Software Engineering Mathematics Dedicated to Jamie, Monica. and Julia Software Engineering Mathematics Formal Methods Demystified Jim Woodcock Oxford University Martin Loomes Hatfield Polytechnic UK Taylor & Francis Ltd, 1 Gunpowder Square, London EC4A 3DE USA Taylor & Francis Inc., 325 Chestnut Street, 8th Floor, Philadelphia, PA 19106 Copyright 0 J.C.P. Woodcock and M. Loomes 1988 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, electrostatic, magnetic tape, mechanical, photocopying, recording or otherwise without the prior permission of the copyright owner: First published in Great Britain in 1988 by Pitman Publishing, London Reprinted 1989,199l Reprinted by Taylor & Francis 1997 and 1999 British Library Cataloguing in Publication Data Woodcock, James Software engineering mathematics. 1. Computer systems. Programs. Mathematics I. Title II. Loomes, Martin 005.13’1 ISBN o-7484-0813-4 Printed by Biddles Ltd, Guildford and King’s Lynn, UK Contents Preface 1 1 Formal Systems 1.1 Formal Languages .................... 1 1.2 Semantics ......................... 6 1.3 Inference Systems ..................... 8 1.4 Proofs and Theorems ................... 10 1.5 Derivations ........................ 13 1.6 Summary ......................... 14 15 2 Propositional Calculus ........................ 15 2.1 Propositions 2.2 Propositional Logic .................... 18 2.3 Classifying Sentences ................... 24 2.4 The Semantic Turnstile ................. 25 2.5 Equivalence ........................ 26 2.6 Propositional Calculus .................. 27 2.7 Consistency and Completeness ............. 36 2.8 Reducing Formality ................... 37 2.9 Summary ......................... 40 43 3 Predicate Calculus 3.1 Predicates . . . . . . . . . . . . . . . . . . . . , . . . . 43 3.2 The Syntax of Predicate Logic . . . . . . . . . . . . . 45 3.3 Giving Predicate Logic a Semantics ........... 47 3.4 Predicate Calculus .................... 52 3.5 Equality .......................... 57 3.6 Summary ......................... 60 61 4 Theories 4.1 Theory Presentations ................... 61 4.2 Uses of Theories ..................... 66 4.3 The Way Forward .................... 70 5 Set Theory 73 5.1 Sets ............................ 73 5.2 Basic Set Theory ..................... 76 5.3 Power Sets ........................ 80 5.4 Cartesian Products .................... 81 5.5 Predicates and Sets .................... 84 5.6 Types ........................... 85 5.7 Summary ......................... 87 6 Relations 89 6.1 An Introduction to Relations .............. 89 6.2 Basic Theory of Relations ................ 99 6.3 Special Relations ..................... 102 6.4 A Configuration Manager ................ 106 6.5 Summary ......................... 115 7 Functions 117 7.1 An Introduction to Functions .............. 117 7.2 A Mathematical Rattle-Bag ............... 124 7.3 Fancy Functions ..................... 138 7.4 Example: Storage Allocator ............... 145 159 8 Sequences 8.1 Introduction ........................ 159 8.2 Operations on Sequences ................. 161 8.3 Some Special Sequences ................. 172 8.4 Partitions ......................... 173 8.5 Ordering .......................... 175 8.6 Proof by Induction .................... 177 8.7 Sequences of Sequences of ................. 181 8.8 Summary ......................... 186 9 Case Study: A Telephone Exchange 189 9.1 Subscribers and Telephone Calls ............ 190 9.2 The State of an Exchange ................ 193 9.3 The Initial Exchange State ............... 198 9.4 The Operations ...................... 200 10 Case Study: A Theory of Clocks 215 10.1 A Revolutionary Theory ................. 215 10.2 A Clock .......................... 222 10.3 Manipulating Clocks ................... 222 10.4 A Proof Obligation .................... 223 10.5 More Clocks ........................ 224 10.6 Particular Clocks ..................... 226 11 Algebras 227 11.1 Equational Theory Presentations ............ 228 11.2 Heterogeneous Theories ................. 234 11.3 The Theory of a High-Low Store ............ 239 11.4 Algebras .......................... 244 11.5 Morphisms ........................ 252 11.6 Summary ......................... 256 12 Formal Methods 261 12.1 What Are Formal Methods? ............... 261 12.2 Model-Oriented Specifications .............. 262 12.3 Algebraic Specification Languages ........... 265 12.4 Process Algebra ...................... 272 12.5 Modal Logics ....................... 279 Index 282 Glossary of Symbols 290 Preface A few years ago, formal methods of software development were prac- tised only by academics and consenting industrialists behind locked doors. Today things have changed: there is evidence that mathemati- cally based techniques can be applied to real problems on an industrial scale. Indeed, there is a growing recognition that it is only by using mathematics that ways of subordinating complexity can be found. Industry is now demanding people skilled in the application of the new methods such as VDM, Z, CCS, CSP, OBJ, and LOTOS. It is now presented with the problem that few software engineers have a firm grasp of the theoretical foundations underlying these techniques. Two things must be done to remedy this situation. Practising software engineers must be given the opportunity to understand the theoretical foundations and become proficient in applying the advanced methods, and universities and polytechnics must start to teach them. This book makes the mathematical basis of formal methods ac- cessible both to the student and to the professional. It is motivated in the later chapters by examples and exercises having a strong com- puting flavour, and by the conviction that mathematics is as essential to design and construction in software engineering as it is to other engineering disciplines. The exercises range from fairly simple drills, intended to provide familiarity with concepts and notation, to fairly demanding activities, which require a good grasp of the material. The first four chapters of the book are devoted to foundations. We start with an introduction to formal systems, and then introduce the propositional and predicate calculi. We conclude the first part of the book with a chapter on theories in general. This section of the book is intentionally divorced from software engineering applica- tions, as introducing problems before sufficient mathematical power has been developed might lend support to the apochryphal view that only trivial problems are amenable to formalisation. The second part of the book builds upon the foundations by cov- ering in detail theories of sets, relations, functions, and sequences. We introduce a mathematical rattle-bag of useful tools: mathemati- cal data types and operations upon them. These mathematical data types are powerful enough to describe many aspects of software sys- tems, and small case studies are included as examples of their use in the modelling of software: a configuration manager, a storage alloca- tor, and a simple backing store interface. Rather than inventing yet another new language for the rattle-bag, we have chosen to use the concrete syntax of the Z notation ‘. The principles involved, however, are general ones, and the reader will have no difficulty in transferring them to other notations, such as VDM. The third part of the book presents two detailed case studies in the use of mathematics in software engineering. The first is the spec- ification of the behaviour of a telephone exchange, and the second illustrates the importance of the development of a mathematical the- ory in gaining an understanding of a system. Both case studies stress the r6les of modelling and of proof in the construction of specifica- tions. The final part of the book describes other techniques, showing that all that we have done is to use mathematics. The important thing is to choose the appropriate kind of mathematics and find a good style in its use. First we describe the algebraic approach, and then we summarise what formal methods are and give some examples, comparing and contrasting the different techniques. Acknowledgments We would like to thank all of our colleagues for providing the intel- lectual environment within which this book could be written. In par- ticular, the members of the Z group at Oxford, including Steve King l1. Hayes, Specification Case Studies, Prentice-Hall International, 1987.