The Fortress Language Specification - CiteSeerX

More documents

Recommendations

Info

The invariant clause consists of a sequence of expressions of any type. These expressions are evaluated before and after a function call. For each expression e in this sequence, if the value of e when evaluated before the function call is not equal to the value of e after the function call, a CalleeViolation exception is thrown. Here are some examples: factorial(n : Z64) requires n ≥ 0 = if n = 0 then 1 else nfactorial(n − 1) end mangle(input : List) ensures sorted(result) provided sorted(input) = if input ≠ Empty then mangle(first(input)) mangle(rest(input)) end Overloaded function contracts are handled similarly with method contracts described in Section 9.4. In particular, substitutability is preserved: the statically most applicable function to a call should be substitutable with the dynamically most applicable function to the call. For a call of function f, we use the term static contract of f to refer to a contract declared in the statically most applicable function declaration and the term dynamic contract of f to refer to a contract declared in the dynamically most applicable function declaration. Three exceptions may be thrown due to an overloaded function contract violation: CallerViolation is thrown when the requires clause of the static contract fails, CalleeViolation is thrown when the ensures or invariant clause of the dynamic contract fails, and ContractOverloadingViolation is thrown when the requires clause of the dynamic contract or the ensures or invariant clause of the static contract fails. Evaluation of a call of function f proceeds as follows. Let C and C ′ be the static and dynamic contracts of f, respectively. If the requires clause of C fails, a CallerViolation exception is thrown. Otherwise, if the requires clause of C ′ fails, a ContractOverloadingViolation exception is thrown. Otherwise, the provided subclauses of C and C ′ are evaluated. For every provided subclause that evaluates to true , the corresponding ensures subclause is recorded in a table E for later comparison. Similarly, the invariant clauses of C and C ′ are evaluated and the results are stored in E for later comparison. Then the body of the dynamically most applicable function declaration of f is evaluated. After evaluation of the body, all ensures subclauses of the dynamic contract recorded in E are checked to ensure that they evaluate to true , and all invariant clauses of the dynamic contract recorded in E are checked to ensure that they evaluate to values equal to the values they evaluated to before evaluation of the body. If any such check fails, a CalleeViolation exception is thrown. Otherwise, all ensures subclauses and invariant clauses of the static contract in E are checked. If any of these checks fails, a ContractOverloadingViolation exception is thrown. 90
Chapter 13 Expressions Fortress is an expression-oriented language. Syntactically, the positions in which an expression may legally appear (value context) is determined by the nonterminal Expr in the Fortress grammar, defined in Appendix G. 13.1 Literals Syntax: Value ::= Literal Fortress provides boolean literals, () literal, character literals, string literals, and numeric literals. Literals are values; they do not require evaluation. The literal false has type BooleanLiteralfalse . The literal true has type BooleanLiteraltrue . The literal () is the only value with type (). Whether any given occurrence of () refers to the value () or to the type () is determined by context. A character literal has type Character. Each character literal consists of an abstract character in Unicode 5.0 [25], enclosed in single quotation marks (for example, ‘a’, ‘A’, ‘$’, ‘α’, ‘⊕’). For convenience, the single quotes may be either true typographical “curly” single quotation marks or a pair of ordinary apostrophe characters (for example, ’a’, ’A’, ’$’, ’α’, ’⊕’). See Section 5.9 for a description of how names of characters may be used rather than actual characters within character literals, for example ‘APOSTROPHE’ and ‘GREEK CAPITAL LETTER GAMMA’. A string literal has type String. Each string literal is a sequence of Unicode 5.0 characters enclosed in double quotation marks (for example, “Hello, world!” or “π r 2 ”). For convenience, the double quotes may be either true typographical “curly” double quotation marks or a pair of “neutral” double-quote characters (for example, "Hello, world!" or "π r 2 "). Section 5.10 also describes how names of characters may be used rather than actual characters within string literals. One may also use the escape sequences \b and \t and \n and \f and \r as described in [5]. Numeric literals in Fortress are referred to as numerals, corresponding to various expressible numbers. Numerals may be either simple or compound (as described in Section 5.13). A numeral containing only digits (let n be the number of digits) has type NaturalNumeraln, 10, v where v is the value of the numeral interpreted in radix ten. If the numeral has no leading zeros, or is the literal 0 , then it also has type Literalv . A numeral containing only digits (let n be the number of digits) then an underscore, then a radix indicator (let r be the radix) has type NaturalNumeralWithExplicitRadixn, r, v where v is the value of the n-digit numeral interpreted in radix r. 91
Page 1 and 2:
The Fortress Language Specification
Page 3 and 4:
4 Evaluation 36 4.1 Values . . . .
Page 5 and 6:
12 Functions 85 12.1 Function Decla
Page 7 and 8:
17.7 Coercions for Tuple and Arrow
Page 9 and 10:
IV Fortress for Library Writers 214
Page 11 and 12:
40.10The Trait Fortress.Core.Binary
Page 13 and 14:
Chapter 1 Introduction The Fortress
Page 15 and 16:
A note on the presented libraries i
Page 17 and 18:
component HelloWorld export Executa
Page 19 and 20:
foo:String → () baz: String → S
Page 21 and 22:
fortress upgrade Gary with Ralph No
Page 23 and 24:
halve(x : R64) : R64 = x/2 Predicta
Page 25 and 26:
while x < 10 do print x x += 1 end
Page 27 and 28:
It is also possible to convert a me
Page 29 and 30:
factorial(n) = ∏ i←1:n i This f
Page 31 and 32:
In both methods cons and append , t
Page 33 and 34:
default distributions will provide
Page 35 and 36:
Chapter 3 Programs A program consis
Page 37 and 38:
Chapter 10), a literal (see Section
Page 39 and 40: (discussed in Section 13.13) to a s
Page 41 and 42: Chapter 5 Lexical Structure A Fortr
Page 43 and 44: U+0021 EXCLAMATION MARK ! U+0023 NU
Page 45 and 46: If a character (or any other syntac
Page 47 and 48: BIG SI unit absorbs abstract also a
Page 49 and 50: escape sequences are useful for ASC
Page 51 and 52: 5.14.1 Multicharacter Enclosing Ope
Page 53 and 54: Note: the elegant way to write Avog
Page 55 and 56: • top-level variable declarations
Page 57 and 58: declares id to be a mutable variabl
Page 59 and 60: several new variables. This syntax
Page 61 and 62: Chapter 7 Names Names are used to r
Page 63 and 64: 7.3 Qualified Names Fortress provid
Page 65 and 66: Fortress also allows coercion betwe
Page 67 and 68: • element types of a tuple type c
Page 69 and 70: TypeAlias ::= type Id [StaticParams
Page 71 and 72: ‘}’. If such a clause contains
Page 73 and 74: Note that a trait declaration inher
Page 75 and 76: the parametric trait WrappedDiction
Page 77 and 78: Chapter 10 Objects An object is a v
Page 79 and 80: FldDef ::= FldMod ∗ Id [IsType] (
Page 81 and 82: Chapter 11 Static Parameters Trait,
Page 83 and 84: 11.5 Operator and Identifier Parame
Page 85 and 86: Chapter 12 Functions Functions are
Page 87 and 88: swap(x :Object, y : Object) = (y, x
Page 89: A function declaration may be separ
Page 93 and 94: Negating the literal 0 produces a s
Page 95 and 96: the function is evaluated with the
Page 97 and 98: 13.10 Assignments Syntax: Expr ::=
Page 99 and 100: treeSum(t : TreeLeaf) = 0 treeSum(t
Page 101 and 102: Several common mathematical operato
Page 103 and 104: The body of each iteration is run i
Page 105 and 106: to the value of the condition expre
Page 107 and 108: An atomic expression consists of th
Page 109 and 110: 13.26 Try Expressions Syntax: Flow
Page 111 and 112: 13.27.2 Static Expressions and Valu
Page 113 and 114: A = [1 2 3; 4 5 6; 7 8 9] then A 1,
Page 115 and 116: evaluates to the set {0, 4, 16} Map
Page 117 and 118: ignore(f x) is equivalent to: f x;
Page 119 and 120: trait CheckedException extends { Ex
Page 121 and 122: Chapter 15 Overloading and Multiple
Page 123 and 124: e called with. In other words, we e
Page 125 and 126: Chapter 16 Operators Operators are
Page 127 and 128: • “ordinary” operators: + −
Page 129 and 130: left context whitespace operator fi
Page 131 and 132: The rules below are designed to for
Page 133 and 134: 16.8.3 Enclosing Operators When use
Page 135 and 136: 16.8.9 Intersection, Union, and Set
Page 137 and 138: Chapter 17 Conversions and Coercion
Page 139 and 140: 17.3 Coercion Invocations One may i
Page 141 and 142:
arguments nor with variable number
Page 143 and 144:
trait B extends A end trait C exten
Page 145 and 146:
a new coercion in a subexpression
Page 147 and 148:
for tokens. For readability, plural
Page 149 and 150:
Chapter 19 Tests and Properties For
Page 151 and 152:
19.5 Test Suites In order to allow
Page 153 and 154:
Chapter 20 Type Inference Type infe
Page 155 and 156:
3. If a i is a functional applicati
Page 157 and 158:
21.2 Programming Discipline If Fort
Page 159 and 160:
Here the call f(a, a) ends up setti
Page 161 and 162:
2. Ancestors, dynamically ordered b
Page 163 and 164:
The ways in which fortresses are ac
Page 165 and 166:
Component equivalence is determined
Page 167 and 168:
22.5 Type Inference for Components
Page 169 and 170:
Fortress.IO Fortress.Crypto IronLin
Page 171 and 172:
execute(componentName:String, args:
Page 173 and 174:
3. If the replacement does not expo
Page 175 and 176:
This method runs all test functions
Page 177 and 178:
Fortress.IO Fortress.Crypto Fortres
Page 179 and 180:
Part III Fortress APIs and Document
Page 181 and 182:
23.1.3 hash(maxval: N64): N64 23.1.
Page 183 and 184:
opr =(self,other: Boolean):Boolean
Page 185 and 186:
24.1.20 getter hashCode(): N64 24.1
Page 187 and 188:
False: BooleanInterval Uncertain: B
Page 189 and 190:
24.2.11 opr ∧(self,other: Boolean
Page 191 and 192:
24.2.19 possibly(self): Boolean 24.
Page 193 and 194:
Chapter 25 Numbers 25.1 Rational Nu
Page 195 and 196:
opr ⌈self ⌉: N realpart(self):
Page 197 and 198:
25.1.11 opr (self,other: Q):Boolean
Page 199 and 200:
25.1.26 floor(self): Z 25.1.27 opr
Page 201 and 202:
Chapter 26 Negated Relational Opera
Page 203 and 204:
26.1.26 opr ⊀T extends BinaryPred
Page 205 and 206:
27.3 The Trait Fortress.Standard.Un
Page 207 and 208:
Chapter 29 Dimensions and Units 29.
Page 209 and 210:
unit secondOfAngle secondsOfAngle:
Page 211 and 212:
Chapter 30 Tests 30.1 The Object Fo
Page 213 and 214:
31.2 Convenience Types An optional
Page 215 and 216:
Chapter 32 Parallelism and Locality
Page 217 and 218:
y evaluating the two elements of th
Page 219 and 220:
There is a DefaultDistribution whic
Page 221 and 222:
v = spawn at a.region(i) do a i end
Page 223 and 224:
expr ∑ type wrapper ∑ body R,
Page 225 and 226:
32.8.3 Using Overloading to Adapt G
Page 227 and 228:
Chapter 33 Overloaded Functional De
Page 229 and 230:
coercions: T U ⇐⇒ T ♦ U ∧
Page 231 and 232:
The More Specific Rule for Function
Page 233 and 234:
An infix/multifix operator declarat
Page 235 and 236:
may be so defined except ordinary p
Page 237 and 238:
and here some of these computed dim
Page 239 and 240:
unit name 1 name 2 name 3 : . . . u
Page 241 and 242:
Chapter 36 Support for Domain-Speci
Page 243 and 244:
Because syntax expanders are define
Page 245 and 246:
Part V Fortress APIs and Documentat
Page 247 and 248:
property ∀(a:T) ¬(a ∼ a) end A
Page 249 and 250:
trait PartialOrderOperatorsT extend
Page 251 and 252:
The HasMinimalElement trait specifi
Page 253 and 254:
The trait Commutative requires the
Page 255 and 256:
A value e is a left identity for a
Page 257 and 258:
trait ApproximatelyHasInverses T ex
Page 259 and 260:
end extends { ApproximateCommutativ
Page 261 and 262:
A default definition is provided fo
Page 263 and 264:
trait RationalQuantityunit U absorb
Page 265 and 266:
(self,other:RationalQuantityU,ninf
Page 267 and 268:
38.2.4 getter hashCode(): Z64 38.2.
Page 269 and 270:
Chapter 39 Components and APIs We d
Page 271 and 272:
Chapter 40 Memory Sequences and Bin
Page 273 and 274:
updatenat k(j: IntegerStatick, v: T
Page 275 and 276:
40.1.12 update(j:IndexInt, v: T): L
Page 277 and 278:
40.3.2 opr nat m[r:RangeOfStaticSiz
Page 279 and 280:
40.5 The Trait Fortress.Core.Binary
Page 281 and 282:
40.5.5 bit(m:IndexInt): Bit The res
Page 283 and 284:
40.6 The Trait Fortress.Core.Binary
Page 285 and 286:
40.6.4 opr nat m[r:RangeOfStaticSiz
Page 287 and 288:
40.6.16 opr ‖ nat m,bool bigEndia
Page 289 and 290:
countLeadingZeroBits():IndexInt cou
Page 291 and 292:
40.7.41 signedShift(j:IndexInt):T 4
Page 293 and 294:
40.8.6 signedDivide(other: T,overfl
Page 295 and 296:
littleEndian():BinaryEndianLinearEn
Page 297 and 298:
40.9.16 opr ‖ nat m,nat radix,nat
Page 299 and 300:
v: BinaryEndianWordb,bigEndianBytes
Page 301 and 302:
40.10.9 opr nat m[r:RangeOfStaticSi
Page 303 and 304:
40.10.24 splitnat b ′ () : Binary
Page 305 and 306:
itAnd(selfStart: IndexInt,source:T,
Page 307 and 308:
40.13.2 wrappingAdd(selfStart: Inde
Page 309 and 310:
40.13.30 unsignedMax(selfStart: Ind
Page 311 and 312:
40.13.55 gatherBits(selfStart:Index
Page 313 and 314:
Appendix A Fortress Calculi A.1 Bas
Page 315 and 316:
Values, evaluation contexts, redexe
Page 317 and 318:
Expression typing: p; ∆; Γ ⊢ e
Page 319 and 320:
α, β type variables f method name
Page 321 and 322:
Function/method name lookup: Fname(
Page 323 and 324:
One owner for all the visible metho
Page 325 and 326:
Traits defining a method: defining
Page 327 and 328:
Values, evaluation contexts, and re
Page 329 and 330:
Valid function declarations: p ⊢
Page 331 and 332:
Method definition lookup: visible p
Page 333 and 334:
Values, intermediate expressions, e
Page 335 and 336:
Field typing: p; ∆; Γ ⊢ vd ok
Page 337 and 338:
Appendix B Overloaded Functional De
Page 339 and 340:
Proof. We prove this for δ, but th
Page 341 and 342:
Upgrade A predicate upg? takes two
Page 343 and 344:
a is rendered as a foobar is render
Page 345 and 346:
• If a portion is sub and another
Page 347 and 348:
supercalifragilisticexpialidocious
Page 349 and 350:
any alternative names, with undersc
Page 351 and 352:
Appendix F Operator Precedence, Cha
Page 353 and 354:
U+007C VERTICAL LINE | | U+2016 DOU
Page 355 and 356:
The following two operators have th
Page 357 and 358:
U+003D EQUALS SIGN = = EQ U+2243 AS
Page 359 and 360:
U+22DD EQUAL TO OR GREATER-THAN U+2
Page 361 and 362:
U+2289 NEITHER A SUPERSET OF NOR EQ
Page 363 and 364:
F.4.8 Miscellaneous Relational Oper
Page 365 and 366:
U+21A5 UPWARDS ARROW FROM BAR U+21A
Page 367 and 368:
U+2224 DOES NOT DIVIDE ∤ U+2225 P
Page 369 and 370:
U+27F8 LONG LEFTWARDS DOUBLE ARROW
Page 371 and 372:
U+2960 UPWARDS HARPOON WITH BARB LE
Page 373 and 374:
U+29ED BLACK CIRCLE WITH DOWN ARROW
Page 375 and 376:
Appendix G Concrete Syntax In this
Page 377 and 378:
Extends ::= extends TraitTypes Excl
Page 379 and 380:
StaticParam ::= Id [Extends] [absor
Page 381 and 382:
Value ::= Literal | fn ValParam [Is
Page 383 and 384:
Appendix H Generated Concrete Synta
Page 385 and 386:
-> fn_decl -> object_decl -> var_de
Page 387 and 388:
-> id extends_opt absorbs_opt -> "n
Page 389 and 390:
-> w "excludes" w type_ref_list com
Page 391 and 392:
-> obj_decl_body_elem br obj_decl_b
Page 393 and 394:
-> op wr op_follows_op_w -> op wr e
Page 395 and 396:
-> no_space_op_expr_result no_space
Page 397 and 398:
id_opt -> -> w id with_opt -> -> w
Page 399 and 400:
-> unpasting_elem rect_separator un
Page 401 and 402:
-> "}" comprehension -> set_compreh
Page 403:
-> do_expr -> for_expr -> spawn_exp
Page 406 and 407:
-> type_ref -> "(" w type_ref w ","
Page 408 and 409:
enc -> enc_literal op_or_enc -> op
Page 410 and 411:
Bibliography [1] O. Agesen, L. Bak,
show all

The Fortress Language Specification - CiteSeerX

Create successful ePaper yourself

Delete template?

Save as template?