Z Specification Language: Overview
The Z specification language (pronounced "Zed" in British English) is a formal specification
language used for describing and modeling computer-based systems. It is based on set theory
and first-order predicate logic, providing a mathematical framework to precisely define system
requirements and behaviors.
Key Features
1. Mathematical Foundation:
o Relies on set theory and predicate logic to describe systems.
o Ensures precision and unambiguity in specifications.
2. Schema Notation:
o Central to Z, schemas describe the system state and operations on that state.
o A schema consists of a declaration part (defining variables and their types) and a
predicate part (specifying constraints and relationships).
3. Modularity:
o Specifications are broken into manageable components (schemas), promoting
clarity and reusability.
4. Tool Support:
o Tools like Z/EVES and Community Z Tools (CZT) provide support for writing,
checking, and verifying Z specifications.
5. Graphical Symbols:
o Uses mathematical symbols (e.g., ∀, ∃, ∈) for concise representation, making it
compact but requiring familiarity with formal notation.
Components of Z
1. Basic Types:
o Represents the atomic entities in a system, defined without explicit internal
structure.
o Example: {N}for natural numbers.
2. Schemas:
o A key construct for defining states and operations.
o Example schema for a bank account:
Account
balance: ℕ
balance ≥ 0
3. Operations:
o Defined as changes to the system state, expressed using input/output variables.
o Example operation schema for depositing money:
Deposit
ΔAccount
deposit?: ℕ
deposit? ≥ 0
balance' = balance + deposit?
4. Predicates:
o Logical conditions that must hold true within a schema.
Advantages of Z
1. Precision:
o Formal mathematical foundation ensures specifications are unambiguous.
2. Clarity:
o Modular schemas make complex systems easier to understand and manage.
3. Verification:
o Formal reasoning allows checking correctness and consistency of specifications.
4. Tool Support:
o Tools help automate checks for logical consistency and traceability.
Challenges of Z
1. Steep Learning Curve:
o Requires familiarity with formal methods, mathematical logic, and set theory.
2. Complexity:
o Large systems can lead to complex specifications.
3. Limited Adoption:
o Primarily used in safety-critical and high-assurance domains.
4. Lack of Executability:
o Unlike some formal languages, Z does not directly generate executable code.
Applications
1. Safety-Critical Systems:
o Used in domains like aviation, railway signaling, and medical devices to specify
and verify critical system properties.
2. Software Development:
o Helps in capturing precise requirements and verifying designs before
implementation.
3. Academic Research:
o Common in formal methods research and teaching.
Conclusion
The Z specification language is a powerful tool for formal system specification, offering
precision and rigor through its mathematical basis. While it has limitations in terms of
complexity and adoption, it remains a cornerstone in the development of reliable and high-
assurance systems.
Example of Z Specification Language
Let’s consider an example of a simple banking system to demonstrate the use of Z specification
language. The system involves managing bank accounts with basic operations like depositing
and withdrawing money.
Step 1: Define the State of the System
We define the state of a bank account using a schema.
Account
balance: ℕ -- The account balance must be a non-negative integer
balance ≥ 0
Schema Name: Account
Variable: balance (the current account balance)
Constraint: The balance must always be non-negative.
Step 2: Define Operations on the State
1. Deposit Operation:
The deposit operation increases the balance by a specified amount. It uses the ΔAccount notation
to indicate that the Account state is being updated.
Deposit
ΔAccount
deposit?: ℕ -- Input amount to deposit (must be non-negative)
deposit? ≥ 0
balance' = balance + deposit?
o ΔAccount: Indicates that the state is modified.
o Input Variable: deposit? is the amount to be deposited.
o Constraint: deposit? must be non-negative.
o New State: The new balance (balance') is the old balance (balance) plus the
deposited amount.
2. Withdraw Operation:
The withdraw operation decreases the balance by a specified amount if there are sufficient funds.
Withdraw
ΔAccount
withdraw?: ℕ -- Input amount to withdraw (must be non-negative)
withdraw? ≥ 0
withdraw? ≤ balance
balance' = balance - withdraw?
o Input Variable: withdraw? is the amount to withdraw.
o Constraint: The withdrawal amount must be less than or equal to the current
balance.
o New State: The new balance (balance') is the old balance (balance) minus the
withdrawal amount.
3. Check Balance Operation:
This operation queries the current balance without modifying the state.
CheckBalance
ΞAccount
result!: ℕ -- Output variable for the current balance
result! = balance
o ΞAccount: Indicates the state is not modified.
o Output Variable: result! is the current balance.
Step 3: Combining the Operations
We can define the system as a collection of states and operations:
Example Execution
1. Initial State: balance = 100
2. Deposit Operation: deposit? = 50
o Precondition: deposit? ≥ 0 (satisfied).
o Postcondition: balance' = balance + deposit? = 100 + 50 = 150.
3. Withdraw Operation: withdraw? = 30
o Precondition: withdraw? ≥ 0 ∧ withdraw? ≤ balance (satisfied).
o Postcondition: balance' = balance - withdraw? = 150 - 30 = 120.
Benefits of This Example
1. Precision: The behavior of each operation is mathematically specified, avoiding
ambiguity.
2. Modularity: Each operation is defined separately, making the system easier to extend
and maintain.
3. Validation: Logical correctness can be verified using tools like Z/EVES.
This example showcases how Z specification provides a rigorous framework for specifying and
analyzing system behavior.