SAVCBS 2006 p. 1 Specification of Iterators Bruce W. Weide Reusable Software Research Group The Ohio...
17
SAVCBS 2006 SAVCBS 2006 p. p. 1 Specification of Specification of Iterators Iterators Bruce W. Weide Reusable Software Research Group The Ohio State University http://www.cse.ohio- state.edu/rsrg
-
Upload
maryann-lester -
Category
Documents
-
view
212 -
download
0
Transcript of SAVCBS 2006 p. 1 Specification of Iterators Bruce W. Weide Reusable Software Research Group The Ohio...
SAVCBS 2006SAVCBS 2006p. p. 11
Specification of IteratorsSpecification of Iterators
Bruce W. Weide
Reusable Software Research Group
The Ohio State University
http://www.cse.ohio-state.edu/rsrg
SAVCBS 2006SAVCBS 2006p. p. 22
Important AssumptionsImportant Assumptions
• Ultimate objective is full behavioral specification, with support for modular verification of client code
• Language has value semantics
SAVCBS 2006SAVCBS 2006p. p. 33
ClaimsClaims
• Full behavioral specification achieved– Only previously existing, and ordinary, model-based
specification techniques needed
• Design and specs easy to understand• Implementation can be as efficient as for any other
iterator design• Modular verification of client code possible
SAVCBS 2006SAVCBS 2006p. p. 44
Client Code for IterationClient Code for Iteration
Start_Iterator (i, s, p)loop /* loop invariant; see paper */while Length_Of_Future (i) > 0 do Get_Next_Item (i, p) /* process p, with no net change */end loopFinish_Iterator (i, s, p)
a Set of Polygons a Polygonan Iterator for
a Set of Polygons
SAVCBS 2006SAVCBS 2006p. p. 55
Start_Iterator (i, s, p)
s i p
past:
future:
original:
past:
future:
original:
SAVCBS 2006SAVCBS 2006p. p. 66
Get_Next_Item (i, p)
s i p
past:
future:
original:
past:
future:
original:
SAVCBS 2006SAVCBS 2006p. p. 77
Get_Next_Item (i, p)
s i p
past:
future:
original:
past:
future:
original:
SAVCBS 2006SAVCBS 2006p. p. 88
Get_Next_Item (i, p)
s i p
past:
future:
original:
past:
future:
original:
SAVCBS 2006SAVCBS 2006p. p. 99
Get_Next_Item (i, p)
s i p
past:
future:
original:
past:
future:
original:
SAVCBS 2006SAVCBS 2006p. p. 1010
Finish_Iterator (i, s, p)
s i p
past:
future:
original:
past:
future:
original:
SAVCBS 2006SAVCBS 2006p. p. 1111
Specification of IteratorsSpecification of Iterators
Bruce W. Weide
Reusable Software Research Group
The Ohio State University
http://www.cse.ohio-state.edu/rsrg
SAVCBS 2006SAVCBS 2006p. p. 1212
Client Code: DifferencesClient Code: Differences
Start_Iterator (i, s, x)loop /* loop invariant; see paper */while Length_Of_Future (i) > 0 do Get_Next_Item (i, x) /* process x, with no net change; modify s if you like! */end loopFinish_Iterator (i, s, x)
SAVCBS 2006SAVCBS 2006p. p. 1313
Specification DetailsSpecification Details
type family Set_Iterator is modeled by (
past: string of Item,
future: string of Item,
original: finite set of Item
)
exemplar i
initialization ensures
i = (< >, <>, { })
SAVCBS 2006SAVCBS 2006p. p. 1414
Specification DetailsSpecification Details
operation Start_Iterator (i: Set_Iterator,
s: Set, x: Item)
ensures
there exists f: string of Item
(elements (f) = #s and
|f| = |#s| and
i = (<x>, f, #s)) and
s = { } and
x = #x
SAVCBS 2006SAVCBS 2006p. p. 1515
Specification DetailsSpecification Details
operation Finish_Iterator (
i: Set_Iterator, s: Set, x: Item)
requires
<x> is suffix of i.past
ensures
is_initial (i) and
s = #i.original and
<x> is prefix of #i.past
SAVCBS 2006SAVCBS 2006p. p. 1616
Specification DetailsSpecification Details
operation Get_Next_Item (i: Set_Iterator,
x: Item)
requires
i.future /= < > and
<x> is suffix of i.past
ensures
there exists f: string of Item
(#i.future = <x> * f and
i = (#i.past * <x>, f, #i.original))
SAVCBS 2006SAVCBS 2006p. p. 1717
Specification DetailsSpecification Details
operation Length_Of_Future (
i: Set_Iterator): Integer
ensures
Length_Of_Future = |i.future|
