Upload
anne-newman
View
217
Download
0
Embed Size (px)
Citation preview
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
1
RT development process, Abstract Syntax Trees and Logic
Peter Gorm Larsen
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
2
Agenda
Development Process for RT systems• Abstract Syntax Trees and analysis of ASTs• Introduction to Logic
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
3
Reactive systems Nature
The World
Environment System
stimuli
response
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
4
Overview of Development Process
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
5
General use case for anembedded system
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
6
Capturing Requirements in VDM-SL
operations
PerformSystemReaction: seq of SensorInput ==> seq of ActuatorCommand PerformSystemReaction(inputseq) == if inputseq = [] then [] else SensorTreatment(hd inputseq) ^ PerformSystemReaction(tl inputseq)
An accumulating parameter can be used for feedback
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
7
Sequential Design Model
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
8
Typical Design Structure
• An Environment class is needed• A SystemName class is needed• A World class is introduced for setting up both the
environment and the system• World shall contain a Run operation• World have access to some notion of time• The Environment has operation for creating signals to
the system and receiving events from the system• Flow of control resides with the Environment• Each class that do actions has an isFinished
operation
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
9
Concurrent Design Model
• Similar to sequential design model but• Identification of threads
• Determine necessary communication
• Establish synchronization points
• Validation of model
• Typical design structure• Flow of control is distributed
• Synchronization using permission predicates and mutex• isFinished operations become skip with permission
predicates
• A simple Timer class is replaced with the TimeStamp class
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
10
Concurrent Real-Time and Distributed Design Model
• Timing built in:• Use of default durations
• Use of duration and cycles statements
• Setting task switching overhead• Typical Design Structure
• SystemName is now turned into a system• CPU’s and BUS’es are introduced inside SystemName• Environment may be turned into a system
• Some operations are made asynchronous
• Some Step like threads are made periodic• Explicit use of TimeStamp is removed
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
11
Agenda
Development Process for RT systems Abstract Syntax Trees and analysis of ASTs• Introduction to Logic
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
12
The “Phases” of a Compiler
Syntax Analysis
Type Analysis
Code Generation
Source Program
Abstract Syntax Tree
Decorated Abstract Syntax Tree
Object Code
Error Reports
Error Reports
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
13
VDM-SL AST Example 1
Program :: decls : seq of Declaration
stmt : Stmt;
Declaration :: id : Identifier
tp : Type
val : [Value];
Identifier = seq1 of char;
Type = <BoolType> | <IntType> ;
Value = BoolVal | IntVal;
BoolVal :: val : bool;
IntVal :: val : int;
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
14
VDM-SL AST Example 2
Stmt = BlockStmt | AssignStmt | CondStmt | ForStmt | RepeatStmt;BlockStmt :: decls : seq of Declaration stmts : seq1 of Stmt;AssignStmt :: lhs : Variable rhs : Expr;Variable :: id : Identifier;CondStmt :: guard : Expr thenst : Stmt elsest : Stmt;ForStmt :: start : AssignStmt stop : Expr stmt : Stmt;RepeatStmt :: repeat : Stmt until : Expr;
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
15
VDM-SL AST Example 3
Expr = BinaryExpr | Value | Variable;
BinaryExpr :: lhs : Expr
op : Operator
rhs : Expr;
Operator = <Add> | <Sub> | <Div> | <Mul> |
<Lt> | <Gt> | <Eq> | <And> |
<Or>;
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
16
Semantic Analysis of ASTs
• Environments that denote context• StatEnv = map AST`Identifier to AST`Type;• DynEnv = map AST`Identifier to AST`Value;• CGEnv = map AST`Identifier to AST`Type;
• Recursive top-down handling of analysis• Possibly use a visitor pattern in an OO context
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
17
Evaluation of An Expression
EvalExpr : AST‘Expr * DynEnv -> AST‘ValueEvalExpr(ex, denv) == cases ex : mk_AST‘BoolVal(-), mk_AST‘IntVal(-) -> ex, mk_AST‘Variable(id) -> denv(id), mk_AST‘BinaryExpr(-,-,-) -> EvalBinaryExpr(ex, denv) endpre is_AST‘BinaryExpr(ex) => pre_EvalBinaryExpr(ex, denv);
EvalBinaryExpr : AST‘BinaryExpr * DynEnv -> AST‘ValueEvalBinaryExpr(mk_AST‘BinaryExpr(lhs, op, rhs), denv) == let v1 = EvalExpr(lhs, denv).val, v2 = EvalExpr(rhs, denv).val in cases op : <Add> -> mk_AST‘IntVal(v1 + v2), ... end
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
18
Type Checking An Expressionwf_Expr : AST‘Expr * StatEnv -> bool * [AST‘Type]wf_Expr(ex, senv) == cases true : (is_AST‘BoolVal(ex)) -> mk (true, <BoolType>), (is_AST‘IntVal(ex)) -> mk_(true, <IntType>), (is_AST‘Variable(ex)) -> wf Variable(ex, senv), (is_AST‘BinaryExpr(ex)) -> wf_BinaryExpr(ex, senv), others -> mk_(false, <IntType>) end;
wf_BinaryExpr : AST‘BinaryExpr * StatEnv -> bool * [AST‘Type]wf_BinaryExpr(mk_AST‘BinaryExpr(lhs, op, rhs), senv) == let mk_(wf_lhs, tp_lhs) = wf_Expr(lhs, senv), mk_(wf_rhs, tp_rhs) = wf_Expr(rhs, senv) in cases op : <Add>, <Sub>, <Div>, <Mul> -> mk_(wf_lhs and wf_rhs and tp_lhs = <IntType> and tp_rhs = <IntType>, <IntType>), ...
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
19
The ASTGen Tool
SimpleAST spec
(restricted VDM++)ASTGEN
JAVAinterfaces
VDM++Implementation
classes
JAVAimplementation
VDM++Interface classes
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
20
Binary Expression in AST file
Expression = BinaryExpression | ...
BinaryExpression ::
lhs : Expression
op : BinaryOperator
rhs : Expression;
Then ASTGen will produce:
SimpleBinaryExpressionImpl.vdmpp
SimpleBinaryExpression.vdmpp
SimpleExpression.vdmpp
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
21
Generated VDM++ Interface Class
class SimpleBinaryExpression is subclass of SimpleExpression
operations
public getLhs: () ==> SimpleExpression getLhs() == is subclass responsibility;
public getOp: () ==> SimpleBinaryOperator getOp() == is subclass responsibility;
public getRhs: () ==> SimpleExpression getRhs() == is subclass responsibility;
end SimpleBinaryExpression
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
22
Generated VDM++ ImplementationClass
class SimpleBinaryExpressionImpl is subclass of SimpleBinaryExpression
instance variables private iv_lhs:SimpleExpression; private iv_op:SimpleBinaryOperator; private iv_rhs:SimpleExpression;
operations
public SimpleBinaryExpressionImpl: SimpleExpression * SimpleBinaryOperator * SimpleExpression ==> SimpleBinaryExpressionImpl SimpleBinaryExpressionImpl(p_lhs, p_op, p_rhs) == ( iv_lhs := p_lhs; iv_op := p_op; iv_rhs := p_rhs; );
public getLhs: () ==> SimpleExpression getLhs() == return iv_lhs;
public getOp: () ==> SimpleBinaryOperator getOp() == return iv_op;
public getRhs: () ==> SimpleExpression getRhs() == return iv_rhs;
end SimpleBinaryExpressionImpl
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
23
Code Generator Structure
Simple concrete syntax
Simple AST Programming language AST (developed using ASTGen)
Programming language concrete syntax
Simple parser
VDM model to be developed
Potential backend
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
24
Agenda
Development Process for RT systems Abstract Syntax Trees and analysis of ASTs Introduction to Logic
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
25
Logic
Our ability to state invariants, record pre-conditions and post-conditions, and the ability to reason about a formal model depend on the logic on which the modelling language is based.
• Classical logical propositions and predicates
• Connectives
• Quantifiers
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
26
A temperature monitor example
30
20
10
01 2 3 4 5 6 7 8 9
Temperature (C)
Time (s)
The monitor records the last five temperature readings 25 105510
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
27
A temperature monitor example
The following conditions are to be detected by the monitor:
1. Rising: the last reading in the sample is greater than the first
2. Over limit: there is a reading in the sample in excess of 400 C
3. Continually over limit: all the readings in the sample exceed 400 C
4. Safe: If readings do not exceed 400 C by the middle of the sample, the reactor is safe. If readings exceed 400 C by the middle of the sample, the reactor is still safe provided that the reading at the end of the sample is less than 400 C.
5. Alarm: The alarm is to be raised if and only if the reactor is not safe
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
28
Predicates and Propositions
Predicates are simply logical expressions. The simplest kind of logical predicate is a proposition.
A proposition is a logical assertion about a particular value or values, usually involving a Boolean operator to compare the values, e.g.
3 < 27 5 = 9
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
29
PredicatesA predicate is a logical expression that is not specific to particular values but contains variables which can stand for one of a range of possible values, e.g.
x < 27
(x**2) + x - 6 = 0
The truth or falsehood of a predicate depends on the value taken by the variables.
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
30
Predicates in the monitor example
Monitor :: temps : seq of int alarm : bool
inv m == len m.temps = 5
Consider a monitor m. m is a sequence so we can index into it:
First reading in m:
Last reading in m:
Predicate stating that the first reading in m is strictly less than the last reading:
The truth of the predicate depends on the value of m.
m.temps(1)
m.temps(5)
m.temps(1) < m.temps(5)
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
31
The rising condition
The last reading in the sample is greater than the first
Monitor :: temps : seq of int alarm : bool
inv m == len m.temps = 5
We can express the rising condition as a Boolean function:
Rising: Monitor -> bool
Rising(m) == m.temps(1) < m.temps(5)
For any monitor m, the expression Rising(m) evaluates to true iff the last reading in the sample in m is higher than the first, e.g.
Rising( mk_Monitor([233,45,677,650,900], false) )
Rising( mk_Monitor([23,45,67,50,20], false) )
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
32
Logical Operators (Connectives)
We will examine the following logical operators:
• Negation (NOT)• Conjunction (AND)• Disjunction (OR)• Implication (if – then)• Biconditional (if and only if)
Truth tables can be used to show how these operators can combine propositions to compound propositions.
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
33
Negation (not)
Negation allows us to state that the opposite of some logical expression is true, e.g.
The temperature in the monitor mon is not rising:
not Rising(mon)
Truth table for negation:P not P
true false
false true
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
34
Disjunction (or)
Disjunction allows us to express alternatives that are not necessarily exclusive:
Over limit: There is a reading in the sample in excess of 400 C
OverLimit: Monitor -> bool
OverLimit(m) == m.temps(1) > 400 or m.temps(2) > 400 or m.temps(3) > 400 or m.temps(4) > 400 or m.temps(5) > 400
P Q P or Q
true true true
true false true
false true true
false false false
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
35
Conjunction (and)
Conjunction allows us to express the fact that all of a collection of facts are true.
Continually over limit: all the readings in the sample exceed 400 C
COverLimit: Monitor -> bool
COverLimit(m) ==
m.temps(1) > 400 and m.temps(2) > 400 and m.temps(3) > 400 and m.temps(4) > 400 and m.temps(5) > 400
P Q P and Q
true true true
true false false
false true false
false false false
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
36
ImplicationImplication allows us to express facts which are only true under certain conditions (“if … then …”):
Safe: If readings do not exceed 400 C by the middle of the sample, the reactor is safe. If readings exceed 400 C by the middle of the sample, the reactor is still safe provided that the reading at the end of the sample is less than 400 C.
Safe: Monitor -> bool
Safe(m) ==
m.temps(3) > 400 =>
m.temps(5) < 400
P Q P => Q
true true true
true false false
false true true
false false true
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
37
BiimplicationBiimplication allows us to express equivalence (“if and only if”).
Alarm: The alarm is to be raised if and only if the reactor is not safe
This can be recorded as an invariant property:
Monitor :: temps : seq of int alarm : bool
inv m ==
len m.temps = 5 and
not Safe(m.temps) <=> m.alarm
P Q P <=> Q
true true true
true false false
false true false
false false true
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
38
Operator Precedence and Associativity
• not has the highest precedence• Followed by and, or, => and <=> in that order• => has right grouping i.e.
o A => B => C without brackets meanso A => (B => C)
• The other logical operators are associative so right and left grouping are equivalent, i.e.o A and (B and C) is identical to (A and B) and C
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
39
Quantifiers
For large collections of values, using a variable makes more sense than dealing with each case separately.
inds m.temps represents indices (1-5) of the sample
The “over limit” condition can then be expressed more economically as:
exists i in set inds m.temps & m.temps(i) > 400
The “continually over limit” condition can then be expressed using “forall”:
COverLimit: Monitor -> boolCOverLimit(m) == forall i in set inds m.temps & m.temps(i) > 400
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
40
QuantifiersSyntax:
forall binding & predicate
exists binding & predicate
There are two types of binding:
Type Binding, e.g.
x : nat
n : seq of char
Set Binding, e.g.
i in set inds m
x in set {1,…,20}
A type binding lets the bound variable range over a type (a possibly infinite collection of values).
A set binding lets the bound variable range over a finite set of values.
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
41
Questions
Formulate the following statements using predicate logic:
• Everybody likes Danish pastry
• Everybody either likes Danish pastry or is a vegetarian
• Either everybody likes Danish pastry or everybody is a
vegetarian
Are the last two statements equivalent?
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
42
Questions
Formulate the following statements using predicate logic:
• Somebody likes Danish pastry
• There is somebody who either likes Danish pastry or is
a vegetarian
• Either somebody likes Danish pastry or somebody is a
vegetarian
Are the last two statements equivalent?
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
43
Quantifiers
Several variables may be bound at once by a single quantifier, e.g.
forall x,y in set {1,…,5} &
X <> y => not m.temps(x) = m.temps(y)
Would this predicate be true for the following value of m.temps ?
[320, 220, 105, 119, 150]
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
44
Formulation Questions
All the readings in the sample are less than 400 and greater than 50.
Each reading in the sample is up to 10 greater than its predecessor.
There are two distinct readings in the sample which are over 400.
forall i in set inds m.temps & m.temps(i) < 400 and m.temps(i) > 50
forall i in set inds m.temps\{1} & m.temps(i – 1) + 10 <= m.temps(i)
exists i,j in set inds m.temps & i <> j and m.temps(i) > 400 and m.temps(j) > 400
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
45
Combination of quantifiers
• Assume we have a predicate with two free variables P(x,y) where x : X and y : Y
• Then quantifiers can be combined:• forall y : Y & exists x : X & P(x,y) or• exists y : Y & forall x : X & P(x,y)
• Would these be equal if X, Y are int and P = x >y?• However if the same quantifier was used both places
the expressions would be equivalent:• forall y : Y & forall x : X & P(x,y) forall x : X & forall y : Y & P(x,y)
• exists y : Y & exists x : X & P(x,y) exists x : X & exists y : Y & P(x,y)
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
46
Quantifiers
Suppose we have to formalise the following property:
There is a “single minimum” in the sequence of readings, i.e. there is a reading which is strictly smaller than any of the other readings.
Suppose the order of the quantifiers is reversed.
exists i in set inds m.temps & forall j in set inds m.temps & i <> j => m.temps(i) < m.temps(j)
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
47
Questions• Translate the following into English:
• forall x:Elephant & grey(x)• forall x:ANIMAL & elephant(x) => grey(x)• exists x : ANIMAL & bird(x) and has_wings(x) and not flies(x)
• Represent the following using predicate logic formulae:• “Joanne is a teacher, she teaches AI, and likes
chocolate.”• “Some teachers do not like chocolate”
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
48
Questions
• What is the truth value for the following expressions?• forall x in set {2,4,6} & IsEven(x)• forall xxx in set {} & xxx = 8• exists b in set {} & b > 0• exists1 x in set {1,2,6,42} & not IsEven(x)• forall x : nat & x < 5 => x ** 2 > 4• exists x : nat & x < 5 => x ** 2 > 4• forall y : nat & y < 5 => y < 20• forall y in set power {1,2} & card y = 2• not forall w : nat &
z < 4 => exists x : nat & z < x ** 2
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
49
Summary
• What have I presented today?• Development Process for RT systems
• Abstract syntax trees and analysis of ASTs
• Introduction to Logic
• What do you need to do now?• Read chapter 4 and 5 of the book for next week
• Read existing material about the selected project
• Formulate a new requirements definition for the project
• Start modelling your project in VDM++ using Overture
• Present about this project for the rest of us
TIVDM1 RT Development process, Abstract Syntax Trees and Logic
50
Quote of the day
The successful construction of all machinery depends on the perfection of the tools employed, and whoever is
the master in the art of tool-making possesses the key to the construction of all machines.
Charles Babbage, 1851