Lecture 15 Data Abstraction It is better to

Lecture 15: Data Abstraction It is better to have 100 functions operate on one data structure than 10 functions on 10 data structures. 20 March 2001 CS 655: Lecture 15 Alan Perlis

Menu • Data Abstraction before CLU • Data Abstraction in CLU • Reasoning about Data Abstractions – Abstraction Functions – Rep Invariants 20 March 2001 CS 655: Lecture 15 2

What is a type? • Last time: a set of values • Today: an abstraction for decomposing a program that provides a set of operations • Sets of values don’t work because you are tied to the representation 20 March 2001 CS 655: Lecture 15 3

Data Abstraction in C/Pascal? • User-defined types: typedef enum { red = 0, green, blue } color; typedef struct { int locx; int locy; } location; • Type checking either: – By structure (e. g. , color dumb = 23) – By name (maybe in Pascal, ambiguous) • Only way to use type, is to access its representation; no restrictions on where you can do this. 20 March 2001 CS 655: Lecture 15 4

Data Abstraction in BLISS? • User specifies accessing algorithm for structure elements • May modify either structure definition or algorithms without affecting the other structure array[i, j] = (. array +. i * 10 +. j) • May define memory allocation routines • But: only arrays, no typed elements 20 March 2001 CS 655: Lecture 15 5

Data Abstraction in Simula 67 • Define a class with hidden attributes (visible only in the class implementation) and protected attributes (visible in subclass implementations also) • Unfortunately, not widely known: – From Sweden – Few Publications (mostly in Swedish), no language Report, no decent textbook until 1986 • Alan Kay learned about Simula by reading the source code, thinking it was an Algol compiler! – Big influence on Smalltalk and C++; small influence on CLU 20 March 2001 CS 655: Lecture 15 6

Providing Data Abstraction • Type check by name • Restrict what code can access the representation of a data type – CLU, Alphard: only operations of the type – Other (possibly) reasonable answers: • C++: allow functions outside the type that are declared friends to access representation • C with LCLint: in files and functions according to a naming convention, elsewhere when explicitly annotated • [Stata 97]: operations can access the only some of the representation 20 March 2001 CS 655: Lecture 15 7

Data Abstraction in CLU Rest of program sees black box described by specification. intmap = data type is create, insert, lookup Operations create = proc () returns (intset) effects Returns a new, empty intmap. insert = proc (s: intmap, k: string, val: int) requires s does not have a key k. modifies s effects spost maps k to val. lookup = proc (s: intmap, k: string) returns (int) requires There is a key k in s. effects Returns value associated with key in s. 20 March 2001 CS 655: Lecture 15 8

Black-box Interface intmap down (intmap) returns (rep) up (rep) returns (intmap) rep = representation of intmap Only code in the cluster implementing intmap can call intmap$up or intmap$down. There is nothing else special about code in the cluster! 20 March 2001 CS 655: Lecture 15 9

Parameterized Data Abstractions • Don’t want to implement stringintmap, stringrealmap, intintmap, etc. • Value Parameters: – Don’t want to implement Factorial 2 (), Factorial 3 (), Factorial 4 (), . . . – Implement Factorial (n: int) • Type Parameters: – Implement map[tkey: type, tval: type] • Problem: how will we implement lookup if we don’t know anything about tkey? 20 March 2001 CS 655: Lecture 15 10

Specification map = data type [tkey: type, tval: type] is create, insert, lookup Requires tkey has an operation equal: proctype (t, t) returns (bool) that is an equivalence relation on t. Operations create = proc () returns (map) effects Returns a new, empty map. insert = proc (s: map, k: tkey, val: tval) requires s has no key k’ such that tkey$equal (k, k’). modifies s effects lookup (spost. k) = val. lookup = proc (s: map, k: tkey) returns (tval) requires s has a key k’ in s such that tkey$equal (k, k’). effects Returns value associated with k in s. 20 March 2001 CS 655: Lecture 15 11

Where Clauses map = cluster [tkey: type, tval: type] is create, insert, lookup where tkey has equal: proctype (tkey, tkey) returns bool Used in implementation, not specification. Checked by compiler. 20 March 2001 CS 655: Lecture 15 12

Implementing Data Abstractions • Need a concrete representation map = cluster [tkey: type, tval: type] is create, insert, lookup where tkey has equal: proctype (tkey, tkey) returns (bool) pair = record [key: tkey, value: tval] rep = array [pair] create = proc () returns (map) return up(rep$new ()) end create 20 March 2001 CS 655: Lecture 15 13

Implementing map insert = proc (m: map, k: tkey, v: tval) % Better spec would remove requires % clause and signal exception if key % is already in the map. down (m). addh (pair${key: k, value: v}) end insert 20 March 2001 CS 655: Lecture 15 14

Printing maps map = cluster [tkey: type, tval] is. . . unparse = proc (m: map) returns (string) where tkey has unparse: proctype (tkey) returns (string) tval has unparse: proctype (tval) returns (string) Why put the where clause about equal on the cluster instead of member operation? 20 March 2001 CS 655: Lecture 15 15

• bool CLU: Special Types – Language control structures (if, while) depend on type bool • int, char, real, string, null – Built-in language support for literals • record, struct, variant, oneof, array, sequence – Special constructor syntax T${ … } • any – Union of all possible types, use force to convert (with checking) to actual type 20 March 2001 CS 655: Lecture 15 16

CLU Operators • Assignment (: =) – Always means sharing (recall immutable types) – Types by name must match • Everything else is syntactic sugar, all types can use: 3 + 2 int$add (3, 2) m 1, m 2: map[string, int] m 1 + m 2 map[string, int]$add (m 1, m 2) ai: array[int] ai[n] : = ai[n-1] array[int]$store (ai, n, array[int]$fetch (ai, n-1)) • Four exceptions: up, down, cand, cor 20 March 2001 CS 655: Lecture 15 17

Questions? Next: Reasoning About Data Abstractions 20 March 2001 CS 655: Lecture 15

Reasoning about Data Abstractions • They are abstractions – need to invent a formal notation (A) for describing them • They have representations – need to define a mapping from concrete representation to that formal notation • Abstraction Function: A: rep A 20 March 2001 CS 655: Lecture 15 19

Describing maps A map can be described by a sequence of (key, value) pairs with unique keys: [ (key 0, value 0), (key 1, value 1), … ] such that if key = keyi the value associated with key is valuei. A: rep [(key 0, value 0), (key 1, value 1), …] 20 March 2001 CS 655: Lecture 15 20

Abstraction Function A: array [record [key: tkey, value: tval]] [(key 0, value 0), (key 1, value 1), …] A(r) = [(r[rep$low(r)]. key, r[rep$low(r)]. value), (r[rep$low(r) + 1]. key, r[rep$low(r)+1]. value), . . . (r[rep$high(r)]. key, r[rep$high(r)]. value)] Problem: What if r contains duplicate keys? 20 March 2001 CS 655: Lecture 15 21

Rep Invariant • “It better not!” • I: rep Boolean I(r) = (r[i]. key = r[k]. key implies i = k) 20 March 2001 CS 655: Lecture 15 22

Reasoning with Rep Invariants Prove by induction, for a datatype t: 1. For each operation that creates new t: prove that returned reps r of returned t satisfies I(r) 2. For each cluster operation: assume all t objects passed as parameters satisfy have reps r that satisfy I(r), prove they do at all cluster exit points. Argue that only cluster operations can alter the rep, so if you can prove invariant holds for all cluster operations, it must always hold. 20 March 2001 CS 655: Lecture 15 23

What can go wrong? map = cluster [tkey: type, tval: type] is. . . choose = proc (m: map) returns (record [key: tkey, value: tval]) % requires m is not empty. % effects Returns a (key, value) pair in m. return (down (m)[rep$low (down(m))] end choose p = proc (m: map[string, int]) map[string, int]$insert (m, “duplicate”, 3) pair p : = map[string, int]$choose (m) p. key = “duplicate” end p 20 March 2001 CS 655: Lecture 15 24

Rep Exposure • Can’t share mutable objects in data representations • Sharing immutable objects is okay • Could compiler prevent this? – Yes, pretty easy • Why doesn’t CLU compiler prevent this? – Sometimes efficiency requires rep exposure – e. g. , create a map by passing in an array of pairs 20 March 2001 CS 655: Lecture 15 25

The programming community must soon come to terms with the topics that they address, including: What are the qualitative and quantitave effects of strong typechecking? How do verification considerations affect language design? What abstraction mechanisms should languages provide? How can security of high-level languages be extended to realtime applications? Jim Horning, 1977 (from 6 March manifest) 20 March 2001 CS 655: Lecture 15 26

Charge • Read Stroustrup and Smalltalk papers before class Thursday • Think about what Object-Oriented Programming really means – could Stroustrup and Ingalls really be writing about the same thing? • Is CLU Object-Oriented? If not, would adding syntactic sugar make CLU objectoriented? 20 March 2001 CS 655: Lecture 15 27