Specification and Implementation of Abstract Data Types Algebraic
Specification and Implementation of Abstract Data Types Algebraic Techniques ceg 860 (Prasad) LADT 1
Data Abstraction • Clients – Interested in WHAT services a module provides, not HOW they are carried out. So, ignore details irrelevant to the overall behavior, for clarity. • Implementors – Reserve the right to change the code, to improve performance. So, ensure that clients do not make unwarranted assumptions. ceg 860 (Prasad) LADT 2
Abstraction : Equivalence Relations – Computability • Recursive vs Non-recursive – Semantics • Behavioral Equivalence – Resource-independent interchangeability • Performance aspect irrelevant for “correctness” – E. g. , Groups, Fields, Sorting, UNIX, etc – Algorithms • Time and Space requirements – Big-Oh (Worst-case Analysis) – NP-hard vs Polynomial-time ceg 860 (Prasad) LADT 3
Specification of Data Types Type : Values + Operations Specify Syntax Semantics Signature of Ops Meaning of Ops Model-based Description in terms of standard “primitive” data types ceg 860 (Prasad) LADT Axiomatic(Algebraic) Give axioms satisfied by the operations 4
Syntax of LISP S-expr • operations: nil, cons, car, cdr, null • signatures: nil: cons: car: cdr: null: S-expr * S-expr -> S-expr -> boolean for every atom a: a: ceg 860 (Prasad) S-expr LADT 5
• Signature tells us how to form complex terms from primitive operations. • Legal nil null(cons(nil, nil)) cons(car(nil), nil) • Illegal nil(cons) null(null) cons(nil) ceg 860 (Prasad) LADT 6
Formal Spec. of ADTs Characteristics of an “Adequate” Specification – Completeness (No undefinedness) – Consistency/Soundness (No conflicting definitions) GOAL: Learn to write sound and complete algebraic(axiomatic) specifications of ADTs ceg 860 (Prasad) LADT 7
Classification of Operations • Observers (“Queries”) – generate a value outside the type • E. g. , null in ADT S-expr • Constructors (“Creators and Commands”) – required for representing values in the type • E. g. , nil, cons, atoms a in ADT S-expr • Non-constructors (“Creators and Commands”) – remaining operations • E. g. , car, cdr in ADT S-expr ceg 860 (Prasad) LADT 8
ADT Table (symbol table/directory) empty : Table update : Key x Info x Table -> Table look. Up: Key x Table -> Info look. Up(K, empty) = error (Use of variable) (Alternative : Use of Preconditions) look. Up(K, update(Ki, I, T)) = if K = Ki then I else look. Up(K, T) (“last update overrides the others”) ceg 860 (Prasad) LADT 9
Implementations – Array-based – Linear. List-based – Tree-based • Binary Search Trees, AVL Trees, B-Trees etc – Hash. Table-based • These exhibit a common Table behavior, but differ in performance aspects. • Correctness of a client program is assured even when the implementation is changed. ceg 860 (Prasad) LADT 10
A-list in LISP a : A nil : cons : car : cdr : null : A-list A x A-list -> A A-list -> boolean • Observers : • Constructors : • Non-constructors : ceg 860 (Prasad) LADT null, car nil, cons cdr 11
Algebraic Spec • Write axioms (equations) that characterize the meaning of all the operations. • Describe the meaning of the observers and the non-constructors on all possible constructor patterns. • Note the use of typed variables to abbreviate the definition. (“Finite Spec. ”) ceg 860 (Prasad) LADT 12
• for all S, T in S-expr cdr(nil) = error cdr(cons(S, T)) = T car(nil) = error car(cons(S, T)) = S null(nil) = true null(cons(S, T)) = false (To avoid “error”, use preconditions instead. ) • Other atoms “a” are handled in the same way as “nil”. ceg 860 (Prasad) LADT 13
Natural Numbers zero : succ : add : iszero N N -> N N x N -> N : N -> boolean observers : iszero constructors : zero, succ non-constructors : add Each numbers has a unique representation in terms of its constructors. ceg 860 (Prasad) LADT 14
for all I, J in N add(zero, I) = I add(succ(J), I) = succ(add(J, I)) iszero(zero) = true iszero(succ(n)) = false ceg 860 (Prasad) LADT 15
A-list Revisted a : A nil list append null : : A-list A -> A-list x A-list -> boolean • values – nil, list(a), append(nil, list(a)), . . . ceg 860 (Prasad) LADT 16
Algebraic Spec • constructors – nil, list, append • observer isnull(nil) = true isnull(list(a)) = false isnull(append(L 1, L 2)) = isnull(L 1) / isnull(L 2) ceg 860 (Prasad) LADT 17
• Problem : Same value has multiple representation in terms of constructors. • Solution : Add axioms for constructors. – Identity Rule append(L, nil) = L append(nil, L) = L – Associativity Rule append(L 1, L 2), L 3) = append(L 1, append(L 2, L 3)) ceg 860 (Prasad) LADT 18
Writing ADT Specs • Idea: Specify “sufficient” axioms such that syntactically distinct patterns that denote the same value can be proven so. – Completeness • Define non-constructors and observers on all possible constructor patterns – Consistency • Check for conflicting reductions • Note: A term essentially records the detailed history of construction of the value. ceg 860 (Prasad) LADT 19
General Strategy for ADT Specs • Syntax – Specify signatures and classify operations. • Constructors – Write axioms to ensure that two constructor terms that represent the same value can be proven so. • E. g. , identity, associativity, commutativity rules. ceg 860 (Prasad) LADT 20
• Non-constructors – Provide axioms to collapse a non-constructor term into a term involving only constructors. • Observers – Define the meaning of an observer on all constructor terms, checking for consistency. Implementation of a type An interpretation of the operations of the ADT that satisfies all the axioms. ceg 860 (Prasad) LADT 21
Model-based vs Algebraic • A model-based specification of a type satisfies the corresponding axiomatic specification. Hence, algebraic spec. is “more abstract” than the model-based spec. • Algebraic spec captures the least commondenominator (behavior) of all possible implementations. ceg 860 (Prasad) LADT 22
Example car( cons( X, Y) ) = X cdr( cons (X, Y) ) = Y (define (cons x y) (lambda (m) (cond ((eq? m ’first) x) (eq? m ’second) y) ) )) ; “closure” (define (car z) (z ’first)) (define (cdr z) (z ’second)) ceg 860 (Prasad) LADT 23
Canonical Form for Equality Testing • Identity Element • Delete element • Associative Op • Collapse tree into linear list (parenthesis redundant) • Order list elements • Commutative Op • Idempotent ceg 860 (Prasad) • Remove duplicates LADT 24
Ordered Integer Lists null : oil -> boolean nil : oil hd : oil -> int tl : oil -> oil ins : int x oil -> oil order : int_list -> oil Constructors: nil, ins Non-constructors: tl, order Observers: null, hd ceg 860 (Prasad) LADT 25
• Problem: – syntactically different, but semantically equivalent constructor terms ins(2, ins(5, nil)) = ins(5, ins(2, nil)) = ins(2, nil) – hd should return the smallest element. • for all I in int, L in oil, it is not the case that hd(ins(I, L)) = I. • This holds iff I is the minimum in ins(I, L). – Similarly for tl. ceg 860 (Prasad) LADT 26
Axioms for Constructors • Idempotence – for all ordered integer lists L; for all I in int ins(I, L)) = ins(I, L) • Commutativity – for all ordered integer lists L; for all I, J in int ins(I, ins(J, L)) = ins(J, ins(I, L)) Completeness : Any permutation can be generated by exchanging adjacent elements. ceg 860 (Prasad) LADT 27
Axioms for Non-constructors tl(nil) = error tl(ins(I, L)) = ? tl(ins(I, nil)) = nil tl(ins(I, ins(J, L))) = I < J => ins( J, tl(ins(I, L)) ) I > J => ins( I, tl(ins(J, L)) ) I = J => tl( ins( I, L ) ) (cf. constructor axioms for duplicate elimination) order(nil) = nil order(cons(I, L)) = ins(I, order(L)) ceg 860 (Prasad) LADT 28
Axioms for Observers hd(nil) = error hd(ins(I, nil)) = I hd(ins(I, ins(J, L))) = I < J => hd( ins(I, L) ) I > J => hd( ins(J, L) ) I = J => hd( ins(I, L) ) null(nil) null(cons(I, L)) ceg 860 (Prasad) = = LADT true false 29
Object-Oriented Software Construction • Building software systems as structured collections of (possibly partial) abstract data type implementations. • Function categories – Creators – Queries – Commands ceg 860 (Prasad) ( …x … -> T ) (…x T x … -> …) (…x T x … -> T ) LADT 30
- Slides: 30