Comments (4)
The global state consists of the application state and the platform state. The platform state should have been modeled initially by the session objects. However this is not always possible as some modifications on the platform do not depend on changes in the session object. To model this an abstract Platform_State
should be used which is then refined platform dependently.
The application state is fully visible to the application. However some procedures that access the application state but are called from within platform code. As this code is platform specific it cannot model global state correctly. There are two different scenarios:
- Procedures that are called by interrupts
These procedures are entry points which means that they can be handled like public package procedures that might modify internal state but cannot have pre and post conditions that depend directly on internal state. Maybe we should only declare these procedure in the public part of package specifications. I don't know if we can enforce this somehow. - Procedures that are called by API calls
Some procedures are called when another procedure of the session is called. This means that application code and platform code may be intertwined. This means that global state needs to be modeled directly as calls can modify it within a procedure. As global state of generic formal parameters cannot be modeled in generic packages it can only be null. To still access application state procedures that call generic parameters are generic and get a limited private type. They also have an additional parameter of this type that is passed in out into the callee.
from gneiss.
When trying to prove the globals I noticed that global state from a withed package must always be annotated to the procedure accessing it directly. As it is not hidden it cannot be refined. This leads to the problem that specs would have to import platform dependent units just to define their global state. I see two solutions:
- Define well known names for platform packages that include state. This can be cumbersome and it is always a trade-off between more flexibility against less implementation effort. It probably could be done by creating a platform wide top level package that defines an imported state and all other packages are children and their state is part of the parent state.
- Make all platform units generic. When a generic unit is instantiated in the body it is only visible there and therefor its state is hidden and can be refined. On the other hand this might lead to code duplication and more memory usage since data defined on package level will be instantiated, too. This might be a problem on embedded platforms.
from gneiss.
For the first option I came up with the following idea:
package Platform with
SPARK_Mode,
Abstract_State => Platform_State
is
end Platform;
package body Platform with
SPARK_Mode,
Refined_State => (Platform_State => null)
is
end Platform;
private package Platform.Implementation with
SPARK_Mode,
Abstract_State => (Implementation_State with Part_Of => Platform.Platform_State)
is
procedure Do_Something with
Global => (In_Out => Implementation_State);
end Platform.Implementation;
package Platform.Definition with
SPARK_Mode
is
procedure Run with
Global => (In_Out => Platform.Platform_State);
end Platform.Definition;
package body Platform.Definition with
SPARK_Mode
is
procedure Run
is
begin
Platform.Implementation.Run;
end Run;
end Platform.Implementation;
In this case if another unit wants to use a functionality of platform, its state will always be Platform.Platform_State
. Since Platform.Implementation
is a private package only child units of platform can with
it inside their bodies. This makes the state of Platform.Implementation
a hidden state and it is part of the refinement of Platform.Platform_State
. Other units would only be allowed to use Platform.Definition
. With this separation there might be an additional layer of abstraction but the state can be imported as a single entity while the actual implementation can be both public but also separated into multiple units.
@senier what are your thoughts about this?
from gneiss.
Fixed by #173.
from gneiss.
Related Issues (20)
- Timer session on Linux HOT 1
- Consolidation HOT 1
- Prove tests HOT 9
- Prove broker HOT 1
- Fix file descriptor leaks
- Allow proving, editing and compiling as different commands in cement HOT 1
- Custom parameters for generic operations HOT 3
- GPIO Debug HOT 1
- Update ada-runtime, rename init to core/linux HOT 1
- Add support for different platforms to cement HOT 1
- Matrix Demo
- ICMP Demo HOT 4
- Update README HOT 1
- Global platform state for volatile inputs
- Update to CE 2020 HOT 5
- Update to RecordFlux 0.4.0 HOT 1
- Stream interface HOT 1
- Run checkers on cement
- SPI driver
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gneiss.