ebook img

Towards a Formal Description of Ada PDF

644 Pages·1980·9.32 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Towards a Formal Description of Ada

Lecture Notes ni Computer Science Edited yb .G Goos and .J Hartmanis 98 I ¸ I I ¸ I I I Towards a Formal Description of Ada Edited yb .D Bjerner and .O .N Oest IIIII I I galreV-regnirpS Berlin Heidelberg NewYork 1980 Editorial Board W. Brauer .P Brinch Hansen .D Gries C. Moler .G SeegmLiller .J Stoer .N Wirth Editors .D Bjorner Department of Computer Science Technical University of Denmark Building 343 DK-2800 Lyngby/Denmark O. .N Oest Danish Datamatics Centre Electrovigbuilding 143 DK-2800 Lyngby/Denmark AMS Subject Classifications (1980): 68-02, 68A05, 68A30 ISBN 3-540-10283-3 Springer-Verlag Berlin Heidelberg New York ISBN 0-38?-10283-3 Springer-Verlag New Heidelberg York Berlin Thisw ork is subject to copyright. All rights are whether reserved, the whole or part of the material is concerned, specifically those of translation, reprinting, re-use of illustrations, broadcasting, reproduction by photocopying machine or similar means, and storage in data banks. Under § 54 of the German Copyright Law where copies are made for other than private use, a fee is payable to the publisher, the amount of thef eteo be determined by agreement with the publisher. © by Springer-Verlag Berlin Heidelberg 1980 Printed in Germany Printing and binding: Beltz Offeetdruck, Hemsbach/Bergstr. 2t45/3140-5432 CONTENTS Contents iii Prelude V Aims & Purposes of this Volume V On "The Formal Definition of Ada" V The Basis for Our Definition Work V Completeness & Validity of the Present Definition vi The Danish Ada Definition Project vi -- Student Master Theses vi -- Educational Prerequisites vi -- Project Prerequisites vii -- CHILL vii -- The CHILL Formal Definition Project vii -- CHILL & Ada vii -- State-of-the-Art of Formal Definition Work viii -- A Disclaimer viii Overview of Papers viii Acknowledgements xiii Author Affiliations xiv Part :I Compiler Development *0° The DDC Ada CompilerDevelopment Project D.Bjorner & O.Oest Part II: A Formal Definition of Ada * .I A Denotational (Static) Semantics Method 21 for Defining Ada Context Conditions J.Bundgaard & L.Schultz -- Consolidated Formulae: 135-212 * 2. A Formal Semantics Definition of Sequential Ada 213 J.Storbank Pedersen -- Consolidated Formulae: 259-308 * .3 Parallelism in Ada 309 H.H.Lovengreen -- Consolidated Formulae: 385-432 Part III: An Ada Computer * .4 The Design of a Virtual Machine for Ada 435 O.Dommergaard -- Consolidated Formulae: 511-580 -- A Compiling Algorithm: 581-605 Appendix: Reference Manual for the Meta-Language 607 D.Bjorner References & Bibliography 625-629 * Each asterisked paper lists its Contents at its very beginning. PRELUDE Aims & Purposes of this Volume The sim of this volume is to present the arguments, some of the experiments, and the thoughts that were part of the project whose result is also present- ed: namely (the construction of) a formal, basically denotatlonal semantics definition of Ada. Rather than (just) presenting you with the finished product: a suitably an- notated formal definition - part II of this volume - instead, oftentimes ex- tensively, this volume argues choices and discusses variants of modelling Ada constructs formally. As such we believe that this volume serves two purposes: it contributes to the analytical study of Ada semantics, and it contributes to the body of knowledge about the abstract modelling of ad- vanced software constructs -- including such embodying parallelism. The volume, in part III, also contributes to the field of Computer Architec- tures, by illustrating how one can systematically "derive" a formal defini- tion of a multi-processor computer architecture "optimally" suited for the concurrent execution of Ada tasks. On: "The Formal Definition of Ada" This volume does not (purport to) present THE formal definition of Ada. The United States Government, through its Department of Defence (US DoD) has commissioned such a formal definition. This volume, we repeat, is NOT it. The so-commissioned, officially (to be) approved formal definition of Ada is due soon. The work on that definition has been carried out by a group at the French Governments' "information- & automation science institute", INRIA. Intermediate versions of that definition have graciously been put at our disposal. These versions have, however, not influenced our construction effort noticeably. This volume is otherwise not the place to compare the two definition ef- forts. The Basis for Our Definition Work Two sources of information have played the major role as input to the pro- tess of constructing our formal definition. Both are referred to here: )A( Preliminary Ada Reference Manual ACM SIGPLAN Notices Voi.14, No.6, part ,A June i979 )B( Rationale for the Design of the Ada Programming Language ACM SIGPLAN Notices Vol.14, No.6, part ,B June 1979 The definition presented here, as 'Consolidated Formulae' appendices to the papers Of part II of this volume, have however lately been updated to re- flect: VI (C) Reference Manual for the Ada Programming Language Proposed Standard Document Cii Honeywell Bull, July 1980 Completeness & Validity of the Present Definition The Ada being modelled here is believed to be rather close to, if not di- rectly modelling, the proposed standard Ada, i.e. ref.(C). But the present definition is not complete. Roughly speaking two, minor, aspects have been left out. Due Zo lack of time most of the rather straightforward defini- tions of expression semantics is omitted. And due to some, by us, perceived ambiguities & incompletenesses of the reference manual specification of 'Generic Program Units' (ref.(C) chapter 12), we have also left out variant models of Generics. The main effort behind the Ada definition work presented here went into de- ciding upon the "most fitting" forms of abstraction. Robustness of the cho- sen model, with respect to expected language changes -- introduced between the times of issue of refs.(A,B) and (C) -- was of prime concern. We be- lieve, however, that not only are the model (semantic) Domains reasonable, but also that most, if not all, uses thereof, validly reflects ref.(C). -- But see end of next section: 'Disclaimer'. The Danish Ada Definition Project -- Student Masters Theses The papers of parts II & III of this volume are the result of four M.Sc.Thesis projects. These were carried out within the faculty of Electri- cal Engineering. Each lasted 6 months. Altogether 5 students were involved -- during the spring and summer of 1980. -- Educational Prerequisites Before embarking on these projects the students had received education in 'Denotational Semantics' and 'Software Abstraction Principles' -- corres- pondng to, in fact based on, the books: (D) The Vienna Development Method:The Meta-Language eds°:D.Bjorner & C.B.Jones Springer-Verlag, Lecture Notes in Computer Science Voi.61, May 1978 (2nd printing July 1980) (El Abstract Software Specifications ed.:D.Bjorner Springer-Verlag, Lecture Notes in Computer Science Voi.86, June 1980 -- in the latter volume, ref.(E), only the material on 'Constructive', i.e. Denotationa! definitions is relevant. We urge the reader of the present vo- lume to consult either ref.(D) or ref.(E) for a comprehensive introduction to the techniques of language modelling, to the particular (VDM META-IV) se- mantics definition language used, and -- in ref.(E) -- to J. Stoy's enlightened expose of the mathematics underlying such definitions. VII -- Project Prerequisites The same students had also participated in smaller student projects con- cerned with the likewise formal definition of CHILL. -- CHILL CHILL is an acronym. It stands for "Communications High Level Language". CHILL is a language for programming Stored Program Controlled (SPC) Tele- phone Exchanges. CHILL has been commissioned by the C.C.I,T.T. C.C.I.T.T. stands for the International Consultative Committee on Telephony & Telegra- phy. C.C.I.T.T. is part of ITU: the International Telecommunications Union. ITU is part of the United Nations. CHILL represents a workable com- promise between the interests of National and Public Utility Telephone Ad- ministrations (PTTs etc.) and Telephone Equipment Manufacturers of the whole world! The actual design of CHILL was carried out in the period 1974-1979 by representatives from almost 30 such organizations from more than 2 dozen countries spread over five continents! The Formal Definition of CHILL "C.C.I.T.T. Recommendation Z200" presents an informal, but very rigorous, and precise, specification of CHILL. A planned "Supplement" to Z200, pre- sently in the form of a C.C.I.T. "Manual", attached to Z200, presents THE formal definition of CHILL. This C.C.I.T.T. officially (to be) approved, formal definition was produced at the Computer Science Department of the Technical University of Denmark in a joint project with the Danish Telecom- munications Research Laboratory. )F( The Formal Definition of CHILL eds.:P.L.Haff & D.Bjorner C.C.I.T.T. Recommendation Z200 Supplement ITU Geneva, Switzerland, March 1981 provides a reference -- advance copies may be obtained, at reproduction cost, from the address of the editors of this volume. -- CHILL & Ada This is otherwise not the place for a discussion of these two languages. Such a comparison would be quite worthwhile -- provided it was carried out with reference to precise formal definitions. The two languages are roughly of the "same order of complexity". Both languages 'compete' in very similar areas of application. For the purposes of a proper understanding of the background for the work behind the present volume it suffices with the fol- lowing more detailed characteristics: CHILL appears to have a more complex type (mode) system than Ada. CHILL (also) seems more complex in the area of visibility & referability than is Ada. Finally CHILL has three sets of in- dependent constructs for handling processes, where Ada has one, "smaller", set of task handling constructs. The experience gained, with around 81 students, ni producing the formal de- finition of CHILL gave us confidence in our ability to produce, reasonable swiftly, also an Ada definition. IIIV -- State-of-the-Art of Formal Definition Work We believe that the present volume justifies the confidence expressed in the previous paragraph. We conclude, therefore, that one can now, 01 years after the pioneering works of Dana Scott and the late Christopher Strachey, expect of todays software engineers & computer scientists, that they -- as an everyday matter of concern -- can produce formal software specifications of even very com- plex software systems, should anyone still want such bastards! -- A Disclaimer But it should be emphasized that the present Ada definition is the result of only 2 (relatively inexperienced) man-years of (student) work, limited to within the period March-September 1980. No rigorous, exhaustive, "refereed" attempt Has yet been made to compare our formal definition with the proposed standard for Ada (ref.(C)). Although all formulae here have been extensively scrutinized, and "somewhat" buddy-checked, they have yet to be subjected to the same careful procedure of "validation" that our CHILL formal definition has been, and still is, subjected to. It is calculated that more than one man-year of highly techn- ical work has gone into this CHILL "validation". No ultimate security is anyway (formally) possible. But a rather high degree of informal confi- dence, on an international level, that the informal and the formal CHILL specifications "agree", has already been attained. Overview of Papers There are three parts to this volume -- and an appendix. The center part, part ,II contains three papers on respective aspects of an Ada definition. The problem of tackling the modelling of the so-called static semantics of (languages like Euclid, CHILL and) Ada is a difficult, non-trivial one. We have come to believe that this problem exceeds, by a manpower estimate alone, 3-4 times that of modelling e.g. the dynamic semantics of the se- quential parts of (those languages and) Ada. (Some rough statistics can be given. It relates the sizes of expressing the static- & the dynamic semantics, and the relative complexity, of a number of languages: XI Size of Semantics Static Semantics: 22% 26% 45% 55% Dynamic Semantics: 78% 74% 55% 45% ALGOL 60 PL/I CHILL Ada Relative "Complexity": I 5 8 8 The table indicates the extent to which the CHILL and Ada languages embodies notions of statically decidable properties. In the vernacular: "more and more is being checked at compile-time, in ~ particular aspects that have to do with the disciplining of the co-operation among programmers". We refer here to the module/package concepts.) (By the static semantics we mean those semantic aspects of a language which a compiler for that language must, or at least can, check. That is: the statically decidable context-conditions. By a dynamic semantics we mean those semantics aspects of a language which corresponds to the code generat- ed by a compiler for that language, exclusive of that which only has to do with static semantics checks -- should a compiler design choose so. That is: dynamic semantics reflect the run-time properties of the language. It is justified to call both aspects for semantics. nI both cases we can speak of a "computation" based on, i.e. over, a/the program text.) You may therefore find the paper: .I A Denotational (Static) Semantics Method 21-212 for Defining Ada Context Conditions by Jorgen Bundgaard & Lennart Schu!tz somewhat studious to follow. It deals with a hard problem. The modelling of the static environment- (surrounding-), or as they are called here: dictionary-, Domains for languages of the (Euclid, CHILL and) Ada kind, have, up till now, not received the attention required. In the pioneering paper by Bekic & Walk [BeWa 71] the problem of modelling Storage of PL/I and ALGOL68 recieved a lucid, almost final, treatment. The founda- tion was laid, it turned out, for all subsequent models of the Storage con- cept of PL/I, ALGOL60, Pascal, CHILL and Ada. What we hope is that somebody will elucidate, one day, in a similarly foundational paper, the proper tech- niques for modelling the static dictionary problem of modular languages. Languages which permit such "weird" things as exporting & importing names, thereby "freeing" their visibility & referability properties from being syn- tactically tied to the phrase structure of any program. The paper: .2 A Formal Semantics Definition of Sequential Ada 213-308 by Jan Storbank Pedersen carefully treats all the difficult aspects of (modelling) the dynamic seman- tics of those parts of Ada which are not related to tasking. In its content it is more in line with the, by now, classical treatments of dynamic seman- tics. The paper contains a model of Ada Storage. That is: of the Ada con- X cept of variables, composite values, including variant records with discrim- inants, dna their locations. The present Storage model stems from models first worked out by J.Bundgaard, in June 1979, and later extensively (update-) revised by H.H.Lovengreen, in January 1980 [Lo 80a]. Many formal definers of languages fail to give such formal definitions of the, basically axiomatically formulated, properties of locations & values; allocation-, initialization-, assignment- & update ,ot contents taking- and freeing of storage. Advice We have this advice to give: before embarking on the systematic, laborious and somewhat straightforward, i.e. "easy", writing of static wellformedness- and dynamic elaboration function defini- tions, make sure to get the underlying Domains straightened out first. Work out, in detail, not only all these Domains, but also all the auxiliary function needed to construct, modify & use ob- jects of these Domains. End-of-Advice Failure to do ,os i.e. to complete these parts, early in a definition pro- ject, usually proves disastrous -- ultimately requiring the complete rewrite of masses of formulae. Luckily in this project we were spared such blunders. (We hope, and "pray", with some trepidation, that the present Do- main- and function definition structures are robust enough to meaningfully cope with the unfinished modelling of Generics!) The paper: .3 Parallelism in Ada 309-433 by Hans Henrik Lovengreen tackles, and solves, the (new) problem of modelling all of the Ada tasking semantics as abstractly, i.e. as implementation-unbiased as possible; and of embedding its parallel meta-process model in an otherwise Denotational model of sequential Ada. (The official, formal definition of Ada, mentioned above, does not give a model of Ada tasking.) The modelling principles of the present Ada tasking definition are basically the same as those used in ref.(F). CHILL, as mentioned previously, possesses many more process primi- tives than Ada. The semantics of the latters "fewer" constructs appears, however, to be more involved. Measured in definition (page) size alone: Size of Dynamic Semantics Sequential 75% 67% Parallel 25% 33% CHILL Ada We attribute this seeming anomaly to the involved, very high level rules for Ada task exception handling and task termination, due primarily to the "hi- erarchy"-notions involved herein. (Both of the above comparisons (i.e. table contents) are normalized, in the sense of all definitions being ex- pressed in the same meta-language, using basically the same modelling prin-

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.