Component‐baseddesigninTako(acasestudy)

ArunSudhir•GregoryKulczycki•JyotindraVasudeo

GregoryKulczycki

GregoryKulczycki

ArunSudhir

GregoryKulczycki

ArunSudhir

JyotindraVasudeo

FallsChurch,VA

Component‐baseddesigninTako(acasestudy)

(1)WhatisTako?

(2)WhatisTakodesign?

(1)WhatisTako?

Tako≈Java+Resolve

WhatisResolve?

integrated

programming&specification

language

fullformalverification

(full=heavyweight)

Staticallyprove...

CODEiscorrectw.r.t.SPEC

VerifyingCompiler

GrandChallengeTonyHoare,2003

Resolveandlanguagedesign

Makethingsassimpleaspossible...

butnosimpler.

–AlbertEinstein

SimplicityinReasoning

SophisticatedLanguageFeatures

nopointers

noinheritance

noconcurrency

!!!

pointers

inheritance

concurrency

(butdisciplined)

Pointers

Pointers=References

⇒Aliasing

{x=true}

y:=false

{x=???}

{x=true}

y:=false

{x=???}Isx

aliasedtoy?

referencecopying⇒aliasing

objectcopying⇒expensive

x:=:y

x

y

before

x

y

after

UsingResolve/C++JoeHollingsworthetal,2000

100,000linesofcode

swapping/copying‐based

pointer‐based⤴

WhatisResolve?

(1)Goal–fullverification

(2)Language–swapping

(1)WhatisTako?

Tako≈Java+Resolve

sex‐appeal

sex‐appeal

popular

sex‐appeal

popular

notlogical

sex‐appeal

popular

notlogical

idealist

sex‐appeal

popular

notlogical

idealist

rational

sex‐appeal

popular

notlogical

idealist

rational

know‐it‐all

sex‐appeal

popular

notlogical

idealist

rational

know‐it‐all

Takoisacompromise

x

[•,•,•]

O M G

arr

WhyTako?

(1)Teachformalreasoning

(2)Simplifyinformalreasoning

p:=q;q.enqueue(t);t.clear();//initializettoΦ

p=<Ψ,Φ>q=<Ψ,Δ,Ψ,Δ>t=Δ

p=???q=???t=???

Pre‐state:

Post‐state:

0

15

30

45

60

Copy Swap Reference

PercentCorrect

0

60

120

180

240

300

Copy Swap Reference

AverageTime(toanswercorrectly)

Futureforswapping‐basedOO?

Ourcasestudy

WestofHouseYouarestandinginanopenfieldwestofawhitehouse,withaboardedfrontdoor.

Thereisasmallmailboxhere.

> examinemailboxThesmallmailboxisclosed

> openmailboxOpeningthesmallmailboxrevealsaleaflet.

> getleafletTaken

>

Parser GameWorld

Parser

action=OPEN

subject=PLAYERobject1=BOX

object2=NOTHING

⤴

“openthebox”⤴

Parser:Tako≈Java

GameWorld

TreeofGameObjects

IndexedTree

a

f g

d

e

b

x z

c

a

f g

d

e

b

x z

c

G=(V,E)rank(v)ROOT,CSRVcontents(v)

Model

∈

Constraints

acyclicconsistentrank

DEN

insert(DEN,den_obj)

DEN

insert(TOM,tom_obj)

DEN TOM

DEN

advance()

DENTOM TOM

enter()

DENTOMDENTOM

moveSubtreeToCursor(TOM)

DEN

TOM

DENTOM

GameWorld

TreeofGameObjects

GameWorld

moveObjectIntoSecond(OBJ1,OBJ2)

moveObjectBeforeSecond(OBJ1,OBJ2)

updateObjectProperty(OBJ,PROP)

objectHasProperty(OBJ,PROP)

setObjectProperty(BOX,OPEN)

DEN

TOM BOX

PERSONMALE

BIN

ROOMLIGHT DEN

TOM BOX

PERSONMALE

BINOPEN

ROOMLIGHT

setObjectProperty(BOX,OPEN)

DEN

TOM BOX

PERSONMALE

BIN

ROOMLIGHT DEN

TOM BOX

PERSONMALE

BINOPEN

ROOMLIGHT

setObjectProperty(BOX,OPEN)

DEN

TOM BOX

PERSONMALE

BIN

ROOMLIGHT DEN

TOM BOX

PERSONMALE

BINOPEN

ROOMLIGHT

1.Createdummynode

1.Createdummynode

2.Gototarget

1.Createdummynode

2.Gototarget

3.Swapnodeout

1.Createdummynode

2.Gototarget

3.Swapnodeout

4.Modifynode

1.Createdummynode

2.Gototarget

3.Swapnodeout

4.Modifynode

5.Swapnodein

1.Createdummynode

2.Gototarget

3.Swapnodeout

4.Modifynode

5.Swapnodein

tray

dish fork

ricepeas

>lookYouseeatraycontainingadish(containingriceandpeas)andafork.

tray

dish fork

ricepeas

1.getFormattedList

2.getSubtree/insertSubtree

3.getTreeExplorer(read‐onlyiterator)

4.advance/enter/swapNodes

value‐basedcomponents

list⤴tree⤴

GameWorld

IndexedTree

PointerMap

Whatdidwelearn?

(1)Algorithms–similartoJava

(2)Datastructures–difference(a)updates–swapin/out(b)strongownership

Questions?

aliasavoidance

think“uniquereferences”

x

Obama‐Palin

McCain‐Biden⤴

thesimplestanswerisnotalwayscorrect