1 / 39

The World’s Greatest Linked List

This project at Winthrop University delves into developing mathematical specifications for software implementation of data structures, starting with linked lists. The goal is to bridge the gap between mathematical theories and code to ensure correct, understandable, and bidirectional properties. The emphasis is on minimizing special cases and providing clear paths from math to practical software specs. The project aims to extend these efforts to other common data structures, with current focus on stack implementation in Eiffel. Potential applications include enhancing reliability and understanding for software development.

kalea
Télécharger la présentation

The World’s Greatest Linked List

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The World’s Greatest Linked List Preliminary work by Jim McKim, Rensselaer-Hartford Somesh Mukherjee, Compunetrix Winthrop University

  2. Contents Specifying Data Structures Desirable Linked List Properties Mathematical ADT Spec - Stack Software ADT Spec - Stack Implementation Notes - Stack Winthrop University

  3. Contents (Cont’d) Mathematical ADT Spec – Linked List Software ADT Spec – Linked List Implementation Notes – Linked List Conclusion Winthrop University

  4. Specifying Data Structures • Lots of early work on mathematical specs • Some work (Guttag) on mapping mathematical specs to software implementations • Stack is most famous example • Most mathematical specs of data structures do not map cleanly to code Winthrop University

  5. Specifying Data Structures (Cont’d) • E.g. Mathematical spec for “Linked” List is usually in terms of Head and Tail • But actual software linked lists are cursor driven • Goal: Develop a mathematical spec for a cursor driven list, showing a clear trail from the mathematics to a compilable software specification Winthrop University

  6. Specifying Data Structures (Big picture) • Do the same for all the other common data structures • Provide mathematical underpinnings roughly as strong as those for relational databases. • A second student, Shawn Pecze, is working on a Dispenser hierarchy Winthrop University

  7. Specifying Data Structures (Big picture) • NSF grant proposal in progress • Accessible to strong undergraduate and master’s level researchers Winthrop University

  8. Desirable Linked List Properties • Pleading note: Please take these more or less on faith due to time constraints, debate to come later • Want the desirable properties from the client’s perspective • Understandability • Correctness • Bidirectional (Symmetry) Winthrop University

  9. Desirable Linked List Properties (Understandability) • No more complex than necessary • Smallest possible number of special cases • Complete, rigorous spec, readable by the user Winthrop University

  10. Desirable Linked List Properties (Correctness) • Confidence that the implementation has been well tested against the spec • Compilable spec helps inspire that confidence • Confidence that an underlying mathematical theory is being implemented Winthrop University

  11. Desirable Linked List Properties (Bidirectional) • Can use bidirectional list where a unidirectional list would suffice, but not the other way around • Neither direction should be given preference (symmetry) • Think left and right instead of first and last Winthrop University

  12. Desirable Linked List Properties (Few special cases) • Cursor driven lists where cursor points to an item result in a number of special cases • Mainly ‘cause cursor can’t always point to an item • Empty list • After removal of one of the end items • Can we do better? Winthrop University

  13. Desirable Linked List Properties (Few special cases) • Cursor never points to an item • In typical case points between two items • First suggested by Wise in 1976 • JDK Linked List implementation actually uses this, but it is not part of the spec Winthrop University

  14. Desirable Linked List Properties (Few special cases) • If cursor points between two items, we have two current items, left_item and right_item • If all inserts and deletes are via the cursor then the cursor divides the list into two parts, left and right. • What kinds of structures are left and right? • Answer later... off to mathematics... Winthrop University

  15. new empty Mathematical ADT Spec (Stack) push(s, x) notempty top(push(s, x)) = x pop(push(s, x)) = s Winthrop University

  16. Connecting Mathematical ADT Spec to Software Spec • In Math, push and pop are functions; in software they’re usually commands that change state • So provide functional equivalents • In Math, equality means identity; in software, there is reference equality (=) and object equality (is_equal) • So provide both Winthrop University

  17. Connecting Mathematical ADT Spec to Software Spec • In Math, we are not concerned with types; in software typing helps build confidence in correctness • Use generic types • In Math, we have all of axiomatic set theory available to us; in software each class provides its own language • Use a small specification set to define everything else Winthrop University

  18. Software Spec for Stack in Eiffel class STACK[G] is_empty : BOOLEAN top : G require not is_empty body : STACK[G] -- functional equivalent of pop, newly created on each call require not is_empty Winthrop University

  19. Software Spec for Stack (Cont’d) top, body, and is_empty form the specification set for the stack. Everything else will follow from these Think of a nonempty stack as consisting of its top element and another stack Winthrop University

  20. Software Spec for Stack (Cont’d) make -- creation routine ensure is_empty is_equal(other : STACK[G]) : BOOLEAN require other /= Void ensure Result = (is_empty = other.is_empty and then (not is_empty implies top = other.top and body.is_equal(other.body))) Winthrop University

  21. Software Spec for Stack (Cont’d) plus_top ( t : G) : STACK[G] -- functional equivalent of push, newly created on each call ensure not Result.is_empty -- push(s,x) is not empty Result.top = t -- top(push(s,x) = x Result.body.is_equal(Current) -- pop(push(s,x)) = s Winthrop University

  22. Software Spec for Stack (Common features) push( t : G ) ensure is_equal(old plus_top(t)) pop require not is_empty ensure is_equal(old body) Winthrop University

  23. Software Spec for Stack (Common features) depth : INTEGER ensure is_empty implies Result = 0 not is_empty implies Result = 1 + body.depth Winthrop University

  24. Software Spec for Stack (Common features) replace(x : G) require not is_empty ensure not is_empty -- important that this one come first top = x body.is_equal(old body) Winthrop University

  25. Software Spec for Stack (Common features) pop_top : G -- Both a command and query require not is_empty ensure is_equal(old body) Result = old top Winthrop University

  26. Stack Implementation Notes • All the usual implementations of a stack will work. Just add implementations of body and plus_top • Possible to implement a version that matches spec • All require and ensure clauses shown are compilable and hence automatically checkable in Eiffel Winthrop University

  27. Mathematical ADT Spec (Linked List) • Recall the List can be thought of as consisting of the structures to the left and right of the cursor • What are these left and right structures? Winthrop University

  28. Mathematical ADT Spec (Linked List) • Yup, they’re stacks! • Each list, lst, may be viewed as an ordered pair of stacks • lst = (left, right) Winthrop University

  29. Mathematical ADT Spec (Linked List) new (empty, empty) put_left(lft, rgt, x) = (push(lft, x), rgt)) remove_left(put_left(lft,rgt,x)) = (lft,rgt) left_item(put_left(lft,rgt,x)) = x move_left(put_left(lft,rgt,x)) = (lft, push(rgt, x)) Winthrop University

  30. Linked List Software Spec class LINKED_LIST[G] -- Specification set left : STACK[G] -- Newly created on each call right : STACK[G] -- Newly created on each call Winthrop University

  31. Linked List Software Spec -- creation make ensure left.is_empty; right.is_empty left_item : G require not left.is_empty ensure Result = left.top Winthrop University

  32. Linked List Software Spec put_left(x) ensure left.is_equal(old left.plus_top(x)) right.is_equal(old right) Winthrop University

  33. Linked List Software Spec remove_left require not left.is_empty ensure left.is_equal(old left.body) right.is_equal(old right) Winthrop University

  34. Linked List Software Spec move_left require not left.is_empty ensure left.is_equal(old left.body) right.is_equal(old right.plus_top(x)) Winthrop University

  35. Linked List Software Spec length : INTEGER ensure Result = left.depth + right.depth off_left : BOOLEAN ensure Result = left.is_empty is_empty : BOOLEAN ensure Result = left.is_empty and right.is_empty Winthrop University

  36. Linked List Implementation Notes • All the usual implementations will work (e.g. Nodes, Shifting arrays) • Just add implementations of left and right • Can also directly implement the spec • Again all Require and Ensure clauses are compilable and automatically checkable Winthrop University

  37. Conclusion • We have a mathematical spec for a linked list • We have a clear path to a software specification of that list • Software spec is understandable to technical people who are not math wizards Winthrop University

  38. Conclusion • Special cases have been minimized (try an implementation to convince yourself of this) • Compilable and automatically checkable specs plus all the above add confidence that good programmers will implement correct code. Winthrop University

  39. Contact Info jcm@rh.edu www.rh.edu/~jcm/ 860-548-2458 Rensselaer-Hartford 275 Windsor St. Hartford, CT 06120 Winthrop University

More Related