Formal Aspects of Computing

, Volume 23, Issue 1, pp 43–71 | Cite as

Z2SAL: a translation-based model checker for Z

  • John Derrick
  • Siobhán North
  • Anthony J. H. Simons


Despite being widely known and accepted in industry, the Z formal specification language has not so far been well supported by automated verification tools, mostly because of the challenges in handling the abstraction of the language. In this paper we discuss a novel approach to building a model-checker for Z, which involves implementing a translation from Z into SAL, the input language for the Symbolic Analysis Laboratory, a toolset which includes a number of model-checkers and a simulator. The Z2SAL translation deals with a number of important issues, including: mapping unbounded, abstract specifications into bounded, finite models amenable to a BDD-based symbolic checker; converting a non-constructive and piecemeal style of functional specification into a deterministic, automaton-based style of specification; and supporting the rich set-based vocabulary of the Z mathematical toolkit. This paper discusses progress made towards implementing as complete and faithful a translation as possible, while highlighting certain assumptions, respecting certain limitations and making use of available optimisations. The translation is illustrated throughout with examples; and a complete working example is presented, together with performance data.


model-checking SAL 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Abr96.
    Abrial J-R (1996) The B-book: assigning programs to meanings. Cambridge University Press, New YorkMATHCrossRefGoogle Scholar
  2. Bol05.
    Bolton C (2005) Using the alloy analyzer to verify data refinement in Z. Electron Notes Theor Comput Sci 137(2): 23–44CrossRefGoogle Scholar
  3. Bry86.
    Bryant RE (1986) Graph-based algorithms for boolean function manipulation. IEEE Trans Comput 35(8): 677–691MATHCrossRefGoogle Scholar
  4. Bry92.
    Bryant RE (1992) Symbolic boolean manipulation with ordered binary-decision diagrams. ACM Comput Surv 24(3): 293–318CrossRefGoogle Scholar
  5. AWS08.
    Chantar H, Wali A, Sosa A, Sharma Y (2008) Translating Z to SAL. Technical report, Department of Computer Science, University of Sheffield, Sheffield, May 2008Google Scholar
  6. CGL94.
    Clarke EM, Grumberg O, Long DE (1994) Verification tools for finite-state concurrent systems. In: A decade of concurrency, reflections and perspectives, REX school/symposium. Springer, London, pp 124–175Google Scholar
  7. dMOS03.
    de Moura L, Owre S, Shankar N (2003) The SAL language manual. Technical Report SRI-CSL-01-02 (Rev.2), SRI InternationalGoogle Scholar
  8. DNS06.
    Derrick J, North S, Simons T (2006) Issues in implementing a model checker for Z. In: Liu Z, He J (eds) ICFEM, Lecture notes in computer science, vol 4260. Springer, pp 678–696Google Scholar
  9. DNS08.
    Derrick J, North S, Simons AJH (2008) Z2SAL—building a model checker for Z. In: Börger E, Butler MJ, Bowen JP, Boca P (eds) ABZ. Lecture Notes in Computer Science, vol 5238. Springer, pp 280–293Google Scholar
  10. DUT+03.
    Daley N, Utting M, Toyn I, Dong JS, Martin A, Currie D (2003) ZML: XML support for standard Z. In: 3rd international conference of Z and B users (ZB03). LNCS, Springer, p 2651Google Scholar
  11. Hol97.
    Holzmann GJ (1997) The model checker SPIN. IEEE Trans Softw Eng 23(5):279–295Google Scholar
  12. 135.
    ISO/IEC 13568:2002. Information technology—Z formal specification notation—syntax, type system and semantics. International Standard.Google Scholar
  13. Jac02.
    Jackson D (2002) Alloy: a lightweight object modelling notation. ACM Trans Softw Eng Methodol 11(2): 256–290CrossRefGoogle Scholar
  14. LB05.
    Leuschel M, Butler M (2005) Automatic refinement checking for B. In: Lau K, Banach R (eds) International conference on formal engineering methods, ICFEM 2005, LNCS, vol 3785. Springer, pp 345–359Google Scholar
  15. MFMU05.
    Miller T, Freitas L, Malik P, Utting M (2005) CZT support for Z extensions. In: Romijn J, Smith G, Pol J (eds) Integrated formal methods, IFM 2005, LNCS, vol 3771. Springer, pp 227–245Google Scholar
  16. PL07.
    Plagge D, Leuschel M (2007) Validating Z specifications using the ProB animator and model checker. Integr Form Methods 4591: 480–500CrossRefGoogle Scholar
  17. Saa97.
    Saaltink M (1997) The Z/EVES system. In: Bowen JP, Hinchey MG, Till D (eds) ZUM, Lecture notes in computer science, vol 1212. Springer, pp 72–85Google Scholar
  18. Saa99.
    Saaltink M (1999) The Z/Eves 2.0 User’s Guide. ORA Canada,
  19. Spi92.
    Spivey JM (1992) The Z notation: a reference manual. Prentice Hall, Englewood CliffsGoogle Scholar
  20. Spi00.
    Spivey MJ (1988–2000) The fuZZ Manual, 2nd edn. Spivey Partnership,
  21. SW05.
    Smith G, Wildman L (2005) Model checking Z specifications using SAL. In: Treharne H, King S, Henson S, Schneider S (eds) International conference of Z and B users, LNCS, vol 3455. Springer, pp 87–105Google Scholar
  22. TM95.
    Toyn I, Mcdermid JA (1995) CADiZ: An architecture for Z tools and its implementation. Softw Pract Exp 25: 305–330CrossRefGoogle Scholar

Copyright information

© British Computer Society 2009

Authors and Affiliations

  • John Derrick
    • 1
  • Siobhán North
    • 1
  • Anthony J. H. Simons
    • 1
  1. 1.Department of Computer ScienceUniversity of SheffieldSheffieldUK

Personalised recommendations