VDM-10 Language Manual

More documents

Recommendations

Info

$Course Material\Efficiently Coding Communication Protocols in C++ ...$

VDM-10 Language Manual Note that #req(A) have value 1 at the time of evaluation of the permission predicate for the first invocation of operation A. That is, ✞ per A => #req(A) = 0 ✡✝ would always block. ✆ 15.1.4 Evaluation of Guards Using the previous example, consider the following situation: the web server is handling 10 RetrieveURL requests already. While it is dealing with these requests, two further RetrieveURL requests (from objects O 1 and O 2 ) and one ExecuteCGI request (from object O 3 ) are received. The permission predicates for these two operations are false since the number of active RetrieveURL operations is already 10. Thus these objects block. Then, one of the active RetrieveURL operations reaches completion. The permission predicate so far blocking O 1 , O 2 and O 3 will become “true” simultaneously. This raises the question: which object is allowed to proceed? Or even all of them? Guard expressions are only reevaluated when an event occurs (in this case the completion of a RetrieveURL operation). In addition to that the test of a permission predicate by an object and its (potential) activation is an atomic operation. This means, that when the first object evaluates its guard expression, it will find it to be true and activate the corresponding operation (RetrieveURL or ExecuteCGI in this case). The other objects evaluating their guard expressions afterwards will find that #active(RetrieveURL) + #active(ExecuteCGI) = 10 and thus remain blocked. Which object is allowed to evaluate the guard expression first is undefined. It is important to understand that the guard expression need only evaluate to true at the time of the activation. In the example as soon as O 1 , O 2 or O 3 ’s request is activated its guard expression becomes false again. 15.2 Inheritance of Synchronization Constraints Synchronization constraints specified in a superclass are inherited by its subclass(es). The manner in which this occurs depends on the kind of synchronization. 15.2.1 Mutex constraints Mutex constraints from base classes and derived classes are simply added. If the base class and derived class have the mutex definitions M A and M B , respectively, then the derived class simply has both mutex constraints M A , and M B . The binding of operation names to actual operations is always performed in the class where the constraint is defined. Therefore a mutex(all) constraint defined in a superclass and inherited by a subclass only makes the operations from the base class mutually exclusive and does not affect operations of the derived class. 142
Chapter 15. Synchronization Constraints (VDM++ and VDM-RT) Inheritance of mutex constraints is completely analogous to the inheritance scheme for permission predicates. Internally mutex constraints are always expanded into appropriate permission predicates which are added to the existing permission predicates as a conjunction. This inheritance scheme ensures that the result (the final permission predicate) is the same, regardless of whether the mutex definitions are expanded in the base class and inherited as permission predicates or are inherited as mutex definitions and only expanded in the derived class. The intention for inheriting synchronization constraints in the way presented is to ensure, that any derived class at least satisfies the constraints of the base class. In addition to that it must be possible to strengthen the synchronization constraints. This can be necessary if the derived class adds new operations as in the following example: ✞ class A operations writer: () ==> () writer() == is not yet specified reader: () ==> () reader() == is not yet specified sync per reader => #active(writer) = 0; per writer => #active(reader, writer) = 0; end A class B is subclass of A operations newWriter: () ==> () newWriter() == is not yet specified sync per reader => active(newWriter) = 0; per writer => #active(newWriter) = 0; per newWriter => #active(reader, writer, newWriter) = 0; end B ✡✝ ✆ Class A implements reader and writer operations with the permission predicates specifying the multiple readers-single writer protocol. The derived class B adds newWriter. In order to ensure deterministic behaviour B also has to add permission predicates for the inherited operations. The actual permission predicates in the derived class are therefore: 143
Page 1 and 2:
Overture - Open-source Tools for Fo
Page 3 and 4:
Contents 1 Introduction 1 1.1 The V
Page 5 and 6:
CONTENTS 13 Statements 97 13.1 Let
Page 7 and 8:
CONTENTS A.7.19 The Undefined Expre
Page 9 and 10:
Chapter 1 Introduction The Vienna D
Page 11 and 12:
Chapter 2 Concrete Syntax Notation
Page 13 and 14:
Chapter 3 Data Type Definitions As
Page 15 and 16:
Chapter 3. Data Type Definitions We
Page 17 and 18:
Chapter 3. Data Type Definitions Op
Page 19 and 20:
Chapter 3. Data Type Definitions (a
Page 21 and 22:
Chapter 3. Data Type Definitions
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Chapter 3. Data Type Definitions m1
Page 31 and 32:
Chapter 3. Data Type Definitions Sy
Page 33 and 34:
Chapter 3. Data Type Definitions Th
Page 35 and 36:
Page 37 and 38:
Chapter 3. Data Type Definitions to
Page 39 and 40:
Page 41 and 42:
Chapter 4 Algorithm Definitions In
Page 43 and 44:
Chapter 5 Function Definitions In t
Page 45 and 46:
Chapter 5. Function Definitions Not
Page 47 and 48:
Chapter 5. Function Definitions Thi
Page 49 and 50:
Chapter 6 Expressions In this subse
Page 51 and 52:
Chapter 6. Expressions ✡✝ mk_Sc
Page 53 and 54:
Chapter 6. Expressions Examples: Th
Page 55 and 56:
Chapter 6. Expressions where e1 is
Page 57 and 58:
Chapter 6. Expressions all expressi
Page 59 and 60:
Chapter 6. Expressions where bd is
Page 61 and 62:
Chapter 6. Expressions 6.8 Sequence
Page 63 and 64:
Chapter 6. Expressions where all th
Page 65 and 66:
Chapter 6. Expressions mu operator.
Page 67 and 68:
Chapter 6. Expressions new expressi
Page 69 and 70:
Chapter 6. Expressions Examples: Us
Page 71 and 72:
Chapter 6. Expressions which will r
Page 73 and 74:
Chapter 6. Expressions Examples: As
Page 75 and 76:
Chapter 6. Expressions • #active(
Page 77 and 78:
Chapter 6. Expressions ✞ state si
Page 79 and 80:
Chapter 6. Expressions Semantics: A
Page 81 and 82:
Chapter 7 Patterns Syntax: pattern
Page 83 and 84:
Chapter 7. Patterns In the followin
Page 85 and 86:
Chapter 7. Patterns ✡✝ ✆ The
Page 87 and 88:
Chapter 8 Bindings Syntax: bind = s
Page 89 and 90:
Chapter 9 Value (Constant) Definiti
Page 91 and 92:
Chapter 10 Instance Variables (VDM+
Page 93 and 94:
Chapter 11 The State Definition (VD
Page 95 and 96:
Chapter 11. The State Definition (V
Page 97 and 98:
Chapter 12 Operation Definitions Op
Page 99 and 100: Chapter 12. Operation Definitions s
Page 101 and 102: Chapter 12. Operation Definitions p
Page 103 and 104: Chapter 12. Operation Definitions h
Page 105 and 106: Chapter 13 Statements In this secti
Page 107 and 108: Chapter 13. Statements ✡✝ def t
Page 109 and 110: Chapter 13. Statements block return
Page 111 and 112: Chapter 13. Statements Examples: Th
Page 113 and 114: Chapter 13. Statements elseif state
Page 115 and 116: Chapter 13. Statements ‘do’, st
Page 117 and 118: Chapter 13. Statements 13.7 The Whi
Page 119 and 120: Chapter 13. Statements ✡✝ (dcl
Page 121 and 122: Chapter 13. Statements ✞ ✡✝ R
Page 123 and 124: Chapter 13. Statements where expres
Page 125 and 126: Chapter 13. Statements result of th
Page 127 and 128: Chapter 13. Statements ✡✝ else
Page 129 and 130: Chapter 13. Statements ✞ bootSequ
Page 131 and 132: Chapter 13. Statements ✞ op1 : na
Page 133 and 134: Chapter 14 Top-level Specification
Page 135 and 136: Chapter 14. Top-level Specification
Page 145 and 146: Chapter 15 Synchronization Constrai
Page 147 and 148: Chapter 15. Synchronization Constra
Page 149: Chapter 15. Synchronization Constra
Page 153 and 154: Chapter 16 Threads (VDM++ and VDM-R
Page 155 and 156: Chapter 16. Threads (VDM++ and VDM-
Page 157 and 158: Chapter 16. Threads (VDM++ and VDM-
Page 159 and 160: Chapter 17 Top-level Specification
Page 169 and 170: Chapter 18 Trace Definitions In ord
Page 171 and 172: Chapter 18. Trace Definitions stack
Page 173 and 174: Chapter 19 Static Semantics VDM spe
Page 175 and 176: Chapter 20 Scope Conflicts (VDM++ a
Page 177 and 178: References [Ada LRM] [Bicarregui&94
Page 179 and 180: Chapter 20. Scope Conflicts (VDM++
Page 181 and 182: Appendix A The Syntax of the VDM La
Page 183 and 184: Appendix A. The Syntax of the VDM L
Page 201 and 202:
Appendix A. The Syntax of the VDM L
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
Appendix B Lexical Specification B.
Page 209 and 210:
Appendix B. Lexical Specification B
Page 211 and 212:
Appendix B. Lexical Specification S
Page 213 and 214:
Appendix C Operator Precedence The
Page 215 and 216:
Appendix C. Operator Precedence eva
Page 217 and 218:
Appendix C. Operator Precedence pre
Page 219 and 220:
Appendix D Differences between the
Page 221 and 222:
Index abs, 9 and, 6 card, 14 comp f
Page 223 and 224:
INDEX arithmetic minus, 185 arithme
Page 225 and 226:
INDEX boolean type, 6 char, 11 func
Page 227 and 228:
INDEX sequence enumeration, 53, 187
show all

VDM-10 Language Manual

Create successful ePaper yourself

Delete template?

Save as template?