VDM-10 Language Manual
VDM-10 Language Manual
VDM-10 Language Manual
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>VDM</strong>-<strong>10</strong> <strong>Language</strong> <strong>Manual</strong><br />
#act: operation name → N<br />
#fin: operation name → N<br />
Furthermore, a derived function #active is available such that #active(A) = #act(A)<br />
- #fin(A), giving the number of currently active instances of A. Another history function<br />
– #req – is defined in section 15.1.3.<br />
Examples: Consider a Web server that is capable of supporting <strong>10</strong> simultaneous connections and<br />
can buffer a further <strong>10</strong>0 requests. In this case we have one instance variable, representing<br />
the mapping from URLs to local filenames:<br />
✞<br />
instance variables<br />
site_map : map URL to Filename := {|->}<br />
✡✝<br />
The following operations are defined in this class (definitions omitted for brevity):<br />
ExecuteCGI: URL ==> File Execute a CGI script on the server<br />
RetrieveURL: URL ==> File Transmit a page of html<br />
UploadFile: File * URL ==> () Upload a file onto the server<br />
ServerBusy: () ==> File Transmit a “server busy” page<br />
DeleteURL: URL ==> () Remove an obsolete file<br />
Since the server can support only <strong>10</strong> simultaneous connects, we can only permit an execute<br />
or retrieve operation to be activated if the number already active is less than <strong>10</strong>:<br />
✞<br />
✡✝<br />
per RetrieveURL => #active(RetrieveURL) +<br />
#active(ExecuteCGI) < <strong>10</strong>;<br />
per ExecuteCGI => #active(RetrieveURL) +<br />
#active(ExecuteCGI) < <strong>10</strong>;<br />
✆<br />
✆<br />
15.1.2 The object state guard<br />
Semantics: The object state guard is a boolean expression which depends on the values of one<br />
(or more) instance variable(s) of the object itself. Object state guards differ from operation<br />
pre-conditions in that a call to an an operation whose permission predicate is false results<br />
in the caller blocking until the predicate is satisfied, whereas a call to an operation whose<br />
pre-condition is false means the operation’s behaviour is unspecified.<br />
Examples: Using the web server example again, we can only allow file removal if some files<br />
already exist:<br />
✞<br />
✡✝<br />
per DeleteURL => dom site_map {}<br />
140<br />
✆