International Journal of Engineering Research & Technology (IJERT)

ISSN: 2278-0181
Vol. 1 Issue 6, August - 2012

Z Formal Specification Language - An Overview

Mr. Vishal Ruhela
Graduate Trainee Engineer, HCL Technologies, Noida, India

In this paper an outline of formal method is

Abstract described in Section 2.In Section 3 Difference
between formal and informal specification
language is presented. In Section 4 An
Formal methods provide a much needed
overview of Z formal specification language is
solid software engineering foundation for the
described. In Section 5 An example to describe
‘art’ of programming computers. Formal
Z is presented. Conclusions are presented in
specifications can be used to provide an
Section 6.
unambiguous and consistent supplement to
natural language descriptions and can be
rigorously validated and verified leading to the 2. An Outline
early detection of specification errors. Z is a
model oriented formal specification language In this section we describe formal method,
based on Zermelo-Fränkel axiomatic set formal specification language and its different
theory and first order predicate logic. It is a types.
mathematical specification language, with the
help of which natural language requirements 2.1. Formal Method
can be converted into mathematical form. In
this paper an overview of formal method is Formal methods used in developing
presented. Z formal specification language is computer systems are mathematical techniques
described using small example. for portraying system properties. Such formal
methods provide structures within which
software system can be specified, developed
Keywords: Informal and Formal and verified in a systematic, rather than ad hoc,
Specification Language, Model Oriented , Z. manner [2]. Formal methods can be applied
throughout the development of a system to
1. Introduction precisely describe a system and involve the use
of refinement techniques and proof obligation
at each stage to ensure the correctness,
With the ever-increasing complexity of
completeness and consistency of specification.
computer systems, reliable and effective,
Formal methods used in developing computer
design and development of high quality
systems are mathematical based techniques for
systems that satisfy their requirements is
portraying system properties.
extremely important. In the mission and safety
critical system failure can cause cost overrun,
loss of lives or even severe economic Formal methods can be used at a number
consequences can arise. So, in such situations, of levels:
it is necessary that errors are uncovered before
software is put into operation. These Formal Specification: In computer science,
challenges call for acceptance of proper a formal specification is a mathematical
engineering methods and tools and have description of software or hardware that may
motivated the use of formal methods in be used to develop an implementation. It
software engineering. describes what the system should do, not
There are varieties of formal specification (necessarily) how the system should do it.
languages available to fulfill this goal and one Given such a specification, it is possible to use
way to achieve this goal is by using Z formal formal verification techniques to demonstrate
specification language. Z is model oriented that a candidate system design is correct with
formal method based on set theory and first respect to the specification. This process of
order predicate calculus [1]. formal specification is similar to the process of
converting a word problem into algebraic
notation.

www.ijert.org 1
 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 1 Issue 6, August - 2012

objects properly satisfy the specification.

Formal development and verification: Formal specification languages use
Formal development process involves mathematics as their basis. Most complex
iteratively refining a formal specification to systems can be modeled using simple
produce the finished system. Formal Methods mathematical objects, such as sets, relations
differ from other specification systems by their and functions. A mathematical statement is
heavy emphasis on provability and correctness. unambiguous and precise, which provides a
By building a system using a formal way to give convincing arguments to justify
specification, the designer is actually ones solutions, and allows proving that an
developing a set of theorems about his system. implementation satisfies the mathematical
By proving these theorems correct, the formal specification [2].
methods ensures the correctness of the system.
The process of proving or disproving
properties of the software system against a 2.3. Types of Formal Specification
formal specification is known as formal Languages
verification.
Different types of Formal Specification
Implementation: Once the model has been Languages are:
specified and verified, it is implemented by
converting the specification into code. As the 2.3.1. Model Based Languages
difference between software and hardware
design grows narrower, formal methods for There are a number of different ways to
developing embedded systems have been write a precise specification. One approach is
developed [2]. model based languages. In it the specification
is expressed as a system state model. This state
2.2. Formal Specification Language model is constructed using well understood
mathematical entities such as sets, relations,
The representation used in formal methods is sequences and functions. Operations of a
called a formal specification language. The system are specified by defining how they
language is formal in the sense that it has a affect the state of the system model.
formal semantics and as a result can be used to Operations are also described by the predicates
express specifications in a clear and given in terms of pre and post conditions [3].
unambiguous manner. A formal specification The most widely used notations for developing
language can be used to specify the task at model based languages are Vienna
hand in a clear and concise manner. As formal Development Method (VDM) [4], Zed (Z) [1]
methods and formal specification language has and B [5].
sound mathematical basis, it provides the
means of proving that specification is 2.3.2. Algebraic Specification Languages
realizable, complete, consistent and Process algebras are amenable to algebraic
unambiguous. Even the most complex systems manipulation; however, there are also
can be modeled using relatively simple languages which describe a system solely in
mathematical objects, such as sets, relations terms of its algebraic properties. These
and functions [2]. algebraic specification languages describe the
A formal specification language is usually behavior of a system in terms of axioms that
composed of three primary components or in characterize its desired properties. Examples of
mathematical term we can say that it consists algebraic specification languages include OBJ
of two sets, syntax and semantics and a set of [7] and the Common Algebraic Specification
relation [2]. Language (CASL) [6]. In mathematical terms
The specific notation with which specification algebra (or an algebraic system) consists of (1)
is represented is defined by syntactic domain a set of symbols denoting values of some type,
or syntax. Formal techniques can have referred to as the carrier set of the algebra; and
considerably different semantic domain. (2) a set of operations on the carrier set.
Semantics helps to define a universe of objects
that will be used to describe the system. Set of 2.3.3. Process oriented Languages
relations defines the rules that indicate which

www.ijert.org 2
 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 1 Issue 6, August - 2012

Concurrent systems are described using operator logs into the system. In this extract,
process oriented formal specification language. does the word it refers to the password or the
A specific implicit model for concurrency is operator identity?
the basis for these languages. In these Vagueness often occurs because a system
languages processes are denoted and built up specification is a very bulky document.
by expressions and elementary expressions, Achieving a high level of precision
respectively, which describe particularly consistently is an almost impossible task. It
simple processes. Ex. Communicating can lead to statements such as the
Sequential Processes (CSP) [8]. interface to the system used by radar operators
should be user-friendly or the virtual interface
2.3.4. Hybrid Languages shall be based on simple overall concepts that
Many systems are built with a combination of are straightforward to understand and use and
analog and digital components. In order to few in number. A casual perusal of these
specify and verify such systems it is necessary statements might not detect the underlying lack
to use a specification language that of any useful information.
encompasses both discrete and continuous Incompleteness: The most frequently
mathematics. There has been recent interest in occurring problems with system specifications.
these hybrid languages, such as CHARON [9]. For example, consider the functional
A simple example of a nonlinear hybrid requirement: The system should maintain the
system is that of a temperature controller. The hourly level of the reservoir from depth
temperature of a room is controlled through a sensors situated in the reservoir. These values
thermostat which continuously senses the should be stored for the past six months. This
temperature and turns the heater on and off. describes the main data storage part of a
system. If one of the commands for the system
3. Difference between Informal and was: The function of the AVERAGE
Formal Specification language command is to display on a PC the average
Requirements specification languages may be water level for a particular sensor between two
classified into two types: formal specification times. Assuming that no more detail was
languages and informal specification presented for this command, the details of the
languages. Informal specification language command would be seriously incomplete. For
uses natural language like English for example, the description of the command does
specifying requirements. But they tend to not include what should happen if a user of a
include various deficiencies such as a system system specifies a time that was more than six
specification can contain contradictions, months before the current hour.
ambiguities, vagueness, and incomplete On the other hand Formal specification
statements. languages have a mathematical (usually formal
Contradictions: Sets of statements that are at logic) basis and employ a formal notation to
variance with each other. For example, one model system requirements. The desired
part of a system specification may state that properties of a formal specification
the system must monitor all the temperatures consistency, completeness, and lack of
in a chemical reactor while another part, ambiguity are the objectives of all
perhaps written by another member of staff, specification methods. However, the use of
may state that only temperatures occurring formal methods results in a much higher
within a certain range are to be monitored. likelihood of achieving these ideals. The
Normally, contradictions that occur on the formal syntax of a specification language
same page of a system specification can be enables requirements or design to be
detected easily. However, contradictions are interpreted in only one way, eliminating
often separated by a large number of pages. ambiguity that often occurs when a natural
Ambiguities: Statements that can be language (e.g., English) or a graphical notation
interpreted in a number of ways. For example, must be interpreted by a reader. The
the following statement is ambiguous: The descriptive facilities of set theory and logic
operator identity consists of the operator name notation (enable clear statement of facts
and password; the password consists of six (requirements). To be consistent, facts stated in
digits. It should be displayed on the security one place in a specification should not be
VDU and deposited in the login file when an contradicted in another place. Consistency is
ensured by mathematically proving that initial

www.ijert.org 3
 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 1 Issue 6, August - 2012

facts can be formally mapped (using inference

rules) into later statements within the
specification. Completeness is difficult to
achieve, even when formal methods are used.
Some aspects of a system may be left
undefined as the specification is being created;
other characteristics may be purposely omitted
to allow designers some freedom in choosing
an implementation approach; and finally, it is
impossible to consider every operational
scenario in a large, complex system. Things
may simply be omitted by mistake [2].

4. Overview of Z Formal
Specification Language
Figure 2.1: Z Process
In this section, we briefly describe Z formal
specification language. A Z specification for Z also helps in refinement towards an
employee maintenance is presented to implementation by mathematically relating the
illustrate the use of language. We then describe abstract and concrete states. Z is being used by
how the specification can be strengthened. a wide variety of companies for many different
applications.
4.1. Description of Z Formal
Specification Language In the Z notation there are two languages [1]:
The Z language is a model oriented, Mathematical Language
formal specification language that was The mathematical language is used to describe
proposed by Jean-Raymond Abrail, Steve various aspects of a design: objects and the
Schuman and Betrand Meyer in 1977 and it relationships between them by using
was later further developed at the propositional logic, predicate logic, sets,
programming research group at Oxford relation and functions.
University [10]. It is based on Zermelo Fränkel
axiomatic set theory and first order predicate Schema Language
logic. The Z notation [1], [11] is a strongly The schema language is used to structure and
typed, mathematical, specification language. It compose descriptions: collecting pieces of
has robust commercially available tool support information, encapsulating them, and naming
for checking Z texts for syntax and type errors them for reuse.
in much the same way that a compiler checks
code in an executable programming language. 4.2. Structure for Z Specification
It cannot be executed, interpreted or compiled Schemas are box like structure that introduces
into a running program. It allows specification variables and specifies the relationship
to be decomposed into small pieces called between these variables [1]. A schema is
schemas. The schema is the main feature that shown below. All declarations are made above
distinguishes Z from other formal notations. In the central line and predicates are defined
Z, both static and dynamic aspects of a system below the central line.
can be described using schemas. The Z
specification describes the data model, system
state and operations of the system. Z SchemaName
specification is useful for those who find the
requirements, those who implement programs Declarations
to meet those requirements, those who test the Predicates
consequences, and those who write instruction
manuals for the system [1].
DECLARATION: The declarations part of the
schema will contain:

www.ijert.org 4
 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 1 Issue 6, August - 2012

4.4. Benefits and Limitations of Z

a list of variable declarations; and 4.4.1. Benefits of Z [1]:
A Z specification forces the software
developer to completely analyze the
references to other schemas (this is called
problem domain. (e.g. identify the state
schema inclusion) . space and pre and post conditions for all
operations).

PREDICATES: Values of variables are A Z specification forces all major design

constrained below the central line. The decisions to be made prior to coding the
predicate part of a schema contains: implementation. Coding should not
a list of predicates, separated either by commence until you are certain about
semi-colons or new lines. what you should be coding.
The declarations part is separated from the
A Z specification is a valuable tool for
predicate part by the horizontal line.
generating test data, and the conformance
testing of completed systems.
4.3. Z Conventions [1]
If any variable name, N, is followed by „ A Z specification allows formal
e.g. N‟, this means that it represents the exploration of properties of system.
value of the state variable N after the
operation. In Z terminology, N is
decorated with a dash. The flexibility to model a specification
which can directly lead to the code.
If a schema name is decorated with , this
introduces the dashed values of all names A large class of structural models can be
defined in the specification together with described in Z without higher – order
the invariant applying to these values. features, and can thus be analyzed
efficiently.
If a variable name is decorated with !, this
means that it is an output e.g. message!. Independent Conditions can be easily
added later.
If a variable is decorated with ?, this 4.4.2. Limitations of Z [12]:
means that it is an input e.g. amount?.
Z does not provide any support for
concurrency.
If a schema name is prefixed with the
Greek character Xi (X), this means that
It does not provide any concept for timing
dashed versions of the variables defined in
aspects.
the named schema are introduced. For all
variable names introduced in the schema,
the values of corresponding dashed names Sequencing operations is difficult with Z.
are the same. That is, the values of state
variables are not changed by the Explicit representation of Non-
operation. determinism (how to represent un-
determined or unknown parameters ?! )
If a schema name is prefixed with the
Greek character Delta (D), this implies No single approach has yet asserted itself
that values of one or more state variables as the best starting point for defining
will be changed by the operation where reasoning about real-time behavior in Z.
that schema is introduced. For all variable
names introduced in the named schema,
corresponding dashed names are also 5. An Example
introduced and may be referenced in A specification to convert requirements
operations. written in natural language to Z formal

www.ijert.org 5
 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 1 Issue 6, August - 2012

specification language method is given below.

The specification depicts small operation to
add, students details such as rollno, name,
class, section, address into school database.

5.1. Specification

[ROLLNO,NAME,CLASS,SECTION,ADDRESS ]

STUDENT_REPORT ::= okadded | alreadyPresent

5.2. Verification

To type check a document clicks the fuzz

button in Z/Word tool [13]. The results are
displayed in a dialog box.

www.ijert.org 6
 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 1 Issue 6, August - 2012

[2] R. Pressman, “Software Engineering- A

Practitioner‟s Approach”, McGraw Hill, 5th edition,
2000.
[3] D. Bjorner, Pinnacles of software engineering:
25 years of formal methods‖ , In Annals of
Software Engineering, vol. 10, pp. 11–66, 2000.
[4] C. B. Jones, “Systematic Software Development
using VDM”, In Prentice Hall, 1990.
[5] J.R. Abrial, “The B Book - Assigning Programs
to Meanings”, Cambridge University Press, 1996.
[6] P. D. MOSSES, CASL Reference Manual: The
Complete Documentation the Common Algebraic
Specification Language‖ , Lecture Notes in
Computer Science, Springer-Verlag, Vol. 2960,
Figure 5.1: Type checking the Z specifications. 2004.
[7] J. A. Gougen and J. J. Tardo, An introduction to
OBJ: a language for writing and testing formal
6. Conclusions algebraic Specifications. In The IEEE Conference
on specifications of Reliable Software.
IEEEComputer Society Press, pp. 170-189, 1979.
Following conclusions are drawn: [8] C. A. R. Hoare, Communicating Sequential
Z is one of the numbers of specification Processes‖ , In Prentice Hall, NJ, 1985.
[9] R.Alur, R. Grosu, Y. Hur, V. Kumar, and I. Lee,
languages which are being developed Modular specification of hybrid systems in
around the world. Z can be used to CHARON. In Hybrid Systems: Computation and
compactly specify real systems (ATM). Z Control, Third International Workshop,
HSCC,2000.
has various collection of library [10]J.R. Abrial, S. A. Schuman and B. Meyer: “A
(Mathematical Toolkit), which supports Specification Language, in On the Construction of
user to specify the requirements without Programs”, Cambridge University Press, eds. A. M.
Macnaghten and R. M. McKeag, 1980.
any ambiguity.
Large specifications are achievable in [11] J.M. Spivey, “The Z Notation, Reference
Manual”, 2nd edition, Prentice Hall International,
Z, using the schema notation for 1992.
structuring. Also it is possible to produce [12] M. Joseph, ―Formal Techniques in Real-Time
hierarchical specifications. A part of a and Fault-Tolerant Systems‖ , Lecture Notes in
Computer Science 331, pp. 160- 174.
system is specified in isolation, and then [13] http://sourceforge.net/projects/zwordtools/.
put into a global context.
By applying formal method in terms of Z
notation, it is observed that it does not
require a high level of mathematics rather
it requires knowledge of basic set theory
and first order logic for the analysis of a
complete system.
Difficulties with Z are cannot do
concurrency, Timing aspects,
Algorithmic aspects and programming
constraints, and Sequencing operations.

6. References

[1] J. Davies and J. Woodcock, “Using Z:

Specification, Refinement, and Proof”, In
Prentice Hall, 1996.

www.ijert.org 7