Table of contents

1	Introduction		1
	1.1	Formal methods	1
	1.2	The CICS experience	2
	1.3	The Z notation	3
	1.4	The importance of proof	4
	1.5	Abstraction	5

2	Propositional Logic		9
	2.1	Propositional logic	9
	2.2	Conjunction	10
	2.3	Disjunction	13
	2.4	Implication	14
	2.5	Equivalence	17
	2.6	Negation	20
	2.7	Tautologies and contradictions	23

3	Predicate Logic		27
	3.1	Predicate calculus	28
	3.2	Quantifiers and declarations	30
	3.3	Substitution	34
	3.4	Universal introduction and elimination	36
	3.5	Existential introduction and elimination	40
	3.6	Satisfaction and validity	43

4	Equality and Definite Description		45
	4.1	Equality	45
	4.2	The one-point rule	48
	4.3	Uniqueness and quantity	50
	4.4	Definite description	52

5	Sets		57
	5.1	Membership and extension	57
	5.2	Set comprehension	61
	5.3	Power sets	65
	5.4	Cartesian products	66
	5.5	Union, intersection, and difference	68
	5.6	Types	70

6	Definitions		73
	6.1	Declarations	73
	6.2	Abbreviations	74
	6.3	Generic abbreviations	75
	6.4	Axiomatic definitions	77
	6.5	Generic definitions	79
	6.6	Sets and predicates	81

7	Relations		83
	7.1	Binary relations	83
	7.2	Domain and range	85
	7.3	Relational inverse	88
	7.4	Relational composition	91
	7.5	Closures	93

8	Functions		99
	8.1	Partial functions	99
	8.2	Lambda notation	101
	8.3	Functions on relations	103
	8.4	Overriding	105
	8.5	Properties of functions	107
	8.6	Finite sets	111

9	Sequences		115
	9.1	Sequence notation	115
	9.2	A model for sequences	119
	9.3	Functions on sequences	122
	9.4	Structural induction	124
	9.5	Bags	128

10	Free Types		133
	10.1	The natural numbers	133
	10.2	Free type definitions	135
	10.3	Proof by induction	140
	10.4	Primitive recursion	142
	10.5	Consistency	145

11	Schemas		147
	11.1	The schema	147
	11.2	Schemas as types	152
	11.3	Schemas as declarations	154
	11.4	Schemas as predicates	158
	11.5	Renaming	160
	11.6	Generic schemas	162

12	Schema Operators		165
	12.1	Conjunction	165
	12.2	Decoration	168
	12.3	Disjunction	174
	12.4	Negation	176
	12.5	Quantification and hiding	178
	12.6	Composition	182

13	Promotion		185
	13.1	Factoring operations	185
	13.2	Promotion	193
	13.3	Free and constrained promotion	196

14	Preconditions		201
	14.1	The initialisation theorem	201
	14.2	Precondition investigation	203
	14.3	Calculation and simplification	206
	14.4	Structure and preconditions	210

15	A File System		217
	15.1	A programming interface	217
	15.2	Operations upon files	218
	15.3	A more complete description	220
	15.4	A file system	222
	15.5	Formal analysis	227

16	Data Refinement		233
	16.1	Refinement	233
	16.2	Relations and nondeterminism	236
	16.3	Data types and data refinement	241
	16.4	Simulations	244
	16.5	Relaxing and unwinding	248

17	Data Refinement and Schemas		257
	17.1	Relations and schema operations	257
	17.2	Forwards simulation	259
	17.3	Backwards simulation	270

18	Functional Refinement		281
	18.1	Retrieve functions	281
	18.2	Functional refinement	283
	18.3	Calculating data refinements	284
	18.4	Refining promotion	289

19	Refinement Calculus		295
	19.1	The specification statement	296
	19.2	Assignment	297
	19.3	Logical constants	302
	19.4	Sequential composition	304
	19.5	Conditional statements	307
	19.6	Iteration	309

20	A Telecommunications Protocol		319
	20.1	Specification: the external view	319
	20.2	Design: the sectional view	320
	20.3	Relationship between external and sectional views	323
	20.4	Enriching the model	326

21	An Operating System Scheduler		329
	21.1	Processes	329
	21.2	Specification	330
	21.3	Chains	334
	21.4	Design	337
	21.5	Correctness of the design step	342

22	A Bounded Buffer Module		345
	22.1	Specification	345
	22.2	Design	349
	22.3	A retrieve relation	350
	22.4	Implementation	358
	22.5	Executable code	361

23	A Save Area		365
	23.1	Specification	365
	23.2	Design	368
	23.3	Further design	372
	23.4	Refinement to code	376

	Index		381

	Notation		385

	Resources		387

	This Book		389

	Thanks		391

text