COMPUTING SCIENCE 370
Programming Languages

Ada

Modularity and Abstraction

Problem: The software crisis.

• complex systems large programs exponential costs

Solution: Break large programs into small independent modules.

• linear costs

Question: How is independent modularization achieved?

Answer: Information hiding (Parnas)

• one module for each design decision
• a change of decision involves only one module

Data Abstraction

• Users of an abstract data type are provided with procedures and functions to operate on the data type.
• The implementation is hidden and can be changed without the user's knowledge.
  E.g., String

Functional Abstraction

• Users of an algorithm are provided with a procedure, without implementation details.
  E.g., heapsort

Characteristics of Fourth-Generation Programming Languages

• modularity
• functional and data abstraction
• support for concurrent programming

Syntactic Structure

Ada's syntax, like that of most fourth-generation programming languages, is:

1. in the Algol/Pascal tradition
   E.g.,

      procedure <name> (<formal parameters>) is
         <local declarations>
      begin
         <statements>
      end <name>;
   

   but

   • ';' is a statement terminator (as in C), not a separator (as in Pascal)
   • identifiers have arbitrary length
   • case is not significant (but the convention is to use lower case for keywords and mixed upper and lower case for everything else)

2. fully bracketed
   E.g.,

      loop . . . end loop
      if . . . end if
      case . . . end case
      record . . . end record
      package <name> is . . . end <name>
   

   • elsif introduced to avoid problems of fully-bracketed, nested if statements (making if more like cond).

        if <condition 1> then
           <statement 1>
        elsif <condition 2> then
           <statement 2>
        elsif <condition 3> then
           <statement 3>
        else 
           <statement 4>
        end if;
     

     Note that only one 'end if' is needed.

Structural Organization

• Imperative -- two kinds:

  1. computational
  2. control flow

  I/O is implemented using two suggested standard packages.

• Declarations -- five kinds:

  1. Objects: variables and constants

  2. Types: enumerations and types constructed from predefined types

  3. Subprograms: like Algol/Pascal, but allows use of built-in operators as names of subprograms on user-defined types (operator overloading)

  4. Packages: modules used for data abstraction

     • contain types and subprograms
     • defined by two separate modules
       1. specification (public) -- declarations
       2. definition or body (private) -- implementation

  5. Tasks: modules used for concurrency

• Separate compilation -- Ada supports true separate compilation.

  compilation unit

  A compilable block of code.

  independent compilation

  Program units may be compiled independently and then integrated using a linker to form a complete program.
  E.g., Fortran, C

  • Compiler maintains a list of undeclared subroutines and variables and assumes that they are external references.
  • All external references are resolved by the linker at link time.

  separate compilation

  Program units are compiled separately, but not independently, in that external references are checked and resolved during compilation.
  E.g., Ada, Modula-2

  • Incorporates strong type checking.

Data Structures

• Four predefined types

     Integer
     Boolean
     Character
     Float
  

  • Float corresponds to the machine's usual precision, but programmers are encouraged to use constraints instead for more machine independence.

    range constraint

    a set of permissible values
    e.g., type Coordinate is range -100 .. 100;

    floating-point constraint

    specified precision
    e.g., type Coefficient is digits 10 range -1.0e10 .. 1.0e10;

    fixed-point constraint

    specified absolute error bound
    e.g., type Dollars is delta 0.01 range 0.00 .. 10_000_000.00;

  • Preservation of Information Principle -- The user should be able to specify things at an abstract level for the compiler to implement at the low level.

• Five constructors

  • enumeration
  • array
  • record
  • pointer (called an access)
  • subtype

• Name equivalence

  • Why name equivalence?
    1. If the programmer restates a type definition with a different name, it is probably because the types are logically different.
    2. The alternative -- structural equivalence -- is not well defined and is difficult to implement.

    (See also the previous discussion of this topic and §4.3 Type Equivalence from Rationale for the Design of the Ada® Programming Language.)

  • A problem with name equivalence:

       type Index is range 1 .. 100;
    
       AnInteger : Integer;
       AnIndex : Index;
    
       AnInteger := AnIndex;     -- illegal with name equivalence
       AnIndex := AnIndex + 1;   -- illegal assuming 1 is an Integer
    

    Solution: A constraint is defined as producing a subtype.

    subtype

    A type which inherits all operations from its supertype, and is compatible with the supertype and all subtypes of that supertype.

    Declaration of a subtype may be explicit.
    E.g.,

       subtype Index is Integer range 1 .. 100;
    

    derived type

    A type which inherits all operations from its supertype, but is not compatible with the supertype.

    Declaration of a derived type must be explicit.
    E.g.,

       type Percent is new Integer range 0 .. 100;
    

    Explicit coercion between a derived type and its subtype is allowed.
    E.g.,

       A_Percent := Percent( AnInteger );
    

• Ada allows an identifier to belong to multiple enumerated types.
  E.g.,

     type Primary is ( Red, Blue, Green );
     type StopLight is ( Red, Amber, Green );
  

  Overloaded identifiers are disambiguated by context.

• Index constraints allow general-purpose array procedures.
  E.g.,

     type Vector is array ( Integer range < > ) of Book;
  
     Collection : Vector ( 1 .. 10000 );
     Fiction : Vector ( 1 .. 20000 );
  
     procedure Sort ( aVector : Vector ) is
     . . . 
  

  • The compiler must pass the actual bounds as hidden parameters to the procedure.

  • Bounds are accessed as <name>'First and <name>'Last.
    E.g.,

          subtype Index is Integer range aVector'First .. aVector'Last;
    
          Lower : Index;
          Upper : Index;
          Temp : Book;
    
       begin
          for Upper in A_Vector'Last .. A_Vector'First + 1 loop
             for Lower in A_Vector'First .. Upper - 1 loop
                if A_Vector( Lower ) > A_Vector( Lower + 1 ) then
                  Temp := A_Vector( Lower );
                   A_Vector( Lower ) := A_Vector( Lower + 1 );
                   A_Vector( Lower + 1 ) := Temp;
                end if;
             end loop;
          end loop;
       end Sort;
    

Name Structures

Bindings

A name can be bound to:

• constant
• variable
• type
• procedure
• function
• task
• package

Declarations

• In general, a declaration can:
  • allocate memory
  • bind a name to a location
  • initialize memory

• In Ada, variable and constant declarations can do all three.
  E.g.,

     Tax_Rate    : Real := 1.0;
     PI          : constant := 3.141592653589;
     Deduct_Rate : constant Real := Tax_Rate * 2.0;
  

  • Omitting the type in the declaration of PI makes it a "universal real" (max. precision).
  • Initializations are performed during environment activation.
  • Constants cannot be changed after activation.

• Declarations can be broken into two parts:
  • Specification:

       Max_Size : constant Integer;
    

  • Definition:

       Max_Size : constant Integer := 256;
    

  This allows a constant to be provided without defining its value as part of the interface.

Problems with name structures in block-structured languages

(Wulf and Shaw, 1973)

Side effects

Changes in the non-local environment resulting from hidden access to (a) variable(s).
E.g.,

   function max ( x, y : integer );
      begin
         count := count + 1;    { side effect }
         if x > y then
            max := x
         else
            max := y
      end;

• count is declared in an outer block, and is being used to count the number of times the function is called.

• If there is a bug involving count, it will be difficult to identify that it is modified in this function, especially if it is in a large program or if max is a predefined function in a library.
  E.g.

     length := max( needed, requested );
  

  This line modifies count without mentioning it. (See the Manifest Interface Principle.)

Indiscriminate access

The inability to block access to variables which should be private.
E.g.,

• aStack must be declared in the same block as the procedures which use it (Push and Pop).
• To be visible to users, Push and Pop must be declared in a block containing all uses of them.
• UserProc has indiscriminate access to aStack -- it may alter the stack without using Push or Pop.
• Implementation details are also visible, and use of the stack (other than by Push or Pop) may depend on those details, creating a maintenance problem.

Vulnerability

The inability of a program segment to preserve access to a variable.
E.g.,

• The nested block, illustrated by the code X := X + 1, has no access to the outer X.
• Vulnerability may accidentally occur in maintaining a large program by introducing a new variable.

No overlapping definitions

There is no control over shared access to variables.
E.g., given three modules P1, P2, and P3 such that

• P1 and P2 share DA
• P2 and P3 share DB

the language should provide a mechanism like

but in a block-structured language, access must be like

• Attributes of an alternative language which does not possess these four problems:
  1. No implicit inheritance of access to variables from enclosing blocks.
     • Prevents side effects, indiscriminate access, and vulnerability.
  2. Access rights by mutual consent.
     • Prevents indiscriminate access and vulnerability, and supports overlapping definitions.
  3. Decoupling of access rights to a structure and its parts.
     E.g., allow access to a stack through push and pop operations, but provide no access to 'top'.
     • Prevents indiscriminate access.
  4. Different types of access modes.
     E.g. read-only vs. read/write.
     • Addresses side effects and vulnerability.
  5. Decoupling of these orthogonal functions:
     • definition of a name
     • name access
     • allocation

     E.g., in Algol,

     • a name is defined by its appearance in a declaration;
     • name access is defined as the current block and all inner blocks;
     • allocation and deallocation are restricted to block entry and exit.

     Algol decouples name access and definition from allocation with own variables.

     In Pascal, decoupling is provided by use of pointers and dynamically allocated memory (new and dispose).

PARNAS'S INFORMATION HIDING PRINCIPLES

The language should permit modules to be designed such that

1. the user has all the information needed to use the module correctly, and nothing more;
2. the implementor has all the information needed to implement the module correctly, and nothing more.

Packages

Ada uses packages to implement information hiding.

• A package consists of two parts: a specification part and a definition part.
  E.g., a specification:

     package Complex_Pack is
        type Complex is private;
        I : constant Complex;        -- deferred constant
  
        function "+" ( z1, z2 : Complex ) return Complex;
        function Real_Part ( z : Complex ) return Complex;
        function "+" ( x1 : Real; z2 : Complex ) return Complex;
        . . .
  
     private
        type Complex is record
           Re, Im : Real := 0.0;
        end record;
  
        I : constant Complex := ( 0.0, 1.0 );
  
     end Complex_Pack;
  

• Features of the specification part:
  • Name access is by mutual consent -- everything declared in the public part of this package can be used by any other program which imports this package.

  • Programs and packages which import this package can be compiled even if the implementation part of this package doesn't exist yet.

  • The private part indicates to the compiler how much space to allocate for variables of the new data type in any routine which uses that type.
    E.g.,

       declare
          use Complex_Pack;
          z : Complex;
          z1 : Complex := 1.5 + 2.5 * I;
       begin
          . . .
    

    Compare this approach with that of Modula-2: opaque types occupy one word.

• The definition part of a package is separately compiled.
  E.g.,

     package body Complex_Pack is
  
        function "+" ( z1, z2 : Complex ) return Complex is
           rp : constant Real := z1.re * z2.re - z1.im * z2.im;
           ip : constant Real := z1.re * z2.im + z1.im * z2.re;
        begin
           return ( rp, ip );
        end;
     . . .
  

• There is notation for importing only part of a package.

• Packages are used for three purposes:
  1. Data abstraction -- data and associated procedures.
  2. Procedure libraries -- no data structures.
     E.g., a set of procedures and functions for statistical analysis (mean, standard deviation, plot, etc.).
  3. Shared data -- no procedures.
     E.g., a package to solve the overlapping definition problem by providing limited access to multiple shared data areas:

        package Communication is
           InPtr, OutPtr : Integer range 0..99 := 0;
           Buffer : array ( 0 .. 99 ) of Character := ( 0..99 =>'' );
        end Communication;
     
        procedure Put is
           use Communication;
        begin
           . . .
           Buffer( InPtr ) := Next;
           InPtr := ( InPtr + 1 ) mod 100;
           . . .
        end Put;
     
        procedure Take is
           use Communication;
        begin
           . . .
           C := Buffer( OutPtr );
           . . .
        end Take;
     

• Internal vs. external representation
  • Complex_Pack is an example of an external representation of data abstraction:
    1. A type is exported.
    2. The user is responsible for declaring variables of the exported type.

  • An internal representation is an alternate, more powerful method for implementing ADT's.
    1. Storage for the ADT is associated with the package instead of being allocated by the user.
       E.g.,

          package Stack is
             procedure Push ( Item : in Integer );
             procedure Pop ( Item : out Integer );
             function Empty return Boolean;
             function Full return Boolean;
             Stack_Error : exception;
          end Stack;
       

    2. This package would be used by code of the form:

          declare
             use Stack;
             First_Item : Integer;
             Second_Item : Integer;
          begin
             . . .
             Push( First_Item );
             Pop( Second_Item );
             . . .
             if Empty() then
                Push( Second_Item );
             end if;
             . . .
          end;
       

    3. In an array implementation, the package body would be:

          package body Stack is
             Stack : array ( 1..100 ) of Integer;
             Top : Integer range 0..100 := 0;
       
          procedure Push ( Item : in Integer ) is
             begin
                . . .
       

    4. However, this creates one instance of Stack, not a class of Stacks.

Generic Packages

To have several instances of the same ADT, we use a generic package.
E.g.,

   generic package Stack is
      . . .
   end Stack;

• The body is the same as the previous example.

• Instances of a Stack are created by:

     package A_Stack is new Stack;
     package B_Stack is new Stack;
  

• Qualification is necessary to use Stack instances, because Ada cannot differentiate between A_Stack's operations and B_Stack's operations by context.
  E.g.,

     A_Stack.Push( Item );
     B_Stack.Pop( Item );
  

• Generic package instantiation is static (i.e., occurs at compile time), not dynamic like new(p) in Pascal or new Stack() in Java.

• Generic packages may be parameterized.
  E.g., to instantiate one stack with a maximum of 100 integers and another of up to 200 characters:

     generic
        Length : Natural := 100;   -- default value
        type Item is private;
     package Stack is
        . . .
     procedure Push ( An_Item : in Item ) is
        . . .
  

  • Item acts like a private type -- only assignment and equality comparison are available (since they don't depend on size or structure).

  • Instantiation now uses the parameters Length and Item:

       package A_Char_Stack is new Stack( 200, Character );
       package An_Int_Stack is new Stack( 100, Integer );
    

• Implementation of a parameterized generic stack:

     package body Stack is
        Stack : array ( 1..Length ) of Item;
        Top : Integer range 0..Length := 0;
        . . .
     end Stack;
  

• These stacks can be accessed by qualification,
  e.g.,

     An_Int_Stack.Push( An_Item );
     A_Char_Stack.Pop( An_Item );
  

  or by using Ada's context mechanism.
  e.g.,

     declare
        use A_Char_Stack;
        use An_Int_Stack;
        An_Int_Item : Integer;
        A_Char_Item : Character;
     begin
        Push( An_Int_Item );    -- overloaded
        Push( A_Char_Item );
        if A_Char_Stack.Full() then   -- qualified
           . . . 
     end;
  

  • Push is overloaded, but Ada can tell from the context (by looking at the type of the parameter) which Push procedure is intended.

  • Since there is no way to tell the difference between Full in the package A_Char_Stack and Full in An_Int_Stack, the use of this procedure must be qualified.

  Comparison of Package and Procedure Instantiation

  Package Instantiation	Procedure Instantiation
  separate data areas	separate data areas
  common code area	common code area
  static	dynamic

• Code sharing by generic packages can be complex:

  1. No parameters

     

  2. Same elements, different lengths (i.e., number of elements)

     

     • Shared code accesses a Length indicator stored in each instance to do range checking at run-time.

  3. Different element types of the same size, different lengths

     • Since only equality comparison and assignment are used, only the size of an element matters in the code.

  4. Elements of different sizes

     

     • Code which depends on the element size (e.g., find the position of an element in an array) accesses the size indicator stored by the compiler in each instance.

Control Structures

Ada has seven classes of control structures, most of them fully bracketed:

1. Conditionals
2. Iterators
3. Case
4. Subprograms
5. goto
6. Exception handling
7. Concurrency

Conditionals

   if <boolean expr> then
      <statements>
   end if;

   if <boolean expr> then
      <statements>
   else
      <statements>
   end if;

   if <boolean expr> then
      <statements>
   elsif <boolean expr> then
      <statements>
   . . .
   else
      <statements>
   end if;

Iterators

• infinite

     loop
        <statements>
     end loop;
  

• mid-decision
  E.g., exit when KEY is found or when the search list is exhausted:

     Index := List'First;
     loop
        if Index > List'Last then
           exit;
        end if;
        if List ( Index ) = Key then
           exit;
        end if;
        Index := Index + 1;
     end loop;
  

  An alternative, abbreviated notation is available, which has the added benefit of making the exit point more clearly visible:

     Index := List'First;
     loop
        exit when Index > List'Last;
        exit when List ( Index ) = Key;
        Index := Index + 1;
     end loop;
  

• indefinite iterator

     Index := List'First;
     while Index <= List'Last;
     loop
        exit when List ( Index ) = Key;
        Index := Index + 1;
     end loop;
  

• definite iterator

     for Index in List'First .. List'Last
     loop
        exit when List ( Index ) = Key;
     end loop;   
  

  but location of KEY is not known outside the loop, as I is local to the loop.

Case

   case Value is
      when Value1 | Value2 =>
         <statements>
      when Value3 =>
         <statements>
      when Value4 | Value5 | Value6 =>
         null;
      when others
         <statements>
   end case;

Subprograms

Ada provides explicit support for three parameter modes:

in

read-only access

out

write-only access

in out

read and write access

• This decouples the mode of a parameter from its implementation:

  • The programmer specifies how it is to be used (logic).

  • The compiler decides how it is to be implemented (performance).

  Compiler decides	Copying
  	Reference
  		In	Out	In out
  		Programmer decides

Ada also supports position-independent parameters with default values.
E.g.,

   procedure Draw_Axes
      ( X_Origin, Y_Origin : Coordinate := 0;
        X_Scale, Y_Scale : Real := 1.0;
        X_Spacing, Y_Spacing : Natural := 1;
        X_Label, Y_Label : Boolean := True;
        X_Log, Y_Log : Boolean := False;
        Full_Grid : Boolean := False );

• The call to this procedure may specify parameters by label, omitting some:

   Draw_Axes ( 500, 500, Y_Scale => 0.5, Y_Log => True,
               X_Spacing => 10, Y_Spacing => 10 );

Position-independent parameters are an example of the Labelling Principle.

Default parameters are an example of the Localized Cost Principle, because they allow users to ignore options (parameters) which they do not require.

However, costs are associated with these features, as they are with all features:

• complexity

• feature interaction

  E.g., operator overloading + default parameters:

     procedure P ( X : Integer; B : Boolean := False );
     procedure P ( X : Integer; Y : Integer := 0 );
  

  What is the meaning of P(3)?

  • It could refer to either procedure, as the second parameter of each has a default value.

  • SOLUTION: A set of subprogram declarations is illegal if it introduces the potential for ambiguous calls.

  E.g., overloaded enumerations + overloaded procedures:

     type Primary is ( Red, Blue, Yellow );
     type Stoplight is ( Red, Amber, Green );
  
     procedure Switch ( Color : Primary; X, Y :  Float );
     procedure Switch ( Light : Stoplight; Y, X : Float );
  

  • Red and Switch are both overloaded.

  • There are no default values.

  • These procedure declarations are illegal, because they allow the following ambiguous call:

       Switch ( Red, X => 0.0, Y => 0.0 );
    

Goto

EXERCISE: Was goto necessary, given that exit is provided?

Exception Handling

Exception handler

A block of code to be executed when an exception is raised (signalled).

E.g.,

   procedure Producer ( . . . );
      use Stack;
   begin
      . . . 
      Push ( Data );  -- If an exception is raised here
                      -- (by attempting to push to a full stack),
                      -- execution jumps to ***
      . . .
   exception
      when Stack_Error =>
         declare
            Scratch : Integer;
         begin        -- *** exception handler
            for I in 1 .. 3
            loop
               if not Empty () then
                  Pop ( Scratch );
               end if;
            end loop;
            Push ( Data );
         end;
   end Producer;

Exceptions propagate from callee to caller until an exeption handler is found:

• If an exception is raised in procedure A, then look for the corresponding handler in the procedure that called A (say, B).

• If no handler for the raised exception is given in B, then look in the caller of B, etc.

• If the main program is reached in this search down the dynamic chain and no exception handler is found there, terminate the program.

This means that exception handlers use dynamic scoping.

Why dynamic scoping?

Different callers may want to take different actions.

In implementation, an exception is like a dynamically scoped, non-local goto:

• Execution of the subprogram in which the exception occurred and of the body of the calling subprogram is aborted.

• If the dynamic chain must be scanned to find the appropriate handler, the activation record of any subprogram or block that doesn't define a handler is deleted.

Thus, exceptions violate both the Structure Principle and the Regularity Principle.

Concurrency

A tasking facility allows a program to do more than one thing at a time.
E.g., a word processor that allows the user to edit one file while printing another:

   procedure Word_Processor is

      task Edit;
      end Edit;

      task body Edit is
      begin
         -- edit some file   
      end Edit;

      task Print;
      end Print;

      task body Print is
      begin
         -- print some file   
      end Print;

   begin
      -- initiate tasks and wait for their completion
   end Word_Processor;

In general, there are three common means of synchronizing communication between concurrent processes:

• semaphores
• monitors
• rendezvous

Ada uses rendezvous:

• Task entry declarations are like mailboxes or message ports.
  E.g.,

     task Retrieve;
        entry Seek ( K : Key );
        . . .
     end Retrieve;
  

• One task sends a message to a mailbox in the other task, using syntax that looks like a procedure call with parameters.
  E.g.

     task body Summary is
        . . .
        Seek ( ID );
        . . .
     end Summary;
  

• The receiving task accepts the message from the named mailbox, and processes it.
  E.g.,

     task body Retrieve is
        . . .
        accept Seek ( K : Key ) do
           Save_Key := K;
        end Seek;
        . . .
     end Retrieve;
  

• If one of the tasks is ready and the other is not, then the ready task must wait to rendezvous with the other task. However, once the rendezvous has occurred (i.e., the callee has accepted the parameters), both tasks continue executing concurrently (unlike a procedure call,

E.g., a system which retrieves records to produce a summary, such that records may be retrieved concurrently with the production of the summary:

   procedure DB_System is

      task Summary;
      end Summary;

      task body Summary is
      begin
         . . .
         Seek ( ID );
         . . .
         Fetch ( New_Record );
         . . .
      end Summary;

      task Retrieve;
         entry Seek ( K : Key );
         entry Fetch ( out P : Packet );
      end Retrieve;

      task body Retrieve is
      begin
         loop
            accept Seek ( K : Key ) do
               Save_Key := K;
            end Seek;

            -- seek packet record and put it in New_Packet
            . . . 

            accept Fetch ( out P : Packet ) do
               P := New_Packet;
            end Fetch;
         end loop;
      end Retrieve;

   begin
      -- initiate tasks and wait for their completion
   end DB_System;

Note that the Fetch message is sent from the task Summary to the task Retrieve, even though the data transfer of the record retrieved from the database is from Retrieve to Summary, because the mode of the Fetch message parameter is out -- when it receives a Fetch message, Retrieve copies the record it retrieved from the database into the out-mode parameter provided by Summary.

Comparison of Subprograms and Tasks

Subprogram	Task
Parameters transmitted from caller to callee.	same
Caller is suspended and callee is activated.	Caller continues executing concurrently with callee.
When callee is deactivated, caller is reactivated.	Caller may not terminate until all local tasks finish.

Ada provides a special synchronization control structure to allow a task to wait for any of several rendezvous.
E.g.,

   select
      accept Send ( D : Document ) 
      do
         -- print the document
         . . .
      end Send;
   or accept Terminate 
      do 
         exit
      end Terminate;
   end select;

A deadlock can occur if one task is waiting for a rendezvous which never takes place. One way to avoid deadlocks is to use guarded entries so that a message is accepted only if a condition is satisfied:

   select
      when Avail < Size accept Send ( D : in Document ) 
      do
         -- add document to buffer
         Avail := Avail + 1;
      end Send;

   or when Avail > 0 accept Receive ( D : out Document )
      do
         -- return a document from the buffer
         Avail := Avail - 1;
      end Receive;

   or accept Terminate 
      do 
         exit
      end Terminate;
   end select;