Abstract

We describe how guards can be used to ensure that formulas in a partial logic are meaningful, and how guards and guarded formulas can be proved using classical logic. In addition to this theoretical utility, guards are useful in practice as a simple means of exposing flaws in specifications. We illustrate this use of guards with several examples in the Z specification language, using Z/EVES. 1 Introduction Z [13, 16, 18] is a formal specification language based on typed set theory, originally developed at Oxford University in the early 1980s. Z has been used in a variety of situations [1, 7] and has become fairly popular. The Z/EVES system [15, 11] is a formal methods tool that can be be used for analysing Z specifications in several different ways, including syntax and type checking; domain checking; schema expansion; precondition calculations; and general theorem proving. Z/EVES is built on top of the EVES system [4], which provides a theorem prover for classical first-order logic (...

Citations