VDM-10 Language Manual
VDM-10 Language Manual
VDM-10 Language Manual
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>VDM</strong>-<strong>10</strong> <strong>Language</strong> <strong>Manual</strong><br />
The synchronization definition blocks of the class description provide the user with ways to override<br />
the defaults described above.<br />
Syntax: synchronization definitions = ‘sync’, [ synchronization ] ;<br />
synchronization = permission predicates ;<br />
Semantics: Synchronization is specified in <strong>VDM</strong>++ and <strong>VDM</strong>-RT using permission predicates.<br />
15.1 Permission Predicates<br />
The following gives the syntax used to state rules for accepting the execution of concurrently<br />
callable operations. Some notes are given explaining these features.<br />
Syntax: permission predicates = permission predicate, { ‘;’,<br />
permission predicate } ;<br />
permission predicate = ‘per’, name, ‘=>’, expression<br />
| mutex predicate ;<br />
mutex predicate = ‘mutex’, ‘(’, ‘all’, ‘)’<br />
| ‘mutex’, ‘(’, name list ‘)’ ;<br />
Semantics: Permission to accept execution of a requested operation depends on a guard condition<br />
in a (deontic) permission predicate of the form:<br />
per operation name => guard condition<br />
The use of implication to express the permission means that truth of the guard condition (expression)<br />
is a necessary but not sufficient condition for the invocation. The permission predicate<br />
is to be read as stating that if the guard condition is false then there is non-permission.<br />
Expressing the permission in this way allows further similar constraints to be added without<br />
risk of contradiction through inheritance for the subclasses. There is a default for all<br />
operations:<br />
per operation name => true<br />
but when a permission predicate for an operation is specified this default is overridden.<br />
Guard conditions can be conceptually divided into:<br />
• a history guard defining the dependence on events in the past;<br />
• an object state guard, which depends on the instance variables of the object, and<br />
138