p-charts and Z: examples and extensions Greg Reeve and Steve Reeves Department of Computer Science University of Waikato Hamilton, NEW ZEALAND {gregqstever} @waikato.ac.nz Abstract p-Charts are a way of specifying reactive systems, i.e. sys- terns which are in some environment to which they have to react, based on the well-established formalism Statecharts. This paper gives (very abbreviated) examples of trans- lating p-charts to Z, which is itself a well-established lan- guage for specifying computational systems with tried and tested methods and support tools which guide its effective use in systems development. We undertake this translation in order that investigation of the modelled system can be performed before expensive and lengthy implementation is considered. We also present an extension of the p-charts and the re- lated Z to deal with a simple command language, local vari- ables and integer-valued signals. 1 Introduction p-Charts [4] are a visual representation used for the speci- fication of cyclic components of reactive systems, i.e. sys- tems which are in some environment to which they contin- ually react; mechanisms driven by graphical user interfaces or those driven by signals received on a communication in- terface are examples of such systems. They extend finite state transition diagrams by adding modularisation through hierarchical decomposition, i.e. allowing states to contain other p-charts, and by parallel composition, i.e. allowing the modelling of separate communicating processes. In both these cases p-charts can then communicate via instanta- neously broadcast signals. The p-chart formalism that is the basis of the translation, given in [6], is itself based on a preceding variant called MiniStatecharts, and these are themselves based on the original Statecharts ([l]). P-Charts, or some of their pre- decessors, are widely used by engineers in specifying and designing many sorts of reactive systems. Furthermore, un- like many visually-based notations, they have a denotational semantics which gives a precise and well-defined meaning to each chart. Overall, our strategy for specifying and reasoning about reactive systems has two key aspects: to allow ourselves to exploit the visual nature of p-charts and the specification structuring properties of Z; to be in a position to use a reli- able proof assistant. The fact that p-charts or similar formalisms are widely used by engineers, and the fact that Z is widely used by software engineers, were also important reasons for our strategy. Finally, it is certainly the case that having both model-checking-based and deduction-based methods at our disposal to investigate systems is advantageous. Z/EVES [7] is a type checking and theorem proving tool for Z specifications. Theorems can be defined and proofs attempted at any time. Z/EVES was developed by ORA [3] and is used here to prove properties about the Z translated from p-charts. Very importantly, Z/EVES has been devel- oped and used over a number of years on many different projects, some very large and with safety-critical compo- nents. We have high confidence in its correct embodiment of the logic of Z and therefore high confidence in the prop- erties we prove of our systems. Confidence in the usefulness and reliability of a proof assistant cannot be over-valued. 2 The central locking example In Figure 1 we give a first example of a p-chart. This exam- ple is taken from [4]. It specifies the central locking system for a car and considers, amongst other things, how such a system should react in the case of a crash. The system is required to unlock all the doors if a crash happens. 2.1 The chart States in a p-chart are shown by ellipses (double ellipses denote start states for their respective p-chart) and transi- tions are labelled as shown. A transition is triggered if the signals appearing before the ‘/’ are present (if there is noth- ing written there then the transition is always triggered) and 1530-1362/00$10.0002000IEEE 258 Proceedings of the Seventh Asia-Pacific Software Engineering Conference (APSEC00) 1530-1362/00 $10.00 ' 2000 IEEE