Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Paper-14 by shilpabangalore

VIEWS: 13 PAGES: 17

									                                                     International Journal of Advances in Science and Technology,
                                                                                                Vol. 5, No.1, 2012


                       Requirement Specification Using Z
                        Formal Specification Language
                                        Dr. Arvinder Kaur1 and Samridhi Gulati2
     1
         Assosiate Professor, USICT, Guru Gobind Singh Indraprastha University, Dwarka, Sector-16C, New Delhi, India
                                                    arvinder70@gmail.com
                   2
                    USICT, Guru Gobind Singh Indraprastha University, Dwarka, Sector-16C, New Delhi, India
                                                   sgulati87@gmail.com


                                                          Abstract

       Formal methods used in developing computer systems are mathematical techniques for portraying
     system properties. Such formal methods provide structures within which software system can be
     specified, developed and verified in a systematic, rather than ad hoc, manner. Z is a model oriented
     formal specification language based on Zermelo-Fränkel axiomatic set theory and first order predicate
     logic. It is a strongly typed, mathematical specification language, with the help of which requirements
     written in natural language can be converted into mathematical form. An abstract Z specification of
     employee maintenance for a human resource system is presented in this paper. Then we described how
     specification can be strengthened. The specification is finally checked and tested using Z/EVES and
     Fastest toolset respectively.

     Keywords: Formal Specification Language, Z, Testing

     1. Introduction

        To assure reliability of systems being designed and constructed is the most challenging tasks in
     software development. With the ever-increasing complexity of computer systems, reliable and
     effective design and development of high quality systems that satisfy their requirements is
     extremely important. These challenges call for acceptance of proper engineering methods and
     tools and have motivated the use of formal methods in software engineerin g. Z formal
     specification language helps in this situation. Z notation named after Zermelo -Fränkel set theory
     is a formal specification language used for describing and modeling computing systems. It is
     targeted at the clear specification of computer programs and computer-based systems in general
     [1].
        In this paper an outline of formal specification language is described in Section 2.In Section 3 Z
     specification for employee maintenance is presented to illustrate the use of language. In Section 4 test
     cases are generated using Fastest tool. Conclusions are presented in Section 5.

     2. An Outline

           In this section we describe formal specification language and its different types.

     2.1. Formal Specification Language

        Formal methods used in developing computer systems are mathematical based techniques for
     portraying system properties. Such formal methods provide structures within which software system can
     be specified, developed and verified in a systematic, rather than ad hoc, manner [2].




Special Issue                                          Page 115 of 146                                     ISSN 2229 5216
                                                 International Journal of Advances in Science and Technology,
                                                                                            Vol. 5, No.1, 2012
     The representation used in formal methods is called a formal specification language. The language is
     “formal” in the sense that it has a formal semantics and as a result can be used to express specifications in
     a clear and unambiguous manner. A formal specification language can be used to specify the task at hand
     in a clear and concise manner. As formal methods and formal specification language has sound
     mathematical basis, it provides the means of proving that specification is realizable, complete, consistent
     and unambiguous. Even the most complex systems can be modeled using relatively simple mathematical
     objects, such as sets, relations and functions [2].

     2.2. Types of Formal Specification Languages

        Different types of Formal Specification Languages are:

         Z- The Z language is a model oriented, formal specification language that was proposed by Jean-
     Raymond Abrail, Steve Schuman and Betrand Meyer in 1977 and it was later further developed at the
     programming research group at Oxford University [3]. It is based on Zermelo-Fränkel axiomatic set
     theory and first order predicate logic. The Z notation [1] is a strongly typed, mathematical, specification
     language.
         B-The B Formal Method is based on Abstract Machine Notation. It was developed by Jean- Raymond
     Abrail in France and UK [4]. It is also based on set theory and first order predicate calculus.
     RAISE –RAISE stands Rigorous Approach to Industrial Software Engineering. It was developed by
     D.Bjorner in1990 [5]. It uses a set of tools based on, Raise Specification Language (RSL).
         VDM-One of the longest-established Formal Methods for the development of computer-based
     systems is termed as Vienna Development Method (VDM). It was developed at IBM's Vienna Laboratory
     in the 1970s. It was further extended to, VDM++, which supports the modeling of object-oriented and
     concurrent systems [6].

     3. Overview of Z Formal Specification Language

         In this section, we briefly describe Z formal specification language. A Z specification for employee
     maintenance is presented to illustrate the use of language. We then describe how the specification can be
     strengthened.

     3.1. Description of Z Formal Specification Language

         The Z language is a model oriented, formal specification language that was proposed by Jean-
     Raymond Abrail, Steve Schuman and Betrand Meyer in 1977 and it was later further developed at the
     programming research group at Oxford University [3]. It is based on Zermelo Fränkel axiomatic set
     theory and first order predicate logic. The Z notation [1] is a strongly typed, mathematical, specification
     language. It has robust commercially available tool support for checking Z texts for syntax and type
     errors in much the same way that a compiler checks code in an executable programming language. It
     cannot be executed, interpreted or compiled into a running program. It allows specification to be
     decomposed into small pieces called schemas. The schema is the main feature that distinguishes Z from
     other formal notations. In Z, both static and dynamic aspects of a system can be described using schemas.
     The Z specification describes the data model, system state and operations of the system. Z specification
     is useful for those who find the requirements, those who implement programs to meet those requirements,
     those who test the consequences, and those who write instruction manuals for the system [1].
         Z also helps in refinement towards an implementation by mathematically relating the abstract and
     concrete states. Z is being used by a wide variety of companies for many different applications.
         In the Z notation there are two languages [7]:

         Mathematical Language
         The mathematical language is used to describe various aspects of a design: objects, and the
     relationships between them by using propositional logic, predicate logic, sets, relation and functions.




Special Issue                                      Page 116 of 146                                    ISSN 2229 5216
                                                 International Journal of Advances in Science and Technology,
                                                                                            Vol. 5, No.1, 2012


         Schema Language
         The schema language is used to structure and compose descriptions: collecting pieces of information,
     encapsulating them, and naming them for reuse.
         In Z formal specification language, a set of schemas is used for structuring specifications. Schemas are
     box like structure that introduces variables and specifies the relationship between these variables [1]. A
     schema is shown below. All declarations are made above the central line and predicates are defined below
     the central line.


                SchemaName
                Declarations

                Predicates



               DECLARATION: All variables are declared above the central line.
               PREDICATES: Values of variables are constrained below the central line.


     3.2. A Case Study

         Following natural language requirement specification is converted in Z-notation.

     3.2.1. Employee Maintenance

     3.2.1.1 Add an employee by entering

         Employee information

         Salary

         Dependent's information

     3.2.1.2 Update employee information

         Update any employee information except the social security number (SSN).

     3.2.1.3 Delete employee information

         Delete all information about an individual employee.

     3.2.1.4 Inquire on an individual employee

         Using an employee SSN, view all information about that specific employee.




Special Issue                                     Page 117 of 146                                    ISSN 2229 5216
                                                  International Journal of Advances in Science and Technology,
                                                                                             Vol. 5, No.1, 2012
     3.3. Z specification for Employee Maintenance


         [SSN,NAME,TYPECODE,NO_DEP]

         An object is defined by declaring it. The set of all SSN, NAME, TYPECODE, NO_DEP are basic
     types of the specification.

     State Specification


                EmployeeInfo
                ssn :ℙ SSN
                ename :ℙ NAME
                salary:ℝ
                typecode :ℙ TYPECODE
                no_dep :ℙ NO_DEP
                empname :SSN⇸ NAME
                empsalary :SSN⇸ ℝ
                empcode :SSN⇸ TYPECODE
                empdep:SSN⇸ NO_DEP


                ssn = dom empname
                ssn = dom empcode
                ssn = dom empdep
                salary>0


          In the above Schema, variables are declared in the part above the central dividing line and a part
     below the line gives a relationship between the values of variables. In the above schema the state space of
     a system is described and the nine variables represent important observations which we can make of the
     state:

               ssn is the set of social security number of employees.
               ename is the set of names of employees.
               salary is the set of salary of employees.
               typecode is the set of designation of employees.
               no_dep is the set of total number of dependents of employees.
               empname is a function which, when applied to certain ssn gives the name associated with them.
               empsalaryis a function which, when applied to certain ssn gives the salary associated with them.
               empcode is a function which, when applied to certain ssn gives the type of code associated with
                them.
               empdep is a function which, when applied to certain ssn gives the no of dependents associated
                with them.




Special Issue                                      Page 118 of 146                                  ISSN 2229 5216
                                                 International Journal of Advances in Science and Technology,
                                                                                            Vol. 5, No.1, 2012
          The part of the schema below the line gives a relationship which is true in every state of the system
     and is maintained by every operation on it. In this case, it says that the set ssn is same as the domain of
     the function empname, empcode, empdep (the set of names to which it can be validly applied). This
     relationship is an invariant of the system.


                AddEmployee
                ΔEmployeeInfo
                newssn? : SSN
                newename? : NAME
                sal? : ℝ
                newtypecode? : TYPECODE
                new_no_dep? : NO_DEP

                newssn?∉ ssn∧
                ssn′ = ssn ∪ {newssn?}
                empname′ = empname ∪ {newssn?↦ newename?}∧
                empsalary′ = empsalary ∪ {newssn?↦sal?}∧
                empcode′ = empcode ∪ {newssn?↦ newtypecode?}∧
                empdep′ =empdep ∪ {newssn?↦ new_no_dep?}



          The declaration ΔEmployeeInfo defines that schema is describing a state change. It introduces ten
     variables ssn, empname, empcode, empsalary, empdep, ssn′, empname′, empsalary′, empcode′, empdep′.
     The first five variables are observation of the state before the change, and last five variables are
     observations of the state after the change.

         Invariants are satisfied by implicitly constraining each pair of variables, so invariants should hold
     before or after the operation. After that five inputs to the operations are declared. According to
     convention of Z language, the names of inputs end in a question mark such as newssn?,newename? , sal?
     , newtypecode? , new_no_dep?. The part of the schema below the central line first of all gives the pre-
     condition. For the success of any operation such as for add operation to be successful, social security
     number of new employee should not be known to the system.This is reasonable, since each employee
     should have unique ssn. The operation uses union (∪) operator for this purpose. The second line i.e. post
     condition “ssn′ = ssn ∪ {newssn?}” states that new ssn is added to the set of ssn and “empname′ =
     empname ∪ {newssn?↦ newename?}”states that empname function is extended to map the newssn to the
     corresponding ename similarly , all other functions are extended to map the newssn to sal , typecode , no
     of dependents respectively.




Special Issue                                     Page 119 of 146                                   ISSN 2229 5216
                                                 International Journal of Advances in Science and Technology,
                                                                                            Vol. 5, No.1, 2012
            UpdateEmployee
             ΔEmployeeInfo
                ssn? : SSN
                ename? : NAME
                salary? : ℝ
                typecode? : TYPECODE
                no_dep? : NO_DEP

                ssn?∈ ssn∧
                empname′ = empname ⊕ {ssn?↦ ename?}∨
                empsalary′ = empsalary ⊕        {ssn?↦salary?}∨
                empcode′ = empcode ⊕        {ssn?↦ typecode?}∨
                empdep′ =empdep ⊕         {ssn?↦ no_dep?}




          UpdateEmployee schema describes how the details of an employee can be updated. In this,
     declaration ΔEmployeeInfo defines that schema is describing a state change. It introduces ten variables
     ssn, empname,empsalary, empcode, empdep , ssn′ , empname′ , empsalary′ , empcode′ , empdep′.The first
     five variables are observation of the state before the change , and last five variables are observations of
     the change. newssn?,newename?, sal?, newtypecode?, new_no_dep? are taken as input. The part of the
     schema below the central line first of all gives the pre-condition ssn? ∈ssn i.e. employee details should
     exist in the system before. The operation uses relational override (⊕) operator for this purpose. The post-
     condition “empname′ = empname ⊕ {ssn?↦ename?}”asserts that for the corresponding social security
     number employee name is overwritten by new name .Similarly all other details can also be updated.


                DeleteEmployee
                ΔEmployeeInfo
                who?: SSN

                who?∈ ssn
                empname′ = {who?}⩤ empname
                empsalary′ = {who?}⩤ empsalary
                empcode′ ={who?}⩤ empcode
                empdep′ = {who?}⩤ empdep

          DeleteEmployee schema describes how the details of an employee can be deleted. In this, declaration
     ΔEmployeeInfo defines that schema is describing a state change. It introduces ten variables ssn,
     empname, empsalary, empcode, empdep , ssn′ , empname′ , empsalary′ , empcode′ , empdep′. The first
     fivevariables are observation of the state before the change and last five variables are observations of the
     change. who? is taken as input. The part of the schema below the central linefirst of all gives the pre-




Special Issue                                     Page 120 of 146                                    ISSN 2229 5216
                                                 International Journal of Advances in Science and Technology,
                                                                                            Vol. 5, No.1, 2012
     condition who? ∈ssn i.e. employee details should exist in the system before. The operation uses domain
     subtraction (⩤ ) operator for this purpose. The post-condition “empname′ = {who?}⩤ empname”asserts
     that for the corresponding social security number following employee name is deleted. Similarly all other
     details can also be deleted.


                FindEmployee
                ΞEmployeeInfo
                ssn? : SSN
                ename! : NAME
                salary! : ℝ
                typecode!: TYPECODE
                no_dep! : NO_DEP

                ssn?∈ SSN
                ename! = empname ssn?
                salary! = empsalary ssn?
                typecode ! = empcode ssn?
                no_dep! = empdep ssn?

     The FindEmployee schema describes how the details of an employee can be found out. In
     thisdeclarationΞEmployeeInfo indicates that this is an operation in which state does not change. The part
     above the central line describes that the system takes social security number as input and yields ename,
     salary, typecode and no_dep asoutput. According to convention of Z language , the names of outputs end
     in a exclamation mark like ename ! , salary ! , typecode ! andno_dep!.The part of the schema below the
     central linefirst of all gives the pre condition ssn? ∈ssn i.e ssn is one of the ssn known to the system
     before. The post condition“ename! = empname ssn?” asserts that the output ename! is the value of the
     empname function at argument ssn?.

     3.4. Strengthening the Specification


          As long as there are no mistakes in the input, specification will correctly record employee details.
     But if the user will try to add details for an employee who is already known to the system, try to update or
     delete any detail of an employee who is not known to system or tries to find or query about an employee
     not known to the system, then the specification will result in serious flaws. These flaws can be handled by
     separately creating robust schemas, which depicts that any operation can be evaluated in any
     environment.


     3.4.1. Employee Maintenance




Special Issue                                     Page 121 of 146                                    ISSN 2229 5216
                                                  International Journal of Advances in Science and Technology,
                                                                                             Vol. 5, No.1, 2012
            REPORT :: = success|alreadyPresent|notPresent

          REPORT is the set of values that describe either a schema's success or the reasons for its failure, ::=
     stands for free type definition [7]. The | separates one element from the next. Each element name begins
     with a lower case letter and contains no spaces. Another output result! can be added to each operation on
     the system. If the operation is successful , the output result will take the value success otherwise will take
     the value alreadyPresent or notPresent.
          The Success schema has just two declarations and one predicate. It will be combined with
     other schemas to indicate their successful outcome.

     Success Schema


                Success
                result: REPORT
                result! : REPORT


                result! = success


     AlreadyPresent Schema


                AlreadyPresent
                ΞEmployeeInfo
                ssn? : SSN
                result: REPORT
                result! : REPORT


                ssn? ∈SSN
                result! = alreadyPresent


          AlreadyPresent schema describes the condition under which the error occurs and specifies the
     appropriate report is produced. In the part above the central line declaration ΞEmployeeInfo indicates that
     this is an operation in which state does not change. The system takes ssn? as an input and yield result! as
     an output. The part below the central line specifies that report alreadyPresent is produced when input ssn?
     is already known to the system.

     NotPresent Schema




Special Issue                                      Page 122 of 146                                     ISSN 2229 5216
                                                 International Journal of Advances in Science and Technology,
                                                                                            Vol. 5, No.1, 2012
                NotPresent
                ΞEmployeeInfo
                ssn? : SSN
                result: REPORT
                result! : REPORT


                ssn? ∉ SSN
                result! = notPresent



          NotPresent schema describes the condition under which the error occurs and specifies the
     appropriate report is produced. In the part above the central line declaration ΞEmployeeInfo indicates that
     this is an operation in which state does not change. The system takes ssn? as an input and yield result! as
     an output. The part below the central line specifies that report notPresent is produced when input ssn? is
     not known to the system.

     Complete Operation

     RAddEmployee ≙          (AddEmployee ∧ Success)∨AlreadyPresent




Special Issue                                     Page 123 of 146                                   ISSN 2229 5216
                                                International Journal of Advances in Science and Technology,
                                                                                           Vol. 5, No.1, 2012
                RAddEmployee
                ΔEmployeeInfo
                newssn? : SSN
                newename? : NAME
                sal? : ℝ
                newtypecode? : TYPECODE
                new_no_dep? : NO_DEP
                Report : REPORT
                result! : REPORT


                (newssn?∉ ssn∧
                ssn′ = ssn ∪ {newssn?}∧
                empname′ = empname ∪ {newssn?↦ newename?}∧
                empsalary′ = empsalary ∪ {newssn?↦sal?}∧
                empcode′ = empcode ∪ {newssn?↦ newtypecode?}∧
                empdep′ =empdep ∪ {newssn?↦ new_no_dep?}∧
                result! = success)∨
                (newssn?∈ssn ∧
                empname′ = empname∧
                empsalary′ = empsalary∧
                empcode′ = empcode∧
                empdep′ =empdep∧
                result! = alreadyPresent)




          To create a robust version of AddEmployee we can combine schemas. The above definition
     introduces a new schema RAddEmployee which is obtained by combining three schemas. Conjunction(∧)
     is used to combine two schemas AddEmployee∧Success and disjunction (∨) is used to represent
     alternative (AddEmployee∧Success) ∨AlreadyPresent. If the input ssn? is not known to the system then a
     new employee record is added to database and result success is returned otherwise if the input ssn? is
     already known to the system then state of the system is not changed and result alreadyPresent is returned.

     UpdateOk ≙ (UpdateEmploy ee∧ Success)∨ NotPresent




Special Issue                                    Page 124 of 146                                   ISSN 2229 5216
                                                International Journal of Advances in Science and Technology,
                                                                                           Vol. 5, No.1, 2012
                RUpdateEmployee
                ΔEmployeeInfo
                ssn? : SSN
                ename? : NAME
                salary? : ℝ
                typecode? : TYPECODE
                no_dep? : NO_DEP
                Report : REPORT
                result! : REPORT


                (ssn?∈ ssn∧
                empname′ = empname ⊕ {ssn?↦ ename?}∨
                empsalary′ = empsalary ⊕ {ssn?↦salary?}∨
                empcode′ = empcode ⊕     {ssn?↦ typecode?}∨
                empdep′ =empdep ⊕ {ssn?↦ no_dep?}∧
                result! = success)∨
                (ssn?∉ ssn ∧
                empname′ = empname∧
                empsalary′ = empsalary∧
                empcode′ = empcode∧
                empdep′ =empdep∧
                result! = notPresent)




          To create a robust version of UpdateEmployee we can combine schemas. The above definition
     introduces a new schema RUpadteEmployee which is obtained by combining three schemas. Conjunction
     (∧) is used to combine two schemas UpdateEmployee∧Success and disjunction (∨) is used to represent
     alternative (UpdateEmployee∧Success) ∨NotPresent. If the input ssn? is known to the system then an
     employee record can be updated in the database and result success is returned otherwise if the input ssn?
     is not known to the system then state of the system is not changed and result notPresent is returned.

     DeleteOk ≙ (DeleteEmployee ∧ Success)∨ NotPresent




Special Issue                                    Page 125 of 146                                  ISSN 2229 5216
                                                International Journal of Advances in Science and Technology,
                                                                                           Vol. 5, No.1, 2012
                RDeleteEmployee
                ΔEmployeeInfo
                who?: SSN
                Report : REPORT
                result! : REPORT


                (who?∈ ssn∧
                empname′ = {who?}⩤ empname∧
                result! = success)∨
                (who?∉ ssn ∧
                empname′ = empname∧
                empsalary′ = empsalary∧
                empcode′ = empcode∧
                empdep′ =empdep∧
                result! = notPresent)



          To create a robust version of DeleteEmployee we can combine schemas. The above definition
     introduces a new schema RDeleteEmployee which is obtained by combining three schemas. Conjunction
     (∧) is used to combine two schemas DeleteEmployee∧Success and disjunction (∨) is used to represent
     alternative (DeleteEmployee∧Success) ∨NotPresent. If the input ssn? is known to the system then a
     employee record can be deleted from the database and result success is returned otherwise if the input
     ssn? is not known to the system then state of the system is not changed and result notPresent is returned.

     FindOk ≙ (FindEmployee ∧ Success)∨ NotPresent




Special Issue                                    Page 126 of 146                                   ISSN 2229 5216
                                                 International Journal of Advances in Science and Technology,
                                                                                            Vol. 5, No.1, 2012
                RFindEmployee
                ΞEmployeeInfo
                ssn? : SSN
                ename! : NAME
                salary! : ℝ
                typecode!: TYPECODE
                no_dep! : NO_DEP
                Report : REPORT
                result! : REPORT


                (ssn?∈ SSN∧
                ename! = empname ssn?∧
                salary! = empsalary ssn?∧
                typecode ! = empcode ssn?∧
                no_dep! = empdep ssn?∧
                result! = success)∨
                (ssn?∉ ssn ∧
                result! = notPresent)


          To create a robust version of FindEmployee we can combine schemas. The above definition
     introduces a new schema RFindEmployee which is obtained by combining three schemas. Conjunction(∧)
     is used to combine two schemas FindEmployee∧Success and disjunction (∨) is used to represent
     alternative (FindEmployee∧Success) ∨NotPresent. If the input ssn? is known to the system then a
     employee details can be found out from the database and result success is returned otherwise if the input
     ssn? is not known to the system then state of the system is not changed and result notPresent is returned.


     3.5 Verification


          To type check a document clicks the fuzz button in Z/Word tool [8]. The results are displayed in a
     dialog box.




Special Issue                                     Page 127 of 146                                   ISSN 2229 5216
                                                 International Journal of Advances in Science and Technology,
                                                                                            Vol. 5, No.1, 2012




                                    Figure 3.1: Type checking the Z specifications.

         After type checking Z/Word tool generates a .tex file, which is used as input for the Z/Eves tool [9].




                                    Figure 3.2: Verification of Z specification.

     4. Testing

         Testing can be the most expensive phase of software development. Almost 80% software fails
     because of the improper or inefficient testing, so it is very important phase of software development. By
     using formal method testing can be almost automated, thus changing the cost of testing by the cost of
     formalization which is reported to be quite less expensive.




Special Issue                                     Page 128 of 146                                   ISSN 2229 5216
                                                 International Journal of Advances in Science and Technology,
                                                                                            Vol. 5, No.1, 2012
     4.1. Model Based Testing

           Model based testing (MBT) uses formal specification to generate test cases and to verify whether
     errors are uncovered or not. The main hypothesis behind MBT is that, as a program is correct if it verifies
     its specification, then the specification is an excellent source of test cases [10], [11].

     4.2. Test Template Framework

          The Test Template Framework (TTF) defined by [12] is a model based testing framework particular
     MBT theory is appropriate for unit testing. The TTF uses Z specifications as the entry models. Each
     operation within the specification is evaluated to generate abstract test cases. This evaluation consists of
     the following steps:
           Consider the input space (IS) of each operation
           Derive the valid input space (VIS) of each Z operation.
           In the next step, VIS is partitioned by applying one or more tactics
           Test objectives are generated.
           Prune inconsistent test objectives.
           Find one abstract test case from each remaining test objective.

     4.3. Fastest

         Fastest implements the TTF allowing users to automatically produce test cases for a given Z
     specification [13].




Special Issue                                     Page 129 of 146                                    ISSN 2229 5216
                                                International Journal of Advances in Science and Technology,
                                                                                           Vol. 5, No.1, 2012




     5. Conclusions

          Z is one of the formal specification languages which are being widely used around the world. Z
     works on high level of abstraction of a system and provides a strong base for system designing and then
     testing it. Z can be used to compactly specify any system including safety and mission critical systems. Z
     has various collection of Mathematical Toolkit, which supports user to specify the requirements without
     any ambiguity. It has robust commercially available tool support for checking Z texts, for syntax and type
     errors. Large specifications are achievable in Z, using the schema notation for structuring. The schema is
     the main feature that distinguishes Z from other formal notations. It does not require a high level of
     mathematics rather it requires knowledge of basic set theory and first order logic for the analysis of a
     complete system. We can also develop an object oriented system with Z. The Z/Word tool is used for
     writing schemas. The specification is finally checked and tested using Z/EVES and Fastest toolset
     respectively. Z language does not generate the code directly into any programming language it is the
     choice of the programmer in which programming language he/she wants to code the developed design. In
     future we will try to extend the work further to develop concrete Z specification and will investigate
     formal refinement techniques for Real-Time Systems.

     6. References
     [1] J. Davies and J. Woodcock, “Using Z: Specification, Refinement, and Proof”, In Prentice Hall, 1996.
     [2] R. Pressman, “Software Engineering- A Practitioner’s Approach”, McGraw Hill, 5th edition, 2000.
     [3]J.R. Abrial, S. A. Schuman and B. Meyer: “A Specification Language, in On the Construction of
          Programs”, Cambridge University Press, eds. A. M. Macnaghten and R. M. McKeag, 1980.
     [4] J.R. Abrial, “The B Book - Assigning Programs to Meanings”, Cambridge University Press, 1996.
     [5]URL http://spd-web.terma.com/Projects/RAISE/ .
     [6] C. B. Jones, “Systematic Software Development using VDM”, In Prentice Hall, 1990.
     [7]J.M. Spivey, “The Z Notation, Reference Manual”, 2nd edition, Prentice Hall International, 1992.
     [8] URL http://sourceforge.net/projects/zwordtools/.
     [9] M. Saaltink, “The Z/EVES System,” in ZUM ’97: The Z Formal Specification Notation, J. Bowen,




Special Issue                                    Page 130 of 146                                   ISSN 2229 5216
                                                 International Journal of Advances in Science and Technology,
                                                                                            Vol. 5, No.1, 2012
         M. Hinchey and D. Till, Eds., 1997, pp. 72–85.
     [10] M. Utting and B. Legeard, Practical Model-Based Testing: A Tools Approach. San Francisco, CA,
          USA:Morgan Kaufmann Publishers Inc., 2006.
     [11] R. M. Hierons and et al., “Using formal specifications to support testing,” ACM Comput.Surv.vol.
          41, no. 2, pp. 1–76, 2009.
     [12] P. Stocks and D. Carrington, “A Framework for Specification-Based Testing,” IEEE Transactions
          on Software Engineering, vol. 22, no. 11, pp. 777–793, Nov. 1996.
     [13] M. Crista and P. R.Monetti, “Implementing and applying the Stocks-Carrington framework for
          model-based testing,” in ICFEM, ser. Lecture Notes in Computer Science,K. Breitman and A.
          CavalcantiEds., Springer, vol. 5885, pp. 167–185, 2009.

     Authors Profile


                         Dr. Arvinder Kaur is an Associate Professor with the University School of Information
                         Technology, Guru Gobind Singh Indraprastha University, India. She obtained her doctorate
                         from Guru Gobind Singh Indraprastha University and her master‟s degree in computer
                         science from Thapar Institute of Engineering and Technology. Prior to joining the school, she
                         worked with B.R. Ambedkar Regional Engineering College, Jalandhar and Thapar Institute of
                         Engineering and Technology. She is a recipient of the Career Award for Young Teachers
                         from the All India Council of Technical Education, India. Her research interests include
                         software engineering, object-oriented software engineering, software metrics, software
                         quality, software project management, and software testing. She also is a lifetime member of
                         ISTE and CSI. Kaur has published more than 80 research papers in national and international
                         journals and conferences.




                        Ms. Samridhi Gulati received B. Tech in CSE from Uttar Pradesh Technical University in
                        2009. She is currently pursuing M.Tech in IT from Guru Gobind Singh Indraprastha
                        University. Her area of interest is Software Engineering.




Special Issue                                     Page 131 of 146                                        ISSN 2229 5216

								
To top