index Module Interface Specification

index(...) Module Interface Specification

(0) CHARACTERISTICS

-type specified: index

-features: deterministic, parameterized

-foreign types: status

-parameters: xmax: int

(1) SYNTAX

ACCESS-PROGRAMS

Program Name	Arg#1	Arg#2	Arg#3	Arg#4	Result Type
CATENATE	status:O	index:VO	index:VO
COPY	status:O	index:V	index:VO
DELETE	status:O	index:VO	int:V
DESTROY	status:O	index:O
GET_INT	status:O	index:V	int:V		int
INIT	status:O	index:VO
IS_EQUAL	status:O	index:V	index:V		bool
NB_ELEMS	status:O	index:V			int
PUT_INT	status:O	index:VO	int:V	int:V

(2) CANONICAL TRACES

canonical(T)

T = _

m:<int>; a[1]..a[m]:<int> [T = INIT(*1, *).[PUT_INT(*1, *, j, a[j])]j=1..m

xmax)]

AUXILIARY FUNCTIONS

canGet: <index> × <int> <bool>

canGet(x, n) = x _ 1 n n nbElems(x)

canPut: <index> × <int> <bool>

canPut(x, n) = x _ 1 n n nbElems(x) + 1

getInt: <index> × <int> <int>

getInt(x, n) (canGet(x, n)) = i where T1,T2:<index>; i:<int> [x = T1.PUT_INT(*1, *, n, i).T2 ]

nbElems: <index> <int>

nbElems(x) = count(x, "PUT_INT")

putInt: <index> × <int> × <int> <index>

putInt(x, n, i) (canPut(x, n)) =

Condition	Value
n < nbElems(x) + 1	T1.PUT_INT(1, , n, i).T2 where T1,T2:<index>; j:<int> [x = T1.PUT_INT(1, , n, j).T2 ]
n = nbElems(x) + 1	x.PUT_INT(1, , n, i)

(3) SEMANTICS

ACCESS-PROGRAMS

Legality(CATENATE(s, (x, T), (y, U))) =

Condition	Value
T = _ U = _	%no_init%
T _ U _ nbElems(T) + nbElems(U) > xmax	%out_of_space%
T _ U _ nbElems(T) + nbElems(U) xmax	%legal%

CATENATE(s , (x, T), (y, U)) =

Condition	Value
T = _ U = _	status::_
T _ U _ nbElems(T) + nbElems(U) > xmax	status::OUT_OF_SPACE(*)
T _ U _ nbElems(T) + nbElems(U) xmax	status::LEGAL(*)

CATENATE(s, (x, T) , (y, U)) = T.[PUT_INT(*1, *, j + nbElems(T), a[j])]j=1..m where m:<int>; a[1]..a[m]:<int> [U = INIT(*1, *).[PUT_INT(*1, *, j, a[j])]j=1..m ]

CATENATE(s, (x, T), (y, U) ) =

Condition	Value
x y	U
x = y	T.[PUT_INT(1, , j + nbElems(T), a[j])]j=1..m where m:<int>; a[1]..a[m]:<int> [U = INIT(1, ).[PUT_INT(1, , j, a[j])]j=1..m ]

Legality(COPY(s, U, (x, T))) =

Condition	Value
T = _ U = _	%no_init%
T _ U _	%legal%

COPY(s , U, (x, T)) =

Condition	Value
T = _ U = _	status::_
T _ U _	status::LEGAL(*)

COPY(s, U, (x, T) ) = U

Legality(DELETE(s, (x, T), n)) =

Condition	Value
T = _	%no_init%
T _ ŹcanGet(T, n)	%bad_access%
T _ canGet(T, n)	%legal%

DELETE(s , (x, T), n) =

Condition	Value
T = _	status::INIT()
T _ ŹcanGet(T, n)	status::ACCESS(*)
T _ canGet(T, n)	status::LEGAL(*)

DELETE(s, (x, T) , n) = T1.[PUT_INT(*1, *, j - 1, a[j])]j=n + 1..m where m:<int>; T1:<index>; a[1]..a[m]:<int> [T = T1.[PUT_INT(*1, *, j, a[j])]j=n..m ]

Legality(DESTROY(s, x)) = %legal%

DESTROY(s , x) = status::LEGAL(*)

DESTROY(s, x ) = _

Legality(GET_INT(s, T, n)) =

Condition	Value
T = _	%no_init%
T _ ŹcanGet(T, n)	%bad_access%
T _ canGet(T, n)	%legal%

GET_INT(s , T, n) =

Condition	Value
T = _	status::_
T _ ŹcanGet(T, n)	status::ACCESS(*)
T _ canGet(T, n)	status::LEGAL(*)

GET_INT(s, T, n) = getInt(T, n)

Legality(INIT(s, (x, T))) =

Condition	Value
T _	%nonempty_trace%
T = _	%legal%

INIT(s , (x, T)) =

Condition	Value
T _	status::NONEMPTY(*)
T = _	status::LEGAL(*)

INIT(s, (x, T) ) = INIT(*1, *)

Legality(IS_EQUAL(s, T1, T2)) = %legal%

IS_EQUAL(s , T1, T2) = status::LEGAL(*)

IS_EQUAL(s, T1, T2) = T1 = T2

Legality(NB_ELEMS(s, T)) =

Condition	Value
T = _	%no_init%
T _	%legal%

NB_ELEMS(s , T) =

Condition	Value
T = _	status::_
T _	status::LEGAL(*)

NB_ELEMS(s, T) = nbElems(T)

Legality(PUT_INT(s, (x, T), n, i)) =

Condition	Value
T = _	%no_init%
T _ ŹcanPut(T, n)	%bad_access%
T _ canPut(T, n) n > xmax	%out_of_space%
T _ canPut(T, n) n xmax	%legal%

PUT_INT(s , (x, T), n, i) =

Condition	Value
T = _	status::_
T _ ŹcanPut(T, n)	status::ACCESS(*)
T _ canPut(T, n) n > xmax	status::OUT_OF_SPACE(*)
T _ canPut(T, n) n xmax	status::LEGAL(*)

PUT_INT(s, (x, T) , n, i) = putInt(T, n, i)