Project: DAZ PROJECT Title: Example of Literate Script ...

Ref: ISS/HAT/DAZ/WRK503 DAZ PROJECT Issue: 1.20 Example of Literate Script Development Date: 22 July 2011

Lemma 1 Ltd.

Project:

DAZ PROJECT

Title:

Example of Literate Script Development

Ref:

ISS/HAT/DAZ/WRK503

Status:

Informal

Issue: 1.20

Date: 22 July 2011 Type: Technical

Author: Name

Location

D.J. King

WIN01

Signature

Date

Signature

Date

Authorisation for Issue: Name

Function

R.D. Arthan

HAT Team

Abstract:

This document gives an experimental implementation “Refinement of Z to SPARK: Example of Literate Script Development”, DRA/CIS/CSE3/SWI/WP/7/2.

Distribution: Library

c : Lemma 1 Ltd 2011 Copyright ° Page 1 of 11

Lemma 1 Ltd.

0 0.1

Ref: ISS/HAT/DAZ/WRK503 DAZ PROJECT Issue: 1.20 Example of Literate Script Development Date: 22 July 2011

DOCUMENT CONTROL Contents List

0 DOCUMENT CONTROL 0.1 Contents List . . . . . . . . 0.2 Document Cross References 0.3 Changes History . . . . . . 0.4 Changes Forecast . . . . . .

. . . .

2 2 2 2 3

1 GENERAL 1.1 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4 4 4 4

2 LITERATE SCRIPT 1

4

3 LITERATE SCRIPT 2

6

4 LITERATE SCRIPT 3

8

5 LITERATE SCRIPT 4

10

0.2

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

Document Cross References

[1] DRA/CIS/CSE3/SWI/WP/5/2. Refinement of Z to SPARK: Example - First 1000 Primes. C.M. O’Halloran, C.T. Sennett, and A. Smith, Defence Research Agency, Malvern, 11th October 1993. [2] DRA/CIS/CSE3/SWI/WP/7/2. Refinement of Z to SPARK: Example of literate script development. C.M. O’Halloran, C.T. Sennett, and A. Smith, Defence Research Agency, Malvern, 11th October 1993. [3] ISS/HAT/DAZ/HLD501. High Level Design: http://www.lemma-one.com.

Overview.

[4] ISS/HAT/DAZ/USR501. Compliance http://www.lemma-one.com.

—

0.3

Tool

User

D.J. King, Lemma 1 Ltd., Guide.

Lemma

1

Ltd.,

Changes History

Issue 1.1- 1.4 First Issues. Issue 1.5 IUCT WP 2 changes. Issue 1.6 IUCT WP 4 syntax change. Issue 1.9 Copyright and banner updates for open source release. Issue 1.10 DAZ-specific updates to banner for open source release Page 2 of 11

Lemma 1 Ltd.

Ref: ISS/HAT/DAZ/WRK503 DAZ PROJECT Issue: 1.20 Example of Literate Script Development Date: 22 July 2011

Issue 1.11 DAZ-specific updates to banner for open source release Issue 1.12 The SPARK program is now referred to as the Ada program. Issue 1.13 Made it output the same success message as other tests. Issue 1.14 Compliance Notation reserved words are now prefixed by a dollar sign. Issue 1.15 Allowed for enhancement 117. Issue 1.16 Allowed for automated state management. Issue 1.19 Allowed for enhancement 165.

0.4

Changes Forecast

None.

Page 3 of 11

Lemma 1 Ltd.

1

Ref: ISS/HAT/DAZ/WRK503 DAZ PROJECT Issue: 1.20 Example of Literate Script Development Date: 22 July 2011

GENERAL

1.1

Scope

This document contains a transcription of the literate script for the “Literate Script” example in [2] suitable for input into the Compliance Tool as specified in [3] and [4].

1.2

Introduction

1.3

Background

This document contains an adaptation of the script in [1] suitable for input into the compliance tool.

2

LITERATE SCRIPT 1

SML

new script {name="PACK P ", unit type="spec"};

Compliance Notation

h package PACK P spec i

(1 )

Compliance Notation

(1 ) ≡ package PACK P is I : INTEGER; type COLOUR is (RED, BLUE , GREEN ); procedure SQRT (X : INTEGER; Y : out INTEGER) ∆ Y [X ≥ 0 , Y ∗∗ 2 ≤ X < (Y + 1 ) ∗∗ 2 ]; procedure CUBE ROOT (N : in out INTEGER) ∆ N [N ≥ 0 , N ∗∗ 3 ≤ N 0 < (N + 1 ) ∗∗ 3 ]; function NEXT COLOUR (C : COLOUR) return COLOUR Ξ [true, C 6= PACK PoCOLOURvLAST ∧ PACK PoNEXT COLOUR(C ) = PACK PoCOLOURvSUCC (C ) Page 4 of 11

Lemma 1 Ltd.

Ref: ISS/HAT/DAZ/WRK503 DAZ PROJECT Issue: 1.20 Example of Literate Script Development Date: 22 July 2011

∨ C = PACK PoCOLOURvLAST ∧ PACK PoNEXT COLOUR(C ) = PACK PoCOLOURvFIRST ]; function PLUS ONE (X : INTEGER) return INTEGER; end PACK P ; SML

output z document{script="PACK P 0 spec", out file="lit1 .zdoc"}; output ada program{script="−", out file="lit1 .ada"}; new script {name="MAIN ", unit type="proc"};

Compliance Notation

h main procedure i

(2 )

Compliance Notation

(2 ) ≡ with PACK P ; procedure MAIN is C : PACK P .COLOUR; type PERSON is record AGE : INTEGER; EYES : PACK P .COLOUR; end record ; JACK : PERSON ; begin PACK P .CUBE ROOT (PACK P .I ); ∆ C , JACK [true, C = PACK PoRED] C := PACK P .BLUE ; end MAIN ; Compliance Notation

v JACK := PERSON 0 (25 , PACK P .GREEN ); C := PACK P .NEXT COLOUR(JACK .EYES ); Page 5 of 11

Lemma 1 Ltd.

Ref: ISS/HAT/DAZ/WRK503 DAZ PROJECT Issue: 1.20 Example of Literate Script Development Date: 22 July 2011

SML

output z document{script="MAIN 0 proc", out file="lit1a.zdoc"}; output ada program{script="−", out file="lit1a.ada"};

3

LITERATE SCRIPT 2

SML

new script {name="PACK P ", unit type="body"};

Compliance Notation

h package PACK P body i

(1 )

Compliance Notation

(1 ) ≡ package body PACK P is HAIR : COLOUR; J , K : INTEGER; type ARR COLOUR is array(COLOUR) of COLOUR; NEXT COL : constant ARR COLOUR := ARR COLOUR 0 (BLUE , GREEN , RED); function PLUS TWO (L : INTEGER) return INTEGER Ξ [true, PLUS TWO(L) = L + 2 ] is begin return L + 2 ; end PLUS TWO; procedure SQRT (X : INTEGER; Y : out INTEGER) ∆ Y [X ≥ 0 , Y ∗∗ 2 ≤ X < (Y + 1 ) ∗∗ 2 ] is separate; procedure CUBE ROOT (N : in out INTEGER) ∆ N , J [N ≥ 0 , N ∗∗ 3 ≤ N 0 < (N + 1 ) ∗∗ 3 ] is Page 6 of 11

Lemma 1 Ltd.

Ref: ISS/HAT/DAZ/WRK503 DAZ PROJECT Issue: 1.20 Example of Literate Script Development Date: 22 July 2011

L : INTEGER; begin ∆ N , J , L [N ≥ 0 , N ∗∗ 3 ≤ N 0 < (N + 1 ) ∗∗ 3 ] (2 ) L := PLUS TWO(L); end CUBE ROOT ; h function NEXT COLOUR body i

(3 )

function PLUS ONE (X : INTEGER) return INTEGER Ξ [true, PLUS ONE (X ) = X + 1 ] is L : INTEGER; h procedure PLUS FOUR body i

(4 )

begin ∆ L [true, PLUS ONE (X ) = X + 1 ]

(5 )

end PLUS ONE ; end PACK P ; Compliance Notation

(3 ) ≡ function NEXT COLOUR (C : COLOUR) return COLOUR Ξ [true, C 6= PACK PoCOLOURvLAST ∧ NEXT COLOUR(C ) = PACK PoCOLOURvSUCC (C ) ∨ C = PACK PoCOLOURvLAST ∧ NEXT COLOUR(C ) = PACK PoCOLOURvFIRST ] is separate; SML

open scope "PACK P .PLUS ONE "; Page 7 of 11

Lemma 1 Ltd.

Ref: ISS/HAT/DAZ/WRK503 DAZ PROJECT Issue: 1.20 Example of Literate Script Development Date: 22 July 2011

Compliance Notation

(4 ) ≡ procedure PLUS FOUR (A : INTEGER; B : out INTEGER) ∆ B [true, B = A + 4 ] is begin B := A + 4 ; end PLUS FOUR; Compliance Notation

(5 ) !v PLUS FOUR(X , L); L := L − 3 ; return L; SML

output z document{script="PACK P 0 body", out file="lit2 .zdoc"}; output ada program{script="−", out file="lit2 .ada"};

4

LITERATE SCRIPT 3

SML

new script {name="PACK P .SQRT ", unit type="proc"};

Compliance Notation

h procedure PACK P .SQRT body i (1 ) Compliance Notation

(1 ) ≡ separate (PACK P ) procedure SQRT (X : INTEGER; Y : out INTEGER) ∆ Y [X ≥ 0 , Y ∗∗ 2 ≤ X < (Y + 1 ) ∗∗ 2 ] is Page 8 of 11

Lemma 1 Ltd.

Ref: ISS/HAT/DAZ/WRK503 DAZ PROJECT Issue: 1.20 Example of Literate Script Development Date: 22 July 2011

LO : INTEGER; h local vars i

(2 )

begin LO := 0 ; ∆ LO [X ≥ 0 ∧ LO = 0 , LO ∗∗ 2 ≤ X < (LO + 1 ) ∗∗ 2 ] Y := LO; end SQRT ; Compliance Notation

(2 ) ≡ HI : INTEGER; Compliance Notation

v ∆ LO, HI [X ≥ 0 ∧ LO = 0 , LO ∗∗ 2 ≤ X < (LO + 1 ) ∗∗ 2 ] Compliance Notation

v HI := X + 1 ; $till [[LO ∗∗ 2 ≤ X < (LO + 1 ) ∗∗ 2 ]] loop ∆ LO, HI [LO ∗∗ 2 ≤ X < HI ∗∗ 2 , LO ∗∗ 2 ≤ X < HI ∗∗ 2 ] end loop; Compliance Notation

v exit when LO + 1 = HI ; ∆ LO, HI [LO ∗∗ 2 ≤ X < HI ∗∗ 2 , LO ∗∗ 2 ≤ X < HI ∗∗ 2 ]

Page 9 of 11

Lemma 1 Ltd.

Ref: ISS/HAT/DAZ/WRK503 DAZ PROJECT Issue: 1.20 Example of Literate Script Development Date: 22 July 2011

SML

output z document{script="PACK PoSQRT 0 proc", out file="lit3 .zdoc"}; output ada program{script="−", out file="lit3 .ada"};

5

LITERATE SCRIPT 4

SML

new script {name="PACK P .NEXT COLOUR", unit type="func"};

Compliance Notation

separate (PACK P ) function NEXT COLOUR (C : COLOUR) return COLOUR Ξ [true, C 6= PACK PoCOLOURvLAST ∧ NEXT COLOUR(C ) = PACK PoCOLOURvSUCC (C ) ∨ C = PACK PoCOLOURvLAST ∧ NEXT COLOUR(C ) = PACK PoCOLOURvFIRST ] is C1 : COLOUR; begin ∆ C1 [true, C 6= PACK PoCOLOURvLAST ∧ NEXT COLOUR(C ) = PACK PoCOLOURvSUCC (C ) ∨ C = PACK PoCOLOURvLAST ∧ NEXT COLOUR(C ) = PACK PoCOLOURvFIRST ] end NEXT COLOUR;

Page 10 of 11

Lemma 1 Ltd.

Ref: ISS/HAT/DAZ/WRK503 DAZ PROJECT Issue: 1.20 Example of Literate Script Development Date: 22 July 2011

Compliance Notation

v C1 := C ; C1 := NEXT COL(C1 ); return C1 ; SML

output z document{script="PACK PoNEXT COLOUR 0 func", out file="lit4 .zdoc"}; output ada program{script="−", out file="lit4 .ada"};

diag line "All module tests passed.";

Page 11 of 11