VDM-10 Language Manual
VDM-10 Language Manual
VDM-10 Language Manual
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>VDM</strong>-<strong>10</strong> <strong>Language</strong> <strong>Manual</strong><br />
Note that #req(A) have value 1 at the time of evaluation of the permission predicate for<br />
the first invocation of operation A. That is,<br />
✞<br />
per A => #req(A) = 0<br />
✡✝<br />
would always block.<br />
✆<br />
15.1.4 Evaluation of Guards<br />
Using the previous example, consider the following situation: the web server is handling <strong>10</strong><br />
RetrieveURL requests already. While it is dealing with these requests, two further RetrieveURL<br />
requests (from objects O 1 and O 2 ) and one ExecuteCGI request (from object O 3 ) are received.<br />
The permission predicates for these two operations are false since the number of active RetrieveURL<br />
operations is already <strong>10</strong>. Thus these objects block.<br />
Then, one of the active RetrieveURL operations reaches completion. The permission predicate<br />
so far blocking O 1 , O 2 and O 3 will become “true” simultaneously. This raises the question:<br />
which object is allowed to proceed? Or even all of them?<br />
Guard expressions are only reevaluated when an event occurs (in this case the completion of a<br />
RetrieveURL operation). In addition to that the test of a permission predicate by an object and<br />
its (potential) activation is an atomic operation. This means, that when the first object evaluates its<br />
guard expression, it will find it to be true and activate the corresponding operation (RetrieveURL<br />
or ExecuteCGI in this case). The other objects evaluating their guard expressions afterwards will<br />
find that #active(RetrieveURL) + #active(ExecuteCGI) = <strong>10</strong> and thus remain<br />
blocked. Which object is allowed to evaluate the guard expression first is undefined.<br />
It is important to understand that the guard expression need only evaluate to true at the time of<br />
the activation. In the example as soon as O 1 , O 2 or O 3 ’s request is activated its guard expression<br />
becomes false again.<br />
15.2 Inheritance of Synchronization Constraints<br />
Synchronization constraints specified in a superclass are inherited by its subclass(es). The manner<br />
in which this occurs depends on the kind of synchronization.<br />
15.2.1 Mutex constraints<br />
Mutex constraints from base classes and derived classes are simply added. If the base class and<br />
derived class have the mutex definitions M A and M B , respectively, then the derived class simply<br />
has both mutex constraints M A , and M B . The binding of operation names to actual operations is<br />
always performed in the class where the constraint is defined. Therefore a mutex(all) constraint<br />
defined in a superclass and inherited by a subclass only makes the operations from the base<br />
class mutually exclusive and does not affect operations of the derived class.<br />
142