Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ISO/IEC 13568:2008 – Z Formal Specification Notation: Syntax, Type System, and Semantics
A Comprehensive Technical Guide to the International Standard for Formalizing Software and System Specifications Using the Z Notation
Scope and Overview
ISO/IEC 13568:2008 (originally published as IEC 13568-04 in 2008) is the second edition of the international standard that defines the Z formal specification notation. Falling under the joint ISO/IEC category, this standard provides a complete and rigorous definition of Z — a model-oriented formal language used for describing the functional behaviour of software-based systems. The standard specifies the syntax, type system, and semantics of the language, along with the mathematical toolkit and schema calculus that underpin its use in system specification and verification.
The scope of ISO/IEC 13568:2008 includes:
- Syntax: The concrete and abstract syntax of the Z language, including all lexical elements, expression forms, and schema constructs.
- Type System: A strongly typed, polymorphic type system that supports axiomatic descriptions and generic definitions.
- Semantics: Denotational semantics based on set theory and first-order logic, enabling unambiguous interpretation of specifications.
- Mathematical Toolkit: A predefined library of mathematical operators for sets, relations, functions, numbers, and sequences.
- Schema Calculus: Operations for composing, modifying, and reusing schemas, including schema conjunction, disjunction, projection, and hiding.
This standard is primarily intended for software engineers, system architects, and formal methods practitioners who require a precise language for specifying critical, safety-related, or complex systems. It aligns with broader efforts in formal verification and model-based development.
Technical Requirements and Core Concepts
ISO/IEC 13568:2008 establishes several technical requirements that any conforming Z specification must satisfy. These are organized into the following categories.
2.1 Syntax
The standard defines a context-free grammar for Z that distinguishes between given sets (basic types), axiomatic definitions, schemas, and generic constructs. All Z documents must follow the lexical rules for identifiers, decorations (e.g., prime, subscript), and mathematical symbols. The concrete syntax is ASCII-based with a defined markup for LaTeX-like representations, making it processable by machine.
2.2 Type System
Z uses a rich type system built on a small set of primitive types (such as ℤ for integers and given sets) and type constructors for Cartesian products (×), power sets (ℙ), and free types. The standard requires that every expression and declaration be type-checked according to the inference rules provided in the document. Type equivalence is nominal, and the system supports parametric polymorphism through generic definitions.
2.3 Semantics
The denotational semantics map each syntactic construct to an underlying set-theoretic model. The meaning of a schema is given by a pair of a state signature and a predicate. The standard defines how predicate logic constructs (quantifiers, logical connectives) are interpreted in Zermelo-Fraenkel set theory. This formal grounding allows specifications to be reasoned about mathematically.
2.4 Mathematical Toolkit
The toolkit provides a comprehensive collection of operators that are part of the standard’s library, including:
| Construct | Symbol/Operator | Type Signature Example | Description |
|---|---|---|---|
| Set membership | ∈ | X : A → 𝔹 | Test for element membership |
| Set comprehension | {z | P} | ℙ A | Form set from predicate P |
| Function application | f x or f(x) | A → B | Application of a total function |
| Relational composition | ∘ | (A ↔ B) × (B ↔ C) → (A ↔ C) | Compose two relations |
| Sequence operator | ⟨…⟩ | seq A | Construct a finite sequence |
| Schema projection | θS | S | Package state components as a binding |
Implementation and Tool Support
To be considered compliant with ISO/IEC 13568:2008, a Z specification must be syntactically well-formed and type-correct according to the standard’s rules. In practice, implementers rely on supporting tools that parse, type-check, and sometimes prove properties of Z specifications.
Implementation Tip: When writing Z specifications for mission-critical systems, use established toolkits such as CZT (Community Z Tools) or ZEves. These tools accept the ISO/IEC 13568:2008 syntax and provide type-checking, schema expansion, and proof assistance capabilities.
Key implementation highlights include:
- Parsing: Tools must correctly interpret the concrete ASCII syntax and convert it to the abstract syntax tree as defined in the standard.
- Type Inference: The type checker must implement the inference rules without ambiguity, handling polymorphic definitions and free types.
- Schema Calculus: Operations such as „included schemas“, „modification“ (Δ and Ξ conventions), and „schema composition“ must be supported to allow modular specifications.
- Proof Support: While not mandatory, proof assistants that support Z (e.g., Isabelle/Z or HOL-Z) can be used to verify consistency and refinement relationships between specifications.
Warning: Avoid relying on non-standard extensions. Some tools introduce additional syntax or operators that are not part of ISO/IEC 13568:2008. Such extensions may break cross-tool compatibility and compromise the formal rigour demanded by the standard.
Compliance and Validation Approaches
Conformance to ISO/IEC 13568:2008 is determined by adherence to the specification’s syntactic and semantic rules. There is no regulatory certification body for Z specifications, but compliance can be argued in several ways:
- Syntactic Conformance: The specification must use only the defined lexical elements and grammar productions. Any use of undefined symbols or malformed constructs is a violation.
- Type Correctness: Every expression must have a valid type in the Z type system. The type checker must assign types consistent with the standard’s rules; type errors invalidate the specification.
- Semantic Consistency: The predicates in schemas must not be contradictory. Although logical consistency is not strictly required for conformance, a specification intended for formal verification should be consistent.
- Tool Chain Validation: Passing a reference tool chain (e.g., CZT’s type checker and parser) provides strong evidence of compliance. Users should document the tools and configuration used to validate their specification.
Critical Note: A specification that fails type-checking is not a valid Z specification under ISO/IEC 13568:2008. Always run a full type-check before using the specification for code generation or verification.
Q: How does ISO/IEC 13568:2008 differ from earlier versions (e.g., ISO/IEC 13568:2002)?
A: The 2008 edition clarifies ambiguous syntax rules, expands the mathematical toolkit with additional operators, adopts a cleaner notation for free types, and standardizes the treatment of generic definitions. It resolves several known issues from the 2002 edition and improves conformance tool interoperability.
A: The 2008 edition clarifies ambiguous syntax rules, expands the mathematical toolkit with additional operators, adopts a cleaner notation for free types, and standardizes the treatment of generic definitions. It resolves several known issues from the 2002 edition and improves conformance tool interoperability.
Q: What are the recommended tools for verifying compliance with ISO/IEC 13568:2008?
A: The Community Z Tools (CZT) project is the most comprehensive open-source toolkit that directly implements the 2008 standard. ZEves provides theorem-proving capabilities. For academic projects, the Isabelle/HOL-Z environment can also be used, subject to careful mapping of the Z semantics.
A: The Community Z Tools (CZT) project is the most comprehensive open-source toolkit that directly implements the 2008 standard. ZEves provides theorem-proving capabilities. For academic projects, the Isabelle/HOL-Z environment can also be used, subject to careful mapping of the Z semantics.
Q: Can ISO/IEC 13568:2008 be used in conjunction with other standards such as IEC 61508 or ISO 26262?
A: Yes, Z is often used to produce formal specifications for safety-related systems. When used under a functional safety process, the Z specification should be validated according to the requirements of the domain standard. The formal nature of Z supports the verification and validation activities required by IEC 61508 (SIL levels) and ISO 26262 (ASIL levels).
A: Yes, Z is often used to produce formal specifications for safety-related systems. When used under a functional safety process, the Z specification should be validated according to the requirements of the domain standard. The formal nature of Z supports the verification and validation activities required by IEC 61508 (SIL levels) and ISO 26262 (ASIL levels).
Q: Is the Z notation defined in ISO/IEC 13568:2008 still widely used in industry?
A: While the use of Z has declined in favour of more state-machine-based formalisms (e.g., B, Event-B, or Alloy), it remains an important notation for describing abstract data types and safety-critical algorithms, especially in sectors like railway signaling (e.g., CENELEC EN 50128) and cryptographic protocol specification.
A: While the use of Z has declined in favour of more state-machine-based formalisms (e.g., B, Event-B, or Alloy), it remains an important notation for describing abstract data types and safety-critical algorithms, especially in sectors like railway signaling (e.g., CENELEC EN 50128) and cryptographic protocol specification.
Article based on the requirements of ISO/IEC 13568:2008. For official text, refer to ISO or IEC at www.iso.org or www.iec.ch. Compliance validation should always be performed against the published standard document.