TIVDM1RT Development process, Abstract Syntax Trees and Logic 1 RT development process, Abstract Syntax Trees and Logic Peter Gorm Larsen ([email protected])[email protected]

TIVDM1 RT Development process, Abstract Syntax Trees and Logic

1

RT development process, Abstract Syntax Trees and Logic

Peter Gorm Larsen

([email protected])


2

Agenda

Development Process for RT systems• Abstract Syntax Trees and analysis of ASTs• Introduction to Logic


3

Reactive systems Nature

The World

Environment System

stimuli

response


4

Overview of Development Process


5

General use case for anembedded system


6

Capturing Requirements in VDM-SL

operations

PerformSystemReaction: seq of SensorInput ==> seq of ActuatorCommand PerformSystemReaction(inputseq) == if inputseq = [] then [] else SensorTreatment(hd inputseq) ^ PerformSystemReaction(tl inputseq)

An accumulating parameter can be used for feedback


7

Sequential Design Model


8

Typical Design Structure

• An Environment class is needed• A SystemName class is needed• A World class is introduced for setting up both the

environment and the system• World shall contain a Run operation• World have access to some notion of time• The Environment has operation for creating signals to

the system and receiving events from the system• Flow of control resides with the Environment• Each class that do actions has an isFinished

operation


9

Concurrent Design Model

• Similar to sequential design model but• Identification of threads

• Determine necessary communication

• Establish synchronization points

• Validation of model

• Typical design structure• Flow of control is distributed

• Synchronization using permission predicates and mutex• isFinished operations become skip with permission

predicates

• A simple Timer class is replaced with the TimeStamp class


10

Concurrent Real-Time and Distributed Design Model

• Timing built in:• Use of default durations

• Use of duration and cycles statements

• Setting task switching overhead• Typical Design Structure

• SystemName is now turned into a system• CPU’s and BUS’es are introduced inside SystemName• Environment may be turned into a system

• Some operations are made asynchronous

• Some Step like threads are made periodic• Explicit use of TimeStamp is removed


11

Agenda

Development Process for RT systems Abstract Syntax Trees and analysis of ASTs• Introduction to Logic


12

The “Phases” of a Compiler

Syntax Analysis

Type Analysis

Code Generation

Source Program

Abstract Syntax Tree

Decorated Abstract Syntax Tree

Object Code

Error Reports

Error Reports


13

VDM-SL AST Example 1

Program :: decls : seq of Declaration

stmt : Stmt;

Declaration :: id : Identifier

tp : Type

val : [Value];

Identifier = seq1 of char;

Type = <BoolType> | <IntType> ;

Value = BoolVal | IntVal;

BoolVal :: val : bool;

IntVal :: val : int;


14


Stmt = BlockStmt | AssignStmt | CondStmt | ForStmt | RepeatStmt;BlockStmt :: decls : seq of Declaration stmts : seq1 of Stmt;AssignStmt :: lhs : Variable rhs : Expr;Variable :: id : Identifier;CondStmt :: guard : Expr thenst : Stmt elsest : Stmt;ForStmt :: start : AssignStmt stop : Expr stmt : Stmt;RepeatStmt :: repeat : Stmt until : Expr;


15


Expr = BinaryExpr | Value | Variable;

BinaryExpr :: lhs : Expr

op : Operator

rhs : Expr;

Operator = <Add> | <Sub> | <Div> | <Mul> |

<Lt> | <Gt> | <Eq> | <And> |

<Or>;


16

Semantic Analysis of ASTs

• Environments that denote context• StatEnv = map ASTÌdentifier to AST`Type;• DynEnv = map ASTÌdentifier to AST`Value;• CGEnv = map ASTÌdentifier to AST`Type;

• Recursive top-down handling of analysis• Possibly use a visitor pattern in an OO context


17

Evaluation of An Expression

EvalExpr : AST‘Expr * DynEnv -> AST‘ValueEvalExpr(ex, denv) == cases ex : mk_AST‘BoolVal(-), mk_AST‘IntVal(-) -> ex, mk_AST‘Variable(id) -> denv(id), mk_AST‘BinaryExpr(-,-,-) -> EvalBinaryExpr(ex, denv) endpre is_AST‘BinaryExpr(ex) => pre_EvalBinaryExpr(ex, denv);

EvalBinaryExpr : AST‘BinaryExpr * DynEnv -> AST‘ValueEvalBinaryExpr(mk_AST‘BinaryExpr(lhs, op, rhs), denv) == let v1 = EvalExpr(lhs, denv).val, v2 = EvalExpr(rhs, denv).val in cases op : <Add> -> mk_AST‘IntVal(v1 + v2), ... end


18

Type Checking An Expressionwf_Expr : AST‘Expr * StatEnv -> bool * [AST‘Type]wf_Expr(ex, senv) == cases true : (is_AST‘BoolVal(ex)) -> mk (true, <BoolType>), (is_AST‘IntVal(ex)) -> mk_(true, <IntType>), (is_AST‘Variable(ex)) -> wf Variable(ex, senv), (is_AST‘BinaryExpr(ex)) -> wf_BinaryExpr(ex, senv), others -> mk_(false, <IntType>) end;

wf_BinaryExpr : AST‘BinaryExpr * StatEnv -> bool * [AST‘Type]wf_BinaryExpr(mk_AST‘BinaryExpr(lhs, op, rhs), senv) == let mk_(wf_lhs, tp_lhs) = wf_Expr(lhs, senv), mk_(wf_rhs, tp_rhs) = wf_Expr(rhs, senv) in cases op : <Add>, <Sub>, <Div>, <Mul> -> mk_(wf_lhs and wf_rhs and tp_lhs = <IntType> and tp_rhs = <IntType>, <IntType>), ...


19

The ASTGen Tool

SimpleAST spec

(restricted VDM++)ASTGEN

JAVAinterfaces

VDM++Implementation

classes

JAVAimplementation

VDM++Interface classes


20

Binary Expression in AST file

Expression = BinaryExpression | ...

BinaryExpression ::

lhs : Expression

op : BinaryOperator

rhs : Expression;

Then ASTGen will produce:

SimpleBinaryExpressionImpl.vdmpp

SimpleBinaryExpression.vdmpp

SimpleExpression.vdmpp


21

Generated VDM++ Interface Class

class SimpleBinaryExpression is subclass of SimpleExpression

operations

public getLhs: () ==> SimpleExpression getLhs() == is subclass responsibility;

public getOp: () ==> SimpleBinaryOperator getOp() == is subclass responsibility;

public getRhs: () ==> SimpleExpression getRhs() == is subclass responsibility;

end SimpleBinaryExpression


22

Generated VDM++ ImplementationClass

class SimpleBinaryExpressionImpl is subclass of SimpleBinaryExpression

instance variables private iv_lhs:SimpleExpression; private iv_op:SimpleBinaryOperator; private iv_rhs:SimpleExpression;

operations

public SimpleBinaryExpressionImpl: SimpleExpression * SimpleBinaryOperator * SimpleExpression ==> SimpleBinaryExpressionImpl SimpleBinaryExpressionImpl(p_lhs, p_op, p_rhs) == ( iv_lhs := p_lhs; iv_op := p_op; iv_rhs := p_rhs; );

public getLhs: () ==> SimpleExpression getLhs() == return iv_lhs;

public getOp: () ==> SimpleBinaryOperator getOp() == return iv_op;

public getRhs: () ==> SimpleExpression getRhs() == return iv_rhs;

end SimpleBinaryExpressionImpl


23

Code Generator Structure

Simple concrete syntax

Simple AST Programming language AST (developed using ASTGen)

Programming language concrete syntax

Simple parser

VDM model to be developed

Potential backend


24

Agenda

Development Process for RT systems Abstract Syntax Trees and analysis of ASTs Introduction to Logic


25

Logic

Our ability to state invariants, record pre-conditions and post-conditions, and the ability to reason about a formal model depend on the logic on which the modelling language is based.

• Classical logical propositions and predicates

• Connectives

• Quantifiers


26

A temperature monitor example

30

20

10

01 2 3 4 5 6 7 8 9

Temperature (C)

Time (s)

The monitor records the last five temperature readings 25 105510


27

A temperature monitor example

The following conditions are to be detected by the monitor:

1. Rising: the last reading in the sample is greater than the first

2. Over limit: there is a reading in the sample in excess of 400 C

3. Continually over limit: all the readings in the sample exceed 400 C

4. Safe: If readings do not exceed 400 C by the middle of the sample, the reactor is safe. If readings exceed 400 C by the middle of the sample, the reactor is still safe provided that the reading at the end of the sample is less than 400 C.

5. Alarm: The alarm is to be raised if and only if the reactor is not safe


28

Predicates and Propositions

Predicates are simply logical expressions. The simplest kind of logical predicate is a proposition.

A proposition is a logical assertion about a particular value or values, usually involving a Boolean operator to compare the values, e.g.

3 < 27 5 = 9


29

PredicatesA predicate is a logical expression that is not specific to particular values but contains variables which can stand for one of a range of possible values, e.g.

x < 27

(x**2) + x - 6 = 0

The truth or falsehood of a predicate depends on the value taken by the variables.


30

Predicates in the monitor example

Monitor :: temps : seq of int alarm : bool

inv m == len m.temps = 5

Consider a monitor m. m is a sequence so we can index into it:

First reading in m:

Last reading in m:

Predicate stating that the first reading in m is strictly less than the last reading:

The truth of the predicate depends on the value of m.

m.temps(1)

m.temps(5)

m.temps(1) < m.temps(5)


31

The rising condition

The last reading in the sample is greater than the first


inv m == len m.temps = 5

We can express the rising condition as a Boolean function:

Rising: Monitor -> bool

Rising(m) == m.temps(1) < m.temps(5)

For any monitor m, the expression Rising(m) evaluates to true iff the last reading in the sample in m is higher than the first, e.g.

Rising( mk_Monitor([233,45,677,650,900], false) )

Rising( mk_Monitor([23,45,67,50,20], false) )


32

Logical Operators (Connectives)

We will examine the following logical operators:

• Negation (NOT)• Conjunction (AND)• Disjunction (OR)• Implication (if – then)• Biconditional (if and only if)

Truth tables can be used to show how these operators can combine propositions to compound propositions.


33

Negation (not)

Negation allows us to state that the opposite of some logical expression is true, e.g.

The temperature in the monitor mon is not rising:

not Rising(mon)

Truth table for negation:P not P

true false

false true


34

Disjunction (or)

Disjunction allows us to express alternatives that are not necessarily exclusive:

Over limit: There is a reading in the sample in excess of 400 C

OverLimit: Monitor -> bool

OverLimit(m) == m.temps(1) > 400 or m.temps(2) > 400 or m.temps(3) > 400 or m.temps(4) > 400 or m.temps(5) > 400

P Q P or Q

true true true

true false true

false true true

false false false


35

Conjunction (and)

Conjunction allows us to express the fact that all of a collection of facts are true.

Continually over limit: all the readings in the sample exceed 400 C

COverLimit: Monitor -> bool

COverLimit(m) ==

m.temps(1) > 400 and m.temps(2) > 400 and m.temps(3) > 400 and m.temps(4) > 400 and m.temps(5) > 400

P Q P and Q

true true true

true false false

false true false

false false false


36

ImplicationImplication allows us to express facts which are only true under certain conditions (“if … then …”):

Safe: If readings do not exceed 400 C by the middle of the sample, the reactor is safe. If readings exceed 400 C by the middle of the sample, the reactor is still safe provided that the reading at the end of the sample is less than 400 C.

Safe: Monitor -> bool

Safe(m) ==

m.temps(3) > 400 =>

m.temps(5) < 400

P Q P => Q

true true true

true false false

false true true

false false true


37

BiimplicationBiimplication allows us to express equivalence (“if and only if”).

Alarm: The alarm is to be raised if and only if the reactor is not safe

This can be recorded as an invariant property:


inv m ==

len m.temps = 5 and

not Safe(m.temps) <=> m.alarm

P Q P <=> Q

true true true

true false false

false true false

false false true


38

Operator Precedence and Associativity

• not has the highest precedence• Followed by and, or, => and <=> in that order• => has right grouping i.e.

o A => B => C without brackets meanso A => (B => C)

• The other logical operators are associative so right and left grouping are equivalent, i.e.o A and (B and C) is identical to (A and B) and C


39

Quantifiers

For large collections of values, using a variable makes more sense than dealing with each case separately.

inds m.temps represents indices (1-5) of the sample

The “over limit” condition can then be expressed more economically as:

exists i in set inds m.temps & m.temps(i) > 400

The “continually over limit” condition can then be expressed using “forall”:

COverLimit: Monitor -> boolCOverLimit(m) == forall i in set inds m.temps & m.temps(i) > 400


40

QuantifiersSyntax:

forall binding & predicate

exists binding & predicate

There are two types of binding:

Type Binding, e.g.

x : nat

n : seq of char

Set Binding, e.g.

i in set inds m

x in set {1,…,20}

A type binding lets the bound variable range over a type (a possibly infinite collection of values).

A set binding lets the bound variable range over a finite set of values.


41

Questions

Formulate the following statements using predicate logic:

• Everybody likes Danish pastry

• Everybody either likes Danish pastry or is a vegetarian

• Either everybody likes Danish pastry or everybody is a

vegetarian

Are the last two statements equivalent?


42

Questions

Formulate the following statements using predicate logic:

• Somebody likes Danish pastry

• There is somebody who either likes Danish pastry or is

a vegetarian

• Either somebody likes Danish pastry or somebody is a

vegetarian

Are the last two statements equivalent?


43

Quantifiers

Several variables may be bound at once by a single quantifier, e.g.

forall x,y in set {1,…,5} &

X <> y => not m.temps(x) = m.temps(y)

Would this predicate be true for the following value of m.temps ?

[320, 220, 105, 119, 150]


44

Formulation Questions

All the readings in the sample are less than 400 and greater than 50.

Each reading in the sample is up to 10 greater than its predecessor.

There are two distinct readings in the sample which are over 400.

forall i in set inds m.temps & m.temps(i) < 400 and m.temps(i) > 50

forall i in set inds m.temps\{1} & m.temps(i – 1) + 10 <= m.temps(i)

exists i,j in set inds m.temps & i <> j and m.temps(i) > 400 and m.temps(j) > 400


45

Combination of quantifiers

• Assume we have a predicate with two free variables P(x,y) where x : X and y : Y

• Then quantifiers can be combined:• forall y : Y & exists x : X & P(x,y) or• exists y : Y & forall x : X & P(x,y)

• Would these be equal if X, Y are int and P = x >y?• However if the same quantifier was used both places

the expressions would be equivalent:• forall y : Y & forall x : X & P(x,y) forall x : X & forall y : Y & P(x,y)

• exists y : Y & exists x : X & P(x,y) exists x : X & exists y : Y & P(x,y)


46

Quantifiers

Suppose we have to formalise the following property:

There is a “single minimum” in the sequence of readings, i.e. there is a reading which is strictly smaller than any of the other readings.

Suppose the order of the quantifiers is reversed.

exists i in set inds m.temps & forall j in set inds m.temps & i <> j => m.temps(i) < m.temps(j)


47

Questions• Translate the following into English:

• forall x:Elephant & grey(x)• forall x:ANIMAL & elephant(x) => grey(x)• exists x : ANIMAL & bird(x) and has_wings(x) and not flies(x)

• Represent the following using predicate logic formulae:• “Joanne is a teacher, she teaches AI, and likes

chocolate.”• “Some teachers do not like chocolate”


48

Questions

• What is the truth value for the following expressions?• forall x in set {2,4,6} & IsEven(x)• forall xxx in set {} & xxx = 8• exists b in set {} & b > 0• exists1 x in set {1,2,6,42} & not IsEven(x)• forall x : nat & x < 5 => x ** 2 > 4• exists x : nat & x < 5 => x ** 2 > 4• forall y : nat & y < 5 => y < 20• forall y in set power {1,2} & card y = 2• not forall w : nat &

z < 4 => exists x : nat & z < x ** 2


49

Summary

• What have I presented today?• Development Process for RT systems

• Abstract syntax trees and analysis of ASTs

• Introduction to Logic

• What do you need to do now?• Read chapter 4 and 5 of the book for next week

• Read existing material about the selected project

• Formulate a new requirements definition for the project

• Start modelling your project in VDM++ using Overture

• Present about this project for the rest of us


50

Quote of the day

The successful construction of all machinery depends on the perfection of the tools employed, and whoever is

the master in the art of tool-making possesses the key to the construction of all machines.

Charles Babbage, 1851

Documents

TIVDM1RT Development process, Abstract Syntax Trees and Logic 1 RT development process, Abstract Syntax Trees and Logic Peter Gorm Larsen ([email protected])[email protected]