Z NOTES Terry Marris July 2004
CONTENTS 1 2 3 4 5 6 7 8 9
Sets Basic Types The Integer Type Predicates Schemas Set Types Set Operations Schema Calculus Binary Relations
2
1 SETS INTRODUCTION Sets are the foundation of all mathematics and our attempts to describe the world about us. We look at the properties of sets and some simple ways of describing them. We explain that a set is a collection of similar objects. We see how to display a set. We see that a set has no duplicates and no order. We examine a convention for naming sets. We look at some standard sets. We learn how to define number ranges. We examine the concepts of cardinality, membership and equality.
1.1 OBJECTS AND SETS An object is anything we can see, smell, hear, taste, touch or think about. A collection of similar objects is called a set. Examples of sets include • the collection of people who have enrolled on this year's Access course • the collection of leap years since 1986 • the collection of three letter passwords that can be generated from the letters a, b and c
EXERCISE 1.1 Identify five sets drawn from your surroundings and experience.
3 1.2 SET DISPLAY One way to describe a set is to list its contents. For example: { tom, anne, jerry } { 1988, 1992, 1996, 2000, 2004 } { abc, bca, cab, acb, bac, cba } We use curly brackets to separate the list from its surroundings. The objects that make up a set are known as its elements or members. We separate one member from the next by a comma. Describing a set by listing its contents is called set display. A set is defined by its contents alone. So the order in which you write the elements in a set display is not important. It makes no sense to talk about the first or last element in a set, or to say that one element comes before another. { tom, anne, jerry } is the same as { anne, jerry, tom } If two elements in a set are the same, the repeated element is ignored. Writing the same element more than once is harmless but confusing. So we leave out repeats. { tom, tom, jerry, anne } is better written { tom, jerry, anne }
EXERCISE 1.2 Use set display notation to describe the sets given below. 1 the set of days you are timetabled to be in college. 2 the set of digits used in base 10 arithmetic (denary). 3 the set of digits used in base two arithmetic (binary). 4 the set of colours seen on a rainbow. 5 the set of departments in a small, manufacturing business.
4 1.3 NAMING A SET If a set has too many members to conveniently list, we can simply give them descriptive names. PERSON - the set of all people LEAPYEAR - the set of all leap years ever PASSWORD - the set of all possible passwords We follow the convention that names we choose for our sets • are written entirely in capital letters - PERSON not Person • are singular - PASSWORD not PASSWORDS • do not contain spaces, underscores or hyphens - LEAPYEAR not LEAP YEAR
EXERCISE 1.3 Evaluate the names for the set of book titles shown below against the convention for naming sets described in section 1.3 above. 1 BOOKTITLE 2 BOOK TITLE 3 BookTitle 4 BOOK_TITLE 5 BOOKTITLES
5 1.4 SOME STANDARD SETS Some sets have names already assigned to them. Z (say fat zed) - the set of all whole numbers, negative, zero and positive. -1, 0, 1 are members of this set. N (say fat en) - the set of natural numbers including zero. 0, 1, 2 are members of this set. 0 - the empty set, the set with no members. Think of an empty bag - there is nothing in it. Z and Z are not the same thing. Z is the name of a notation that uses maths to specify computer systems. Z is the set of all whole numbers. Whole numbers are also known as integers.
EXERCISE 1.4 Explain the difference between 1 Z and Z 2 0 and {}
6 1.5 NUMBER RANGE If a sequence of integers form a set, we can use number range notation. 1..7 (say 1 up to 7) is the set of all integers between 1 and 7 inclusive. 1..7 is the set { 1, 2, 3, 4, 5, 6, 7 }. Note that there are just two dots between the two integers that mark the beginning and end of the sequence.
EXERCISE 1.5 Use number-range notation to define the sets described below. 1 the number of people who may be allowed in a lift if its capacity is five people. 2 the set of hours used in 24-hour clock notation. 3 the set of numbers that define any person's age in years.
7 1.6 CARDINALITY Some sets contain more members than we can count. Think of Z, the set of all possible integers for example. No matter how many we count, there is always another one to be counted. Such sets are called infinite sets. Some sets contain a finite number of elements - we can count the number of elements they contain. Look at the set { tom, anne, jerry }. We can see it has three elements. The number of elements in a finite set is known as its cardinality. The symbol for cardinality is #. So for example: #{ tom, anne, jerry } = 3 #{ 1988, 1992, 1996, 2000, 2004 } = 5 #{ abc, bca, cab, acb, bac, cba } = 6 #Z is undefined
EXERCISE 1.6 State the value of 1 #{ spaceKey, tabKey, returnKey, arrowKey, functionKey } 2 #0 3 #N
8 1.7 MEMBERSHIP If we look at the set { 1988, 1992, 1996, 2000, 2004 } we can see that 2000 is an element of the set but 2001 is not. We write 2000 e { 1988, 1992, 1996, 2000, 2004 } where e means is-a-member-of And 2001 ‰ { 1988, 1992, 1996, 2000, 2004 } where ‰ means is-not-a-member-of.
EXERCISE 1.7 Which of the following expressions are true and which are false? Explain why. 1 end e { if, else, while, repeat, until, end } 2 Key e { spaceKey, tabKey, returnKey, arrowKey, functionKey } 3 0‰0 4 3.142 e Z 5 -1 e N
9 1.8 EQUALITY Two sets are equal if they both have exactly the same elements. For example { 1988, 1992, 1996, 2000, 2004 } = { 2000, 1996, 1988, 2004, 1992 } = means is-the-same-as. But if two sets do not have exactly the same elements, they are not equal. For example { 1988, 1992, 1996, 2000, 2004 } Î { 1988, 1992, 1996, 2000 } are not equal because 2004 is a member of one set but not the other. Î means is-not-the-same-as.
EXERCISE 1.8 Which of the following expressions are true and which are false? Explain why. 1 { robin, thrush, starling, sparrow, blackbird } = { wren, swallow, hawk, crow, magpie } 2 { 0, 1 } Î { 1, 0 } 3 { 1, 2, 4, 8, 16 } = { 16, 8, 4, 2, 1 }
10 REVIEW We defined what a set is - a collection of similar objects. We saw how to display a set. We learned that a set has no duplicates and no order. We saw how to choose names for a set. We looked at some standard sets. We learned how to define number ranges. We examined the concepts of cardinality, membership and equality. Next, we look at basic types.
BIBLIOGRAPHY BARDEN R., STEPNEY S. & COOPER D. 1994 Z in Practice Prentice Hall pp 377 JACKY J 1997 The Way of Z Cambridge pp 63 SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 25, 111 WOODCOCK J. & DAVIES J. 1996 Using Z: Specification, Refinement & Proof Prentice Hall pp 57, 112
11
2 BASIC TYPES INTRODUCTION In the last chapter we looked at sets and some of their properties. We noted that elements in a set are similar. It is this similarity that we focus on in this chapter. To help describe the world about us, we classify objects into sets called types. We go on to look at how we can represent any element in a set, no matter how large that set is. We look at the properties of variables. We see the importance of types in detecting errors and inconsistencies.
2.1 BASIC TYPES There is just one inbuilt type that is part of the Z Notation; it is Z, the set of all integers. We define all other types ourselves. We are in charge here. We use a basic type when we want to just focus on essentials and hold off looking at details. For example, a person has a name, a date of birth and an address. If we do not need to be concerned with details such as title, forename, middle names and surname, we introduce the type NAME, the set of all possible names. If we do not need to bother with days, months, years and calendars (e.g. Chinese, Bengali and Gregorian) we introduce the type DATE, the set of all possible dates. If we do not need to bother with house number, street, city and postcode, we introduce the type ADDRESS, the set of all postal addresses. Focussing on essentials is called abstraction. To define basic types of our own choosing we just list them (in alphabetical order) as given sets between square brackets, and explain what we mean by them. For example: We introduce as given sets ADDRESS, DATE and NAME. ADDRESS is the set of all postal addresses anywhere. DATE, the set of all possible dates in all possible calendars. NAME is the set of all names in full that any person might have. [ ADDRESS, DATE, NAME ]
12 EXERCISE 2.1 1 Explain what is meant by the term abstraction. Illustrate your explanation with an example. 2 We are looking at defining a video rental system. A video has a title and a subject by which it is classified. We do not need to know anything about the internal details of titles and subjects. Introduce titles and subjects as given sets. 3 Each room in a hotel is given a number or a name. No two rooms have the same number or name. Since the number or name uniquely identifies a room, introduce room id as a given set.
2.2 DECLARATIONS PERSON, the set of all possible people on this planet, is pretty large. If we want to refer to just one of them we write aPerson : PERSON aPerson represents just one, any one, of all the possible elements in PERSON. aPerson : PERSON is an example of a declaration. A declaration has two parts. To the right of the colon is the name of a set; this name is PERSON. To the left of the colon is a name for any element from that set; this name is aPerson. Since we do not necessarily know which element aPerson represents, aPerson is called a variable. A variable has a name (e.g. aPerson) a type (e.g. PERSON) and a value taken from the type. Look at this declaration. aPersonsAge : 0..130 The name of the variable is aPersonsAge. Its type is Z because the values 0, 1, 2, and so on up to 130 are all elements from the larger set Z. We think of a type as an inclusive set. Each element in the same set has the same type.
13 We cannot make a variable declaration if its type has not yet been introduced. For example, we cannot declare aRoom : ROOM before introducing ROOM as a given set (by writing [ ROOM ] and describing what we mean by ROOM). We define it before we use it. This is known as the definition before use principle. But note that the type Z is pre-defined; it is part of the Z notation. So you do not have to define Z before you use it.
EXERCISE 2.2 1 An employee has an annual salary that is always a whole number of pounds. Declare a variable to represent an employee's annual salary. 2 My car's thermometer displays air temperature to the nearest 0.5 degree Celsius. Thinking that 18.5 degrees C could be represented by 185, and 19 degrees by 190, declare a variable to represent the temperature displayed by my car's thermometer. 3 The printable characters found on a keyboard include letters of the alphabet, e.g. a, b, c, X, Y, Z, digits e.g. 1, 2, 3, symbols e.g. /, >, &, and white space such as tab and spacebar. Introduce a suitable type and declare a variable that could represent one of these printable characters. 4 In an office supplies catalogue, items of stationery are identified by their catalogue number. Introduce suitable types and declare variables that could represent items of stationery and their catalogue numbers. 5 Snakes and Ladders is a game played on a board of 100 squares, numbered 1 to 100. Declare a variable that could represent the position of a square on the board.
14 2.3 NAMING VARIABLES We choose our own names for variables. We choose descriptive names whenever clarity is required. For example. aPersonsAge : 0..130 rather than a : 0..130 We choose a single letter when there is no doubt about clarity (but readers often appreciate more descriptive names). p : PERSON is ok but
aPerson : PERSON
might be preferable.
We follow the convention that names we choose for our variables • start with a lower case letter - person not Person • are written entirely in lower case except the first letter of each word in the name aPersonsAge not apersonsage • do not contain spaces, underscores or hyphens - anAddress not an Address Writing variable names in a mixture of lower and upper case (capital) letters helps us to tell them apart from type names, which are written entirely in upper case.
EXERCISE 2.3 Evaluate the variable names shown below against the convention for naming variables described in section 2.3 above. 1 numberOfPersons : 0..5 2 NumberOfPersons : 0..5 3 number Of Persons : 0..5 4 NUMBEROFPERSONS : 0..5 5 n : 0..5
15 2.4 CONSISTENCY Every Z object is a type of one kind or another. This is important because it helps us discover inconsistencies in what we write. For example, given the type [ PERSON ] and the declarations p, q : PERSON r:Z p = q is consistent because both p and q are variables of type PERSON. But to say p = r is a nonsense because p is of type PERSON and r is of type integer. How can you say that a person and an integer are the same object?
EXERCISE 2.4 1 Comment on the validity of the expression { red, blue, green } = { 1, 2, 3 } 2 Given CHARACTER is the set of all printable characters found on any computer keyboard for any country, [ CHARACTER ] and the declaration ch : CHARACTER comment on the validity of the expression ch e Z 3 Given the declaration capacity : Z comment on the validity of the expression capacity = 5
16 REVIEW We have seen that a basic type is a given set name. We think of a type as being an inclusive set. We noted that all the elements of a set belong to the same type. We looked at declarations. A declaration introduces a variable and associates it with a type. We looked at the importance of types in reducing inconsistencies and errors. We shall look at composite types such as set types, Cartesian product types and schema types in later chapters. Next, we look at the integer type.
BIBLIOGRAPHY BOTTACI L & JONES J. 1995 Formal Specification Using Z Thompson pp 139 JACKY J. 1997 The Way of Z Cambridge University Press pp 64 NORCLIFFE A. & SLATER G. 1991 Mathematics of Software Construction Ellis Horwood pp 43 SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 7, 24, 51 WOODCOCK J. & DAVIES J. 1996 Using Z: Specification, Refinement and Proof Prentice Hall pp 70
17
3 THE INTEGER TYPE
INTRODUCTION In the last chapter we looked at types. A type is an inclusive set and all the elements of a set belong to the same type. We looked at declarations. A declaration introduces a variable and associates it with a type. We looked at how consideration of types helps us to detect inconsistencies and errors. Now we go on to look at the integer type in more detail. We review the arithmetic operations +, - and *, div and mod. We introduce max and min. We look at the numerical comparison operators <, ¯, > and ˘. And we look at rules of precedence.
3.1 THE ARITHMETIC OPERATORS The type Z is the set of all possible integers. ... -3, -2, -1, 0, 1, 2, 3, ... We can add two integers together.
7 + 3 = 10
We can subtract one from another.
10 - 7 = 3 7 - 10 = -3
We can multiply two integers.
7 * 3 = 21
But we have a problem with division.
7 / 3 = 2.3333
2.3333 is not an integer. Z provides the div and mod operators so the problem does not arise.
[ * means multiply ] [ 21/3 = 2.3333 ]
18 3.2 THE div AND mod OPERATORS We may remember from our days at junior school, before we learned about decimal points and how to use a calculator, that 7 ÷ 3 = 2 remainder 1
[ because 7 = 3 x 2 + 1 ]
div (for integer division) works in a similar way to ÷ but without the remainder. So 7 div 3 = 2 div gives the integer result after dividing one integer by another. Any remainder or fractional part is truncated, cut off and lost. mod (for modulo) works in a way similar to remainder. So 7 mod 3 = 1 mod gives the integer remainder after dividing one integer by another. We remember that division by zero is not defined. So both 7 div 0 and 7 mod 0 have no defined answer. div and mod are part of the Z Notation.
EXERCISE 3.1 1 Evaluate a 16 div 3
b 20 div 4
c 5 div 5
d 4 div 5
e 7 div 5
b 20 mod 4
c 5 mod 5
d 4 mod 5
e 7 mod 5
2 Evaluate a 16 mod 3
19 3.3 ARITHMETIC OPERATOR PRECEDENCE Precedence is the order in which operations are always carried out. In arithmetic: brackets have the highest priority then *, div and mod in the order written from left to right then + and - in the order written from left to right. For example: (40 - 32) * 5 div 9
= 8 * 5 div 9 = 40 div 9 = 4
[ brackets first ] [ multiply ] [ integer division ]
EXERCISE 3.2 Evaluate 1 5+7*9 2 (5 + 7) * 9 3 5 div 9 * (212 - 32) 4 Given the declaration n : Z and the observation n div 2 = 0, what can you conclude about n? 5 Given the declaration n : Z, what is the set of possible results of n mod 5?
20 3.4 max AND min Z also provides the max and min operators. max gives the largest value in a non-empty set of integers, and min the least value. For example: max{ 11, 7, 13, 3, 5 } = 13 min{11, 7, 13, 3, 5 } = 3
EXERCISE 3.3 Evaluate 1 min{ -1, 0, 1 } 2 max{ 3, 4, 7, 1, 2 } 3 max{ }
21 3.4 THE NUMERICAL COMPARISON OPERATORS 40% is a critical mark in some exams. A mark of 40 or more is a pass. A mark of 39 or less is a fail. The boundary between fail and pass is shown on the number line below. number line 37
38
39 fail
41
40
42
43
pass
39 is-less-than 40. We write 39 < 40. < means is-less-than. 41 is-more-than 40. We write 41 > 40. > means is-more-than. < and > are known as comparison or relational operators. They are easy to remember. Less than has its point on the Left. MoRe than has its point on the Right. Evidently 39 < 40 40 < 39
is true is false
40 > 39 39 > 40
is true is false
And
¯ means less-than-or-equal-to. ˘ means more-than-or-equal-to. So 39 ¯ 40 40 ¯ 40 41 ¯ 40
is true is true is false
40 ˘ 39 40 ˘ 40 40 ˘ 41
is true is true is false
And
22 EXERCISE 3.4 1 Given the declaration n : Z and that n ˘ 0 and n < 10 are both true, write down the set of values that n belongs to. 2 Given the declaration n : Z and that n div 10 > 0 and n div 10 ¯ 20 are both true, write down the set of values that n belongs to. 3 Given the declaration n : Z and that n < 0 and n > 9 are both true, what can you conclude about the values of n?
REVIEW We looked at the integer type in more detail. We reviewed the arithmetic operations +, - and *, div (integer division) and mod (integer remainder) We introduced max and min - the largest and least values in a non-empty set of integers. We looked at the numerical comparison operators < (less than), ¯ (less than or equal to), > (more than) and ˘ (more than or equal to). And we looked at rules of precedence (brackets, times and divide, add and subtract) for the arithmetic operations. Next, we see how the values of variables may be constrained by predicates.
BIBLIOGRAPHY SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 108
23
4 PREDICATES INTRODUCTION In the last chapter we looked at the integer type. We reviewed the arithmetic operations +, and *, div and mod. We introduced max and min. We looked at the numerical comparison operators <, ¯, > and ˘. And we looked at rules of precedence for the arithmetic operations. Now we see how the values of variables may be constrained by predicates and how satisfying a predicate defines a set. The types of predicate we shall discuss include =, e <, > ¶, v
equals and membership relations: less than and more than connectives: conjunction (and) and disjunction (or)
4.1 PREDICATES A declaration introduces a variable. For example n:Z introduces the variable named n, of type Z, without any constraints or bounds on the values that n may have. Suppose we require n to be not less than one, values 1, 2, 3, ... are what we require. To declare that n is more than zero we would write n>0 n > 0 is an example of a predicate. Values 1, 2, 3, ... and so on are said to satisfy the predicate n > 0, i.e. make n > 0 true. Putting the declaration and predicate together, as shown below, specifies a set. { n:Z|n>0} The declaration and predicate parts are separated by a | symbol. The declaration to the left of the | is the source of the elements of the set. The predicate to the right of the | is like a filter: only elements whose values are more than zero pass through the filter. The set just defined
24 above is the set of all integers greater than zero, that is, the set of natural counting numbers from one upwards. { n : Z | n > 0 } = { 1, 2, 3, ... }
[ Note: the ... is not Z. It means and so on. We write it to help our understanding. ]
We define a predicate in terms of the set of objects that satisfy it. Look at this example. { n : Z | n e 1..5 } = { 1, 2, 3, 4, 5 } The declaration n : Z is the source. The predicate n e 1..5 is the filter. It says n is a member of the set of integers from 1 up to 5 inclusive. Only elements from Z that satisfy the predicate pass through the filter . A predicate puts a constraint on the values a variable might have. For example capacity : Z capacity = 10 says capacity is 10. We could use the declaration and predicate together to define the set containing just one integer element, 10. { n : Z | n = 10 } = { 10 }
EXERCISE 4.1 Using set display notation write out the contents of the sets defined below. If the set is too large to conveniently list, write down just five elements from the set. a {n:Z|n˘0} b { n : Z | n e 0..5 } c { n : 1..9 | n mod 2 = 0 } d { h : 0..23 | h < 12 }
25 4.2 THE CONNECTIVES The connectives include conjunction (and) and disjunction (or). They allow us to connect smaller predicates together to form larger ones. For example, given the declaration n : Z, here are two small predicates that say n is more than zero and n is less than 6. n>0 n<6 Now join them together with a ¶, which means and-at-the-same-time. n>0¶n<6 We then have a composite predicate known as a conjunction. This predicate is true if n is more than 0 and, at the same time, n is less than 6. { n : Z | n > 0 ¶ n < 6 } = { 1, 2, 3, 4, 5 }
n>0¶n<6 number line ...
-1
0
1
2
3
4
5
6
...
26 Here are two small predicates that say n is less than 1 and n is more than 5. n<1 n>5 Now join them together with v, meaning or. n<1v n>5 We then have a composite predicate known as a disjunction. The predicate is true if either n is less than 1 or n is more than 5. { n : Z | n < 1 v n > 5 } = { ..., -2, -1, 0, 6, 7, 8, ...} This is the set of all integers excluding { 1, 2, 3, 4, 5 } n<1
n>5 number line
-2
-1
0
1
2
3
4
5
6
7
It is easy to remember what the two symbols ¶ and v mean when you notice that the ¶ looks a bit like the A in And.
EXERCISE 4.2 Using set display notation enumerate (list) the contents of the sets defined below. If the set is too large to enumerate then list just five elements from the set. a { n : Z | n ˘ -1 ¶ n ¯ 1 } b {d:Z|d˘1¶d¯7} c {n:Z|n=0v n=1} d { n : Z | n ˘ 0 ¶ n mod 10 = 0 ¶ n div 10 ¯ 10 } e { m, n : Z | n > 1 ¶ m > 2 ¶ n mod m Î 0 }
27
REVIEW We saw how the values of variables may be constrained by predicates. We saw how to define a predicate in terms of the set of objects that satisfy it. We discussed predicates including =, e <, > ¶, v
equals and membership the relations less than and more than the connectives conjunction and disjunction
Next we see how schemas describe computer systems, a named combination of declarations with predicates.
BIBLIOGRAPHY JACKY J. 1997 The Way of Z Cambridge University Press pp 63, 66, 74, 96 SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 28, 67 WOODCOCK J. & DAVIES J Using Z: Specification, Refinement and Proof Prentice Hall pp 28, 81
28
5 SCHEMAS
INTRODUCTION In the last chapter we saw how the values of variables may be constrained by predicates and how satisfying a predicate defines a set. The types of predicate discussed included =, e equals and membership <, > the relations less than and more than ¶, v the connectives conjunction (and) and disjunction (or) Now we see how to combine declarations and predicates into structures called schemas. A schema represents a system's state. A collection of schemas models the behaviour of a computer system. We look at pre-conditions.
5.1 SYSTEM The system we shall look at is a simple counter. A counter would be used, for example, to count the number of vehicles passing a census point, the number of people entering a stadium or the number of fleas in a bird's nest.
EXERCISE 5.1 Describe three other situations where a counter might be used.
29 5.2 STATE The contents of a system's memory are called its state. For our counter system that would be the current value of the count together with the maximum it can reach. We would have the initial state when the count is zero, maximum is 9999 (say). Initial state: count = 0, maximum = 9999 We might have an interim state when the count is between zero and the maximum value that count can have. Interim state: count = 147, maximum = 9999 We might have an end state when the count has reached it maximum value and cannot be advanced any further. End state: count = 9999, maximum = 9999 Effectively, the state of a system is the collection of values stored in its variables.
EXERCISE 5.2 A cash point machine has a number of £10 notes available for issue to customers. Describe three distinct states of the cash point machine.
30 5.3 ABBREVIATION DEFINITION Count and maximum are whole numbers. We could represent them as integers of type Z, but that will allow negative values for count and maximum. So we introduce N (say fat N) as an abbreviation for the set of all natural (integer) counting numbers including zero but excluding negative values.
N == { n : Z | n ˘ 0 } Declaring N in this way allows us to use the relational operators < and .> as well as =. The type of N is Z. If we had introduced N as a given set like this [N] and if we had variables a, b : N, then for sure we could write a = b, but we could not write, for example, a < b. The only number type that is part of the Z Notation is Z. The == is known as the definition symbol. We cannot use = because its is reserved for the equals predicate. EXERCISE 5.3 Introduce and define the set N1, the set of all natural counting numbers from 1 upwards, excluding zero and negative numbers.
31 5.4 SYSTEM STATE SCHEMA A counter has just two variables, one that we shall name count, one that we shall name maximum. count can equal, but never exceed, maximum. Variables are derived from what an object has. A schema is a set of variables together with a set of predicates constraining those variables. A schema is drawn as an open box - see below. Counter count : N maximum : N count ¯ maximum
Our schema, named Counter and shown above, has two variables, count and maximum, and one predicate count ¯ maximum. count is constrained to be a value between zero (because its values are drawn from the set N) and maximum (whatever value that is) inclusive. We (nearly) always start schema names with an uppercase letter. A schema name cannot contain spaces. The variables are declared above the line that separates declarations from predicates. The variables' scope is strictly confined to the schema. This means that you cannot refer Counter's variables count and maximum outside the schema. The predicates are described below the dividing line. If there were more than one predicate, they would all be joined by conjunction - the ¶ symbol is assumed - by default. The variables of a schema are described as its components. The predicates of a schema are described as its property. The schema shown is the system state schema. No matter what process we define, add 1 to count, report on the value stored in count, subtract one from count, for example, we are obliged to ensure that the predicate count ¯ maximum is always satisfied. The schema that describes a system's variables, and predicates on those variables, is called a system state schema. It represents an object's state, the collection of values stored in its variables at a moment in time. Its variables are called state variables. The processes that we shall describe in other schemas both update and report the values stored in the state variables, count and maximum.
32 5.5 THE INITIAL STATE We describe the state the system is in when it is first started. The InitCounter schema defined below describes the initial state of Counter. InitCounter Counter count = 0 maximum = 9999
The line Counter says include all the variables defined in the Counter schema (count and maximum in this instance) and all the predicates (count ¯ maximum in this instance). InitCounter written out in full is shown below. InitCounter count : N maximum : N count ¯ maximum count = 0 maximum = 9999
The initial state is that count is zero, maximum is 9999. There is nothing special about 9999 it is a randomly chosen value. We can see at a glance that the predicates are consistent - there are no contradictions. The mechanism of schema inclusion, just by quoting the schema's name, allows us to • concentrate on just a few things at a time • keep schemas small and simple • re-use pre-written schemas in different contexts or situations.
33 5.6 QUERY SYSTEM STATE The schema QueryCount shown below outputs the current value of count. QueryCount
XCounter count! : N
count! = count
XCounter (say Xi Counter) says include all the variables and predicates defined in the Counter schema; the values stored in these variables will not change. The declaration count! : N says count output is drawn from the set N. The ! mark stands for output. The predicate count! = count says count output is the same as the (system variable) count.
34 5.7 CHANGE SYSTEM STATE Not only does a schema define and report on a system's state, it also describes changes in that state. The value of count does not remain the same forever. From time to time the counter will be clicked and the value stored in count will be moved on. The Click schema shown below updates the count system state variable but leaves the maximum variable unchanged. Click
DCounter count < maximum count' = count + 1 maximum' = maximum
DCounter (say delta Counter) says • include all the variables and predicates defined in the Counter schema • the values stored in some (or all) of these variables may well change • decorate each variable with a ' to represent the state after an update has taken place Writing out the schema in full we get
35
Click count : N maximum : N count' : N maximum' : N count ¯ maximum count < maximum count' = count + 1 maximum' = maximum
count' = count + 1 says the updated value of count is the same as the original value of count plus one. So, for example, if count was 4, count' would be 5. count' and count are both the same variable. The ' in count' means the state of count after an update has taken place. maximum' = maximum says the value after an update is the same as the one before the update. In other words, its value remains unchanged. The essential requirement is that count ¯ maximum at all times. If count = maximum how can count' = count + 1 be met? We need ensure that count is strictly less than maximum before adding 1 to it. We do this by specifying the pre-condition count < maximum A pre-condition of an operation schema describes the set of states for which the outcome of the operation is defined. In our Click operation schema, the set of states for which the outcome is defined is count e 1..9998. If count = 9999 for example, then the outcome of the schema is undefined - we have no way of knowing what it will be; it could be anything.
EXERCISE 5.4 1 Write and fully explain a schema named Cancel, which undoes a Click operation. Does the cancel operation have a pre-condition? If so, what is it? If not, why not? 2 Write and fully explain a set of schemas for the car park system described below. A car park has a capacity - a limited number of spaces. A count is maintained of the number of cars currently occupying spaces. When a car enters the car park, the count is increased. When a car leaves the car park the count is decreased. The system outputs the number of spaces left in the car park.
36 REVIEW We combined declarations and predicates into structures called schemas. We saw that a schema represents a system's state. We saw how a collection of schemas models the behaviour of a computer system. We looked at an example of a pre-condition. Next we look at set types. A set type variable represents a collection of similar objects.
BIBLIOGRAPHY BARDEN R., STEPNEY S. & COOPER D 1994 Z In Practice Prentice Hall pp 370 JACKY J. 1997 The Way of Z Cambridge University Press pp 49, 122 SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 7, 28, 48, 82, 128 WOODCOCK J. & DAVIES 1996 Using Z: Specification, Refinement and Proof Prentice Hall pp 203
37
6 SET TYPES INTRODUCTION In Chapter One we looked at sets. In Chapter Two we looked at basic types and saw that a type is itself a set. A variable of a basic type represents just a single element drawn from the type set. Now we look at set types. A variable of a set type is itself a set and is used to represent collections such as a class of students, a herd of cows and a set of hotel rooms. 6.1 PROPER SUBSETS In Chapter Three we introduced Z, the set of all integers, negative, zero and positive. In Chapter Five we defined N, the set of all positive integers including zero and excluding the negative integers.
N == { n : Z | n ˘ 0 } We say that N is a proper subset of Z because every element in N is also in Z and N Î Z. We write
NcZ where c means is-a-proper-subset-of. EXERCISE 6.1 1 Which of the following expressions are true, which are false? Give reasons for your answers. a { mon, wed, fri } c { tue, thu, sat, mon, wed, fri, sun } b { key } c { hotKey, deleteKey, escapeKey } c { 1, 2, 5, 7, 11 } c { 11, 7, 5, 2, 1}
38 6.2 SUBSETS A subset is part of a set, a set within a set. A is a subset of B if every element in A is also in B. We write AzB where z means is-a-subset-of. To illustrate the point we list all the subsets of { 1, 2, 3 }. They are {1} {2} {3}
[the singletons]
{1,2} {1,3} {2,3}
[the sets of pairs]
{1,2,3}
[because every element in {1, 2, 3 } is also in { 1, 2, 3 }]
{}
[because if it was not, there would be an element in { } that is not in { 1, 2, 3 }. But { } has no elements. So { } must be a subset of { 1, 2, 3 }]
The empty set is a subset of every set. If we make the following variable declaration: x : F{1,2,3} then x could be any one of the elements in { {}, {1}, {2}, {3}, {1,2}, {1,3}, {2,3}, {1,2,3} } where each element is itself a set. x could be { } or { 1 } or { 2 } or { 3 } or { 1, 2 } or { 1, 3 } or { 2, 3 } or { 1, 2, 3 }. We say that x is a finite set of elements drawn from { 1, 2, 3 }. In short, x is a set. Compare this with the declaration y : { 1, 2, 3 } which says y could be 1, or it could be 2, or it could be 3, and nothing else. In short, y is a single value from the set { 1, 2, 3 }. The difference in the two declarations is the presence or absence of fat F.
F { 1, 2, 3 } means the set of all subsets of { 1, 2, 3 }.
39 EXERCISE 6.2 1 List the possible values of b if b : F{ 0, 1 } 2 Explain the difference between a subset and a proper subset. 3 Explain the meaning of each of the expressions shown below: a a e { a, b, c } b { a } c { a, b, c } c { a } e F { a, b, c }
40 6.3 SET TYPE DECLARATIONS Access students study a number of subjects. Types here could include STUDENT - the set of all students SUBJECT - the set of all subjects We might define accessStudents : F STUDENT accessCourse : F SUBJECT and say accessStudents is a finite set of STUDENTs, accessCourse is a finite set of SUBJECTs. An example of accessStudents is { tom, deepak, harriet, anita, mayuri }. An example of accessCourse is { maths, formalMethods, programming, systemsAnalysis }.
EXERCISE 6.3 1 Explain the difference between e and z. 2 Given [ PERSON ] the set of all people, explain the difference between p : PERSON and q : F PERSON 3 A hotel system reserves rooms for guests from an arrival date to a departure date. Types here could include HOTEL - the set of all hotels RESERVATION - the set of all reservations ROOM - the set of all rooms GUEST - the set of all guests DATE - the set of all dates Declare and explain variables to represent a single hotel, a finite set of rooms, a single reservation and a finite set of guests.
41 REVIEW We listed the subsets of a small set. We saw that set type variables store collections of similar objects. Next we look at the set operations union, intersection and difference.
BIBLIOGRAPHY JACKY J. 1997 The Way of Z Cambridge University Press pp 69 SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 90
42
7 SET OPERATIONS INTRODUCTION In Chapter One we looked at sets. In Chapter Six we looked at subsets and set types. Now we look at the set operations union, intersection and difference and see how sets may be combined to create new sets. We look at set operator precedence.
7.1 SET UNION The union of two sets is itself a set with all the elements from both sets combined. { 1, 2, 3, } U { 2, 3, 4 } = { 1, 2, 3, 4 } The union operator, U, looks a bit like the u in union - only there is no tail.
EXERCISE 7.1 Evaluate each of the expressions shown below. a { 1, 2, 3, 5, 8, 13 } U { 3, 5, 7, 11, 13 } b { bigJ, littleJ, may, pat, alice } U { tom, denise, may } c { daisy, buttercup } U { rani } d { daisy, buttercup } U rani
43 7.2 SET INTERSECTION The intersection of two sets is itself a set with elements that are common to both sets. { 1, 2, 3, } I { 2, 3, 4 } = { 2, 3 } The intersection symbol, I, looks a bit like the n in intersection, only there is no tail.
EXERCISE 7.2 Evaluate each of the expressions shown below. a { 1, 2, 3, 5, 8, 13 } I { 3, 5, 7, 11, 13 } b { bigJ, littleJ, may, pat, alice } I { tom, denise, may } c { daisy, buttercup } I { rani } d { daisy, buttercup } I rani
44 7.3 SET DIFFERENCE The difference of two sets is itself a set with the elements of the second set removed from the first set. { 1, 2, 3, 4 } \ { 2, 3 } = { 1, 4 } A useful trick here is to write out the first set, then cross out elements that are in the second set. For example: { a, c, b, d }
\
{ a, f, e, b }
= =
{ a, c, b d } { c, d }
EXERCISE 7.3 Evaluate each of the expressions shown below. a { 1, 2, 3, 5, 8, 13 } \ { 3, 5, 7, 11, 13 } b { bigJ, littleJ, may, pat, alice } \ { tom, denise, may } c { daisy, buttercup } \ { rani } d { daisy, buttercup } \ rani
45 7.4 PRECEDENCE Precedence is the priority given to operations; those with the highest priority are evaluated before those with the lower priority. brackets ( ) have the highest priority then intersection I then union U and difference \
EXERCISE 7.4 Evaluate each of the set expressions shown below. a { 1, 2, 3 } U { 2, 3, 4 } I { 3, 4, 5 } b ({ 1, 2, 3 } U { 2, 3, 4 }) I { 3, 4, 5 } c { 1, 2, 3 } U { 2, 3, 4 } \ { 3, 4, 5 } d { 1, 2, 3 } \ { 2, 3, 4 } U { 3, 4, 5 } e { 2, 3, 4 } \ { 3, 4, 5 } I { 1, 2, 3 }
46 REVIEW We looked at the set operations union, intersection and difference. The union of { 1, 2, 3 } and { 2, 3, 4 } is { 1, 2, 3, 4 } - the combined elements from both sets. The intersection of { 1, 2, 3 } and { 2, 3, 4 } is { 2, 3 } - the elements in common to both sets. The difference { 1, 2, 3, 4 } \ { 2, 3 } is { 1, 4 } - the elements from the first set with elements in the second set removed . We looked at the order of precedence: brackets first, then intersection, then union and difference in the order they are written. Next we look at the Schema Calculus - how to create larger schemas from smaller ones by using conjunction and disjunction.
BIBLIOGRAPHY JACKY J. 1997 The Way of Z Cambridge University Press pp 73 SPIVEY J.M. 1992 The Z Notation Prentice Hall pp 90 STEWART I 1975 Concepts of Modern Mathematics Penguin pp 50
47
8 SCHEMA CALCULUS INTRODUCTION In Chapter Six we saw how declarations and predicates were combined in structures called schemas. We saw that a schema represents a system's state, that a schema can change a system's state, and that a collection of schemas models the behaviour of a computer system. Now we go on to see how larger schemas may be formed by combining smaller ones using conjunction (and) and disjunction (or).
8.1 THE CLASS SYSTEM First, we set the scene. Students may join the Z class providing the class is not full. Those who successfully complete all the assignments may leave with a certificate. We are not concerned with details such as students' number, name, date of birth and so on. So we introduce the basic type STUDENT as a given set. [ STUDENT ] There is a limit to the number of students who can join the class. To define this we first introduce N, the set of all natural counting numbers including zero.
N == { n : Z | n ˘ 0 }
48 Then we define maxClassSize, the maximum number of students that can be in the class. Here, we have set this size arbitrarily (for no special reason) to 20 even though its actual value is not relevant. maxClassSize : N maxClassSize = 20
We model the class system as two sets of students. enrolled is the set of students who have joined the class. passed is a subset of enrolled and represents the set of enrolled students who have passed their assignments. The size of the class is constrained by maxClassSize. Class enrolled : F STUDENT passed : F STUDENT #enrolled ¯ maxClassSize passed z enrolled
To begin with there are no enrolled students and no student has passed. InitClass Class enrolled = 0 passed = 0
49 A student may join the class if the class is not already full and if the student has not already enrolled. A new student cannot have passed all their assignments. EnrolOk DClass student? : STUDENT #enrolled < maxClassSize student? ‰ enrolled enrolled' = enrolled U { student? } passed' = passed The ? in student? means input. An existing student is transferred to the passed set provided they have passed all their assignments and have not already been transferred. Every student in passed must also be in enrolled. CompleteOk DClass student? : STUDENT student? e enrolled student? ‰ passed enrolled' = enrolled passed' = passed U { student? } Only those existing students who have passed may leave with a certificate. LeaveWithCertificateOk DClass student? : STUDENT student? e passed enrolled' = enrolled \ { student? } passed' = passed \ { student? }
50 EXERCISE 8.1 1 Explain each line of Z introduced so far in Section 8.1 above as if to a beginning Access student. 2 Write and explain the schema LeaveWithoutCertificateOk that specifies the process of a student leaving the class without having passed all their assignments. 3 Write and explain the schema ReportNumberEnrolled that outputs the number of students who are currently enrolled.
8.2 FREE TYPE DEFINITION In Section 8.1 above, in which we introduced the Class system, we were concerned with the simple, straightforward, no problem scenarios. For example, we did not concern ourselves with the possibility that the class is full and so no one can be enrolled on it. We ignored the possibility that a student could be enrolled twice. We ignored the possibility that a student who is not enrolled could be transferred to the passed set. We now address these error scenarios. First, we draw up a table of pre-conditions, the set of states for which successful outcomes are defined. We add on to that table the conditions for failure. Schema EnrolOk CompleteOk LeaveWithCertificate
Pre-condition for success #enrolled < maxClassSize student? ‰ enrolled student? ee enrolled student? ‰ passed student? e passed
Conditions for failure class is full: #enrolled ˘ maxClassSize student already enrolled: student? e enrolled student not enrolled: student? ‰ enrolled student already passed: student? e passed student not passed: student? ‰ passed
Then, in a free type definition, we define REPORT to be the set of values that describe either a schema's success or the reasons for its failure. REPORT ::= success | classFull | alreadyEnrolled | notEnrolled | alreadyPassed | notPassed ::= stands for free type definition. The | separates one element from the next. A variable of type REPORT has a value drawn from the given list. Notice that each element name begins with a lower case letter and contains no spaces.
51 EXERCISE 8.2 1 For the schema LeaveWithoutCertificateOk written in Exercise 8.1 above define and explain a the pre-conditions for success b the conditions for failure 2 extend the REPORT type defined in Section 8.2 above to include the reasons why the LeaveWithoutCertificateOk process could fail.
8.3 SUCCESS AND ERROR SCHEMAS The Success schema has just one declaration and one predicate. It will be combined with other schemas to indicate their successful outcome. Success report! : REPORT report! = success
We define a schema for each identified error case. We do not expect an error case to update any system variables. The class is full if the number of enrolled students has reached (or by some mistake has exceeded) the maximum class size. ClassFull XClass report! : REPORT #enrolled ˘ maxClassSize report! = classFull
52 A student cannot be enrolled again if they are already enrolled. AlreadyEnrolled XClass student? : STUDENT report! : REPORT student? e enrolled report! = alreadyEnrolled
If a student is not enrolled they cannot be passed. NotEnrolled XClass student? : STUDENT report! : REPORT student? ‰ enrolled report! = notEnrolled
The same student cannot be passed twice. AlreadyPassed XClass student? : STUDENT report! : REPORT student? e passed report! = alreadyPassed
53 A student who has not passed cannot leave with a certificate. NotPassed XClass student? : STUDENT report! : REPORT student? ‰ passed report! = notPassed
EXERCISE 8.2 Explain each line of Z introduced in Section 8.3 above, as if to a beginning Access student.
8.4 SCHEMA CALCULUS We use conjunction (and) to combine two schemas. EnrolOk ¶ Success Say enrol ok and success. We use disjunction (or) to represent alternatives. (EnrolOk ¶ Success) v classFull v alreadyEnrolled Say enrol ok and success, or class full, or already enrolled. Now we can define the total, complete version of the enrol process. Enrol Í (EnrolOk ¶ Success) v classFull v alreadyEnrolled
Í stands for schema definition. So, the Enrol schema is defined to be EnrolOk and Success, or ClassFull, or AlreadyEnrolled.
54 Similarly, Complete Í (CompleteOk ¶ Success) v NotEnrolled v AlreadyPassed LeaveWithCertificate Í (LeaveWithCertificateOk ¶ Success) v NotPassed
EXERCISE 8.3 1 Explain each line of Z introduced in Section 8.4 above, as if to a beginning Access student. 2 Write and explain the total process LeaveWithoutCertificate. 3 A hotel maintains a record of the current state of its rooms, whether occupied or not. Write and explain a Z specification for the system described below. Use Case: Commission Purpose: to add a new room to the hotels rooms for guests system Pre-conditions: the room has not already been added Initiating Actor: accommodation manager 1 manager inputs details of the new room 2 system confirms new room added 3 exit success Exceptions 2a room already in the system 2a1 exit failure Use Case: Occupy Purpose: to inform the system that a room is now occupied by a hotel guest Pre-conditions: the room is in the hotel rooms for guests system the room is not currently occupied Initiating Actor: receptionist 1 receptionist inputs room 2 system confirms room now occupied 3 exit success Exceptions 2a room not in the system 2a1 exit failure 2b room already occupied 2b1 exit failure
55
Use Case: Vacate Purpose: to inform the system that a room is now vacant Pre-conditions: the room is in the hotel rooms for guests system the room is currently occupied Initiating Actor: receptionist 1 receptionist inputs room 2 system confirms room now vacant 3 exit success Exceptions 2a room not in the system 2a1 exit failure 2b room already vacant 2b1 exit failure Notes A use case describes a sequence of interactions between a system and its users. The users are known as actors. Exceptions are the error scenarios - what can go wrong. The pre-conditions of a use case describe the set of states for which the successful outcome is defined. The precondition for the add a new room use case, Commission, is that the room has not already been added.
REVIEW We defined a class of students system in terms of two sets, enrolled and passed, where passed is a subset of enrolled. We looked at the error cases that could occur and expressed them in a table of pre-conditions and in schemas. We combined schemas using conjunction and disjunction to form larger, more complete schemas. Next, we look at binary relations.
BIBLIOGRAPHY JONES and WORDSWORTH, both cited in BARDEN et al, described the classic two sets pattern used in the Class system example. BARDEN R., STEPNEY S. & COOPER D 1994 Z In Practice Prentice Hall pp 126, 166 JACKY J. 1997 The Way of Z Cambridge University Press pp 122 JONES C.B. 1980 Software Development: a Rigorous Approach Prentice Hall NORCLIFFE A & SLATER G 1991 Mathematics of Software Construction Ellis Horwood pp 50 WORDSWORTH J.B. 1992 Software Development with Z Addison-Wesley
56
9 BINARY RELATIONS INTRODUCTION We find pairs of objects all around us: wives and their husbands, friends and their telephone numbers, students and the subjects they study, customers and their bank accounts, guests and their hotel reservations. We see that a binary relation is just a set of ordered pairs. We see how the first and second functions split an ordered pair into its coordinates. We look at the domain and range, and the source and target, of a binary relation.. We see how domain and range restriction work like database queries. We see how relational image works like a table lookup. We look at the inverse function. We see how two binary relations may be composed to form a third binary relation. 9.1 BINARY RELATIONS A binary relation is just a set of pairs. a pair { (madge, homer), (wilma, fred) } { (kylie, 1), (kylie, 2), (robbie, 3) } { (sue, formalMethods), (sam, formalMethods), (tim, maths) } We can use the usual set operations on binary pairs. { (1, a), (2, b) } U { (2, b), (3, c) } = { (1, a), (2, b), (3, c) } { (1, a), (2, b) } I { (2, b), (3, c) } = { (2, b) } { (1, a), (2, b) } \ { (2, b) (3, c) } = { (1, a) } #{ (1, a), (2, b), (3, c) } = 3 Each element in a binary relation is a pair of objects. EXERCISE 9.1 1 Describe five further examples of binary relations. 2 Evaluate a b c d
{ (a, x), (b, y) } U { (a, z), (b, w) } { (a, x), (b, y) } I { (a, z), (b, y) } { (a, x), (b, y) } \ { (a, x), (b, w) } #{ (a, x), (b, y), (c, z), (d, w) }
57 9.2 FIRST AND SECOND Each element in a binary relation is a pair of objects, e.g. (madge, homer). (madge, homer) is not the same pair as (homer, madge). Order matters. The ordered pair (madge, homer) may be written as madge å homer. This is known as maplet notation, and madge å homer is known as a maplet. (madge, homer) = madge å homer In general, we use maplet notation to represent an element in a binary relation, we use coordinate notation to represent a pair by itself. partners = { madge å homer, wilma å fred) } aPair = (madge, homer) The Z functions first and second split an ordered pair into its first and second coordinates. first (madge, homer) = madge second (madge, homer) = homer first and second are known as the projection functions for ordered pairs.
EXERCISE 9.2 Evaluate (first(a, 1), second(a, 1))
58 9.3 DOMAIN AND RANGE Look at this binary relation: { 1 å a, 2 å b, 3 å c } The set formed by all the the first coordinates { 1, 2, 3 } is known as its domain. We write dom { 1 å a, 2 å b, 3 å c } = { 1, 2, 3 } where dom is Z for domain. The set formed by all the second coordinates { a, b, c } is known as its range. We write ran { 1 å a, 2 å b, 3 å c } = { a, b, c } where ran is Z for range. EXERCISE 9.3 Evaluate a dom { A301 å office, a302 å classRoom, A303 å lab, A304 å classRoom } b ran { A301 å office, a302 å classRoom, A303 å lab, A304 å classRoom } c dom { terry å Access, garry å ECDL, kanti å ALevel, kanti åHND } d ran { terry å Access, garry å ECDL, kanti å ALevel, kanti åHND } e dom { richardI å 1921, richardII å 1952, richardIII å 1976 } f ran { richardI å 1921, richardII å 1952, richardIII å 1976 }
59
9.4 SOURCE AND TARGET Look at the binary relation shown below. { 1 å 23, 2 å 29, 3 å 31, 4 å 37, 5 å 41 } Its domain is 1..5, a subset of Z. A domain is a subset of its source. dom { 1 å 23, 2 å 29, 3 å 31, 4 å 37, 5 å 41 } z Z
source The range of { 1 å 23, 2 å 29, 3 å 31, 4 å 37, 5 å 41 } is { 23, 29, 31, 37, 41 } and is also a subset of Z. A range is a subset of its target. ran { 1 å 23, 2 å 29, 3 å 31, 4 å 37, 5 å 41 } z Z
target
60 9.5 DECLARING A BINARY RELATION We introduce as given types the set of all dates and the set of all people. [ DATE, PERSON ] We define appointments as a binary relation from DATE to PERSON like this: appointments : DATE j PERSON appointments = { 7Nov å tom, 7Nov å ann, 8Nov å jerry }
j is the binary relation operator. Even though it looks like a double-headed arrow, it associates from left to right. EXERCISE 9.4 Introduce appropriate types and declare the binary relations described below, and give an example of an element in each binary relation a debtors and the money they owe b driving instructors and their pupils c owners and their horses d students and the subjects they study e authors and the titles of the books they have had published
61 9.6 DOMAIN RESTRICTION Domain restriction works like a database query, a bit like using an internet search engine to list all entries that contain the phrase "Z Notation". You might get many entries listed, or none at all. Look at this binary relation: { 1 å a, 2 å b, 3 å c } Its domain is { 1, 2, 3 } If we restrict the binary relation so that its domain is { 2 } we get {2åb} We write { 2 } r { 1 å a, 2 å b, 3 å c } = { 2 å b } where r means domain restriction. r is known as the domain restriction operator. The domain restriction operator defines a subset of a given binary relation. For example: { 4 } r { 1 å a, 2 å b, 3 å c } = { } { 1, 3 } r { 1 å a, 2 å b, 3 å c } = { 1 å a, 3 å c }
62 9.7 RANGE RESTRICTION Look at this binary relation: { 1 å a, 2 å b, 3 å c } Its range is { a, b, c }. If we restrict the binary relation so that its range is { b } we get {2åb} We write { 1 å a, 2 å b, 3 å c } t { b } = { 2 å b } where t means range restriction. t is known as the range restriction operator. The range restriction operator defines a subset of a given binary relation. For example: { 1 å a, 2 å b, 3 å c } t { d } = { } { 1 å a, 2 å b, 3 å c } t { a, c } = { 1 å a, 3 å c }
EXERCISE 9.5 1 Evaluate a { A, C }r { A å carrots, B1 å pasta, C å potatoes, C å tomatoes, D å milk } b { redå1, brownå2, greenå3, yellowåfour, blueå5, pinkå6, blackå7 } t 3..5 c { king } r { pawn å 1, rook å 5, knight å 3, bishop å 3, queen å 9 } d { pawn å 1, rook å 5, knight å 3, bishop å 3, queen å 9 }t { n : Z | n > 3 } 2 Given R = { 1 å a, 2 å b, 3 å c }, X = { 1, 2, 3 } and A = { 1, 3 } evaluate (X \ A)r R
63 9.8 RELATIONAL IMAGE The relational image operator works like a table look-up. For example, look at this table: colour red brown green yellow blue pink black
value 1 4 3 2 5 6 7
You ask: what is blue's numerical value? You look down the table and see that it is 5. Look at this binary relation. { 1 å a, 2 å b, 3 å c } What is the second coordinate of the pair whose first coordinate is 2? The answer is b. We write { 1 å a, 2 å b, 3 å c } · { 2 } ‚ = { b } where · ... ‚ is the relational image operator. You provide a subset of a binary relation's source, it gives you the corresponding elements in the binary relation's range. For example: { 1 å a, 2 å b, 3 å c } · { 4 } ‚ = { } { 1 å a, 2 å b, 3 å c } · { 1, 3 } ‚ = { a, c }
64 EXERCISE 9.6 1 Evaluate a { eatsMeat å tom, vegetarian å ann, eatsMeat å jerry } · { eatsMeat } ‚ b { 65 å A, 66 å B, 67 å C, 68 å D, 69 å E } · { 65, 67, 69 } ‚ c { tea å50, coffee å 75, hotChocolate å 75 } · { soup } ‚ d { tom å 12:00, ann å 12:20, jerry å 12:40 } · { ann } ‚ e { 1 å 2, 2 å 3, 3 å 5, 4 å 7, 5 å 11 } · 1..5 ‚ 2 If R = { (1, a), (2, b), (3, c), (4, d), (5, e) } and S = 2..4 evaluate a R·S‚ b ran(S r R) What do you notice about your answers to 2a and 2b above?
65 9.9 INVERSE The binary relation symbol, j, associates from left to right. We introduce as a given type DRINK, the set of all drinks. We define costs as a binary relation from drink to price.
costs : DRINK j Z costs = { tea å50, coffee å 75, hotChocolate å 75, soup å 75 }
So, for example, tea costs 50 pence. If we reversed the binary relation, if we made it from price to drink and called it buys, so, for example, 50 pence buys tea:
buys : Z j DRINK buys = { 50 å tea, 75 å coffee, 75 å hotChocolate, 75 å soup }
then buys is the inverse of costs. We write costs~ = buys (say costs inverse equals buys). ~ (tilde) is the inverse operator. The inverse of a binary relation is another binary relation with the coordinates of their ordered pairs reversed.
66 EXERCISE 9.7 1 Given [ PERSON, EMAIL ] the set of all people and the set of all e-mail addresses, and hasAddress : PERSON j EMAIL hasAddress = { terry å
[email protected], garry å
[email protected], kanti å
[email protected], terry å
[email protected], garry å
[email protected] } evaluate a hasAddress~ b { terry } r hasAddress c hasAddress · { terry }‚ d dom (hasAddress \ { terry, kanti })r hasAddress e hasAddress t (ran hasAddress \ { xmail.com, basucks.com }) 2 We introduce the type NAME, the set of all people's names, and define alias : NAME jNAME alias = { tom å dopey, sam å dozy, stu å dreamy, tom å sleepy, sam å titch } evaluate a alias~ b alias t { dozy, dreamy } c alias · { tom, sam } ‚ d alias · { sue }‚‚ e alias~· { dreamy, dozy } ‚ f (dom alias \ { tom, sam }) r alias
67 9.9 COMPOSITION Given the types [ PERSON, ROOM ] the set of all persons and rooms respectively, look at the two binary relations, hasPhone and phoneInRoom, given below.
hasPhone : PERSON j Z hasPhone = { roy å317, tom å 208, tom å 209, jim å326, lee å 225 }
phoneInRoom : Z j ROOM phoneInRoom = { 317 å A306, 208 å A39, 209 å A39, 326 å A306, 225 å A39 }
roy has phone 317 that is in room A306. Therefore, we can conclude that roy is in room A306. Starting from PERSON we can reach ROOM via Z (their phone number). The composition of two binary relations is another binary relation where the range of one is a subset of the domain of the other. ran hasPhone z dom phoneInRoom We write hasPhone ; phoneInRoom = { roy å A306, tom å A39, jim å A306, lee å A39 }
68 EXERCISE 9.8 In a horse trials competition, an owner may enter more than one horse and a rider may ride more than one horse. Given the types [ OWNER, HORSE, RIDER ] and the binary relations
entered : OWNER j HORSE entered = { sam å merryTom, sam å jumpingJack, pam å hissingSid, jan å ticTac, tel å isAGas }
riddenBy : HORSE j RIDER riddenBy = merryTom å jones, ticTac å jan, jumpingJack å french, isAGas å jan, hissingSid å fraser }
write down the contents of ridesFor when ridesFor = riddenBy~ ; entered~ REVIEW We find pairs of objects all around us: wives and their husbands, friends and their telephone numbers, students and the subjects they study, customers and their bank accounts, guests and their hotel reservations. We noted that a binary relation is just a set of ordered pairs. We saw how the first and second functions extracted the first and second coordinates of an ordered pair. We saw how domain and range restriction work like database queries. We saw how relational image works like a table lookup. We looked at the inverse and composition functions. BIBLIOGRAPHY BARDEN R., STEPNEY S. & COOPER D. 1994 Z in Practice Prentice Hall Hemel Hempstead UK pp 57, 179 JACKY J. 1997 The Way of Z Cambridge University Press Cambridge UK pp 82 SPIVEY J.M. 1992 The Z Notation Prentice Hall Hemel Hempstead UK pp 93, 95 WOODCOCK J. & DAVIES J 1996 Using Z Prentice Hall Hemel Hempstead UK pp 83
