Added upstream from http://ftp.icm.edu.pl/pub/loglan/

[loglan.git] / examples / pataud / verspec.log

program VerifyingSpecification;\r
  (* This is an example showing how to proceed in order to\r
     make a dynamic verification of an implementation of \r
     a specification of a data structure.\r
\r
     In our example we shall give three components:\r
     1) a specification of stacks,\r
     2) a class that ensures the dynamic verification of\r
        correctness of an implementing module,\r
     3) an implementation of stacks as a class which inherits\r
        from the previous class.\r
  *)\r
      (* Nowy problem powstaje:\r
           jak rozpl\ata'c wzajemne odwo/lania operacji wymienionych\r
           w specyfikacji?\r
\r
           Zrobilem tak:   kazda operacja posiada dwie wersje np. Push i Ppush\r
                  1sza wersja jest otoczona pre- i post- conditions\r
                  2ga wersja nie zawiera takiego sprawdzania - druga wersja jest uzywana w pre- i                      post-conditions i wewnatrz equal ktore odwoluje sie do top i pop\r
\r
          Nie jestem tym zachwycony.\r
          Po co dwa razy pisac te sama procedure??\r
\r
       *)\r
\r
  (* --------------- specification of STACKS ----------------------------\r
\r
        sorts Elem, Stack, Boolean;\r
\r
        predicates\r
           empty: Stack {SYMBOL 174 \f "Symbol"} Boolean\r
           eq:    Elem {SYMBOL 180 \f "Symbol"} Elem {SYMBOL 174 \f "Symbol"} Boolean\r
           equal: Stack {SYMBOL 180 \f "Symbol"} Stack {SYMBOL 174 \f "Symbol"} Boolean\r
\r
       operations\r
           push:  Elem {SYMBOL 180 \f "Symbol"} Stack  {SYMBOL 174 \f "Symbol"} Stack\r
           pop:   Stack  {SYMBOL 174 \f "Symbol"} Stack\r
           top:   Stack  {SYMBOL 174 \f "Symbol"} Elem\r
\r
       axioms\r
          for every e in Elem, for every s in Stack\r
\r
      A1)  not empty(push(e,s))\r
      A2)  eq(e, top(push(e,s)))\r
      A3)  equal(s, pop(push(e,s)))\r
      A4)  not empty(s) ==> equal(s, push(top(s), pop(s)))\r
      A5)  while not empty(s) do s := pop(s) od true\r
      A6)  equal(s, s') <=> begin result := true; s1 := s; s2 := s';\r
                             while not empty(s1) and not empty(s2) and result\r
                                 do\r
                                   result := eq(top(s1), top(s2));\r
                                   s1 := pop(s1);\r
                                   s2 := pop(s2);\r
                                 od  (result and empty(s1) and empty(s2))\r
\r
\r
 end of specification STACKS\r
 *)\r
\r
\r
(* -------------------------- Checking STACKS --------------------------- *)\r
\r
 unit STACKS_CHECKING: class;\r
\r
    unit Elem: class;\r
    end Elem;\r
\r
    unit Stack: class;\r
    end Stack;\r
\r
    unit check_Push: class(e: Elem, s: Stack);\r
       var res, old_s: Stack;\r
    begin\r
       (* if full(s) then raise ERR_Full fi; *)\r
       old_s := s;\r
       inner;\r
       if empty(res) then raise ERR_Axiom1 fi;\r
       if not eq(e, Ttop(res)) then raise ERR_Axiom2 fi;\r
       if not equal(old_s, Ppop(res)) then raise ERR_Axiom3 fi;\r
    end check_Push;\r
\r
    unit virtual Push: check_Push function: Stack;\r
    end Push;\r
\r
    unit virtual Ppop: function(s:Stack): Stack;\r
    end Ppop;\r
\r
    unit virtual Pop: check_Pop function: Stack;\r
    end Pop;\r
\r
    unit virtual Ttop: function(s: Stack): Elem;\r
    end Ttop;\r
\r
    unit check_Pop: class(s: Stack);\r
       var res: Stack, aux: Elem;\r
    begin\r
       if empty(s) then raise ERR_Empty fi;\r
       inner;\r
       aux := Ttop(s);    \r
       if not equal(s, Ppush(aux,res)) then raise ERR_Axiom4 fi;    \r
    end check_Pop;\r
    \r
    unit virtual Ppush: function(e: Elem, s: Stack): Stack; \r
    end Ppush;\r
\r
    unit virtual Top: check_Top function: Elem;\r
    end Top;\r
\r
    unit check_Top: class(s: Stack);\r
       var res: Elem, aux: Stack;\r
    begin\r
       if empty(s) then raise ERR_Empty fi;\r
       inner;\r
       aux := Pop(s);\r
       if not equal(s, Ppush(res,aux)) then raise ERR_Axiom4 fi;  \r
    end check_Top;\r
    \r
    unit virtual Empty: function(s: Stack): Boolean;\r
    end Empty;\r
\r
    unit virtual Eq: function(e1, e2: Elem): Boolean;\r
    end Eq;\r
\r
    unit check_Equal: class(s1, s2: Stack);\r
      (* what to check and how? *)\r
\r
    end check_Equal;\r
\r
    unit virtual Equal: function(s1, s2: Stack): Boolean;\r
    \r
    end Equal;\r
\r
    signal ERR_Full, ERR_Empty, ERR_Axiom1, ERR_Axiom2, ERR_Axiom3,\r
           ERR_Axiom4;\r
\r
 end STACKS_CHECKING;\r
\r
\r
\r
 (* ----------------------- STACKS generic ------------------------------- *)\r
\r
 unit STACKS_Generic: STACKS_Checking class;\r
    hidden link;\r
\r
    unit link: class(e: Elem);\r
       var next: link;\r
    end link;\r
\r
    unit Stackl: Stack class;\r
       var top: link\r
    end Stackl;\r
\r
    unit virtual Push: check_Push function: Stackl;\r
       var aux: link;\r
    begin\r
       aux := new Link(e);\r
       aux.next := s qua Stackl.top;\r
       result := new Stackl;\r
       result.top := aux;\r
       res := result\r
    end Push;\r
\r
    unit virtual Ppush:  function(e: Elem, s: Stackl): Stackl;\r
       var aux: link;\r
    begin\r
       aux := new Link(e);\r
       aux.next := s.top;\r
       result := new Stackl;\r
       result.top := aux;\r
    end Ppush;\r
\r
    unit virtual Pop: check_Pop function: Stackl;\r
    begin\r
       result := new Stackl;\r
       result.top := s qua Stackl.top.next;\r
       res := result;\r
    end Pop;\r
\r
    unit virtual Ppop: function(s: Stackl): Stackl;\r
    begin\r
       result := new Stackl;\r
       result.top := s.top.next;\r
    end Ppop;\r
\r
    unit virtual Top: check_Top function: Elem;\r
    begin\r
      result := s qua Stackl.top.e;  \r
      res := result\r
    end Top;\r
\r
    unit virtual Ttop: function(s: Stackl): Elem;\r
    begin\r
       result := s.top.e\r
    end Ttop;\r
\r
    unit virtual Empty: function(s: Stackl): Boolean;\r
    begin\r
      result := s.top = none\r
    end empty;\r
    \r
    unit virtual Eq: function(e1, e2: Elem): Boolean;\r
    end Eq;\r
    \r
    unit virtual Equal: function(s1, s2: Stackl): Boolean;\r
       var s3, s4: Stack;\r
    begin \r
       result := true; s3 := s1; s4 := s2;\r
       while not empty(s3) and not empty(s4) and result\r
       do\r
         result := eq(Ttop(s3), Ttop(s4));\r
         s3 := Ppop(s3);\r
         s4 := Ppop(s4);\r
       od;  \r
       result := (result and empty(s3) and empty(s4))\r
    end Equal;\r
\r
\r
\r
 end STACKS_Generic;\r
\r
\r
\r
(* -------------------------  MAIN  ---------------------------------- *)\r
\r
begin\r
   pref STACKS_Generic block\r
\r
      unit mElem: Elem class(i:integer);\r
      end mElem;\r
\r
      unit virtual Eq: function(e1,e2: mElem): Boolean;\r
      begin\r
         result := e1.i = e2.i\r
      end Eq;\r
\r
      var e1, e2: mElem,\r
          i:      integer,\r
          s1, s2: Stackl;\r
\r
      handlers\r
         when ERR_Empty:   writeln("stack is empty");\r
         when ERR_Full:    writeln("stack is full");\r
         when ERR_Axiom1:  writeln("Axiom1");\r
         when ERR_Axiom2:  writeln("Axiom2");\r
         when ERR_Axiom3:  writeln("Axiom3");\r
         when ERR_Axiom4:  writeln("Axiom4");\r
      end handlers;\r
\r
   begin\r
      writeln("program testing stacks and its verification environment");\r
      s1 := new Stackl;\r
      writeln("give an integer, ZERO ends");\r
      do\r
        readln(i);\r
        e1 := new mElem(i);\r
        s1 := push(e1, s1);\r
        if i=0 then exit fi;\r
      od;\r
      s2 := s1;\r
      do\r
         if empty(s2)\r
         then \r
            exit\r
         else\r
            e2 := top(s2);\r
            s2 := pop(s2);\r
            writeln(e2.i)\r
         fi\r
      od;\r
   end (* prefixed block *)\r
end (* of program *)\r
\r