Ultimately, types are meant to specify behavior in an abstract way. To capture behavioral properties, we will generalize our notion of types as constraints to include behavioral descriptions in the form of logical assertions.
Additional keywords and phrases:
behavioral subtypes, state transformers,
correctness formulae, assertion logic,
transition systems, invariants, formal specification
The answer to the first question is suggested by the observation that we may also express the constraints imposed by the signature by means of logical formulae that state the constraints as assertions which must be satisfied.
When we have, for example, an assignment then we have as the corresponding transition where , that is is like except for the variable i for which the value 5 will now be delivered. Whenever we have a sequence of actions then, starting from a state we have corresponding state transformations resulting in states as intermediary states and as the final state. Often the states and are referred to as respectively the input and output state and the program that results in the actions as the state transformer modifying into .
class as {
int t;
T a[MAX];
public:
as() { t = 0; }
void push(T e) {
require(t
To establish the correctness of the operation pop,
we must prove that the pre-condition specified
for the abstract operation is indeed stronger
than the pre-condition specified for the concrete
operation, as expressed by the formula
The correspondence relation
Behavioral refinement is not restricted
to the realization of abstract specifications.
We will now look at a definition of behavioral
refinement, following
draft version 0.1 (15/7/2001)Specifying interaction
Elementary logic and set-theory provide
a powerful vehicle for specifying
the behavior of a system,
including the interaction between its components.
However, taking into account that many
software developers prefer a more
operational mode of thinking
when dealing with the intricacies of
complex interactions, we will briefly look
at formalisms that allow a more explicit
specification of the operational aspects
of interaction and communication,
yet support to some extent to reason about
such specifications.
See slide 10-interaction.
Contracts -- behavioral compositions
Scripts -- cooperation by enrollment
Multiparty interactions -- communication primitive
Joint action systems -- action-oriented
Joint action systems
Contracts as protocols of interaction
subject : model supports [
state : V;
value( val : V ) $|->$ [state = val]; notify();
notify() $|->$ $\forall v \e $views $\bl$ v.update();
attach( v : view ) $|->$ v $\e$ views;
detach( v : view ) $|->$ v $\not\e$ views;
]
views : set
Actions may consist either of other method calls
or conditions that are considered to be satisfied
after calling the method.
Quantification as for example in
is used to express that the method $update()$
is to be called for all elements in views.
The model-view contract specifies
in more formal terms the MV part of the MVC paradigm
discussed in section MVC.
Recall, that the idea of a model-view pair
is to distinguish between the actual
information (which is contained in the model object)
and the presentation of that information, which is
taken care of by possibly multiple view objects.
The actual protocol of interaction between a model
and its view objects is quite straightforward.
Each view object may be considered as a handler
that must minimally have a method to install
a model and a method update which is invoked,
as the result of the model object calling notify,
whenever the information contained in the model
changes.
The effect of calling $notify()$ is abstractly
characterized as a universal quantification
over the collection of view object.
Calling $notify()$ for subject results in calling
$update()$ for each view.
The meaning of $update()$ is abstractly represented as
which tells us that the state of the subject
is adequately reflected by the view object.
The invariant clause of the model-view
contract states that every change of the (state of the)
model will be reflected by each view.
The instantiation clause describes, in a rather operational way,
how to initialize each object participating in the contract.
In order to instantiate such a contract, we need to define
appropriate classes realizing the abstract entities
participating in the contract,
and further we need to define how these
classes are related to their abstract counterparts
in the contract by means of what we may call, following
[]
readme
course
preface
1
2
3
4
5
6
7
8
9
10
11
12
appendix
lectures
resources
eliens@cs.vu.nl