we choose for our sets
comma.
Describing a set by listing its contents is called set display. are written entirely in capital letters - PERSON not Person
are singular - PASSWORD not PASSWORDS
A set is defined by its contents alone. So the order in which you write the elements in a set do not contain spaces, underscores or hyphens - LEAPYEAR not LEAP YEAR
display is not important. It makes no sense to talk about the first or last element in a set, or to
say that one element comes before another.
EXERCISE 1.3
{ tom, anne, jerry } is the same as { anne, jerry, tom }
Evaluate the names for the set of book titles shown below against the convention for naming
sets described in section 1.3 above.
If two elements in a set are the same, the repeated element is ignored. Writing the same
element more than once is harmless but confusing. So we leave out repeats. 1 BOOKTITLE
2 BOOK TITLE
{ tom, tom, jerry, anne } is better written { tom, jerry, anne }
3 BookTitle
4 BOOK_TITLE
EXERCISE 1.2
5 BOOKTITLES
Use set display notation to describe the sets given below.
Some sets have names already assigned to them. If a sequence of integers form a set, we can use number range notation.
(say fat zed) - the set of all whole numbers, negative, zero and positive. -1, 0, 1 are
members of this set. 1..7 (say 1 up to 7) is the set of all integers between 1 and 7 inclusive.
(say fat en) - the set of natural numbers including zero. 0, 1, 2 are members of this set.
1..7 is the set { 1, 2, 3, 4, 5, 6, 7 }. Note that there are just two dots between the two integers
- the empty set, the set with no members. Think of an empty bag - there is nothing in it. that mark the beginning and end of the sequence.
Z and are not the same thing. Z is the name of a notation that uses maths to specify
computer systems. is the set of all whole numbers. Whole numbers are also known as EXERCISE 1.5
integers.
Use number-range notation to define the sets described below.
1 the number of people who may be allowed in a lift if its capacity is five people.
EXERCISE 1.4
2 the set of hours used in 24-hour clock notation.
Explain the difference between
3 the set of numbers that define any person's age in years.
1 Z and
2 and {}
7 8
Some sets contain more members than we can count. Think of , the set of all possible If we look at the set { 1988, 1992, 1996, 2000, 2004 } we can see that 2000 is an element of
integers for example. No matter how many we count, there is always another one to be the set but 2001 is not. We write
counted. Such sets are called infinite sets.
Some sets contain a finite number of elements - we can count the number of elements they 2000 { 1988, 1992, 1996, 2000, 2004 }
contain. Look at the set { tom, anne, jerry }. We can see it has three elements.
The number of elements in a finite set is known as its cardinality. The symbol for cardinality where means is-a-member-of
is #. So for example:
And
#{ tom, anne, jerry } = 3
#{ 1988, 1992, 1996, 2000, 2004 } = 5 2001 { 1988, 1992, 1996, 2000, 2004 }
EXERCISE 1.7
EXERCISE 1.6
Which of the following expressions are true and which are false? Explain why.
State the value of
1 end { if, else, while, repeat, until, end }
1 #{ spaceKey, tabKey, returnKey, arrowKey, functionKey }
2 Key { spaceKey, tabKey, returnKey, arrowKey, functionKey }
2 #
3 0
3 #
4 3.142
5 -1
9 10
Two sets are equal if they both have exactly the same elements. For example We defined what a set is - a collection of similar objects. We saw how to display a set. We
learned that a set has no duplicates and no order. We saw how to choose names for a set. We
looked at some standard sets. We learned how to define number ranges. We examined the
{ 1988, 1992, 1996, 2000, 2004 } = { 2000, 1996, 1988, 2004, 1992 } concepts of cardinality, membership and equality.
But if two sets do not have exactly the same elements, they are not equal. For example
BIBLIOGRAPHY
{ 1988, 1992, 1996, 2000, 2004 } { 1988, 1992, 1996, 2000 } BARDEN R., STEPNEY S. & COOPER D. 1994 Z in Practice Prentice Hall pp 377
JACKY J 1997 The Way of Z Cambridge pp 63
SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 25, 111
are not equal because 2004 is a member of one set but not the other. WOODCOCK J. & DAVIES J. 1996 Using Z: Specification, Refinement & Proof Prentice
Hall pp 57, 112
means is-not-the-same-as.
EXERCISE 1.8
Which of the following expressions are true and which are false? Explain why.
1 { robin, thrush, starling, sparrow, blackbird } = { wren, swallow, hawk, crow, magpie }
2 { 0, 1 } { 1, 0 }
3 { 1, 2, 4, 8, 16 } = { 16, 8, 4, 2, 1 }
11 12
1 Explain what is meant by the term abstraction. Illustrate your explanation with an
INTRODUCTION example.
In the last chapter we looked at sets and some of their properties. We noted that elements in a 2 We are looking at defining a video rental system. A video has a title and a subject by
set are similar. It is this similarity that we focus on in this chapter. which it is classified. We do not need to know anything about the internal details of titles
and subjects. Introduce titles and subjects as given sets.
To help describe the world about us, we classify objects into sets called types. We go on to
look at how we can represent any element in a set, no matter how large that set is. We look at 3 Each room in a hotel is given a number or a name. No two rooms have the same number
the properties of variables. or name. Since the number or name uniquely identifies a room, introduce room id as a
given set.
We see the importance of types in detecting errors and inconsistencies.
2.2 DECLARATIONS
2.1 BASIC TYPES
PERSON, the set of all possible people on this planet, is pretty large. If we want to refer to
There is just one inbuilt type that is part of the Z Notation; it is , the set of all integers. We just one of them we write
define all other types ourselves. We are in charge here.
We use a basic type when we want to just focus on essentials and hold off looking at details. aPerson : PERSON
For example, a person has a name, a date of birth and an address. If we do not need to be
concerned with details such as title, forename, middle names and surname, we introduce the
type NAME, the set of all possible names. If we do not need to bother with days, months, aPerson represents just one, any one, of all the possible elements in PERSON.
years and calendars (e.g. Chinese, Bengali and Gregorian) we introduce the type DATE, the
set of all possible dates. If we do not need to bother with house number, street, city and aPerson : PERSON is an example of a declaration. A declaration has two parts.
postcode, we introduce the type ADDRESS, the set of all postal addresses. Focussing on
essentials is called abstraction. To the right of the colon is the name of a set; this name is PERSON.
To define basic types of our own choosing we just list them (in alphabetical order) as given To the left of the colon is a name for any element from that set; this name is aPerson. Since
sets between square brackets, and explain what we mean by them. For example: we do not necessarily know which element aPerson represents, aPerson is called a variable.
We introduce as given sets ADDRESS, DATE and NAME. ADDRESS is the set of all postal A variable has a name (e.g. aPerson) a type (e.g. PERSON) and a value taken from the type.
addresses anywhere. DATE, the set of all possible dates in all possible calendars. NAME is
the set of all names in full that any person might have. Look at this declaration.
The name of the variable is aPersonsAge. Its type is because the values 0, 1, 2, and so on
up to 130 are all elements from the larger set . We think of a type as an inclusive set. Each
element in the same set has the same type.
13 14
We cannot make a variable declaration if its type has not yet been introduced. For example, 2.3 NAMING VARIABLES
we cannot declare
We choose our own names for variables. We choose descriptive names whenever clarity is
required. For example.
aRoom : ROOM
EXERCISE 2.2 We follow the convention that names we choose for our variables
1 An employee has an annual salary that is always a whole number of pounds. Declare a
variable to represent an employee's annual salary. start with a lower case letter - person not Person
are written entirely in lower case except the first letter of each word in the name -
2 My car's thermometer displays air temperature to the nearest 0.5 degree Celsius. Thinking aPersonsAge not apersonsage
that 18.5 degrees C could be represented by 185, and 19 degrees by 190, declare a variable do not contain spaces, underscores or hyphens - anAddress not an Address
to represent the temperature displayed by my car's thermometer.
3 The printable characters found on a keyboard include letters of the alphabet, e.g. a, b, c, X, Writing variable names in a mixture of lower and upper case (capital) letters helps us to tell
Y, Z, digits e.g. 1, 2, 3, symbols e.g. /, >, &, and white space such as tab and spacebar. them apart from type names, which are written entirely in upper case.
Introduce a suitable type and declare a variable that could represent one of these printable
characters.
4 In an office supplies catalogue, items of stationery are identified by their catalogue EXERCISE 2.3
number. Introduce suitable types and declare variables that could represent items of
stationery and their catalogue numbers. Evaluate the variable names shown below against the convention for naming variables
described in section 2.3 above.
5 Snakes and Ladders is a game played on a board of 100 squares, numbered 1 to 100.
Declare a variable that could represent the position of a square on the board. 1 numberOfPersons : 0..5
2 NumberOfPersons : 0..5
4 NUMBEROFPERSONS : 0..5
5 n : 0..5
15 16
Every Z object is a type of one kind or another. This is important because it helps us discover We have seen that a basic type is a given set name. We think of a type as being an inclusive
inconsistencies in what we write. set. We noted that all the elements of a set belong to the same type.
For example, given the type We looked at declarations. A declaration introduces a variable and associates it with a type.
p, q : PERSON
r:
BIBLIOGRAPHY
p = q is consistent because both p and q are variables of type PERSON. BOTTACI L & JONES J. 1995 Formal Specification Using Z Thompson pp 139
JACKY J. 1997 The Way of Z Cambridge University Press pp 64
But to say p = r is a nonsense because p is of type PERSON and r is of type integer. How NORCLIFFE A. & SLATER G. 1991 Mathematics of Software Construction Ellis Horwood
can you say that a person and an integer are the same object? pp 43
SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 7, 24, 51
WOODCOCK J. & DAVIES J. 1996 Using Z: Specification, Refinement and Proof Prentice
Hall pp 70
EXERCISE 2.4
2 Given CHARACTER is the set of all printable characters found on any computer keyboard
for any country,
[ CHARACTER ]
ch : CHARACTER
ch
capacity :
capacity = 5
17 18
We may remember from our days at junior school, before we learned about decimal points
and how to use a calculator, that
INTRODUCTION
In the last chapter we looked at types. A type is an inclusive set and all the elements of a set 7 3 = 2 remainder 1 [ because 7 = 3 2+1]
belong to the same type. We looked at declarations. A declaration introduces a variable and
associates it with a type. We looked at how consideration of types helps us to detect
inconsistencies and errors. div (for integer division) works in a similar way to but without the remainder. So
Now we go on to look at the integer type in more detail. We review the arithmetic operations
+, - and *, div and mod. We introduce max and min. We look at the numerical comparison 7 div 3 = 2
operators <, , > and . And we look at rules of precedence.
div gives the integer result after dividing one integer by another. Any remainder or fractional
part is truncated, cut off and lost.
3.1 THE ARITHMETIC OPERATORS
mod (for modulo) works in a way similar to remainder. So
The type is the set of all possible integers.
7 mod 3 = 1
... -3, -2, -1, 0, 1, 2, 3, ...
mod gives the integer remainder after dividing one integer by another.
We can add two integers together. 7 + 3 = 10
We remember that division by zero is not defined. So both
We can subtract one from another. 10 - 7 = 3
7 - 10 = -3
7 div 0 and 7 mod 0
We can multiply two integers. 7 * 3 = 21 [ * means multiply ]
But we have a problem with division. 7 / 3 = 2.3333 [ 21/3 = 2.3333 ] have no defined answer.
2.3333 is not an integer. div and mod are part of the Z Notation.
Z provides the div and mod operators so the problem does not arise.
EXERCISE 3.1
1 Evaluate
2 Evaluate
Precedence is the order in which operations are always carried out. In arithmetic: Z also provides the max and min operators. max gives the largest value in a non-empty set of
integers, and min the least value. For example:
brackets have the highest priority
then *, div and mod in the order written from left to right max{ 11, 7, 13, 3, 5 } = 13
then + and - in the order written from left to right. min{11, 7, 13, 3, 5 } = 3
For example:
EXERCISE 3.3
(40 - 32) * 5 div 9 = 8 * 5 div 9 [ brackets first ]
= 40 div 9 [ multiply ] Evaluate
= 4 [ integer division ]
1 min{ -1, 0, 1 }
2 max{ 3, 4, 7, 1, 2 }
EXERCISE 3.2
3 max{ }
Evaluate
1 5+7*9
2 (5 + 7) * 9
4 Given the declaration n : and the observation n div 2 = 0, what can you conclude about
n?
40% is a critical mark in some exams. A mark of 40 or more is a pass. A mark of 39 or less 1 Given the declaration n : and that n 0 and n < 10 are both true, write down the set of
is a fail. The boundary between fail and pass is shown on the number line below. values that n belongs to.
2 Given the declaration n : and that n div 10 > 0 and n div 10 20 are both true, write
number line down the set of values that n belongs to.
37 38 39 40 41 42 43
3 Given the declaration n : and that n < 0 and n > 9 are both true, what can you conclude
fail pass
about the values of n?
And
BIBLIOGRAPHY
40 > 39 is true SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 108
39 > 40 is false
39 40 is true
40 40 is true
41 40 is false
And
40 39 is true
40 40 is true
40 41 is false
23 24
4 PREDICATES above is the set of all integers greater than zero, that is, the set of natural counting numbers
from one upwards.
INTRODUCTION
{ n: | n > 0 } = { 1, 2, 3, ... } [ Note: the ... is not Z. It means and so on.
In the last chapter we looked at the integer type. We reviewed the arithmetic operations +, - We write it to help our understanding. ]
and *, div and mod. We introduced max and min. We looked at the numerical comparison
operators <, , > and . And we looked at rules of precedence for the arithmetic operations. We define a predicate in terms of the set of objects that satisfy it.
Now we see how the values of variables may be constrained by predicates and how satisfying Look at this example.
a predicate defines a set. The types of predicate we shall discuss include
{n: |n 1..5 } = { 1, 2, 3, 4, 5 }
=, equals and membership
<, > relations: less than and more than
, connectives: conjunction (and) and disjunction (or) The declaration n : is the source. The predicate n 1..5 is the filter. It says n is a member
of the set of integers from 1 up to 5 inclusive. Only elements from that satisfy the
predicate pass through the filter .
4.1 PREDICATES A predicate puts a constraint on the values a variable might have. For example
n>0
EXERCISE 4.1
n > 0 is an example of a predicate. Values 1, 2, 3, ... and so on are said to satisfy the
predicate n > 0, i.e. make n > 0 true. Using set display notation write out the contents of the sets defined below. If the set is too
large to conveniently list, write down just five elements from the set.
Putting the declaration and predicate together, as shown below, specifies a set.
a {n: |n 0}
c { n : 1..9 | n mod 2 = 0 }
The declaration and predicate parts are separated by a | symbol. The declaration to the left of
the | is the source of the elements of the set. The predicate to the right of the | is like a filter: d { h : 0..23 | h < 12 }
only elements whose values are more than zero pass through the filter. The set just defined
25 26
4.2 THE CONNECTIVES Here are two small predicates that say n is less than 1 and n is more than 5.
The connectives include conjunction (and) and disjunction (or). They allow us to connect
smaller predicates together to form larger ones. n<1
n>5
For example, given the declaration n : , here are two small predicates that say n is more than
zero and n is less than 6.
Now join them together with , meaning or.
n>0
n<6 n<1 n>5
Now join them together with a , which means and-at-the-same-time. We then have a composite predicate known as a disjunction. The predicate is true if either n
is less than 1 or n is more than 5.
n>0 n<6
{n: |n<1 n > 5 } = { ..., -2, -1, 0, 6, 7, 8, ...}
number line
-2 -1 0 1 2 3 4 5 6 7
n>0 n<6
number line It is easy to remember what the two symbols and mean when you notice that the looks
... -1 0 1 2 3 4 5 6 ... a bit like the A in And.
EXERCISE 4.2
Using set display notation enumerate (list) the contents of the sets defined below. If the set is
too large to enumerate then list just five elements from the set.
a {n: |n -1 n 1}
b {d: |d 1 d 7}
5 SCHEMAS
REVIEW
We saw how the values of variables may be constrained by predicates. We saw how to define
a predicate in terms of the set of objects that satisfy it. We discussed predicates including INTRODUCTION
=, equals and membership In the last chapter we saw how the values of variables may be constrained by predicates and
<, > the relations less than and more than how satisfying a predicate defines a set. The types of predicate discussed included
, the connectives conjunction and disjunction
Next we see how schemas describe computer systems, a named combination of declarations =, equals and membership
with predicates. <, > the relations less than and more than
, the connectives conjunction (and) and disjunction (or)
BIBLIOGRAPHY Now we see how to combine declarations and predicates into structures called schemas. A
schema represents a system's state. A collection of schemas models the behaviour of a
JACKY J. 1997 The Way of Z Cambridge University Press pp 63, 66, 74, 96 computer system. We look at pre-conditions.
SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 28, 67
WOODCOCK J. & DAVIES J Using Z: Specification, Refinement and Proof Prentice Hall
pp 28, 81
5.1 SYSTEM
The system we shall look at is a simple counter. A counter would be used, for example, to
count the number of vehicles passing a census point, the number of people entering a stadium
or the number of fleas in a bird's nest.
EXERCISE 5.1
The contents of a system's memory are called its state. For our counter system that would be Count and maximum are whole numbers. We could represent them as integers of type , but
the current value of the count together with the maximum it can reach. that will allow negative values for count and maximum. So we introduce (say fat N) as an
abbreviation for the set of all natural (integer) counting numbers including zero but excluding
We would have the initial state when the count is zero, maximum is 9999 (say). negative values.
We might have an interim state when the count is between zero and the maximum value that
Declaring in this way allows us to use the relational operators < and .> as well as =. The
count can have.
type of is .
Interim state: count = 147, maximum = 9999 If we had introduced as a given set like this
[ ]
We might have an end state when the count has reached it maximum value and cannot be
advanced any further. and if we had variables a, b : , then for sure we could write a = b, but we could not write,
for example, a < b. The only number type that is part of the Z Notation is .
End state: count = 9999, maximum = 9999
The == is known as the definition symbol. We cannot use = because its is reserved for the
equals predicate.
Effectively, the state of a system is the collection of values stored in its variables.
EXERCISE 5.3
EXERCISE 5.2 Introduce and define the set 1, the set of all natural counting numbers from 1 upwards,
excluding zero and negative numbers.
A cash point machine has a number of £10 notes available for issue to customers. Describe
three distinct states of the cash point machine.
31 32
A counter has just two variables, one that we shall name count, one that we shall name We describe the state the system is in when it is first started. The InitCounter schema defined
maximum. count can equal, but never exceed, maximum. Variables are derived from what an below describes the initial state of Counter.
object has.
A schema is a set of variables together with a set of predicates constraining those variables. InitCounter
A schema is drawn as an open box - see below. Counter
count = 0
Counter maximum = 9999
count :
maximum :
count maximum The line Counter says include all the variables defined in the Counter schema (count and
maximum in this instance) and all the predicates (count maximum in this instance).
InitCounter written out in full is shown below.
Our schema, named Counter and shown above, has two variables, count and maximum, and
one predicate count maximum. count is constrained to be a value between zero (because its InitCounter
count :
values are drawn from the set ) and maximum (whatever value that is) inclusive.
maximum :
We (nearly) always start schema names with an uppercase letter. A schema name cannot
contain spaces. count maximum
count = 0
The variables are declared above the line that separates declarations from predicates. The maximum = 9999
variables' scope is strictly confined to the schema. This means that you cannot refer
Counter's variables count and maximum outside the schema.
The predicates are described below the dividing line. If there were more than one predicate, The initial state is that count is zero, maximum is 9999. There is nothing special about 9999 -
they would all be joined by conjunction - the symbol is assumed - by default. it is a randomly chosen value.
The variables of a schema are described as its components. The predicates of a schema are We can see at a glance that the predicates are consistent - there are no contradictions.
described as its property.
The mechanism of schema inclusion, just by quoting the schema's name, allows us to
The schema shown is the system state schema. No matter what process we define, add 1 to
count, report on the value stored in count, subtract one from count, for example, we are
obliged to ensure that the predicate count maximum is always satisfied. concentrate on just a few things at a time
keep schemas small and simple
The schema that describes a system's variables, and predicates on those variables, is called a re-use pre-written schemas in different contexts or situations.
system state schema. It represents an object's state, the collection of values stored in its
variables at a moment in time. Its variables are called state variables.
The processes that we shall describe in other schemas both update and report the values
stored in the state variables, count and maximum.
33 34
The schema QueryCount shown below outputs the current value of count. Not only does a schema define and report on a system's state, it also describes changes in that
state.
QueryCount The value of count does not remain the same forever. From time to time the counter will be
Counter clicked and the value stored in count will be moved on. The Click schema shown below
count! : updates the count system state variable but leaves the maximum variable unchanged.
count! = count
Click
Counter
Counter (say Xi Counter) says include all the variables and predicates defined in the count < maximum
Counter schema; the values stored in these variables will not change. count' = count + 1
maximum' = maximum
The declaration count! : says count output is drawn from the set . The ! mark stands for
output.
Counter (say delta Counter) says
The predicate count! = count says count output is the same as the (system variable) count.
include all the variables and predicates defined in the Counter schema
the values stored in some (or all) of these variables may well change
decorate each variable with a ' to represent the state after an update has taken place
REVIEW
Click
count : We combined declarations and predicates into structures called schemas. We saw that a
maximum : schema represents a system's state. We saw how a collection of schemas models the
count' : behaviour of a computer system. We looked at an example of a pre-condition. Next we look
at set types. A set type variable represents a collection of similar objects.
maximum' :
count maximum
count < maximum BIBLIOGRAPHY
count' = count + 1
maximum' = maximum BARDEN R., STEPNEY S. & COOPER D 1994 Z In Practice Prentice Hall pp 370
JACKY J. 1997 The Way of Z Cambridge University Press pp 49, 122
SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 7, 28, 48, 82, 128
WOODCOCK J. & DAVIES 1996 Using Z: Specification, Refinement and Proof Prentice
count' = count + 1 says the updated value of count is the same as the original value of count Hall pp 203
plus one. So, for example, if count was 4, count' would be 5. count' and count are both the
same variable. The ' in count' means the state of count after an update has taken place.
maximum' = maximum says the value after an update is the same as the one before the update.
In other words, its value remains unchanged.
The essential requirement is that count maximum at all times. If count = maximum how can
count' = count + 1 be met? We need ensure that count is strictly less than maximum before
adding 1 to it. We do this by specifying the pre-condition
A pre-condition of an operation schema describes the set of states for which the outcome of
the operation is defined. In our Click operation schema, the set of states for which the
outcome is defined is count 1..9998. If count = 9999 for example, then the outcome of the
schema is undefined - we have no way of knowing what it will be; it could be anything.
EXERCISE 5.4
1 Write and fully explain a schema named Cancel, which undoes a Click operation. Does
the cancel operation have a pre-condition? If so, what is it? If not, why not?
2 Write and fully explain a set of schemas for the car park system described below.
A car park has a capacity - a limited number of spaces. A count is maintained of the number
of cars currently occupying spaces. When a car enters the car park, the count is increased.
When a car leaves the car park the count is decreased. The system outputs the number of
spaces left in the car park.
37 38
A subset is part of a set, a set within a set. A is a subset of B if every element in A is also in
INTRODUCTION B. We write
In Chapter One we looked at sets. In Chapter Two we looked at basic types and saw that a A B
type is itself a set. A variable of a basic type represents just a single element drawn from the
type set. Now we look at set types. A variable of a set type is itself a set and is used to where means is-a-subset-of. To illustrate the point we list all the subsets of { 1, 2, 3 }.
represent collections such as a class of students, a herd of cows and a set of hotel rooms. They are
x : {1,2,3}
where means is-a-proper-subset-of.
then x could be any one of the elements in
EXERCISE 6.1 { {}, {1}, {2}, {3}, {1,2}, {1,3}, {2,3}, {1,2,3} }
1 Which of the following expressions are true, which are false? Give reasons for your where each element is itself a set. x could be { } or { 1 } or { 2 } or { 3 } or { 1, 2 } or { 1, 3 }
answers. or { 2, 3 } or { 1, 2, 3 }.
a { mon, wed, fri } { tue, thu, sat, mon, wed, fri, sun } We say that x is a finite set of elements drawn from { 1, 2, 3 }. In short, x is a set.
b { key } { hotKey, deleteKey, escapeKey } Compare this with the declaration y : { 1, 2, 3 } which says y could be 1, or it could be 2, or it
could be 3, and nothing else. In short, y is a single value from the set { 1, 2, 3 }. The
c { 1, 2, 5, 7, 11 } { 11, 7, 5, 2, 1} difference in the two declarations is the presence or absence of fat .
1 List the possible values of b if b : { 0, 1 } Access students study a number of subjects. Types here could include
a a { a, b, c }
We might define
b {a} { a, b, c }
accessStudents : STUDENT
c {a} { a, b, c }
accessCourse : SUBJECT
EXERCISE 6.3
2 Given [ PERSON ] the set of all people, explain the difference between
3 A hotel system reserves rooms for guests from an arrival date to a departure date. Types
here could include
Declare and explain variables to represent a single hotel, a finite set of rooms, a single
reservation and a finite set of guests.
41 42
Next we look at the set operations union, intersection and difference. In Chapter One we looked at sets. In Chapter Six we looked at subsets and set types. Now
we look at the set operations union, intersection and difference and see how sets may be
combined to create new sets. We look at set operator precedence.
BIBLIOGRAPHY
JACKY J. 1997 The Way of Z Cambridge University Press pp 69 7.1 SET UNION
SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 90
The union of two sets is itself a set with all the elements from both sets combined.
{ 1, 2, 3, } { 2, 3, 4 } = { 1, 2, 3, 4 }
The union operator, , looks a bit like the u in union - only there is no tail.
EXERCISE 7.1
a { 1, 2, 3, 5, 8, 13 } { 3, 5, 7, 11, 13 }
The intersection of two sets is itself a set with elements that are common to both sets. The difference of two sets is itself a set with the elements of the second set removed from the
first set.
{ 1, 2, 3, } { 2, 3, 4 } = { 2, 3 }
{ 1, 2, 3, 4 } \ { 2, 3 } = { 1, 4 }
The intersection symbol, , looks a bit like the n in intersection, only there is no tail.
A useful trick here is to write out the first set, then cross out elements that are in the second
set. For example:
EXERCISE 7.2
{ a, c, b, d } \ { a, f, e, b } = { a, c, b d }
Evaluate each of the expressions shown below. = { c, d }
a { 1, 2, 3, 5, 8, 13 } { 3, 5, 7, 11, 13 }
EXERCISE 7.3
b { bigJ, littleJ, may, pat, alice } { tom, denise, may }
Evaluate each of the expressions shown below.
c { daisy, buttercup } { rani }
a { 1, 2, 3, 5, 8, 13 } \ { 3, 5, 7, 11, 13 }
d { daisy, buttercup } rani
b { bigJ, littleJ, may, pat, alice } \ { tom, denise, may }
Precedence is the priority given to operations; those with the highest priority are evaluated We looked at the set operations union, intersection and difference.
before those with the lower priority.
The union of { 1, 2, 3 } and { 2, 3, 4 } is { 1, 2, 3, 4 } - the combined elements from both sets.
brackets ( ) have the highest priority
The intersection of { 1, 2, 3 } and { 2, 3, 4 } is { 2, 3 } - the elements in common to both sets.
then intersection
The difference { 1, 2, 3, 4 } \ { 2, 3 } is { 1, 4 } - the elements from the first set with elements
then union and difference \ in the second set removed .
We looked at the order of precedence: brackets first, then intersection, then union and
difference in the order they are written.
EXERCISE 7.4
Next we look at the Schema Calculus - how to create larger schemas from smaller ones by
Evaluate each of the set expressions shown below. using conjunction and disjunction.
a { 1, 2, 3 } { 2, 3, 4 } { 3, 4, 5 }
BIBLIOGRAPHY
b ({ 1, 2, 3 } { 2, 3, 4 }) { 3, 4, 5 }
JACKY J. 1997 The Way of Z Cambridge University Press pp 73
c { 1, 2, 3 } { 2, 3, 4 } \ { 3, 4, 5 } SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 90
STEWART I 1975 Concepts of Modern Mathematics Penguin pp 50
d { 1, 2, 3 } \ { 2, 3, 4 } { 3, 4, 5 }
e { 2, 3, 4 } \ { 3, 4, 5 } { 1, 2, 3 }
47 48
8 SCHEMA CALCULUS Then we define maxClassSize, the maximum number of students that can be in the class.
Here, we have set this size arbitrarily (for no special reason) to 20 even though its actual
value is not relevant.
INTRODUCTION
In Chapter Six we saw how declarations and predicates were combined in structures called maxClassSize :
schemas. We saw that a schema represents a system's state, that a schema can change a
system's state, and that a collection of schemas models the behaviour of a computer system. maxClassSize = 20
Now we go on to see how larger schemas may be formed by combining smaller ones using
conjunction (and) and disjunction (or).
We model the class system as two sets of students. enrolled is the set of students who have
joined the class. passed is a subset of enrolled and represents the set of enrolled students who
have passed their assignments. The size of the class is constrained by maxClassSize.
8.1 THE CLASS SYSTEM
[ STUDENT ]
To begin with there are no enrolled students and no student has passed.
There is a limit to the number of students who can join the class. To define this we first
introduce , the set of all natural counting numbers including zero. InitClass
Class
enrolled =
== { n : |n 0}
passed =
49 50
A student may join the class if the class is not already full and if the student has not already EXERCISE 8.1
enrolled. A new student cannot have passed all their assignments.
1 Explain each line of Z introduced so far in Section 8.1 above as if to a beginning Access
EnrolOk student.
Class
student? : STUDENT 2 Write and explain the schema LeaveWithoutCertificateOk that specifies the process of a
student leaving the class without having passed all their assignments.
#enrolled < maxClassSize
student? enrolled 3 Write and explain the schema ReportNumberEnrolled that outputs the number of students
enrolled' = enrolled { student? } who are currently enrolled.
passed' = passed
::= stands for free type definition. The | separates one element from the next. A variable of
type REPORT has a value drawn from the given list. Notice that each element name begins
with a lower case letter and contains no spaces.
51 52
EXERCISE 8.2 A student cannot be enrolled again if they are already enrolled.
1 For the schema LeaveWithoutCertificateOk written in Exercise 8.1 above define and
explain AlreadyEnrolled
Class
a the pre-conditions for success student? : STUDENT
b the conditions for failure report! : REPORT
2 extend the REPORT type defined in Section 8.2 above to include the reasons why the student? enrolled
LeaveWithoutCertificateOk process could fail. report! = alreadyEnrolled
8.3 SUCCESS AND ERROR SCHEMAS If a student is not enrolled they cannot be passed.
The Success schema has just one declaration and one predicate. It will be combined with
other schemas to indicate their successful outcome. NotEnrolled
Class
student? : STUDENT
Success
report! : REPORT
report! : REPORT
student? enrolled
report! = success
report! = notEnrolled
We define a schema for each identified error case. We do not expect an error case to update
any system variables. The same student cannot be passed twice.
The class is full if the number of enrolled students has reached (or by some mistake has
exceeded) the maximum class size. AlreadyPassed
Class
student? : STUDENT
ClassFull report! : REPORT
Class
report! : REPORT student? passed
report! = alreadyPassed
#enrolled maxClassSize
report! = classFull
53 54
A student who has not passed cannot leave with a certificate. Similarly,
student? passed
report! = notPassed
EXERCISE 8.3
1 Explain each line of Z introduced in Section 8.4 above, as if to a beginning Access student.
Explain each line of Z introduced in Section 8.3 above, as if to a beginning Access student. 3 A hotel maintains a record of the current state of its rooms, whether occupied or not. Write
and explain a Z specification for the system described below.
stands for schema definition. So, the Enrol schema is defined to be EnrolOk and Success,
or ClassFull, or AlreadyEnrolled.
55 56
9 BINARY RELATIONS
Use Case: Vacate
Purpose: to inform the system that a room is now vacant INTRODUCTION
Pre-conditions: the room is in the hotel rooms for guests system
the room is currently occupied We find pairs of objects all around us: wives and their husbands, friends and their telephone
Initiating Actor: receptionist numbers, students and the subjects they study, customers and their bank accounts, guests and
1 receptionist inputs room their hotel reservations. We see that a binary relation is just a set of ordered pairs. We see
2 system confirms room now vacant how the first and second functions split an ordered pair into its coordinates. We look at the
3 exit success domain and range, and the source and target, of a binary relation.. We see how domain and
Exceptions range restriction work like database queries. We see how relational image works like a table
2a room not in the system lookup. We look at the inverse function. We see how two binary relations may be composed
2a1 exit failure to form a third binary relation.
2b room already vacant
2b1 exit failure 9.1 BINARY RELATIONS
A use case describes a sequence of interactions between a system and its users. The users are a pair
known as actors. Exceptions are the error scenarios - what can go wrong. The pre-conditions
of a use case describe the set of states for which the successful outcome is defined. The pre-
condition for the add a new room use case, Commission, is that the room has not already been { (madge, homer), (wilma, fred) }
added.
{ (kylie, 1), (kylie, 2), (robbie, 3) }
Each element in a binary relation is a pair of objects, e.g. (madge, homer). Look at this binary relation:
(madge, homer) is not the same pair as (homer, madge). Order matters.
{1 a, 2 b, 3 c}
The ordered pair (madge, homer) may be written as madge homer. This is known as
maplet notation, and madge homer is known as a maplet.
The set formed by all the the first coordinates
The Z functions first and second split an ordered pair into its first and second coordinates. The set formed by all the second coordinates
first and second are known as the projection functions for ordered pairs.
ran { 1 a, 2 b, 3 c } = { a, b, c }
Evaluate
[ DATE, PERSON ]
{1 23, 2 29, 3 31, 4 37, 5 41 }
source
is the binary relation operator. Even though it looks like a double-headed arrow, it
associates from left to right.
The range of { 1 23, 2 29, 3 31, 4 37, 5 41 } is { 23, 29, 31, 37, 41 } and is also
a subset of . A range is a subset of its target.
EXERCISE 9.4
ran { 1 23, 2 29, 3 31, 4 37, 5 41 } Introduce appropriate types and declare the binary relations described below, and give an
example of an element in each binary relation
e authors and the titles of the books they have had published
61 62
Domain restriction works like a database query, a bit like using an internet search engine to Look at this binary relation:
list all entries that contain the phrase "Z Notation". You might get many entries listed, or
none at all.
{1 a, 2 b, 3 c}
Look at this binary relation:
Its range is { a, b, c }.
{1 a, 2 b, 3 c}
If we restrict the binary relation so that its range is { b } we get
Its domain is { 1, 2, 3 }
{2 b}
If we restrict the binary relation so that its domain is { 2 } we get
We write
{2 b}
{1 a, 2 b, 3 c} {b} ={ 2 b}
We write
{4} {1 a, 2 b, 3 c}={ }
EXERCISE 9.5
{ 1, 3 } {1 a, 2 b, 3 c}= {1 a, 3 c}
1 Evaluate
The relational image operator works like a table look-up. For example, look at this table: 1 Evaluate
You ask: what is blue's numerical value? You look down the table and see that it is 5.
2 If R = { (1, a), (2, b), (3, c), (4, d), (5, e) } and S = 2..4 evaluate
Look at this binary relation.
a R S
{1 a, 2 b, 3 c} b ran(S R)
We write
{1 a, 2 b, 3 c} {2} ={b}
where ... is the relational image operator. You provide a subset of a binary relation's
source, it gives you the corresponding elements in the binary relation's range. For example:
{1 a, 2 b, 3 c} {4} ={ }
{1 a, 2 b, 3 c } { 1, 3 } = { a, c }
65 66
The binary relation symbol, , associates from left to right. We introduce as a given type 1 Given [ PERSON, EMAIL ] the set of all people and the set of all e-mail addresses, and
DRINK, the set of all drinks. We define costs as a binary relation from drink to price.
evaluate
So, for example, tea costs 50 pence.
a hasAddress~
If we reversed the binary relation, if we made it from price to drink and called it buys, so, for
example, 50 pence buys tea: b { terry } hasAddress
c hasAddress { terry }
buys : DRINK
d dom (hasAddress \ { terry, kanti }) hasAddress
buys = { 50 tea, 75 coffee, 75 hotChocolate, 75 soup }
e hasAddress (ran hasAddress \ { xmail.com, basucks.com })
then buys is the inverse of costs. We write 2 We introduce the type NAME, the set of all people's names, and define
a alias~
d alias { sue }
Given the types In a horse trials competition, an owner may enter more than one horse and a rider may ride
more than one horse. Given the types [ OWNER, HORSE, RIDER ] and the binary relations
[ PERSON, ROOM ]
hasPhone : PERSON
riddenBy : HORSE RIDER
hasPhone = { roy 317, tom 208, tom 209, jim 326, lee 225 }
riddenBy = merryTom jones, ticTac jan, jumpingJack french,
isAGas jan, hissingSid fraser }
phoneInRoom : ROOM
REVIEW
roy has phone 317 that is in room A306. Therefore, we can conclude that roy is in room
We find pairs of objects all around us: wives and their husbands, friends and their telephone
A306. Starting from PERSON we can reach ROOM via (their phone number).
numbers, students and the subjects they study, customers and their bank accounts, guests and
their hotel reservations. We noted that a binary relation is just a set of ordered pairs. We
The composition of two binary relations is another binary relation where the range of one is a saw how the first and second functions extracted the first and second coordinates of an
subset of the domain of the other. ordered pair. We saw how domain and range restriction work like database queries. We saw
how relational image works like a table lookup. We looked at the inverse and composition
functions.
ran hasPhone dom phoneInRoom
BIBLIOGRAPHY
We write
BARDEN R., STEPNEY S. & COOPER D. 1994 Z in Practice Prentice Hall Hemel
Hempstead UK pp 57, 179
hasPhone phoneInRoom = { roy A306, tom A39, jim A306, lee A39 } JACKY J. 1997 The Way of Z Cambridge University Press Cambridge UK pp 82
SPIVEY J.M. 1992 The Z Notation Prentice Hall Hemel Hempstead UK pp 93, 95
WOODCOCK J. & DAVIES J 1996 Using Z Prentice Hall Hemel Hempstead UK pp 83