1 © AdaCore under the GNU Free Documentation License Franco Gasperoni [email protected] .

1http://libre.adacore.com © AdaCore under the GNU Free Documentation License

Franco Gasperoni

[email protected]

http://libre.adacore.com


• Programming in the Large

– specification & implementation

– privacy

– abstract data types

– hierarchical packages


Separate CompilationSeparate CompilationTHE PROBLEM

Compiler object

CODE

Compiler object

CODE

Compiler object

CODE

Linker

executable

libraries


Problem with this approachProblem with this approach

CODE

CODE

CODE

• No structure

• To write your own code– YOU MUST understand

everybody else’s code

CODE

CODE


IdeaIdea

SPECIFY WHAT EACH

MODULESHOULD DO


SPECIFICATION

Software module

?

BODY


• Programming in the Large– specification &

implementation•specification

• implementation

• specification rules in Ada


A Specification is a ...A Specification is a ...

CONTRACTImplementorof themodule

Users/clientsof themodule

• On the SERVICES provided by the module


• SPEC = list of services provided

• BODY = implementation of the services (hidden)

Software module

Service_1Service_2Service_3

Service_1 implementation




SPECIFICATION

?BODY


ExampleExample

• Create a Queue module that can– Add an Integer to the Queue

– See the First integer in the Queue

– Get the first integer in the Queue

– Test whether the Queue is Empty


package Queue is procedure Add (Element : Integer);

function First return Integer; function Get return Integer;

function Empty return Boolean;end Queue;




queue.adsqueue.ads


package Queue

?

BODY







queue.adsqueue.ads


Using package QueueUsing package Queue

with Queue;procedure Client is Queue_Error : exception; X : Integer;begin Queue.Add (3); Queue.Add (4);

if not Queue.Empty then X := Queue.Get; else raise Queue_Error; end if;end Client;

client.adb


Specifications Reduce ComplexitySpecifications Reduce Complexity

SPECSPEC

SPECSPEC

SPECSPEC

SPECSPEC

• To write your own code– only need to understand

specs for the services you need


package Queue?







queue.adsqueue.ads

To write Client only need to look atTo write Client only need to look at


Aside: use clauseAside: use clause

with Queue; use Queue;procedure Client is Queue_Error : exception; X : Integer;begin Queue. Add (3); Queue. Add (4);

if not Queue. Empty then X := Queue. Get; else raise Queue_Error; end if;end Client;



implementation• specification

• implementation

• specification rules in Ada


ONEONE possible possible implementationimplementation

of packageof packageQueueQueue

This implementationThis implementation raises Constraint_Error raises Constraint_Errorif more than Max_Sizeif more than Max_Size

elements are put in the Queue.elements are put in the Queue.


Circular BufferCircular Buffer

Q

0 1Max_Size - 1

Q_Last Q_First


ANOTHERANOTHER possible possible implementationimplementation

of packageof packageQueueQueue


Linked ListLinked List

Q_LastQ_First

Free


A Spec can have several A Spec can have several implementationsimplementations

• Can change implementation

• WITHOUT having to change ANY of the client’s code







queue.adsqueue.ads

firstimplement.

firstimplement.

secondimplement.second

implement.



implementation• specification

• implementation

•specification rules in Ada


In AdaIn Ada

• Spec always checked against implementation

• Must with the specs that you are going to

use (not in C)

• Packages provide multiple name spaces


Must with Specs usedMust with Specs used

with Queue;procedure Client is ...begin Queue.Add (3); ...end Client;

Compilationerror


Multiple Name SpacesMultiple Name Spacespackage Queue is procedure Add (E : Integer); ...end Queue;

package Queue is procedure Add (E : Integer); ...end Queue;

package Set is procedure Add (E : Integer); ...end Set;


with Queue;with Set;procedure Client isbegin Queue.Add (3);

Set.Add (99);end Client;


Use Clause and AmbiguitiesUse Clause and Ambiguitiespackage Queue is procedure Add (E : Integer); ...end Queue;

package Queue is procedure Add (E : Integer); ...end Queue;



with Queue; use Queue;with Set; use Set;procedure Client isbegin Add (123);end Client;

Compilationerror

ambiguity


But … Ada has overloadingBut … Ada has overloadingpackage Queue is procedure Add (E : Integer); procedure Add (E : Float); ...end Queue;

package Queue is procedure Add (E : Integer); procedure Add (E : Float); ...end Queue;

with Queue; use Queue;

procedure Client isbegin Add (123);

Add (3.141);end Client;




– privacy




package Queues is type Queue is …;

procedure Add (Q : Queue; Element : Integer); function First (Q : Queue) return Integer; function Get (Q : Queue) return Integer; function Empty (Q : Queue) return Boolean;end Queues;



Having Several QueuesHaving Several Queues


Using Several QueuesUsing Several Queues

with Queues; use Queues;procedure Client is Q1 : Queue; Q2 : Queue;

begin Add (Q1, 123);

Add (Q2, 3);

Add (Q2, Get (Q1));end Client;


One possible One possible implementation ...implementation ...



type Q_Element;type Element_Ptr is access Queue_Element;

type Queue_Element is record Val : Integer; Next : Element_Ptr;end record;

type Queue is record First : Element_Ptr; Last : Element_Ptr;end record;

type Q_Element;type Element_Ptr is access Queue_Element;

type Queue_Element is record Val : Integer; Next : Element_Ptr;end record;

type Queue is record First : Element_Ptr; Last : Element_Ptr;end record;


Client code allowed to Client code allowed to depend on the depend on the

implementation !implementation !with Queues; use Queues;procedure Client is Q1 : Queue; Q2 : Queue;

begin Add (Q1, 123); Add (Q2, 3);

Q2.Last := null;

end Client;

OK


Another implementation ...Another implementation ...



Max_Size : constant := 100;type Q_array (Natural range <>) of Integer;

type Queue is record Q : Q_Array (0 .. Max_Size); First : Natural; Last : Natural; Size : Natural;end record;

Max_Size : constant := 100;type Q_array (Natural range <>) of Integer;

type Queue is record Q : Q_Array (0 .. Max_Size); First : Natural; Last : Natural; Size : Natural;end record;


… … breaks client code !breaks client code !


begin Add (Q1, 123); Add (Q2, 3);

Q2.Last := null;

end Client;

Compilationerror


Even without changing Even without changing the implementationthe implementationthere is a there is a PROBLEMPROBLEM


begin Add (Q1, 123); Add (Q2, 3);

Q2.Last := null;

end Client;

Q2 is in aninconsistent

state

33FirstLast

null

Q2:


You need PRIVACYYou need PRIVACY

• Exposing your data structures is risky

– Client code may manipulate the structures directly without using your own services

– Client code is hard to change


ThinkThink BIGBIG

what if what if the the QueuesQueues package package

is is used byused by 1000s1000s of other of other packagespackages


• If there is a bug concerning a Queue, you may have to look at 1000s of packages to find the bug

• If you change the implementation you may have to update 1000s of packages



– privacy•private types

• private types & discriminants

• limited private types


Private typesPrivate types

package Queues is type Queue is private;

procedure Add (Q : Queue; Element : Integer); function First (Q : Queue) return Integer; function Get (Q : Queue) return Integer; function Empty (Q : Queue) return Boolean;

private type Queue is …;end Queues;





In any implementation ...In any implementation ...package Queues is type Queue is private;


private type Queue_Element; type Element_Ptr is access Queue_Element; type Queue_Element is record Val : Integer; Next : Element_Ptr; end record;

type Queue is record First : Element_Ptr; Last : Element_Ptr; end record;end Queues;


… … private types are PRIVATEprivate types are PRIVATE


begin Add (Q1, 123); Add (Q2, 3);

Q2.Last := null;

end Client;

Compilationerror


Advantages of Advantages of privateprivate types types

• Enforces the contract of a specification

• No client code can corrupt your data structures

• Can change implementation without changing client code



– privacy• private types

• private types & discriminants

• limited private types



X : Integer;

begin Add (Q1, 123); Add (Q1, 3);

Q2 := Q1;

X := Get (Q2);end Client;

Does this affect Q1 ?


it depends on … the it depends on … the implementation !implementation !

• If a Queue is implemented with

– a pointer then Get (Q2) MODIFIES Q1

– a record containing an array then Get (Q2) does NOT modify Q1


with Queues; use Queues;procedure Client is Q1 : Queue; Q2 : Queue; X : Integer;begin Add (Q1, 123);

Add (Q1, 3);

Q2 := Q1;

X := Get (Q2);X := Get (Q2);end Client;

123123Q1: 33

Q2:

123123Q1:

123123Q1: 33

Q2:

Pointer Pointer implementationimplementation

Pointer Pointer implementationimplementation


limited private typeslimited private types

• NO assignment :=

• NO equality comparison =


package Queues is type Queue is limited private;



package Queues is type Queue is limited private;





X : Integer;

begin Add (Q1, 123); Add (Q1, 3);

Q2 := Q1;

end Client;

COMPILATIONERROR

:= forbidden




– privacy




To add functionality ...To add functionality ...




function Last (Q : Queue) return Integer;

function Last (Q : Queue) return Integer;

Must add it to

QueuesQueue is a private type


But ...But ...

• Every time you change a spec you must recompile all its clients

• Every time you change a module you must RETEST the whole module


Solution: use child unitsSolution: use child units




queues.ads

function Queues . Last (Q : Queue) return Integer;queues-last.ads

Child subprogram


Child Units RulesChild Units Rules

• The body or private part of a child unit can see the private part of all of its parents

• The spec of a child unit does NOT


Using a child unitUsing a child unit

with Queues; use Queues;with Queues.Last;procedure Client is Q : Queue; X : Integer;

begin Add (Q, 123); Add (Q, 3);

X := Queues.Last (Q);end Client;





queues.ads

package Queues . New_Functionality is function Last (Q : Queue) return Integer;end Queues . New_Functionality

queues-new_functionality.ads

Child package


with Queues; use Queues;with Queues.New_Functionality;procedure Client is Q : Queue; X : Integer;

begin Add (Q, 123); Add (Q, 3);

X := Queues.New_Functionality.Last (Q);end Client;

Date post:	17-Jan-2016
Category:	Documents
Upload:	colin-james
View:	217 times
Download:	0 times

1 © AdaCore under the GNU Free Documentation License Franco Gasperoni [email protected] .

Documents