RT development process, Abstract Syntax Trees and Logic

1
RT development process, Abstract Syntax Trees and
Logic

• Peter Gorm Larsen
• (pgl_at_iha.dk)

2
Agenda

• Development Process for RT systems
• Abstract Syntax Trees and analysis of ASTs
• Introduction to Logic

3
Reactive systems Nature
The World
Environment
System
stimuli
response
4
Overview of Development Process
5
General use case for anembedded system
6
Capturing Requirements in VDM-SL

• operations
• PerformSystemReaction seq of SensorInput gt
• seq of ActuatorCommand
• PerformSystemReaction(inputseq)
• if inputseq
• then
• else SensorTreatment(hd inputseq)
• PerformSystemReaction(tl inputseq)

An accumulating parameter can be used for feedback
7
Sequential Design Model
8
Typical Design Structure

• An Environment class is needed
• A SystemName class is needed
• A World class is introduced for setting up both
  the environment and the system
• World shall contain a Run operation
• World have access to some notion of time
• The Environment has operation for creating
  signals to the system and receiving events from
  the system
• Flow of control resides with the Environment
• Each class that do actions has an isFinished
  operation

9
Concurrent Design Model

• Similar to sequential design model but
• Identification of threads
• Determine necessary communication
• Establish synchronization points
• Validation of model
• Typical design structure
• Flow of control is distributed
• Synchronization using permission predicates and
  mutex
• isFinished operations become skip with permission
  predicates
• A simple Timer class is replaced with the
  TimeStamp class

10
Concurrent Real-Time and Distributed Design Model

• Timing built in
• Use of default durations
• Use of duration and cycles statements
• Setting task switching overhead
• Typical Design Structure
• SystemName is now turned into a system
• CPUs and BUSes are introduced inside SystemName
• Environment may be turned into a system
• Some operations are made asynchronous
• Some Step like threads are made periodic
• Explicit use of TimeStamp is removed

11
Agenda

• Development Process for RT systems
• Abstract Syntax Trees and analysis of ASTs
• Introduction to Logic

12
The Phases of a Compiler
Source Program
Syntax Analysis
Error Reports
Abstract Syntax Tree
Type Analysis
Error Reports
Decorated Abstract Syntax Tree
Code Generation
Object Code
13
VDM-SL AST Example 1

• Program decls seq of Declaration
• stmt Stmt
• Declaration id Identifier
• tp Type
• val Value
• Identifier seq1 of char
• Type ltBoolTypegt ltIntTypegt
• Value BoolVal IntVal
• BoolVal val bool
• IntVal val int

14
VDM-SL AST Example 2

• Stmt BlockStmt AssignStmt CondStmt
  ForStmt
• RepeatStmt
• BlockStmt decls seq of Declaration
• stmts seq1 of Stmt
• AssignStmt lhs Variable
• rhs Expr
• Variable id Identifier
• CondStmt guard Expr
• thenst Stmt
• elsest Stmt
• ForStmt start AssignStmt
• stop Expr
• stmt Stmt
• RepeatStmt repeat Stmt
• until Expr

15
VDM-SL AST Example 3

• Expr BinaryExpr Value Variable
• BinaryExpr lhs Expr
• op Operator
• rhs Expr
• Operator ltAddgt ltSubgt ltDivgt ltMulgt
• ltLtgt ltGtgt ltEqgt ltAndgt
• ltOrgt

16
Semantic Analysis of ASTs

• Environments that denote context
• StatEnv map ASTIdentifier to ASTType
• DynEnv map ASTIdentifier to ASTValue
• CGEnv map ASTIdentifier to ASTType
• Recursive top-down handling of analysis
• Possibly use a visitor pattern in an OO context

17
Evaluation of An Expression

• EvalExpr ASTExpr DynEnv -gt ASTValue
• EvalExpr(ex, denv)
• cases ex
• mk_ASTBoolVal(-),
• mk_ASTIntVal(-) -gt ex,
• mk_ASTVariable(id) -gt denv(id),
• mk_ASTBinaryExpr(-,-,-) -gt
  EvalBinaryExpr(ex, denv)
• end
• pre is_ASTBinaryExpr(ex) gt pre_EvalBinaryExpr(ex
  , denv)
• EvalBinaryExpr ASTBinaryExpr DynEnv -gt
  ASTValue
• EvalBinaryExpr(mk_ASTBinaryExpr(lhs, op, rhs),
  denv)
• let v1 EvalExpr(lhs, denv).val,
• v2 EvalExpr(rhs, denv).val
• in cases op
• ltAddgt -gt mk_ASTIntVal(v1 v2),
• ...
• end

18
Type Checking An Expression

• wf_Expr ASTExpr StatEnv -gt bool ASTType
• wf_Expr(ex, senv)
• cases true
• (is_ASTBoolVal(ex)) -gt mk (true,
  ltBoolTypegt),
• (is_ASTIntVal(ex)) -gt mk_(true,
  ltIntTypegt),
• (is_ASTVariable(ex)) -gt wf Variable(ex,
  senv),
• (is_ASTBinaryExpr(ex)) -gt wf_BinaryExpr(ex,
  senv),
• others -gt mk_(false,
  ltIntTypegt)
• end
• wf_BinaryExpr ASTBinaryExpr StatEnv -gt bool
  ASTType
• wf_BinaryExpr(mk_ASTBinaryExpr(lhs, op, rhs),
  senv)
• let mk_(wf_lhs, tp_lhs) wf_Expr(lhs, senv),
• mk_(wf_rhs, tp_rhs) wf_Expr(rhs, senv)
• in cases op
• ltAddgt, ltSubgt, ltDivgt, ltMulgt -gt
• mk_(wf_lhs and wf_rhs and
• tp_lhs ltIntTypegt and tp_rhs
  ltIntTypegt,
• ltIntTypegt),

19
The ASTGen Tool
JAVA interfaces
JAVA implementation
Simple AST spec (restricted VDM)
VDM Interface classes
VDM Implementation classes
20
Binary Expression in AST file

• Expression BinaryExpression ...
• BinaryExpression
• lhs Expression
• op BinaryOperator
• rhs Expression
• Then ASTGen will produce

SimpleExpression.vdmpp
SimpleBinaryExpression.vdmpp
SimpleBinaryExpressionImpl.vdmpp
21
Generated VDM Interface Class

• class SimpleBinaryExpression is subclass of
  SimpleExpression
• operations
• public getLhs () gt SimpleExpression
• getLhs() is subclass responsibility
• public getOp () gt SimpleBinaryOperator
• getOp() is subclass responsibility
• public getRhs () gt SimpleExpression
• getRhs() is subclass responsibility
• end SimpleBinaryExpression

22
Generated VDM ImplementationClass

• class SimpleBinaryExpressionImpl is subclass of
  SimpleBinaryExpression
• instance variables
• private iv_lhsSimpleExpression
• private iv_opSimpleBinaryOperator
• private iv_rhsSimpleExpression
• operations
• public SimpleBinaryExpressionImpl
  SimpleExpression SimpleBinaryOperator
• 
  SimpleExpression gt SimpleBinaryExpressionImpl
• SimpleBinaryExpressionImpl(p_lhs, p_op,
  p_rhs)
• ( iv_lhs p_lhs
• iv_op p_op
• iv_rhs p_rhs
• )
• public getLhs () gt SimpleExpression
• getLhs() return iv_lhs

23
Code Generator Structure
Simple AST
Programming language AST (developed using ASTGen)
VDM model to be developed
Potential backend
Simple parser
Programming language concrete syntax
Simple concrete syntax
24
Agenda

• Development Process for RT systems
• Abstract Syntax Trees and analysis of ASTs
• Introduction to Logic

25
Logic

• Our ability to state invariants, record
  pre-conditions and post-conditions, and the
  ability to reason about a formal model depend on
  the logic on which the modelling language is
  based.
• Classical logical propositions and predicates
• Connectives
• Quantifiers

26
A temperature monitor example
Temperature (C)
30
20
10
0
1
2
3
4
5
6
7
8
9
Time (s)
The monitor records the last five temperature
readings
27
A temperature monitor example

• The following conditions are to be detected by
  the monitor
• Rising the last reading in the sample is greater
  than the first
• Over limit there is a reading in the sample in
  excess of 400 C
• Continually over limit all the readings in the
  sample exceed 400 C
• Safe If readings do not exceed 400 C by the
  middle of the sample, the reactor is safe. If
  readings exceed 400 C by the middle of the
  sample, the reactor is still safe provided that
  the reading at the end of the sample is less than
  400 C.
• Alarm The alarm is to be raised if and only if
  the reactor is not safe

28
Predicates and Propositions
Predicates are simply logical expressions. The
simplest kind of logical predicate is a
proposition. A proposition is a logical assertion
about a particular value or values, usually
involving a Boolean operator to compare the
values, e.g. 3 lt 27 5 9
29
Predicates
A predicate is a logical expression that is not
specific to particular values but contains
variables which can stand for one of a range of
possible values, e.g. x lt 27 (x2) x - 6
0 The truth or falsehood of a predicate depends
on the value taken by the variables.
30
Predicates in the monitor example
Monitor temps seq of int alarm
bool inv m len m.temps 5
Consider a monitor m. m is a sequence so we can
index into it First reading in m Last reading
in m Predicate stating that the first reading in
m is strictly less than the last reading The
truth of the predicate depends on the value of m.
m.temps(1)
m.temps(5)
m.temps(1) lt m.temps(5)
31
The rising condition
The last reading in the sample is greater than
the first
Monitor temps seq of int alarm
bool inv m len m.temps 5
We can express the rising condition as a Boolean
function
Rising Monitor -gt bool Rising(m) m.temps(1) lt
m.temps(5)
For any monitor m, the expression Rising(m)
evaluates to true iff the last reading in the
sample in m is higher than the first, e.g.
Rising( mk_Monitor(233,45,677,650,900, false) )
Rising( mk_Monitor(23,45,67,50,20, false) )
32
Logical Operators (Connectives)

• We will examine the following logical operators
• Negation (NOT)
• Conjunction (AND)
• Disjunction (OR)
• Implication (if then)
• Biconditional (if and only if)
• Truth tables can be used to show how these
  operators can combine propositions to compound
  propositions.

33
Negation (not)
Negation allows us to state that the opposite of
some logical expression is true, e.g. The
temperature in the monitor mon is not
rising not Rising(mon)
Truth table for negation
P not P
true false
false true
34
Disjunction (or)
Disjunction allows us to express alternatives
that are not necessarily exclusive Over limit
There is a reading in the sample in excess of 400
C OverLimit Monitor -gt bool OverLimit(m)
m.temps(1) gt 400 or m.temps(2) gt 400 or
m.temps(3) gt 400 or m.temps(4) gt 400 or
m.temps(5) gt 400
P Q P or Q
true true true
true false true
false true true
false false false
35
Conjunction (and)
Conjunction allows us to express the fact that
all of a collection of facts are true.
Continually over limit all the readings in the
sample exceed 400 C
COverLimit Monitor -gt bool COverLimit(m)
m.temps(1) gt 400 and m.temps(2) gt 400 and
m.temps(3) gt 400 and m.temps(4) gt 400 and
m.temps(5) gt 400
P Q P and Q
true true true
true false false
false true false
false false false
36
Implication
Implication allows us to express facts which are
only true under certain conditions (if then
) Safe If readings do not exceed 400 C by the
middle of the sample, the reactor is safe. If
readings exceed 400 C by the middle of the
sample, the reactor is still safe provided that
the reading at the end of the sample is less than
400 C.
Safe Monitor -gt bool Safe(m) m.temps(3) gt
400 gt m.temps(5) lt 400
P Q P gt Q
true true true
true false false
false true true
false false true
37
Biimplication
Biimplication allows us to express equivalence
(if and only if). Alarm The alarm is to be
raised if and only if the reactor is not safe
This can be recorded as an invariant property
Monitor temps seq of int alarm
bool inv m len m.temps 5 and not
Safe(m.temps) ltgt m.alarm
P Q P ltgt Q
true true true
true false false
false true false
false false true
38
Operator Precedence and Associativity

• not has the highest precedence
• Followed by and, or, gt and ltgt in that order
• gt has right grouping i.e.
• A gt B gt C without brackets means
• A gt (B gt C)
• The other logical operators are associative so
  right and left grouping are equivalent, i.e.
• A and (B and C) is identical to (A and B) and C

39
Quantifiers
For large collections of values, using a variable
makes more sense than dealing with each case
separately. inds m.temps represents indices
(1-5) of the sample The over limit condition
can then be expressed more economically
as exists i in set inds m.temps m.temps(i) gt
400
The continually over limit condition can then
be expressed using forall
COverLimit Monitor -gt bool COverLimit(m)
forall i in set inds m.temps m.temps(i) gt 400
40
Quantifiers
Syntax forall binding predicate exists
binding predicate
There are two types of binding Type Binding,
e.g. x nat n seq of char Set Binding,
e.g. i in set inds m x in set 1,,20
A type binding lets the bound variable range over
a type (a possibly infinite collection of
values).
A set binding lets the bound variable range over
a finite set of values.
41
Questions

• Formulate the following statements using
  predicate logic
• Everybody likes Danish pastry
• Everybody either likes Danish pastry or is a
  vegetarian
• Either everybody likes Danish pastry or everybody
  is a vegetarian
• Are the last two statements equivalent?

42
Questions

• Formulate the following statements using
  predicate logic
• Somebody likes Danish pastry
• There is somebody who either likes Danish pastry
  or is a vegetarian
• Either somebody likes Danish pastry or somebody
  is a vegetarian
• Are the last two statements equivalent?

43
Quantifiers
Several variables may be bound at once by a
single quantifier, e.g. forall x,y in set 1,,5
X ltgt y gt not m.temps(x) m.temps(y)
Would this predicate be true for the following
value of m.temps ? 320, 220, 105, 119, 150
44
Formulation Questions
All the readings in the sample are less than 400
and greater than 50. Each reading in the sample
is up to 10 greater than its predecessor. There
are two distinct readings in the sample which are
over 400.
forall i in set inds m.temps m.temps(i)
lt 400 and m.temps(i) gt 50
forall i in set inds m.temps\1
m.temps(i 1) 10 lt m.temps(i)
exists i,j in set inds m.temps i ltgt j
and m.temps(i) gt 400 and m.temps(j) gt 400
45
Combination of quantifiers

• Assume we have a predicate with two free
  variables P(x,y) where x X and y Y
• Then quantifiers can be combined
• forall y Y exists x X P(x,y) or
• exists y Y forall x X P(x,y)
• Would these be equal if X, Y are int and P x
  gty?
• However if the same quantifier was used both
  places the expressions would be equivalent
• forall y Y forall x X P(x,y) ?
• forall x X forall y Y P(x,y)
• exists y Y exists x X P(x,y) ?
• exists x X exists y Y P(x,y)

46
Quantifiers
Suppose we have to formalise the following
property There is a single minimum in the
sequence of readings, i.e. there is a reading
which is strictly smaller than any of the other
readings.
exists i in set inds m.temps forall j
in set inds m.temps i ltgt j gt
m.temps(i) lt m.temps(j)
Suppose the order of the quantifiers is reversed.
47
Questions

• Translate the following into English
• forall xElephant grey(x)
• forall xANIMAL
• elephant(x) gt grey(x)
• exists x ANIMAL
• bird(x) and
• has_wings(x) and
• not flies(x)
• Represent the following using predicate logic
  formulae
• Joanne is a teacher, she teaches AI, and likes
  chocolate.
• Some teachers do not like chocolate

48
Questions

• What is the truth value for the following
  expressions?
• forall x in set 2,4,6 IsEven(x)
• forall xxx in set xxx 8
• exists b in set b gt 0
• exists1 x in set 1,2,6,42 not IsEven(x)
• forall x nat x lt 5 gt x 2 gt 4
• exists x nat x lt 5 gt x 2 gt 4
• forall y nat y lt 5 gt y lt 20
• forall y in set power 1,2 card y 2
• not forall w nat
• z lt 4 gt exists x nat z lt x 2

49
Summary

• What have I presented today?
• Development Process for RT systems
• Abstract syntax trees and analysis of ASTs
• Introduction to Logic
• What do you need to do now?
• Read chapter 4 and 5 of the book for next week
• Read existing material about the selected project
  
• Formulate a new requirements definition for the
  project
• Start modelling your project in VDM using
  Overture
• Present about this project for the rest of us

50
Quote of the day

• The successful construction of all machinery
  depends on the perfection of the tools employed,
  and whoever is the master in the art of
  tool-making possesses the key to the construction
  of all machines.
• Charles Babbage, 1851