Lecture 15: Data Abstraction It is better to have 100 functions operate on one data structure than 10 functions on 10 data.
Download ReportTranscript Lecture 15: Data Abstraction It is better to have 100 functions operate on one data structure than 10 functions on 10 data.
Lecture 15: Data Abstraction
It is better to have 100 functions operate on one data
structure than 10 functions on 10 data structures.
Alan Perlis
Menu
• Data Abstraction before CLU
• Data Abstraction in CLU
• Reasoning about Data Abstractions
– Abstraction Functions
– Rep Invariants
20 March 2001
CS 655: Lecture 15
2
What is a type?
• Last time: a set of values
• Today: an abstraction for decomposing
a program that provides a set of
operations
• Sets of values don’t work because you
are tied to the representation
20 March 2001
CS 655: Lecture 15
3
Data Abstraction in C/Pascal?
• User-defined types:
typedef enum { red = 0, green, blue } color;
typedef struct { int locx; int locy; } location;
• Type checking either:
– By structure (e.g., color dumb = 23)
– By name (maybe in Pascal, ambiguous)
• Only way to use type, is to access its
representation; no restrictions on where
you can do this.
20 March 2001
CS 655: Lecture 15
4
Data Abstraction in BLISS?
• User specifies accessing algorithm for
structure elements
• May modify either structure definition or
algorithms without affecting the other
structure array[i, j] = (.array + .i * 10 + .j)
• May define memory allocation routines
• But: only arrays, no typed elements
20 March 2001
CS 655: Lecture 15
5
Data Abstraction in Simula67
• Define a class with hidden attributes (visible
only in the class implementation) and protected
attributes (visible in subclass implementations
also)
• Unfortunately, not widely known:
– From Sweden
– Few Publications (mostly in Swedish), no language
Report, no decent textbook until 1986
• Alan Kay learned about Simula by reading the source code,
thinking it was an Algol compiler!
– Big influence on Smalltalk and C++; small influence
on CLU
20 March 2001
CS 655: Lecture 15
6
Providing Data Abstraction
• Type check by name
• Restrict what code can access the
representation of a data type
– CLU, Alphard: only operations of the type
– Other (possibly) reasonable answers:
• C++: allow functions outside the type that are declared
friends to access representation
• C with LCLint: in files and functions according to a naming
convention, elsewhere when explicitly annotated
• [Stata97]: operations can access the only some of the
representation
20 March 2001
CS 655: Lecture 15
7
Data Abstraction in CLU
Rest of program sees black box described by specification.
intmap = data type is create, insert, lookup
Operations
create = proc () returns (intset)
effects Returns a new, empty intmap.
insert = proc (s: intmap, k: string, val: int)
requires s does not have a key k.
modifies s
effects spost maps k to val.
lookup = proc (s: intmap, k: string) returns (int)
requires There is a key k in s.
effects Returns value associated with key in s.
20 March 2001
CS 655: Lecture 15
8
Black-box Interface
intmap
down (intmap)
returns (rep)
up (rep)
returns (intmap)
rep = representation of intmap
Only code in the cluster implementing intmap can call
intmap$up or intmap$down.
There is nothing else special about code in the cluster!
20 March 2001
CS 655: Lecture 15
9
Parameterized Data Abstractions
• Don’t want to implement stringintmap,
stringrealmap, intintmap, etc.
• Value Parameters:
– Don’t want to implement Factorial2 (), Factorial3
(), Factorial4 (), ...
– Implement Factorial (n: int)
• Type Parameters:
– Implement map[tkey: type, tval: type]
• Problem: how will we implement lookup if we
don’t know anything about tkey?
20 March 2001
CS 655: Lecture 15
10
Specification
map = data type [tkey: type, tval: type] is create, insert, lookup
Requires tkey has an operation
equal: proctype (t, t) returns (bool)
that is an equivalence relation on t.
Operations
create = proc () returns (map)
effects Returns a new, empty map.
insert = proc (s: map, k: tkey, val: tval)
requires s has no key k’ such that tkey$equal (k, k’).
modifies s
effects lookup (spost. k) = val.
lookup = proc (s: map, k: tkey) returns (tval)
requires s has a key k’ in s such that tkey$equal (k, k’).
effects Returns value associated with k in s.
20 March 2001
CS 655: Lecture 15
11
Where Clauses
map = cluster [tkey: type, tval: type] is
create, insert, lookup
where tkey has
equal: proctype (tkey, tkey) returns bool
Used in implementation, not specification.
Checked by compiler.
20 March 2001
CS 655: Lecture 15
12
Implementing Data Abstractions
• Need a concrete representation
map = cluster [tkey: type, tval: type] is create, insert,
lookup where tkey has
equal: proctype (tkey, tkey) returns (bool)
pair = record [key: tkey, value: tval]
rep = array [pair]
create = proc () returns (map)
return up(rep$new ())
end create
20 March 2001
CS 655: Lecture 15
13
Implementing map
insert = proc (m: map, k: tkey, v: tval)
% Better spec would remove requires
% clause and signal exception if key
% is already in the map.
down (m).addh (pair${key: k, value: v})
end insert
20 March 2001
CS 655: Lecture 15
14
Printing maps
map = cluster [tkey: type, tval] is ... unparse
...
unparse = proc (m: map) returns (string)
where
tkey has unparse: proctype (tkey) returns (string)
tval has unparse: proctype (tval) returns (string)
Why put the where clause about equal on the
cluster instead of member operation?
20 March 2001
CS 655: Lecture 15
15
• bool
CLU: Special Types
– Language control structures (if, while) depend
on type bool
• int, char, real, string, null
– Built-in language support for literals
• record, struct, variant, oneof, array,
sequence
– Special constructor syntax T${ … }
• any
– Union of all possible types, use force to
convert (with checking) to actual type
20 March 2001
CS 655: Lecture 15
16
CLU Operators
• Assignment (:=)
– Always means sharing (recall immutable types)
– Types by name must match
• Everything else is syntactic sugar, all types
can use:
3 + 2 int$add (3, 2)
m1,m2: map[string,int] m1 + m2
map[string,int]$add (m1, m2)
ai: array[int] ai[n] := ai[n-1]
array[int]$store (ai, n, array[int]$fetch (ai, n-1))
• Four exceptions: up, down, cand, cor
20 March 2001
CS 655: Lecture 15
17
Questions?
Next: Reasoning About Data Abstractions
Reasoning about Data Abstractions
• They are abstractions – need to invent a
formal notation (A) for describing them
• They have representations – need to
define a mapping from concrete
representation to that formal notation
• Abstraction Function:
A: rep A
20 March 2001
CS 655: Lecture 15
19
Describing maps
A map can be described by a sequence
of (key, value) pairs with unique keys:
[ (key0, value0), (key1, value1), … ]
such that if key = keyi the value
associated with key is valuei .
A: rep [(key0, value0), (key1, value1), …]
20 March 2001
CS 655: Lecture 15
20
Abstraction Function
A: array [record [key: tkey, value: tval]]
[(key0, value0), (key1, value1), …]
A(r) = [(r[rep$low(r)].key, r[rep$low(r)].value),
(r[rep$low(r) + 1].key, r[rep$low(r)+1].value),
...
(r[rep$high(r)].key, r[rep$high(r)].value)]
Problem: What if r contains duplicate keys?
20 March 2001
CS 655: Lecture 15
21
Rep Invariant
• “It better not!”
• I: rep Boolean
I(r) = (r[i].key = r[k].key implies i = k)
20 March 2001
CS 655: Lecture 15
22
Reasoning with Rep Invariants
Prove by induction, for a datatype t:
1. For each operation that creates new t: prove that
returned reps r of returned t satisfies I(r)
2. For each cluster operation: assume all t objects
passed as parameters satisfy have reps r that satisfy
I(r), prove they do at all cluster exit points.
Argue that only cluster operations can alter the rep, so
if you can prove invariant holds for all cluster
operations, it must always hold.
20 March 2001
CS 655: Lecture 15
23
What can go wrong?
map = cluster [tkey: type, tval: type] is ...
choose = proc (m: map)
returns (record [key: tkey, value: tval])
% requires m is not empty.
% effects Returns a (key, value) pair in m.
return (down (m)[rep$low (down(m))]
end choose
p = proc (m: map[string, int])
map[string,int]$insert (m, “duplicate”, 3)
pair p := map[string,int]$choose (m)
p.key = “duplicate”
end p
20 March 2001
CS 655: Lecture 15
24
Rep Exposure
• Can’t share mutable objects in data
representations
• Sharing immutable objects is okay
• Could compiler prevent this?
– Yes, pretty easy
• Why doesn’t CLU compiler prevent this?
– Sometimes efficiency requires rep exposure
– e.g., create a map by passing in an array of
pairs
20 March 2001
CS 655: Lecture 15
25
The programming community must soon
come to terms with the topics that they
address, including: What are the qualitative
and quantitave effects of strong typechecking? How do verification
considerations affect language design?
What abstraction mechanisms should
languages provide? How can security of
high-level languages be extended to realtime applications?
Jim Horning, 1977 (from 6 March manifest)
20 March 2001
CS 655: Lecture 15
26
Charge
• Read Stroustrup and Smalltalk papers
before class Thursday
• Think about what Object-Oriented
Programming really means – could
Stroustrup and Ingalls really be writing
about the same thing?
• Is CLU Object-Oriented? If not, would
adding syntactic sugar make CLU objectoriented?
20 March 2001
CS 655: Lecture 15
27