Nondeterminism in Constructive Z

The abstraction inherent in most specifications and the need to specify nondeterministic programs are two well-known sources of nondeterminism in formal specifications. In this paper, we present a formalism, including the notion of multi-schema and a new set of schema calculus operations, by which one can specify bounded, unbounded, loose, strict, erratic, angelic, demonic, singular, and plural nondeterminism in the CZ formal specification language. CZ is a Z-style notation that is based upon a constructive set theory, namely, CZ set theory. While our definitions can be modified slightly to be used in the Z notation, we have chosen CZ, instead of Z, because of its constructive basis that allows us to investigate the notion of nondeterminism from the formal program development point of view. More precisely, we formally construct functional programs from CZ specifications and then probe the effects of the initially specified nondeterminism on final programs. Our investigation will show that without specifying nondeterminism explicitly, the effects of the nondeterminism involved in initial specifications will not be preserved in final programs. On the other hand, we will interpret all the nondeterministic constructs of the formalism, proposed by this paper, in CZ and then prove that using this formalism for writing nondeterministic specifications leads to programs that preserve the initially specified modalities of nondeterminism. We will show the practicability of the new formalism via several examples.