%!PS-Adobe-2.0
%%Creator: dvipsk 5.528a Copyright 1986, 1994 Radical Eye Software
%%Title: cootsfinal.dvi
%%Pages: 16
%%PageOrder: Ascend
%%BoundingBox: 0 0 612 792
%%EndComments
%DVIPSCommandLine: dvips cootsfinal
%DVIPSParameters: dpi=300, compressed, comments removed
%DVIPSSource: TeX output 1996.05.06:1305
%%BeginProcSet: texc.pro
/TeXDict 250 dict def TeXDict begin /N{def}def /B{bind def}N /S{exch}N
/X{S N}B /TR{translate}N /isls false N /vsize 11 72 mul N /hsize 8.5 72
mul N /landplus90{false}def /@rigin{isls{[0 landplus90{1 -1}{-1 1}
ifelse 0 0 0]concat}if 72 Resolution div 72 VResolution div neg scale
isls{landplus90{VResolution 72 div vsize mul 0 exch}{Resolution -72 div
hsize mul 0}ifelse TR}if Resolution VResolution vsize -72 div 1 add mul
TR[matrix currentmatrix{dup dup round sub abs 0.00001 lt{round}if}
forall round exch round exch]setmatrix}N /@landscape{/isls true N}B
/@manualfeed{statusdict /manualfeed true put}B /@copies{/#copies X}B
/FMat[1 0 0 -1 0 0]N /FBB[0 0 0 0]N /nn 0 N /IE 0 N /ctr 0 N /df-tail{
/nn 8 dict N nn begin /FontType 3 N /FontMatrix fntrx N /FontBBox FBB N
string /base X array /BitMaps X /BuildChar{CharBuilder}N /Encoding IE N
end dup{/foo setfont}2 array copy cvx N load 0 nn put /ctr 0 N[}B /df{
/sf 1 N /fntrx FMat N df-tail}B /dfs{div /sf X /fntrx[sf 0 0 sf neg 0 0]
N df-tail}B /E{pop nn dup definefont setfont}B /ch-width{ch-data dup
length 5 sub get}B /ch-height{ch-data dup length 4 sub get}B /ch-xoff{
128 ch-data dup length 3 sub get sub}B /ch-yoff{ch-data dup length 2 sub
get 127 sub}B /ch-dx{ch-data dup length 1 sub get}B /ch-image{ch-data
dup type /stringtype ne{ctr get /ctr ctr 1 add N}if}B /id 0 N /rw 0 N
/rc 0 N /gp 0 N /cp 0 N /G 0 N /sf 0 N /CharBuilder{save 3 1 roll S dup
/base get 2 index get S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx
0 ch-xoff ch-yoff ch-height sub ch-xoff ch-width add ch-yoff
setcachedevice ch-width ch-height true[1 0 0 -1 -.1 ch-xoff sub ch-yoff
.1 sub]/id ch-image N /rw ch-width 7 add 8 idiv string N /rc 0 N /gp 0 N
/cp 0 N{rc 0 ne{rc 1 sub /rc X rw}{G}ifelse}imagemask restore}B /G{{id
gp get /gp gp 1 add N dup 18 mod S 18 idiv pl S get exec}loop}B /adv{cp
add /cp X}B /chg{rw cp id gp 4 index getinterval putinterval dup gp add
/gp X adv}B /nd{/cp 0 N rw exit}B /lsh{rw cp 2 copy get dup 0 eq{pop 1}{
dup 255 eq{pop 254}{dup dup add 255 and S 1 and or}ifelse}ifelse put 1
adv}B /rsh{rw cp 2 copy get dup 0 eq{pop 128}{dup 255 eq{pop 127}{dup 2
idiv S 128 and or}ifelse}ifelse put 1 adv}B /clr{rw cp 2 index string
putinterval adv}B /set{rw cp fillstr 0 4 index getinterval putinterval
adv}B /fillstr 18 string 0 1 17{2 copy 255 put pop}for N /pl[{adv 1 chg}
{adv 1 chg nd}{1 add chg}{1 add chg nd}{adv lsh}{adv lsh nd}{adv rsh}{
adv rsh nd}{1 add adv}{/rc X nd}{1 add set}{1 add clr}{adv 2 chg}{adv 2
chg nd}{pop nd}]dup{bind pop}forall N /D{/cc X dup type /stringtype ne{]
}if nn /base get cc ctr put nn /BitMaps get S ctr S sf 1 ne{dup dup
length 1 sub dup 2 index S get sf div put}if put /ctr ctr 1 add N}B /I{
cc 1 add D}B /bop{userdict /bop-hook known{bop-hook}if /SI save N @rigin
0 0 moveto /V matrix currentmatrix dup 1 get dup mul exch 0 get dup mul
add .99 lt{/QV}{/RV}ifelse load def pop pop}N /eop{SI restore userdict
/eop-hook known{eop-hook}if showpage}N /@start{userdict /start-hook
known{start-hook}if pop /VResolution X /Resolution X 1000 div /DVImag X
/IE 256 array N 0 1 255{IE S 1 string dup 0 3 index put cvn put}for
65781.76 div /vsize X 65781.76 div /hsize X}N /p{show}N /RMat[1 0 0 -1 0
0]N /BDot 260 string N /rulex 0 N /ruley 0 N /v{/ruley X /rulex X V}B /V
{}B /RV statusdict begin /product where{pop product dup length 7 ge{0 7
getinterval dup(Display)eq exch 0 4 getinterval(NeXT)eq or}{pop false}
ifelse}{false}ifelse end{{gsave TR -.1 .1 TR 1 1 scale rulex ruley false
RMat{BDot}imagemask grestore}}{{gsave TR -.1 .1 TR rulex ruley scale 1 1
false RMat{BDot}imagemask grestore}}ifelse B /QV{gsave newpath transform
round exch round exch itransform moveto rulex 0 rlineto 0 ruley neg
rlineto rulex neg 0 rlineto fill grestore}B /a{moveto}B /delta 0 N /tail
{dup /delta X 0 rmoveto}B /M{S p delta add tail}B /b{S p tail}B /c{-4 M}
B /d{-3 M}B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B /j{3 M}B /k{
4 M}B /w{0 rmoveto}B /l{p -4 w}B /m{p -3 w}B /n{p -2 w}B /o{p -1 w}B /q{
p 1 w}B /r{p 2 w}B /s{p 3 w}B /t{p 4 w}B /x{0 S rmoveto}B /y{3 2 roll p
a}B /bos{/SS save N}B /eos{SS restore}B end
%%EndProcSet
TeXDict begin 40258431 52099146 1000 300 300 (cootsfinal.dvi)
@start /Fa 2 111 df<123E12065AA45A137013B8EA1938EA3230EA34001238123E1263
1310A3EAC320EAC1C00D147E9312>107 D110 D E /Fb 43 122 df12 D45 D<1238127C12FEA3127C123807077C8610>I<
13181378EA01F812FFA21201B3A7387FFFE0A213207C9F1C>49 DI<13FE3807FFC0380F07E0381E03F0123FEB81F8A3EA1F0314F0120014E0EB07C0
EB1F803801FE007F380007C0EB01F014F8EB00FCA2003C13FE127EB4FCA314FCEA7E0100
7813F8381E07F0380FFFC03801FE0017207E9F1C>I<14E013011303A21307130F131FA2
1337137713E7EA01C71387EA03071207120E120C12181238127012E0B512FEA2380007E0
A7EBFFFEA217207E9F1C>I<1470A214F8A3497EA2497EA3EB06FF80010E7FEB0C3FA201
187F141F01387FEB300FA201607F140701E07F90B5FCA239018001FCA200038090C7FCA2
0006147FA23AFFE00FFFF8A225227EA12A>65 DIII<
B612FCA23807F000153C151C150C150EA215061418A3150014381478EBFFF8A2EBF07814
381418A21503A214001506A3150EA2151E153EEC01FCB6FCA220227EA125>III76 DI<
EB07FC90383FFF809038FC07E03903F001F848486C7E4848137E48487FA248C7EA1F80A2
4815C0007E140FA200FE15E0A9007E15C0007F141FA26C15806D133F001F15006C6C137E
6C6C5B6C6C485A3900FC07E090383FFF80D907FCC7FC23227DA12A>79
DII<3801FC043807FF8C381F03FC383C007C007C133C0078131CA200F8130CA27E1400B4
FC13E06CB4FC14C06C13F06C13F86C13FC000313FEEA003FEB03FFEB007F143FA200C013
1FA36C131EA26C133C12FCB413F838C7FFE00080138018227DA11F>83
D<007FB61280A2397E03F80F00781407007014030060140100E015C0A200C01400A40000
1500B3A20003B512F8A222227EA127>III97
DII
I<13FE3807FF80380F87C0381E01E0003E13F0EA7C0014F812FCA2B5FCA200FCC7FCA312
7CA2127E003E13186C1330380FC0703803FFC0C6130015167E951A>I<3803FC1E380FFF
7F381F0F8F383E07CF383C03C0007C13E0A5003C13C0EA3E07381F0F80EBFF00EA13FC00
30C7FCA21238383FFF806C13F06C13F84813FCEA380048133E00F0131EA40078133C007C
137C383F01F8380FFFE00001130018217E951C>103 DI<121C123E127FA3123E121C
C7FCA7B4FCA2121FB2EAFFE0A20B247EA310>I
108 D<3AFF07F007F090391FFC1FFC3A1F303E303E01401340496C487EA201001300AE3B
FFE0FFE0FFE0A22B167E9530>I<38FF07E0EB1FF8381F307CEB403CEB803EA21300AE39
FFE1FFC0A21A167E951F>I<13FE3807FFC0380F83E0381E00F0003E13F848137CA300FC
137EA7007C137CA26C13F8381F01F0380F83E03807FFC03800FE0017167E951C>I<38FF
0FE0EB3FF8381FF07CEB803E497E1580A2EC0FC0A8EC1F80A29038803F00EBC03EEBE0FC
EB3FF8EB0FC090C8FCA8EAFFE0A21A207E951F>I114 DI<487EA41203A21207A2120F123FB5FCA2EA0F80AB
EB8180A5EB8300EA07C3EA03FEEA00F811207F9F16>I<38FF01FEA2381F003EAF147E14
FE380F81BE3907FF3FC0EA01FC1A167E951F>I<3AFFE7FF07F8A23A1F007800C0D80F80
EB0180147CA23A07C07E030014DE01E05B0003EBDF06EBE18FD801F15B01F3138C9038FB
079C000014D8EBFE03017E13F0A2EB7C01013C5BEB380001185B25167F9528>119
D<39FFE07FC0A2390F801C006C6C5A6C6C5AEBF0606C6C5A3800F980137F6DC7FC7F8049
7E1337EB63E0EBC1F03801C0F848487E3807007E000E133E39FF80FFE0A21B167F951E>
I<39FFE01FE0A2390F800600A2EBC00E0007130CEBE01C00031318A26C6C5AA26C6C5AA2
EB7CC0A2137F6D5AA26DC7FCA2130EA2130CA25B1278EAFC3813305BEA69C0EA7F80001F
C8FC1B207F951E>I E /Fc 1 121 df120 D E /Fd 5 107
df3 D15 D<133C13E0EA01C013801203AD13005A121C12F0
121C12077E1380AD120113C0EA00E0133C0E297D9E15>102 D<12F0121C12077E1380AD
120113C0EA00E0133C13E0EA01C013801203AD13005A121C12F00E297D9E15>I<12C0B3
B3A502297B9E0C>106 D E /Fe 20 119 df<126012F0A2126004047C830C>58
D<126012F0A212701210A41220A212401280040C7C830C>II<12E01278121EEA0780EA01E0EA007813
1EEB0780EB01E0EB0078141EEC0780A2EC1E001478EB01E0EB0780011EC7FC1378EA01E0
EA0780001EC8FC127812E019187D9520>62 D<39FFC00FF0391E000380001C140014025C
121E000E5BA25C5CA25C5CA2D80F01C7FC120713025BA25B1318131013A0120313C05BA2
90C8FCA21C1D7D9B18>86 D97 D<123F1207A2120EA45AA4EA39E0EA3A30
EA3C1812381270131CA3EAE038A313301370136013C01261EA2300121E0E1D7E9C12>I<
EA01F0EA030C120EEA1C1EEA383CEA3018EA7000A25AA51304EA60081310EA3060EA1F80
0F127E9112>I101 DIIII<1307130F
A213061300A61370139CEA010C1202131C12041200A21338A41370A413E0A4EA01C01261
EAF180EAF30012E6127C1024809B11>III<13F8EA030CEA0E06487E1218123000701380A238E00700A3130EA25B
EA60185BEA30E0EA0F8011127E9114>111 D114 D<13C01201A3EA0380A4EAFFF0EA0700A3
120EA45AA4EA3820A21340A2EA1880EA0F000C1A80990F>116 D118
D E /Ff 25 122 df12 D45
D<127812FCA4127806067D850D>I97
DIIII<137F3801E3803803C7C0EA0787120FEB8380EB8000A5EA
FFF8A2EA0F80AEEA7FF8A2121D809C0F>I<3803F8F0380E0F38121E381C0730003C1380
A4001C1300EA1E0FEA0E0EEA1BF80010C7FC1218A2EA1FFF14C06C13E04813F0387801F8
38F00078A300701370007813F0381E03C03807FF00151B7F9118>II<121E123FA4121EC7FCA6
B4FCA2121FAEEAFFE0A20B1E7F9D0E>I108
D<39FF0FC07E903831E18F3A1F40F20780D980FC13C0A2EB00F8AB3AFFE7FF3FF8A22512
7F9128>I<38FF0FC0EB31E0381F40F0EB80F8A21300AB38FFE7FFA218127F911B>II<38FF3F80EBE1E0381F80F0EB0078147C143C143EA6
143C147C1478EB80F0EBC1E0EB3F0090C7FCA6EAFFE0A2171A7F911B>I114 DI<1203A45AA25AA2EA3FFC12FFEA1F00A9130CA4EA0F08EA0798EA03F00E1A
7F9913>I<38FF07F8A2EA1F00AC1301120F380786FFEA01F818127F911B>I<38FFC1FCA2
381F0060EB80E0000F13C013C03807C180A23803E300A2EA01F6A213FE6C5AA21378A213
3016127F9119>I<39FF8FF8FEA2391F03E030A201831370000FEBF0601386D807C613C0
EBCEF8EBEC790003EB7D80EBF83D0001EB3F00A2497E0000131EEBE00EA21F127F9122>
I<38FFC7FCA2381F8180EA0F833807C700EA03EEEA01FC5B1200137C13FEEA01DFEA039F
38070F80380607C0380C03E038FF07FCA216127F9119>I<38FFC1FCA2381F0060EB80E0
000F13C013C03807C180A23803E300A2EA01F713F6EA00FE5BA21378A21330A21370EA70
6012F85BEAF9800073C7FC123E161A7F9119>I E /Fg 2 85 df77 D84 D E /Fh 1 44 df<130C131EAA007FB51280B612C0A26C1480D8001EC7FCAA
130C1A1A7E9E1F>43 D E /Fi 2 85 df77 D84
D E /Fj 2 51 df<120C121C12EC120CAFEAFFC00A137D9211>49
D<121FEA60C01360EAF07013301260EA0070A2136013C012011380EA02005AEA08101210
EA2020EA7FE012FF0C137E9211>I E /Fk 3 51 df<1204A2EAC460EAE4E0EA3F80EA0E
00EA3F80EAE4E0EAC460EA0400A20B0B7F920F>42 D<120C123C12CC120CACEAFF800910
7E8F0F>49 D<121FEA6180EA40C0EA806012C01200A213C0EA0180EA030012065AEA1020
1220EA7FC012FF0B107F8F0F>I E /Fl 53 123 df<903801FC3C9038060E67010C13C7
90381C0DC6EC01C01338EC0380A413700007B512F83900700700A313E0140EA4EA01C05C
A4EA03805CA31300481330147000061360EAC66038E470C038C86180D8703EC7FC202581
9C19>11 DI<903901FE0FF090390307380C0106137090390C06601C90391C00E00CEDC0
0014011338A34A5A0003B612F03A0070038070A3020713E01500A213E0ED01C0A2140EA2
D801C0EB0388A3021C13901501D80380EB00E016005C13001430EAC63038E6386038CC30
C0D8781FC8FC2625819C25>14 D35
D<13031306130813181330136013C0A2EA0180EA0300A21206A25AA2121C1218A2123812
30A21270A21260A412E0A51260A51220123012107EA2102A7B9E11>40
D<1310A21308130C13041306A51307A51306A4130EA2130CA2131C1318A213381330A213
60A213C0A2EA0180EA0300A212065A5A121012605A102A809E11>I<1218123812781238
1208A21210A212201240A21280050C7D830D>44 DI<12301278
12F0126005047C830D>I<1206120FA212061200AA1230127812F0126008127C910D>58
D64 D<1418A21438A21478A214B813
0114381302143CEB041CA21308131813101320A2EB7FFCEB401C1380120113001202A248
7F120C001C131EB4EBFFC01A1D7E9C1F>I<3801FFFE39003C078090383803C01401A313
701403A2EC078001E01300140E143CEBFFF83801C01C80140FA2EA0380A43807001E141C
143C5C380E01E0B512801A1C7D9B1D>I<903803F02090381E0C6090383002E09038E003
C03801C001EA038048C7FC000E1480121E121C123C15005AA35AA41404A35C12705C6C5B
00185B6C485AD80706C7FCEA01F81B1E7A9C1E>I<3801FFFE39003C078090383801C0A2
EC00E0A24913F01570A215F05BA43901C001E0A315C0380380031580140715003807000E
5C5C5C380E01C0B5C7FC1C1C7D9B1F>I<48B512E038003C00013813601540A35BA21420
1500495AA214C013FF3801C080A43803810113801402A248485AA2140C5C000E1378B55A
1B1C7D9B1C>I<48B512C038003C01EB38001580A35BA214201500495AA214C013FF3801
C080A4D80381C7FC1380A348C8FCA45AEAFFF01A1C7D9B1B>I<3801FFC038003C001338
A45BA45BA4485AA4485AA448C7FCA45AEAFFE0121C7E9B10>73 D<3801FFE038003C0013
38A45BA45BA4485AA438038008A31410EA07001430146014E0380E03C0B5FC151C7D9B1A
>76 DI<3901FC03FE39001C0070013C1360012E1340A301471380
A3EB43809038838100A2138114C1380101C2A2EB00E2A2000213E41474A3481338A3000C
1318001C1310EAFF801F1C7D9B1F>II<3801FFFC38003C079038380380
EC01C0A3EB7003A31580EBE0071500140E14383801FFE001C0C7FCA3485AA448C8FCA45A
EAFFE01A1C7D9B1C>I83 D<001FB512C0381C070138300E0000201480126012
405B1280A2000014005BA45BA45BA4485AA41203EA7FFE1A1C799B1E>I<39FF803FC039
1C000F0014045CA25CA25C5CA2001E5B120E49C7FC1302A25BA25B131813105B12075B13
C05B90C8FCA21206A21A1D779B1F>86 D<3AFF83FF0FF03A3C007001C00038158002F013
001502EB01705D13025DEA1C045D13085D13105D13205DEB407192C7FCEB8072121DEB00
74121E1478121C1470121814601210241D779B29>I97
D<123F1207A2120EA45AA4EA39C0EA3E60EA3830A2EA7038A4EAE070A3136013E0EAC0C0
12C1EA6180EA6300123C0D1D7B9C13>IIIII<13F3EA01
8FEA030FEA0607EA0E0E120C121CA2EA381CA413381230A2EA187813F0EA0F701200A213
E0A2EAC0C012E1EAC300127E101A7D9113>II<
EA01801203EA0100C7FCA7121C12261247A2128EA2120E5AA35AA21271A31272A2123C09
1C7C9B0D>I<1306130E13061300A713F0EA01181202A2EA0438A21200A21370A413E0A4
EA01C0A4EA0380A2EAC30012E712CE12780F24819B0D>III<393C1E078039266318C0394683A0E0384703C0008E1380
A2120EA2391C0701C0A3EC0380D8380E1388A2EC0708151039701C032039300C01C01D12
7C9122>IIIIIII<13C01201A3EA0380A4EAFFE0EA0700A3120EA45AA4EA3840A31380
EA1900120E0B1A7D990E>III<381E01833827038712
47148338870701A2120EA2381C0E02A31404EA180C131C1408001C1310380C26303807C3
C018127C911C>IIII E /Fm
74 126 df<126012F0AF12601200A4126012F0A212600419779816>33
DII38 D<13E01201EA0380EA070012
0E5AA25AA25AA35AA91270A37EA27EA27E7EEA0380EA01E012000B217A9C16>40
D<12C07E12707E7E7EA27EA2EA0380A3EA01C0A9EA0380A3EA0700A2120EA25A5A5A5A5A
0A217B9C16>II
I<1238127C127EA2123E120E121E121C127812F01260070B798416>II<127012F8A312700505788416>IIIII<127012F8A312701200A8127012F8A312700512789116>58
D<1238127CA312381200A812381278127CA2123C121CA21238127012E012400618799116
>III<12C012F012FC123EEA0F806C7EEA01F06C7E133EEB1F801307
131FEB3E0013F8485AEA07C0485A003EC7FC12FC12F012C011157E9616>I<13F8EA03FC
487EEA0F07381C3F80EA387FEA78FF3871C3C0A2EAE381A73871C380A23878FF00EA387E
EA1C3C380F03C0EA07FF6C1300EA00FC12197E9816>64 D<13E0487EA213B0A2EA03B8A3
1318EA071CA5EA0E0EA2EA0FFEA2487EEA1C07A3387F1FC000FF13E0007F13C013197F98
16>II<3801F180EA07FBEA0FFFEA
1F0FEA3C07EA38031270A200F0C7FC5AA77E38700380A21238383C0700EA1F0FEA0FFE6C
5AEA01F011197E9816>II<387FFFC0B5FC7EEA1C
01A490C7FCA2131CA2EA1FFCA3EA1C1CA290C7FC14E0A5EA7FFFB5FC7E13197F9816>I<
B512E0A3EA1C00A41400A2131CA2EA1FFCA3EA1C1CA290C7FCA6B47E7F5B13197F9816>
II<387F1FC038FFBFE038
7F1FC0381C0700A7EA1FFFA3EA1C07A9387F1FC038FFBFE0387F1FC013197F9816>II<387F0FE038FF8FF0387F0FE0381C0780EB0F
00130E5B133C5B5B5BEA1DF0121F7F1338EA1E1C121C7FA27FA2EB0380387F07E038FF8F
F0387F07E01419809816>75 D<38FC07E0EAFE0FA2383A0B80EA3B1BA513BBEA39B3A413
F3EA38E3A21303A538FE0FE0A313197F9816>77 D<387E1FC038FF3FE0387F1FC0381D07
001387A313C7A2121CA213E7A31367A21377A21337A31317EA7F1FEAFF9FEA7F0F13197F
9816>III
82 DI<387FFFE0B5
FCA2EAE0E0A400001300AFEA07FC487E6C5A13197F9816>I<387F07F038FF8FF8387F07
F0381C01C0B0380E0380A23807070013FF6C5AEA00F81519809816>I<38FE0FE0EAFF1F
EAFE0F38380380381C0700A4EA0E0EA4EA060CEA071CA4EA031813B8A3EA01B013F0A26C
5A13197F9816>I<38FC07E0EAFE0FEAFC07387001C0A300301380EA3803A313E3EA39F3
A213B300191300A61313EA1B1BEA0F1EA2EA0E0E13197F9816>I<387F1F80133F131F38
0E1E00131CEA073C1338EA03B813F012015B120012017F120313B81207131CA2EA0E0EA2
487E387F1FC000FF13E0007F13C013197F9816>I91 D93 D95 D97 D<127E12FE127E120EA4133E13FF000F1380EB83
C0EB00E0120E1470A614E0EA0F01EB83C0EBFF80000E1300EA063C1419809816>II<133F5B7F1307A4EA03C7EA0FF748B4FCEA3C1F487EEA700712E0A6EA70
0FA2EA3C1F381FFFE0380FE7F03807C7E014197F9816>II<131FEB7F8013FFEA01E7EBC30013C0A2EA7FFFB5FCA2EA01C0ACEA3FFE487E6C5A
11197F9816>I<3803E3C03807F7E0EA0FFF381C1CC038380E00A56C5AEA0FF8485AEA1B
E00038C7FC1218EA1FFC13FF481380387803C038E000E0A4387001C0EA7C07383FFF8038
0FFE00EA03F8131C7F9116>I<127E12FE127E120EA4133C13FEEA0FFFEB87801303120E
AA387FC7F038FFE7F8387FC7F01519809816>II<13301378A213301300A4EA1FF8A3EA0038B3EA
6070EAF0F0EAFFE0EA7FC0EA3F800D237E9916>I<127E12FE127E120EA4EB7FE0A3EB0F
00131E5B5B5B120F7F13BC131EEA0E0E7F1480387F87F0EAFFCFEA7F871419809816>I<
EAFFC0A31201B3B51280A311197E9816>I<38F9C38038FFEFC0EBFFE0EA3C78A2EA3870
AA38FE7CF8A2EB3C781512809116>IIIII<38FF
0FC0EB3FE0137F3807F040EBC0005BA290C7FCA8EAFFFCA313127F9116>II<12035AA4EA7FFFB5FCA20007C7FCA75BEB0380A3EB87
00EA03FE6C5A6C5A11177F9616>I<387E1F80EAFE3FEA7E1FEA0E03AB130F380FFFF038
07FBF83803E3F01512809116>I<387F1FC000FF13E0007F13C0381C0700EA1E0FEA0E0E
A36C5AA4EA03B8A3EA01F0A26C5A13127F9116>I<38FF1FE013BF131F38380380A413E3
3819F300A213B3EA1DB7A4EA0F1EA313127F9116>I<387F1FC0133F131F380F1C00EA07
3CEA03B813F012016C5A12017FEA03B8EA073C131CEA0E0E387F1FC038FF3FE0387F1FC0
13127F9116>I<387F1FC038FF9FE0387F1FC0381C0700120E130EA212075BA2EA039CA2
1398EA01B8A2EA00F0A35BA3485A1279127BEA7F806CC7FC123C131B7F9116>I<383FFF
C05AA238700780EB0F00131EC65A5B485A485AEA078048C7FC381E01C0123C1278B5FCA3
12127F9116>II<12E0B3AE0320779C16>I<127CB4FC7FEA03C012
01A97F6CB4FCEB7F80A2EBFF00EA01E05BA91203B45A90C7FC127C11207E9C16>I
E /Fn 82 123 df11 D<137E3801C180EA0301380703C0120EEB
018090C7FCA5B512C0EA0E01B0387F87F8151D809C17>II<90383F07E03901C09C18380380F0D807
01133C000E13E00100131892C7FCA5B612FC390E00E01CB03A7FC7FCFF80211D809C23>
I<126012F0A71260AD1200A5126012F0A21260041E7C9D0C>33 DI<126012F012F8126812
08A31210A2122012401280050C7C9C0C>39 D<13401380EA0100120212065AA25AA25AA2
12701260A312E0AC1260A312701230A27EA27EA27E12027EEA008013400A2A7D9E10>I<
7E12407E7E12187EA27EA27EA213801201A313C0AC1380A312031300A21206A25AA25A12
105A5A5A0A2A7E9E10>II<1306ADB612E0A2D80006C7FCAD1B1C7E9720>
I<126012F0A212701210A41220A212401280040C7C830C>II<12
6012F0A2126004047C830C>I<130113031306A3130CA31318A31330A31360A213C0A3EA
0180A3EA0300A31206A25AA35AA35AA35AA35AA210297E9E15>II<12035A123F12C71207B3A4EA0F80EAFFF80D1C7C9B15>III<130CA2131C133CA2135C13
DC139CEA011C120312021204120C1208121012301220124012C0B512C038001C00A73801
FFC0121C7F9B15>II<
13F0EA030CEA0604EA0C0EEA181E1230130CEA7000A21260EAE3E0EAE430EAE818EAF00C
130EEAE0061307A51260A2EA7006EA300E130CEA1818EA0C30EA03E0101D7E9B15>I<12
40387FFF801400A2EA4002485AA25B485AA25B1360134013C0A212015BA21203A41207A6
6CC7FC111D7E9B15>III<126012F0A212601200AA126012F0A2126004127C910C>I<12
6012F0A212601200AA126012F0A212701210A41220A212401280041A7C910C>I<007FB5
12C0B612E0C9FCA8B612E06C14C01B0C7E8F20>61 D64 D<1306A3130FA3EB1780A3EB23C0A3EB41E0A3EB80F0A200017FEB0078
EBFFF83803007C0002133CA20006133E0004131EA2000C131F121E39FF80FFF01C1D7F9C
1F>II<90381F8080EBE06138018019
38070007000E13035A14015A00781300A2127000F01400A8007014801278A212386CEB01
00A26C13026C5B380180083800E030EB1FC0191E7E9C1E>IIII<90381F80
80EBE0613801801938070007000E13035A14015A00781300A2127000F01400A6ECFFF0EC
0F80007013071278A212387EA27E6C130B380180113800E06090381F80001C1E7E9C21>
I<39FFF3FFC0390F003C00ACEBFFFCEB003CAD39FFF3FFC01A1C7E9B1F>III<39FFF03FE0390F000F00140C14085C5C5C5C49C7FC13025B130E
131F132FEB27801347EB83C0EB01E0A26D7E80147880A280141F158039FFF07FF01C1C7E
9B20>I
IIIII82
D<3807E080EA1C19EA3005EA7003EA600112E01300A36C13007E127CEA7FC0EA3FF8EA1F
FEEA07FFC61380130FEB07C0130313011280A300C01380A238E00300EAD002EACC0CEA83
F8121E7E9C17>I<007FB512C038700F010060130000401440A200C014201280A3000014
00B1497E3803FFFC1B1C7F9B1E>I<39FFF07FC0390F000E001404B3A26C5B138000035B
12016C6C5AEB70C0011FC7FC1A1D7E9B1F>I<39FFE00FF0391F0003C06CEB018015006D
5A00071302A26C6C5AA36C6C5AA213F000005BA2EBF830EB7820A26D5AA36D5AA2131F6D
C7FCA21306A31C1D7F9B1F>I<3AFFE0FFE0FF3A1F001F003C001E011E13186C011F1310
A3D807801420EC2780A2D803C01440EC43C0A213E00001903881E080A33A00F100F100A3
017913FA017A137AA2013E137C013C133CA301181318A3281D7F9B2B>I<397FF0FFC039
0FC03E0038078018EA03C0EBE01000015BEBF06000001340EB7880137D013DC7FC7F131F
7F80A2EB13C0EB23E01321EB41F0EBC0F8EB80783801007C48133C00027F0006131F001F
EB3F8039FFC0FFF01C1C7F9B1F>I<387FFFF0EA7C01007013E0386003C0A23840078013
0F1400131E12005B137C13785BA2485A1203EBC010EA0780A2EA0F00481330001E13205A
14604813E0EAF803B5FC141C7E9B19>90 D<12FEA212C0B3B312FEA207297C9E0C>II<12
FEA21206B3B312FEA20729809E0C>I97
D<12FC121CAA137CEA1D86EA1E03381C018014C0130014E0A614C013011480381E0300EA
1906EA10F8131D7F9C17>II<133F1307AAEA03E7EA0C17EA180F487E12
70126012E0A61260127012306C5AEA0C373807C7E0131D7E9C17>II<13F8EA018CEA071E1206EA0E0C1300A6EAFFE0EA0E00B0EA7FE00F1D809C
0D>II<12FC121CAA137C1387EA1D03001E1380121CAD38FF9FF0141D
7F9C17>I<1218123CA21218C7FCA712FC121CB0EAFF80091D7F9C0C>I<13C0EA01E0A2EA
00C01300A7EA0FE01200B3A21260EAF0C012F1EA6180EA3E000B25839C0D>I<12FC121C
AAEB3FC0EB0F00130C13085B5B5B13E0121DEA1E70EA1C781338133C131C7F130F148038
FF9FE0131D7F9C16>I<12FC121CB3A9EAFF80091D7F9C0C>I<39FC7E07E0391C83883839
1D019018001EEBE01C001C13C0AD3AFF8FF8FF8021127F9124>IIIIIII<1204A4120CA212
1C123CEAFFE0EA1C00A91310A5120CEA0E20EA03C00C1A7F9910>I<38FC1F80EA1C03AD
1307120CEA0E1B3803E3F014127F9117>I<38FF07E0383C0380381C0100A2EA0E02A26C
5AA3EA0388A213D8EA01D0A2EA00E0A3134013127F9116>I<39FF3FCFE0393C0F038038
1C07011500130B000E1382A21311000713C4A213203803A0E8A2EBC06800011370A2EB80
30000013201B127F911E>I<387F8FF0380F03801400EA0702EA0384EA01C813D8EA00F0
1370137813F8139CEA010E1202EA060738040380381E07C038FF0FF81512809116>I<38
FF07E0383C0380381C0100A2EA0E02A26C5AA3EA0388A213D8EA01D0A2EA00E0A31340A2
5BA212F000F1C7FC12F31266123C131A7F9116>I
I E /Fo 45 122 df<49B4FC011F13C090387F81E0EBFC013901F807F01203EA07F0A4EC
01C091C8FCA3EC3FF8B6FCA33807F003B3A33A7FFF3FFF80A3212A7FA925>12
D45 D<1403EC0780A2140F1500A25C141E143E143CA2147C1478
A214F85C13015CA213035CA213075C130F91C7FCA25B131E133E133CA2137C1378A213F8
5B12015BA212035BA212075B120F90C8FCA25A121EA2123E123C127C1278A212F85AA212
60193C7CAC22>47 D<130E131E137EEA07FE12FFA212F81200B3ABB512FEA317277BA622
>49 DII<140FA25C5C5C5C5BA2
EB03BFEB073F130E131C133C1338137013E0EA01C0EA038012071300120E5A5A5A12F0B6
12F8A3C7EA7F00A890381FFFF8A31D277EA622>I<00181303381F801FEBFFFE5C5C5C14
C091C7FC001CC8FCA7EB7FC0381DFFF8381F80FC381E003F1208C7EA1F8015C0A215E0A2
1218127C12FEA315C05A0078EB3F80A26CEB7F00381F01FE6CB45A000313F0C613801B27
7DA622>II<1238123E003FB512F0A34814E015C0158015003870000EA25C485B5C5CC6485A
A2495A130791C7FC5B5B131E133EA2137E137CA213FCA41201A76C5A13701C297CA822>
II
65 D<91387FE003903907FFFC07011FEBFF0F90397FF00F9F9039FF0001FFD801FC7F48
48147F4848143F4848141F485A160F485A1607127FA290C9FC5AA97E7F1607123FA26C7E
160E6C7E6C6C141C6C6C143C6C6C14786CB4EB01F090397FF007C0011FB512800107EBFE
009038007FF028297CA831>67 DI70 D73
D76 D79 D82
D<9038FF80600003EBF0E0000F13F8381F80FD383F001F003E1307481303A200FC1301A2
14007EA26C140013C0EA7FFCEBFFE06C13F86C13FE80000714806C14C0C6FC010F13E0EB
007FEC1FF0140F140700E01303A46C14E0A26C13076C14C0B4EB0F80EBE03F39E3FFFE00
00E15B38C01FF01C297CA825>I<007FB71280A39039807F807FD87C00140F00781507A2
0070150300F016C0A2481501A5C791C7FCB3A490B612C0A32A287EA72F>I86
DI<3803FF80000F13F0381F01FC383F80FE147F801580EA1F00C7FCA4EB3FFF
3801FC3FEA0FE0EA1F80EA3F00127E5AA4145F007E13DF393F839FFC381FFE0F3803FC03
1E1B7E9A21>97 DIIIII<9038FF80
F00003EBE3F8390FC1FE1C391F007C7C48137E003EEB3E10007EEB3F00A6003E133E003F
137E6C137C380FC1F8380BFFE00018138090C8FC1238A2123C383FFFF814FF6C14C06C14
E06C14F0121F383C0007007CEB01F8481300A4007CEB01F0A2003FEB07E0390FC01F806C
B5120038007FF01E287E9A22>I<1207EA0F80EA1FC0EA3FE0A3EA1FC0EA0F80EA0700C7
FCA7EAFFE0A3120FB3A3EAFFFEA30F2B7EAA12>105 D107 DI<26FFC07FEB1FC0903AC1FFC07FF0903AC307E0C1F8D80FC49038F101
FC9039C803F20001D801FE7F01D05BA201E05BB03CFFFE3FFF8FFFE0A3331B7D9A38>I<
38FFC07E9038C1FF809038C30FC0D80FC413E0EBC80701D813F013D0A213E0B039FFFE3F
FFA3201B7D9A25>II<38FFE1FE9038EFFF809038FE0FE0390FF803F09038
F001F801E013FC140015FEA2157FA8157E15FEA215FC140101F013F89038F807F09038FC
0FE09038EFFF809038E1FC0001E0C7FCA9EAFFFEA320277E9A25>I<38FFC1F0EBC7FCEB
C63E380FCC7F13D813D0A2EBF03EEBE000B0B5FCA3181B7F9A1B>114
D<3803FE30380FFFF0EA3E03EA7800127000F01370A27E00FE1300EAFFE06CB4FC14C06C
13E06C13F0000713F8C6FCEB07FC130000E0137C143C7E14387E6C137038FF01E038E7FF
C000C11300161B7E9A1B>I<13E0A41201A31203A21207120F381FFFE0B5FCA2380FE000
AD1470A73807F0E0000313C03801FF8038007F0014267FA51A>I<39FFE07FF0A3000F13
07B2140FA2000713173903F067FF3801FFC738007F87201B7D9A25>I<39FFFC03FFA339
0FF000F0000714E07F0003EB01C0A2EBFC0300011480EBFE070000140013FFEB7F0EA214
9EEB3F9C14FC6D5AA26D5AA36D5AA26D5AA2201B7F9A23>I<3BFFFC7FFC1FFCA33B0FE0
0FE001C02607F007EB0380A201F8EBF00700031600EC0FF801FC5C0001150EEC1FFC2600
FE1C5B15FE9039FF387E3C017F1438EC787F6D486C5A16F0ECE01F011F5CA26D486C5AA2
EC800701075CA22E1B7F9A31>I<39FFFC1FFEA33907F003803803F8079038FC0F003801
FE1E00005BEB7F3814F86D5A6D5A130F806D7E130F497EEB3CFEEB38FFEB787F9038F03F
803901E01FC0D803C013E0EB800F39FFF03FFFA3201B7F9A23>I<39FFFC03FFA3390FF0
00F0000714E07F0003EB01C0A2EBFC0300011480EBFE070000140013FFEB7F0EA2149EEB
3F9C14FC6D5AA26D5AA36D5AA26D5AA25CA21307003890C7FCEA7C0FEAFE0E131E131C5B
EA74F0EA3FE0EA0F8020277F9A23>I E /Fp 38 122 df<120E121EA41202A21204A212
08A21210122012401280070F7D840F>44 D48 D<13011303A21306131E132EEA03CEEA001C
A41338A41370A413E0A4EA01C0A4EA0380A41207EAFFFC10217AA019>III<14181438A21470A314E0A314C01301148013031400A21306A25BA25B1310EB3180EB
61C0EB438013831201EA03033802070012041208EA3FC7EA403E38800FF038000E00A25B
A45BA31330152B7EA019>II57
D<1403A25CA25CA25C142FA2144F15801487A2EB01071302A21304A21308A21310133013
20EB7FFF90384007C013801403EA01005A12025AA2120C003C1307B4EB3FFC1E237DA224
>65 D<027F138090390380810090380E00630138132749131F49130E485A485A48C7FC48
1404120E121E5A5D4891C7FCA35AA55A1520A25DA26C5C12704AC7FC6C130200185B001C
5B00061330380381C0D800FEC8FC212479A223>67 D<90B512F090380F003C150E81011E
EB0380A2ED01C0A25B16E0A35BA449EB03C0A44848EB0780A216005D4848130E5D153C15
3848485B5D4A5A0207C7FC000F131CB512F023227DA125>I<027F138090390380810090
380E00630138132749131F49130E485A485A48C7FC481404120E121E5A5D4891C7FCA35A
A4EC3FFC48EB01E0A34A5AA27E12704A5A7E0018130F001C131300060123C7FC380381C1
D800FEC8FC212479A226>71 D76
DI<01FFEB
0FFC90390F8001E01680ECC0000113EB0100A2EB11E0A201211302EB20F0A39038407804
A3143C01805B143E141EA23901001F10140FA2EC0790000214A0A2EC03E0A2485C1401A2
120C001E6D5AEAFFC026227DA124>I<903801F02090380E0C4090381802C0EB30011360
01E0138013C01201A200031400A291C7FCA27FEA01F813FF6C13E06D7EEB1FF8EB03FCEB
007C143C80A30020131CA3141800601338143000705B5C38C80180D8C607C7FCEA81FC1B
247DA21B>83 D<393FFE03FF3903C000781560152048481340A448C71280A4001EEB0100
A4481302A4485BA400705B12F05C12705C5C123038380180D81802C7FCEA0E0CEA03F020
2377A124>85 D<39FFF001FF391F8000786CC71260A215401580A2EC01005C14026D5AA2
00075BA25C5CA25CA25C0181C7FC13C1EA03C2A213C413C8A213D0A213E05BA25B120190
C8FC202376A124>I<39FFF001FF391F8000786CC7126015406D13C000071480EC0100EB
C0020003130614046D5A00015B5CEBF060000013405C01F9C7FC13FB137A137C1378A45B
A4485AA41203EA3FFC202276A124>89 D97
DI<137EEA01C13803
0180EA0703EA0E07121C003CC7FC12381278A35AA45B12701302EA300CEA1830EA0FC011
157B9416>I<13F8EA0384EA0E02121C123C1238EA7804EAF018EAFFE0EAF000A25AA413
02A2EA6004EA7018EA3060EA0F800F157A9416>101 D<143E144714CFEB018F1486EB03
80A3EB0700A5130EEBFFF0EB0E00A35BA55BA55BA55BA45B1201A2EA718012F100F3C7FC
1262123C182D82A20F>I<13C0EA01E013C0A2C7FCA8121C12231243A25AA3120EA25AA3
5AA21340EA7080A3EA71001232121C0B217BA00F>105 D<13F0EA0FE01200A3485AA448
5AA448C7FCEB01E0EB0210EB0C70380E10F0A2EB2060EB4000EA1D80001EC7FCEA1FC0EA
1C70487EA27F142038703840A3EB188012E038600F0014237DA216>107
DI<391C0F80F8392610C10C39476066063987807807A2EB0070A2000EEBE0
0EA44848485AA3ED38202638038013401570168015303A7007003100D83003131E23157B
9428>II<137EEA01C338038180380701
C0120E001C13E0123C12381278A338F003C0A21480130700701300130E130CEA3018EA18
70EA07C013157B9419>I<3801C1F0380262183804741C3808780CEB700EA2141EEA00E0
A43801C03CA3147838038070A2EBC0E0EBC1C038072380EB1E0090C7FCA2120EA45AA3EA
FFC0171F7F9419>I114 D<13FCEA018338020080EA0401EA0C03140090C7FC120F
13F0EA07FC6C7EEA003E130F7F1270EAF006A2EAE004EA4008EA2030EA1FC011157D9414
>I<13C01201A4EA0380A4EA0700EAFFF8EA0700A2120EA45AA45AA31310EA7020A21340
1380EA3100121E0D1F7C9E10>I<001E1360002313E0EA4380EB81C01283EA8701A23807
0380120EA3381C0700A31408EB0E101218121CEB1E20EA0C263807C3C015157B941A>I<
381E0380382307C0EA43871383EA8381EA8700A200071380120EA3381C0100A31302A25B
5BA2EA0C30EA03C012157B9416>I<001EEB60E00023EBE1F0EA4380EB81C000831470D8
87011330A23907038020120EA3391C070040A31580A2EC0100130F000C13023806138C38
03E0F01C157B9420>I<001E133000231370EA438014E01283EA8700A2380701C0120EA3
381C0380A4EB0700A35BEA0C3EEA03CEEA000EA25B1260EAF0381330485AEA80C0EA4380
003EC7FC141F7B9418>121 D E /Fq 39 123 df<13FCEA0782EA0E07121C130290C7FC
A4B5FCEA1C07AC38FF1FE01317809614>12 D<1202A3EAC218EAF278EA3AE0EA0F80A2EA
3AE0EAF278EAC218EA0200A30D0E7E9812>42 D45
D<126012F0A2126004047D830A>I<130813181330A31360A313C0A3EA0180A3EA0300A2
1206A35AA35AA35AA35AA35AA20D217E9812>I<13101338A3135CA3138EA3EA0107A200
031380EA0203A23807FFC0EA0401A2380800E0A21218003813F038FE03FE17177F961A>
65 D67
DI73
DI76 D<00FEEB03F8001E14C000171305A338
138009A23811C011A33810E021A2EB7041A3EB3881A2EB1D01A2130EA2123839FE040FF8
1D177F9620>I83
D<387FFFF83860381800401308A200801304A300001300AF3807FFC016177F9619>I<38
FF80FE381C00381410B06C132012066C13403801818038007E0017177F961A>I97 D<12FC121CA813F8EA1F06EA1C031480130114C0A4148013031400EA1B0EEA10F8
1217809614>II<137E130EA8EA07CEEA1C3EEA300E1270126012E0A412601270EA301E
EA182E3807CFC012177F9614>III
I<12FC121CA8137CEA1D8EEA1E07121CAA38FF9FE01317809614>I<1218123CA2121812
00A5127C121CAC12FF081780960A>I<12FC121CA8EB3F80EB1C00131813205B13C0EA1F
E0EA1CF0137013787F7FA238FF3FC01217809613>107 D<12FC121CB3A3EAFF80091780
960A>I<38FC7C1F391D8E6380391E0781C0001C1301AA39FF9FE7F81D0E808D1E>IIII114 DI<1208A31218A21238EAFF80EA
3800A71340A4EA1C80EA0F000A147F930E>III<38FCFE7C383838381410381C3C20A2134C380E4E40A2138638078780A2130300
031300A2160E7F8D19>IIII E /Fr 24 122 df<127012F8A3127005057C840E>46 D64
D
82 D<3803F020380C0C60EA1802383001E0EA70000060136012E0A21420A36C1300A212
78127FEA3FF0EA1FFE6C7E0003138038003FC0EB07E01301EB00F0A214707EA46C1360A2
6C13C07E38C8018038C60700EA81FC14247DA21B>I86
D97 D<120E12FE121E120EAB131FEB61C0
EB8060380F0030000E1338143C141C141EA7141C143C1438000F1370380C8060EB41C038
083F0017237FA21B>II<14E0130F13011300AB
EA01F8EA0704EA0C02EA1C01EA38001278127012F0A7127012781238EA1801EA0C023807
0CF03801F0FE17237EA21B>I
I<14703801F19838071E18EA0E0E381C0700A2003C1380A4001C1300A2EA0E0EEA0F1CEA
19F00010C7FCA21218A2EA1FFE380FFFC014E0383800F0006013300040131812C0A30060
1330A2003813E0380E03803803FE0015217F9518>103 D<120E12FE121E120EABEB1F80
EB60C0EB80E0380F0070A2120EAF38FFE7FF18237FA21B>I<121C121E123E121E121CC7
FCA8120E12FE121E120EB1EAFFC00A227FA10E>I<120E12FE121E120EABEB03FCEB01F0
14C01480EB02005B5B5B133813F8EA0F1CEA0E1E130E7F1480EB03C0130114E0EB00F014
F838FFE3FE17237FA21A>107 D<120E12FE121E120EB3ADEAFFE00B237FA20E>I<390E1F
C07F3AFE60E183803A1E807201C03A0F003C00E0A2000E1338AF3AFFE3FF8FFE27157F94
2A>I<380E1F8038FE60C0381E80E0380F0070A2120EAF38FFE7FF18157F941B>II114 DI<000E137038FE07F0EA1E00000E1370AD14F0A238060170380382783800
FC7F18157F941B>117 D<38FFC1FE381E0078000E13301420A26C1340A238038080A338
01C100A2EA00E2A31374A21338A3131017157F941A>I<39FF8FF8FF391E01E03C001CEB
C018120EECE010A239070260201470A239038430401438A23901C81880141CA23900F00D
00140FA2EB6006A320157F9423>I<38FFC1FE381E0078000E13301420A26C1340A23803
8080A33801C100A2EA00E2A31374A21338A31310A25BA35B12F05B12F10043C7FC123C17
1F7F941A>121 D E /Fs 1 44 df43 D E /Ft 25 125 df12
D<150C151EA2153E153C157C1578A215F815F0140115E0A2140315C014071580A2140F15
005C141EA2143E143C147C1478A214F85C13015CA213035C13075CA2130F91C7FCA25B13
1E133E133CA2137C137813F85BA212015B12035BA212075B120F90C8FCA25A121E123E12
3CA2127C127812F85AA212601F487CB528>47 D<1578A215FCA34A7EA24A7EA24A7FA34A
7FEC0E7F021E7FEC1C3FA202387F151F02787FEC700FA202E07F1507010180ECC003A249
486C7EA201078191C7FC498191B6FCA24981011CC7123F013C810138141FA24981160F01
F081491407A2484881486C1403B549B512FCA336317DB03D>65 D<913A03FF800180023F
EBF00349B5EAFC0701079038003F0FD91FF8EB079FD93FC0EB01FFD9FF807F4848C8127F
4848153F0007161F49150F485A001F1607A2485A1703127FA24992C7FCA212FFA9127FA2
7FEF0380123FA26C7E1707000F17006C7E6D150E0003161E6C6C151C6C6C6C1478D93FC0
5CD91FF8EB03E0D907FFEB3F800101D9FFFEC7FCD9003F13F80203138031317CB03A>67
DI76 D80 D<90391FF8018090B5120300
0314C73907F007EF390F8000FF48C7127F003E141F150F5A150712FCA215037EA26C91C7
FC13C0EA7FF0EBFF806C13F8ECFF806C14F06C806C806C14FFC6FC013F1480010114C0D9
001F13E01401EC003FED1FF0150F1507126000E01403A316E07EA26CEC07C07EB4EC0F80
01C0EB1F00D8FBFC13FE00F1B512F8D8E03F5BD8C003138024317CB02D>83
D97 D99 D101
DI<90391FF007C09039FF
FE3FE03A01F83F79F03907E00FC3000F14E19039C007E0E0001FECF000A2003F80A5001F
5CA2000F5CEBE00F00075C2603F83FC7FC3806FFFE380E1FF090C9FC121EA2121F7F90B5
7E6C14F015FC6C806C801680000F15C0003FC7127F007EEC1FE0007C140F00FC1407A400
7EEC0FC0003E1580003F141FD80FC0EB7E003907F803FC0001B512F0D8001F90C7FC242F
7E9F28>I105 D108
D<2703F007F8EB1FE000FFD93FFEEBFFF8913A783F01E0FC02C090388300FE280FF1801F
C6137F2607F30013CC01F602F8148001FC5CA3495CB3B500C3B5380FFFFCA33E207D9F43
>I<3903F007F800FFEB3FFEEC783F02C013803A0FF1801FC03807F30001F614E013FCA3
5BB3B500C3B5FCA328207D9F2D>II<3901F83FE000FFEBFFFC9038FBE07F9039FF003F80D807FEEB1FC049EB0FE04914
F0ED07F8A216FC1503A216FEA816FC1507A216F8A2ED0FF06D14E06DEB1FC06DEB3F8090
39FBC0FE009038F8FFF8EC3FC091C8FCABB512C0A3272E7E9F2D>I<3803F03F00FFEB7F
C09038F1C3E01487390FF30FF0EA07F6A29038FC07E0EC03C091C7FCA25BB2B512E0A31C
207E9F21>114 D<3801FF86000713FEEA1F00003C133E48131E140E12F8A36C90C7FCB4
7E13FC387FFFC06C13F0806C7F00077F00017FEA003F01001380143F0060131F00E0130F
A27E15007E6C131E6C131C38FF807838F3FFF038C07F8019207D9F20>I<131CA5133CA3
137CA213FC120112031207381FFFFEB5FCA2D803FCC7FCB0EC0380A71201EC0700EA00FE
EB7F0EEB3FFCEB07F0192E7FAD1F>II<
B5EB1FFCA3D80FF8EB03C0000715806D1307000315007F0001140E7F6C5CA2EC803C017F
1338ECC078013F1370ECE0F0011F5B14F1010F5B14F9903807FB80A214FF6D90C7FCA26D
5AA26D5AA21478A21470A214F05C1301007C5BEAFE035C49C8FC5BEAFC1EEA787CEA3FF0
EA0FC0262E7E9F2B>121 D124 D E end
%%EndProlog
%%BeginSetup
%%Feature: *Resolution 300dpi
TeXDict begin
%%EndSetup
%%
gsave
initmatrix
%%Page: USENIX 1
%%
%% USENIX Cover Sheet
%%
%% Postscript code by Michael Short, USENIX, June 1995.
%% with examples/help from the Adobe Red Book.
%%
%% This cover sheet, for all USENIX postscript proceedings
%% made available online, give the USENIX logo, conference
%% at which this paper was first given, the paper title and
%% authors, and contact information for USENIX itself.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Fonts
/Times18 /Times-Roman findfont 18 scalefont def
/Times14 /Times-Roman findfont 14 scalefont def
/Times12 /Times-Roman findfont 12 scalefont def
/Times10 /Times-Roman findfont 10 scalefont def
/Times06 /Times-Roman findfont 6 scalefont def
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Text Routines
/Xcenter 8.5 36 mul def
/centershow
%% inputs: string X Y
%% print a string at the given y height, centered on the
%% given x.
{ /newY exch def
/newX exch def
dup stringwidth pop
2 div newX exch sub newY moveto
show } def
/leftshow
%% inputs: string X Y
%% prints the string at the given point, left justified
%% (we don't really need this routing, could just use `show',
%% but it makes text input consistent on all routines.
{ moveto show
} def
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Citation
Times12 setfont
(The following paper was originally published in the) Xcenter 580 centershow
(Proceedings of the USENIX 1996) Xcenter 564 centershow
(Conference on Object-Oriented Technologies) Xcenter 548 centershow
(Toronto, Ontario, Canada, June 1996.) Xcenter 532 centershow
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Further Usenix Information
Times12 setfont
(For more information about USENIX Association contact:)
Xcenter 180 centershow
(1. Phone:) 220 162 leftshow (510 528-8649) 304 162 leftshow
(2. FAX:) 220 148 leftshow (510 548-5738) 304 148 leftshow
(3. Email:) 220 134 leftshow (office@usenix.org) 304 134 leftshow
(4. WWW URL:) 220 120 leftshow (http://www.usenix.org) 304 120 leftshow
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Paper Title
Times18 setfont
(Preliminary Design of ADL/C++ --) Xcenter 452 centershow
(A Specification Language for C++) Xcenter 430 centershow
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Authors
Times14 setfont
(Sreenivasa Rao Viswanadha) Xcenter 380 centershow
(SUNY Albany) Xcenter 364 centershow
() Xcenter 348 centershow
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% The USENIX Logo, placed near the top and centered on the page.
% define string to hold a scanline's worth of data
/pix 209 string def
% lower left corner
201 620 translate
% size of image (on paper, in 1/72inch coords)
209 88 scale
209 88 8 % dimensions of data
[209 0 0 -88 0 88] % mapping matrix
{currentfile pix readhexstring pop}
image
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
5252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
5252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
5252525252525252525252525252525252525252525252525252525252
525252adadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadadadadadadadadadadadadadadad525252
525252adffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffad525252
525252adffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffffffffffadadadadadadadadadadadadadadadadadad
adadadadadadadffffffffffadadadadadadadadadadadadadadadadadadadadadadadad
adadadffadadadadadadadadadadadadadadadadffffffffffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffadadadadadadadadadadadadad
adadffffffffffffffadadadadadadadadadadadadadffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffffffffadad5252525252525252525252525252525252
525252525252adadffffffffad5252525252525252525252525252525252525252525252
5252adffad5252525252525252525252525252adffffffffffffad525252525252525252
5252adffffad52525252525252525252525252adffffffad525252525252525252525252
52adffffffffffffffad5252525252525252525252adffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffffffffad525252525252525252525252525252525252
52525252525252adffffffffad5252525252525252525252525252525252525252525252
5252adffadadadadadadadadadadadadadadadadffffffffffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffadadadadadadadadadadadadad
adadffffffffffffffadadadadadadadadadadadadadffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffffadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadffffadadadadadadadadadadadadadadadadadadadadadadadad
adadadffadadadadadadadadadadadadadadadadadffffffffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffadadadadadadadadadadadadad
adadffffffffffffadadadadadadadadadadadadadffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffadad5252525252525252525252525252525252525252
525252525252525252adadffad5252525252525252525252525252525252525252525252
5252adffad525252525252525252525252525252adffffffffffad525252525252525252
5252adffffad52525252525252525252525252adffffffad525252525252525252525252
52adffffffffffffad5252525252525252525252adffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad525252525252525252525252525252525252525252
52525252525252525252adffad5252525252525252525252525252525252525252525252
5252adffadadadadadadadadadadadadadadadadadffffffffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffadadadadadadadadadadadadad
adadffffffffffffadadadadadadadadadadadadadffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadadadadadadadadad
adadadffadadadadadadadadadadadadadadadadadffffffffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffadadadadadadadadadadadad
adadadffffffffffadadadadadadadadadadadadffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad525252525252525252525252525252525252525252
52525252525252525252adffad5252525252525252525252525252525252525252525252
5252adffad525252525252525252525252525252adffffffffffad525252525252525252
5252adffffad52525252525252525252525252adffffffffad5252525252525252525252
5252adffffffffffad52525252525252525252adffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad525252525252525252525252525252525252525252
52525252525252525252adffad5252525252525252525252525252525252525252525252
5252adffadadadadadadadadadadadadadadadadadffffffffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffadadadadadadadadadadadad
adadadffffffffffadadadadadadadadadadadadffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadadadadadadadadad
adadadffadadadadadadadadadadadadadadadadadadffffffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffadadadadadadadadadadad
adadadadffffffadadadadadadadadadadadadadffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252525252525252525252
5252adffad52525252525252525252525252525252adffffffffad525252525252525252
5252adffffad52525252525252525252525252adffffffffffad52525252525252525252
525252adffffffad5252525252525252525252adffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adadadadadadadadad
adadadffadadadadadadadadadadadadadadadadadadffffffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffadadadadadadadadadadad
adadadadffffffadadadadadadadadadadadadadffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadffffffadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadffffffffffffffff
ffffffffadadadadadadadadadadadadadadadadadadffffffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffadadadadadadadadadad
adadadadffffadadadadadadadadadadadadadffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffad52525252525252525252525252525252adffffffffad525252525252525252
5252adffffad52525252525252525252525252adffffffffffffad525252525252525252
525252adffffad5252525252525252525252adffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffadadadadadadadadadadadadadadadadadadffffffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffadadadadadadadadadad
adadadadffffadadadadadadadadadadadadadffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadffffffadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadffffffffffffffff
ffffffffadadadadadadadadadadadadadadadadadadadffffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffadadadadadadadadadad
adadadadffadadadadadadadadadadadadadffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffad5252525252525252525252525252525252adffffffad525252525252525252
5252adffffad52525252525252525252525252adffffffffffffad525252525252525252
525252adffad5252525252525252525252adffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffadadadadadadadadadadadadadadadadadadadffffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffadadadadadadadadadad
adadadadffadadadadadadadadadadadadadffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadffffffadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadffffffffffffffff
ffffffffadadadadadadadadadadadadadadadadadadadadffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffadadadadadadadadad
adadadadadadadadadadadadadadadadadffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffad525252525252525252525252525252525252adffffad525252525252525252
5252adffffad52525252525252525252525252adffffffffffffffad5252525252525252
52525252adad52525252525252525252adffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffadadadadadadadadadadadadadadadadadadadadffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffadadadadadadadadad
adadadadadadadadadadadadadadadadadffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadffffffadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadffffffffffffffff
ffffffffadadadadadadadadadadadadadadadadadadadadffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffadadadadadadadad
adadadadadadadadadadadadadadadadffffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffad525252525252525252525252525252525252adffffad525252525252525252
5252adffffad52525252525252525252525252adffffffffffffffffad52525252525252
52525252ad52525252525252525252adffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffadadadadadadadadadadadadadadadadadadadadffffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffadadadadadadadad
adadadadadadadadadadadadadadadadffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadadffffadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadffffffffffffffff
ffffffffadadadadadadadadadadadadadadadadadadadadadffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffadadadadadadadad
adadadadadadadadadadadadadadadffffffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad5252525252525252525252525252adffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffad52525252525252525252525252525252525252adffad525252525252525252
5252adffffad52525252525252525252525252adffffffffffffffffad52525252525252
5252525252525252525252525252adffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad5252525252525252525252525252adffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffadadadadadadadadadadadadadadadadadadadadadffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffadadadadadadadad
adadadadadadadadadadadadadadadffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadffffffffffffffff
ffffffffadadadadadadadadadadadadadadadadadadadadadffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffffadadadadadadad
adadadadadadadadadadadadadadadffffffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad52525252525252525252525252525252adadffffff
ffffffffffffffffffffffffad5252525252525252525252525252adffffffffffffffff
ffffffffad52525252525252525252525252525252525252adffad525252525252525252
5252adffffad52525252525252525252525252adffffffffffffffffffad525252525252
5252525252525252525252525252adffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad5252525252525252525252525252525252adffffff
ffffffffffffffffffffffffad5252525252525252525252525252adffffffffffffffff
ffffffffadadadadadadadadadadadadadadadadadadadadadffadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffffadadadadadadad
adadadadadadadadadadadadadadadffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadadadadadadadff
ffffffffffffffffffffffffadadadadadadadadadadadadadadadadadadadadadadadad
adadadffadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffffffadadadadadad
adadadadadadadadadadadadadadffffffffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffffad525252525252525252525252525252525252adad
ffffffffffffffffffffffffad5252525252525252525252525252525252525252525252
5252adffad5252525252525252525252525252525252525252adad525252525252525252
5252adffffad52525252525252525252525252adffffffffffffffffffffad5252525252
52525252525252525252525252adffffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffffadad525252525252525252525252525252525252ad
ffffffffffffffffffffffffad5252525252525252525252525252525252525252525252
5252adffadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffffffadadadadadad
adadadadadadadadadadadadadadffffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffffffadadadadadadadadadadadadadadadadadadadad
adadffffffffffffffffffffadadadadadadadadadadadadadadadadadadadadadadadad
adadadffadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffffffadadadadadad
adadadadadadadadadadadadadffffffffffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffffffffad525252525252525252525252525252525252
52adadffffffffffffffffffad5252525252525252525252525252525252525252525252
5252adffad5252525252525252525252525252525252525252adad525252525252525252
5252adffffad52525252525252525252525252adffffffffffffffffffffad5252525252
525252525252525252525252adffffffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffffffffadadad52525252525252525252525252525252
5252adffffffffffffffffffad5252525252525252525252525252525252525252525252
5252adffadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffffffadadadadadad
adadadadadadadadadadadadadffffffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffffffffffffadadadadadadadadadadadadadadadadad
adadadadadffffffffffffffadadadadadadadadadadadadadadadadadadadadadadadad
adadadffadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffffffffadadadadad
adadadadadadadadadadadadffffffffffffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffffffffffffffad525252525252525252525252525252
52525252adadffffffffffffad5252525252525252525252525252525252525252525252
5252adffad525252525252525252525252525252525252525252ad525252525252525252
5252adffffad52525252525252525252525252adffffffffffffffffffffffad52525252
5252525252525252525252adffffffffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffffffffffffffadadad52525252525252525252525252
5252525252adffffffffffffad5252525252525252525252525252525252525252525252
5252adffadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffffffffadadadadad
adadadadadadadadadadadadffffffffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffffffffffffffffffadadadadadadadadadadadadadad
adadadadadadadadffffffffadadadadadadadadadadadadadadadadadadadadadadadad
adadadffadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffffffadadadadadad
adadadadadadadadadadadadffffffffffffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffffffffffffffffffffffad5252525252525252525252
52525252525252adadffffffad5252525252525252525252525252525252525252525252
5252adffad5252525252525252525252ad52525252525252525252525252525252525252
5252adffffad52525252525252525252525252adffffffffffffffffffffad5252525252
5252525252525252525252adffffffffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffffffffffffffffffffffadadad525252525252525252
5252525252525252adffffffad5252525252525252525252525252adadadadadadadadad
adadadffadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffffffadadadadadad
adadadadadadadadadadadadffffffffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffffffffffffffffffffffffffadadadadadadadadadad
adadadadadadadadadadffffadadadadadadadadadadadadadadadadffffffffffffffff
ffffffffadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffffadadadadadadad
adadadadadadadadadadadadadffffffffffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffffffffffffffffffffffffffffffad52525252525252
525252525252525252adadffad5252525252525252525252525252adffffffffffffffff
ffffffffad5252525252525252525252adad525252525252525252525252525252525252
5252adffffad52525252525252525252525252adffffffffffffffffffad525252525252
525252525252525252525252adffffffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffffffffffffffffffffffffffffffadad525252525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffffadadadadadadad
adadadadadadadadadadadadadffffffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffffffffffffffffffffffffffffffffadadadadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadffffffffffffffff
ffffffffadadadadadadadadadadadadadffadadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffffadadadadadadad
adadadadadadadadadadadadadadffffffffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffffffffffffffffffffffffffffffffffffad52525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffad5252525252525252525252adffad5252525252525252525252525252525252
5252adffffad52525252525252525252525252adffffffffffffffffffad525252525252
52525252525252525252525252adffffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffffffffffffffffffffffffffffffffffffad52525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffadadadadadadadadadadadadadffadadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffffadadadadadadad
adadadadadadadadadadadadadadffffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadffffadadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadffffffffffffffff
ffffffffadadadadadadadadadadadadadffadadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffadadadadadadadad
adadadadadadadadadadadadadadadffffffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffad5252525252525252525252adffad5252525252525252525252525252525252
5252adffffad52525252525252525252525252adffffffffffffffffad52525252525252
5252525252525252525252525252adffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffadadadadadadadadadadadadadffadadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffffadadadadadadadad
adadadadadadadadadadadadadadadffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadffffffadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadffffffffffffffff
ffffffffadadadadadadadadadadadadadffffadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffadadadadadadadadad
adadadadadadadadadadadadadadadffffffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffad5252525252525252525252adffffad52525252525252525252525252525252
5252adffffad52525252525252525252525252adffffffffffffffad5252525252525252
5252525252525252525252525252adffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffadadadadadadadadadadadadadffffadadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffffadadadadadadadadad
adadadadadadadadadadadadadadadffffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadffffffadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadffffffffffffffff
ffffffffadadadadadadadadadadadadadffffffadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffadadadadadadadadadad
adadadadadadadadadadadadadadadadffffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffad5252525252525252525252adffffffad525252525252525252525252525252
5252adffffad52525252525252525252525252adffffffffffffad525252525252525252
525252525252525252525252525252adffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffadadadadadadadadadadadadadffffffadadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffffadadadadadadadadadad
adadadadadadadadadadadadadadadadffffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadffffffadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadffffffffffffffff
ffffffffadadadadadadadadadadadadadffffffffadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffadadadadadadadadadadad
adadadadadadadadadadadadadadadadadffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffad5252525252525252525252adffffffffad5252525252525252525252525252
5252adffffad52525252525252525252525252adffffffffffad52525252525252525252
52adad52525252525252525252525252adffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffadadadadadadadadadadadadadffffffffadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffadadadadadadadadadadad
adadadadadadadadadadadadadadadadadffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadffffffadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadffffffffffffffff
ffffffffadadadadadadadadadadadadadffffffffadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffadadadadadadadadadadad
adffffadadadadadadadadadadadadadadffffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffad5252525252525252525252adffffffffad5252525252525252525252525252
5252adffffad52525252525252525252525252adffffffffffad52525252525252525252
adffffad525252525252525252525252adffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adffffffffffffffff
ffffffffadadadadadadadadadadadadadffffffffadadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffffadadadadadadadadadadad
adffffadadadadadadadadadadadadadadffffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadffffffadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadffffffffffffffff
ffffffffadadadadadadadadadadadadadffffffffffadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffadadadadadadadadadadadad
adffffffadadadadadadadadadadadadadadffffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252adadadadadadadadad
adadadffad5252525252525252525252adffffffffffad52525252525252525252525252
5252adffffad52525252525252525252525252adffffffffad5252525252525252525252
adffffffad525252525252525252525252adffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadad5252525252adadadadadadad
adadadadadad5252525252adffffad52525252525252525252525252adffffffad525252
52525252525252525252adffad5252525252525252525252525252525252525252525252
5252adffadadadadadadadadadadadadadffffffffffadadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffffadadadadadadadadadadadad
adffffffadadadadadadadadadadadadadadffffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadadadadadadadadad
adadadffadadadadadadadadadadadadadffffffffffffadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffadadadadadadadadadadadadff
ffffffffadadadadadadadadadadadadadadadffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad525252525252525252525252525252525252525252
52525252525252525252adffad5252525252525252525252525252525252525252525252
5252adffad5252525252525252525252adffffffffffffad525252525252525252525252
5252adffffad52525252525252525252525252adffffffad52525252525252525252adff
ffffffffad52525252525252525252525252adffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadad525252adadadadadadadad
adadadadadad5252525252adffffad525252525252525252525252525252525252525252
52525252525252525252adffad5252525252525252525252525252525252525252525252
5252adffadadadadadadadadadadadadadffffffffffffadadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffffadadadadadadadadadadadadff
ffffffffadadadadadadadadadadadadadadadffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadffffadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadffadadadadadadadadadadadadadadadadadadadadadadadad
adadadffadadadadadadadadadadadadadffffffffffffffadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffadadadadadadadadadadadadadff
ffffffffffadadadadadadadadadadadadadadffffffffffffad525252
525252adffffffffffffad52525252525252525252525252525252525252525252525252
5252525252525252525252adffffad525252525252525252525252525252525252525252
52525252525252525252adffad5252525252525252525252525252525252525252525252
5252adffad5252525252525252525252adffffffffffffffad5252525252525252525252
5252adffffad52525252525252525252525252adffffad5252525252525252525252adff
ffffffffffad525252525252525252525252adffffffffffffad525252
525252adffffffffffffadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadad5252525252adadffffadad5252525252525252525252525252525252525252
525252525252525252adadffad5252525252525252525252525252525252525252525252
5252adffadadadadadadadadadadadadadffffffffffffffadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffffadadadadadadadadadadadadadff
ffffffffffadadadadadadadadadadadadadadffffffffffffad525252
525252adffffffffffffffffffffadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadffffffffadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadffffadadadadadadadadadadadadadadadadadadadadadadadad
adadadffadadadadadadadadadadadadadffffffffffffffadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffadadadadadadadadadadadadadffff
ffffffffffadadadadadadadadadadadadadadadffffffffffad525252
525252adffffffffffffffffffffad525252525252525252525252525252525252525252
52525252525252adffffffffffffffffffad525252525252525252525252525252525252
52525252525252adffffffffad5252525252525252525252525252525252525252525252
5252adffad5252525252525252525252adffffffffffffffad5252525252525252525252
5252adffffad52525252525252525252525252adffad5252525252525252525252adffff
ffffffffffad52525252525252525252525252adffffffffffad525252
525252adffffffffffffffffffffadadadadadadadadadadadadadadadadadadadadadad
ad5252525252adadffffffffffffffffffadad5252525252525252525252525252525252
525252525252adadffffffffad5252525252525252525252525252525252525252525252
5252adffadadadadadadadadadadadadadffffffffffffffadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffadadadadadadadadadadadadadffff
ffffffffffadadadadadadadadadadadadadadadffffffffffad525252
525252adffffffffffffffffffffadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadffffffffffffffffffffffadadadadadadadadadadadadadadadadadad
adadadadadadadffffffffffadadadadadadadadadadadadadadadadadadadadadadadad
adadadffadadadadadadadadadadadadadffffffffffffffadadadadadadadadadadadad
adadadffffadadadadadadadadadadadadadadadffadadadadadadadadadadadadadffff
ffffffffffadadadadadadadadadadadadadadadffffffffffad525252
525252adffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffad525252
525252adffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffad525252
525252adadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadad
adadadadadadadadadadadadadadadadadadadadadadadadadad525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
5252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
5252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
525252525252525252525252525252525252525252525252525252525252525252525252
5252525252525252525252525252525252525252525252525252525252
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
showpage
grestore
%%
%%Page: 1 2
1 0 bop 86 178 a Ft(Preliminary)25 b(Design)h(of)h(ADL/C)p
Fs(++)h Ft(|)e(A)h(Sp)r(eci\014cation)698 269 y(language)g(for)g(C)p
Fs(++)279 390 y Fr(Sreeniv)m(asa)17 b(Rao)g(Visw)o(anadha)875
372 y Fq(*)223 448 y Fp(Dep)n(artment)h(of)f(Computer)h(Scienc)n(e)264
506 y(State)h(University)f(of)f(New)h(Y)l(ork)316 564
y(A)o(lb)n(any,)g(NY)g(12222,)f(USA)357 622 y Fr(sreeni@cs.alban)o(y)l
(.edu)1258 390 y(Sriram)e(Sank)m(ar)1080 448 y Fp(Sun)j(Micr)n
(osystems)f(L)n(ab)n(or)n(atories)1194 506 y(2550)g(Gar)n(cia)g(A)o
(venue)1057 564 y(Mountain)h(View,)h(CA)e(94043,)g(USA)1193
622 y Fr(sank)m(ar@eng.sun.com)37 785 y Fo(Abstract)37
885 y Fn(ADL/C)p Fm(++)f Fn(is)h(a)f(sp)q(eci\014cation)h(language)f
(for)g(asso)q(ciat-)37 935 y(ing)f(b)q(eha)o(vior)f(sp)q
(eci\014cations)j(as)e(p)q(ost-conditions)g(with)37 985
y(C)p Fm(++)c Fn(\(function\))f(declarations.)17 b(The)11
b(language)f(includes)37 1035 y(a)15 b(clean)f(subset)i(of)e(the)h(C)p
Fm(++)f Fn(expression)i(language)d(and)37 1085 y(the)26
b(seman)o(tics)d(is)i(relativ)o(ely)e(simple)g(and)i(informal.)37
1134 y(Most)13 b(of)f(the)g(imp)q(ortan)o(t)f(features)i(of)f(C)p
Fm(++)f Fn(lik)o(e)h(mem)o(b)q(er)37 1184 y(functions,)25
b(virtual)c(mem)o(b)q(ers,)i(constructors,)k(inheri-)37
1234 y(tance)13 b(and)e(exceptions)h(can)g(b)q(e)g(sp)q(eci\014ed)h(in)
e(ADL/C)p Fm(++)p Fn(.)37 1284 y(In)21 b(addition)f(to)g(b)q(eing)h
(semi-formal)c(do)q(cumen)o(tation,)37 1334 y(ADL/C)p
Fm(++)e Fn(sp)q(eci\014cations)i(can)f(also)g(b)q(e)g(used)h(for)e
(test-)37 1383 y(ing)e(C)p Fm(++)g Fn(implemen)o(tations.)i(W)m(e)e
(dev)o(elop)q(ed)h(a)f(metho)q(d)37 1433 y(for)18 b(v)n(alidating)d
(tests)k(of)f(C)p Fm(++)f Fn(implemen)o(tatio)o(ns)e(using)37
1483 y(ADL/C)p Fm(++)e Fn(sp)q(eci\014cations.)37 1635
y Fo(1)67 b(In)n(tro)r(duction)37 1736 y Fn(T)m(raditionally)11
b(sp)q(eci\014cation)i(languages)f(ha)o(v)o(e)h(b)q(een)h(de-)37
1785 y(signed)i(to)f(giv)o(e)g(a)g(sp)q(eci\014cation)h(of)f(a)g
(computation)f(in-)37 1835 y(dep)q(enden)o(t)25 b(of)e(the)h(implemen)o
(tatio)o(n)d(language\(s\))i(in)37 1885 y(whic)o(h)16
b(the)g(computation)e(is)i(realized.)24 b(While)15 b(this)h(ap-)37
1935 y(proac)o(h)21 b(ma)o(y)e(ha)o(v)o(e)h(the)i(adv)n(an)o(tage)d(of)
h(giving)f(an)i(in-)37 1985 y(dep)q(enden)o(t)16 b(c)o(haracterization)
f(of)e(algorithms)f(and)i(data)37 2034 y(structures,)21
b(it)d(imp)q(oses)f(the)h(burden)h(on)f(the)g(users)h(to)37
2084 y(learn)k(t)o(w)o(o)f(di\013eren)o(t)h(languages)f(using)g(p)q
(ossibly)g(t)o(w)o(o)37 2134 y(di\013eren)o(t)g(formalisms)c(and)j(t)o
(w)o(o)f(di\013eren)o(t)i(paradigms)37 2184 y(\(since)c(a)e(sp)q
(eci\014cation)i(emphasizes)e Fl(what)h Fn(and)f(an)g(im-)37
2234 y(plemen)o(tation)h(emphasizes)h Fl(how)p Fn(\).)31
b(F)m(or)18 b(example,)g(the)37 2284 y(sp)q(eci\014cation)j(language)f
(Z)g([9)o(])g(uses)h(set-theoretic)i(se-)37 2333 y(man)o(tics)12
b(for)f(sp)q(eci\014cations)j(and)e(Larc)o(h)h([3)o(])f(and)g(T)m
(ecton)37 2383 y([4])k(are)i(languages)f(based)g(on)g(algebraic)g(sp)q
(eci\014cation.)37 2433 y(But,)c(most)d(imp)q(erativ)o(e)g(programming)
e(languages)j(ha)o(v)o(e)37 2483 y(state-based)17 b(op)q(erational)e
(seman)o(tics.)22 b(P)o(erhaps)17 b(this)e(is)37 2533
y(the)e(reason)f(wh)o(y)g(there)h(do)q(es)f(not)g(seem)g(to)f(b)q(e)i
(m)o(uc)o(h)d(use)37 2582 y(of)g(these)i(sp)q(eci\014cation)f(metho)q
(dologies)d(in)i(the)h(industry)m(.)p 37 2623 368 2 v
84 2652 a Fk(*)101 2664 y Fq(This)i(w)o(ork)f(is)g(supp)q(orted)e(b)o
(y)i(funding)f(from)g(Sun)h(Microsys-)37 2704 y(tems)f(Lab)q
(oratories.)1073 785 y Fn(A)18 b(somewhat)f(di\013eren)o(t)i(approac)o
(h)f(has)g(b)q(een)h(tak)o(en)1031 835 y(in)11 b(high-lev)o(el)g
(functional)f(and)i(logic)e(programming)e(lan-)1031 884
y(guages)16 b(where)h(a)f(single)g(language)f(framew)o(ork)f(is)i(used)
1031 934 y(for)26 b(sp)q(eci\014cation)g(and)f(implemen)o(tation.)50
b(Our)26 b(ap-)1031 984 y(proac)o(h)16 b(has)g(similar)e(goals)g(but)j
(is)e(still)g(quite)h(di\013eren)o(t)1031 1034 y(from)11
b(these.)19 b(A)13 b(subset)h(of)e(the)h(programming)c(language)1031
1084 y(itself)h(\(with)g(some)f(extensions\))i(is)e(used)i(to)f(write)g
(sp)q(eci\014-)1031 1134 y(cations.)18 b(This)12 b(has)g(the)h(adv)n
(an)o(tage)e(that)i(dev)o(elop)q(ers)g(do)1031 1183 y(not)g(ha)o(v)o(e)
g(to)g(learn)g(di\013eren)o(t)h(languages,)e(p)q(ossibly)h(sup-)1031
1233 y(p)q(orting)k(di\013eren)o(t)i(paradigms.)26 b(While)17
b(writing)f(sp)q(eci-)1031 1283 y(\014cations)h(the)g(programmer)d(is)i
(encouraged)h(to)f(sp)q(ecify)1031 1333 y Fl(what)c Fn(the)g(program)d
(do)q(es)k(without)e(w)o(orrying)g(ab)q(out)g(im-)1031
1383 y(plemen)o(tation)k(details,)i(and)f(for)h(this,)g(a)f(small)e
(\\clean,)1031 1432 y Fl(side-e\013e)n(ct-fr)n(e)n(e)p
Fn(")d(subset)h(of)f(the)h(language)e(can)i(b)q(e)g(used.)1073
1491 y(W)m(e)18 b(b)q(eliev)o(e)i(that)f(suc)o(h)h(an)f(approac)o(h)g
(will)e(encour-)1031 1540 y(age)e(dev)o(elop)q(ers)h(to)f(write)h(sp)q
(eci\014cations)g(b)q(efore)f(w)o(ork-)1031 1590 y(ing)d(on)g(implem)o
(en)o(tations.)j(Suc)o(h)e(sp)q(eci\014cations)g(can)f(b)q(e)1031
1640 y(easily)k(used)i(for)e(testing)i(purp)q(oses)g(also,)e(since)i
(an)e(im-)1031 1690 y(plemen)o(tation)f(can)i(b)q(e)h(executed)h(with)d
(an)h(input)f(data)1031 1740 y(and)c(the)h(output)g(generated)g(along)e
(with)h(the)h(test)g(input)1031 1789 y(can)e(b)q(e)h(plugged)e(in)o(to)
h(the)g(sp)q(eci\014cation)h(to)e(see)j(whether)1031
1839 y(the)h(sp)q(eci\014cation)h(is)e(satis\014ed)h(for)f(that)h
(particular)f(test)1031 1889 y(data.)1073 1947 y(ADL)28
b(\(Assertion)h(De\014nition)f(Language\))g(adopts)1031
1997 y(this)11 b(philosoph)o(y)m(.)16 b(It)11 b(is)f(a)h(family)d(of)i
(languages)g(designed)1031 2047 y(to)h(asso)q(ciate)g(seman)o(tic)f
(information)e(with)j(declarations)1031 2097 y(of)17
b(v)n(ariet)o(y)f(of)h(languages)f(\(C,)h(C)p Fm(++)g
Fl(etc.)p Fn(\).)27 b(One)18 b(of)e(the)1031 2146 y(basic)k(goals)f(of)
g(the)h(language)f(is)g(to)h(remain)e(as)h(close)1031
2196 y(to)14 b(the)h(implem)o(en)o(tation)c(language)i(as)h(p)q
(ossible,)g(at)f(the)1031 2246 y(same)c(time)f(allo)o(wing)g(high-lev)o
(el)g(sp)q(eci\014cation)i(indep)q(en-)1031 2296 y(den)o(tly)g(of)f
(implemen)o(tatio)o(ns.)14 b(Another)d(feature)f(of)f(ADL)1031
2346 y(is)j(that)g(sp)q(eci\014cations)h(written)g(in)f(ADL)f(are)i(c)o
(hec)o(k)n(able,)1031 2395 y Fl(i.e.)p Fn(,)20 b(implemen)o(tations)d
(can)j(b)q(e)g(tested)h(against)e(ADL)1031 2445 y(sp)q(eci\014cations.)
1073 2503 y(There)12 b(are)f(some)g(inheren)o(t)h(limitati)o(ons)c
(with)j(this)g(ap-)1031 2553 y(proac)o(h,)17 b(particularly)m(,)d(that)
j(the)f(sp)q(eci\014cation)h(will)e(in-)1031 2603 y(herit)10
b(all)f(the)h(pitfalls)e(and)i(am)o(biguities)d(of)i(the)i(program-)
1031 2653 y(ming)i(language)h(dep)q(ending)h(up)q(on)g(the)g
(restricted)i(sub-)1031 2703 y(set)12 b(of)f(the)h(language)e(b)q(eing)
i(used)g(for)f(sp)q(eci\014cation)h(pur-)p eop
%%Page: 2 3
2 1 bop 37 45 a Fn(p)q(oses.)27 b(But,)18 b(w)o(e)e(ha)o(v)o(e)h(tak)o
(en)f(care)h(to)g(select)h(a)e(subset)37 95 y(of)h(the)g(underlying)g
(programmi)o(ng)d(language)i(whic)o(h)g(is)37 145 y(w)o(ell-understo)q
(o)q(d)f(with)e(minima)o(l)e(am)o(biguities.)79 203 y(The)k(rest)g(of)f
(the)h(pap)q(er)g(is)f(organized)h(as)f(follo)o(ws.)k(In)37
253 y(Section)i(2,)f(w)o(e)g(presen)o(t)i(some)d(bac)o(kground)g(on)h
(ADL.)37 302 y(Section)c(3)g(presen)o(ts)h(an)e(o)o(v)o(erview)h(of)f
(of)f(ADL/C)p Fm(++)h Fn(us-)37 352 y(ing)f(an)h(example.)j(In)c
(Section)h(4,)f(a)h(somewhat)e(detailed)37 402 y(description)h(of)f
(the)g(language)f(syn)o(tax)h(and)g(informal)e(se-)37
452 y(man)o(tics)15 b(is)g(giv)o(en.)22 b(Section)16
b(5)f(describ)q(es)j(ho)o(w)d(reuse)i(of)37 502 y(sp)q(eci\014cations)h
(is)e(supp)q(orted)i(in)e(ADL/C++.)26 b(In)16 b(Sec-)37
552 y(tion)c(6,)g(a)g(metho)q(d)f(for)h(v)n(alidation)d(of)j(C)p
Fm(++)f Fn(implemen)o(ta-)37 601 y(tions)21 b(using)f(ADL/C)p
Fm(++)g Fn(sp)q(eci\014cations)h(is)g(presen)o(ted.)37
651 y(Section)i(7)e(giv)o(es)h(a)f(comparison)g(with)g(other)i(related)
37 701 y(w)o(ork.)29 b(W)m(e)18 b(conclude)g(in)f(Section)h(8)f(with)h
(a)f(brief)g(dis-)37 751 y(cussion)e(ab)q(out)f(future)g(w)o(ork.)37
905 y Fo(2)67 b(Assertion)58 b(De\014nition)h(Lan-)138
979 y(guage)37 1080 y Fn(ADL)13 b(is)g(a)g(sp)q(eci\014cation)h
(language)e(framew)o(ork)f(used)j(to)37 1130 y(describ)q(e)e
(input-output)e(b)q(eha)o(vior)f(of)h(soft)o(w)o(are)g(systems.)37
1180 y(ADL)19 b(originated)f(as)h(part)f(of)h(a)f(conformance)g
(testing)37 1230 y(system)13 b(\(ADL)m(T\))e([11)o(])h(for)g(ANSI)g(C)h
(API's.)k(In)12 b(this)h(sys-)37 1280 y(tem,)k(the)g(run)o(time)e(b)q
(eha)o(viors)i(of)f(implemen)o(tations)e(of)37 1329 y(API's)d(are)g
(compared)f(to)h(their)g(sp)q(eci\014cation)g(written)h(in)37
1379 y(the)i(ADL)e(framew)o(ork.)k(These)e(sp)q(eci\014cations)g(are)g
(writ-)37 1429 y(ten)20 b(in)e(a)g(C)g(lik)o(e)g(syn)o(tax)g(as)h
(extensions)g(to)g(C)f(header)37 1479 y(\014les.)23 b(This)15
b(particular)f(syn)o(tax)i(is)e(termed)i(ADL/C)e(\(or)37
1529 y(ADL)c(for)f(C\).)g(The)g(ADL)m(T)g(pro)r(ject)h(commenced)e(in)h
(early)37 1578 y(1993)i(and)h(has)g(culminated)e(in)i(a)f(robust)i
(industry)f(qual-)37 1628 y(it)o(y)i(en)o(vironmen)o(t)f(for)g
(conformance)g(testing.)79 1686 y(ADL)m(T)22 b(has)i(a)f(collection)f
(of)h(to)q(ols)g(dev)o(elop)q(ed)h(for)37 1736 y(ADL/C)19
b(and)g(a)g(language)f(called)h(TDD,)f(for)g(describ-)37
1786 y(ing)23 b(test)h(data.)46 b(The)24 b(to)q(ols)f(include)h(A)o
(CF,)e(the)i(as-)37 1836 y(sertion)15 b(c)o(hec)o(king)g(function)f
(generator)h(that)f(translates)37 1886 y(p)q(ost-conditions)j(giv)o(en)
e(in)h(ADL/C)g(in)o(to)f(C)i(functions,)37 1935 y(a)j(\\natural")e
(language)h(do)q(cumen)o(t)g(generator,)i(and)e(a)37
1985 y(test)c(co)o(v)o(erage)e(analysis)f(to)q(ol.)17
b(Some)12 b(of)h(these)h(to)q(ols)f(are)37 2035 y(b)q(eing)i
(successfully)g(used)g(b)o(y)f(X/Op)q(en)i(and)e(NIST)g(as)g(a)37
2085 y(part)h(of)e(their)h(conformance)f(testing)i(e\013orts.)79
2143 y(W)m(e)j(are)h(dev)o(eloping)e(a)h(similar)e(sp)q(eci\014cation)j
(capa-)37 2193 y(bilit)o(y)10 b(for)h(C)p Fm(++)p Fn(,)f(namely)f
(ADL/C)p Fm(++)p Fn(.)17 b(ADL/C)p Fm(++)10 b Fn(builds)37
2243 y(on)17 b(the)f(exp)q(erience)j(gained)d(from)e(the)j(ADL)m(T)f
(pro)r(ject.)37 2292 y(It)j(is)g(a)f(natural)g(extension)h(of)f(ADL/C)g
(for)g(C)p Fm(++)p Fn(,)h(but)37 2342 y(it)d(also)f(represen)o(ts)k(a)d
(signi\014can)o(t)f(impro)o(v)o(emen)o(t)f(in)h(ex-)37
2392 y(pressiv)o(eness)g(and)c(ease)h(of)f(use.)19 b(A)11
b(subset)i(of)e(ADL/C)p Fm(++)37 2442 y Fn(itself)24
b(ma)o(y)e(b)q(e)j(used)g(to)f(sp)q(ecify)g(C)g(programs,)h(and)37
2492 y(w)o(e)c(an)o(ticipate)e(that)h(this)g(subset)h(will)d(ev)o(en)o
(tually)i(re-)37 2541 y(place)f(the)g(old)f(ADL/C)438
2526 y Fj(1)475 2541 y Fn(.)g(Other)h(pro)r(jects)h(curren)o(tly)p
37 2586 368 2 v 84 2613 a Fk(1)101 2625 y Fq(Up)o(w)o(ard)d
(compatibilit)n(y)e(will)i(b)q(e)g(main)o(tained)d(so)j(that)f(the)37
2664 y(existing)9 b(ADL/C)j(sp)q(eci\014cations)c(can)i(w)o(ork)g(with)
h(the)f(new)h(set)g(of)37 2704 y(to)q(ols.)1031 45 y
Fn(b)q(eing)22 b(undertak)o(en)g(are)g(ADL/IDL)f(\(OMG)g(IDL)g([2)o
(]\))1031 95 y(and)j(ADL/Ja)o(v)n(a)1314 80 y Fi(TM)1346
95 y Fn(.)48 b(While)23 b(this)h(pap)q(er)h(fo)q(cuses)g(on)1031
145 y(ADL/C)p Fm(++)p Fn(,)12 b(the)h(general)g(concepts)i(presen)o
(ted)f(here)g(ap-)1031 195 y(ply)k(equally)g(w)o(ell)f(to)i(the)g
(other)g(language)e(sp)q(ecializa-)1031 244 y(tions)d(of)f(ADL.)1031
397 y Fo(3)90 b(Ov)n(erview)23 b(of)e(ADL/C)p Fh(++)1031
497 y Fn(ADL/C)p Fm(++)33 b Fn(supp)q(orts)i(b)q(eha)o(vior)e(sp)q
(eci\014cations)i(for)1031 547 y(metho)q(ds)20 b(\(mem)o(b)q(er)e
(functions\))i(and)g(constructors)h(in)1031 597 y(the)15
b(form)e(of)h(p)q(ost-conditions.)20 b(It)15 b(also)f(supp)q(orts)i(sp)
q(ec-)1031 647 y(i\014cation)h(of)h(inheritance,)h(virtual)e
(functions,)h(and)g(ex-)1031 696 y(ceptions.)27 b(F)m(or)16
b(this,)h(it)f(uses)i(a)e Fl(side-e\013e)n(ct-fr)n(e)n(e)g
Fn(subset)1031 746 y(of)11 b(C)p Fm(++)h Fn(expression)g(language)f(as)
h(describ)q(ed)i(in)d([10)o(])g(and)1031 796 y(extends)g(it)f(with)f
(the)h(usual)f(logical)f(op)q(erators,)j(b)q(ounded)1031
846 y(quan)o(ti\014cation,)23 b(call-state)e(op)q(erator)i(\(for)e(ev)n
(aluating)1031 896 y(expressions)15 b(prior)d(to)h(a)g(function)g
(call\),)f(return)i(expres-)1031 945 y(sions)20 b(\(to)g(denote)h
(return)h(v)n(alues)d(of)h(functions\),)h(and)1031 995
y(some)13 b(structuring)i(constructs.)1073 1053 y(A)f(function)h(b)q
(eha)o(vior)f(is)g(t)o(ypically)f(partitioned)i(in)o(to)1031
1103 y(normal)g(and)i(abnormal)d(b)q(eha)o(vior)j(b)o(y)g(giving)e(the)
j(cor-)1031 1153 y(resp)q(onding)d(predicates)g(in)e(terms)h(of)f(the)i
(v)n(alues)e(of)g(the)1031 1203 y(parameters,)i(return)i(v)n(alues,)e
(and)g(exceptions)h(thro)o(wn.)1031 1253 y(Then,)j(predicates)g(that)e
(describ)q(e)i(the)g(state)f(transfor-)1031 1302 y(mations)e(corresp)q
(onding)j(to)f(eac)o(h)h(of)e(these)j(b)q(eha)o(viors)1031
1352 y(are)c(giv)o(en.)23 b(Additional)14 b(predicates)j(that)f
(describ)q(e)h(the)1031 1402 y(state)k(transformations)e(and)h(in)o(v)n
(arian)o(ts)f(indep)q(enden)o(t)1031 1452 y(of)12 b(normal)f(or)h
(abnormal)f(b)q(eha)o(vior)h(ma)o(y)f(also)h(b)q(e)h(giv)o(en.)1073
1510 y(Consider)k(an)g(example)f(ADL/C)p Fm(++)h Fn(sp)q(eci\014cation)
h(of)1031 1560 y(a)12 b(function)g(that)g(computes)g(the)g(in)o(teger)h
(square)g(ro)q(ot)f(of)1031 1610 y(a)i(giv)o(en)f(n)o(um)o(b)q(er.)1031
1714 y Fm(specification)19 b({)1097 1764 y(int)i(sqrt\(int)f(x\))1097
1814 y(semantics)1097 1863 y({)1162 1913 y(@x)h(>=)h(return)e(*)i
(return;)1162 1963 y(@x)f(<)h(\(return)e(+)i(1\))f(*)h(\(return)e(+)i
(1\);)1097 2013 y(};)1031 2063 y(};)1073 2167 y Fn(In)o(tuitiv)o(ely)m
(,)11 b(the)j(ab)q(o)o(v)o(e)f(sp)q(eci\014cation)h(sa)o(ys)f(that)h
Fl(sqrt)1031 2217 y Fn(is)19 b(a)f(function)h(that)g(tak)o(es)g(an)f
(in)o(teger)h(and)g(returns)h(a)1031 2267 y(\(p)q(ositiv)o(e\))e(in)o
(teger)g(whic)o(h)g(is)g(the)h(\015o)q(or)e(of)h(the)g(square)1031
2316 y(ro)q(ot)i(of)g(the)h(input)f(parameter)g(v)n(alue.)36
b(Alb)q(eit)20 b(using)1031 2366 y(C)p Fm(++)p Fn(-lik)o(e)f
(expressions,)k(the)e(ab)q(o)o(v)o(e)f(sp)q(eci\014cation)h(just)1031
2416 y(sa)o(ys)14 b Fl(what)f Fn(the)h(function)g Fl(sqrt)f
Fn(should)g(do,)g(but)h(not)f Fl(how)1031 2466 y Fn(it)h(should)f(b)q
(e)i(done)1346 2451 y Fj(2)1365 2466 y Fn(.)1073 2524
y(The)g(op)q(erational)f(meaning)f(of)i(the)g(ab)q(o)o(v)o(e)g(sp)q
(eci\014ca-)1031 2574 y(tion)g(is)f(that)h(if)f Fl(j)h
Fn(is)f(the)i(return)g(v)n(alue)e(of)g(a)h(call)f Fl(sqrt\(k\))p
1031 2659 V 1031 2697 a Fq(Ja)o(v)n(a)1101 2685 y Fg(TM)1141
2697 y Fq(is)d(a)h(trademark)c(of)j(Sun)g(Microsystems)e(Inc.)p
eop
%%Page: 3 4
3 2 bop 37 45 a Fn(for)15 b(some)f(\(p)q(ositiv)o(e\))h(in)o(tegers)h
Fl(j)e Fn(and)h Fl(k)p Fn(,)g(then)h(b)q(oth)f(the)37
95 y(form)o(ulas)c(listed)i(in)f(the)i(seman)o(tics)e(clause)h(should)g
(ev)n(al-)37 145 y(uate)k(to)f Fl(true)g Fn(b)o(y)g(setting)g(the)h(v)n
(alue)f(of)f(the)i(v)n(ariable)e Fl(x)37 195 y Fn(to)i
Fl(k)g Fn(and)f(that)h(of)f Ff(return)e Fn(to)j Fl(j)p
Fn(.)26 b(More)17 b(precisely)m(,)h(the)37 244 y(follo)o(wing)12
b(t)o(w)o(o)h(predicates)j(should)d(ev)n(aluate)h(to)g
Fl(true)f Fn(:)168 344 y Fe(k)g(>)p Fn(=)f Fe(j)g Fd(\003)c
Fe(j)168 394 y(k)13 b(<)f Fn(\()p Fe(j)f Fn(+)f(1\))f
Fd(\003)g Fn(\()p Fe(j)j Fn(+)d(1\))37 493 y(The)16 b(\\@")f(op)q
(erator)h(sa)o(ys)f(that)g(the)h(expression)g(follo)o(w-)37
543 y(ing)11 b(it)h(should)f(b)q(e)i(ev)n(aluated)e(b)q(efore)h(a)g
(call)f(to)g Fl(sqrt)p Fn(.)17 b(The)37 593 y(k)o(eyw)o(ord)e
Ff(return)e Fn(denotes)j(the)g(return)g(v)n(alue)e(of)g(a)h(call)37
643 y(to)f Fl(sqrt)p Fn(.)79 701 y(The)k(complete)f(syn)o(tax)h(and)f
(seman)o(tics)h(of)f(the)h(lan-)37 751 y(guage)c(are)g(presen)o(ted)i
(in)e(Section)g(4.)79 809 y(W)m(e)h(illustrate)h(the)g(sp)q
(eci\014cation)h(of)e(v)n(arious)g(imp)q(or-)37 859 y(tan)o(t)e
(features)h(of)e(C)p Fm(++)g Fn(using)h(the)g(more)f(realistic)h(exam-)
37 909 y(ple)e(presen)o(ted)i(in)d(Figures)h(1)g(and)f(2)h(of)f(a)g(sp)
q(eci\014cation)i(of)37 958 y(a)i(bank)f(accoun)o(t)h(class.)19
b(The)14 b(accoun)o(t)g(class)g(has)g(meth-)37 1008 y(o)q(ds)i(to)e
(dep)q(osit)i(and)f(withdra)o(w)f(amoun)o(ts.)20 b(The)15
b(decla-)37 1058 y(ration)i(of)g(the)g Fl(A)n(c)n(c)n(ount)h
Fn(class)f(can)h(b)q(e)g(\014rst)g(dev)o(elop)q(ed)37
1108 y(in)c(a)g(\014le)g Fl(ac)n(c)n(ount.hh)h Fn(and)f(then,)h(it)e
(can)i(b)q(e)f(included)h(in)37 1158 y(the)g(sp)q(eci\014cation)f
(\014le)g(to)g(giv)o(e)f(b)q(eha)o(vior)g(sp)q(eci\014cations)37
1207 y(for)h(the)h(v)n(arious)e(\(mem)o(b)q(er\))f(functions.)79
1266 y(The)30 b Fl(A)n(c)n(c)n(ount::Dep)n(osit)f Fn(metho)q(d)f(seman)
o(tics)h(sa)o(ys)37 1315 y(that)20 b(it)f(thro)o(ws)g(an)g(exception)h
(if)e(called)h(with)g(a)g(neg-)37 1365 y(ativ)o(e)c(v)n(alue)f(for)h
Fl(amount)p Fn(.)22 b(This)15 b(is)f(sp)q(eci\014ed)j(using)e(the)37
1415 y(\\)p Fm(<:>)p Fn(")e(op)q(erator.)18 b(Informally)l(,)10
b(this)k(means)e(that)h(a)g(neg-)37 1465 y(ativ)o(e)19
b(v)n(alue)f(of)g(the)h Fl(amount)h Fn(w)o(ould)e(result)h(in)g(abnor-)
37 1515 y(mal)10 b(termination)g(and)h(in)g(case)i(abnormal)c
(termination,)37 1564 y(the)22 b(presence)h(of)e(a)f
Fl(Ne)n(gativeA)o(mount)i Fn(exception)f(im-)37 1614
y(plies)f(that)g(the)h(v)n(alue)e(of)h Fl(amount)g Fn(w)o(as)g(negativ)
o(e.)36 b(In)37 1664 y(the)17 b(normal)e(case,)i(the)g(v)n(alue)f(of)g
Fl(b)n(alanc)n(e)g Fn(increases)i(b)o(y)37 1714 y(the)d(amoun)o(t)d
(that)i(is)g(dep)q(osited.)79 1772 y(The)20 b Fl(A)n(c)n(c)n
(ount::Withdr)n(aw)e Fn(metho)q(d)g(seman)o(tics)h(sa)o(ys)37
1822 y(that)c(the)h(op)q(eration)f(terminates)f(abnormally)e(if)i
(either)37 1872 y(of)9 b(the)h(exceptions)h(corresp)q(onding)f(to)g
(insu\016cien)o(t)f(funds)37 1921 y(in)14 b(the)g(accoun)o(t)g(or)f(a)g
(request)j(to)d(withdra)o(w)g(a)g(negativ)o(e)37 1971
y(amoun)o(t)19 b(is)h(thro)o(wn.)37 b(Otherwise)22 b(it)d(terminates)h
(nor-)37 2021 y(mally)f(and)i(the)h(v)n(alue)f(of)f Fl(b)n(alanc)n(e)i
Fn(decreases)i(b)o(y)d(the)37 2071 y(amoun)o(t)10 b(withdra)o(wn.)17
b(Then)12 b(it)f(also)g(sa)o(ys)h(what)f(the)i(v)n(al-)37
2121 y(ues)i(of)e(a)h(thro)o(wn)g(exception)h(should)e(b)q(e.)79
2179 y(The)i(constructor)i(sp)q(eci\014es)g(what)e(the)g(initial)e(v)n
(alues)37 2229 y(of)c(v)n(arious)g(data)g(mem)o(b)q(ers)g(should)g(b)q
(e)h(in)f(case)h(of)f(normal)37 2278 y(termination.)16
b(It)11 b(also)g(sp)q(eci\014es)i(the)f(exceptions)g(thro)o(wn)37
2328 y(in)i(case)i(of)d(illegal)g(initial)f(v)n(alues)i(for)g(some)g
(of)g(the)h(data)37 2378 y(mem)o(b)q(ers.)p 37 2547 368
2 v 84 2574 a Fk(2)101 2585 y Fq(This)g(is)g(a)g(partial)e(sp)q
(eci\014cation)f(b)q(ecause)h(no)h(return)g(v)n(alue)37
2625 y(can)h(satisfy)e(the)h(b)q(eha)o(vior)f(sp)q(eci\014cation)f(if)i
(the)h(input)e(v)n(alue)h(of)37 2664 y(the)e(parameter)e
Fc(x)k Fq(is)e(zero)g(or)h(a)f(negativ)o(e)f(n)o(um)o(b)q(er.)16
b(This)d(can)f(b)q(e)37 2704 y(easily)f(\014xed)f(using)g(exceptions.)
1031 45 y Fb(3.1)56 b(F)-5 b(unctions)1031 132 y Fn(Beha)o(vior)15
b(sp)q(eci\014cations)i(for)e(a)g(function)g(can)g(b)q(e)h(writ-)1031
182 y(ten)i(using)g(all)e(the)j(\(program\))d(v)n(ariables)h(that)g
(can)h(b)q(e)1031 232 y(used)d(in)f(a)f(de\014nition)h(of)f(that)h
(function)g(with)f(the)i(same)1031 282 y(scop)q(e)h(and)e(visibilit)o
(y)e(rules.)20 b(A)14 b(sp)q(eci\014cation)h(t)o(ypically)1031
332 y(relates)e(the)e(b)q(efore)i(and)e(after)g(v)n(alues)g(of)g(the)h
(part)g(of)e(the)1031 381 y(state)17 b(that)f(it)f(can)i(mo)q(dify)c
(in)j(a)f(particular)h(call.)23 b(This)1031 431 y(includes)13
b(all)e(the)i(global)d(v)n(ariables,)h(data)h(mem)o(b)q(ers)f(\(for)
1031 481 y(mem)o(b)q(er)16 b(functions\))i(and)f(an)o(y)g(reference)j
(parameters.)1031 531 y(In)c(addition,)e(it)g(can)i(also)f(sp)q(ecify)g
(what)h(exceptions,)g(if)1031 581 y(an)o(y)m(,)f(it)h(can)g(thro)o(w)g
(and)g(the)h(prop)q(erties)g(of)f(the)g(v)n(alues)1031
630 y(of)e(the)g(exceptions)h(thro)o(wn.)1073 689 y(A)20
b(b)q(eha)o(vior)h(sp)q(eci\014cation)g(for)f(a)g(function)h(can)f(b)q
(e)1031 738 y(giv)o(en)9 b(inline)g(at)g(the)h(time)e(of)g
(declaration,)i(or)f(separately)m(,)1031 788 y(just)14
b(lik)o(e)f(a)h(de\014nition.)1031 924 y Fb(Constructors)1031
1011 y Fn(In)24 b(seman)o(tics)f(for)g(constructors,)k(t)o(ypically)22
b(one)i(can)1031 1061 y(sp)q(ecify)15 b(the)g(initial)e(v)n(alues)h
(for)g(v)n(arious)g(data)g(mem)o(b)q(ers)1031 1111 y(whic)o(h)c
(e\013ectiv)o(ely)h(giv)o(es)f(the)h(initial)d(state)j(of)e(the)i(ob)r
(ject.)1031 1161 y(In)17 b(the)g(example,)f(the)h(seman)o(tics)g(for)f
(the)h(constructor)1031 1210 y(for)11 b(the)i Fl(A)n(c)n(c)n(ount)e
Fn(class)h(sp)q(eci\014es)i(that)d(the)h(v)n(alues)f(of)g(the)1031
1260 y(accoun)o(t)h(n)o(um)o(b)q(er,)f(t)o(yp)q(e)h(and)g(initial)d
(balance)j(should)f(b)q(e)1031 1310 y(equal)j(to)g(the)g(corresp)q
(onding)h(parameters.)1073 1368 y(In)e(a)g(sp)q(eci\014cation)h(for)g
(a)f(constructor,)h(the)g(v)n(alues)g(of)1031 1418 y(the)e(data)e(mem)o
(b)q(ers)g(of)g(the)h(ob)r(ject)h(\(b)q(eing)f(constructed\))1031
1468 y(cannot)i(b)q(e)g(accessed)i(in)d(the)h(call-state)g(\(\\@")f(op)
q(erator\))1031 1518 y(b)q(ecause)f(the)g(ob)r(ject)f(w)o(ould)e(not)i
(ha)o(v)o(e)f(b)q(een)i(constructed)1031 1567 y(b)q(efore)k(a)e(call)h
(to)f(a)h(constructor.)1031 1703 y Fb(Virtual)k(Mem)n(b)r(er)f(F)-5
b(unctions)1031 1790 y Fn(If)10 b(a)f(sup)q(erclass)j(declares)f(a)e
(mem)o(b)q(er)f(function)i(to)f(b)q(e)h(vir-)1031 1840
y(tual,)h(then)h(a)f(call)g(to)g(it)g(using)g(a)g(p)q(oin)o(ter)h(migh)
o(t)d(actually)1031 1890 y(in)o(v)o(ok)o(e)k(its)i(implem)o(en)o
(tation)c(in)j(a)g(sub)q(class.)20 b(Therefore)1031 1940
y(it)h(is)f(logical)f(that)i(seman)o(tic)f(description)h(giv)o(en)f(in)
g(a)1031 1990 y(sub)q(class)e(implies)c(the)j(seman)o(tics)e(sp)q
(eci\014ed)j(in)e(the)h(su-)1031 2039 y(p)q(erclass)e(for)f(a)g
(virtual)f(function.)1073 2098 y(T)m(o)f(ac)o(hiev)o(e)i(this,)f(ADL/C)
p Fm(++)f Fn(imp)q(oses)h(the)h(seman)o(tic)1031 2147
y(restriction)i(that)f(an)o(y)f(virtual)g(mem)o(b)q(er)f(function)h
(rede-)1031 2197 y(\014ned)j(in)e(a)g(deriv)o(ed)h(class)h(should)e(ob)
q(ey)h(the)g(seman)o(tics)1031 2247 y(giv)o(en)g(for)g(it)g(in)g(the)h
(base)g(class)g(as)f(in)o(terpreted)i(in)e(the)1031 2297
y(con)o(text)g(of)e(the)i(base)g(class.)21 b(This)15
b(means)f(that)h(the)h(as-)1031 2347 y(sertions)21 b(in)f(the)g(deriv)o
(ed)h(class)f(are)h(strengthened)h(b)o(y)1031 2396 y(those)17
b(giv)o(en)e(in)g(the)h(sup)q(erclass.)26 b(This,)15
b(in)g(some)g(sense)1031 2446 y(extends)j(the)e(\(mostly)f(syn)o
(tactic\))h(inheritance)h(mec)o(ha-)1031 2496 y(nism)10
b(of)g(C)p Fm(++)g Fn(to)h(inheritance)h(of)e(prop)q(erties)i(of)e
(metho)q(ds)1031 2546 y(rather)j(than)g(resp)q(ecifying)f(the)h(prop)q
(erties)h(giv)o(en)e(in)f(the)1031 2596 y(sup)q(erclass.)1073
2654 y(F)m(or)20 b(example,)g(consider)h(the)g(ADL/C)p
Fm(++)e Fn(sp)q(eci\014ca-)1031 2704 y(tion)13 b(giv)o(en)g(in)f
(Figure)h(3,)g(of)g(a)f(new)i(bank)f(accoun)o(t)h(class)p
eop
%%Page: 4 5
4 3 bop 37 196 a Fm(#ifndef)21 b(ACCOUNT_HH)37 246 y(#define)g
(ACCOUNT_HH)f(1)37 345 y(class)h(Account)37 395 y({)103
445 y(public)f(:)168 495 y(enum)h({)h(MAX_ACCOUNT_NUM)c(=)k(100)f(};)
168 544 y(enum)g(AccountTypes)f({)h(CHECKING)f(=)i(1,)f(SAVINGS)g(};)
103 644 y(private)f(:)168 694 y(const)h(AccountTypes)e(accountType;)168
744 y(const)i(int)g(accountNum;)168 794 y(long)g(balance;)103
893 y(public:)168 943 y(//)h(Exception)e(classes.)168
993 y(struct)h(InvalidAccountNu)o(m)e({)234 1043 y(const)h(int)i(num;)
234 1092 y(InvalidAccountNu)o(m\(in)o(t)d(i\))i(:)h(num\(i\))f({)g(};)
168 1142 y(};)168 1242 y(struct)g(InvalidAccountTy)o(pe)e({)234
1292 y(const)h(int)i(type;)234 1341 y(InvalidAccountTy)o(pe\(i)o(nt)d
(i\))i(:)h(type\(i\))e({)i(};)168 1391 y(};)168 1491
y(struct)f(InsufficientFund)o(s)e({)234 1541 y(const)h(long)h(bal;)234
1591 y(InsufficientFund)o(s\(lo)o(ng)e(i\))i(:)h(bal\(i\))e({)i(};)168
1640 y(};)168 1740 y(struct)f(NegativeAmount)e({)234
1790 y(const)h(long)h(amt;)234 1840 y(NegativeAmount\(l)o(ong)d(i\))k
(:)f(amt\(i\))g({)h(};)168 1889 y(};)168 1989 y(//)g(Interface)168
2039 y(virtual)f(void)g(Deposit\(long)e(amount\))234
2089 y(throw\(NegativeAm)o(ount)o(\);)168 2138 y(virtual)i(void)g
(Withdraw\(long)e(amount\))234 2188 y(throw\(NegativeAm)o(ount)f(,)k
(InsufficientFunds)c(\);)168 2238 y(Account\(AccountType)o(s)h(type,)i
(int)g(num,)g(long)g(bal)g(=)h(0\))234 2288 y(throw\(InvalidAcc)o(ount)
o(Num,)c(InvalidAccountType\);)37 2338 y(};)37 2437 y(#endif)j(/*)g
(ACCOUNT_HH)f(*/)585 2570 y Fn(Figure)14 b(1:)k(A)c(Bank)g(Accoun)o(t)g
(Class)g(Declaration)p eop
%%Page: 5 6
5 4 bop 37 246 a Fm(specification)20 b(AccountSpec)37
295 y({)37 345 y(#include)h("account.hh")103 445 y(void)g
(Account::Deposit\()o(long)d(amount\))j(throw\(Account::N)o(egat)o
(iveAm)o(ount)d(na\))103 495 y(semantics)103 544 y([)j(abnormal)g(:=)g
(thrown\(na\);)e(])103 594 y({)168 644 y(\(amount)i(<)g(0\))h(<:>)f
(thrown\(na\);)168 694 y(normal)g(==>)g(balance)f(==)i(@balance)e(+)h
(amount;)168 744 y(abnormal)f(==>)i(unchanged\(balan)o(ce\);)103
794 y(};)103 893 y(void)f(Account::Withdraw)o(\(lon)o(g)e(amount\))168
943 y(throw\(Account::Nega)o(tive)o(Amoun)o(t)g(na,)i
(Account::Insuffici)o(entFu)o(nds)e(isf\))103 993 y(semantics)103
1043 y([)i(abnormal)g(:=)g(thrown\(na\))f(||)h(thrown\(isf\);)e(])103
1092 y({)168 1142 y(\(amount)i(>)g(@balance\))42 b(<:>)21
b(thrown\(isf\);)168 1192 y(amount)g(<)g(0)240 b(<:>)21
b(thrown\(na\);)168 1292 y(thrown\(isf\))f(==>)h(\(isf.bal)f(==)h
(balance\);)168 1341 y(thrown\(na\))42 b(==>)21 b(\(na.amt)f(==)i
(amount\);)168 1441 y(if)g(\(abnormal\))d({)j(unchanged\(balance)o(\);)
d(})168 1491 y(else)i({)h(balance)e(==)i(@balance)e(-)h(amount;)g(};)
103 1541 y(};)103 1640 y(Account::Account\()o(Accou)o(ntTy)o(pes)e
(type,)h(int)i(num,)f(long)g(bal\))168 1690 y(throw\(Account::Inva)o
(lidA)o(ccoun)o(tNum)d(ian,)299 1740 y(Account::InvalidA)o(ccoun)o
(tType)g(iat\))103 1790 y(semantics)103 1840 y({)168
1889 y(\(num)j(<)h(1)f(||)h(num\))f(>)g(MAX_ACCOUNT_NUM)84
b(<:>)22 b(thrown\(ian\);)168 1939 y(\(type)f(!=)g(CHECKING)g(&&)g
(type)g(!=)g(SAVINGS\))f(<:>)i(thrown\(iat\);)168 2039
y(thrown\(ian\))e(==>)h(\(ian.num)f(==)h(num\);)168 2089
y(thrown\(iat\))f(==>)h(\(iat.type)f(==)h(type\);)168
2188 y(if)h(\(normal\))e({)234 2238 y(accountNum)f(==)j(num;)f
(accountType)e(==)j(type;)e(balance)h(==)g(bal;)168 2288
y(};)103 2338 y(};)37 2388 y(};)534 2520 y Fn(Figure)14
b(2:)k(A)c(Sp)q(eci\014cation)g(of)f(a)h(Bank)g(Accoun)o(t)h(Class)p
eop
%%Page: 6 7
6 5 bop 37 74 a Fm(with)21 b([AccountSpec])f(//)h(Inherit)f(the)h
(previous)g(specification)37 124 y(specification)f(NewAccountSpec)37
174 y({)103 223 y(class)h(OverdraftAccount)d(:)k(public)e(Account)h({)
168 273 y(long)g(maxOverDraft;)41 b(//)21 b(Max)h(overdraft)e(allowed)g
(\(can)h(change\))168 323 y(long)g(overDraft;)107 b(//)21
b(How)h(much)f(overdrawn)146 423 y(public)g(:)168 472
y(OverdraftAccount\(Ac)o(coun)o(tType)o(s)e(type,)i(int)g(num,)g(long)g
(bal\))212 522 y(:)g(Account\(type,)f(num,)g(bal)i(+)f(maxOverDraft\))e
({)234 572 y(overDraft)h(=)h(0;)168 622 y(};)168 722
y(void)g(Withdraw\(long)e(amount\))i(throw\(Account::N)o(egati)o(veAm)o
(ount)d(na,)887 771 y(Account::Insufficie)o(ntFun)o(ds)h(isf\))168
821 y(semantics)h({)234 871 y(if)h(\(normal)f(&&)i(bal)f(<)g
(maxOverDraft\))f({)299 921 y(overDraft)g(==)h(maxOverDraft)f(-)h(bal;)
234 971 y(};)168 1020 y(};)103 1070 y(};)37 1120 y(};)391
1253 y Fn(Figure)14 b(3:)k(A)c(Sp)q(eci\014cation)g(Using)g
(Inheritance)h(and)e(Virtual)h(F)m(unctions)37 1385 y(whic)o(h)g
(inherits)g(from)d(the)k Fl(A)n(c)n(c)n(ount)e Fn(class.)19
b(It)13 b(allo)o(ws)f(an)37 1435 y(o)o(v)o(erdraft)h(upto)f(a)h
(certain)g(amoun)o(t)d(whic)o(h)j(can)f(c)o(hange.)37
1485 y(Therefore)17 b(the)f(new)g Fl(Withdr)n(aw)f Fn(metho)q(d)g(will)
f(sa)o(y)i(ho)o(w)37 1535 y(the)k(v)n(alue)f(of)g(the)h(v)n(ariable)e
Fl(over)n(dr)n(aft)g Fn(c)o(hanges)i(if)f(the)37 1585
y(accoun)o(t)d(is)f(b)q(eing)g(o)o(v)o(erdra)o(wn.)22
b(Since)16 b(it)e(is)h(virtual,)f(b)o(y)37 1635 y(our)19
b(seman)o(tics)f(it)h(automatically)c(inherits)k(the)g(sp)q(eci-)37
1684 y(\014cation)e(giv)o(en)g(in)f(the)i(base)g(class)f(and)g
(therefore)i(it)d(is)37 1734 y(not)d(necessary)h(to)e(sp)q(ecify)h
(that)f(part.)18 b(In)12 b(this)g(case,)i(the)37 1784
y(v)n(ariable)i Fl(b)n(alanc)n(e)h Fn(merely)e(denotes)j(the)f(amoun)o
(t)d(a)o(v)n(ail-)37 1834 y(able)g(for)g(withdra)o(w)o(al,)e(not)i(the)
g(real)g(balance.)79 1892 y(Another)g(common)c(use)k(of)e(virtual)g
(functions)h(in)g(C)p Fm(++)37 1942 y Fn(is)22 b(the)g(sp)q
(eci\014cation)g(of)f(abstract)i(classes.)42 b(The)22
b(ab-)37 1992 y(stract)g(prop)q(erties)h(can)e(b)q(e)h(sp)q(eci\014ed)g
(for)f(the)g(virtual)37 2041 y(functions)f(in)g(the)g(abstract)h(class)
f(and)g(in)f(the)h(imple-)37 2091 y(men)o(tation)f(classes,)j(these)g
(functions)e(w)o(ould)f(ha)o(v)o(e)h(to)37 2141 y(ob)q(ey)c(all)e
(those)j(prop)q(erties)f(automatically)d(b)q(ecause)k(of)37
2191 y(the)e(seman)o(tic)e(constrain)o(ts)i(imp)q(osed)d(b)o(y)i(ADL/C)
p Fm(++)p Fn(.)79 2249 y(This)h(seman)o(tics)h(can)f(also)g(b)q(e)h
(useful)g(to)f(sp)q(ecify)i(the)37 2299 y(b)q(eha)o(viors)12
b(for)g(sp)q(ecializations)f(if)g(the)i(sup)q(erclass)g(sp)q(eci-)37
2349 y(\014cation)f(is)g(not)g(o)o(v)o(erly)g(constrained.)18
b(F)m(or)12 b(example,)f(the)37 2398 y(sorting)k(functions)f(sp)q
(eci\014ed)i(in)e(Section)g(5)g(can)h(b)q(e)g(eas-)37
2448 y(ily)10 b(sp)q(eci\014ed)i(using)f(C)p Fm(++)f
Fn(inheritance)h(b)o(y)g(appropriately)37 2498 y(making)e(the)i
(\014rst)h(sort)f(function)g(a)f(virtual)g(mem)o(b)q(er)f(of)h(a)37
2548 y(class)i(and)f(then)h(rede\014ning)g(it)e(as)i(a)e(stable)i(sort)
g(function)37 2598 y(in)i(a)g(sub)q(class.)21 b(This)14
b(is)g(p)q(ossible)h(b)q(ecause)h(the)f(original)37 2647
y(sort)h(function)f(do)q(es)h(not)f(sa)o(y)g(an)o(ything)f(ab)q(out)h
(the)h(rel-)37 2697 y(ativ)o(e)i(order)g(of)f(elemen)o(ts)h(with)f
(equal)h(k)o(ey)f(and)h(hence)1031 1385 y(the)c(sub)q(class)h(has)f
(the)g(freedom)e(to)i(add)f(the)h(extra)g(con-)1031 1435
y(strain)o(t.)1073 1493 y(The)f(idea)f(here)i(is)f(to)f(imp)q(ose)g
(some)g(discipline)g(on)h(in-)1031 1543 y(heritance)20
b(\(whic)o(h)e(C)p Fm(++)g Fn(do)q(esn't\))h(so)g(that)f(some)f(kind)
1031 1593 y(of)j(subt)o(yping)g(is)g(ac)o(hiev)o(ed.)37
b(Our)21 b(curren)o(t)g(seman)o(tics)1031 1643 y(for)c(virtual)g
(functions)h(is)f(inspired)h(b)o(y)f(the)h(b)q(eha)o(vioral)1031
1693 y(notion)j(of)f(subt)o(yping)h(describ)q(ed)i(in)e([6)o(])f(and)h
(a)g(simi-)1031 1742 y(lar)14 b(sc)o(heme)h(called)f
Fl(we)n(ak)h(b)n(ehavior)n(al)g(subtyping)g Fn(is)f(sup-)1031
1792 y(p)q(orted)h(in)e(Larc)o(h/C)p Fm(++)h Fn([5)o(].)1031
1921 y Fb(3.2)56 b(Exceptions)1031 2006 y Fn(ADL/C)p
Fm(++)24 b Fn(allo)o(ws)g(the)h(sp)q(eci\014cation)h(of)e(exceptions)
1031 2056 y(that)14 b(can)h(b)q(e)f(thro)o(wn)g(b)o(y)g(a)g(function.)k
(In)c(the)h(seman)o(tic)1031 2106 y(sp)q(eci\014cations)22
b(of)d(functions,)i(exceptions)h(can)e(b)q(e)h(ex-)1031
2156 y(plicitly)15 b(used)h(\(see)h(the)f(next)h(Section\).)23
b(C)p Fm(++)16 b Fn(do)q(es)g(not)1031 2205 y(allo)o(w)e(exceptions)i
(to)f(b)q(e)h(named)d(in)i(the)h(thro)o(w)f(clause.)1031
2255 y(Ho)o(w)o(ev)o(er,)d(in)f(ADL/C)p Fm(++)p Fn(,)f(they)h(can)h(b)q
(e)f(named)f(just)i(lik)o(e)1031 2305 y(other)23 b(parameters,)g(and)e
(can)h(b)q(e)h(used)f(in)f(the)i(p)q(ost-)1031 2355 y(condition.)43
b(W)m(e)22 b(feel)g(this)g(will)f(mak)o(e)g(sp)q(eci\014cations)1031
2405 y(more)9 b(readable)i(than)f(the)h(corresp)q(onding)g(C)p
Fm(++)f Fn(co)q(de)g(b)q(e-)1031 2455 y(cause)18 b(no)o(w)e(users)i
(can)f(name)e(exceptions)j(in)e(a)g(w)o(a)o(y)g(as)1031
2504 y(to)f(re\015ect)h(the)f(nature)g(of)f(the)i(exception.)k(In)15
b(the)g(bank)1031 2554 y(accoun)o(t)j(example)f(ab)q(o)o(v)o(e,)h
(instead)g(of)f(using)h(separate)1031 2604 y(exceptions,)12
b(if)e(the)h(class)g(designer)g(decided)g(to)g(thro)o(w)f(an)1031
2654 y(exception)i(of)e(t)o(yp)q(e)i Fl(long)f Fn(in)f(case)i
Fl(amount)g Fn(is)e(negativ)o(e,)h(it)1031 2704 y(can)16
b(b)q(e)g(named)f(appropriately)g(\(sa)o(y)m(,)p Fl(ne)n(gativeA)o
(mount)p Fn(\))p eop
%%Page: 7 8
7 6 bop 37 45 a Fn(to)22 b(re\015ect)i(this)e(fact)g(in)g(the)g(b)q
(eha)o(vior)g(sp)q(eci\014cation.)37 95 y(W)m(e)13 b(also)f(extended)i
(the)f(C)p Fm(++)g Fn(exception)g(declaration)f(to)37
145 y(sp)q(ecify)i(things)g(lik)o(e)e(no)h(exception)h(can)g(b)q(e)g
(thro)o(wn)f(and)37 195 y(an)o(y)h(exception)h(can)f(b)q(e)g(thro)o
(wn.)79 253 y(The)j(seman)o(tics)f(of)g(exception)h(sp)q(eci\014cation)
h(is)e(that)37 302 y(an)o(y)11 b(implem)o(en)o(tation)c(can)k(thro)o(w)
g Fl(at)g(most)g Fn(those)g(excep-)37 352 y(tions)17
b(listed)f(in)g(the)i(thro)o(w)e(clause.)26 b(It)17 b(can)g(not)f(thro)
o(w)37 402 y(an)o(ything)d(that)h(is)g(not)f(men)o(tioned.)k(Note)d
(that)g(in)f(C)p Fm(++)p Fn(,)37 452 y(the)h(thro)o(w)f(list)g(that)g
(follo)o(ws)e(a)i(function)g(declaration)f(is)37 502
y(just)f(informational)c(and)j(the)h(function)f(can)g(thro)o(w)h(other)
37 552 y(t)o(yp)q(es)k(of)f(exceptions)h(not)e(listed)h(there.)79
610 y(In)h(the)g(p)q(ost-condition,)f(tests)i(can)f(b)q(e)h(made)d(for)
i(the)37 659 y(presence)h(of)d(exceptions)h(using)f(the)h
Ff(thro)o(wn)d Fn(op)q(erator.)37 709 y(Exception)j(v)n(alues)f(can)g
(b)q(e)g(used)h(just)f(lik)o(e)g(normal)e(data)37 759
y(v)n(alues)16 b(except)i(that)e(it)g(is)g(illegal)e(to)i(use)h(an)e
(exception)37 809 y(when)g(it)e(is)h(not)f(thro)o(wn.)18
b(Similarly)m(,)10 b(it)j(is)h(illegal)e(to)h(use)37
859 y(an)k(exception)h(in)e(the)h(call)f(state.)28 b(It)17
b(is)f(also)h(illegal)d(to)37 909 y(use)f(the)f(return)h(v)n(alue)e(in)
g(case)i(an)f(exception)g(is)g(thro)o(wn.)79 967 y(In)92
b(the)h(example,)111 b(the)93 b(seman)o(tics)37 1016
y(for)18 b Fl(A)n(c)n(c)n(ount::Withdr)n(aw)f Fn(sp)q(eci\014es)j(that)
e(it)g(can)g(thro)o(w)37 1066 y Fl(Insu\016cientF)m(unds)i
Fn(and)e Fl(Ne)n(gativeA)o(mount)h Fn(exceptions)37 1116
y(to)f(signal)e(abnormal)f(termination.)27 b(It)17 b(also)g(sa)o(ys)g
(that)37 1166 y(if)g(the)h Fl(Insu\016cientF)m(unds)h
Fn(exception)f(is)f(thro)o(wn,)i(then)37 1216 y(the)13
b(v)n(alue)f(of)g(its)g(data)g(mem)o(b)q(er)e Fl(b)n(al)i
Fn(should)h(b)q(e)f(equal)g(to)37 1266 y Fl(b)n(alanc)n(e)p
Fn(.)79 1324 y(Note)17 b(that)f(exception)g(conditions)g(need)h(not)f
(alw)o(a)o(ys)37 1373 y(b)q(e)e(part)f(of)g(the)g(abnormal)e(section)j
(of)e(function)h(seman-)37 1423 y(tics.)35 b(Since)20
b(exceptions)g(can)g(also)f(b)q(e)g(used)i(for)e(com-)37
1473 y(m)o(unication,)h(they)h(can)g(b)q(e)g(used)h(as)e(part)h(of)f
(normal)37 1523 y(b)q(eha)o(vior)f(also.)34 b(F)m(or)19
b(example,)g(a)g(read)g(metho)q(d)g(of)f(a)37 1573 y(\014le)c(class)g
(ma)o(y)e(thro)o(w)i(an)f(exception)h(to)g(signal)e(an)i(end-)37
1623 y(of-\014le.)32 b(But,)20 b(usually)d(it)i(is)f(not)h(abnormal)d
(b)q(eha)o(vior.)37 1672 y(On)f(the)f(other)g(hand,)f(if)g(the)i
(\014le)e(is)h(not)f(op)q(en,)h(then)h(the)37 1722 y(exception)k(thro)o
(wn)f(usually)f(signals)g(abnormal)e(termi-)37 1772 y(nation.)37
1909 y Fb(3.3)56 b(Access)19 b(Con)n(trol)37 1996 y Fn(W)m(e)10
b(en)o(visage)f(the)i(use)f(of)f(ADL/C)p Fm(++)g Fn(for)g(giving)f
(detailed)37 2046 y(sp)q(eci\014cations)21 b(for)e(implem)o(en)o
(tations)e(also,)i(therefore,)37 2096 y(ADL/C)p Fm(++)24
b Fn(ignores)h(all)f(access)j(restrictions.)52 b(This,)37
2145 y(w)o(e)16 b(b)q(eliev)o(e,)g(will)e(giv)o(e)h(the)i(implem)o(en)o
(tor)c(\015exibilit)o(y)h(to)37 2195 y(sp)q(ecify)h(and)f(test)i(the)f
(implemen)o(tati)o(ons)d(without)i(ha)o(v-)37 2245 y(ing)i(to)f(w)o
(orry)h(ab)q(out)g(access)h(p)q(ermissions.)24 b(This)15
b(giv)o(es)37 2295 y(the)j(abilit)o(y)d(to)i(lo)q(ok)f(at)h(\(but)h
(not)f(to)g(mo)q(dify\))d(priv)n(ate)37 2345 y(data)h(not)f(accessible)
i(to)e(a)g(function)g(to)h(do)f(test)h(v)n(alida-)37
2394 y(tion.)37 2552 y Fo(4)67 b(Syn)n(tax)24 b(and)f(Seman)n(tics)37
2654 y Fn(Muc)o(h)11 b(of)e(ADL/C)p Fm(++)g Fn(syn)o(tax)h(includes)g
(C)p Fm(++)g Fn(syn)o(tax,)g(but)37 2704 y(it)21 b(also)e(has)i(some)e
(syn)o(tactic)i(constructs)i(of)d(its)g(o)o(wn.)1031
45 y(W)m(e)13 b(will)f(describ)q(e)j(the)e(ADL/C)p Fm(++)p
Fn(-sp)q(eci\014c)h(syn)o(tax)f(and)1031 95 y(seman)o(tics)h(in)f
(detail)g(in)h(the)g(follo)o(wing)e(subsections.)1031
221 y Fb(4.1)56 b(Sp)r(eci\014cation)17 b(Structure)1031
306 y Fl(ad)r(l)p 1089 306 13 2 v 16 w(sp)n(e)n(ci\014c)n(ation)d
Fn(::=)1162 356 y Fd(f)g Fl(with)p 1276 356 V 14 w(clause)g
Fd(g)1162 405 y Ff(sp)q(eci\014cation)27 b Fl(sp)n(e)n(c)p
1523 405 V 15 w(name)1162 455 y Fn(\\)p Fd(f)p Fn(")13
b(\()h Fl(annontate)n(d)p 1469 455 V 17 w(de)n(clar)n(ation)28
b Fn(\))14 b(+)g(\\)p Fd(g)p Fn(;")1073 563 y(Ev)o(ery)28
b(sp)q(eci\014cation)g(has)g(a)f(name)g(and)g(consists)1031
613 y(of)d(one)g(or)g(more)f(annotated)h(declarations,)i(that)e(is,)
1031 663 y(C)p Fm(++)15 b Fn(declarations)h(optionally)e(annon)o(tated)
i(b)o(y)f(b)q(eha)o(v-)1031 713 y(ior)h(sp)q(eci\014cations.)27
b(A)o(t)16 b(presen)o(t,)i(w)o(e)f(require)g(that)f(the)1031
762 y(name)f(of)g(the)h(\014le)f(b)q(e)i(same)d(as)i(the)g(name)f(of)f
(the)j(sp)q(ec-)1031 812 y(i\014cation)k(with)f Ff(.adl)p
Fm(++)g Fn(as)h(the)h(\014le)f(name)f(extension.)1031
862 y(ADL/C)p Fm(++)13 b Fn(is)h(case-sensitiv)o(e)h(just)f(lik)o(e)g
(C)p Fm(++)f Fn(is.)1073 920 y(An)e(ADL/C)p Fm(++)g Fn(sp)q
(eci\014cation)g(can)h(also)f(imp)q(ort)e(other)1031
970 y(ADL/C)p Fm(++)k Fn(sp)q(eci\014cations)i(using)f(the)g
Ff(with)f Fn(clause.)1031 1070 y Fl(with)p 1110 1070
V 15 w(clause)29 b Fn(::=)1162 1119 y Ff(with)g Fn(\\[")12
b(\()i Fl(sp)n(e)n(c)p 1456 1119 V 16 w(name)29 b Fn(\))1271
1169 y(\()14 b(\\,")f Fl(sp)n(e)n(c)p 1443 1169 V 15
w(name)30 b Fn(\))14 b(*)f(\\]")1073 1277 y(A)k(sp)q(eci\014cation)g
(can)g(use)h(all)e(the)h(declarations)g(and)1031 1327
y(an)o(y)9 b(annotations)g(from)f(an)o(y)h(of)f(the)i(sp)q
(eci\014cations)h(listed)1031 1377 y(in)j(the)g Ff(with)f
Fn(clause.)1031 1503 y Fb(4.2)56 b(Declarations)1031
1588 y Fn(All)15 b(C)p Fm(++)g Fn(declarations)h(lik)o(e)f(t)o(yp)q
(edefs,)h(classes,)h(en)o(ums,)1031 1638 y(v)n(ariable)22
b(declarations)h Fl(etc.)44 b Fn(can)23 b(b)q(e)h(presen)o(t)g(in)e(an)
1031 1687 y(ADL/C)p Fm(++)17 b Fn(sp)q(eci\014cation.)31
b(T)m(o)17 b(facilitate)g(users)j(to)e(in-)1031 1737
y(clude)d(\\real")e(C)p Fm(++)g Fn(header)i(\014les,)f(w)o(e)g(allo)o
(w)e(inline)h(func-)1031 1787 y(tion)i(de\014nitions)g(to)g(b)q(e)h
(presen)o(t)h(in)e(ADL/C)p Fm(++)f Fn(sp)q(eci\014-)1031
1837 y(cations.)k(A)o(t)c(presen)o(t,)h(only)e(function)g(declarations)
h(can)1031 1887 y(b)q(e)h(annotated)f(to)g(giv)o(e)f(b)q(eha)o(vior)g
(descriptions.)1031 1986 y Fl(annontate)n(d)p 1232 1986
V 17 w(de)n(clar)n(ation)28 b Fn(::=)1162 2036 y Fl(C)p
Fm(++)p 1239 2036 V 15 w Fl(de)n(clar)n(ation)1118 2086
y Fd(j)36 b Fl(auxiliary)p 1327 2086 V 15 w(de)n(clar)n(ation)1118
2136 y Fd(j)g Fl(C)p Fm(++)p 1243 2136 V 14 w Fl(function)p
1405 2136 V 16 w(de)n(clar)n(ation)15 b(annotation)1073
2244 y(C)p Fm(++)p 1150 2244 V 14 w Fl(de)n(clar)n(ation)d
Fn(is)g(an)o(y)f(v)n(alid)g(C)p Fm(++)g Fn(declaration)h(and)1031
2293 y Fl(C)p Fm(++)p 1108 2293 V 15 w Fl(function)p
1271 2293 V 16 w(de)n(clar)n(ation)e Fn(is)i(a)e(C)p
Fm(++)h Fn(function)g(declara-)1031 2343 y(tion)j(without)f(the)i
Ff(thro)o(w)d Fn(clause.)1031 2469 y Fb(Annotations)1031
2554 y Fn(An)29 b(annotation)e(consists)i(of)f(ADL/C)p
Fm(++)f Fn(exception)1031 2604 y(sp)q(eci\014cations,)22
b(binding)d(de\014nitions)i(for)e(normal)f(and)1031 2654
y(abnormal)9 b(b)q(eha)o(vior)i(of)g(the)g(function,)g(and)g(a)g(list)g
(of)f(for-)1031 2704 y(m)o(ulas)i(that)i(describ)q(e)i(the)e(b)q(eha)o
(vior)g(of)f(the)i(function.)p eop
%%Page: 8 9
8 7 bop 37 95 a Fl(annontation)16 b Fn(::=)168 145 y
Fd(f)e Fl(ad)r(l)p 261 145 13 2 v 15 w(exc)n(eption)p
442 145 V 16 w(sp)n(e)n(c)g Fd(g)168 195 y Ff(seman)o(tics)168
244 y Fd(f)g Fl(b)n(ehavior)p 355 244 V 15 w(de\014nitions)h
Fd(g)168 294 y Fl(gr)n(oup)p 270 294 V 16 w(expr)n(ession)f
Fn(\\;")37 394 y Fl(ad)r(l)p 95 394 V 16 w(exc)n(eption)p
277 394 V 16 w(sp)n(e)n(c)g Fn(::=)168 444 y Ff(thro)o(w)f
Fd(f)g Fn(\()h(exception)p 541 444 V 16 w(list)g(\))g
Fd(g)37 543 y Fl(exc)n(eption)p 206 543 V 16 w(list)f
Fn(::=)168 593 y Fl(p)n(ar)n(am)p 282 593 V 15 w(de)n(clar)n(ation)277
643 y Fn(\()h(\\,")f Fl(p)n(ar)n(am)p 488 643 V 15 w(de)n(clar)n(ation)
h Fn(\))g(*)125 693 y Fd(j)35 b Fn(\\...")37 792 y Fl(b)n(ehavior)p
189 792 V 16 w(de\014nitions)14 b Fn(::=)168 842 y(\\[")f(\()h(\()g
Ff(normal)e Fd(j)i Ff(abnormal)d Fn(\))277 892 y(\\:=")i(expression)i
(\\;")e(\))h(+)g(\\]")79 1000 y(As)h(men)o(tioned)e(earlier,)h(ADL/C)p
Fm(++)f Fn(exception)i(sp)q(ec-)37 1050 y(i\014cations)20
b(can)f(b)q(e)h(named.)34 b(So,)20 b(the)g(syn)o(tax)f(for)g(this)37
1099 y(is)e(same)f(as)h(that)g(of)g(a)g(C)p Fm(++)f Fn(formal)f
(parameter)h(decla-)37 1149 y(ration.)36 b(If)19 b(no)h(exception)g(is)
g(sp)q(eci\014ed)h(follo)o(wing)d(the)37 1199 y(thro)o(w)d(clause,)f
(then)h(the)g(function)f(can)h(not)f(thro)o(w)h(an)o(y)37
1249 y(exception.)k(If)13 b(there)i(is)f(a)f(\\...")k(in)c(the)h(thro)o
(w)g(list,)f(then)37 1299 y(the)i(function)f(can)g(thro)o(w)g(an)o(y)f
(exception.)79 1357 y(Note)e(that)g(all)f(the)h(v)n(ariables)f(used)i
(in)e(the)h(annotation)37 1407 y(part)20 b(are)g(program)e(v)n
(ariables)h(\(and)g(not)h(logical)d(v)n(ari-)37 1456
y(ables\).)79 1515 y(An)26 b(annotation)f(for)g(a)g(function)h(is)g
(lik)o(e)e(a)i(p)q(ost-)37 1564 y(condition,)14 b Fl(i.e.)p
Fn(,)f(all)g(the)i(expressions)h(except)f(call-state)37
1614 y(expressions)20 b(\(see)g(b)q(elo)o(w\))e(that)g(constitute)i
(the)e(group)37 1664 y(expression)c(will)d(b)q(e)j(ev)n(aluated)e
(using)g(the)h(v)n(alues)g(of)f(the)37 1714 y(v)n(ariables)i(after)g(a)
f(call)g(to)h(the)h(function.)79 1772 y(The)d(b)q(eha)o(vior)g
(de\014nitions)f(classify)h(the)g(b)q(eha)o(viors)g(of)37
1822 y(the)17 b(function)e(in)o(to)g(normal)f(and)h(abnormal)f(b)q(eha)
o(viors.)37 1872 y(If)e(neither)h(normal)c(nor)j(abnormal)d(b)q(eha)o
(vior)j(is)g(de\014ned,)37 1921 y(then)17 b(abnormal)c(defaults)i(to)g
(thro)o(wn\(...\))22 b(and)15 b(normal)37 1971 y(defaults)e(to)e(!thro)
o(wn\(...\).)16 b(If)c(only)f(of)h(normal)e(or)i(abnor-)37
2021 y(mal)f(b)q(eha)o(vior)i(is)g(de\014ned,)g(the)h(unde\014ned)g
(one)f(defaults)37 2071 y(to)g(the)f(negation)g(of)g(the)h(de\014ned)g
(one.)18 b(There)13 b(can)f(b)q(e)h(at)37 2121 y(most)h(one)h
(de\014nition)g(eac)o(h)g(for)g(normal)e(and)h(abnormal)37
2170 y(b)q(eha)o(viors)g(in)g(an)g(annotation.)37 2316
y Fb(Auxiliary)k(Declarations)37 2405 y Fn(Sometimes,)9
b(if)h(the)i(in)o(terface)f(or)g(class)g(declaration)f(do)q(es)37
2455 y(not)21 b(con)o(tain)f(enough)h(information)d(ab)q(out)j(the)g
(state,)37 2504 y(then)d(it)f(b)q(ecomes)h(necessary)h(to)e(ha)o(v)o(e)
h(some)e(auxiliary)37 2554 y(declarations)e(for)f(sp)q(eci\014cation)h
(purp)q(oses.)20 b(Since)14 b(these)37 2604 y(are)21
b(needed)g(only)e(for)g(sp)q(eci\014cation,)i(but)f(not)g(a)f(part)37
2654 y(of)f(the)g(original)f(declarations,)h(ADL/C)p
Fm(++)f Fn(pro)o(vides)h(a)37 2704 y(mec)o(hanism)12
b(to)i(declare)h(them)e(as)h(auxiliaries.)1031 95 y Fl(auxiliary)p
1192 95 V 15 w(de)n(clar)n(ation)29 b Fn(::=)1162 145
y Ff(auxiliary)12 b Fn(\\)p Fd(f)p Fn(")1285 195 y(\()i
Fl(C)p Fm(++)p 1392 195 V 14 w Fl(de)n(clar)n(ation)g
Fn(\))g(*)g(\\)p Fd(g)p Fn(;")1031 382 y Fb(4.3)56 b(Expressions)1031
469 y Fn(The)22 b(expression)g(language)f(includes)g(the)h
(side-e\013ect-)1031 519 y(free)g(subset)g(of)e(the)i(C)p
Fm(++)e Fn(expression)i(language.)38 b(All)1031 569 y(forms)13
b(of)g(C)p Fm(++)h Fn(assignmen)o(t)f(op)q(erators,)h(incremen)o(t)g
(and)1031 619 y(decremen)o(t)d(op)q(erators)h(and)e(an)o(y)g(o)o(v)o
(erloaded)g(v)o(ersions)h(of)1031 669 y(these)16 b(are)f(excluded.)20
b(Ho)o(w)o(ev)o(er,)15 b(ADL/C)p Fm(++)e Fn(do)q(es)i(ha)o(v)o(e)1031
718 y(the)g(function-call)e(op)q(erator.)20 b(W)m(e)14
b(pro)o(vided)g(this)h(to)f(fa-)1031 768 y(cilitate)d(testing.)18
b(One)12 b(should)g(b)q(e)g(v)o(ery)f(careful)h(in)f(using)1031
818 y(function)i(calls)h(as)f(there)i(can)f(b)q(e)g(side-e\013ects)h
(in)e(the)i(in-)1031 868 y(v)o(ok)o(ed)i(functions.)28
b(ADL/C)p Fm(++)16 b Fn(also)h(has)g(some)g(sp)q(ecial)1031
918 y(op)q(erators)e(of)e(its)h(o)o(wn.)1031 1017 y Fl(expr)n(ession)g
Fn(::=)1162 1067 y Fl(C)p Fm(++)p 1239 1067 V 15 w Fl(expr)n(ession)
1118 1117 y Fd(j)36 b Fl(ad)r(l)p 1224 1117 V 15 w(expr)n(ession)1031
1217 y(ad)r(l)p 1089 1217 V 16 w(expr)n(ession)14 b Fn(::=)1162
1266 y Fl(gr)n(oup)p 1264 1266 V 15 w(expr)n(ession)1118
1316 y Fd(j)36 b Fl(c)n(al)r(l)p 1231 1316 V 14 w(state)p
1330 1316 V 16 w(expr)n(ession)1118 1366 y Fd(j)g Fl(ad)r(l)p
1224 1366 V 15 w(lo)n(gic)n(al)p 1350 1366 V 15 w(expr)n(ession)1118
1416 y Fd(j)g Fl(quanti\014e)n(d)p 1342 1416 V 16 w(expr)n(ession)1118
1466 y Fd(j)g Fl(thr)n(own)p 1292 1466 V 14 w(expr)n(ession)1118
1515 y Fd(j)g Fl(unchange)n(d)p 1355 1515 V 17 w(expr)n(ession)1118
1565 y Fd(j)g Fl(b)n(ehavior)p 1318 1565 V 15 w(expr)n(ession)1118
1615 y Fd(j)g Ff(return)1118 1665 y Fd(j)g Ff(normal)1118
1715 y Fd(j)g Ff(abnormal)1073 1823 y Fn(W)m(e)19 b(will)f(no)o(w)h
(describ)q(e)i(the)f(v)n(arious)f(ADL-sp)q(eci\014c)1031
1872 y(expressions.)1031 2010 y Fb(Group)g(Expressions)1031
2098 y Fl(gr)n(oup)p 1133 2098 V 16 w(expr)n(ession)14
b Fn(::=)1162 2147 y(\\)p Fd(f)p Fn(")f(\()h Fl(binding)g
Fn(\))g(*)1227 2197 y(\()g Fl(lab)n(els)g Fd(f)f Fl(tags)h
Fd(g)1227 2247 y Fl(expr)n(ession)h Fn(\\;")d(\))i(*)g(\\)p
Fd(g)p Fn(")1031 2347 y Fl(lab)n(els)g Fn(::=)1176 2396
y(\()g(IDENTIFIER)g(\\:")j(\))i(*)1031 2496 y Fl(tags)14
b Fn(::=)1162 2546 y(\\[")f(IDENTIFIER)1227 2596 y(\()h(\\,")f
(IDENTIFIER)h(\))g(*)g(\\]")1073 2704 y(A)h(group)f(expression)i(is)f
(a)f(semicolon)f(separated)j(list)p eop
%%Page: 9 10
9 8 bop 37 45 a Fn(of)12 b(expressions.)20 b(Eac)o(h)12
b(of)g(these)i(expressions)g(should)f(b)q(e)37 95 y(a)g(b)q(o)q(olean)g
(expression)h(and)f(the)h(t)o(yp)q(e)g(of)e(the)i(group)f(ex-)37
145 y(pression)j(is)e(also)f(b)q(o)q(olean.)19 b(The)c(seman)o(tics)f
(of)f(a)h(group)37 195 y(expression)k(is)e(the)g(conjunction)g(of)f
(the)i(list)f(of)f(expres-)37 244 y(sions)f(that)f(constitutes)i(the)f
(group.)j(Note)d(that)f(the)h(ex-)37 294 y(pressions)k(can)e(b)q(e)h
(ev)n(aluated)f(in)g(an)o(y)f(order)i(and)f(a)g(\\;")37
344 y(do)q(es)f(not)f(denote)h(sequencing,)f(but)g(conjunction.)79
402 y(Expressions)g(in)e(a)g(group)g(can)g(b)q(e)h(giv)o(en)f(names)f
(using)37 452 y(lab)q(els.)30 b(The)18 b(tags)f(are)h(used)h(b)o(y)e
(to)q(ols)h(for)f(generating)37 502 y(rep)q(orts)f(in)d(case)i(of)e
(testing.)37 630 y Fb(Bindings)37 715 y Fn(Since)24 b(assignmen)o(t)e
(expressions)j(are)e(not)g(allo)o(w)o(ed)f(in)37 765
y(ADL/C)p Fm(++)p Fn(,)17 b(a)g(set)h(of)f(v)n(ariables)g(can)g(b)q(e)h
(declared)g(and)37 815 y(initialized)10 b(in)h(a)g(group)h(expression)g
(using)f(the)h(bindings.)37 915 y Fl(binding)j Fn(::=)182
964 y Ff(assign)d Fn(\()i Fl(lo)n(c)n(al)p 432 964 13
2 v 15 w(variables)g Fn(\))g Ff(with)247 1014 y Fn([)g(IDENTIFIER)g
(\\:=")f(])g Fl(expr)n(ession)79 1122 y Fn(Th)o(us,)22
b(a)d(binding)h(has)g(a)g(list)g(of)f(v)n(ariable)g(declara-)37
1172 y(tions,)f(optionally)e(initializing)f(one)j(of)f(those)h
(declared)37 1222 y(v)n(ariables)c(using)f(an)h(expression.)37
1350 y Fb(Call-State)k(Expressions)37 1436 y Fl(c)n(al)r(l)p
102 1436 V 15 w(state)p 202 1436 V 15 w(expr)n(ession)d
Fn(::=)168 1485 y(\\@")f Fl(expr)n(ession)79 1543 y Fn(A)g(call-state)g
(expression)h(in)e(the)i(b)q(eha)o(vior)e(sp)q(eci\014ca-)37
1593 y(tion)i(of)g(a)g(function)h(is)f(one)h(whic)o(h)f(is)g(ev)n
(aluated)g(b)q(efore)37 1643 y(a)k(call)g(to)g(that)g(function.)34
b(Naturally)m(,)18 b(it)h(can)g(not)h(b)q(e)37 1693 y(applied)15
b(to)f(expressions)j(lik)o(e)d Ff(return)e Fn(since)k(they)f(ha)o(v)o
(e)37 1743 y(meaning)d(only)g(after)h(a)g(call)f(to)h(the)h(function)f
(and)f(using)37 1793 y(it)f(with)g(a)f(v)n(alue)h(parameter)f(has)h(no)
g(e\013ect.)19 b(The)11 b(t)o(yp)q(e)h(of)37 1842 y(a)j(call-state)f
(expression)h Fl(@e)f Fn(is)h(the)f(same)g(t)o(yp)q(e)h(as)f(that)37
1892 y(of)g Fl(e)p Fn(.)37 2020 y Fb(Logical)k(Expressions)37
2106 y Fn(Ev)o(en)e(though)e(C)p Fm(++)h Fn(has)f(logical)f
(expressions,)k(they)e(are)37 2156 y(short-circuited.)k(So,)11
b(ADL)f(has)h(sp)q(ecial)g(syn)o(tax)g(for)f(log-)37
2205 y(ical)k(op)q(erations)g(that)g(are)g(not)g(short-circuited.)37
2305 y Fl(lo)n(gic)n(al)p 151 2305 V 15 w(expr)n(ession)g
Fn(::=)168 2355 y Fl(expr)n(ession)g Ff(and)f Fl(expr)n(ession)125
2405 y Fd(j)35 b Fl(expr)n(ession)14 b Ff(or)f Fl(expr)n(ession)125
2455 y Fd(j)35 b Fl(expr)n(ession)14 b Fn(\\)p Fm(==>)p
Fn(")f Fl(expr)n(ession)125 2504 y Fd(j)35 b Fl(expr)n(ession)14
b Fn(\\)p Fm(<==)p Fn(")f Fl(expr)n(ession)125 2554 y
Fd(j)35 b Fl(expr)n(ession)14 b Fn(\\)p Fm(<==>)p Fn(")e
Fl(expr)n(ession)125 2604 y Fd(j)35 b Fl(expr)n(ession)14
b Fn(\\)p Fm(<:>)p Fn(")f Fl(expr)n(ession)125 2654 y
Fd(j)35 b Ff(if)13 b Fn(\\\(")g Fl(expr)n(ession)h Fn("\)")g
Fl(gr)n(oup)p 658 2654 V 15 w(expr)n(ession)168 2704
y Fn(\()g Ff(elsif)e Fn(\\\(")h Fl(expr)n(ession)h Fn(\\\)")1227
45 y Fl(gr)n(oup)p 1329 45 V 16 w(expr)n(ession)g Fn(\))g(*)1162
95 y Fd(f)g Ff(else)e Fl(gr)n(oup)p 1388 95 V 16 w(expr)n(ession)i
Fd(g)f Fn(\\;")1073 203 y(A)18 b(logical)f(expression)j(is)e(of)g(b)q
(o)q(olean)g(t)o(yp)q(e)h(and)f(re-)1031 253 y(quires)d(op)q(erands)f
(of)g(b)q(o)q(olean)f(t)o(yp)q(e.)1073 311 y(The)h Ff(and)f
Fn(and)g Ff(or)g Fn(op)q(erators)i(ha)o(v)o(e)e(their)h(usual)g(logi-)
1031 361 y(cal)f(meaning.)j(The)e(\\)p Fm(==>)p Fn(")e(op)q(erator)i
(is)f(the)h(logical)e(im-)1031 410 y(plication)j(op)q(erator,)i(the)f
(\\)p Fm(<==)p Fn(")f(op)q(erator)i(is)f(the)g(\\im-)1031
460 y(plied)f(b)o(y")g(op)q(erator)g(and)g(the)h(\\)p
Fm(<==>)p Fn(")e(op)q(erator)h(is)g(the)1031 510 y(logical)d(equiv)n
(alence)i(op)q(erator.)1073 568 y(An)g(expression)h(lik)o(e)1198
668 y Ff(if)54 b Fn(\()p Fe(c)1315 674 y Fj(1)1334 668
y Fn(\))41 b Fd(f)p Fe(e)1431 674 y Fj(1)1450 668 y Fn(;)7
b Fd(g)1198 718 y Ff(elsif)39 b Fn(\()p Fe(c)1355 724
y Fj(2)1374 718 y Fn(\))i Fd(f)p Fe(e)1471 724 y Fj(2)1490
718 y Fn(;)7 b Fd(g)1198 767 y Fn(...)1198 817 y Ff(elsif)39
b Fn(\()p Fe(c)1355 823 y Fa(n)1378 817 y Fn(\))i Fd(f)p
Fe(e)1475 823 y Fa(n)1498 817 y Fn(;)7 b Fd(g)1198 867
y Ff(else)40 b Fd(f)p Fe(e)p Fn(;)7 b Fd(g)1031 967 y
Fn(means)18 b(that)g Fe(e)1276 973 y Fa(k)1315 967 y
Fn(should)g(ev)n(aluate)f(to)h Fl(true)g Fn(if)f Fe(k)i
Fn(is)f(the)1031 1016 y(smallest)13 b(in)o(teger)h(suc)o(h)h(that)f
Fe(c)1530 1022 y Fa(k)1565 1016 y Fn(is)g Fl(true)f Fn(and)h(if)f(no)h
(suc)o(h)1031 1066 y Fe(k)i Fn(exists)f(then)g Fe(e)g
Fn(should)f(ev)n(aluate)h(to)f Fl(true)g Fn(\(if)g(the)h
Ff(else)1031 1116 y Fn(clause)g(is)e(presen)o(t\).)1073
1174 y(The)d(\\)p Fm(<:>)p Fn(")e(op)q(erator)j(is)e(the)h(exception)h
(op)q(erator)f(and)1031 1224 y(it)18 b(is)g(used)i(to)e(relate)h(the)g
(abnormal)d(b)q(eha)o(vior)i(de\014ni-)1031 1274 y(tions)d(and)g
(exceptions)i(thro)o(wn.)22 b(F)m(ormally)l(,)12 b(the)k(mean-)1031
1324 y(ing)d(of)h Fl(a)g Fm(<:>)f Fl(b)h Fn(is)1184 1423
y Fl(a)g Fm(==>)f Ff(abnormal)f Fm(&&)1184 1473 y Ff(abnormal)g
Fm(&&)h Fl(b)h Fm(==>)f Fl(a)p Fn(.)1073 1581 y(This)19
b(sa)o(ys)h(that)g(if)f(the)h(left)f(op)q(erand)h(ev)n(aluates)g(to)
1031 1631 y Fl(true)p Fn(,)25 b(then)f(it)e(denotes)j(abnormal)c
(termination.)44 b(It)1031 1681 y(also)17 b(sa)o(ys)g(that)h(in)e(case)
i(of)f(abnormal)e(termination,)h(if)1031 1730 y(the)j(righ)o(t)e(op)q
(erand)i(ev)n(aluates)f(to)g Fl(true)p Fn(,)g(then)h(the)f(left)1031
1780 y(op)q(erand)d(m)o(ust)d(also)i(ev)n(aluate)f(to)h
Fl(true)p Fn(.)1031 1912 y Fb(Bounded)19 b(Quan)n(ti\014cation)1031
1998 y Fn(ADL/C)p Fm(++)12 b Fn(supp)q(orts)i(univ)o(ersal)e(and)h
(existen)o(tial)f(quan-)1031 2048 y(ti\014ers)j(o)o(v)o(er)f(\014nite)g
(domains.)1031 2147 y Fl(quanti\014e)n(d)p 1207 2147
V 17 w(expr)n(ession)g Fn(::=)1162 2197 y(\()g Ff(forall)e
Fd(j)h Ff(exists)f Fn(\))i(\\\(")g Fl(domain)p 1707 2197
V 16 w(list)f Fn(\\\)")1227 2247 y Fl(gr)n(oup)p 1329
2247 V 16 w(expr)n(ession)h Fn(\\;")1031 2347 y Fl(domain)p
1167 2347 V 16 w(list)f Fn(::=)1176 2396 y Fl(domain)h
Fn(\()g(\\,")f Fl(domain)i Fn(\))f(*)1031 2496 y Fl(domain)h
Fn(::=)1176 2546 y Fl(variable)p 1320 2546 V 15 w(de)n(clar)n(ation)e
Fn(\\:")18 b Fl(expr)n(ession)1073 2654 y Fn(Here,)e
Ff(forall)c Fn(and)j Ff(exists)f Fn(denotes)i(univ)o(ersal)e(quan-)1031
2704 y(ti\014cation)32 b(and)h(existen)o(tial)f(quan)o(ti\014cation)g
(resp)q(ec-)p eop
%%Page: 10 11
10 9 bop 37 45 a Fn(tiv)o(ely)m(.)29 b(A)18 b(quan)o(ti\014ed)g
(expression)h(consists)g(of)f(a)f(v)n(ari-)37 95 y(able)c(declaration,)
g(an)g(expression)h(that)f(de\014nes)h(a)f(\014nite)37
145 y(domain)f(\(curren)o(tly)j(only)e(in)o(teger)i(ranges)f(are)g
(allo)o(w)o(ed\))37 195 y(and)j(a)g(group)f(expression.)28
b(The)17 b(t)o(yp)q(e)h(of)e(a)g(quan)o(ti\014ed)37 244
y(expression)g(is)d(b)q(o)q(olean.)37 416 y Fb(Thro)n(wn)20
b(Expressions)37 511 y Fn(This)g(is)e(used)i(to)f(c)o(hec)o(k)i(if)d(a)
h(particular)f(exception)i(is)37 561 y(thro)o(wn)14 b(b)o(y)g(the)h
(function)e(call.)37 660 y Fl(thr)n(own)p 163 660 13
2 v 15 w(expr)n(ession)h Fn(::=)182 710 y Ff(thro)o(wn)e
Fn(\\\(")i Fl(exc)n(eption)p 585 710 V 16 w(names)g Fn(\\\)")37
810 y Fl(exc)n(eption)p 206 810 V 16 w(names)h Fn(::=)182
860 y(IDENTIFIER)f(\()g(\\,")f(IDENTIFIER)h(\))g(*)125
909 y Fd(j)35 b Fn(\\...")79 1017 y(The)23 b(t)o(yp)q(e)g(of)f(a)g
Ff(thro)o(wn)f Fn(expression)j(is)e(b)q(o)q(olean.)37
1067 y(Eac)o(h)14 b(of)e(the)i(iden)o(ti\014ers)f(should)g(b)q(e)g
(declared)h(as)f(an)g(ex-)37 1117 y(ception)i(in)e(the)i(exception)f
(list)g(for)f(this)h(function.)79 1175 y(This)g(expression)g(ev)n
(aluates)g(to)g Fl(true)f Fn(if)g(an)g(exception)37 1225
y(corresp)q(onding)i(to)f(the)h(t)o(yp)q(e)f(of)f(eac)o(h)i(of)e(the)h
(iden)o(ti\014ers)37 1275 y(is)19 b(thro)o(wn.)34 b(Note)20
b(that)f(m)o(ultiple)e(exceptions)j(cannot)37 1325 y(b)q(e)14
b(thro)o(wn)g(b)o(y)f(a)g(C)p Fm(++)g Fn(function.)k(Ho)o(w)o(ev)o(er,)
d(b)q(ecause)h(of)37 1374 y(sub)q(classing,)k(a)e(deriv)o(ed)h(class)g
(exception)g(can)g(also)f(b)q(e)37 1424 y(considered)f(as)f(an)f
(exception)i(of)e(a)g(sup)q(erclass)i(t)o(yp)q(e.)21
b(If)37 1474 y(\\...")e(is)c(used,)g(then)g(the)h(expression)f(ev)n
(aluates)g(to)g Fl(true)37 1524 y Fn(if)f(there)h(is)e(some)h
(exception)g(thro)o(wn.)79 1582 y(This)k(expression)g(is)g(commonly)c
(used)19 b(with)e(the)h(ex-)37 1632 y(ception)e(op)q(erator)g(to)f(sp)q
(ecify)h(what)f(exception)h(can)g(b)q(e)37 1682 y(thro)o(wn)f(under)g
(what)f(conditions)g(in)g(case)h(of)e(abnormal)37 1731
y(b)q(eha)o(vior.)37 1903 y Fb(Unc)n(hanged)20 b(Expressions)37
1998 y Fn(This)15 b(can)f(b)q(e)h(used)h(to)e(sp)q(ecify)h(expressions)
h(whose)f(v)n(al-)37 2048 y(ues)e(are)f(the)g(same)f(b)q(efore)h(and)g
(after)f(a)h(call)f(to)g(the)h(func-)37 2098 y(tion.)37
2197 y Fl(unchange)n(d)p 226 2197 V 18 w(expr)n(ession)i
Fn(::=)182 2247 y Ff(unc)o(hanged)d Fn(\\\(")j Fl(expr)n(ession)p
677 2247 V 15 w(list)f Fn(\\\)")37 2347 y Fl(expr)n(ession)p
225 2347 V 16 w(list)g Fn(::=)168 2396 y Fl(expr)n(ession)h
Fn(\()g(\\,")f Fl(expr)n(ession)h Fn(\))g(*)79 2504 y(The)36
b(t)o(yp)q(e)g(of)f(an)h Ff(unc)o(hanged)d Fn(expression)j(is)37
2554 y(b)q(o)q(olean.)26 b(It)17 b(ev)n(aluates)f(to)h
Fl(true)f Fn(only)g(if)f(the)j(v)n(alues)e(of)37 2604
y(all)e(the)i(expressions)g(listed)f(remain)f(unc)o(hanged)h(b)q(efore)
37 2654 y(and)f(after)g(a)g(call)f(to)g(the)i(function)e(in)g(whose)i
(seman)o(tics)37 2704 y(clause)g(the)f(expression)i(app)q(ears.)1031
45 y Fb(Other)i(ADL)h(Expressions)1031 131 y Fn(The)11
b(other)g(ADL)g(k)o(eyw)o(ords)g Ff(return)p Fn(,)d Ff(normal)h
Fn(and)h Ff(ab-)1031 181 y(normal)20 b Fn(denote)i(the)g(return)g(v)n
(alue)f(of)f(the)i(function)1031 230 y(call,)e(and)g(the)h(predicates)g
(corresp)q(onding)g(to)f(normal)1031 280 y(and)12 b(abnormal)e(b)q(eha)
o(vior)i(for)g(that)g(particular)g(function)1031 330
y(resp)q(ectiv)o(ely)m(.)25 b(Since)16 b(these)h(are)g(prop)q(erties)g
(of)e(the)h(ter-)1031 380 y(mination)e(of)h(the)i(function,)f(they)h
(can)f(not)g(b)q(e)h(used)g(in)1031 430 y(the)e(call-state.)1031
558 y Fb(4.4)56 b(Prepro)r(cessing)1031 644 y Fn(A)13
b(header)g(\014le)f(consisting)g(of)g(function)g(and)g(class)h(decla-)
1031 694 y(rations)d(can)g(b)q(e)h(included)f(using)g(the)g(standard)h
(C)p Fm(++)e Fn(pre-)1031 744 y(pro)q(cessor)22 b(directiv)o(e)e(\(\\)p
Fl(#include)p Fn("\))g(in)f(an)h(ADL/C)p Fm(++)1031 793
y Fn(sp)q(eci\014cation)j(\014le)f(for)f(giving)f(annotations.)41
b(This)22 b(is)1031 843 y(analogous)11 b(to)h(the)h(w)o(a)o(y)f
(function)f(implemen)o(tations)f(are)1031 893 y(dev)o(elop)q(ed)16
b(in)e(C)p Fm(++)p Fn(.)20 b(T)m(o)14 b(facilitate)g(this,)g(an)h
(ADL/C)p Fm(++)1031 943 y Fn(sp)q(eci\014cation)k(is)f(prepro)q(cessed)
j(using)d(some)f(C)p Fm(++)g Fn(pre-)1031 993 y(pro)q(cessor)f(b)q
(efore)e(it)g(is)g(pro)q(cessed)i(b)o(y)d(an)o(y)h(of)f(the)h(ADL)1031
1043 y(to)q(ols.)1031 1192 y Fo(5)67 b(Reusing)23 b(Sp)r
(eci\014cations)1031 1292 y Fn(Sometimes)11 b(the)i(b)q(eha)o(vior)f
(\(p)q(ost-condition\))g(of)g(a)g(func-)1031 1342 y(tion)d(migh)o(t)f
(just)i(b)q(e)h(a)e(simple)f(re\014nemen)o(t)i(of)g(an)f(existing)1031
1392 y(function)14 b(\(b)q(eha)o(vior\).)20 b(But,)15
b(ADL)f(do)q(es)i(not)e(pro)o(vide)g(a)1031 1442 y(w)o(a)o(y)k(to)g(sp)
q(ecify)h(this)f(re\014nemen)o(t)h(directly)m(.)30 b(In)19
b(stead,)1031 1491 y(there)14 b(is)e(a)g(more)f(general)i(construct)h
(to)e(use)h(the)g(seman-)1031 1541 y(tics)k(\(b)q(eha)o(vior)g(sp)q
(eci\014cation\))g(giv)o(en)g(in)f(ADL/C)p Fm(++)g Fn(of)1031
1591 y(a)c(function)f(while)g(giving)g(the)h(seman)o(tics)f(of)h(other)
g(func-)1031 1641 y(tions.)1031 1741 y Fl(b)n(ehavior)p
1183 1741 V 16 w(expr)n(ession)i Fn(::=)1176 1790 y Ff(b)q(eha)o(vior)e
Fn(\\\(")h Fd(f)h Fl(sele)n(ctor)p 1615 1790 V 14 w(expr)p
1706 1790 V 16 w(pr)n(e\014x)29 b Fd(g)1372 1840 y Fn(IDENTIFIER)14
b Fm(<)f Fd(f)h Fl(p)n(ar)n(am)p 1822 1840 V 15 w(list)f
Fd(g)1358 1890 y(f)h Fn(:)k Fl(expr)n(ession)c Fd(g)f
Fm(>)1031 1990 y Fl(sele)n(ctor)p 1170 1990 V 15 w(expr)p
1262 1990 V 15 w(pr)n(e\014x)h Fn(::=)1176 2039 y Fl(expr)n(ession)g
Fn(\()g(\\.")j Fd(j)d Fn(\\)p Fm(->)p Fn(")f(\))1073
2098 y(The)i(b)q(eha)o(vior)f(op)q(erator)h(requires)h(a)f(function)f
(name)1031 2147 y(and)d(v)n(alues)f(for)h(parameters)f(and)h(a)f(v)n
(alue)g(to)h(denote)g(the)1031 2197 y(return)i(v)n(alue)d(of)h(a)g
(call)f(to)h(the)h(function)f(with)f(those)i(v)n(al-)1031
2247 y(ues.)27 b(The)17 b(actual)f(parameters)h(migh)o(t)d(also)i
(include)h(\(a)1031 2297 y(p)q(oin)o(ter)e(to\))g(the)g(ob)r(ject)g(in)
f(the)h(case)h(of)e(mem)o(b)q(er)f(func-)1031 2347 y(tions.)26
b(The)17 b(syn)o(tax)f(is)h(v)o(ery)f(close)h(to)g(a)f(function)g
(call,)1031 2396 y(so)e(for)g(mem)o(b)q(ers,)f(the)h(ob)r(ject)h(\(or)f
(p)q(oin)o(ter\))h(is)f(supplied)1031 2446 y(using)g(the)g(appropriate)
g(mem)o(b)q(er)f(selector)i(op)q(erator.)1073 2504 y(In)20
b(\\)p Fe(behav)q(ior)q Fn(\()p Fe(a:f)t Fn(\))p Fm(<)q
Fe(ar)q(g)1485 2510 y Fj(1)1503 2504 y Fe(;)7 b(:::;)g(ar)q(g)1639
2510 y Fa(n)1671 2504 y Fn(:)k Fe(r)q(etV)e(al)q Fm(>)p
Fn(",)21 b(the)1031 2554 y(t)o(yp)q(es)16 b(of)f(the)h(expressions)h
Fe(ar)q(g)1544 2560 y Fj(1)1562 2554 y Fe(;)7 b(:::;)g(ar)q(g)1698
2560 y Fa(n)1733 2554 y Fn(ob)q(ey)15 b(all)f(the)1031
2604 y(rules)k(that)f(the)h(t)o(yp)q(es)f(of)g(actual)g(parameters)g
(to)f Fe(f)22 b Fn(do)1031 2654 y(and)13 b(the)h(t)o(yp)q(e)f(of)f
Fl(r)n(etV)m(al)g Fn(should)h(b)q(e)g(the)h(return)g(t)o(yp)q(e)g(of)
1031 2704 y Fe(f)t Fn(.)19 b(The)14 b(t)o(yp)q(e)h(of)e(a)h(b)q(eha)o
(vior)f(expression)i(is)f(b)q(o)q(olean.)p eop
%%Page: 11 12
11 10 bop 79 45 a Fn(\\)p Fe(behav)q(ior)q Fn(\()p Fe(a:f)t
Fn(\))p Fm(<)q Fe(ar)q(g)433 51 y Fj(1)451 45 y Fe(;)7
b(:::;)g(ar)q(g)587 51 y Fa(n)619 45 y Fn(:)k Fe(r)q(etV)e(al)q
Fm(>)p Fn(")42 b(ev)n(alu-)37 95 y(ates)17 b(to)e Fl(true)g
Fn(i\013)g(the)h(seman)o(tics)f(clause)h(corresp)q(onding)37
145 y(to)g(the)f(\(mem)o(b)q(er\))f(function)h Fl(f)g
Fn(of)f Fe(a)i Fn(do)q(es,)f(when)h(ev)n(alu-)37 195
y(ated)d(in)f(the)h(scop)q(e)h(in)e(whic)o(h)g(it)g(is)g(sp)q
(eci\014ed,)i(b)o(y)e(setting)37 244 y(the)17 b(v)n(alues)f(of)f(its)i
(n)f(parameters)g(to)g Fe(ar)q(g)718 250 y Fj(1)736 244
y Fe(;)7 b(:::;)g(ar)q(g)872 250 y Fa(n)908 244 y Fn(re-)37
294 y(sp)q(ectiv)o(ely)m(,)17 b(and)e(setting)h(the)h(v)n(alue)e(of)g
Ff(return)f Fn(to)h Fl(r)n(et-)37 344 y(V)m(al)p Fn(.)79
402 y(Consider)25 b(the)g(follo)o(wing)c(sp)q(eci\014cation)26
b(of)d(a)h Fl(Sort)37 452 y Fn(function)14 b(:)37 555
y Fm(specification)20 b(SortSpec)37 605 y({)103 655 y(typedef)g(Record)
h(RecordArray[100])o(;)103 754 y(RecordArray)e(Sort\(RecordArray)g
(records\))103 804 y(semantics)h({)168 854 y(//)i(First)e(say)i(it)f
(is)g(a)h(permutation)168 904 y(IsPermutation\(retur)o(n,)d(records\);)
168 1003 y(//)j(Then)f(say)g(that)g(the)g(return)f(value)168
1053 y(//)43 b(has)22 b(keys)f(in)g(nondescending)e(order)168
1103 y(forall)i(\(int)g(i)g(:)h(int_range\(0,)495 1153
y(size\(records\))d(-)j(2\)\))168 1202 y({)234 1252 y(return[i].key)d
(<=)452 1302 y(return[i)h(+)h(1].key;)168 1352 y(};)103
1402 y(};)37 1452 y(};)79 1555 y Fn(No)o(w)16 b(consider)h(a)g(stable)f
(sort)h(function,)g Fl(i.e.)p Fn(,)f(a)g(sort)37 1604
y(function)h(whic)o(h)g(preserv)o(es)i(the)f(relativ)o(e)f(order)h(of)e
(ele-)37 1654 y(men)o(ts)11 b(with)f(equal)h(k)o(eys)g(after)h
(sorting.)k(A)11 b(sp)q(eci\014cation)37 1704 y(for)k(this)g(function)g
(can)g(b)q(e)h(written)g(as)f(a)f(re\014nemen)o(t)i(of)37
1754 y(the)g(sort)g(function)f(to)g(sa)o(y)f(that)i(it)e(sorts)i(and)f
(also)g(pre-)37 1804 y(serv)o(es)d(the)f(order)h(of)d(elemen)o(ts)h
(with)g(equal)g(k)o(eys.)18 b(In)10 b(this)37 1853 y(case,)i(the)e(sp)q
(eci\014cation)g Fl(StableSort)g Fn(will)e(b)q(e)j(concise)f(and)37
1903 y(in)o(tuitiv)o(e)g(if)g(it)g(can)h(b)q(e)h(written)f(using)f(the)
i(existing)e(p)q(ost-)37 1953 y(condition)16 b(for)g
Fl(Sort)g Fn(in)g(the)h(spirit)f(of)g(reuse)i(supp)q(orted)37
2003 y(b)o(y)13 b(C)p Fm(++)f Fn(b)o(y)h(w)o(a)o(y)f(of)g(inheritance.)
19 b(This)13 b(can)g(b)q(e)g(done)g(as)37 2053 y(follo)o(ws)g(:)37
2156 y Fm(with)21 b([SortSpec])37 2205 y(specification)f(NewSortSpec)37
2255 y({)103 2305 y(RecordArray)f(StableSort\(RecordAr)o(ray)713
2355 y(records\))103 2405 y(semantics)h({)168 2455 y(//)i(It)f(behaves)
f(like)h(Sort.)168 2504 y(behavior\(Sort\))e(;)
168 2604 y(//)g(Relative)e(order)h(of)g(elements)168
2654 y(//)h(with)f(equal)42 b(key)21 b(is)h(preserved.)168
2704 y(forall)f(\(int)g(i,)g(j)h(:)f(int_range\(0,)1424
45 y(size\(records\))e(-)i(1\)\))1162 95 y({)1227 145
y(if)h(\(i)f(<)h(j)f(&&)h(records[i].key)d(==)1511 195
y(records[j].key\))1227 244 y({)1293 294 y(exists)h(\(int)h(m,)h(n)f(:)
h(int_range\()1424 344 y(0,)f(size\(records\))e(-)j(1\)\))1293
394 y({)1358 444 y(m)g(<)f(n)h(&&)1358 493 y(records[i])e(==)h
(return[m])f(&&)1358 543 y(records[j])g(==)h(return[n];)1293
593 y(};)1227 643 y(};)1162 693 y(};)1097 742 y(};)1031
792 y(};)1073 876 y Fn(As)11 b(the)g(expression)h(language)e(of)h
(ADL/C)p Fm(++)e Fn(includes)1031 926 y(C)p Fm(++)14
b Fn(expression)g(language,)f(a)g(function)h(call)f(in)g(a)h(sp)q(ec-)
1031 976 y(i\014cation)f(refers)h(to)f(its)g(implemen)o(tatio)o(n,)d
(not)j(the)h(sp)q(ec-)1031 1025 y(i\014cation.)j(Since)c(some)e
(function)i(implem)o(en)o(tations)d(can)1031 1075 y(ha)o(v)o(e)18
b(side-e\013ects,)k(it)c(ma)o(y)e(not)j(b)q(e)g(correct)h(to)e(in)o(v)o
(ok)o(e)1031 1125 y(function)13 b(implem)o(en)o(tations.)i(In)e(those)g
(cases,)h(b)q(eha)o(vior)1031 1175 y(expression)h(can)f(b)q(e)h(v)o
(ery)f(useful.)1073 1233 y(Another)23 b(situation)e(where)j(this)e
(will)f(b)q(e)i(useful)f(is)1031 1283 y(when)13 b(one)g(class)g(con)o
(tains)f(ob)r(jects)i(of)e(some)f(other)j(class)1031
1333 y(and)e(uses)h(the)f(con)o(tained)g(class)g(metho)q(ds)f(to)h
(implem)o(en)o(t)1031 1382 y(its)k(o)o(wn)e(metho)q(ds.)22
b(Then)16 b(the)g(sp)q(eci\014cations)g(cab)g(also)1031
1432 y(b)q(e)d(written)h(using)e(the)h(sp)q(eci\014cations)h(of)e(the)h
(con)o(tained)1031 1482 y(ob)r(jects)19 b(using)e(the)h(b)q(eha)o(vior)
f(expression.)30 b(This)17 b(giv)o(es)1031 1532 y(mo)q(dularit)o(y)f
(to)i(sp)q(eci\014cations)i(similar)15 b(to)k(the)g(mo)q(du-)1031
1582 y(larit)o(y)13 b(of)g(implemen)o(tations)e(as)j(supp)q(orted)h(b)o
(y)f(C)p Fm(++)p Fn(.)1073 1640 y(F)m(or)21 b(example,)g(consider)h(a)f
(bank)g(class)h(whic)o(h)f(has)1031 1690 y(metho)q(ds)d(to)g(dep)q
(osit)g(to)g(and)g(withdra)o(w)f(from)f(an)i(ac-)1031
1739 y(coun)o(t)e(giv)o(en)e(the)i(accoun)o(t)f(n)o(um)o(b)q(er.)21
b(Using)15 b(the)h(previ-)1031 1789 y(ously)e(sp)q(eci\014ed)i
Fl(A)n(c)n(c)n(ount)e Fn(class,)g(a)g(sp)q(eci\014cation)h(of)e(the)
1031 1839 y(bank's)h(dep)q(osit)g(metho)q(d)f(can)h(b)q(e)h(giv)o(en)e
(as)h(:)1031 1923 y Fm(with)21 b([AccountSpec])1031 1972
y(specification)e(Bank)i({)1097 2022 y(class)f(Bank)h({)1162
2072 y(Deposit\(int)f(acNum,)g(long)h(amt\))1227 2122
y(throw\(int)f(acNotFound\))1162 2172 y(semantics)g({)1227
2221 y(assign)h(Account)f(*acPtr)h(with)1336 2271 y(acPtr)g(=)h
(GetAccount\(acNum)o(\);)1227 2321 y(if)g(\(normal\))e({)1293
2371 y(behavior\()1358 2421 y(acPtr->Deposit\);)1227
2471 y(};)1162 2520 y(};)1097 2570 y(})1031 2620 y(};)1073
2704 y Fn(This)e(sp)q(eci\014cation)g(just)g(sa)o(ys)h(that)f(the)g
(bank's)g(de-)p eop
%%Page: 12 13
12 11 bop 37 45 a Fn(p)q(osit)25 b(metho)q(d)f(merely)f(lo)q(cates)i
(the)g(accoun)o(t)g(corre-)37 95 y(sp)q(onding)c(to)f(the)h(giv)o(en)f
(accoun)o(t)h(n)o(um)o(b)q(er)e(and)i(then)37 145 y(the)d(amoun)o(t)c
(is)i(dep)q(osited)i(in)o(to)e(the)h(lo)q(cated)f(accoun)o(t.)37
195 y(It)k(also)f(thro)o(ws)h(an)f(exception)h(if)f(it)g(can)g(not)h
(\014nd)f(an)37 244 y(accoun)o(t)c(with)e(a)h(giv)o(en)f(n)o(um)o(b)q
(er.)79 302 y(An)20 b(adv)n(an)o(tage)g(with)g(this)g(sp)q
(eci\014cation)h(is)g(that)f(if)37 352 y(later)e(on)g(some)f(subt)o(yp)
q(es)i(are)f(added)g(to)g(the)g Fl(A)n(c)n(c)n(ount)37
402 y Fn(class,)26 b(sa)o(y)d(something)g(lik)o(e)f(an)h(accoun)o(t)h
(with)f(o)o(v)o(er-)37 452 y(draft)d(protection,)i(the)f(bank)f(sp)q
(eci\014cation)g(need)h(not)37 502 y(b)q(e)14 b(rewritten,)g(m)o(uc)o
(h)e(lik)o(e)h(C)p Fm(++)f Fn(implemen)o(tation)e(of)j(the)37
552 y Fl(Bank)k Fn(class)f(need)h(not)f(b)q(e)g(rewritten)i(\(if)d(it)g
(is)h(prop)q(erly)37 601 y(implemen)o(ted\).)37 746 y
Fo(6)67 b(T)-6 b(esting)23 b(and)g(V)-6 b(alidation)37
846 y Fn(One)14 b(of)d(the)i(imp)q(ortan)o(t)e(b)q(ene\014ts)j(of)e
(writing)f(ADL/C)p Fm(++)37 896 y Fn(sp)q(eci\014cations)18
b(is)f(automatic)e(test-v)n(alidation.)25 b(A)17 b(C)p
Fm(++)37 945 y Fn(implemen)o(tation)9 b(can)j(b)q(e)h(tested)h(b)o(y)d
(giving)g(it)h(a)f(sample)37 995 y(input)18 b(data)g(and)g(then)h(the)f
(test)h(can)g(b)q(e)f(v)n(alidated)f(to)37 1045 y(see)g(if)d(it)h(is)g
(a)g(success)i(or)e(failure)g(using)f(the)i(ADL/C)p Fm(++)37
1095 y Fn(sp)q(eci\014cation.)79 1153 y(A)o(t)g(presen)o(t,)i(only)d
(unit)h(testing)h(of)e(\(mem)o(b)q(er\))g(func-)37 1203
y(tions)e(is)g(supp)q(orted.)19 b(Giv)o(en)13 b(a)g(function)g
(declaration)f(to)37 1253 y(b)q(e)k(tested)g(along)d(with)h(a)g(sample)
g(data,)f(the)j(v)n(alidation)37 1302 y(can)f(b)q(e)f(done)g(in)g(the)g
(follo)o(wing)d(steps.)79 1399 y Fd(\017)21 b Fn(Store)13
b(the)h(v)n(alues)f(of)g(all)f(the)i(parameters)f(that)h(are)121
1449 y(referred)k(to)f(in)f(the)h(seman)o(tics)g(part)g(of)f(the)h
(func-)121 1499 y(tion's)c(b)q(eha)o(vior)g(sp)q(eci\014cation.)79
1581 y Fd(\017)21 b Fn(Ev)n(aluate)9 b(all)f(the)i(call-state)f
(expressions)i(using)f(the)121 1631 y(giv)o(en)e(sample)g(input)h(data)
g(and)h(store)g(them)e(in)h(tem-)121 1681 y(p)q(orary)14
b(v)n(ariables.)79 1763 y Fd(\017)21 b Fn(In)o(v)o(ok)o(e)10
b(the)h(function)f(with)g(the)h(giv)o(en)f(sample)g(data)121
1813 y(to)j(get)h(an)o(y)g(return)h(v)n(alues.)79 1895
y Fd(\017)21 b Fn(Ev)n(aluate)12 b(the)h(predicates)h(for)e(normal)f
(and)i(abnor-)121 1944 y(mal.)j(If)d(neither)i(one)f(ev)n(aluates)g(to)
g Fl(true)p Fn(,)f(then)i(the)121 1994 y(test)f Fl(faile)n(d)p
Fn(.)79 2076 y Fd(\017)21 b Fn(Using)d(the)h(stored)h(parameter)e(v)n
(alues,)h(call-state)121 2126 y(v)n(alues)e(and)g(the)h(return)g(v)n
(alue,)f(ev)n(aluate)g(eac)o(h)h(of)121 2176 y(the)h(expressions)h
(that)e(is)g(giv)o(en)g(in)g(the)h(b)q(eha)o(vior)121
2226 y(sp)q(eci\014cations.)79 2308 y Fd(\017)i Fn(If)8
b(an)o(y)h(of)g(the)h(expressions)h(ev)n(aluates)e(to)g
Fl(false)p Fn(,)h(then)121 2357 y(the)k(test)i Fl(faile)n(d)p
Fn(,)d(that)i(is,)e(the)i(\(C)p Fm(++)p Fn(\))f(implemen)o(ta-)121
2407 y(tion)i(do)q(es)i(not)f(satisfy)g(the)h(ADL/C)p
Fm(++)e Fn(sp)q(eci\014ca-)121 2457 y(tion)11 b(for)h(that)g
(particular)f(input)h(data.)17 b(Otherwise,)121 2507
y(the)d(test)h Fl(suc)n(c)n(e)n(e)n(de)n(d)p Fn(.)79
2604 y(In)o(tuitiv)o(ely)f(this)i(means)e(that)i(an)o(y)f(test)h
(should)f(con-)37 2654 y(form)d(to)i(either)g(normal)d(or)j(abnormal)d
(b)q(eha)o(vior,)i(if)f(not)37 2704 y(there)i(is)d(something)g(wrong)g
(with)h(the)g(implemen)o(tation,)1031 45 y(that)g(is,)g(it)g(is)g
(either)g(returning)h(a)f(v)n(alue)f(or)h(thro)o(wing)f(an)1031
95 y(exception)j(that)f(it)f(is)h(not)g(supp)q(osed)h(to.)k(In)13
b(addition,)e(a)1031 145 y(test)16 b(migh)o(t)d(fail)g(b)q(ecause)k(it)
d(did)g(not)h(cause)h(the)f(appro-)1031 195 y(priate)f(state)h(c)o
(hange)f(that)g(it)g(is)f(supp)q(osed)j(to)d(cause.)1073
253 y(F)m(or)h(example,)f(consider)i(the)g(follo)o(wing)d(\(wrong\))i
(im-)1031 302 y(plemen)o(tation)g(of)g(the)i Fl(A)n(c)n(c)n(ount)g
Fn(class)f(whose)h(sp)q(eci\014ca-)1031 352 y(tion)e(is)f(giv)o(en)h
(in)f(Figure)h(2.)1031 449 y Fm(#include)20 b("account.hh")1031
548 y(void)h(Account::Deposit\(l)o(ong)e(amount\))1140
598 y(throw\(Account::Neg)o(ative)o(Amoun)o(t)g(na\))1031
648 y({)1097 698 y(balance)h(=)i(balance)e(+)h(i;)1031
748 y(})1031 847 y(void)g(Account::Withdraw\()o(long)d(i\))k(throw)1140
897 y(\(Account::Negative)o(Amoun)o(t)d(na,)1162 947
y(Account::Insuffic)o(ientF)o(unds)f(isf\))1031 997 y({)1097
1046 y(if)j(\(i)g(>=)h(balance\))1162 1096 y(throw)f(Account::Negativ)o
(eAmou)o(nt;)1097 1196 y(if)g(\(i)g(>=)h(balance\))1162
1246 y(throw)f(Account::Insuffi)o(cient)o(Funds)o(;)1097
1345 y(balance)f(==)h(balance)g(-)g(i;)1031 1395 y(})1073
1491 y Fn(As)10 b(it)g(can)g(b)q(e)h(seen,)h(the)e Fl(A)n(c)n(c)n
(ount::Withdr)n(aw)g Fn(metho)q(d)1031 1541 y(is)18 b(wrong)f(b)q
(ecause)j(it)d(do)q(es)i(not)f(up)q(date)g(the)g(balance.)1031
1591 y(This)i(is)g(not)g(an)g(unlik)o(ely)f(error)i(b)q(ecause)g(of)f
(the)g(lex-)1031 1641 y(ical)e(similarit)o(y)d(b)q(et)o(w)o(een)20
b(the)e(C)p Fm(++)g Fn(op)q(erators)h Fm(==)f Fn(and)1031
1691 y Fm(=)p Fn(.)g(Similarly)10 b(the)k Fl(A)n(c)n(c)n(ount::Dep)n
(osit)g Fn(metho)q(d)f(is)g(wrong)1031 1741 y(b)q(ecause)18
b(it)e(do)q(es)g(not)g(c)o(hec)o(k)h(for)f(the)g(v)n(alue)g(of)f
Fl(amount)1031 1790 y Fn(b)q(eing)c(negativ)o(e)f(in)g(whic)o(h)h(case)
g(it)f(is)h(supp)q(osed)h(to)e(thro)o(w)1031 1840 y(and)k(exception.)
1073 1898 y(No)o(w,)i(an)o(y)g(test)i(for)e(the)h Fl(Withdr)n(aw)f
Fn(metho)q(d)g(with)g(a)1031 1948 y(nonnegativ)o(e)k(amoun)o(t)f(will)g
(mak)o(e)g(its)h(p)q(ost-condition)1031 1998 y(false,)15
b(and)g(th)o(us)h(can)f(b)q(e)h(classi\014ed)g(as)f(a)g(failure.)21
b(Ev)o(en)1031 2048 y(though)d(this)h(ma)o(y)d(b)q(e)j(a)g(simple)d
(bug)j(to)f(catc)o(h,)i(there)1031 2098 y(migh)o(t)i(b)q(e)i(other)g
(examples)f(where)i(there)g(migh)o(t)c(b)q(e)1031 2147
y(hard-to-catc)o(h)14 b(bugs)f(that)h(can)f(b)q(e)h(detected)i(b)o(y)d
(testing)1031 2197 y(with)f(appropriate)h(test)g(data)f(\(and)h(a)f
(correct)i(sp)q(eci\014ca-)1031 2247 y(tion\).)25 b(Similarly)l(,)13
b(a)j(test)i(of)d Fl(A)n(c)n(c)n(ount::Dep)n(osit)h Fn(with)g(a)1031
2297 y(negativ)o(e)d(v)n(alue)e(for)i Fl(amount)g Fn(will)e(fail)g(b)q
(ecause)j(the)f(\014rst)1031 2347 y(assertion)18 b(in)e(the)h(seman)o
(tics)f(fails)f(b)q(ecause)k Fl(amount)e Fn(is)1031 2396
y(negativ)o(e)k(and)f(the)i(function)e(did)h(not)f(terminate)g(ab-)1031
2446 y(normally)13 b(\(as)i(the)h Fl(Ne)n(gativeA)o(mount)f
Fn(exception)h(is)f(not)1031 2496 y(thro)o(wn\).)1073
2554 y(Th)o(us,)c(an)g(ADL/C)p Fm(++)f Fn(sp)q(eci\014cation)i(giv)o
(es)f(some)f(kind)1031 2604 y(of)16 b(formal)f(basis)h(for)h(test)h(v)n
(alidation)c(rather)k(than)e(the)1031 2654 y(tester)e(deciding)e
(whether)h(the)g(test)g(failed)e(or)h(succeeded)1031
2704 y(based)g(on)f(some)f(informal)e(sp)q(eci\014cation.)18
b(It)11 b(is)f(also)h(p)q(os-)p eop
%%Page: 13 14
13 12 bop 37 45 a Fn(sible)14 b(to)f(giv)o(e)f(a)h(more)f
(\014ne-grained)i(test)g(rep)q(ort)g(in)f(case)37 95
y(of)g(a)g(failure,)f(b)o(y)h(lo)q(oking)f(at)h(the)h(individual)d
(predicates)37 145 y(that)j(ha)o(v)o(e)g(failed)f(for)h(a)f(particular)
h(test)h(data.)79 203 y(Since)i(ADL/C)p Fm(++)f Fn(is)g(v)o(ery)h
(close)h(to)e(C)p Fm(++)p Fn(,)h(it)f(is)g(rela-)37 253
y(tiv)o(ely)e(easy)h(to)f(generate)h(co)q(de)h(from)c(ADL/C)p
Fm(++)h Fn(sp)q(eci-)37 302 y(\014cations)f(that)f(can)h(used)g(for)f
(automating)e(the)j(test)g(v)n(ali-)37 352 y(dation)f(pro)q(cess.)19
b(This)11 b(has)g(the)h(adv)n(an)o(tage)e(that)i(a)f(large)37
402 y(n)o(um)o(b)q(er)g(of)g(tests)i(can)f(b)q(e)g(run)g(automatically)
d(whenev)o(er)37 452 y(an)h(implemen)o(tation)d(is)j(mo)q(di\014ed.)15
b(Detailed)10 b(rep)q(orts)i(for)37 502 y(failed)g(tests)h(can)g(also)e
(b)q(e)i(generated)h(whic)o(h)e(can)g(help)h(in)37 552
y(quic)o(kly)e(lo)q(cating)f(the)h(problem)f(in)g(the)i(implemen)o
(tati)o(on)37 601 y(that)i(caused)h(the)g(test)g(failures.)79
659 y(When)30 b(testing)g(using)g(ADL/C)p Fm(++)f Fn(sp)q
(eci\014cations,)37 709 y(there)13 b(could)e(b)q(e)i(calls)e(to)g
(constructors,)i(assignmen)o(t)e(op-)37 759 y(erators)j(and)e(cop)o(y)h
(constructors.)20 b(Hence,)13 b(users)h(should)37 809
y(k)o(eep)19 b(these)h(relativ)o(ely)d(simple)g(and)h(clean,)h
(otherwise,)37 859 y(the)14 b(testing)f(migh)o(t)e(b)q(ecome)i
(ine\016cien)o(t)g(and)g(imprecise.)79 917 y(A)o(t)k(presen)o(t,)h(the)
f(test)h(data)e(has)h(to)g(b)q(e)g(supplied)f(b)o(y)37
967 y(the)h(user.)25 b(W)m(e)16 b(are)g(curren)o(tly)h(w)o(orking)e(on)
h(coming)e(up)37 1016 y(with)c(a)g(language)f(lik)o(e)h(TDD)f([8)o(])h
(to)g(sp)q(ecify)h(test)g(data)f(for)37 1066 y(testing)17
b(C)p Fm(++)f Fn(mem)o(b)q(er)e(functions.)25 b(In)16
b(fact,)g(to)g(a)g(large)37 1116 y(exten)o(t,)e(TDD)f(itself)g(can)h(b)
q(e)g(used)g(to)f(sp)q(ecify)h(test)h(data)37 1166 y(for)f(C)p
Fm(++)f Fn(functions)h(as)g(w)o(ell.)79 1224 y(W)m(e)i(are)h(also)f(lo)
q(oking)f(at)h(w)o(a)o(ys)g(to)h(generate)g(\\in)o(ter-)37
1274 y(esting")10 b(test)h(data)e(from)f(ADL/C)p Fm(++)h
Fn(sp)q(eci\014cations.)18 b(F)m(or)37 1324 y(simple)e(data)h(t)o(yp)q
(es,)i(it)e(seems)g(to)h(b)q(e)g(v)o(ery)f(feasible)g(to)37
1373 y(automatically)f(generate)k(reasonable)g(test)g(data.)33
b(F)m(or)37 1423 y(example,)15 b(in)h(the)g Fl(A)n(c)n(c)n(ount::Dep)n
(osit)g Fn(metho)q(d,)g(a)f(nega-)37 1473 y(tiv)o(e)h(v)n(alue)f(for)g
(the)h(parameter)f(is)g(in)o(teresting)h(b)q(ecause)37
1523 y(it)i(can)h(cause)g(an)f(exception)h(to)f(b)q(e)g(thro)o(wn.)31
b(So,)19 b(an)o(y)37 1573 y(reasonable)d(test)g(data)f(should)f(ha)o(v)
o(e)h(at)g(least)g(one)g(suc)o(h)37 1623 y(v)n(alue)f(for)f
Fl(amount)p Fn(.)37 1780 y Fo(7)67 b(Comparison)f(and)h(Related)138
1855 y(W)-6 b(ork)37 1956 y Fn(A)p Fm(++)13 b Fn([1])f(is)h(a)g
(language)f(for)h(annotating)f(C)p Fm(++)g Fn(programs)37
2006 y(with)g(seman)o(tics)f(constrain)o(ts.)18 b(This)12
b(is)f(close)i(to)e(ADL)h(in)37 2056 y(spirit)h(in)g(that)g(it)f(uses)j
(\(mostly\))c(C)p Fm(++)i Fn(syn)o(tax)f(for)h(doing)37
2106 y(this.)27 b(But,)18 b(unlik)o(e)e(ADL,)g(A)p Fm(++)g
Fn(pro)o(vides)h(facilities)f(for)37 2156 y(writing)e(complex)f(sp)q
(eci\014cations,)i(lik)o(e)e(legal)h(v)n(alues)g(for)37
2205 y(datat)o(yp)q(es,)f(axioms)d(de\014ning)j(classes)g(i)p
Fl(etc.)k Fn(Dev)o(eloping)37 2255 y(an)o(y)11 b(practically)g(usable)g
(to)q(ols)g(using)g(A)p Fm(++)g Fn(is)g(am)o(bitious,)37
2305 y(b)q(ecause)20 b(sp)q(eci\014cations)e(could)f(range)h(from)d
(high-lev)o(el)37 2355 y(axioms)e(for)i(classes)h(to)f(lo)o(w-lev)o(el)
f(assertions)i(for)f(state-)37 2405 y(men)o(ts.)29 b(On)18
b(the)g(other)h(hand,)e(w)o(e)h(ha)o(v)o(e)g(started)h(with)37
2455 y(the)g(mo)q(dest)e(goal)f(of)h(asso)q(ciating)g(b)q(eha)o(vior)g
(sp)q(eci\014ca-)37 2504 y(tions)22 b(to)f(functions.)40
b(This)22 b(is)f(sho)o(wn)g(to)g(b)q(e)h(ac)o(hiev-)37
2554 y(able)d(and)f(v)o(ery)g(useful)h(b)o(y)f(the)h(success)i(of)c
(ADL)m(T)h(us-)37 2604 y(ing)d(ADL/C.)f(So,)h(ha)o(v)o(e)h(w)o(e)f
(adopted)h(a)f(similar)e(frame-)37 2654 y(w)o(ork)h(for)f(C)p
Fm(++)g Fn(and)g(are)h(building)e(on)i(top)f(of)g(this)g(to)h(in-)37
2704 y(cremen)o(tally)h(supp)q(ort)h(sp)q(eci\014cation)g(of)e(other)i
(features)1031 45 y(of)i(C)p Fm(++)p Fn(,)h(lik)o(e)f(classes)i(and)f
(inheritance.)33 b(It)19 b(has)g(b)q(een)1031 95 y(demonstrated)c(b)o
(y)f(our)h(seman)o(tic)f(constrain)o(ts)h(on)f(non-)1031
145 y(static)20 b(virtual)e(functions,)j(that)e(it)g(is)g(p)q(ossible)h
(to)f(de-)1031 195 y(v)o(elop)g(ADL/C)p Fm(++)g Fn(for)g(sp)q(ecifying)
g(the)h(more)e(complex)1031 244 y(features)f(of)e(C)p
Fm(++)f Fn(with)h(this)h(simple)e(idea)h(as)g(the)h(basis.)1031
294 y(The)f(A)p Fm(++)f Fn(annotations)f(are)i Fl(intrusive)p
Fn(,)e Fl(i.e.)p Fn(,)g(em)o(b)q(edded)1031 344 y(within)21
b(programs,)g(making)d(it)j(di\016cult)f(to)h(use)h(with)1031
394 y(pre-compiled)10 b(libraries.)17 b(ADL/C)p Fm(++)10
b Fn(sp)q(eci\014cations)j(are)1031 444 y Fl(non-intrusive)j
Fn(and)g(hence)h(can)f(b)q(e)g(used)h(for)e(sp)q(eci\014ca-)1031
493 y(tion)f(ev)o(en)g(when)h(the)f(source)h(co)q(de)g(is)f(not)f(a)o
(v)n(ailable.)1073 552 y(The)g(other)h(e\013ort)g(with)e(similar)f
(goals)h(that)h(w)o(e)g(kno)o(w)1031 601 y(of)g(is)g(Larc)o(h/C)p
Fm(++)f Fn([5)o(].)18 b(This)13 b(is)g(a)f(mem)o(b)q(er)g(of)g(the)i
(Larc)o(h)1031 651 y(family)9 b(of)h(languages.)17 b(This)11
b(supp)q(orts)i(t)o(w)o(o-tiered)f(sp)q(ec-)1031 701
y(i\014cations.)29 b(First)18 b(the)g(abstract)h(v)n(alues)e(are)h
(describ)q(ed)1031 751 y(in)e(the)h(larc)o(h)f(shared)i(language)d
(LSL.)h(Then)h(the)g(sp)q(ec-)1031 801 y(i\014cations)23
b(of)f(classes)i(are)f(giv)o(en)f(in)g(Hoare-st)o(yle)h(pre)1031
850 y(and)16 b(p)q(ost-conditions)g(for)g(mem)o(b)q(er)f(functions.)25
b(In)16 b(our)1031 900 y(opinion,)11 b(this)i(is)f(a)g(burdensome)h
(pro)q(cess)h(esp)q(ecially)e(for)1031 950 y(practitioners)g(who)f(w)o
(an)o(t)g(to)g(use)h(formal)c(sp)q(eci\014cations,)1031
1000 y(b)q(ecause)18 b(sp)q(eci\014cations)g(ha)o(v)o(e)e(to)g(b)q(e)h
(written)g(in)f(a)g(dif-)1031 1050 y(feren)o(t)e(language)e(with)g
(totally)g(di\013eren)o(t)i(seman)o(tics.)j(In)1031 1099
y(ADL)g(also)f(the)h(language)f(is)h(di\013eren)o(t,)h(but)f(it)f(is)h
(built)1031 1149 y(around)h(C)p Fm(++)f Fn(and)g(w)o(e)h(made)e(it)h(a)
g(p)q(oin)o(t)g(to)g(in)o(tro)q(duce)1031 1199 y(as)f(little)g(new)g
(notation)f(as)h(p)q(ossible.)25 b(W)m(e)16 b(should)g(also)1031
1249 y(p)q(oin)o(t)f(out)g(that)h(Larc)o(h)f(has)h(a)f(large)f
(collection)h(of)g(LSL)1031 1299 y(traits)22 b(whic)o(h)f(can)h(b)q(e)g
(used)g(to)g(describ)q(e)h(most)d(com-)1031 1349 y(monly)c(o)q
(ccurring)i(data)g(structures.)32 b(Ho)o(w)o(ev)o(er,)19
b(to)e(b)q(e)1031 1398 y(able)f(to)g(pic)o(k)f(the)i(correct)g(trait,)f
(one)g(needs)i(to)d(under-)1031 1448 y(stand)i(the)h(seman)o(tics)e
(that)h(describ)q(e)i(the)e(b)q(eha)o(vior)g(of)1031
1498 y(the)e(trait.)1073 1556 y(T)m(o)10 b(the)i(b)q(est)g(of)f(our)g
(kno)o(wledge,)g(there)i(is)e(no)g(supp)q(ort)1031 1606
y(for)e(testing)h(C)p Fm(++)f Fn(implemen)o(tations)e(against)h(Larc)o
(h/C)p Fm(++)1031 1656 y Fn(sp)q(eci\014cations.)42 b(Larc)o(h)22
b(has)f(a)h(v)o(ery)f(go)q(o)q(d)g(collection)1031 1706
y(of)15 b(to)q(ols,)h(most)e(imp)q(ortan)o(t)g(of)i(whic)o(h)f(is)h(LP)
m(,)f(the)h(larc)o(h)1031 1755 y(pro)o(v)o(er.)21 b(One)16
b(can)e(hop)q(e)i(to)e(do)h(some)e(reasoning)i(ab)q(out)1031
1805 y(Larc)o(h/C)p Fm(++)9 b Fn(sp)q(eci\014cations)i(using)e(LP)m(.)f
(A)o(t)i(presen)o(t)h(there)1031 1855 y(is)18 b(no)g(supp)q(ort)i(for)d
(reasoning)i(ab)q(out)f(ADL)g(sp)q(eci\014ca-)1031 1905
y(tions.)1031 2048 y Fo(8)67 b(Conclusions)84 b(and)f(F)-6
b(uture)1132 2122 y(W)g(ork)1031 2222 y Fn(W)m(e)19 b(ha)o(v)o(e)g
(designed)g(a)g(language)f(ADL/C)p Fm(++)g Fn(to)h(write)1031
2271 y(b)q(eha)o(vioral)g(sp)q(eci\014cations)i(for)f(C)p
Fm(++)f Fn(programs.)36 b(The)1031 2321 y(imp)q(ortan)o(t)12
b(asp)q(ects)k(of)d(this)h(language)f(are)h(:)1073 2405
y Fd(\017)20 b Fl(Is)14 b(e)n(asy)h(to)f(le)n(arn)f(and)i(use)f(for)g
(r)n(e)n(al)f(softwar)n(e)g(engi-)1114 2455 y(ne)n(ers.)18
b Fn(W)m(e)11 b(ha)o(v)o(e)h(b)q(een)h(careful)g(in)e(designing)h(sp)q
(ec-)1114 2504 y(i\014cation)f(constructs)i(that)e(are)g(simple)f(and)h
(easy)g(to)1114 2554 y(use)17 b(for)e(the)i(real)e(soft)o(w)o(are)h
(engineer.)25 b(While)15 b(this)1114 2604 y(has)k(reduced)i(the)f
(expressivit)o(y)g(of)e(the)i(language)1114 2654 y(to)15
b(some)f(exten)o(t,)h(it)g(is)g(surprising)g(ho)o(w)f(m)o(uc)o(h)g(can)
1114 2704 y(still)g(b)q(e)h(expressed.)22 b(ADL/C)14
b(has)g(sho)o(wn)h(itself)f(to)p eop
%%Page: 14 15
14 13 bop 121 45 a Fn(b)q(e)15 b(useful)g(and)g(practical)g(at)g(the)h
(same)e(time,)f(and)121 95 y(ADL/C)p Fm(++)f Fn(will)h(only)g(impro)o
(v)o(e)f(on)i(this.)79 192 y Fd(\017)21 b Fl(Sp)n(e)n(ci\014c)n(ations)
j(c)n(an)h(b)n(e)f(c)n(ompile)n(d)g(into)h(che)n(cking)121
242 y(c)n(o)n(de.)17 b Fn(All)8 b(ADL/C)p Fm(++)h Fn(sp)q
(eci\014cations)h(ma)o(y)e(b)q(e)i(com-)121 291 y(piled)15
b(in)o(to)g(co)q(de)i(that)e(can)h(v)o(erify)g(correct)h(b)q(eha)o(v-)
121 341 y(ior)d(\(or)g(conformance\))g(of)g(API)h(implemen)o(tatio)o
(ns.)121 391 y(Note)22 b(that)g(this)h(is)f(di\013eren)o(t)h(from)d
(\\executable)121 441 y(sp)q(eci\014cations")h(where)h(it)e(is)h(p)q
(ossible)g(to)f(gener-)121 491 y(ate)d(executable)i(implemen)o(tatio)o
(ns)c(directly)j(from)121 540 y(a)i(sp)q(eci\014cation.)38
b(In)21 b(general)g(executable)g(sp)q(eci-)121 590 y(\014cations)f(imp)
q(ose)f(undue)i(restrictions)g(on)f(sp)q(eci-)121 640
y(\014cation)e(constructs)k(to)d(simplify)d(the)k(pro)q(cess)h(of)121
690 y(generating)12 b(executable)h(co)q(de.)18 b(ADL/C)p
Fm(++)11 b Fn(sp)q(eci\014-)121 740 y(cations)f(o\013er)h(a)g
(reasonable)g(middle)e(ground)h(where)121 789 y(the)22
b(sp)q(eci\014cations)g(ma)o(y)e(b)q(e)i(used)h(to)e(e\016cien)o(tly)
121 839 y(c)o(hec)o(k)14 b(conformance,)e(while)h(at)g(the)h(same)e
(time)g(al-)121 889 y(lo)o(ws)h(easy)h(dev)o(elopmen)o(t)f(of)g(sp)q
(eci\014cations.)79 986 y Fd(\017)21 b Fl(Sp)n(e)n(ci\014c)n(ations)d
(may)g(b)n(e)f(develop)n(e)n(d)h(indep)n(endently)121
1036 y(of)e(the)h(pr)n(o)n(gr)n(am.)25 b Fn(ADL/C)p Fm(++)15
b Fn(sp)q(eci\014cations)i(ma)o(y)121 1085 y(b)q(e)10
b(written)g(as)g(separate)h(\014les)f(\(that)g(\\include")g(C)p
Fm(++)121 1135 y Fn(header)17 b(\014les\).)27 b(Hence)19
b(ADL/C)p Fm(++)d Fn(facilitates)g(the)121 1185 y(dev)o(elopmen)o(t)11
b(and)i(use)g(of)f(sp)q(eci\014cations)i(b)o(y)e(orga-)121
1235 y(nizations)d(that)h(do)g(not)g(ha)o(v)o(e)g(access)i(to)d(C)p
Fm(++)h Fn(source)121 1285 y(co)q(de)16 b(\()p Fl(e.g.)p
Fn(,)f(some)f(proprietary)i(API's)g(come)f(with)121 1335
y(precompiled)e(libraries\).)79 1431 y Fd(\017)21 b Fl(V)m(arious)31
b(kinds)i(of)f(to)n(ol)g(supp)n(ort)h(is)f(p)n(ossible.)121
1481 y Fn(Chec)o(k)n(able)13 b(sp)q(eci\014cations)i(ma)o(y)c(b)q(e)k
(used)f(in)f(man)o(y)121 1531 y(w)o(a)o(ys.)k(A)12 b(system)h(suc)o(h)g
(as)g(ADL)m(T)e(uses)j(ADL/C)p Fm(++)121 1581 y Fn(for)21
b(conformance)g(testing.)42 b(In)22 b(suc)o(h)g(a)g(system,)121
1631 y(test-data)27 b(is)f(pro)q(duced)i(indep)q(enden)o(tly)g(of)e
(the)121 1680 y(writing)19 b(of)i(the)g(sp)q(eci\014cations.)39
b(The)22 b(to)q(ol)e(then)121 1730 y(generates)10 b(a)g(driv)o(er)f
(that)g(exercises)j(the)e(API)g(on)f(the)121 1780 y(test-data,)19
b(c)o(hec)o(king)g(the)g(system)f(b)q(eha)o(vior)g(eac)o(h)121
1830 y(time)k(with)i(the)g(sp)q(eci\014cations.)49 b(Sp)q
(eci\014cations)121 1880 y(ma)o(y)12 b(also)i(b)q(e)i(used)f(to)g
(generate)h(self-c)o(hec)o(king)f(in-)121 1929 y(terfaces)24
b(in)e(cases)h(where)h(securit)o(y)f(is)g(an)f(issue.)121
1979 y(Self-c)o(hec)o(king)16 b(in)o(terfaces)i(are)f(also)g(useful)g
(during)121 2029 y(the)d(dev)o(elopmen)o(t)f(cycle.)79
2139 y(The)27 b(design)g(of)e(the)j(language)d(is)h(not)h(y)o(et)g
(com-)37 2189 y(plete.)21 b(W)m(e)14 b(merely)g(extended)i(the)f
(ADL/C-st)o(yle)f(p)q(ost-)37 2239 y(condition)27 b(sp)q
(eci\014cations)h(for)f(functions)h(to)f(sp)q(ecify)37
2288 y(class)11 b(metho)q(d)e(b)q(eha)o(viors)i(with)e(some)h(ob)o
(vious)f(seman)o(tic)37 2338 y(constrain)o(ts)15 b(for)f(virtual)f(mem)
o(b)q(er)f(functions.)79 2396 y(In)e(C)p Fm(++)p Fn(,)f(classes)i(can)f
(also)f(b)q(e)h(considered)h(as)f(the)g(basic)37 2446
y(programming)i(units)j(in)g(addition)f(to)i(global)d(functions)37
2496 y(lik)o(e)f(in)g(C.)f(So,)h(it)g(w)o(ould)f(b)q(e)i(nice)g(if)e
(class)i(b)q(eha)o(viors)f(can)37 2546 y(b)q(e)i(sp)q(eci\014ed)h(and)e
Fl(teste)n(d)f Fn(just)i(lik)o(e)e(function)h(b)q(eha)o(viors.)79
2604 y(Sp)q(eci\014cation)k(of)e(\(metho)q(ds)h(of)s(\))h(abstract)g
(classes)g(is)37 2654 y(di\016cult)j(at)f(presen)o(t.)37
b(This)20 b(is)f(b)q(ecause,)k(usually)c(ab-)37 2704
y(stract)e(classes)g(do)f(not)g(ha)o(v)o(e)f(an)o(y)h(implemen)o(tati)o
(on)d(\(or)1031 45 y(state\))19 b(information)c(that)j(can)g(b)q(e)h
(used)g(for)e(the)i(p)q(ost-)1031 95 y(conditions.)k(So,)15
b(the)h(only)e(w)o(a)o(y)h(to)g(do)h(this)f(at)g(presen)o(t)1031
145 y(in)c(ADL)f(is)h(to)g(come)f(up)h(with)f(some)g(crude)i(implemen)o
(ta-)1031 195 y(tion)j(\(using)g(the)g(auxiliary)f(declarations\))h
(and)g(writing)1031 244 y(the)i(p)q(ost-conditions)g(using)f(that.)26
b(This)16 b(mak)o(es)f(sp)q(eci-)1031 294 y(fying)e(abstract)i(classes)
g(complicated.)1073 352 y(One)h(w)o(a)o(y)f(to)g(solv)o(e)h(these)h
(problems)d(is)i(to)f(adopt)g(an)1031 402 y(algebraic)10
b(sp)q(eci\014cation)g(framew)o(ork,)f(but)h(it)f(is)h(not)g(clear)1031
452 y(ho)o(w)k(testing)g(can)g(b)q(e)h(supp)q(orted)g(in)e(that)h
(framew)o(ork.)1073 510 y(Considering)19 b(these)i(issues,)h(it)d(app)q
(ears)i(some)d(kind)1031 560 y(of)e(trace-based)i(sp)q(eci\014cations)g
(on)e(top)g(of)g(the)h(curren)o(t)1031 610 y(ADL/C)p
Fm(++)j Fn(sp)q(eci\014cations)j(w)o(ould)d(b)q(e)h(a)g(nice)h(w)o(a)o
(y)e(to)1031 659 y(capture)c(class)g(b)q(eha)o(viors,)f(at)g(the)g
(same)g(time)e(preserv-)1031 709 y(ing)k(the)h(t)o(w)o(o)e(de\014ning)i
(features)g(of)f(ADL)g(-)g(testabilit)o(y)1031 759 y(and)11
b(closeness)i(to)e(the)g(base)h(implemen)o(tatio)o(n)c(language.)1031
809 y(W)m(e)k(ha)o(v)o(e)f(some)g(preliminary)e(ideas)j(in)f(this)h
(resp)q(ect)i(and)1031 859 y(w)o(e)e(will)e(b)q(e)j(incorp)q(orating)e
(them)g(in)o(to)g(ADL/C)p Fm(++)f Fn(so)q(on.)1031 1013
y Fo(Av)l(ailabili)q(t)n(y)1031 1114 y Fn(The)34 b(dev)o(elopmen)o(t)e
(of)h(the)h(to)q(ol)e(is)h(curren)o(tly)h(in)1031 1164
y(progress.)k(The)20 b(initial)e(v)o(ersion)i(will)e(b)q(e)j(a)o(v)n
(ailable)c(in)1031 1214 y(ab)q(out)g(a)f(y)o(ear.)27
b(Con)o(tact)16 b(the)i(authors)f(for)f(further)i(in-)1031
1263 y(formation.)1031 1418 y Fo(Ac)n(kno)n(wledgmen)n(ts)1031
1519 y Fn(W)m(e)31 b(w)o(ould)f(lik)o(e)g(to)g(thank)h(Ra)r(jiv)f
(Joshi,)k(Ash)o(vin)1031 1569 y(D'Souza,)26 b(Ro)q(ongk)o(o)d(Do)q(ong)
g(and)h(Mark)g(Hefner)h(for)1031 1618 y(their)11 b(participation)e(in)h
(the)g(n)o(umerous)g(discussions)h(dur-)1031 1668 y(ing)j(the)h(design)
f(of)g(the)h(language.)k(W)m(e)13 b(w)o(ould)h(also)g(lik)o(e)1031
1718 y(to)j(thank)f(Deepak)h(Kapur)f(for)g(his)h(in)o(v)n(aluable)d
(sugges-)1031 1768 y(tions)e(for)f(impro)o(ving)d(the)k(o)o(v)o(erall)f
(qualit)o(y)f(of)h(the)h(pap)q(er.)1031 1922 y Fo(References)1052
2023 y Fn([1])20 b(M.)g(Cline)f(and)i(D.)e(Lea.)h(The)h(Beha)o(vior)g
(of)e(C)p Fm(++)1117 2073 y Fn(Classes.)13 b Fl(Pr)n(o)n(c)n(e)n(e)n
(dings)h(of)g(the)g(Symp)n(osium)h(on)f(Ob-)1117 2123
y(je)n(ct)d(Oriente)n(d)g(Pr)n(o)n(gr)n(amming)g(Emphasizing)h(Pr)n
(ac-)1117 2173 y(tic)n(al)i(Applic)n(ations)p Fn(,)f(Marist)h(College,)
f(1990.)1052 2264 y([2])20 b(Digital)36 b(Equipmen)o(t)i(Corp)q
(oration,)44 b(Hewlett-)1117 2314 y(P)o(ac)o(k)n(ard)24
b(Compan)o(y)m(,)f(Hyp)q(erDesk)j(Corp)q(oration,)1117
2363 y(NCR)20 b(Corp)q(oration,)h(Ob)r(ject)g(Design,)h(Inc.,)f(and)
1117 2413 y(SunSoft)c(,)i(Inc.)f(The)g(Common)d(Ob)r(ject)k(Request)
1117 2463 y(Brok)o(er)12 b(:)17 b(Arc)o(hitecture)c(and)e(Sp)q
(eci\014cation.)h(P)o(ages)1117 2513 y(45-80.)d(OMG)i(Do)q(cumen)o(t)f
(Num)o(b)q(er)g(91.12.1,)f(Revi-)1117 2563 y(sion)k(1.1.)g(Decem)o(b)q
(er)h(1991.)1052 2654 y([3])20 b(John)12 b(V.)g(Guttag)g(and)h(James)f
(J.)g(Horning)g(with)g(S.)1117 2704 y(J.)i(Garland,)g(K.)g(D.)g(Jones,)
i(A.)e(Mo)q(det)h(and)g(J.)f(M.)p eop
%%Page: 15 16
15 14 bop 123 45 a Fn(Wing.)9 b(Larc)o(h)h(:)16 b(Languages)10
b(and)h(T)m(o)q(ols)e(for)h(F)m(ormal)123 95 y(Sp)q(eci\014cation.)k
(Springer-V)m(erlag,)f(1993.)58 178 y([4])20 b(D.)9 b(Kapur)i(and)f(D.)
g(R.)f(Musser.)j(T)m(ecton:)k(A)11 b(F)m(rame-)123 228
y(w)o(ork)g(for)f(Sp)q(ecifying)h(and)g(V)m(erifying)e(Generic)j(Sys-)
123 278 y(tem)18 b(Comp)q(onen)o(ts.)f(Rensselaer)j(P)o(olytec)o(hnic)f
(In-)123 327 y(stitute)11 b(Computer)e(Science)i(T)m(ec)o(hnical)f(Rep)
q(ort)g(92-)123 377 y(20,)j(July)m(,)f(1992.)58 460 y([5])20
b(Gary)15 b(T.)g(Lea)o(vnes.)g(Larc)o(h/C)p Fm(++)g Fn(Reference)j
(Man-)123 510 y(ual.)i(Departmen)o(t)g(of)g(Computer)g(Science,)k(Io)o
(w)o(a)123 560 y(State)14 b(Univ)o(ersit)o(y)m(,)f(Sept)i(1995.)58
643 y([6])20 b(Barbara)11 b(Lisk)o(o)o(v)f(and)g(Jeannette)j(M.)d
(Wing.)g(A)h(Be-)123 693 y(ha)o(vioral)h(Notion)h(of)g(Subt)o(yping.)f
Fl(A)o(CM)i(TOPLAS)123 742 y Fn(16\(6\):1811-1841,)c(No)o(v.)j(1994.)58
826 y([7])20 b(Sriram)11 b(Sank)n(ar)h(and)h(Roger)g(Ha)o(y)o(es.)f
(ADL:)g(An)h(In-)123 875 y(terface)22 b(Language)e(for)g(Sp)q(ecifying)
h(and)f(T)m(esting)123 925 y(Soft)o(w)o(are.)d(In)g Fl(Pr)n(o)n(c)n(e)n
(e)n(dings)i(of)f(the)g(Workshop)i(on)123 975 y(Interfac)n(e)14
b(De\014nition)h(L)n(anguages)p Fn(,)f(Jan)o(uary)f(1994.)58
1058 y([8])20 b(Sriram)e(Sank)n(ar,)i(Roger)f(Ha)o(y)o(es.)g(Sp)q
(ecifying)g(and)123 1108 y(T)m(esting)31 b(Soft)o(w)o(are)f(Comp)q
(onen)o(ts)g(using)h(ADL.)123 1158 y(SMLI)16 b(TR-94-23.)e
Fl(Sun)k(Micr)n(osystems)e(L)n(ab)n(or)n(ato-)123 1207
y(ries,)e(Inc.)p Fn(,)f(April)h(1994.)58 1290 y([9])20
b(J.)f(M.)g(Spiv)o(ey)m(.)g(Understanding)h(Z,)g(A)f(Sp)q(eci\014ca-)
123 1340 y(tion)9 b(Language)g(and)h(its)f(F)m(ormal)f(Seman)o(tics.)g
(Cam-)123 1390 y(bridge)13 b(Univ)o(ersit)o(y)g(Press,)h(1988.)d(T)m
(racts)j(in)e(Theo-)123 1440 y(retical)i(Computer)f(Science,)i(V)m
(olume)d(3.)37 1523 y([10])20 b(Bjarne)29 b(Stroustrup.)g(The)g(C)p
Fm(++)g Fn(Programmi)o(ng)123 1573 y(Language.)13 b(Addison-W)m(esley)m
(,)f(1991.)37 1656 y([11])20 b(Sun)d(Microsystems)f(Inc.,)h(U.S.A.,)f
(and)g(Informa-)123 1706 y(tion)24 b(T)m(ec)o(hnology)h(Promotion)e
(Agency)m(,)28 b(Japan.)123 1755 y(ADL)21 b(T)m(ranslator)f(Design)h
(Sp)q(eci\014cation.)g(Do)q(cu-)123 1805 y(men)o(t)9
b(n)o(um)o(b)q(er)g(MITI/0001/D/0.1.)e(August)k(1993.)p
eop
%%Trailer
end
userdict /end-hook known{end-hook}if
%%EOF
From sreeni@cs.albany.edu Mon May 6 10:25:31 1996
Received: from cs.albany.edu by usenix.ORG (4.1/1.29-emg890317)
id AA11241; Mon, 6 May 96 10:25:31 PDT
Received: from bhaskara.cs.albany.edu (sreeni@bhaskara.cs.albany.edu [128.204.2.40]) by cs.albany.edu (8.7.4/HUB03) with ESMTP id NAA25530; Mon, 6 May 1996 13:23:21 -0400 (EDT)
From: Sreenivasa Rao Viswanadha
Received: (from sreeni@localhost) by bhaskara.cs.albany.edu (8.7.4/CLI2) id NAA19689; Mon, 6 May 1996 13:23:16 -0400 (EDT)
Date: Mon, 6 May 1996 13:23:16 -0400 (EDT)
Message-Id: <199605061723.NAA19689@bhaskara.cs.albany.edu>
To: cootsascii@usenix.ORG
Subject: HTML version of COOTS 96 paper
Cc: sankar@eng.sun.com
X-Sun-Charset: US-ASCII
Status: RO
Find enclosed the html version of our paper titled - "Preliminary Design of
ADL/C++ - A specification language for C++" for the COOTS 96 conference.
Thanks,
Sreeni.
/****************************** begin include *********************************/
Preliminary Design of ADL/C++ - A Specification language for C++
Preliminary Design of ADL/C++ -
A Specification language for C++
Abstract
ADL/C++ is a specification language for associating behavior
specifications as post-conditions
with C++ (function) declarations.
The language includes a clean subset of the C++ expression
language and
the semantics is relatively simple and informal.
Most of the important
features of C++ like member functions, virtual
members, constructors, inheritance and exceptions can be
specified in ADL/C++.
In addition to being semi-formal documentation, ADL/C++
specifications can also be used for testing C++ implementations.
We developed a method for
validating tests of C++ implementations using ADL/C++
specifications.
Introduction
Traditionally specification languages have been designed to give
a specification of a computation independent of the
implementation language(s) in which the computation is
realized. While this approach may have the advantage of giving an
independent characterization of algorithms and data structures,
it imposes the burden on the users to learn two
different languages using possibly two different formalisms and
two different paradigms (since a specification emphasizes
what and an
implementation emphasizes how). For example, the
specification language Z [9] uses set-theoretic semantics for
specifications and Larch [3] and Tecton [4]
are languages based on algebraic specification. But, most imperative
programming languages have state-based operational semantics.
Perhaps this is the reason why there does not seem to be much use
of these specification methodologies in the industry.
A somewhat different approach has
been taken in high-level functional and logic programming
languages where a single language framework is used for
specification and implementation. Our approach has similar goals
but is still quite different from these.
A subset of the programming language
itself (with some extensions) is used to write
specifications. This has the advantage that developers do not
have to learn different languages, possibly supporting different
paradigms. While writing specifications the programmer
is encouraged to specify what the program does
without worrying about implementation details, and for this,
a small, clean and "side-effect-free" subset of
the language can be used.
We believe that such an approach will encourage developers
to write specifications before working on implementations.
Such specifications
can be easily used for testing purposes also, since
an implementation can be executed with an input data
and the output generated
along with the test input can be plugged into the specification to see
whether the specification is satisfied for that particular test data.
ADL (Assertion Definition Language) adopts this philosophy.
It is a family of languages designed
to associate semantic information with declarations of variety
of languages (C, C++ etc.). One of the basic goals
of the language
is to remain
as close to the implementation language as possible,
at the same time
allowing high-level specification independently of
implementations.
Another feature of ADL is that
specifications written in ADL are checkable, i.e.,
implementations can
be tested against ADL specifications.
There are some inherent limitations with this approach,
particularly, that the specification will inherit all the
pitfalls and ambiguities of the programming language depending
upon the restricted subset of the language being used for
specification purposes. But, we have taken care to select a subset
of the underlying programming language which is well-understood
with minimal ambiguities.
The rest of the paper is organized as follows. In Section 2,
we present some background on ADL. Section 3 presents an
overview of of ADL/C++ using an example.
In Section 4,
a somewhat detailed description of the language syntax and
informal semantics is given.
Section 5 describes how reuse
of specifications is supported in ADL/C++. In Section 6,
a method for validation of C++ implementations
using ADL/C++ specifications is presented.
Section 7 gives a comparison with other related work.
We conclude in Section 8 with a brief discussion about
future work.
ADL is a specification language
framework used to describe input-output behavior of software systems.
ADL originated as part of a conformance testing system (ADLT)
[11] for
ANSI C API's. In this system, the runtime behaviors of implementations
of API's are compared to their specification written in the ADL framework.
These specifications are written in a C like syntax as extensions to
C header files. This particular syntax is termed ADL/C (or ADL for C).
The ADLT project commenced in early 1993 and has culminated in a robust
industry quality environment for conformance testing.
ADLT has a collection of tools developed for ADL/C and a
language called TDD, for describing test data.
The tools include
ACF, the assertion checking function generator that translates
post-conditions given in ADL/C into C functions,
a "natural" language document generator, and
a test coverage analysis tool. Some of these tools are being
successfully used by X/Open and NIST as a part of their
conformance testing efforts.
We are developing a similar specification capability for C++,
namely ADL/C++. ADL/C++ builds on the experience gained from the ADLT
project. It is a natural extension of ADL/C for C++, but it
also represents a significant improvement in expressiveness and
ease of use. A subset of ADL/C++ itself may be used to specify
C programs, and we anticipate that this subset will eventually
replace the old ADL/C1.
Other projects currently being undertaken are ADL/IDL (OMG IDL [2])
and ADL/JavaTM. While this paper focuses on ADL/C++,
the general concepts presented here apply equally well to the
other language specializations of ADL.
Overview of ADL/C++
ADL/C++ supports behavior specifications for
methods (member functions) and constructors in the form
of post-conditions.
It also supports specification of inheritance,
virtual functions, and exceptions. For this, it uses a
side-effect-free subset of C++ expression language
as described in [10] and extends it with the usual
logical operators, bounded
quantification, call-state operator (for evaluating expressions
prior to a function call), return expressions
(to denote
return values of functions), and some structuring constructs.
A function behavior is typically partitioned into normal
and abnormal behavior by giving the corresponding predicates
in terms of the values of the parameters,
return values, and exceptions thrown. Then, predicates that
describe the state transformations corresponding to each of these
behaviors are given. Additional predicates that describe the state
transformations and invariants
independent of normal or abnormal behavior may also be given.
Consider an example ADL/C++ specification
of a function that computes the integer square root
of a given number.
specification {
int sqrt(int x)
semantics
{
@x >= return * return;
@x < (return + 1) * (return + 1);
};
};
Intuitively, the above specification says that sqrt is a
function that takes an integer and returns a (positive) integer
which is the floor of the square root of the input parameter
value. Albeit using C++-like expressions, the above specification
just says
what the function sqrt
should do, but not how it should be done
2.
The operational meaning of the above specification is that if
j is the
return value of a call sqrt(k) for some (positive) integers
j and k, then both the formulas listed in the semantics
clause should evaluate to true by setting the value of the
variable x to k and that of return to j.
More precisely, the following two predicates should evaluate to
true :
k >= j * j
k < (j + 1) * (j + 1)
The "@" operator says that the expression following it
should be evaluated before a call to sqrt. The keyword
return denotes the return value of a call to sqrt.
The complete syntax and semantics of the language are presented
in Section 4.
We illustrate the specification of various important features
of C++ using the more realistic example presented in
Figures 1 and 2 of a
specification of a bank account class. The account class
has methods to deposit and withdraw amounts.
The declaration of the
Account class can be first
developed in a file account.hh and then, it can be
included in the specification file to
give behavior specifications for the various (member)
functions.
The Account::Deposit method semantics
says that it throws an exception if called with
a negative value for amount. This is specified
using the "<:>" operator. Informally, this
means that a negative value of the amount would result
in abnormal termination and in case abnormal termination,
the presence of a NegativeAmount exception implies
that the value of amount was negative. In the normal case,
the value of balance increases by the amount
that is deposited.
The Account::Withdraw method
semantics says that the operation terminates abnormally
if either of the exceptions corresponding to insufficient
funds in the account or a request to withdraw a negative
amount is thrown. Otherwise it terminates normally and
the value of balance decreases by the
amount withdrawn. Then it also says what the values
of a thrown exception should be.
The constructor specifies what the initial
values of various data members should be in case
of normal termination. It also specifies the
exceptions thrown in case of illegal initial values
for some of the data members.
Functions
Behavior specifications for a function can be written using all
the (program) variables that can be used in a definition of
that function with the same scope and visibility rules. A
specification typically relates the before and after values of the
part of the state that it can modify in a particular call. This
includes all the global variables, data members (for member functions)
and any reference parameters. In addition, it can also
specify what exceptions, if any, it can throw and the properties of
the values of the exceptions thrown.
A behavior specification for a function can be given inline at the
time of declaration, or separately, just like
a definition.
Constructors
In semantics for constructors, typically one can specify the
initial values for various
data members which effectively gives the initial state of the object.
In the example, the semantics for the constructor for the Account
class specifies that the values of the account number, type and initial
balance should be equal to the corresponding parameters.
In a specification for a constructor, the values of the data members
of the object (being constructed) cannot be accessed in the
call-state ("@" operator) because the object would not have been
constructed before a call to a constructor.
Virtual Member Functions
If a superclass declares a member function to be virtual, then
a call to it using a pointer might actually invoke its
implementation in a subclass.
Therefore it is logical that semantic description given in a
subclass implies the semantics specified in the superclass
for a virtual function.
To achieve this,
ADL/C++ imposes the semantic restriction that any virtual
member function redefined in a derived class should obey the
semantics given for it in the base class as interpreted
in the context of the base class. This means that
the assertions in the derived class are strengthened by those
given in the superclass. This, in some sense extends the
(mostly syntactic) inheritance mechanism of C++ to inheritance
of properties of methods rather than respecifying the properties
given in the superclass.
For example, consider the ADL/C++ specification given in
Figure 3,
of a new bank account class which
inherits from the Account class. It allows an overdraft
upto a certain
amount which can change. Therefore the new Withdraw
method will say how the value of the variable overdraft
changes if the account is being overdrawn. Since it is virtual,
by our semantics it automatically inherits the specification
given in the base class and therefore it is not necessary to
specify that part. In this case, the variable balance
merely denotes the amount available for withdrawal, not the
real balance.
Another common use of virtual functions in C++ is the
specification of abstract classes. The abstract properties
can be specified for the virtual functions in the abstract class and
in the implementation classes, these functions would have to obey
all those properties automatically because of the semantic
constraints imposed by ADL/C++.
This semantics can also be useful to specify the behaviors
for specializations if the superclass
specification is not overly constrained.
For example, the sorting functions specified in
Section 5 can be easily specified using C++ inheritance
by appropriately making the first sort function a virtual member
of a class
and then redefining it as a stable sort function in a
subclass. This is possible because the original sort function
does not say anything about the relative order of elements
with equal key and hence the subclass has the freedom to
add the extra constraint.
The idea here is to impose some discipline on
inheritance (which C++ doesn't) so that some kind of subtyping
is achieved.
Our current semantics for virtual functions is inspired by the
behavioral notion of subtyping described in
[6] and a similar scheme called
weak behavioral subtyping is supported in
Larch/C++ [5].
Exceptions
ADL/C++ allows the specification of exceptions that can be
thrown by a function.
In the semantic specifications of functions, exceptions can
be explicitly used (see the next Section).
C++ does not allow exceptions to be named in the throw clause.
However, in
ADL/C++, they can be named just like other parameters, and
can be used in
the post-condition. We feel this will make specifications more
readable than
the corresponding C++ code because now users can name exceptions
in a way as
to reflect the nature of the exception. In the bank account
example above, instead of using separate exceptions, if the
class designer decided to throw an exception of type long
in case amount is negative, it can be named appropriately
(say, negativeAmount) to reflect this fact in the behavior
specification. We also extended the C++
exception declaration to specify things like no exception can be
thrown and any exception can be thrown.
The semantics of exception specification is that any
implementation can throw at most those exceptions listed
in the throw clause. It can not throw anything that is not
mentioned. Note that in C++, the throw list that
follows a function declaration is just informational and
the function can throw other types of exceptions not listed
there.
In the post-condition, tests can be made for the presence of
exceptions using the thrown operator. Exception values
can be used just like normal data values
except that it is illegal to use an exception when it is not thrown.
Similarly,
it is illegal to use an exception in the call state. It is also
illegal to
use the return value in case an exception is thrown.
In the example, the semantics for Account::Withdraw
specifies that it can
throw InsufficientFunds and NegativeAmount
exceptions to signal abnormal termination.
It also says that if
the InsufficientFunds exception is thrown, then the
value of its data member bal should be equal to
balance.
Note that exception conditions need not always be part of the abnormal
section of function semantics. Since exceptions can also be used for
communication, they can be used as part of normal behavior also.
For example, a read method of a file class may throw an
exception to signal an end-of-file. But, usually it is not
abnormal behavior. On the other hand, if the file is not
open, then the exception thrown usually signals abnormal
termination.
Access Control
We envisage the use of ADL/C++ for giving detailed
specifications for implementations also, therefore,
ADL/C++ ignores all access restrictions. This,
we believe, will give the implementor flexibility to specify
and test the implementations
without having to worry about access permissions.
This gives the ability to look at (but not to modify) private
data not accessible to a function to do test validation.
Syntax and Semantics
Much of ADL/C++ syntax includes C++ syntax, but it also has
some syntactic constructs of its own.
We will describe the ADL/C++-specific
syntax and semantics in detail in the following subsections.
Specification Structure
The top level specification syntax is :
adl_specification ::=
{ with_clause }
specification spec_name
"{" ( annontated_declaration ) + "};"
Every specification has a name and consists of one or more
annotated declarations, that is, C++ declarations optionally
annontated by behavior specifications.
At present, we require that
the name of the file be same as the name of the specification
with .adl++ as the file name extension. ADL/C++ is
case-sensitive just like C++ is.
An ADL/C++ specification can also import other ADL/C++ specifications
using the with clause. The syntax for this is :
with_clause ::=
with "[" ( spec_name )
( "," spec_name ) * "]"
A specification can use all the declarations and any
annotations from any of the specifications listed
in the with clause.
Declarations
All C++ declarations like typedefs, classes, enums, variable
declarations etc. can be present in an ADL/C++ specification.
To facilitate users to include "real" C++ header files, we
allow inline function definitions to be present in ADL/C++
specifications.
At present, only function declarations can be annotated
to give behavior descriptions. The syntax for this is :
annontated_declaration ::=
C++_declaration
| auxiliary_declaration
| C++_function_declaration annotation
C++_declaration is any valid C++ declaration and
C++_function_declaration is a C++ function declaration
without the throw clause.
Annotations
An annotation consists of ADL/C++ exception
specifications, binding definitions for normal
and abnormal behavior of the function,
and a list of formulas that describe the
behavior of the function. The syntax for an annotation is :
annontation ::=
{ adl_exception_spec }
semantics
{ behavior_definitions }
group_expression ";"
adl_exception_spec ::=
throw { ( exception_list ) }
exception_list ::=
param_declaration ( "," param_declaration ) *
| "..."
behavior_definitions ::=
"[" ( ( normal | abnormal ) ":=" expression ";" ) + "]"
As mentioned earlier, ADL/C++ exception specifications
can be named. So, the syntax for this is same as that
of a C++ formal parameter declaration. If no exception
is specified following the throw clause, then the
function can not throw any exception. If there is a
"..." in the throw list, then the function can throw
any exception.
Note that all the variables used in the annotation part
are program variables (and not logical variables).
An annotation for a function is like a post-condition, i.e., all
the expressions except call-state expressions (see below) that
constitute the group expression will be
evaluated using the values of the variables after a call to the
function.
The behavior definitions classify the behaviors of the function
into normal and abnormal behaviors.
If neither normal nor abnormal behavior is defined, then abnormal
defaults to thrown(...) and normal defaults to !thrown(...). If
only of normal or abnormal behavior is defined, the undefined
one defaults to the negation of the defined one. There can be
at most one definition each for normal and abnormal behaviors
in an annotation.
Auxiliary Declarations
Sometimes, if the interface or class declaration does not contain
enough information about the state, then it becomes necessary
to have some auxiliary declarations for specification purposes.
Since these are needed only for specification, but not a part
of the original declarations, ADL/C++ provides a mechanism
to declare them as auxiliaries.
The syntax for auxiliary declarations is :
auxiliary_declaration ::=
auxiliary "{" ( C++_declaration ) * "};"
Expressions
The expression language includes the side-effect-free
subset of the C++ expression language. All forms of C++
assignment operators, increment and decrement operators
and any overloaded versions of these are excluded. However,
ADL/C++ does have the function-call operator. We provided
this to facilitate testing. One should be very careful in
using function calls as there can be side-effects in the
invoked functions. ADL/C++ also has some special operators
of its own. The general syntax for expressions is :
expression ::=
C++_expression
| adl_expression
adl_expression ::=
group_expression
| call_state_expression
| adl_logical_expression
| quantified_expression
| thrown_expression
| unchanged_expression
| behavior_expression
| return
| normal
| abnormal
We will now describe the various ADL-specific expressions.
Group Expressions
The syntax for group expressions is :
group_expression ::=
"{" ( binding ) *
( labels { tags } expression ";" ) * "}"
labels ::=
( IDENTIFIER ":" ) *
tags ::=
"[" IDENTIFIER ( "," IDENTIFIER ) * "]"
A group expression is a semicolon separated list of
expressions. Each of these expressions should be a
boolean expression and the type of the group expression
is also boolean. The semantics of a group expression is
the conjunction of the list of expressions that constitutes
the group. Note that the expressions can be evaluated in
any order and a ";" does not denote sequencing, but
conjunction.
Expressions in a group can be given names using labels.
The tags are used by tools for generating reports in case
of testing.
Bindings
Since assignment expressions are not allowed in ADL/C++,
a set of variables can be declared and initialized in a
group expression using the bindings.
The syntax for binding is :
binding ::=
assign ( local_variables ) with
[ IDENTIFIER ":=" ] expression
Thus, a binding has a list of variable declarations, optionally
initializing one of those declared variables using an expression.
Call-State Expressions
The syntax for a call-state expression is :
call_state_expression ::=
"@" expression
A call-state expression in the behavior specification of a
function is one which is evaluated before a call to that function.
Naturally, it can not be applied to expressions like return
since they have meaning only after a call to the function and
using it with a value parameter has no effect. The type of
a call-state expression @e is the same type as that of e.
Logical Expressions
Even though C++ has logical expressions, they are short-circuited.
So, ADL has special syntax for logical operations that are
not short-circuited.
logical_expression ::=
expression and expression
| expression or expression
| expression "==>" expression
| expression "<==" expression
| expression "<==>" expression
| expression "<:>" expression
| if "(" expression ")" group_expression
( elsif "(" expression ")" group_expression ) *
{ else group_expression } ";"
A logical expression is of boolean type and requires operands of
boolean type.
The and and or operators have their usual
logical meaning.
The "==>" operator is the logical implication operator,
the "<==" operator is the "implied by" operator and
the "<==>" operator is the logical equivalence operator.
An expression like
if (c1) { e1; }
elsif (c2) { e2; }
...
elsif (cn) { en; }
else { e; }
means that ek should evaluate to true if k is the smallest
integer such that ck is true and if no such k exists then
e should evaluate to true (if the else clause is present).
The "<:>" operator is the exception operator and it
is used to relate the abnormal behavior definitions and
exceptions thrown. Formally, the meaning of
a <:> b
is
a ==> abnormal &&
abnormal && b ==> a.
This says that if the left operand evaluates
to true, then it denotes abnormal termination.
It also says that in case of abnormal termination,
if the right operand evaluates to true, then the
left operand must also evaluate to true.
Bounded Quantification
ADL/C++ supports universal and existential quantifiers
over finite domains. The syntax is :
quantified_expression ::=
( forall | exists ) "(" domain_list ")" group_expression ";"
domain_list ::=
domain ( "," domain ) *
domain ::=
variable_declaration ":" expression
Here, forall and exists
denotes universal quantification and existential quantification
respectively. A quantified expression consists of a
variable declaration, an expression that defines a finite domain
(currently only integer ranges are allowed) and a group expression.
The type of a quantified expression is boolean.
Thrown Expressions
This is used to check if a particular exception is thrown
by the function call. The syntax for this is :
thrown_expression ::=
thrown "(" exception_names ")"
exception_names ::=
IDENTIFIER ( "," IDENTIFIER ) *
| "..."
The type of a thrown expression is boolean.
Each of the identifiers should be declared as an exception
in the exception list for this function.
This expression evaluates to true if an exception
corresponding to the type of each of the identifiers is
thrown. Note that multiple exceptions cannot be thrown
by a C++ function. However, because of subclassing,
a derived class exception can also be considered as
an exception of a superclass type. If "..." is
used, then the expression evaluates to true if
there is some exception thrown.
This expression is commonly used with the
exception operator to specify what exception can be
thrown under what conditions in case of abnormal behavior.
Unchanged Expressions
This can be used to specify expressions whose values
are the same before and after a call to the function. The
syntax for this is :
unchanged_expression ::=
unchanged "(" expression_list ")"
expression_list ::=
expression ( "," expression ) *
The type of an unchanged expression is boolean. It evaluates to
true only if the values of all the expressions listed remain
unchanged before and after a call to the function in whose
semantics clause the expression appears.
Other ADL Expressions
The other ADL keywords return, normal and
abnormal denote the return value of the function call,
and the predicates corresponding to normal and abnormal
behavior for that particular function respectively. Since these
are properties of the termination of the function, they
can not be used in the call-state.
Preprocessing
A header file consisting of function and class declarations
can be included using the
standard C++ preprocessor directive ("#include") in an ADL/C++
specification file for giving annotations.
This is analogous to the way function implementations
are developed in C++. To facilitate this,
an ADL/C++ specification is preprocessed using some C++
preprocessor before it is processed by any of the ADL tools.
Reusing Specifications
Sometimes the behavior (post-condition) of a function might
just be a simple refinement of an existing function
(behavior). But, ADL does not provide a way to specify
this refinement directly. In stead, there is a more
general construct
to use the semantics (behavior specification) given in
ADL/C++ of a function while giving the semantics of
other functions. The syntax for this is :
behavior_expression ::=
behavior "(" { selector_expr_prefix } IDENTIFIER
< { param_list } { : expression } >
selector_expr_prefix ::=
expression ( "." | "->" )
The behavior operator requires a function name and values for
parameters and a value to denote the return value of a call to
the function with those values. The actual parameters might
also include (a pointer to) the object in the case of member
functions. The syntax is very close to a function call, so
for members, the object (or pointer) is supplied using the
appropriate member selector operator.
In "behavior(a.f)< arg1, ..., argn : retVal >",
the types of the expressions arg1, ..., argn
obey all the rules that the types of actual parameters to f do and
the type of retVal should be the return type of f.
The type of a behavior expression is boolean.
"behavior(a.f) < arg1, ..., argn : retVal >"
evaluates to true iff the semantics clause
corresponding to the (member) function f of a does,
when evaluated in
the scope in which it is specified, by setting the values
of its n parameters to arg1, ..., argn respectively, and
setting the value of return to retVal.
Consider the following specification of a Sort function :
specification SortSpec
{
typedef Record RecordArray[100];
RecordArray Sort(RecordArray records)
semantics {
// First say it is a permutation
IsPermutation(return, records);
// Then say that the return value
// has keys in nondescending order
forall (int i : int_range(0,
size(records) - 2))
{
return[i].key <=
return[i + 1].key;
};
};
};
Now consider a stable sort function, i.e.,
a sort function which preserves the relative order of elements
with equal keys after sorting. A specification for this
function can be written as a refinement of the sort
function to say that it sorts and
also preserves the order of elements with equal keys.
In this case, the specification StableSort
will be concise and intuitive if it can be written using
the existing post-condition for Sort in the spirit
of reuse supported by C++ by way of inheritance.
This can be done as follows :
with [SortSpec]
specification NewSortSpec
{
RecordArray StableSort(RecordArray
records)
semantics {
// First specify that it behaves
// just like Sort.
behavior(Sort) ;
// Now say that relative order of
// elements with same key is
// preserved.
forall (int i, j : int_range(0,
size(records) - 1))
{
if (i < j && records[i].key ==
records[j].key)
{
exists (int m, n : int_range(
0, size(records) - 1))
{
m < n &&
records[i] == return[m] &&
records[j] == return[n];
};
};
};
};
};
As the expression language of ADL/C++ includes C++ expression
language, a function call in a specification refers to its
implementation, not the specification. Since some function
implementations can have side-effects, it may not be correct
to invoke function implementations. In those cases, behavior
expression can be very useful.
Another situation where this will be useful is when
one class contains objects of some other class and
uses the contained class methods to implement its own
methods. Then the specifications cab also be written
using the specifications of the contained
objects using the behavior expression.
This gives modularity to specifications similar to the
modularity of implementations as supported by C++.
For example, consider a bank class which has methods to
deposit to and withdraw from an account given the
account number.
Using the previously specified Account class,
a specification of the bank's deposit method can be
given as :
with [AccountSpec]
specification Bank {
class Bank {
Deposit(int acNum, long amt)
throw(int acNotFound)
semantics {
assign Account *acPtr with
acPtr = GetAccount(acNum);
if (normal) {
behavior(
acPtr->Deposit);
};
};
}
};
This specification just says that the bank's deposit method
merely locates the account corresponding to the given account
number and then the amount is deposited into the
located account. It also throws an exception if it can not find
an account with a given number.
An advantage with this specification
is that if later on some subtypes are added
to the Account class, say something like an account with
overdraft protection, the bank specification need not be
rewritten, much like C++ implementation of the Bank class
need not be rewritten (if it is properly implemented).
Testing and Validation
One of the important benefits of writing ADL/C++ specifications
is automatic test-validation. A C++ implementation can be tested
by giving it a sample input data and then the test can be
validated to see if it is a success or failure using the
ADL/C++ specification.
At present, only unit testing of
(member) functions is supported.
Given a function declaration to be tested along with a sample data,
the validation can be done in the following steps.
- Store the values of all the parameters that are
referred to in the semantics part of the function's behavior
specification.
- Evaluate all the call-state expressions using the given sample
input data and store them in temporary variables.
- Invoke the function with the given sample data to get any
return values.
- Evaluate the predicates for normal and abnormal. If
neither one evaluates to true, then the test failed.
- Using the stored parameter values, call-state values
and the return value, evaluate each of the expressions
that is given in the behavior specifications.
- If any of the expressions evaluates to false, then the
test failed, that is, the (C++) implementation does not
satisfy the ADL/C++ specification for that particular input
data. Otherwise, the test succeeded.
Intuitively this means that any test should conform to either normal
or abnormal behavior, if not there is something wrong with the
implementation, that is, it is either returning a value
or throwing an exception that it is not supposed to. In
addition, a test might fail because it did not cause the
appropriate state change that it is supposed to cause.
For example, consider the following (wrong) implementation of the
Account class whose specification is given in Figure 2.
#include "account.hh"
void Account::Deposit(long amount)
throw(Account::NegativeAmount na)
{
balance = balance + i;
}
void Account::Withdraw(long i) throw
(Account::NegativeAmount na,
Account::InsufficientFunds isf)
{
if (i >= balance)
throw Account::NegativeAmount;
if (i >= balance)
throw Account::InsufficientFunds;
balance == balance - i;
}
As it can be seen, the Account::Withdraw method is
wrong because it does not update the balance. This is not
an unlikely error because of the lexical similarity between
the C++ operators == and =.
Similarly the Account::Deposit method is wrong because it does
not check for the value of amount being negative in
which case it is supposed to throw and exception.
Now, any test for the Withdraw method with a nonnegative
amount will make its post-condition false,
and thus can be classified as a failure. Even though this may
be a simple bug to catch, there might be other examples where
there might be hard-to-catch bugs that can be detected by
testing with appropriate test data (and a correct specification).
Similarly, a test of Account::Deposit with a
negative value for amount will fail because the first
assertion in the semantics fails because amount is
negative and the function did not terminate abnormally (as
the NegativeAmount exception is not thrown).
Thus, an ADL/C++ specification gives some kind of formal basis for
test validation rather than the tester deciding whether the test
failed or succeeded based on some informal specification. It
is also possible to give a more fine-grained test report in case
of a failure, by looking at the individual predicates that have
failed for a particular test data.
Since ADL/C++ is very close to C++, it is relatively easy to
generate code from ADL/C++ specifications that can used for
automating the test validation process. This has the advantage
that a large number of tests can be run automatically whenever
an implementation is modified. Detailed reports for failed tests
can also be generated which can help in quickly locating the
problem in the implementation that caused the test failures.
When testing using ADL/C++ specifications, there could be
calls to constructors, assignment operators and copy constructors.
Hence, users should keep these relatively simple and clean, otherwise,
the testing might become inefficient and imprecise.
At present the test data has to be supplied by the user. We are
currently working on coming up with a language like TDD [8]
to specify test data for testing C++ member functions. In fact,
to a large extent, TDD itself can be used to specify test data
for C++ functions as well.
We are also looking at ways to generate "interesting" test data
from ADL/C++ specifications.
For simple data types, it seems to be
very feasible to automatically generate reasonable test data.
For example, in the
Account::Deposit method, a negative value for the
parameter is interesting because it can cause an exception
to be thrown. So, any reasonable test data should have at
least one such value for amount.
Comparison and Related Work
A++ [1] is a language for annotating C++ programs with semantics
constraints.
This is close to ADL in spirit in that it uses (mostly)
C++ syntax for doing this. But, unlike ADL, A++ provides facilities
for writing complex specifications, like
legal values for datatypes, axioms defining classes etc.
Developing any practically usable tools using A++ is
ambitious, because specifications could range
from high-level axioms for classes to low-level assertions
for statements.
On the other hand, we have started with the modest
goal of associating behavior specifications to functions.
This is shown to be achievable and very useful
by the success of ADLT using ADL/C. So, have we adopted a
similar framework for C++ and are building on
top of this to incrementally support specification of other
features of C++, like classes and inheritance. It has
been demonstrated by our semantic constraints on non-static
virtual functions, that it is possible to develop ADL/C++ for
specifying the more complex features of C++ with this simple
idea as the basis.
The A++ annotations are intrusive, i.e., embedded within
programs, making it
difficult to use with pre-compiled libraries. ADL/C++
specifications are non-intrusive and hence can be
used for specification even when the source code is not
available.
The other effort with similar goals that we know of is Larch/C++
[5]. This is
a member of the Larch family of languages.
This supports two-tiered specifications. First the abstract values are
described in the larch shared language LSL. Then the specifications
of classes are given in Hoare-style pre and post-conditions for member
functions. In our opinion, this is a burdensome process especially
for practitioners who want to use formal specifications, because
specifications have to be written in a different language with
totally different semantics. In ADL also the language is different,
but it is built around C++ and we made it a point to introduce as
little new notation as possible. We should also point out that Larch
has a large collection of LSL traits which can be used to describe
most commonly occurring data structures. However, to be able to pick
the correct trait, one needs to understand the semantics that
describe the behavior of the trait.
To the best of our knowledge, there is no support for testing
C++ implementations against Larch/C++ specifications.
Larch has a very good collection of tools, most important of which
is LP, the larch prover. One can hope to do some reasoning about
Larch/C++ specifications using LP. At present there is no support
for reasoning about ADL specifications.
Conclusions and Future Work
We have designed a specification language ADL/C++ to write
behavioral specifications for C++ programs. The important
aspects of this language are :
- Is easy to learn and use for real software engineers.
We have been careful in designing specification constructs that
are simple and easy to use for the real software engineer. While this
has reduced the expressivity of the language to some extent, it is
surprising how much can still be expressed. ADL/C has shown itself to be
useful and practical at the same time, and ADL/C++ will only improve on this.
- Specifications can be compiled into checking code.
All ADL/C++ specifications may be compiled into code that can
verify correct behavior (or conformance) of API implementations.
Note that this is different from "executable specifications"
where it is possible to generate executable implementations
directly from a specification. In general
executable specifications impose undue restrictions on specification
constructs to simplify the process
of generating executable code. ADL/C++ specifications offer a
reasonable middle ground where the
specifications may be used to efficiently check conformance,
while at the same time allows easy
development of specifications.
- Specifications may be developed independently of the program.
ADL/C++ specifications may be written as separate files
(that "include" C++ header files). Hence ADL/C++ facilitates
the development and use of specifications by organizations that
do not have access to C++ source code (e.g., some proprietary
API's come with precompiled libraries).
- Various kinds of tool support is possible.
Checkable specifications may be used in many ways. A system such
as ADLT uses ADL/C++ for conformance testing. In such a system,
test-data is produced independently of the writing
of the specifications. The tool then generates a driver that
exercises the API on the test-data, checking the system behavior
each time with the specifications. Specifications
may also be used to generate self-checking interfaces in cases
where security is an issue. Self-checking interfaces are also
useful during the development cycle.
The design of the
language is not yet complete. We merely extended the ADL/C-style
post-condition specifications for functions to specify class
method behaviors with some obvious semantic constraints for
virtual member functions.
In C++, classes can also be considered as the basic programming
units in addition to global functions like in C. So, it would
be nice if class behaviors can be specified and tested
just like function behaviors.
Specification of (methods of) abstract classes is difficult
at present. This is because, usually abstract classes do
not have any implementation (or state) information that
can be used for the post-conditions. So, the only way to
do this at present in ADL is to come up with some crude
implementation (using the auxiliary declarations) and
writing the post-conditions using that. This makes
specifying abstract classes complicated.
One way to solve these problems
is to adopt an algebraic specification framework, but it is
not clear how testing can be supported in that
framework.
Considering these issues, it appears some kind of trace-based
specifications on top of the current ADL/C++ specifications
would be a nice way to capture class behaviors, at the same
time preserving the two defining features of ADL - testability
and closeness to the base implementation language. We have
some preliminary ideas in this respect and we will be incorporating
them into ADL/C++ soon.
Availability
The development of the tool is currently in progress.
The initial version will be available in about a year.
Acknowledgments
We would like to thank Rajiv Joshi, Ashvin D'Souza,
Roongko Doong and
Mark Hefner for their participation in the numerous discussions
during the design of
the language. We would also like to thank Deepak Kapur for
his invaluable suggestions for improving the overall quality of
the paper.
References
- M. Cline and D. Lea. The Behavior of C++ Classes.
Proceedings of the Symposium on Object Oriented Programming
Emphasizing Practical Applications, Marist College, 1990.
- Digital Equipment Corporation, Hewlett-Packard
Company, HyperDesk Corporation, NCR Corporation, Object Design, Inc.,
and SunSoft , Inc. The Common Object Request Broker : Architecture
and Specification. Pages 45-80. OMG Document Number 91.12.1, Revision 1.1.
December 1991.
- John V. Guttag and James J. Horning with
S. J. Garland, K. D. Jones, A. Modet and J. M. Wing. Larch : Languages
and Tools for Formal Specification. Springer-Verlag, 1993.
- D. Kapur and D. R. Musser. Tecton: A Framework for
Specifying and Verifying Generic System Components. Rensselaer Polytechnic
Institute Computer Science Technical Report 92-20, July, 1992.
- T. Leavnes. Larch/C++ Reference Manual.
Department of Computer Science, Iowa State University, Sept 1995.
- Liskov and Jeannette M. Wing. A Behavioral
Notion of Subtyping. ACM TOPLAS 16(6):1811-1841, Nov. 1994.
- Sriram Sankar and Roger Hayes. ADL: An Interface
Language for Specifying and Testing Software. In Proceedings of
the Workshop on Interface Definition Languages, January 1994.
- Sriram Sankar, Roger Hayes. Specifying and Testing
Software Components using ADL. SMLI TR-94-23. Sun Microsystems
Laboratories, Inc., April 1994.
- J. M. Spivey. Understanding Z, A Specification
Language and its Formal Semantics. Cambridge University Press, 1988.
Tracts in Theoretical Computer Science, Volume 3.
- Bjarne Stroustrup. The C++ Programming
Language. Addison-Wesley, 1991.
- Sun Microsystems Inc., U.S.A., and Information
Technology Promotion Agency, Japan. ADL Translator Design
Specification. Document number MITI/0001/D/0.1. August 1993.
#ifndef ACCOUNT_HH
#define ACCOUNT_HH 1
class Account
{
public :
enum { MAX_ACCOUNT_NUM = 100 };
enum AccountTypes { CHECKING = 1, SAVINGS };
private :
const AccountTypes accountType;
const int accountNum;
long balance;
public:
// Exception classes.
struct InvalidAccountNum {
const int num;
InvalidAccountNum(int i) : num(i) { };
};
struct InvalidAccountType {
const int type;
InvalidAccountType(int i) : type(i) { };
};
struct InsufficientFunds {
const long bal;
InsufficientFunds(long i) : bal(i) { };
};
struct NegativeAmount {
const long amt;
NegativeAmount(long i) : amt(i) { };
};
// Interface
virtual void Deposit(long amount)
throw(NegativeAmount);
virtual void Withdraw(long amount)
throw(NegativeAmount , InsufficientFunds );
Account(AccountTypes type, int num, long bal = 0)
throw(InvalidAccountNum, InvalidAccountType);
};
#endif /* ACCOUNT_HH */
Figure 1: A Bank Account Class Declaration
specification AccountSpec
{
#include "account.hh"
void Account::Deposit(long amount) throw(Account::NegativeAmount na)
semantics
[ abnormal := thrown(na); ]
{
(amount < 0) <:> thrown(na);
normal ==> balance == @balance + amount;
abnormal ==> unchanged(balance);
};
void Account::Withdraw(long amount)
throw(Account::NegativeAmount na, Account::InsufficientFunds isf)
semantics
[ abnormal := thrown(na) || thrown(isf); ]
{
(amount > @balance) <:> thrown(isf);
amount < 0 <:> thrown(na);
thrown(isf) ==> (isf.bal == balance);
thrown(na) ==> (na.amt == amount);
if (abnormal) { unchanged(balance); }
else { balance == @balance - amount; };
};
Account::Account(AccountTypes type, int num, long bal)
throw(Account::InvalidAccountNum ian,
Account::InvalidAccountType iat)
semantics
{
(num < 1 || num) > MAX_ACCOUNT_NUM <:> thrown(ian);
(type != CHECKING && type != SAVINGS) <:> thrown(iat);
thrown(ian) ==> (ian.num == num);
thrown(iat) ==> (iat.type == type);
if (normal) {
accountNum == num; accountType == type; balance == bal;
};
};
};
Figure 2: A Specification of a Bank Account Class
with [AccountSpec] // Inherit the previous specification
specification NewAccountSpec
{
class OverdraftAccount : public Account {
long maxOverDraft; // Max overdraft allowed (can change)
long overDraft; // How much overdrawn
public :
OverdraftAccount(AccountTypes type, int num, long bal)
: Account(type, num, bal + maxOverDraft) {
overDraft = 0;
};
void Withdraw(long amount) throw(Account::NegativeAmount na,
Account::InsufficientFunds isf)
semantics {
if (normal && bal < maxOverDraft) {
overDraft == maxOverDraft - bal;
};
};
};
};
Figure 3: A Specification Using Inheritance and Virtual Functions
* This work is supported by funding from Sun Microsystems Laboratories.
TM JavaTM is a trademark of Sun Microsystems Inc.
1Upward compatibility of will be maintained so that existing
ADL/C specifications can work with the new set of tools.
2This is a partial specification because no return value can satisfy
the behavior specification if the input value of the parameter x
is zero or a negative number. This can be easily fixed using exceptions.
From sreeni@cs.albany.edu Mon May 6 10:50:57 1996
Received: from cs.albany.edu by usenix.ORG (4.1/1.29-emg890317)
id AA12117; Mon, 6 May 96 10:50:57 PDT
Received: from bhaskara.cs.albany.edu (sreeni@bhaskara.cs.albany.edu [128.204.2.40]) by cs.albany.edu (8.7.4/HUB03) with ESMTP id NAA25808; Mon, 6 May 1996 13:48:59 -0400 (EDT)
From: Sreenivasa Rao Viswanadha
Received: (from sreeni@localhost) by bhaskara.cs.albany.edu (8.7.4/CLI2) id NAA19728; Mon, 6 May 1996 13:48:54 -0400 (EDT)
Date: Mon, 6 May 1996 13:48:54 -0400 (EDT)
Message-Id: <199605061748.NAA19728@bhaskara.cs.albany.edu>
To: cootsascii@usenix.ORG
Subject: PostScript version of our paper for COOTS 96.
X-Sun-Charset: US-ASCII
Status: RO
Find enclosed a PostScript version of our paper titled - "Preliminary Design
of ADL/C++ - A Specification Language for C++" for the COOTS 96 conference.
Thanks,
Sreeni.
/*************************** begin include ***********************/
%!PS-Adobe-2.0
%%Creator: dvipsk 5.528a Copyright 1986, 1994 Radical Eye Software
%%Title: cootsfinal.dvi
%%Pages: 15
%%PageOrder: Ascend
%%BoundingBox: 0 0 612 792
%%EndComments
%DVIPSCommandLine: dvips cootsfinal
%DVIPSParameters: dpi=300, compressed, comments removed
%DVIPSSource: TeX output 1996.05.06:1305
%%BeginProcSet: texc.pro
/TeXDict 250 dict def TeXDict begin /N{def}def /B{bind def}N /S{exch}N
/X{S N}B /TR{translate}N /isls false N /vsize 11 72 mul N /hsize 8.5 72
mul N /landplus90{false}def /@rigin{isls{[0 landplus90{1 -1}{-1 1}
ifelse 0 0 0]concat}if 72 Resolution div 72 VResolution div neg scale
isls{landplus90{VResolution 72 div vsize mul 0 exch}{Resolution -72 div
hsize mul 0}ifelse TR}if Resolution VResolution vsize -72 div 1 add mul
TR[matrix currentmatrix{dup dup round sub abs 0.00001 lt{round}if}
forall round exch round exch]setmatrix}N /@landscape{/isls true N}B
/@manualfeed{statusdict /manualfeed true put}B /@copies{/#copies X}B
/FMat[1 0 0 -1 0 0]N /FBB[0 0 0 0]N /nn 0 N /IE 0 N /ctr 0 N /df-tail{
/nn 8 dict N nn begin /FontType 3 N /FontMatrix fntrx N /FontBBox FBB N
string /base X array /BitMaps X /BuildChar{CharBuilder}N /Encoding IE N
end dup{/foo setfont}2 array copy cvx N load 0 nn put /ctr 0 N[}B /df{
/sf 1 N /fntrx FMat N df-tail}B /dfs{div /sf X /fntrx[sf 0 0 sf neg 0 0]
N df-tail}B /E{pop nn dup definefont setfont}B /ch-width{ch-data dup
length 5 sub get}B /ch-height{ch-data dup length 4 sub get}B /ch-xoff{
128 ch-data dup length 3 sub get sub}B /ch-yoff{ch-data dup length 2 sub
get 127 sub}B /ch-dx{ch-data dup length 1 sub get}B /ch-image{ch-data
dup type /stringtype ne{ctr get /ctr ctr 1 add N}if}B /id 0 N /rw 0 N
/rc 0 N /gp 0 N /cp 0 N /G 0 N /sf 0 N /CharBuilder{save 3 1 roll S dup
/base get 2 index get S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx
0 ch-xoff ch-yoff ch-height sub ch-xoff ch-width add ch-yoff
setcachedevice ch-width ch-height true[1 0 0 -1 -.1 ch-xoff sub ch-yoff
.1 sub]/id ch-image N /rw ch-width 7 add 8 idiv string N /rc 0 N /gp 0 N
/cp 0 N{rc 0 ne{rc 1 sub /rc X rw}{G}ifelse}imagemask restore}B /G{{id
gp get /gp gp 1 add N dup 18 mod S 18 idiv pl S get exec}loop}B /adv{cp
add /cp X}B /chg{rw cp id gp 4 index getinterval putinterval dup gp add
/gp X adv}B /nd{/cp 0 N rw exit}B /lsh{rw cp 2 copy get dup 0 eq{pop 1}{
dup 255 eq{pop 254}{dup dup add 255 and S 1 and or}ifelse}ifelse put 1
adv}B /rsh{rw cp 2 copy get dup 0 eq{pop 128}{dup 255 eq{pop 127}{dup 2
idiv S 128 and or}ifelse}ifelse put 1 adv}B /clr{rw cp 2 index string
putinterval adv}B /set{rw cp fillstr 0 4 index getinterval putinterval
adv}B /fillstr 18 string 0 1 17{2 copy 255 put pop}for N /pl[{adv 1 chg}
{adv 1 chg nd}{1 add chg}{1 add chg nd}{adv lsh}{adv lsh nd}{adv rsh}{
adv rsh nd}{1 add adv}{/rc X nd}{1 add set}{1 add clr}{adv 2 chg}{adv 2
chg nd}{pop nd}]dup{bind pop}forall N /D{/cc X dup type /stringtype ne{]
}if nn /base get cc ctr put nn /BitMaps get S ctr S sf 1 ne{dup dup
length 1 sub dup 2 index S get sf div put}if put /ctr ctr 1 add N}B /I{
cc 1 add D}B /bop{userdict /bop-hook known{bop-hook}if /SI save N @rigin
0 0 moveto /V matrix currentmatrix dup 1 get dup mul exch 0 get dup mul
add .99 lt{/QV}{/RV}ifelse load def pop pop}N /eop{SI restore userdict
/eop-hook known{eop-hook}if showpage}N /@start{userdict /start-hook
known{start-hook}if pop /VResolution X /Resolution X 1000 div /DVImag X
/IE 256 array N 0 1 255{IE S 1 string dup 0 3 index put cvn put}for
65781.76 div /vsize X 65781.76 div /hsize X}N /p{show}N /RMat[1 0 0 -1 0
0]N /BDot 260 string N /rulex 0 N /ruley 0 N /v{/ruley X /rulex X V}B /V
{}B /RV statusdict begin /product where{pop product dup length 7 ge{0 7
getinterval dup(Display)eq exch 0 4 getinterval(NeXT)eq or}{pop false}
ifelse}{false}ifelse end{{gsave TR -.1 .1 TR 1 1 scale rulex ruley false
RMat{BDot}imagemask grestore}}{{gsave TR -.1 .1 TR rulex ruley scale 1 1
false RMat{BDot}imagemask grestore}}ifelse B /QV{gsave newpath transform
round exch round exch itransform moveto rulex 0 rlineto 0 ruley neg
rlineto rulex neg 0 rlineto fill grestore}B /a{moveto}B /delta 0 N /tail
{dup /delta X 0 rmoveto}B /M{S p delta add tail}B /b{S p tail}B /c{-4 M}
B /d{-3 M}B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B /j{3 M}B /k{
4 M}B /w{0 rmoveto}B /l{p -4 w}B /m{p -3 w}B /n{p -2 w}B /o{p -1 w}B /q{
p 1 w}B /r{p 2 w}B /s{p 3 w}B /t{p 4 w}B /x{0 S rmoveto}B /y{3 2 roll p
a}B /bos{/SS save N}B /eos{SS restore}B end
%%EndProcSet
TeXDict begin 40258431 52099146 1000 300 300 (cootsfinal.dvi)
@start /Fa 2 111 df<123E12065AA45A137013B8EA1938EA3230EA34001238123E1263
1310A3EAC320EAC1C00D147E9312>107 D110 D E /Fb 43 122 df12 D45 D<1238127C12FEA3127C123807077C8610>I<
13181378EA01F812FFA21201B3A7387FFFE0A213207C9F1C>49 DI<13FE3807FFC0380F07E0381E03F0123FEB81F8A3EA1F0314F0120014E0EB07C0
EB1F803801FE007F380007C0EB01F014F8EB00FCA2003C13FE127EB4FCA314FCEA7E0100
7813F8381E07F0380FFFC03801FE0017207E9F1C>I<14E013011303A21307130F131FA2
1337137713E7EA01C71387EA03071207120E120C12181238127012E0B512FEA2380007E0
A7EBFFFEA217207E9F1C>I<1470A214F8A3497EA2497EA3EB06FF80010E7FEB0C3FA201
187F141F01387FEB300FA201607F140701E07F90B5FCA239018001FCA200038090C7FCA2
0006147FA23AFFE00FFFF8A225227EA12A>65 DIII<
B612FCA23807F000153C151C150C150EA215061418A3150014381478EBFFF8A2EBF07814
381418A21503A214001506A3150EA2151E153EEC01FCB6FCA220227EA125>III76 DI<
EB07FC90383FFF809038FC07E03903F001F848486C7E4848137E48487FA248C7EA1F80A2
4815C0007E140FA200FE15E0A9007E15C0007F141FA26C15806D133F001F15006C6C137E
6C6C5B6C6C485A3900FC07E090383FFF80D907FCC7FC23227DA12A>79
DII<3801FC043807FF8C381F03FC383C007C007C133C0078131CA200F8130CA27E1400B4
FC13E06CB4FC14C06C13F06C13F86C13FC000313FEEA003FEB03FFEB007F143FA200C013
1FA36C131EA26C133C12FCB413F838C7FFE00080138018227DA11F>83
D<007FB61280A2397E03F80F00781407007014030060140100E015C0A200C01400A40000
1500B3A20003B512F8A222227EA127>III97
DII
I<13FE3807FF80380F87C0381E01E0003E13F0EA7C0014F812FCA2B5FCA200FCC7FCA312
7CA2127E003E13186C1330380FC0703803FFC0C6130015167E951A>I<3803FC1E380FFF
7F381F0F8F383E07CF383C03C0007C13E0A5003C13C0EA3E07381F0F80EBFF00EA13FC00
30C7FCA21238383FFF806C13F06C13F84813FCEA380048133E00F0131EA40078133C007C
137C383F01F8380FFFE00001130018217E951C>103 DI<121C123E127FA3123E121C
C7FCA7B4FCA2121FB2EAFFE0A20B247EA310>I
108 D<3AFF07F007F090391FFC1FFC3A1F303E303E01401340496C487EA201001300AE3B
FFE0FFE0FFE0A22B167E9530>I<38FF07E0EB1FF8381F307CEB403CEB803EA21300AE39
FFE1FFC0A21A167E951F>I<13FE3807FFC0380F83E0381E00F0003E13F848137CA300FC
137EA7007C137CA26C13F8381F01F0380F83E03807FFC03800FE0017167E951C>I<38FF
0FE0EB3FF8381FF07CEB803E497E1580A2EC0FC0A8EC1F80A29038803F00EBC03EEBE0FC
EB3FF8EB0FC090C8FCA8EAFFE0A21A207E951F>I114 DI<487EA41203A21207A2120F123FB5FCA2EA0F80AB
EB8180A5EB8300EA07C3EA03FEEA00F811207F9F16>I<38FF01FEA2381F003EAF147E14
FE380F81BE3907FF3FC0EA01FC1A167E951F>I<3AFFE7FF07F8A23A1F007800C0D80F80
EB0180147CA23A07C07E030014DE01E05B0003EBDF06EBE18FD801F15B01F3138C9038FB
079C000014D8EBFE03017E13F0A2EB7C01013C5BEB380001185B25167F9528>119
D<39FFE07FC0A2390F801C006C6C5A6C6C5AEBF0606C6C5A3800F980137F6DC7FC7F8049
7E1337EB63E0EBC1F03801C0F848487E3807007E000E133E39FF80FFE0A21B167F951E>
I<39FFE01FE0A2390F800600A2EBC00E0007130CEBE01C00031318A26C6C5AA26C6C5AA2
EB7CC0A2137F6D5AA26DC7FCA2130EA2130CA25B1278EAFC3813305BEA69C0EA7F80001F
C8FC1B207F951E>I E /Fc 1 121 df120 D E /Fd 5 107
df3 D15 D<133C13E0EA01C013801203AD13005A121C12F0
121C12077E1380AD120113C0EA00E0133C0E297D9E15>102 D<12F0121C12077E1380AD
120113C0EA00E0133C13E0EA01C013801203AD13005A121C12F00E297D9E15>I<12C0B3
B3A502297B9E0C>106 D E /Fe 20 119 df<126012F0A2126004047C830C>58
D<126012F0A212701210A41220A212401280040C7C830C>II<12E01278121EEA0780EA01E0EA007813
1EEB0780EB01E0EB0078141EEC0780A2EC1E001478EB01E0EB0780011EC7FC1378EA01E0
EA0780001EC8FC127812E019187D9520>62 D<39FFC00FF0391E000380001C140014025C
121E000E5BA25C5CA25C5CA2D80F01C7FC120713025BA25B1318131013A0120313C05BA2
90C8FCA21C1D7D9B18>86 D97 D<123F1207A2120EA45AA4EA39E0EA3A30
EA3C1812381270131CA3EAE038A313301370136013C01261EA2300121E0E1D7E9C12>I<
EA01F0EA030C120EEA1C1EEA383CEA3018EA7000A25AA51304EA60081310EA3060EA1F80
0F127E9112>I101 DIIII<1307130F
A213061300A61370139CEA010C1202131C12041200A21338A41370A413E0A4EA01C01261
EAF180EAF30012E6127C1024809B11>III<13F8EA030CEA0E06487E1218123000701380A238E00700A3130EA25B
EA60185BEA30E0EA0F8011127E9114>111 D114 D<13C01201A3EA0380A4EAFFF0EA0700A3
120EA45AA4EA3820A21340A2EA1880EA0F000C1A80990F>116 D118
D E /Ff 25 122 df12 D45
D<127812FCA4127806067D850D>I97
DIIII<137F3801E3803803C7C0EA0787120FEB8380EB8000A5EA
FFF8A2EA0F80AEEA7FF8A2121D809C0F>I<3803F8F0380E0F38121E381C0730003C1380
A4001C1300EA1E0FEA0E0EEA1BF80010C7FC1218A2EA1FFF14C06C13E04813F0387801F8
38F00078A300701370007813F0381E03C03807FF00151B7F9118>II<121E123FA4121EC7FCA6
B4FCA2121FAEEAFFE0A20B1E7F9D0E>I108
D<39FF0FC07E903831E18F3A1F40F20780D980FC13C0A2EB00F8AB3AFFE7FF3FF8A22512
7F9128>I<38FF0FC0EB31E0381F40F0EB80F8A21300AB38FFE7FFA218127F911B>II<38FF3F80EBE1E0381F80F0EB0078147C143C143EA6
143C147C1478EB80F0EBC1E0EB3F0090C7FCA6EAFFE0A2171A7F911B>I114 DI<1203A45AA25AA2EA3FFC12FFEA1F00A9130CA4EA0F08EA0798EA03F00E1A
7F9913>I<38FF07F8A2EA1F00AC1301120F380786FFEA01F818127F911B>I<38FFC1FCA2
381F0060EB80E0000F13C013C03807C180A23803E300A2EA01F6A213FE6C5AA21378A213
3016127F9119>I<39FF8FF8FEA2391F03E030A201831370000FEBF0601386D807C613C0
EBCEF8EBEC790003EB7D80EBF83D0001EB3F00A2497E0000131EEBE00EA21F127F9122>
I<38FFC7FCA2381F8180EA0F833807C700EA03EEEA01FC5B1200137C13FEEA01DFEA039F
38070F80380607C0380C03E038FF07FCA216127F9119>I<38FFC1FCA2381F0060EB80E0
000F13C013C03807C180A23803E300A2EA01F713F6EA00FE5BA21378A21330A21370EA70
6012F85BEAF9800073C7FC123E161A7F9119>I E /Fg 2 85 df77 D84 D E /Fh 1 44 df<130C131EAA007FB51280B612C0A26C1480D8001EC7FCAA
130C1A1A7E9E1F>43 D E /Fi 2 85 df77 D84
D E /Fj 2 51 df<120C121C12EC120CAFEAFFC00A137D9211>49
D<121FEA60C01360EAF07013301260EA0070A2136013C012011380EA02005AEA08101210
EA2020EA7FE012FF0C137E9211>I E /Fk 3 51 df<1204A2EAC460EAE4E0EA3F80EA0E
00EA3F80EAE4E0EAC460EA0400A20B0B7F920F>42 D<120C123C12CC120CACEAFF800910
7E8F0F>49 D<121FEA6180EA40C0EA806012C01200A213C0EA0180EA030012065AEA1020
1220EA7FC012FF0B107F8F0F>I E /Fl 53 123 df<903801FC3C9038060E67010C13C7
90381C0DC6EC01C01338EC0380A413700007B512F83900700700A313E0140EA4EA01C05C
A4EA03805CA31300481330147000061360EAC66038E470C038C86180D8703EC7FC202581
9C19>11 DI<903901FE0FF090390307380C0106137090390C06601C90391C00E00CEDC0
0014011338A34A5A0003B612F03A0070038070A3020713E01500A213E0ED01C0A2140EA2
D801C0EB0388A3021C13901501D80380EB00E016005C13001430EAC63038E6386038CC30
C0D8781FC8FC2625819C25>14 D35
D<13031306130813181330136013C0A2EA0180EA0300A21206A25AA2121C1218A2123812
30A21270A21260A412E0A51260A51220123012107EA2102A7B9E11>40
D<1310A21308130C13041306A51307A51306A4130EA2130CA2131C1318A213381330A213
60A213C0A2EA0180EA0300A212065A5A121012605A102A809E11>I<1218123812781238
1208A21210A212201240A21280050C7D830D>44 DI<12301278
12F0126005047C830D>I<1206120FA212061200AA1230127812F0126008127C910D>58
D64 D<1418A21438A21478A214B813
0114381302143CEB041CA21308131813101320A2EB7FFCEB401C1380120113001202A248
7F120C001C131EB4EBFFC01A1D7E9C1F>I<3801FFFE39003C078090383803C01401A313
701403A2EC078001E01300140E143CEBFFF83801C01C80140FA2EA0380A43807001E141C
143C5C380E01E0B512801A1C7D9B1D>I<903803F02090381E0C6090383002E09038E003
C03801C001EA038048C7FC000E1480121E121C123C15005AA35AA41404A35C12705C6C5B
00185B6C485AD80706C7FCEA01F81B1E7A9C1E>I<3801FFFE39003C078090383801C0A2
EC00E0A24913F01570A215F05BA43901C001E0A315C0380380031580140715003807000E
5C5C5C380E01C0B5C7FC1C1C7D9B1F>I<48B512E038003C00013813601540A35BA21420
1500495AA214C013FF3801C080A43803810113801402A248485AA2140C5C000E1378B55A
1B1C7D9B1C>I<48B512C038003C01EB38001580A35BA214201500495AA214C013FF3801
C080A4D80381C7FC1380A348C8FCA45AEAFFF01A1C7D9B1B>I<3801FFC038003C001338
A45BA45BA4485AA4485AA448C7FCA45AEAFFE0121C7E9B10>73 D<3801FFE038003C0013
38A45BA45BA4485AA438038008A31410EA07001430146014E0380E03C0B5FC151C7D9B1A
>76 DI<3901FC03FE39001C0070013C1360012E1340A301471380
A3EB43809038838100A2138114C1380101C2A2EB00E2A2000213E41474A3481338A3000C
1318001C1310EAFF801F1C7D9B1F>II<3801FFFC38003C079038380380
EC01C0A3EB7003A31580EBE0071500140E14383801FFE001C0C7FCA3485AA448C8FCA45A
EAFFE01A1C7D9B1C>I83 D<001FB512C0381C070138300E0000201480126012
405B1280A2000014005BA45BA45BA4485AA41203EA7FFE1A1C799B1E>I<39FF803FC039
1C000F0014045CA25CA25C5CA2001E5B120E49C7FC1302A25BA25B131813105B12075B13
C05B90C8FCA21206A21A1D779B1F>86 D<3AFF83FF0FF03A3C007001C00038158002F013
001502EB01705D13025DEA1C045D13085D13105D13205DEB407192C7FCEB8072121DEB00
74121E1478121C1470121814601210241D779B29>I97
D<123F1207A2120EA45AA4EA39C0EA3E60EA3830A2EA7038A4EAE070A3136013E0EAC0C0
12C1EA6180EA6300123C0D1D7B9C13>IIIII<13F3EA01
8FEA030FEA0607EA0E0E120C121CA2EA381CA413381230A2EA187813F0EA0F701200A213
E0A2EAC0C012E1EAC300127E101A7D9113>II<
EA01801203EA0100C7FCA7121C12261247A2128EA2120E5AA35AA21271A31272A2123C09
1C7C9B0D>I<1306130E13061300A713F0EA01181202A2EA0438A21200A21370A413E0A4
EA01C0A4EA0380A2EAC30012E712CE12780F24819B0D>III<393C1E078039266318C0394683A0E0384703C0008E1380
A2120EA2391C0701C0A3EC0380D8380E1388A2EC0708151039701C032039300C01C01D12
7C9122>IIIIIII<13C01201A3EA0380A4EAFFE0EA0700A3120EA45AA4EA3840A31380
EA1900120E0B1A7D990E>III<381E01833827038712
47148338870701A2120EA2381C0E02A31404EA180C131C1408001C1310380C26303807C3
C018127C911C>IIII E /Fm
74 126 df<126012F0AF12601200A4126012F0A212600419779816>33
DII38 D<13E01201EA0380EA070012
0E5AA25AA25AA35AA91270A37EA27EA27E7EEA0380EA01E012000B217A9C16>40
D<12C07E12707E7E7EA27EA2EA0380A3EA01C0A9EA0380A3EA0700A2120EA25A5A5A5A5A
0A217B9C16>II
I<1238127C127EA2123E120E121E121C127812F01260070B798416>II<127012F8A312700505788416>IIIII<127012F8A312701200A8127012F8A312700512789116>58
D<1238127CA312381200A812381278127CA2123C121CA21238127012E012400618799116
>III<12C012F012FC123EEA0F806C7EEA01F06C7E133EEB1F801307
131FEB3E0013F8485AEA07C0485A003EC7FC12FC12F012C011157E9616>I<13F8EA03FC
487EEA0F07381C3F80EA387FEA78FF3871C3C0A2EAE381A73871C380A23878FF00EA387E
EA1C3C380F03C0EA07FF6C1300EA00FC12197E9816>64 D<13E0487EA213B0A2EA03B8A3
1318EA071CA5EA0E0EA2EA0FFEA2487EEA1C07A3387F1FC000FF13E0007F13C013197F98
16>II<3801F180EA07FBEA0FFFEA
1F0FEA3C07EA38031270A200F0C7FC5AA77E38700380A21238383C0700EA1F0FEA0FFE6C
5AEA01F011197E9816>II<387FFFC0B5FC7EEA1C
01A490C7FCA2131CA2EA1FFCA3EA1C1CA290C7FC14E0A5EA7FFFB5FC7E13197F9816>I<
B512E0A3EA1C00A41400A2131CA2EA1FFCA3EA1C1CA290C7FCA6B47E7F5B13197F9816>
II<387F1FC038FFBFE038
7F1FC0381C0700A7EA1FFFA3EA1C07A9387F1FC038FFBFE0387F1FC013197F9816>II<387F0FE038FF8FF0387F0FE0381C0780EB0F
00130E5B133C5B5B5BEA1DF0121F7F1338EA1E1C121C7FA27FA2EB0380387F07E038FF8F
F0387F07E01419809816>75 D<38FC07E0EAFE0FA2383A0B80EA3B1BA513BBEA39B3A413
F3EA38E3A21303A538FE0FE0A313197F9816>77 D<387E1FC038FF3FE0387F1FC0381D07
001387A313C7A2121CA213E7A31367A21377A21337A31317EA7F1FEAFF9FEA7F0F13197F
9816>III
82 DI<387FFFE0B5
FCA2EAE0E0A400001300AFEA07FC487E6C5A13197F9816>I<387F07F038FF8FF8387F07
F0381C01C0B0380E0380A23807070013FF6C5AEA00F81519809816>I<38FE0FE0EAFF1F
EAFE0F38380380381C0700A4EA0E0EA4EA060CEA071CA4EA031813B8A3EA01B013F0A26C
5A13197F9816>I<38FC07E0EAFE0FEAFC07387001C0A300301380EA3803A313E3EA39F3
A213B300191300A61313EA1B1BEA0F1EA2EA0E0E13197F9816>I<387F1F80133F131F38
0E1E00131CEA073C1338EA03B813F012015B120012017F120313B81207131CA2EA0E0EA2
487E387F1FC000FF13E0007F13C013197F9816>I91 D93 D95 D97 D<127E12FE127E120EA4133E13FF000F1380EB83
C0EB00E0120E1470A614E0EA0F01EB83C0EBFF80000E1300EA063C1419809816>II<133F5B7F1307A4EA03C7EA0FF748B4FCEA3C1F487EEA700712E0A6EA70
0FA2EA3C1F381FFFE0380FE7F03807C7E014197F9816>II<131FEB7F8013FFEA01E7EBC30013C0A2EA7FFFB5FCA2EA01C0ACEA3FFE487E6C5A
11197F9816>I<3803E3C03807F7E0EA0FFF381C1CC038380E00A56C5AEA0FF8485AEA1B
E00038C7FC1218EA1FFC13FF481380387803C038E000E0A4387001C0EA7C07383FFF8038
0FFE00EA03F8131C7F9116>I<127E12FE127E120EA4133C13FEEA0FFFEB87801303120E
AA387FC7F038FFE7F8387FC7F01519809816>II<13301378A213301300A4EA1FF8A3EA0038B3EA
6070EAF0F0EAFFE0EA7FC0EA3F800D237E9916>I<127E12FE127E120EA4EB7FE0A3EB0F
00131E5B5B5B120F7F13BC131EEA0E0E7F1480387F87F0EAFFCFEA7F871419809816>I<
EAFFC0A31201B3B51280A311197E9816>I<38F9C38038FFEFC0EBFFE0EA3C78A2EA3870
AA38FE7CF8A2EB3C781512809116>IIIII<38FF
0FC0EB3FE0137F3807F040EBC0005BA290C7FCA8EAFFFCA313127F9116>II<12035AA4EA7FFFB5FCA20007C7FCA75BEB0380A3EB87
00EA03FE6C5A6C5A11177F9616>I<387E1F80EAFE3FEA7E1FEA0E03AB130F380FFFF038
07FBF83803E3F01512809116>I<387F1FC000FF13E0007F13C0381C0700EA1E0FEA0E0E
A36C5AA4EA03B8A3EA01F0A26C5A13127F9116>I<38FF1FE013BF131F38380380A413E3
3819F300A213B3EA1DB7A4EA0F1EA313127F9116>I<387F1FC0133F131F380F1C00EA07
3CEA03B813F012016C5A12017FEA03B8EA073C131CEA0E0E387F1FC038FF3FE0387F1FC0
13127F9116>I<387F1FC038FF9FE0387F1FC0381C0700120E130EA212075BA2EA039CA2
1398EA01B8A2EA00F0A35BA3485A1279127BEA7F806CC7FC123C131B7F9116>I<383FFF
C05AA238700780EB0F00131EC65A5B485A485AEA078048C7FC381E01C0123C1278B5FCA3
12127F9116>II<12E0B3AE0320779C16>I<127CB4FC7FEA03C012
01A97F6CB4FCEB7F80A2EBFF00EA01E05BA91203B45A90C7FC127C11207E9C16>I
E /Fn 82 123 df11 D<137E3801C180EA0301380703C0120EEB
018090C7FCA5B512C0EA0E01B0387F87F8151D809C17>II<90383F07E03901C09C18380380F0D807
01133C000E13E00100131892C7FCA5B612FC390E00E01CB03A7FC7FCFF80211D809C23>
I<126012F0A71260AD1200A5126012F0A21260041E7C9D0C>33 DI<126012F012F8126812
08A31210A2122012401280050C7C9C0C>39 D<13401380EA0100120212065AA25AA25AA2
12701260A312E0AC1260A312701230A27EA27EA27E12027EEA008013400A2A7D9E10>I<
7E12407E7E12187EA27EA27EA213801201A313C0AC1380A312031300A21206A25AA25A12
105A5A5A0A2A7E9E10>II<1306ADB612E0A2D80006C7FCAD1B1C7E9720>
I<126012F0A212701210A41220A212401280040C7C830C>II<12
6012F0A2126004047C830C>I<130113031306A3130CA31318A31330A31360A213C0A3EA
0180A3EA0300A31206A25AA35AA35AA35AA35AA210297E9E15>II<12035A123F12C71207B3A4EA0F80EAFFF80D1C7C9B15>III<130CA2131C133CA2135C13
DC139CEA011C120312021204120C1208121012301220124012C0B512C038001C00A73801
FFC0121C7F9B15>II<
13F0EA030CEA0604EA0C0EEA181E1230130CEA7000A21260EAE3E0EAE430EAE818EAF00C
130EEAE0061307A51260A2EA7006EA300E130CEA1818EA0C30EA03E0101D7E9B15>I<12
40387FFF801400A2EA4002485AA25B485AA25B1360134013C0A212015BA21203A41207A6
6CC7FC111D7E9B15>III<126012F0A212601200AA126012F0A2126004127C910C>I<12
6012F0A212601200AA126012F0A212701210A41220A212401280041A7C910C>I<007FB5
12C0B612E0C9FCA8B612E06C14C01B0C7E8F20>61 D64 D<1306A3130FA3EB1780A3EB23C0A3EB41E0A3EB80F0A200017FEB0078
EBFFF83803007C0002133CA20006133E0004131EA2000C131F121E39FF80FFF01C1D7F9C
1F>II<90381F8080EBE06138018019
38070007000E13035A14015A00781300A2127000F01400A8007014801278A212386CEB01
00A26C13026C5B380180083800E030EB1FC0191E7E9C1E>IIII<90381F80
80EBE0613801801938070007000E13035A14015A00781300A2127000F01400A6ECFFF0EC
0F80007013071278A212387EA27E6C130B380180113800E06090381F80001C1E7E9C21>
I<39FFF3FFC0390F003C00ACEBFFFCEB003CAD39FFF3FFC01A1C7E9B1F>III<39FFF03FE0390F000F00140C14085C5C5C5C49C7FC13025B130E
131F132FEB27801347EB83C0EB01E0A26D7E80147880A280141F158039FFF07FF01C1C7E
9B20>I
IIIII82
D<3807E080EA1C19EA3005EA7003EA600112E01300A36C13007E127CEA7FC0EA3FF8EA1F
FEEA07FFC61380130FEB07C0130313011280A300C01380A238E00300EAD002EACC0CEA83
F8121E7E9C17>I<007FB512C038700F010060130000401440A200C014201280A3000014
00B1497E3803FFFC1B1C7F9B1E>I<39FFF07FC0390F000E001404B3A26C5B138000035B
12016C6C5AEB70C0011FC7FC1A1D7E9B1F>I<39FFE00FF0391F0003C06CEB018015006D
5A00071302A26C6C5AA36C6C5AA213F000005BA2EBF830EB7820A26D5AA36D5AA2131F6D
C7FCA21306A31C1D7F9B1F>I<3AFFE0FFE0FF3A1F001F003C001E011E13186C011F1310
A3D807801420EC2780A2D803C01440EC43C0A213E00001903881E080A33A00F100F100A3
017913FA017A137AA2013E137C013C133CA301181318A3281D7F9B2B>I<397FF0FFC039
0FC03E0038078018EA03C0EBE01000015BEBF06000001340EB7880137D013DC7FC7F131F
7F80A2EB13C0EB23E01321EB41F0EBC0F8EB80783801007C48133C00027F0006131F001F
EB3F8039FFC0FFF01C1C7F9B1F>I<387FFFF0EA7C01007013E0386003C0A23840078013
0F1400131E12005B137C13785BA2485A1203EBC010EA0780A2EA0F00481330001E13205A
14604813E0EAF803B5FC141C7E9B19>90 D<12FEA212C0B3B312FEA207297C9E0C>II<12
FEA21206B3B312FEA20729809E0C>I97
D<12FC121CAA137CEA1D86EA1E03381C018014C0130014E0A614C013011480381E0300EA
1906EA10F8131D7F9C17>II<133F1307AAEA03E7EA0C17EA180F487E12
70126012E0A61260127012306C5AEA0C373807C7E0131D7E9C17>II<13F8EA018CEA071E1206EA0E0C1300A6EAFFE0EA0E00B0EA7FE00F1D809C
0D>II<12FC121CAA137C1387EA1D03001E1380121CAD38FF9FF0141D
7F9C17>I<1218123CA21218C7FCA712FC121CB0EAFF80091D7F9C0C>I<13C0EA01E0A2EA
00C01300A7EA0FE01200B3A21260EAF0C012F1EA6180EA3E000B25839C0D>I<12FC121C
AAEB3FC0EB0F00130C13085B5B5B13E0121DEA1E70EA1C781338133C131C7F130F148038
FF9FE0131D7F9C16>I<12FC121CB3A9EAFF80091D7F9C0C>I<39FC7E07E0391C83883839
1D019018001EEBE01C001C13C0AD3AFF8FF8FF8021127F9124>IIIIIII<1204A4120CA212
1C123CEAFFE0EA1C00A91310A5120CEA0E20EA03C00C1A7F9910>I<38FC1F80EA1C03AD
1307120CEA0E1B3803E3F014127F9117>I<38FF07E0383C0380381C0100A2EA0E02A26C
5AA3EA0388A213D8EA01D0A2EA00E0A3134013127F9116>I<39FF3FCFE0393C0F038038
1C07011500130B000E1382A21311000713C4A213203803A0E8A2EBC06800011370A2EB80
30000013201B127F911E>I<387F8FF0380F03801400EA0702EA0384EA01C813D8EA00F0
1370137813F8139CEA010E1202EA060738040380381E07C038FF0FF81512809116>I<38
FF07E0383C0380381C0100A2EA0E02A26C5AA3EA0388A213D8EA01D0A2EA00E0A31340A2
5BA212F000F1C7FC12F31266123C131A7F9116>I
I E /Fo 45 122 df<49B4FC011F13C090387F81E0EBFC013901F807F01203EA07F0A4EC
01C091C8FCA3EC3FF8B6FCA33807F003B3A33A7FFF3FFF80A3212A7FA925>12
D45 D<1403EC0780A2140F1500A25C141E143E143CA2147C1478
A214F85C13015CA213035CA213075C130F91C7FCA25B131E133E133CA2137C1378A213F8
5B12015BA212035BA212075B120F90C8FCA25A121EA2123E123C127C1278A212F85AA212
60193C7CAC22>47 D<130E131E137EEA07FE12FFA212F81200B3ABB512FEA317277BA622
>49 DII<140FA25C5C5C5C5BA2
EB03BFEB073F130E131C133C1338137013E0EA01C0EA038012071300120E5A5A5A12F0B6
12F8A3C7EA7F00A890381FFFF8A31D277EA622>I<00181303381F801FEBFFFE5C5C5C14
C091C7FC001CC8FCA7EB7FC0381DFFF8381F80FC381E003F1208C7EA1F8015C0A215E0A2
1218127C12FEA315C05A0078EB3F80A26CEB7F00381F01FE6CB45A000313F0C613801B27
7DA622>II<1238123E003FB512F0A34814E015C0158015003870000EA25C485B5C5CC6485A
A2495A130791C7FC5B5B131E133EA2137E137CA213FCA41201A76C5A13701C297CA822>
II
65 D<91387FE003903907FFFC07011FEBFF0F90397FF00F9F9039FF0001FFD801FC7F48
48147F4848143F4848141F485A160F485A1607127FA290C9FC5AA97E7F1607123FA26C7E
160E6C7E6C6C141C6C6C143C6C6C14786CB4EB01F090397FF007C0011FB512800107EBFE
009038007FF028297CA831>67 DI70 D73
D76 D79 D82
D<9038FF80600003EBF0E0000F13F8381F80FD383F001F003E1307481303A200FC1301A2
14007EA26C140013C0EA7FFCEBFFE06C13F86C13FE80000714806C14C0C6FC010F13E0EB
007FEC1FF0140F140700E01303A46C14E0A26C13076C14C0B4EB0F80EBE03F39E3FFFE00
00E15B38C01FF01C297CA825>I<007FB71280A39039807F807FD87C00140F00781507A2
0070150300F016C0A2481501A5C791C7FCB3A490B612C0A32A287EA72F>I86
DI<3803FF80000F13F0381F01FC383F80FE147F801580EA1F00C7FCA4EB3FFF
3801FC3FEA0FE0EA1F80EA3F00127E5AA4145F007E13DF393F839FFC381FFE0F3803FC03
1E1B7E9A21>97 DIIIII<9038FF80
F00003EBE3F8390FC1FE1C391F007C7C48137E003EEB3E10007EEB3F00A6003E133E003F
137E6C137C380FC1F8380BFFE00018138090C8FC1238A2123C383FFFF814FF6C14C06C14
E06C14F0121F383C0007007CEB01F8481300A4007CEB01F0A2003FEB07E0390FC01F806C
B5120038007FF01E287E9A22>I<1207EA0F80EA1FC0EA3FE0A3EA1FC0EA0F80EA0700C7
FCA7EAFFE0A3120FB3A3EAFFFEA30F2B7EAA12>105 D107 DI<26FFC07FEB1FC0903AC1FFC07FF0903AC307E0C1F8D80FC49038F101
FC9039C803F20001D801FE7F01D05BA201E05BB03CFFFE3FFF8FFFE0A3331B7D9A38>I<
38FFC07E9038C1FF809038C30FC0D80FC413E0EBC80701D813F013D0A213E0B039FFFE3F
FFA3201B7D9A25>II<38FFE1FE9038EFFF809038FE0FE0390FF803F09038
F001F801E013FC140015FEA2157FA8157E15FEA215FC140101F013F89038F807F09038FC
0FE09038EFFF809038E1FC0001E0C7FCA9EAFFFEA320277E9A25>I<38FFC1F0EBC7FCEB
C63E380FCC7F13D813D0A2EBF03EEBE000B0B5FCA3181B7F9A1B>114
D<3803FE30380FFFF0EA3E03EA7800127000F01370A27E00FE1300EAFFE06CB4FC14C06C
13E06C13F0000713F8C6FCEB07FC130000E0137C143C7E14387E6C137038FF01E038E7FF
C000C11300161B7E9A1B>I<13E0A41201A31203A21207120F381FFFE0B5FCA2380FE000
AD1470A73807F0E0000313C03801FF8038007F0014267FA51A>I<39FFE07FF0A3000F13
07B2140FA2000713173903F067FF3801FFC738007F87201B7D9A25>I<39FFFC03FFA339
0FF000F0000714E07F0003EB01C0A2EBFC0300011480EBFE070000140013FFEB7F0EA214
9EEB3F9C14FC6D5AA26D5AA36D5AA26D5AA2201B7F9A23>I<3BFFFC7FFC1FFCA33B0FE0
0FE001C02607F007EB0380A201F8EBF00700031600EC0FF801FC5C0001150EEC1FFC2600
FE1C5B15FE9039FF387E3C017F1438EC787F6D486C5A16F0ECE01F011F5CA26D486C5AA2
EC800701075CA22E1B7F9A31>I<39FFFC1FFEA33907F003803803F8079038FC0F003801
FE1E00005BEB7F3814F86D5A6D5A130F806D7E130F497EEB3CFEEB38FFEB787F9038F03F
803901E01FC0D803C013E0EB800F39FFF03FFFA3201B7F9A23>I<39FFFC03FFA3390FF0
00F0000714E07F0003EB01C0A2EBFC0300011480EBFE070000140013FFEB7F0EA2149EEB
3F9C14FC6D5AA26D5AA36D5AA26D5AA25CA21307003890C7FCEA7C0FEAFE0E131E131C5B
EA74F0EA3FE0EA0F8020277F9A23>I E /Fp 38 122 df<120E121EA41202A21204A212
08A21210122012401280070F7D840F>44 D48 D<13011303A21306131E132EEA03CEEA001C
A41338A41370A413E0A4EA01C0A4EA0380A41207EAFFFC10217AA019>III<14181438A21470A314E0A314C01301148013031400A21306A25BA25B1310EB3180EB
61C0EB438013831201EA03033802070012041208EA3FC7EA403E38800FF038000E00A25B
A45BA31330152B7EA019>II57
D<1403A25CA25CA25C142FA2144F15801487A2EB01071302A21304A21308A21310133013
20EB7FFF90384007C013801403EA01005A12025AA2120C003C1307B4EB3FFC1E237DA224
>65 D<027F138090390380810090380E00630138132749131F49130E485A485A48C7FC48
1404120E121E5A5D4891C7FCA35AA55A1520A25DA26C5C12704AC7FC6C130200185B001C
5B00061330380381C0D800FEC8FC212479A223>67 D<90B512F090380F003C150E81011E
EB0380A2ED01C0A25B16E0A35BA449EB03C0A44848EB0780A216005D4848130E5D153C15
3848485B5D4A5A0207C7FC000F131CB512F023227DA125>I<027F138090390380810090
380E00630138132749131F49130E485A485A48C7FC481404120E121E5A5D4891C7FCA35A
A4EC3FFC48EB01E0A34A5AA27E12704A5A7E0018130F001C131300060123C7FC380381C1
D800FEC8FC212479A226>71 D76
DI<01FFEB
0FFC90390F8001E01680ECC0000113EB0100A2EB11E0A201211302EB20F0A39038407804
A3143C01805B143E141EA23901001F10140FA2EC0790000214A0A2EC03E0A2485C1401A2
120C001E6D5AEAFFC026227DA124>I<903801F02090380E0C4090381802C0EB30011360
01E0138013C01201A200031400A291C7FCA27FEA01F813FF6C13E06D7EEB1FF8EB03FCEB
007C143C80A30020131CA3141800601338143000705B5C38C80180D8C607C7FCEA81FC1B
247DA21B>83 D<393FFE03FF3903C000781560152048481340A448C71280A4001EEB0100
A4481302A4485BA400705B12F05C12705C5C123038380180D81802C7FCEA0E0CEA03F020
2377A124>85 D<39FFF001FF391F8000786CC71260A215401580A2EC01005C14026D5AA2
00075BA25C5CA25CA25C0181C7FC13C1EA03C2A213C413C8A213D0A213E05BA25B120190
C8FC202376A124>I<39FFF001FF391F8000786CC7126015406D13C000071480EC0100EB
C0020003130614046D5A00015B5CEBF060000013405C01F9C7FC13FB137A137C1378A45B
A4485AA41203EA3FFC202276A124>89 D97
DI<137EEA01C13803
0180EA0703EA0E07121C003CC7FC12381278A35AA45B12701302EA300CEA1830EA0FC011
157B9416>I<13F8EA0384EA0E02121C123C1238EA7804EAF018EAFFE0EAF000A25AA413
02A2EA6004EA7018EA3060EA0F800F157A9416>101 D<143E144714CFEB018F1486EB03
80A3EB0700A5130EEBFFF0EB0E00A35BA55BA55BA55BA45B1201A2EA718012F100F3C7FC
1262123C182D82A20F>I<13C0EA01E013C0A2C7FCA8121C12231243A25AA3120EA25AA3
5AA21340EA7080A3EA71001232121C0B217BA00F>105 D<13F0EA0FE01200A3485AA448
5AA448C7FCEB01E0EB0210EB0C70380E10F0A2EB2060EB4000EA1D80001EC7FCEA1FC0EA
1C70487EA27F142038703840A3EB188012E038600F0014237DA216>107
DI<391C0F80F8392610C10C39476066063987807807A2EB0070A2000EEBE0
0EA44848485AA3ED38202638038013401570168015303A7007003100D83003131E23157B
9428>II<137EEA01C338038180380701
C0120E001C13E0123C12381278A338F003C0A21480130700701300130E130CEA3018EA18
70EA07C013157B9419>I<3801C1F0380262183804741C3808780CEB700EA2141EEA00E0
A43801C03CA3147838038070A2EBC0E0EBC1C038072380EB1E0090C7FCA2120EA45AA3EA
FFC0171F7F9419>I114 D<13FCEA018338020080EA0401EA0C03140090C7FC120F
13F0EA07FC6C7EEA003E130F7F1270EAF006A2EAE004EA4008EA2030EA1FC011157D9414
>I<13C01201A4EA0380A4EA0700EAFFF8EA0700A2120EA45AA45AA31310EA7020A21340
1380EA3100121E0D1F7C9E10>I<001E1360002313E0EA4380EB81C01283EA8701A23807
0380120EA3381C0700A31408EB0E101218121CEB1E20EA0C263807C3C015157B941A>I<
381E0380382307C0EA43871383EA8381EA8700A200071380120EA3381C0100A31302A25B
5BA2EA0C30EA03C012157B9416>I<001EEB60E00023EBE1F0EA4380EB81C000831470D8
87011330A23907038020120EA3391C070040A31580A2EC0100130F000C13023806138C38
03E0F01C157B9420>I<001E133000231370EA438014E01283EA8700A2380701C0120EA3
381C0380A4EB0700A35BEA0C3EEA03CEEA000EA25B1260EAF0381330485AEA80C0EA4380
003EC7FC141F7B9418>121 D E /Fq 39 123 df<13FCEA0782EA0E07121C130290C7FC
A4B5FCEA1C07AC38FF1FE01317809614>12 D<1202A3EAC218EAF278EA3AE0EA0F80A2EA
3AE0EAF278EAC218EA0200A30D0E7E9812>42 D45
D<126012F0A2126004047D830A>I<130813181330A31360A313C0A3EA0180A3EA0300A2
1206A35AA35AA35AA35AA35AA20D217E9812>I<13101338A3135CA3138EA3EA0107A200
031380EA0203A23807FFC0EA0401A2380800E0A21218003813F038FE03FE17177F961A>
65 D67
DI73
DI76 D<00FEEB03F8001E14C000171305A338
138009A23811C011A33810E021A2EB7041A3EB3881A2EB1D01A2130EA2123839FE040FF8
1D177F9620>I83
D<387FFFF83860381800401308A200801304A300001300AF3807FFC016177F9619>I<38
FF80FE381C00381410B06C132012066C13403801818038007E0017177F961A>I97 D<12FC121CA813F8EA1F06EA1C031480130114C0A4148013031400EA1B0EEA10F8
1217809614>II<137E130EA8EA07CEEA1C3EEA300E1270126012E0A412601270EA301E
EA182E3807CFC012177F9614>III
I<12FC121CA8137CEA1D8EEA1E07121CAA38FF9FE01317809614>I<1218123CA2121812
00A5127C121CAC12FF081780960A>I<12FC121CA8EB3F80EB1C00131813205B13C0EA1F
E0EA1CF0137013787F7FA238FF3FC01217809613>107 D<12FC121CB3A3EAFF80091780
960A>I<38FC7C1F391D8E6380391E0781C0001C1301AA39FF9FE7F81D0E808D1E>IIII114 DI<1208A31218A21238EAFF80EA
3800A71340A4EA1C80EA0F000A147F930E>III<38FCFE7C383838381410381C3C20A2134C380E4E40A2138638078780A2130300
031300A2160E7F8D19>IIII E /Fr 24 122 df<127012F8A3127005057C840E>46 D64
D
82 D<3803F020380C0C60EA1802383001E0EA70000060136012E0A21420A36C1300A212
78127FEA3FF0EA1FFE6C7E0003138038003FC0EB07E01301EB00F0A214707EA46C1360A2
6C13C07E38C8018038C60700EA81FC14247DA21B>I86
D97 D<120E12FE121E120EAB131FEB61C0
EB8060380F0030000E1338143C141C141EA7141C143C1438000F1370380C8060EB41C038
083F0017237FA21B>II<14E0130F13011300AB
EA01F8EA0704EA0C02EA1C01EA38001278127012F0A7127012781238EA1801EA0C023807
0CF03801F0FE17237EA21B>I
I<14703801F19838071E18EA0E0E381C0700A2003C1380A4001C1300A2EA0E0EEA0F1CEA
19F00010C7FCA21218A2EA1FFE380FFFC014E0383800F0006013300040131812C0A30060
1330A2003813E0380E03803803FE0015217F9518>103 D<120E12FE121E120EABEB1F80
EB60C0EB80E0380F0070A2120EAF38FFE7FF18237FA21B>I<121C121E123E121E121CC7
FCA8120E12FE121E120EB1EAFFC00A227FA10E>I<120E12FE121E120EABEB03FCEB01F0
14C01480EB02005B5B5B133813F8EA0F1CEA0E1E130E7F1480EB03C0130114E0EB00F014
F838FFE3FE17237FA21A>107 D<120E12FE121E120EB3ADEAFFE00B237FA20E>I<390E1F
C07F3AFE60E183803A1E807201C03A0F003C00E0A2000E1338AF3AFFE3FF8FFE27157F94
2A>I<380E1F8038FE60C0381E80E0380F0070A2120EAF38FFE7FF18157F941B>II114 DI<000E137038FE07F0EA1E00000E1370AD14F0A238060170380382783800
FC7F18157F941B>117 D<38FFC1FE381E0078000E13301420A26C1340A238038080A338
01C100A2EA00E2A31374A21338A3131017157F941A>I<39FF8FF8FF391E01E03C001CEB
C018120EECE010A239070260201470A239038430401438A23901C81880141CA23900F00D
00140FA2EB6006A320157F9423>I<38FFC1FE381E0078000E13301420A26C1340A23803
8080A33801C100A2EA00E2A31374A21338A31310A25BA35B12F05B12F10043C7FC123C17
1F7F941A>121 D E /Fs 1 44 df43 D E /Ft 25 125 df12
D<150C151EA2153E153C157C1578A215F815F0140115E0A2140315C014071580A2140F15
005C141EA2143E143C147C1478A214F85C13015CA213035C13075CA2130F91C7FCA25B13
1E133E133CA2137C137813F85BA212015B12035BA212075B120F90C8FCA25A121E123E12
3CA2127C127812F85AA212601F487CB528>47 D<1578A215FCA34A7EA24A7EA24A7FA34A
7FEC0E7F021E7FEC1C3FA202387F151F02787FEC700FA202E07F1507010180ECC003A249
486C7EA201078191C7FC498191B6FCA24981011CC7123F013C810138141FA24981160F01
F081491407A2484881486C1403B549B512FCA336317DB03D>65 D<913A03FF800180023F
EBF00349B5EAFC0701079038003F0FD91FF8EB079FD93FC0EB01FFD9FF807F4848C8127F
4848153F0007161F49150F485A001F1607A2485A1703127FA24992C7FCA212FFA9127FA2
7FEF0380123FA26C7E1707000F17006C7E6D150E0003161E6C6C151C6C6C6C1478D93FC0
5CD91FF8EB03E0D907FFEB3F800101D9FFFEC7FCD9003F13F80203138031317CB03A>67
DI76 D80 D<90391FF8018090B5120300
0314C73907F007EF390F8000FF48C7127F003E141F150F5A150712FCA215037EA26C91C7
FC13C0EA7FF0EBFF806C13F8ECFF806C14F06C806C806C14FFC6FC013F1480010114C0D9
001F13E01401EC003FED1FF0150F1507126000E01403A316E07EA26CEC07C07EB4EC0F80
01C0EB1F00D8FBFC13FE00F1B512F8D8E03F5BD8C003138024317CB02D>83
D97 D99 D101
DI<90391FF007C09039FF
FE3FE03A01F83F79F03907E00FC3000F14E19039C007E0E0001FECF000A2003F80A5001F
5CA2000F5CEBE00F00075C2603F83FC7FC3806FFFE380E1FF090C9FC121EA2121F7F90B5
7E6C14F015FC6C806C801680000F15C0003FC7127F007EEC1FE0007C140F00FC1407A400
7EEC0FC0003E1580003F141FD80FC0EB7E003907F803FC0001B512F0D8001F90C7FC242F
7E9F28>I105 D108
D<2703F007F8EB1FE000FFD93FFEEBFFF8913A783F01E0FC02C090388300FE280FF1801F
C6137F2607F30013CC01F602F8148001FC5CA3495CB3B500C3B5380FFFFCA33E207D9F43
>I<3903F007F800FFEB3FFEEC783F02C013803A0FF1801FC03807F30001F614E013FCA3
5BB3B500C3B5FCA328207D9F2D>II<3901F83FE000FFEBFFFC9038FBE07F9039FF003F80D807FEEB1FC049EB0FE04914
F0ED07F8A216FC1503A216FEA816FC1507A216F8A2ED0FF06D14E06DEB1FC06DEB3F8090
39FBC0FE009038F8FFF8EC3FC091C8FCABB512C0A3272E7E9F2D>I<3803F03F00FFEB7F
C09038F1C3E01487390FF30FF0EA07F6A29038FC07E0EC03C091C7FCA25BB2B512E0A31C
207E9F21>114 D<3801FF86000713FEEA1F00003C133E48131E140E12F8A36C90C7FCB4
7E13FC387FFFC06C13F0806C7F00077F00017FEA003F01001380143F0060131F00E0130F
A27E15007E6C131E6C131C38FF807838F3FFF038C07F8019207D9F20>I<131CA5133CA3
137CA213FC120112031207381FFFFEB5FCA2D803FCC7FCB0EC0380A71201EC0700EA00FE
EB7F0EEB3FFCEB07F0192E7FAD1F>II<
B5EB1FFCA3D80FF8EB03C0000715806D1307000315007F0001140E7F6C5CA2EC803C017F
1338ECC078013F1370ECE0F0011F5B14F1010F5B14F9903807FB80A214FF6D90C7FCA26D
5AA26D5AA21478A21470A214F05C1301007C5BEAFE035C49C8FC5BEAFC1EEA787CEA3FF0
EA0FC0262E7E9F2B>121 D124 D E end
%%EndProlog
%%BeginSetup
%%Feature: *Resolution 300dpi
TeXDict begin
%%EndSetup
%%Page: 1 1
1 0 bop 86 178 a Ft(Preliminary)25 b(Design)h(of)h(ADL/C)p
Fs(++)h Ft(|)e(A)h(Sp)r(eci\014cation)698 269 y(language)g(for)g(C)p
Fs(++)279 390 y Fr(Sreeniv)m(asa)17 b(Rao)g(Visw)o(anadha)875
372 y Fq(*)223 448 y Fp(Dep)n(artment)h(of)f(Computer)h(Scienc)n(e)264
506 y(State)h(University)f(of)f(New)h(Y)l(ork)316 564
y(A)o(lb)n(any,)g(NY)g(12222,)f(USA)357 622 y Fr(sreeni@cs.alban)o(y)l
(.edu)1258 390 y(Sriram)e(Sank)m(ar)1080 448 y Fp(Sun)j(Micr)n
(osystems)f(L)n(ab)n(or)n(atories)1194 506 y(2550)g(Gar)n(cia)g(A)o
(venue)1057 564 y(Mountain)h(View,)h(CA)e(94043,)g(USA)1193
622 y Fr(sank)m(ar@eng.sun.com)37 785 y Fo(Abstract)37
885 y Fn(ADL/C)p Fm(++)f Fn(is)h(a)f(sp)q(eci\014cation)h(language)f
(for)g(asso)q(ciat-)37 935 y(ing)f(b)q(eha)o(vior)f(sp)q
(eci\014cations)j(as)e(p)q(ost-conditions)g(with)37 985
y(C)p Fm(++)c Fn(\(function\))f(declarations.)17 b(The)11
b(language)f(includes)37 1035 y(a)15 b(clean)f(subset)i(of)e(the)h(C)p
Fm(++)f Fn(expression)i(language)d(and)37 1085 y(the)26
b(seman)o(tics)d(is)i(relativ)o(ely)e(simple)g(and)i(informal.)37
1134 y(Most)13 b(of)f(the)g(imp)q(ortan)o(t)f(features)i(of)f(C)p
Fm(++)f Fn(lik)o(e)h(mem)o(b)q(er)37 1184 y(functions,)25
b(virtual)c(mem)o(b)q(ers,)i(constructors,)k(inheri-)37
1234 y(tance)13 b(and)e(exceptions)h(can)g(b)q(e)g(sp)q(eci\014ed)h(in)
e(ADL/C)p Fm(++)p Fn(.)37 1284 y(In)21 b(addition)f(to)g(b)q(eing)h
(semi-formal)c(do)q(cumen)o(tation,)37 1334 y(ADL/C)p
Fm(++)e Fn(sp)q(eci\014cations)i(can)f(also)g(b)q(e)g(used)h(for)e
(test-)37 1383 y(ing)e(C)p Fm(++)g Fn(implemen)o(tations.)i(W)m(e)e
(dev)o(elop)q(ed)h(a)f(metho)q(d)37 1433 y(for)18 b(v)n(alidating)d
(tests)k(of)f(C)p Fm(++)f Fn(implemen)o(tatio)o(ns)e(using)37
1483 y(ADL/C)p Fm(++)e Fn(sp)q(eci\014cations.)37 1635
y Fo(1)67 b(In)n(tro)r(duction)37 1736 y Fn(T)m(raditionally)11
b(sp)q(eci\014cation)i(languages)f(ha)o(v)o(e)h(b)q(een)h(de-)37
1785 y(signed)i(to)f(giv)o(e)g(a)g(sp)q(eci\014cation)h(of)f(a)g
(computation)f(in-)37 1835 y(dep)q(enden)o(t)25 b(of)e(the)h(implemen)o
(tatio)o(n)d(language\(s\))i(in)37 1885 y(whic)o(h)16
b(the)g(computation)e(is)i(realized.)24 b(While)15 b(this)h(ap-)37
1935 y(proac)o(h)21 b(ma)o(y)e(ha)o(v)o(e)h(the)i(adv)n(an)o(tage)d(of)
h(giving)f(an)i(in-)37 1985 y(dep)q(enden)o(t)16 b(c)o(haracterization)
f(of)e(algorithms)f(and)i(data)37 2034 y(structures,)21
b(it)d(imp)q(oses)f(the)h(burden)h(on)f(the)g(users)h(to)37
2084 y(learn)k(t)o(w)o(o)f(di\013eren)o(t)h(languages)f(using)g(p)q
(ossibly)g(t)o(w)o(o)37 2134 y(di\013eren)o(t)g(formalisms)c(and)j(t)o
(w)o(o)f(di\013eren)o(t)i(paradigms)37 2184 y(\(since)c(a)e(sp)q
(eci\014cation)i(emphasizes)e Fl(what)h Fn(and)f(an)g(im-)37
2234 y(plemen)o(tation)h(emphasizes)h Fl(how)p Fn(\).)31
b(F)m(or)18 b(example,)g(the)37 2284 y(sp)q(eci\014cation)j(language)f
(Z)g([9)o(])g(uses)h(set-theoretic)i(se-)37 2333 y(man)o(tics)12
b(for)f(sp)q(eci\014cations)j(and)e(Larc)o(h)h([3)o(])f(and)g(T)m
(ecton)37 2383 y([4])k(are)i(languages)f(based)g(on)g(algebraic)g(sp)q
(eci\014cation.)37 2433 y(But,)c(most)d(imp)q(erativ)o(e)g(programming)
e(languages)j(ha)o(v)o(e)37 2483 y(state-based)17 b(op)q(erational)e
(seman)o(tics.)22 b(P)o(erhaps)17 b(this)e(is)37 2533
y(the)e(reason)f(wh)o(y)g(there)h(do)q(es)f(not)g(seem)g(to)f(b)q(e)i
(m)o(uc)o(h)d(use)37 2582 y(of)g(these)i(sp)q(eci\014cation)f(metho)q
(dologies)d(in)i(the)h(industry)m(.)p 37 2623 368 2 v
84 2652 a Fk(*)101 2664 y Fq(This)i(w)o(ork)f(is)g(supp)q(orted)e(b)o
(y)i(funding)f(from)g(Sun)h(Microsys-)37 2704 y(tems)f(Lab)q
(oratories.)1073 785 y Fn(A)18 b(somewhat)f(di\013eren)o(t)i(approac)o
(h)f(has)g(b)q(een)h(tak)o(en)1031 835 y(in)11 b(high-lev)o(el)g
(functional)f(and)i(logic)e(programming)e(lan-)1031 884
y(guages)16 b(where)h(a)f(single)g(language)f(framew)o(ork)f(is)i(used)
1031 934 y(for)26 b(sp)q(eci\014cation)g(and)f(implemen)o(tation.)50
b(Our)26 b(ap-)1031 984 y(proac)o(h)16 b(has)g(similar)e(goals)g(but)j
(is)e(still)g(quite)h(di\013eren)o(t)1031 1034 y(from)11
b(these.)19 b(A)13 b(subset)h(of)e(the)h(programming)c(language)1031
1084 y(itself)h(\(with)g(some)f(extensions\))i(is)e(used)i(to)f(write)g
(sp)q(eci\014-)1031 1134 y(cations.)18 b(This)12 b(has)g(the)h(adv)n
(an)o(tage)e(that)i(dev)o(elop)q(ers)g(do)1031 1183 y(not)g(ha)o(v)o(e)
g(to)g(learn)g(di\013eren)o(t)h(languages,)e(p)q(ossibly)h(sup-)1031
1233 y(p)q(orting)k(di\013eren)o(t)i(paradigms.)26 b(While)17
b(writing)f(sp)q(eci-)1031 1283 y(\014cations)h(the)g(programmer)d(is)i
(encouraged)h(to)f(sp)q(ecify)1031 1333 y Fl(what)c Fn(the)g(program)d
(do)q(es)k(without)e(w)o(orrying)g(ab)q(out)g(im-)1031
1383 y(plemen)o(tation)k(details,)i(and)f(for)h(this,)g(a)f(small)e
(\\clean,)1031 1432 y Fl(side-e\013e)n(ct-fr)n(e)n(e)p
Fn(")d(subset)h(of)f(the)h(language)e(can)i(b)q(e)g(used.)1073
1491 y(W)m(e)18 b(b)q(eliev)o(e)i(that)f(suc)o(h)h(an)f(approac)o(h)g
(will)e(encour-)1031 1540 y(age)e(dev)o(elop)q(ers)h(to)f(write)h(sp)q
(eci\014cations)g(b)q(efore)f(w)o(ork-)1031 1590 y(ing)d(on)g(implem)o
(en)o(tations.)j(Suc)o(h)e(sp)q(eci\014cations)g(can)f(b)q(e)1031
1640 y(easily)k(used)i(for)e(testing)i(purp)q(oses)g(also,)e(since)i
(an)e(im-)1031 1690 y(plemen)o(tation)f(can)i(b)q(e)h(executed)h(with)d
(an)h(input)f(data)1031 1740 y(and)c(the)h(output)g(generated)g(along)e
(with)h(the)h(test)g(input)1031 1789 y(can)e(b)q(e)h(plugged)e(in)o(to)
h(the)g(sp)q(eci\014cation)h(to)e(see)j(whether)1031
1839 y(the)h(sp)q(eci\014cation)h(is)e(satis\014ed)h(for)f(that)h
(particular)f(test)1031 1889 y(data.)1073 1947 y(ADL)28
b(\(Assertion)h(De\014nition)f(Language\))g(adopts)1031
1997 y(this)11 b(philosoph)o(y)m(.)16 b(It)11 b(is)f(a)h(family)d(of)i
(languages)g(designed)1031 2047 y(to)h(asso)q(ciate)g(seman)o(tic)f
(information)e(with)j(declarations)1031 2097 y(of)17
b(v)n(ariet)o(y)f(of)h(languages)f(\(C,)h(C)p Fm(++)g
Fl(etc.)p Fn(\).)27 b(One)18 b(of)e(the)1031 2146 y(basic)k(goals)f(of)
g(the)h(language)f(is)g(to)h(remain)e(as)h(close)1031
2196 y(to)14 b(the)h(implem)o(en)o(tation)c(language)i(as)h(p)q
(ossible,)g(at)f(the)1031 2246 y(same)c(time)f(allo)o(wing)g(high-lev)o
(el)g(sp)q(eci\014cation)i(indep)q(en-)1031 2296 y(den)o(tly)g(of)f
(implemen)o(tatio)o(ns.)14 b(Another)d(feature)f(of)f(ADL)1031
2346 y(is)j(that)g(sp)q(eci\014cations)h(written)g(in)f(ADL)f(are)i(c)o
(hec)o(k)n(able,)1031 2395 y Fl(i.e.)p Fn(,)20 b(implemen)o(tations)d
(can)j(b)q(e)g(tested)h(against)e(ADL)1031 2445 y(sp)q(eci\014cations.)
1073 2503 y(There)12 b(are)f(some)g(inheren)o(t)h(limitati)o(ons)c
(with)j(this)g(ap-)1031 2553 y(proac)o(h,)17 b(particularly)m(,)d(that)
j(the)f(sp)q(eci\014cation)h(will)e(in-)1031 2603 y(herit)10
b(all)f(the)h(pitfalls)e(and)i(am)o(biguities)d(of)i(the)i(program-)
1031 2653 y(ming)i(language)h(dep)q(ending)h(up)q(on)g(the)g
(restricted)i(sub-)1031 2703 y(set)12 b(of)f(the)h(language)e(b)q(eing)
i(used)g(for)f(sp)q(eci\014cation)h(pur-)p eop
%%Page: 2 2
2 1 bop 37 45 a Fn(p)q(oses.)27 b(But,)18 b(w)o(e)e(ha)o(v)o(e)h(tak)o
(en)f(care)h(to)g(select)h(a)e(subset)37 95 y(of)h(the)g(underlying)g
(programmi)o(ng)d(language)i(whic)o(h)g(is)37 145 y(w)o(ell-understo)q
(o)q(d)f(with)e(minima)o(l)e(am)o(biguities.)79 203 y(The)k(rest)g(of)f
(the)h(pap)q(er)g(is)f(organized)h(as)f(follo)o(ws.)k(In)37
253 y(Section)i(2,)f(w)o(e)g(presen)o(t)i(some)d(bac)o(kground)g(on)h
(ADL.)37 302 y(Section)c(3)g(presen)o(ts)h(an)e(o)o(v)o(erview)h(of)f
(of)f(ADL/C)p Fm(++)h Fn(us-)37 352 y(ing)f(an)h(example.)j(In)c
(Section)h(4,)f(a)h(somewhat)e(detailed)37 402 y(description)h(of)f
(the)g(language)f(syn)o(tax)h(and)g(informal)e(se-)37
452 y(man)o(tics)15 b(is)g(giv)o(en.)22 b(Section)16
b(5)f(describ)q(es)j(ho)o(w)d(reuse)i(of)37 502 y(sp)q(eci\014cations)h
(is)e(supp)q(orted)i(in)e(ADL/C++.)26 b(In)16 b(Sec-)37
552 y(tion)c(6,)g(a)g(metho)q(d)f(for)h(v)n(alidation)d(of)j(C)p
Fm(++)f Fn(implemen)o(ta-)37 601 y(tions)21 b(using)f(ADL/C)p
Fm(++)g Fn(sp)q(eci\014cations)h(is)g(presen)o(ted.)37
651 y(Section)i(7)e(giv)o(es)h(a)f(comparison)g(with)g(other)i(related)
37 701 y(w)o(ork.)29 b(W)m(e)18 b(conclude)g(in)f(Section)h(8)f(with)h
(a)f(brief)g(dis-)37 751 y(cussion)e(ab)q(out)f(future)g(w)o(ork.)37
905 y Fo(2)67 b(Assertion)58 b(De\014nition)h(Lan-)138
979 y(guage)37 1080 y Fn(ADL)13 b(is)g(a)g(sp)q(eci\014cation)h
(language)e(framew)o(ork)f(used)j(to)37 1130 y(describ)q(e)e
(input-output)e(b)q(eha)o(vior)f(of)h(soft)o(w)o(are)g(systems.)37
1180 y(ADL)19 b(originated)f(as)h(part)f(of)h(a)f(conformance)g
(testing)37 1230 y(system)13 b(\(ADL)m(T\))e([11)o(])h(for)g(ANSI)g(C)h
(API's.)k(In)12 b(this)h(sys-)37 1280 y(tem,)k(the)g(run)o(time)e(b)q
(eha)o(viors)i(of)f(implemen)o(tations)e(of)37 1329 y(API's)d(are)g
(compared)f(to)h(their)g(sp)q(eci\014cation)g(written)h(in)37
1379 y(the)i(ADL)e(framew)o(ork.)k(These)e(sp)q(eci\014cations)g(are)g
(writ-)37 1429 y(ten)20 b(in)e(a)g(C)g(lik)o(e)g(syn)o(tax)g(as)h
(extensions)g(to)g(C)f(header)37 1479 y(\014les.)23 b(This)15
b(particular)f(syn)o(tax)i(is)e(termed)i(ADL/C)e(\(or)37
1529 y(ADL)c(for)f(C\).)g(The)g(ADL)m(T)g(pro)r(ject)h(commenced)e(in)h
(early)37 1578 y(1993)i(and)h(has)g(culminated)e(in)i(a)f(robust)i
(industry)f(qual-)37 1628 y(it)o(y)i(en)o(vironmen)o(t)f(for)g
(conformance)g(testing.)79 1686 y(ADL)m(T)22 b(has)i(a)f(collection)f
(of)h(to)q(ols)g(dev)o(elop)q(ed)h(for)37 1736 y(ADL/C)19
b(and)g(a)g(language)f(called)h(TDD,)f(for)g(describ-)37
1786 y(ing)23 b(test)h(data.)46 b(The)24 b(to)q(ols)f(include)h(A)o
(CF,)e(the)i(as-)37 1836 y(sertion)15 b(c)o(hec)o(king)g(function)f
(generator)h(that)f(translates)37 1886 y(p)q(ost-conditions)j(giv)o(en)
e(in)h(ADL/C)g(in)o(to)f(C)i(functions,)37 1935 y(a)j(\\natural")e
(language)h(do)q(cumen)o(t)g(generator,)i(and)e(a)37
1985 y(test)c(co)o(v)o(erage)e(analysis)f(to)q(ol.)17
b(Some)12 b(of)h(these)h(to)q(ols)f(are)37 2035 y(b)q(eing)i
(successfully)g(used)g(b)o(y)f(X/Op)q(en)i(and)e(NIST)g(as)g(a)37
2085 y(part)h(of)e(their)h(conformance)f(testing)i(e\013orts.)79
2143 y(W)m(e)j(are)h(dev)o(eloping)e(a)h(similar)e(sp)q(eci\014cation)j
(capa-)37 2193 y(bilit)o(y)10 b(for)h(C)p Fm(++)p Fn(,)f(namely)f
(ADL/C)p Fm(++)p Fn(.)17 b(ADL/C)p Fm(++)10 b Fn(builds)37
2243 y(on)17 b(the)f(exp)q(erience)j(gained)d(from)e(the)j(ADL)m(T)f
(pro)r(ject.)37 2292 y(It)j(is)g(a)f(natural)g(extension)h(of)f(ADL/C)g
(for)g(C)p Fm(++)p Fn(,)h(but)37 2342 y(it)d(also)f(represen)o(ts)k(a)d
(signi\014can)o(t)f(impro)o(v)o(emen)o(t)f(in)h(ex-)37
2392 y(pressiv)o(eness)g(and)c(ease)h(of)f(use.)19 b(A)11
b(subset)i(of)e(ADL/C)p Fm(++)37 2442 y Fn(itself)24
b(ma)o(y)e(b)q(e)j(used)g(to)f(sp)q(ecify)g(C)g(programs,)h(and)37
2492 y(w)o(e)c(an)o(ticipate)e(that)h(this)g(subset)h(will)d(ev)o(en)o
(tually)i(re-)37 2541 y(place)f(the)g(old)f(ADL/C)438
2526 y Fj(1)475 2541 y Fn(.)g(Other)h(pro)r(jects)h(curren)o(tly)p
37 2586 368 2 v 84 2613 a Fk(1)101 2625 y Fq(Up)o(w)o(ard)d
(compatibilit)n(y)e(will)i(b)q(e)g(main)o(tained)d(so)j(that)f(the)37
2664 y(existing)9 b(ADL/C)j(sp)q(eci\014cations)c(can)i(w)o(ork)g(with)
h(the)f(new)h(set)g(of)37 2704 y(to)q(ols.)1031 45 y
Fn(b)q(eing)22 b(undertak)o(en)g(are)g(ADL/IDL)f(\(OMG)g(IDL)g([2)o
(]\))1031 95 y(and)j(ADL/Ja)o(v)n(a)1314 80 y Fi(TM)1346
95 y Fn(.)48 b(While)23 b(this)h(pap)q(er)h(fo)q(cuses)g(on)1031
145 y(ADL/C)p Fm(++)p Fn(,)12 b(the)h(general)g(concepts)i(presen)o
(ted)f(here)g(ap-)1031 195 y(ply)k(equally)g(w)o(ell)f(to)i(the)g
(other)g(language)e(sp)q(ecializa-)1031 244 y(tions)d(of)f(ADL.)1031
397 y Fo(3)90 b(Ov)n(erview)23 b(of)e(ADL/C)p Fh(++)1031
497 y Fn(ADL/C)p Fm(++)33 b Fn(supp)q(orts)i(b)q(eha)o(vior)e(sp)q
(eci\014cations)i(for)1031 547 y(metho)q(ds)20 b(\(mem)o(b)q(er)e
(functions\))i(and)g(constructors)h(in)1031 597 y(the)15
b(form)e(of)h(p)q(ost-conditions.)20 b(It)15 b(also)f(supp)q(orts)i(sp)
q(ec-)1031 647 y(i\014cation)h(of)h(inheritance,)h(virtual)e
(functions,)h(and)g(ex-)1031 696 y(ceptions.)27 b(F)m(or)16
b(this,)h(it)f(uses)i(a)e Fl(side-e\013e)n(ct-fr)n(e)n(e)g
Fn(subset)1031 746 y(of)11 b(C)p Fm(++)h Fn(expression)g(language)f(as)
h(describ)q(ed)i(in)d([10)o(])g(and)1031 796 y(extends)g(it)f(with)f
(the)h(usual)f(logical)f(op)q(erators,)j(b)q(ounded)1031
846 y(quan)o(ti\014cation,)23 b(call-state)e(op)q(erator)i(\(for)e(ev)n
(aluating)1031 896 y(expressions)15 b(prior)d(to)h(a)g(function)g
(call\),)f(return)i(expres-)1031 945 y(sions)20 b(\(to)g(denote)h
(return)h(v)n(alues)d(of)h(functions\),)h(and)1031 995
y(some)13 b(structuring)i(constructs.)1073 1053 y(A)f(function)h(b)q
(eha)o(vior)f(is)g(t)o(ypically)f(partitioned)i(in)o(to)1031
1103 y(normal)g(and)i(abnormal)d(b)q(eha)o(vior)j(b)o(y)g(giving)e(the)
j(cor-)1031 1153 y(resp)q(onding)d(predicates)g(in)e(terms)h(of)f(the)i
(v)n(alues)e(of)g(the)1031 1203 y(parameters,)i(return)i(v)n(alues,)e
(and)g(exceptions)h(thro)o(wn.)1031 1253 y(Then,)j(predicates)g(that)e
(describ)q(e)i(the)g(state)f(transfor-)1031 1302 y(mations)e(corresp)q
(onding)j(to)f(eac)o(h)h(of)e(these)j(b)q(eha)o(viors)1031
1352 y(are)c(giv)o(en.)23 b(Additional)14 b(predicates)j(that)f
(describ)q(e)h(the)1031 1402 y(state)k(transformations)e(and)h(in)o(v)n
(arian)o(ts)f(indep)q(enden)o(t)1031 1452 y(of)12 b(normal)f(or)h
(abnormal)f(b)q(eha)o(vior)h(ma)o(y)f(also)h(b)q(e)h(giv)o(en.)1073
1510 y(Consider)k(an)g(example)f(ADL/C)p Fm(++)h Fn(sp)q(eci\014cation)
h(of)1031 1560 y(a)12 b(function)g(that)g(computes)g(the)g(in)o(teger)h
(square)g(ro)q(ot)f(of)1031 1610 y(a)i(giv)o(en)f(n)o(um)o(b)q(er.)1031
1714 y Fm(specification)19 b({)1097 1764 y(int)i(sqrt\(int)f(x\))1097
1814 y(semantics)1097 1863 y({)1162 1913 y(@x)h(>=)h(return)e(*)i
(return;)1162 1963 y(@x)f(<)h(\(return)e(+)i(1\))f(*)h(\(return)e(+)i
(1\);)1097 2013 y(};)1031 2063 y(};)1073 2167 y Fn(In)o(tuitiv)o(ely)m
(,)11 b(the)j(ab)q(o)o(v)o(e)f(sp)q(eci\014cation)h(sa)o(ys)f(that)h
Fl(sqrt)1031 2217 y Fn(is)19 b(a)f(function)h(that)g(tak)o(es)g(an)f
(in)o(teger)h(and)g(returns)h(a)1031 2267 y(\(p)q(ositiv)o(e\))e(in)o
(teger)g(whic)o(h)g(is)g(the)h(\015o)q(or)e(of)h(the)g(square)1031
2316 y(ro)q(ot)i(of)g(the)h(input)f(parameter)g(v)n(alue.)36
b(Alb)q(eit)20 b(using)1031 2366 y(C)p Fm(++)p Fn(-lik)o(e)f
(expressions,)k(the)e(ab)q(o)o(v)o(e)f(sp)q(eci\014cation)h(just)1031
2416 y(sa)o(ys)14 b Fl(what)f Fn(the)h(function)g Fl(sqrt)f
Fn(should)g(do,)g(but)h(not)f Fl(how)1031 2466 y Fn(it)h(should)f(b)q
(e)i(done)1346 2451 y Fj(2)1365 2466 y Fn(.)1073 2524
y(The)g(op)q(erational)f(meaning)f(of)i(the)g(ab)q(o)o(v)o(e)g(sp)q
(eci\014ca-)1031 2574 y(tion)g(is)f(that)h(if)f Fl(j)h
Fn(is)f(the)i(return)g(v)n(alue)e(of)g(a)h(call)f Fl(sqrt\(k\))p
1031 2659 V 1031 2697 a Fq(Ja)o(v)n(a)1101 2685 y Fg(TM)1141
2697 y Fq(is)d(a)h(trademark)c(of)j(Sun)g(Microsystems)e(Inc.)p
eop
%%Page: 3 3
3 2 bop 37 45 a Fn(for)15 b(some)f(\(p)q(ositiv)o(e\))h(in)o(tegers)h
Fl(j)e Fn(and)h Fl(k)p Fn(,)g(then)h(b)q(oth)f(the)37
95 y(form)o(ulas)c(listed)i(in)f(the)i(seman)o(tics)e(clause)h(should)g
(ev)n(al-)37 145 y(uate)k(to)f Fl(true)g Fn(b)o(y)g(setting)g(the)h(v)n
(alue)f(of)f(the)i(v)n(ariable)e Fl(x)37 195 y Fn(to)i
Fl(k)g Fn(and)f(that)h(of)f Ff(return)e Fn(to)j Fl(j)p
Fn(.)26 b(More)17 b(precisely)m(,)h(the)37 244 y(follo)o(wing)12
b(t)o(w)o(o)h(predicates)j(should)d(ev)n(aluate)h(to)g
Fl(true)f Fn(:)168 344 y Fe(k)g(>)p Fn(=)f Fe(j)g Fd(\003)c
Fe(j)168 394 y(k)13 b(<)f Fn(\()p Fe(j)f Fn(+)f(1\))f
Fd(\003)g Fn(\()p Fe(j)j Fn(+)d(1\))37 493 y(The)16 b(\\@")f(op)q
(erator)h(sa)o(ys)f(that)g(the)h(expression)g(follo)o(w-)37
543 y(ing)11 b(it)h(should)f(b)q(e)i(ev)n(aluated)e(b)q(efore)h(a)g
(call)f(to)g Fl(sqrt)p Fn(.)17 b(The)37 593 y(k)o(eyw)o(ord)e
Ff(return)e Fn(denotes)j(the)g(return)g(v)n(alue)e(of)g(a)h(call)37
643 y(to)f Fl(sqrt)p Fn(.)79 701 y(The)k(complete)f(syn)o(tax)h(and)f
(seman)o(tics)h(of)f(the)h(lan-)37 751 y(guage)c(are)g(presen)o(ted)i
(in)e(Section)g(4.)79 809 y(W)m(e)h(illustrate)h(the)g(sp)q
(eci\014cation)h(of)e(v)n(arious)g(imp)q(or-)37 859 y(tan)o(t)e
(features)h(of)e(C)p Fm(++)g Fn(using)h(the)g(more)f(realistic)h(exam-)
37 909 y(ple)e(presen)o(ted)i(in)d(Figures)h(1)g(and)f(2)h(of)f(a)g(sp)
q(eci\014cation)i(of)37 958 y(a)i(bank)f(accoun)o(t)h(class.)19
b(The)14 b(accoun)o(t)g(class)g(has)g(meth-)37 1008 y(o)q(ds)i(to)e
(dep)q(osit)i(and)f(withdra)o(w)f(amoun)o(ts.)20 b(The)15
b(decla-)37 1058 y(ration)i(of)g(the)g Fl(A)n(c)n(c)n(ount)h
Fn(class)f(can)h(b)q(e)g(\014rst)g(dev)o(elop)q(ed)37
1108 y(in)c(a)g(\014le)g Fl(ac)n(c)n(ount.hh)h Fn(and)f(then,)h(it)e
(can)i(b)q(e)f(included)h(in)37 1158 y(the)g(sp)q(eci\014cation)f
(\014le)g(to)g(giv)o(e)f(b)q(eha)o(vior)g(sp)q(eci\014cations)37
1207 y(for)h(the)h(v)n(arious)e(\(mem)o(b)q(er\))f(functions.)79
1266 y(The)30 b Fl(A)n(c)n(c)n(ount::Dep)n(osit)f Fn(metho)q(d)f(seman)
o(tics)h(sa)o(ys)37 1315 y(that)20 b(it)f(thro)o(ws)g(an)g(exception)h
(if)e(called)h(with)g(a)g(neg-)37 1365 y(ativ)o(e)c(v)n(alue)f(for)h
Fl(amount)p Fn(.)22 b(This)15 b(is)f(sp)q(eci\014ed)j(using)e(the)37
1415 y(\\)p Fm(<:>)p Fn(")e(op)q(erator.)18 b(Informally)l(,)10
b(this)k(means)e(that)h(a)g(neg-)37 1465 y(ativ)o(e)19
b(v)n(alue)f(of)g(the)h Fl(amount)h Fn(w)o(ould)e(result)h(in)g(abnor-)
37 1515 y(mal)10 b(termination)g(and)h(in)g(case)i(abnormal)c
(termination,)37 1564 y(the)22 b(presence)h(of)e(a)f
Fl(Ne)n(gativeA)o(mount)i Fn(exception)f(im-)37 1614
y(plies)f(that)g(the)h(v)n(alue)e(of)h Fl(amount)g Fn(w)o(as)g(negativ)
o(e.)36 b(In)37 1664 y(the)17 b(normal)e(case,)i(the)g(v)n(alue)f(of)g
Fl(b)n(alanc)n(e)g Fn(increases)i(b)o(y)37 1714 y(the)d(amoun)o(t)d
(that)i(is)g(dep)q(osited.)79 1772 y(The)20 b Fl(A)n(c)n(c)n
(ount::Withdr)n(aw)e Fn(metho)q(d)g(seman)o(tics)h(sa)o(ys)37
1822 y(that)c(the)h(op)q(eration)f(terminates)f(abnormally)e(if)i
(either)37 1872 y(of)9 b(the)h(exceptions)h(corresp)q(onding)f(to)g
(insu\016cien)o(t)f(funds)37 1921 y(in)14 b(the)g(accoun)o(t)g(or)f(a)g
(request)j(to)d(withdra)o(w)g(a)g(negativ)o(e)37 1971
y(amoun)o(t)19 b(is)h(thro)o(wn.)37 b(Otherwise)22 b(it)d(terminates)h
(nor-)37 2021 y(mally)f(and)i(the)h(v)n(alue)f(of)f Fl(b)n(alanc)n(e)i
Fn(decreases)i(b)o(y)d(the)37 2071 y(amoun)o(t)10 b(withdra)o(wn.)17
b(Then)12 b(it)f(also)g(sa)o(ys)h(what)f(the)i(v)n(al-)37
2121 y(ues)i(of)e(a)h(thro)o(wn)g(exception)h(should)e(b)q(e.)79
2179 y(The)i(constructor)i(sp)q(eci\014es)g(what)e(the)g(initial)e(v)n
(alues)37 2229 y(of)c(v)n(arious)g(data)g(mem)o(b)q(ers)g(should)g(b)q
(e)h(in)f(case)h(of)f(normal)37 2278 y(termination.)16
b(It)11 b(also)g(sp)q(eci\014es)i(the)f(exceptions)g(thro)o(wn)37
2328 y(in)i(case)i(of)d(illegal)g(initial)f(v)n(alues)i(for)g(some)g
(of)g(the)h(data)37 2378 y(mem)o(b)q(ers.)p 37 2547 368
2 v 84 2574 a Fk(2)101 2585 y Fq(This)g(is)g(a)g(partial)e(sp)q
(eci\014cation)f(b)q(ecause)h(no)h(return)g(v)n(alue)37
2625 y(can)h(satisfy)e(the)h(b)q(eha)o(vior)f(sp)q(eci\014cation)f(if)i
(the)h(input)e(v)n(alue)h(of)37 2664 y(the)e(parameter)e
Fc(x)k Fq(is)e(zero)g(or)h(a)f(negativ)o(e)f(n)o(um)o(b)q(er.)16
b(This)d(can)f(b)q(e)37 2704 y(easily)f(\014xed)f(using)g(exceptions.)
1031 45 y Fb(3.1)56 b(F)-5 b(unctions)1031 132 y Fn(Beha)o(vior)15
b(sp)q(eci\014cations)i(for)e(a)g(function)g(can)g(b)q(e)h(writ-)1031
182 y(ten)i(using)g(all)e(the)j(\(program\))d(v)n(ariables)h(that)g
(can)h(b)q(e)1031 232 y(used)d(in)f(a)f(de\014nition)h(of)f(that)h
(function)g(with)f(the)i(same)1031 282 y(scop)q(e)h(and)e(visibilit)o
(y)e(rules.)20 b(A)14 b(sp)q(eci\014cation)h(t)o(ypically)1031
332 y(relates)e(the)e(b)q(efore)i(and)e(after)g(v)n(alues)g(of)g(the)h
(part)g(of)e(the)1031 381 y(state)17 b(that)f(it)f(can)i(mo)q(dify)c
(in)j(a)f(particular)h(call.)23 b(This)1031 431 y(includes)13
b(all)e(the)i(global)d(v)n(ariables,)h(data)h(mem)o(b)q(ers)f(\(for)
1031 481 y(mem)o(b)q(er)16 b(functions\))i(and)f(an)o(y)g(reference)j
(parameters.)1031 531 y(In)c(addition,)e(it)g(can)i(also)f(sp)q(ecify)g
(what)h(exceptions,)g(if)1031 581 y(an)o(y)m(,)f(it)h(can)g(thro)o(w)g
(and)g(the)h(prop)q(erties)g(of)f(the)g(v)n(alues)1031
630 y(of)e(the)g(exceptions)h(thro)o(wn.)1073 689 y(A)20
b(b)q(eha)o(vior)h(sp)q(eci\014cation)g(for)f(a)g(function)h(can)f(b)q
(e)1031 738 y(giv)o(en)9 b(inline)g(at)g(the)h(time)e(of)g
(declaration,)i(or)f(separately)m(,)1031 788 y(just)14
b(lik)o(e)f(a)h(de\014nition.)1031 924 y Fb(Constructors)1031
1011 y Fn(In)24 b(seman)o(tics)f(for)g(constructors,)k(t)o(ypically)22
b(one)i(can)1031 1061 y(sp)q(ecify)15 b(the)g(initial)e(v)n(alues)h
(for)g(v)n(arious)g(data)g(mem)o(b)q(ers)1031 1111 y(whic)o(h)c
(e\013ectiv)o(ely)h(giv)o(es)f(the)h(initial)d(state)j(of)e(the)i(ob)r
(ject.)1031 1161 y(In)17 b(the)g(example,)f(the)h(seman)o(tics)g(for)f
(the)h(constructor)1031 1210 y(for)11 b(the)i Fl(A)n(c)n(c)n(ount)e
Fn(class)h(sp)q(eci\014es)i(that)d(the)h(v)n(alues)f(of)g(the)1031
1260 y(accoun)o(t)h(n)o(um)o(b)q(er,)f(t)o(yp)q(e)h(and)g(initial)d
(balance)j(should)f(b)q(e)1031 1310 y(equal)j(to)g(the)g(corresp)q
(onding)h(parameters.)1073 1368 y(In)e(a)g(sp)q(eci\014cation)h(for)g
(a)f(constructor,)h(the)g(v)n(alues)g(of)1031 1418 y(the)e(data)e(mem)o
(b)q(ers)g(of)g(the)h(ob)r(ject)h(\(b)q(eing)f(constructed\))1031
1468 y(cannot)i(b)q(e)g(accessed)i(in)d(the)h(call-state)g(\(\\@")f(op)
q(erator\))1031 1518 y(b)q(ecause)f(the)g(ob)r(ject)f(w)o(ould)e(not)i
(ha)o(v)o(e)f(b)q(een)i(constructed)1031 1567 y(b)q(efore)k(a)e(call)h
(to)f(a)h(constructor.)1031 1703 y Fb(Virtual)k(Mem)n(b)r(er)f(F)-5
b(unctions)1031 1790 y Fn(If)10 b(a)f(sup)q(erclass)j(declares)f(a)e
(mem)o(b)q(er)f(function)i(to)f(b)q(e)h(vir-)1031 1840
y(tual,)h(then)h(a)f(call)g(to)g(it)g(using)g(a)g(p)q(oin)o(ter)h(migh)
o(t)d(actually)1031 1890 y(in)o(v)o(ok)o(e)k(its)i(implem)o(en)o
(tation)c(in)j(a)g(sub)q(class.)20 b(Therefore)1031 1940
y(it)h(is)f(logical)f(that)i(seman)o(tic)f(description)h(giv)o(en)f(in)
g(a)1031 1990 y(sub)q(class)e(implies)c(the)j(seman)o(tics)e(sp)q
(eci\014ed)j(in)e(the)h(su-)1031 2039 y(p)q(erclass)e(for)f(a)g
(virtual)f(function.)1073 2098 y(T)m(o)f(ac)o(hiev)o(e)i(this,)f(ADL/C)
p Fm(++)f Fn(imp)q(oses)h(the)h(seman)o(tic)1031 2147
y(restriction)i(that)f(an)o(y)f(virtual)g(mem)o(b)q(er)f(function)h
(rede-)1031 2197 y(\014ned)j(in)e(a)g(deriv)o(ed)h(class)h(should)e(ob)
q(ey)h(the)g(seman)o(tics)1031 2247 y(giv)o(en)g(for)g(it)g(in)g(the)h
(base)g(class)g(as)f(in)o(terpreted)i(in)e(the)1031 2297
y(con)o(text)g(of)e(the)i(base)g(class.)21 b(This)15
b(means)f(that)h(the)h(as-)1031 2347 y(sertions)21 b(in)f(the)g(deriv)o
(ed)h(class)f(are)h(strengthened)h(b)o(y)1031 2396 y(those)17
b(giv)o(en)e(in)g(the)h(sup)q(erclass.)26 b(This,)15
b(in)g(some)g(sense)1031 2446 y(extends)j(the)e(\(mostly)f(syn)o
(tactic\))h(inheritance)h(mec)o(ha-)1031 2496 y(nism)10
b(of)g(C)p Fm(++)g Fn(to)h(inheritance)h(of)e(prop)q(erties)i(of)e
(metho)q(ds)1031 2546 y(rather)j(than)g(resp)q(ecifying)f(the)h(prop)q
(erties)h(giv)o(en)e(in)f(the)1031 2596 y(sup)q(erclass.)1073
2654 y(F)m(or)20 b(example,)g(consider)h(the)g(ADL/C)p
Fm(++)e Fn(sp)q(eci\014ca-)1031 2704 y(tion)13 b(giv)o(en)g(in)f
(Figure)h(3,)g(of)g(a)f(new)i(bank)f(accoun)o(t)h(class)p
eop
%%Page: 4 4
4 3 bop 37 196 a Fm(#ifndef)21 b(ACCOUNT_HH)37 246 y(#define)g
(ACCOUNT_HH)f(1)37 345 y(class)h(Account)37 395 y({)103
445 y(public)f(:)168 495 y(enum)h({)h(MAX_ACCOUNT_NUM)c(=)k(100)f(};)
168 544 y(enum)g(AccountTypes)f({)h(CHECKING)f(=)i(1,)f(SAVINGS)g(};)
103 644 y(private)f(:)168 694 y(const)h(AccountTypes)e(accountType;)168
744 y(const)i(int)g(accountNum;)168 794 y(long)g(balance;)103
893 y(public:)168 943 y(//)h(Exception)e(classes.)168
993 y(struct)h(InvalidAccountNu)o(m)e({)234 1043 y(const)h(int)i(num;)
234 1092 y(InvalidAccountNu)o(m\(in)o(t)d(i\))i(:)h(num\(i\))f({)g(};)
168 1142 y(};)168 1242 y(struct)g(InvalidAccountTy)o(pe)e({)234
1292 y(const)h(int)i(type;)234 1341 y(InvalidAccountTy)o(pe\(i)o(nt)d
(i\))i(:)h(type\(i\))e({)i(};)168 1391 y(};)168 1491
y(struct)f(InsufficientFund)o(s)e({)234 1541 y(const)h(long)h(bal;)234
1591 y(InsufficientFund)o(s\(lo)o(ng)e(i\))i(:)h(bal\(i\))e({)i(};)168
1640 y(};)168 1740 y(struct)f(NegativeAmount)e({)234
1790 y(const)h(long)h(amt;)234 1840 y(NegativeAmount\(l)o(ong)d(i\))k
(:)f(amt\(i\))g({)h(};)168 1889 y(};)168 1989 y(//)g(Interface)168
2039 y(virtual)f(void)g(Deposit\(long)e(amount\))234
2089 y(throw\(NegativeAm)o(ount)o(\);)168 2138 y(virtual)i(void)g
(Withdraw\(long)e(amount\))234 2188 y(throw\(NegativeAm)o(ount)f(,)k
(InsufficientFunds)c(\);)168 2238 y(Account\(AccountType)o(s)h(type,)i
(int)g(num,)g(long)g(bal)g(=)h(0\))234 2288 y(throw\(InvalidAcc)o(ount)
o(Num,)c(InvalidAccountType\);)37 2338 y(};)37 2437 y(#endif)j(/*)g
(ACCOUNT_HH)f(*/)585 2570 y Fn(Figure)14 b(1:)k(A)c(Bank)g(Accoun)o(t)g
(Class)g(Declaration)p eop
%%Page: 5 5
5 4 bop 37 246 a Fm(specification)20 b(AccountSpec)37
295 y({)37 345 y(#include)h("account.hh")103 445 y(void)g
(Account::Deposit\()o(long)d(amount\))j(throw\(Account::N)o(egat)o
(iveAm)o(ount)d(na\))103 495 y(semantics)103 544 y([)j(abnormal)g(:=)g
(thrown\(na\);)e(])103 594 y({)168 644 y(\(amount)i(<)g(0\))h(<:>)f
(thrown\(na\);)168 694 y(normal)g(==>)g(balance)f(==)i(@balance)e(+)h
(amount;)168 744 y(abnormal)f(==>)i(unchanged\(balan)o(ce\);)103
794 y(};)103 893 y(void)f(Account::Withdraw)o(\(lon)o(g)e(amount\))168
943 y(throw\(Account::Nega)o(tive)o(Amoun)o(t)g(na,)i
(Account::Insuffici)o(entFu)o(nds)e(isf\))103 993 y(semantics)103
1043 y([)i(abnormal)g(:=)g(thrown\(na\))f(||)h(thrown\(isf\);)e(])103
1092 y({)168 1142 y(\(amount)i(>)g(@balance\))42 b(<:>)21
b(thrown\(isf\);)168 1192 y(amount)g(<)g(0)240 b(<:>)21
b(thrown\(na\);)168 1292 y(thrown\(isf\))f(==>)h(\(isf.bal)f(==)h
(balance\);)168 1341 y(thrown\(na\))42 b(==>)21 b(\(na.amt)f(==)i
(amount\);)168 1441 y(if)g(\(abnormal\))d({)j(unchanged\(balance)o(\);)
d(})168 1491 y(else)i({)h(balance)e(==)i(@balance)e(-)h(amount;)g(};)
103 1541 y(};)103 1640 y(Account::Account\()o(Accou)o(ntTy)o(pes)e
(type,)h(int)i(num,)f(long)g(bal\))168 1690 y(throw\(Account::Inva)o
(lidA)o(ccoun)o(tNum)d(ian,)299 1740 y(Account::InvalidA)o(ccoun)o
(tType)g(iat\))103 1790 y(semantics)103 1840 y({)168
1889 y(\(num)j(<)h(1)f(||)h(num\))f(>)g(MAX_ACCOUNT_NUM)84
b(<:>)22 b(thrown\(ian\);)168 1939 y(\(type)f(!=)g(CHECKING)g(&&)g
(type)g(!=)g(SAVINGS\))f(<:>)i(thrown\(iat\);)168 2039
y(thrown\(ian\))e(==>)h(\(ian.num)f(==)h(num\);)168 2089
y(thrown\(iat\))f(==>)h(\(iat.type)f(==)h(type\);)168
2188 y(if)h(\(normal\))e({)234 2238 y(accountNum)f(==)j(num;)f
(accountType)e(==)j(type;)e(balance)h(==)g(bal;)168 2288
y(};)103 2338 y(};)37 2388 y(};)534 2520 y Fn(Figure)14
b(2:)k(A)c(Sp)q(eci\014cation)g(of)f(a)h(Bank)g(Accoun)o(t)h(Class)p
eop
%%Page: 6 6
6 5 bop 37 74 a Fm(with)21 b([AccountSpec])f(//)h(Inherit)f(the)h
(previous)g(specification)37 124 y(specification)f(NewAccountSpec)37
174 y({)103 223 y(class)h(OverdraftAccount)d(:)k(public)e(Account)h({)
168 273 y(long)g(maxOverDraft;)41 b(//)21 b(Max)h(overdraft)e(allowed)g
(\(can)h(change\))168 323 y(long)g(overDraft;)107 b(//)21
b(How)h(much)f(overdrawn)146 423 y(public)g(:)168 472
y(OverdraftAccount\(Ac)o(coun)o(tType)o(s)e(type,)i(int)g(num,)g(long)g
(bal\))212 522 y(:)g(Account\(type,)f(num,)g(bal)i(+)f(maxOverDraft\))e
({)234 572 y(overDraft)h(=)h(0;)168 622 y(};)168 722
y(void)g(Withdraw\(long)e(amount\))i(throw\(Account::N)o(egati)o(veAm)o
(ount)d(na,)887 771 y(Account::Insufficie)o(ntFun)o(ds)h(isf\))168
821 y(semantics)h({)234 871 y(if)h(\(normal)f(&&)i(bal)f(<)g
(maxOverDraft\))f({)299 921 y(overDraft)g(==)h(maxOverDraft)f(-)h(bal;)
234 971 y(};)168 1020 y(};)103 1070 y(};)37 1120 y(};)391
1253 y Fn(Figure)14 b(3:)k(A)c(Sp)q(eci\014cation)g(Using)g
(Inheritance)h(and)e(Virtual)h(F)m(unctions)37 1385 y(whic)o(h)g
(inherits)g(from)d(the)k Fl(A)n(c)n(c)n(ount)e Fn(class.)19
b(It)13 b(allo)o(ws)f(an)37 1435 y(o)o(v)o(erdraft)h(upto)f(a)h
(certain)g(amoun)o(t)d(whic)o(h)j(can)f(c)o(hange.)37
1485 y(Therefore)17 b(the)f(new)g Fl(Withdr)n(aw)f Fn(metho)q(d)g(will)
f(sa)o(y)i(ho)o(w)37 1535 y(the)k(v)n(alue)f(of)g(the)h(v)n(ariable)e
Fl(over)n(dr)n(aft)g Fn(c)o(hanges)i(if)f(the)37 1585
y(accoun)o(t)d(is)f(b)q(eing)g(o)o(v)o(erdra)o(wn.)22
b(Since)16 b(it)e(is)h(virtual,)f(b)o(y)37 1635 y(our)19
b(seman)o(tics)f(it)h(automatically)c(inherits)k(the)g(sp)q(eci-)37
1684 y(\014cation)e(giv)o(en)g(in)f(the)i(base)g(class)f(and)g
(therefore)i(it)d(is)37 1734 y(not)d(necessary)h(to)e(sp)q(ecify)h
(that)f(part.)18 b(In)12 b(this)g(case,)i(the)37 1784
y(v)n(ariable)i Fl(b)n(alanc)n(e)h Fn(merely)e(denotes)j(the)f(amoun)o
(t)d(a)o(v)n(ail-)37 1834 y(able)g(for)g(withdra)o(w)o(al,)e(not)i(the)
g(real)g(balance.)79 1892 y(Another)g(common)c(use)k(of)e(virtual)g
(functions)h(in)g(C)p Fm(++)37 1942 y Fn(is)22 b(the)g(sp)q
(eci\014cation)g(of)f(abstract)i(classes.)42 b(The)22
b(ab-)37 1992 y(stract)g(prop)q(erties)h(can)e(b)q(e)h(sp)q(eci\014ed)g
(for)f(the)g(virtual)37 2041 y(functions)f(in)g(the)g(abstract)h(class)
f(and)g(in)f(the)h(imple-)37 2091 y(men)o(tation)f(classes,)j(these)g
(functions)e(w)o(ould)f(ha)o(v)o(e)h(to)37 2141 y(ob)q(ey)c(all)e
(those)j(prop)q(erties)f(automatically)d(b)q(ecause)k(of)37
2191 y(the)e(seman)o(tic)e(constrain)o(ts)i(imp)q(osed)d(b)o(y)i(ADL/C)
p Fm(++)p Fn(.)79 2249 y(This)h(seman)o(tics)h(can)f(also)g(b)q(e)h
(useful)g(to)f(sp)q(ecify)i(the)37 2299 y(b)q(eha)o(viors)12
b(for)g(sp)q(ecializations)f(if)g(the)i(sup)q(erclass)g(sp)q(eci-)37
2349 y(\014cation)f(is)g(not)g(o)o(v)o(erly)g(constrained.)18
b(F)m(or)12 b(example,)f(the)37 2398 y(sorting)k(functions)f(sp)q
(eci\014ed)i(in)e(Section)g(5)g(can)h(b)q(e)g(eas-)37
2448 y(ily)10 b(sp)q(eci\014ed)i(using)f(C)p Fm(++)f
Fn(inheritance)h(b)o(y)g(appropriately)37 2498 y(making)e(the)i
(\014rst)h(sort)f(function)g(a)f(virtual)g(mem)o(b)q(er)f(of)h(a)37
2548 y(class)i(and)f(then)h(rede\014ning)g(it)e(as)i(a)e(stable)i(sort)
g(function)37 2598 y(in)i(a)g(sub)q(class.)21 b(This)14
b(is)g(p)q(ossible)h(b)q(ecause)h(the)f(original)37 2647
y(sort)h(function)f(do)q(es)h(not)f(sa)o(y)g(an)o(ything)f(ab)q(out)h
(the)h(rel-)37 2697 y(ativ)o(e)i(order)g(of)f(elemen)o(ts)h(with)f
(equal)h(k)o(ey)f(and)h(hence)1031 1385 y(the)c(sub)q(class)h(has)f
(the)g(freedom)e(to)i(add)f(the)h(extra)g(con-)1031 1435
y(strain)o(t.)1073 1493 y(The)f(idea)f(here)i(is)f(to)f(imp)q(ose)g
(some)g(discipline)g(on)h(in-)1031 1543 y(heritance)20
b(\(whic)o(h)e(C)p Fm(++)g Fn(do)q(esn't\))h(so)g(that)f(some)f(kind)
1031 1593 y(of)j(subt)o(yping)g(is)g(ac)o(hiev)o(ed.)37
b(Our)21 b(curren)o(t)g(seman)o(tics)1031 1643 y(for)c(virtual)g
(functions)h(is)f(inspired)h(b)o(y)f(the)h(b)q(eha)o(vioral)1031
1693 y(notion)j(of)f(subt)o(yping)h(describ)q(ed)i(in)e([6)o(])f(and)h
(a)g(simi-)1031 1742 y(lar)14 b(sc)o(heme)h(called)f
Fl(we)n(ak)h(b)n(ehavior)n(al)g(subtyping)g Fn(is)f(sup-)1031
1792 y(p)q(orted)h(in)e(Larc)o(h/C)p Fm(++)h Fn([5)o(].)1031
1921 y Fb(3.2)56 b(Exceptions)1031 2006 y Fn(ADL/C)p
Fm(++)24 b Fn(allo)o(ws)g(the)h(sp)q(eci\014cation)h(of)e(exceptions)
1031 2056 y(that)14 b(can)h(b)q(e)f(thro)o(wn)g(b)o(y)g(a)g(function.)k
(In)c(the)h(seman)o(tic)1031 2106 y(sp)q(eci\014cations)22
b(of)d(functions,)i(exceptions)h(can)e(b)q(e)h(ex-)1031
2156 y(plicitly)15 b(used)h(\(see)h(the)f(next)h(Section\).)23
b(C)p Fm(++)16 b Fn(do)q(es)g(not)1031 2205 y(allo)o(w)e(exceptions)i
(to)f(b)q(e)h(named)d(in)i(the)h(thro)o(w)f(clause.)1031
2255 y(Ho)o(w)o(ev)o(er,)d(in)f(ADL/C)p Fm(++)p Fn(,)f(they)h(can)h(b)q
(e)f(named)f(just)i(lik)o(e)1031 2305 y(other)23 b(parameters,)g(and)e
(can)h(b)q(e)h(used)f(in)f(the)i(p)q(ost-)1031 2355 y(condition.)43
b(W)m(e)22 b(feel)g(this)g(will)f(mak)o(e)g(sp)q(eci\014cations)1031
2405 y(more)9 b(readable)i(than)f(the)h(corresp)q(onding)g(C)p
Fm(++)f Fn(co)q(de)g(b)q(e-)1031 2455 y(cause)18 b(no)o(w)e(users)i
(can)f(name)e(exceptions)j(in)e(a)g(w)o(a)o(y)g(as)1031
2504 y(to)f(re\015ect)h(the)f(nature)g(of)f(the)i(exception.)k(In)15
b(the)g(bank)1031 2554 y(accoun)o(t)j(example)f(ab)q(o)o(v)o(e,)h
(instead)g(of)f(using)h(separate)1031 2604 y(exceptions,)12
b(if)e(the)h(class)g(designer)g(decided)g(to)g(thro)o(w)f(an)1031
2654 y(exception)i(of)e(t)o(yp)q(e)i Fl(long)f Fn(in)f(case)i
Fl(amount)g Fn(is)e(negativ)o(e,)h(it)1031 2704 y(can)16
b(b)q(e)g(named)f(appropriately)g(\(sa)o(y)m(,)p Fl(ne)n(gativeA)o
(mount)p Fn(\))p eop
%%Page: 7 7
7 6 bop 37 45 a Fn(to)22 b(re\015ect)i(this)e(fact)g(in)g(the)g(b)q
(eha)o(vior)g(sp)q(eci\014cation.)37 95 y(W)m(e)13 b(also)f(extended)i
(the)f(C)p Fm(++)g Fn(exception)g(declaration)f(to)37
145 y(sp)q(ecify)i(things)g(lik)o(e)e(no)h(exception)h(can)g(b)q(e)g
(thro)o(wn)f(and)37 195 y(an)o(y)h(exception)h(can)f(b)q(e)g(thro)o
(wn.)79 253 y(The)j(seman)o(tics)f(of)g(exception)h(sp)q(eci\014cation)
h(is)e(that)37 302 y(an)o(y)11 b(implem)o(en)o(tation)c(can)k(thro)o(w)
g Fl(at)g(most)g Fn(those)g(excep-)37 352 y(tions)17
b(listed)f(in)g(the)i(thro)o(w)e(clause.)26 b(It)17 b(can)g(not)f(thro)
o(w)37 402 y(an)o(ything)d(that)h(is)g(not)f(men)o(tioned.)k(Note)d
(that)g(in)f(C)p Fm(++)p Fn(,)37 452 y(the)h(thro)o(w)f(list)g(that)g
(follo)o(ws)e(a)i(function)g(declaration)f(is)37 502
y(just)f(informational)c(and)j(the)h(function)f(can)g(thro)o(w)h(other)
37 552 y(t)o(yp)q(es)k(of)f(exceptions)h(not)e(listed)h(there.)79
610 y(In)h(the)g(p)q(ost-condition,)f(tests)i(can)f(b)q(e)h(made)d(for)
i(the)37 659 y(presence)h(of)d(exceptions)h(using)f(the)h
Ff(thro)o(wn)d Fn(op)q(erator.)37 709 y(Exception)j(v)n(alues)f(can)g
(b)q(e)g(used)h(just)f(lik)o(e)g(normal)e(data)37 759
y(v)n(alues)16 b(except)i(that)e(it)g(is)g(illegal)e(to)i(use)h(an)e
(exception)37 809 y(when)g(it)e(is)h(not)f(thro)o(wn.)18
b(Similarly)m(,)10 b(it)j(is)h(illegal)e(to)h(use)37
859 y(an)k(exception)h(in)e(the)h(call)f(state.)28 b(It)17
b(is)f(also)h(illegal)d(to)37 909 y(use)f(the)f(return)h(v)n(alue)e(in)
g(case)i(an)f(exception)g(is)g(thro)o(wn.)79 967 y(In)92
b(the)h(example,)111 b(the)93 b(seman)o(tics)37 1016
y(for)18 b Fl(A)n(c)n(c)n(ount::Withdr)n(aw)f Fn(sp)q(eci\014es)j(that)
e(it)g(can)g(thro)o(w)37 1066 y Fl(Insu\016cientF)m(unds)i
Fn(and)e Fl(Ne)n(gativeA)o(mount)h Fn(exceptions)37 1116
y(to)f(signal)e(abnormal)f(termination.)27 b(It)17 b(also)g(sa)o(ys)g
(that)37 1166 y(if)g(the)h Fl(Insu\016cientF)m(unds)h
Fn(exception)f(is)f(thro)o(wn,)i(then)37 1216 y(the)13
b(v)n(alue)f(of)g(its)g(data)g(mem)o(b)q(er)e Fl(b)n(al)i
Fn(should)h(b)q(e)f(equal)g(to)37 1266 y Fl(b)n(alanc)n(e)p
Fn(.)79 1324 y(Note)17 b(that)f(exception)g(conditions)g(need)h(not)f
(alw)o(a)o(ys)37 1373 y(b)q(e)e(part)f(of)g(the)g(abnormal)e(section)j
(of)e(function)h(seman-)37 1423 y(tics.)35 b(Since)20
b(exceptions)g(can)g(also)f(b)q(e)g(used)i(for)e(com-)37
1473 y(m)o(unication,)h(they)h(can)g(b)q(e)g(used)h(as)e(part)h(of)f
(normal)37 1523 y(b)q(eha)o(vior)f(also.)34 b(F)m(or)19
b(example,)g(a)g(read)g(metho)q(d)g(of)f(a)37 1573 y(\014le)c(class)g
(ma)o(y)e(thro)o(w)i(an)f(exception)h(to)g(signal)e(an)i(end-)37
1623 y(of-\014le.)32 b(But,)20 b(usually)d(it)i(is)f(not)h(abnormal)d
(b)q(eha)o(vior.)37 1672 y(On)f(the)f(other)g(hand,)f(if)g(the)i
(\014le)e(is)h(not)f(op)q(en,)h(then)h(the)37 1722 y(exception)k(thro)o
(wn)f(usually)f(signals)g(abnormal)e(termi-)37 1772 y(nation.)37
1909 y Fb(3.3)56 b(Access)19 b(Con)n(trol)37 1996 y Fn(W)m(e)10
b(en)o(visage)f(the)i(use)f(of)f(ADL/C)p Fm(++)g Fn(for)g(giving)f
(detailed)37 2046 y(sp)q(eci\014cations)21 b(for)e(implem)o(en)o
(tations)e(also,)i(therefore,)37 2096 y(ADL/C)p Fm(++)24
b Fn(ignores)h(all)f(access)j(restrictions.)52 b(This,)37
2145 y(w)o(e)16 b(b)q(eliev)o(e,)g(will)e(giv)o(e)h(the)i(implem)o(en)o
(tor)c(\015exibilit)o(y)h(to)37 2195 y(sp)q(ecify)h(and)f(test)i(the)f
(implemen)o(tati)o(ons)d(without)i(ha)o(v-)37 2245 y(ing)i(to)f(w)o
(orry)h(ab)q(out)g(access)h(p)q(ermissions.)24 b(This)15
b(giv)o(es)37 2295 y(the)j(abilit)o(y)d(to)i(lo)q(ok)f(at)h(\(but)h
(not)f(to)g(mo)q(dify\))d(priv)n(ate)37 2345 y(data)h(not)f(accessible)
i(to)e(a)g(function)g(to)h(do)f(test)h(v)n(alida-)37
2394 y(tion.)37 2552 y Fo(4)67 b(Syn)n(tax)24 b(and)f(Seman)n(tics)37
2654 y Fn(Muc)o(h)11 b(of)e(ADL/C)p Fm(++)g Fn(syn)o(tax)h(includes)g
(C)p Fm(++)g Fn(syn)o(tax,)g(but)37 2704 y(it)21 b(also)e(has)i(some)e
(syn)o(tactic)i(constructs)i(of)d(its)g(o)o(wn.)1031
45 y(W)m(e)13 b(will)f(describ)q(e)j(the)e(ADL/C)p Fm(++)p
Fn(-sp)q(eci\014c)h(syn)o(tax)f(and)1031 95 y(seman)o(tics)h(in)f
(detail)g(in)h(the)g(follo)o(wing)e(subsections.)1031
221 y Fb(4.1)56 b(Sp)r(eci\014cation)17 b(Structure)1031
306 y Fl(ad)r(l)p 1089 306 13 2 v 16 w(sp)n(e)n(ci\014c)n(ation)d
Fn(::=)1162 356 y Fd(f)g Fl(with)p 1276 356 V 14 w(clause)g
Fd(g)1162 405 y Ff(sp)q(eci\014cation)27 b Fl(sp)n(e)n(c)p
1523 405 V 15 w(name)1162 455 y Fn(\\)p Fd(f)p Fn(")13
b(\()h Fl(annontate)n(d)p 1469 455 V 17 w(de)n(clar)n(ation)28
b Fn(\))14 b(+)g(\\)p Fd(g)p Fn(;")1073 563 y(Ev)o(ery)28
b(sp)q(eci\014cation)g(has)g(a)f(name)g(and)g(consists)1031
613 y(of)d(one)g(or)g(more)f(annotated)h(declarations,)i(that)e(is,)
1031 663 y(C)p Fm(++)15 b Fn(declarations)h(optionally)e(annon)o(tated)
i(b)o(y)f(b)q(eha)o(v-)1031 713 y(ior)h(sp)q(eci\014cations.)27
b(A)o(t)16 b(presen)o(t,)i(w)o(e)f(require)g(that)f(the)1031
762 y(name)f(of)g(the)h(\014le)f(b)q(e)i(same)d(as)i(the)g(name)f(of)f
(the)j(sp)q(ec-)1031 812 y(i\014cation)k(with)f Ff(.adl)p
Fm(++)g Fn(as)h(the)h(\014le)f(name)f(extension.)1031
862 y(ADL/C)p Fm(++)13 b Fn(is)h(case-sensitiv)o(e)h(just)f(lik)o(e)g
(C)p Fm(++)f Fn(is.)1073 920 y(An)e(ADL/C)p Fm(++)g Fn(sp)q
(eci\014cation)g(can)h(also)f(imp)q(ort)e(other)1031
970 y(ADL/C)p Fm(++)k Fn(sp)q(eci\014cations)i(using)f(the)g
Ff(with)f Fn(clause.)1031 1070 y Fl(with)p 1110 1070
V 15 w(clause)29 b Fn(::=)1162 1119 y Ff(with)g Fn(\\[")12
b(\()i Fl(sp)n(e)n(c)p 1456 1119 V 16 w(name)29 b Fn(\))1271
1169 y(\()14 b(\\,")f Fl(sp)n(e)n(c)p 1443 1169 V 15
w(name)30 b Fn(\))14 b(*)f(\\]")1073 1277 y(A)k(sp)q(eci\014cation)g
(can)g(use)h(all)e(the)h(declarations)g(and)1031 1327
y(an)o(y)9 b(annotations)g(from)f(an)o(y)h(of)f(the)i(sp)q
(eci\014cations)h(listed)1031 1377 y(in)j(the)g Ff(with)f
Fn(clause.)1031 1503 y Fb(4.2)56 b(Declarations)1031
1588 y Fn(All)15 b(C)p Fm(++)g Fn(declarations)h(lik)o(e)f(t)o(yp)q
(edefs,)h(classes,)h(en)o(ums,)1031 1638 y(v)n(ariable)22
b(declarations)h Fl(etc.)44 b Fn(can)23 b(b)q(e)h(presen)o(t)g(in)e(an)
1031 1687 y(ADL/C)p Fm(++)17 b Fn(sp)q(eci\014cation.)31
b(T)m(o)17 b(facilitate)g(users)j(to)e(in-)1031 1737
y(clude)d(\\real")e(C)p Fm(++)g Fn(header)i(\014les,)f(w)o(e)g(allo)o
(w)e(inline)h(func-)1031 1787 y(tion)i(de\014nitions)g(to)g(b)q(e)h
(presen)o(t)h(in)e(ADL/C)p Fm(++)f Fn(sp)q(eci\014-)1031
1837 y(cations.)k(A)o(t)c(presen)o(t,)h(only)e(function)g(declarations)
h(can)1031 1887 y(b)q(e)h(annotated)f(to)g(giv)o(e)f(b)q(eha)o(vior)g
(descriptions.)1031 1986 y Fl(annontate)n(d)p 1232 1986
V 17 w(de)n(clar)n(ation)28 b Fn(::=)1162 2036 y Fl(C)p
Fm(++)p 1239 2036 V 15 w Fl(de)n(clar)n(ation)1118 2086
y Fd(j)36 b Fl(auxiliary)p 1327 2086 V 15 w(de)n(clar)n(ation)1118
2136 y Fd(j)g Fl(C)p Fm(++)p 1243 2136 V 14 w Fl(function)p
1405 2136 V 16 w(de)n(clar)n(ation)15 b(annotation)1073
2244 y(C)p Fm(++)p 1150 2244 V 14 w Fl(de)n(clar)n(ation)d
Fn(is)g(an)o(y)f(v)n(alid)g(C)p Fm(++)g Fn(declaration)h(and)1031
2293 y Fl(C)p Fm(++)p 1108 2293 V 15 w Fl(function)p
1271 2293 V 16 w(de)n(clar)n(ation)e Fn(is)i(a)e(C)p
Fm(++)h Fn(function)g(declara-)1031 2343 y(tion)j(without)f(the)i
Ff(thro)o(w)d Fn(clause.)1031 2469 y Fb(Annotations)1031
2554 y Fn(An)29 b(annotation)e(consists)i(of)f(ADL/C)p
Fm(++)f Fn(exception)1031 2604 y(sp)q(eci\014cations,)22
b(binding)d(de\014nitions)i(for)e(normal)f(and)1031 2654
y(abnormal)9 b(b)q(eha)o(vior)i(of)g(the)g(function,)g(and)g(a)g(list)g
(of)f(for-)1031 2704 y(m)o(ulas)i(that)i(describ)q(e)i(the)e(b)q(eha)o
(vior)g(of)f(the)i(function.)p eop
%%Page: 8 8
8 7 bop 37 95 a Fl(annontation)16 b Fn(::=)168 145 y
Fd(f)e Fl(ad)r(l)p 261 145 13 2 v 15 w(exc)n(eption)p
442 145 V 16 w(sp)n(e)n(c)g Fd(g)168 195 y Ff(seman)o(tics)168
244 y Fd(f)g Fl(b)n(ehavior)p 355 244 V 15 w(de\014nitions)h
Fd(g)168 294 y Fl(gr)n(oup)p 270 294 V 16 w(expr)n(ession)f
Fn(\\;")37 394 y Fl(ad)r(l)p 95 394 V 16 w(exc)n(eption)p
277 394 V 16 w(sp)n(e)n(c)g Fn(::=)168 444 y Ff(thro)o(w)f
Fd(f)g Fn(\()h(exception)p 541 444 V 16 w(list)g(\))g
Fd(g)37 543 y Fl(exc)n(eption)p 206 543 V 16 w(list)f
Fn(::=)168 593 y Fl(p)n(ar)n(am)p 282 593 V 15 w(de)n(clar)n(ation)277
643 y Fn(\()h(\\,")f Fl(p)n(ar)n(am)p 488 643 V 15 w(de)n(clar)n(ation)
h Fn(\))g(*)125 693 y Fd(j)35 b Fn(\\...")37 792 y Fl(b)n(ehavior)p
189 792 V 16 w(de\014nitions)14 b Fn(::=)168 842 y(\\[")f(\()h(\()g
Ff(normal)e Fd(j)i Ff(abnormal)d Fn(\))277 892 y(\\:=")i(expression)i
(\\;")e(\))h(+)g(\\]")79 1000 y(As)h(men)o(tioned)e(earlier,)h(ADL/C)p
Fm(++)f Fn(exception)i(sp)q(ec-)37 1050 y(i\014cations)20
b(can)f(b)q(e)h(named.)34 b(So,)20 b(the)g(syn)o(tax)f(for)g(this)37
1099 y(is)e(same)f(as)h(that)g(of)g(a)g(C)p Fm(++)f Fn(formal)f
(parameter)h(decla-)37 1149 y(ration.)36 b(If)19 b(no)h(exception)g(is)
g(sp)q(eci\014ed)h(follo)o(wing)d(the)37 1199 y(thro)o(w)d(clause,)f
(then)h(the)g(function)f(can)h(not)f(thro)o(w)h(an)o(y)37
1249 y(exception.)k(If)13 b(there)i(is)f(a)f(\\...")k(in)c(the)h(thro)o
(w)g(list,)f(then)37 1299 y(the)i(function)f(can)g(thro)o(w)g(an)o(y)f
(exception.)79 1357 y(Note)e(that)g(all)f(the)h(v)n(ariables)f(used)i
(in)e(the)h(annotation)37 1407 y(part)20 b(are)g(program)e(v)n
(ariables)h(\(and)g(not)h(logical)d(v)n(ari-)37 1456
y(ables\).)79 1515 y(An)26 b(annotation)f(for)g(a)g(function)h(is)g
(lik)o(e)e(a)i(p)q(ost-)37 1564 y(condition,)14 b Fl(i.e.)p
Fn(,)f(all)g(the)i(expressions)h(except)f(call-state)37
1614 y(expressions)20 b(\(see)g(b)q(elo)o(w\))e(that)g(constitute)i
(the)e(group)37 1664 y(expression)c(will)d(b)q(e)j(ev)n(aluated)e
(using)g(the)h(v)n(alues)g(of)f(the)37 1714 y(v)n(ariables)i(after)g(a)
f(call)g(to)h(the)h(function.)79 1772 y(The)d(b)q(eha)o(vior)g
(de\014nitions)f(classify)h(the)g(b)q(eha)o(viors)g(of)37
1822 y(the)17 b(function)e(in)o(to)g(normal)f(and)h(abnormal)f(b)q(eha)
o(viors.)37 1872 y(If)e(neither)h(normal)c(nor)j(abnormal)d(b)q(eha)o
(vior)j(is)g(de\014ned,)37 1921 y(then)17 b(abnormal)c(defaults)i(to)g
(thro)o(wn\(...\))22 b(and)15 b(normal)37 1971 y(defaults)e(to)e(!thro)
o(wn\(...\).)16 b(If)c(only)f(of)h(normal)e(or)i(abnor-)37
2021 y(mal)f(b)q(eha)o(vior)i(is)g(de\014ned,)g(the)h(unde\014ned)g
(one)f(defaults)37 2071 y(to)g(the)f(negation)g(of)g(the)h(de\014ned)g
(one.)18 b(There)13 b(can)f(b)q(e)h(at)37 2121 y(most)h(one)h
(de\014nition)g(eac)o(h)g(for)g(normal)e(and)h(abnormal)37
2170 y(b)q(eha)o(viors)g(in)g(an)g(annotation.)37 2316
y Fb(Auxiliary)k(Declarations)37 2405 y Fn(Sometimes,)9
b(if)h(the)i(in)o(terface)f(or)g(class)g(declaration)f(do)q(es)37
2455 y(not)21 b(con)o(tain)f(enough)h(information)d(ab)q(out)j(the)g
(state,)37 2504 y(then)d(it)f(b)q(ecomes)h(necessary)h(to)e(ha)o(v)o(e)
h(some)e(auxiliary)37 2554 y(declarations)e(for)f(sp)q(eci\014cation)h
(purp)q(oses.)20 b(Since)14 b(these)37 2604 y(are)21
b(needed)g(only)e(for)g(sp)q(eci\014cation,)i(but)f(not)g(a)f(part)37
2654 y(of)f(the)g(original)f(declarations,)h(ADL/C)p
Fm(++)f Fn(pro)o(vides)h(a)37 2704 y(mec)o(hanism)12
b(to)i(declare)h(them)e(as)h(auxiliaries.)1031 95 y Fl(auxiliary)p
1192 95 V 15 w(de)n(clar)n(ation)29 b Fn(::=)1162 145
y Ff(auxiliary)12 b Fn(\\)p Fd(f)p Fn(")1285 195 y(\()i
Fl(C)p Fm(++)p 1392 195 V 14 w Fl(de)n(clar)n(ation)g
Fn(\))g(*)g(\\)p Fd(g)p Fn(;")1031 382 y Fb(4.3)56 b(Expressions)1031
469 y Fn(The)22 b(expression)g(language)f(includes)g(the)h
(side-e\013ect-)1031 519 y(free)g(subset)g(of)e(the)i(C)p
Fm(++)e Fn(expression)i(language.)38 b(All)1031 569 y(forms)13
b(of)g(C)p Fm(++)h Fn(assignmen)o(t)f(op)q(erators,)h(incremen)o(t)g
(and)1031 619 y(decremen)o(t)d(op)q(erators)h(and)e(an)o(y)g(o)o(v)o
(erloaded)g(v)o(ersions)h(of)1031 669 y(these)16 b(are)f(excluded.)20
b(Ho)o(w)o(ev)o(er,)15 b(ADL/C)p Fm(++)e Fn(do)q(es)i(ha)o(v)o(e)1031
718 y(the)g(function-call)e(op)q(erator.)20 b(W)m(e)14
b(pro)o(vided)g(this)h(to)f(fa-)1031 768 y(cilitate)d(testing.)18
b(One)12 b(should)g(b)q(e)g(v)o(ery)f(careful)h(in)f(using)1031
818 y(function)i(calls)h(as)f(there)i(can)f(b)q(e)g(side-e\013ects)h
(in)e(the)i(in-)1031 868 y(v)o(ok)o(ed)i(functions.)28
b(ADL/C)p Fm(++)16 b Fn(also)h(has)g(some)g(sp)q(ecial)1031
918 y(op)q(erators)e(of)e(its)h(o)o(wn.)1031 1017 y Fl(expr)n(ession)g
Fn(::=)1162 1067 y Fl(C)p Fm(++)p 1239 1067 V 15 w Fl(expr)n(ession)
1118 1117 y Fd(j)36 b Fl(ad)r(l)p 1224 1117 V 15 w(expr)n(ession)1031
1217 y(ad)r(l)p 1089 1217 V 16 w(expr)n(ession)14 b Fn(::=)1162
1266 y Fl(gr)n(oup)p 1264 1266 V 15 w(expr)n(ession)1118
1316 y Fd(j)36 b Fl(c)n(al)r(l)p 1231 1316 V 14 w(state)p
1330 1316 V 16 w(expr)n(ession)1118 1366 y Fd(j)g Fl(ad)r(l)p
1224 1366 V 15 w(lo)n(gic)n(al)p 1350 1366 V 15 w(expr)n(ession)1118
1416 y Fd(j)g Fl(quanti\014e)n(d)p 1342 1416 V 16 w(expr)n(ession)1118
1466 y Fd(j)g Fl(thr)n(own)p 1292 1466 V 14 w(expr)n(ession)1118
1515 y Fd(j)g Fl(unchange)n(d)p 1355 1515 V 17 w(expr)n(ession)1118
1565 y Fd(j)g Fl(b)n(ehavior)p 1318 1565 V 15 w(expr)n(ession)1118
1615 y Fd(j)g Ff(return)1118 1665 y Fd(j)g Ff(normal)1118
1715 y Fd(j)g Ff(abnormal)1073 1823 y Fn(W)m(e)19 b(will)f(no)o(w)h
(describ)q(e)i(the)f(v)n(arious)f(ADL-sp)q(eci\014c)1031
1872 y(expressions.)1031 2010 y Fb(Group)g(Expressions)1031
2098 y Fl(gr)n(oup)p 1133 2098 V 16 w(expr)n(ession)14
b Fn(::=)1162 2147 y(\\)p Fd(f)p Fn(")f(\()h Fl(binding)g
Fn(\))g(*)1227 2197 y(\()g Fl(lab)n(els)g Fd(f)f Fl(tags)h
Fd(g)1227 2247 y Fl(expr)n(ession)h Fn(\\;")d(\))i(*)g(\\)p
Fd(g)p Fn(")1031 2347 y Fl(lab)n(els)g Fn(::=)1176 2396
y(\()g(IDENTIFIER)g(\\:")j(\))i(*)1031 2496 y Fl(tags)14
b Fn(::=)1162 2546 y(\\[")f(IDENTIFIER)1227 2596 y(\()h(\\,")f
(IDENTIFIER)h(\))g(*)g(\\]")1073 2704 y(A)h(group)f(expression)i(is)f
(a)f(semicolon)f(separated)j(list)p eop
%%Page: 9 9
9 8 bop 37 45 a Fn(of)12 b(expressions.)20 b(Eac)o(h)12
b(of)g(these)i(expressions)g(should)f(b)q(e)37 95 y(a)g(b)q(o)q(olean)g
(expression)h(and)f(the)h(t)o(yp)q(e)g(of)e(the)i(group)f(ex-)37
145 y(pression)j(is)e(also)f(b)q(o)q(olean.)19 b(The)c(seman)o(tics)f
(of)f(a)h(group)37 195 y(expression)k(is)e(the)g(conjunction)g(of)f
(the)i(list)f(of)f(expres-)37 244 y(sions)f(that)f(constitutes)i(the)f
(group.)j(Note)d(that)f(the)h(ex-)37 294 y(pressions)k(can)e(b)q(e)h
(ev)n(aluated)f(in)g(an)o(y)f(order)i(and)f(a)g(\\;")37
344 y(do)q(es)f(not)f(denote)h(sequencing,)f(but)g(conjunction.)79
402 y(Expressions)g(in)e(a)g(group)g(can)g(b)q(e)h(giv)o(en)f(names)f
(using)37 452 y(lab)q(els.)30 b(The)18 b(tags)f(are)h(used)h(b)o(y)e
(to)q(ols)h(for)f(generating)37 502 y(rep)q(orts)f(in)d(case)i(of)e
(testing.)37 630 y Fb(Bindings)37 715 y Fn(Since)24 b(assignmen)o(t)e
(expressions)j(are)e(not)g(allo)o(w)o(ed)f(in)37 765
y(ADL/C)p Fm(++)p Fn(,)17 b(a)g(set)h(of)f(v)n(ariables)g(can)g(b)q(e)h
(declared)g(and)37 815 y(initialized)10 b(in)h(a)g(group)h(expression)g
(using)f(the)h(bindings.)37 915 y Fl(binding)j Fn(::=)182
964 y Ff(assign)d Fn(\()i Fl(lo)n(c)n(al)p 432 964 13
2 v 15 w(variables)g Fn(\))g Ff(with)247 1014 y Fn([)g(IDENTIFIER)g
(\\:=")f(])g Fl(expr)n(ession)79 1122 y Fn(Th)o(us,)22
b(a)d(binding)h(has)g(a)g(list)g(of)f(v)n(ariable)g(declara-)37
1172 y(tions,)f(optionally)e(initializing)f(one)j(of)f(those)h
(declared)37 1222 y(v)n(ariables)c(using)f(an)h(expression.)37
1350 y Fb(Call-State)k(Expressions)37 1436 y Fl(c)n(al)r(l)p
102 1436 V 15 w(state)p 202 1436 V 15 w(expr)n(ession)d
Fn(::=)168 1485 y(\\@")f Fl(expr)n(ession)79 1543 y Fn(A)g(call-state)g
(expression)h(in)e(the)i(b)q(eha)o(vior)e(sp)q(eci\014ca-)37
1593 y(tion)i(of)g(a)g(function)h(is)f(one)h(whic)o(h)f(is)g(ev)n
(aluated)g(b)q(efore)37 1643 y(a)k(call)g(to)g(that)g(function.)34
b(Naturally)m(,)18 b(it)h(can)g(not)h(b)q(e)37 1693 y(applied)15
b(to)f(expressions)j(lik)o(e)d Ff(return)e Fn(since)k(they)f(ha)o(v)o
(e)37 1743 y(meaning)d(only)g(after)h(a)g(call)f(to)h(the)h(function)f
(and)f(using)37 1793 y(it)f(with)g(a)f(v)n(alue)h(parameter)f(has)h(no)
g(e\013ect.)19 b(The)11 b(t)o(yp)q(e)h(of)37 1842 y(a)j(call-state)f
(expression)h Fl(@e)f Fn(is)h(the)f(same)g(t)o(yp)q(e)h(as)f(that)37
1892 y(of)g Fl(e)p Fn(.)37 2020 y Fb(Logical)k(Expressions)37
2106 y Fn(Ev)o(en)e(though)e(C)p Fm(++)h Fn(has)f(logical)f
(expressions,)k(they)e(are)37 2156 y(short-circuited.)k(So,)11
b(ADL)f(has)h(sp)q(ecial)g(syn)o(tax)g(for)f(log-)37
2205 y(ical)k(op)q(erations)g(that)g(are)g(not)g(short-circuited.)37
2305 y Fl(lo)n(gic)n(al)p 151 2305 V 15 w(expr)n(ession)g
Fn(::=)168 2355 y Fl(expr)n(ession)g Ff(and)f Fl(expr)n(ession)125
2405 y Fd(j)35 b Fl(expr)n(ession)14 b Ff(or)f Fl(expr)n(ession)125
2455 y Fd(j)35 b Fl(expr)n(ession)14 b Fn(\\)p Fm(==>)p
Fn(")f Fl(expr)n(ession)125 2504 y Fd(j)35 b Fl(expr)n(ession)14
b Fn(\\)p Fm(<==)p Fn(")f Fl(expr)n(ession)125 2554 y
Fd(j)35 b Fl(expr)n(ession)14 b Fn(\\)p Fm(<==>)p Fn(")e
Fl(expr)n(ession)125 2604 y Fd(j)35 b Fl(expr)n(ession)14
b Fn(\\)p Fm(<:>)p Fn(")f Fl(expr)n(ession)125 2654 y
Fd(j)35 b Ff(if)13 b Fn(\\\(")g Fl(expr)n(ession)h Fn("\)")g
Fl(gr)n(oup)p 658 2654 V 15 w(expr)n(ession)168 2704
y Fn(\()g Ff(elsif)e Fn(\\\(")h Fl(expr)n(ession)h Fn(\\\)")1227
45 y Fl(gr)n(oup)p 1329 45 V 16 w(expr)n(ession)g Fn(\))g(*)1162
95 y Fd(f)g Ff(else)e Fl(gr)n(oup)p 1388 95 V 16 w(expr)n(ession)i
Fd(g)f Fn(\\;")1073 203 y(A)18 b(logical)f(expression)j(is)e(of)g(b)q
(o)q(olean)g(t)o(yp)q(e)h(and)f(re-)1031 253 y(quires)d(op)q(erands)f
(of)g(b)q(o)q(olean)f(t)o(yp)q(e.)1073 311 y(The)h Ff(and)f
Fn(and)g Ff(or)g Fn(op)q(erators)i(ha)o(v)o(e)e(their)h(usual)g(logi-)
1031 361 y(cal)f(meaning.)j(The)e(\\)p Fm(==>)p Fn(")e(op)q(erator)i
(is)f(the)h(logical)e(im-)1031 410 y(plication)j(op)q(erator,)i(the)f
(\\)p Fm(<==)p Fn(")f(op)q(erator)i(is)f(the)g(\\im-)1031
460 y(plied)f(b)o(y")g(op)q(erator)g(and)g(the)h(\\)p
Fm(<==>)p Fn(")e(op)q(erator)h(is)g(the)1031 510 y(logical)d(equiv)n
(alence)i(op)q(erator.)1073 568 y(An)g(expression)h(lik)o(e)1198
668 y Ff(if)54 b Fn(\()p Fe(c)1315 674 y Fj(1)1334 668
y Fn(\))41 b Fd(f)p Fe(e)1431 674 y Fj(1)1450 668 y Fn(;)7
b Fd(g)1198 718 y Ff(elsif)39 b Fn(\()p Fe(c)1355 724
y Fj(2)1374 718 y Fn(\))i Fd(f)p Fe(e)1471 724 y Fj(2)1490
718 y Fn(;)7 b Fd(g)1198 767 y Fn(...)1198 817 y Ff(elsif)39
b Fn(\()p Fe(c)1355 823 y Fa(n)1378 817 y Fn(\))i Fd(f)p
Fe(e)1475 823 y Fa(n)1498 817 y Fn(;)7 b Fd(g)1198 867
y Ff(else)40 b Fd(f)p Fe(e)p Fn(;)7 b Fd(g)1031 967 y
Fn(means)18 b(that)g Fe(e)1276 973 y Fa(k)1315 967 y
Fn(should)g(ev)n(aluate)f(to)h Fl(true)g Fn(if)f Fe(k)i
Fn(is)f(the)1031 1016 y(smallest)13 b(in)o(teger)h(suc)o(h)h(that)f
Fe(c)1530 1022 y Fa(k)1565 1016 y Fn(is)g Fl(true)f Fn(and)h(if)f(no)h
(suc)o(h)1031 1066 y Fe(k)i Fn(exists)f(then)g Fe(e)g
Fn(should)f(ev)n(aluate)h(to)f Fl(true)g Fn(\(if)g(the)h
Ff(else)1031 1116 y Fn(clause)g(is)e(presen)o(t\).)1073
1174 y(The)d(\\)p Fm(<:>)p Fn(")e(op)q(erator)j(is)e(the)h(exception)h
(op)q(erator)f(and)1031 1224 y(it)18 b(is)g(used)i(to)e(relate)h(the)g
(abnormal)d(b)q(eha)o(vior)i(de\014ni-)1031 1274 y(tions)d(and)g
(exceptions)i(thro)o(wn.)22 b(F)m(ormally)l(,)12 b(the)k(mean-)1031
1324 y(ing)d(of)h Fl(a)g Fm(<:>)f Fl(b)h Fn(is)1184 1423
y Fl(a)g Fm(==>)f Ff(abnormal)f Fm(&&)1184 1473 y Ff(abnormal)g
Fm(&&)h Fl(b)h Fm(==>)f Fl(a)p Fn(.)1073 1581 y(This)19
b(sa)o(ys)h(that)g(if)f(the)h(left)f(op)q(erand)h(ev)n(aluates)g(to)
1031 1631 y Fl(true)p Fn(,)25 b(then)f(it)e(denotes)j(abnormal)c
(termination.)44 b(It)1031 1681 y(also)17 b(sa)o(ys)g(that)h(in)e(case)
i(of)f(abnormal)e(termination,)h(if)1031 1730 y(the)j(righ)o(t)e(op)q
(erand)i(ev)n(aluates)f(to)g Fl(true)p Fn(,)g(then)h(the)f(left)1031
1780 y(op)q(erand)d(m)o(ust)d(also)i(ev)n(aluate)f(to)h
Fl(true)p Fn(.)1031 1912 y Fb(Bounded)19 b(Quan)n(ti\014cation)1031
1998 y Fn(ADL/C)p Fm(++)12 b Fn(supp)q(orts)i(univ)o(ersal)e(and)h
(existen)o(tial)f(quan-)1031 2048 y(ti\014ers)j(o)o(v)o(er)f(\014nite)g
(domains.)1031 2147 y Fl(quanti\014e)n(d)p 1207 2147
V 17 w(expr)n(ession)g Fn(::=)1162 2197 y(\()g Ff(forall)e
Fd(j)h Ff(exists)f Fn(\))i(\\\(")g Fl(domain)p 1707 2197
V 16 w(list)f Fn(\\\)")1227 2247 y Fl(gr)n(oup)p 1329
2247 V 16 w(expr)n(ession)h Fn(\\;")1031 2347 y Fl(domain)p
1167 2347 V 16 w(list)f Fn(::=)1176 2396 y Fl(domain)h
Fn(\()g(\\,")f Fl(domain)i Fn(\))f(*)1031 2496 y Fl(domain)h
Fn(::=)1176 2546 y Fl(variable)p 1320 2546 V 15 w(de)n(clar)n(ation)e
Fn(\\:")18 b Fl(expr)n(ession)1073 2654 y Fn(Here,)e
Ff(forall)c Fn(and)j Ff(exists)f Fn(denotes)i(univ)o(ersal)e(quan-)1031
2704 y(ti\014cation)32 b(and)h(existen)o(tial)f(quan)o(ti\014cation)g
(resp)q(ec-)p eop
%%Page: 10 10
10 9 bop 37 45 a Fn(tiv)o(ely)m(.)29 b(A)18 b(quan)o(ti\014ed)g
(expression)h(consists)g(of)f(a)f(v)n(ari-)37 95 y(able)c(declaration,)
g(an)g(expression)h(that)f(de\014nes)h(a)f(\014nite)37
145 y(domain)f(\(curren)o(tly)j(only)e(in)o(teger)i(ranges)f(are)g
(allo)o(w)o(ed\))37 195 y(and)j(a)g(group)f(expression.)28
b(The)17 b(t)o(yp)q(e)h(of)e(a)g(quan)o(ti\014ed)37 244
y(expression)g(is)d(b)q(o)q(olean.)37 416 y Fb(Thro)n(wn)20
b(Expressions)37 511 y Fn(This)g(is)e(used)i(to)f(c)o(hec)o(k)i(if)d(a)
h(particular)f(exception)i(is)37 561 y(thro)o(wn)14 b(b)o(y)g(the)h
(function)e(call.)37 660 y Fl(thr)n(own)p 163 660 13
2 v 15 w(expr)n(ession)h Fn(::=)182 710 y Ff(thro)o(wn)e
Fn(\\\(")i Fl(exc)n(eption)p 585 710 V 16 w(names)g Fn(\\\)")37
810 y Fl(exc)n(eption)p 206 810 V 16 w(names)h Fn(::=)182
860 y(IDENTIFIER)f(\()g(\\,")f(IDENTIFIER)h(\))g(*)125
909 y Fd(j)35 b Fn(\\...")79 1017 y(The)23 b(t)o(yp)q(e)g(of)f(a)g
Ff(thro)o(wn)f Fn(expression)j(is)e(b)q(o)q(olean.)37
1067 y(Eac)o(h)14 b(of)e(the)i(iden)o(ti\014ers)f(should)g(b)q(e)g
(declared)h(as)f(an)g(ex-)37 1117 y(ception)i(in)e(the)i(exception)f
(list)g(for)f(this)h(function.)79 1175 y(This)g(expression)g(ev)n
(aluates)g(to)g Fl(true)f Fn(if)g(an)g(exception)37 1225
y(corresp)q(onding)i(to)f(the)h(t)o(yp)q(e)f(of)f(eac)o(h)i(of)e(the)h
(iden)o(ti\014ers)37 1275 y(is)19 b(thro)o(wn.)34 b(Note)20
b(that)f(m)o(ultiple)e(exceptions)j(cannot)37 1325 y(b)q(e)14
b(thro)o(wn)g(b)o(y)f(a)g(C)p Fm(++)g Fn(function.)k(Ho)o(w)o(ev)o(er,)
d(b)q(ecause)h(of)37 1374 y(sub)q(classing,)k(a)e(deriv)o(ed)h(class)g
(exception)g(can)g(also)f(b)q(e)37 1424 y(considered)f(as)f(an)f
(exception)i(of)e(a)g(sup)q(erclass)i(t)o(yp)q(e.)21
b(If)37 1474 y(\\...")e(is)c(used,)g(then)g(the)h(expression)f(ev)n
(aluates)g(to)g Fl(true)37 1524 y Fn(if)f(there)h(is)e(some)h
(exception)g(thro)o(wn.)79 1582 y(This)k(expression)g(is)g(commonly)c
(used)19 b(with)e(the)h(ex-)37 1632 y(ception)e(op)q(erator)g(to)f(sp)q
(ecify)h(what)f(exception)h(can)g(b)q(e)37 1682 y(thro)o(wn)f(under)g
(what)f(conditions)g(in)g(case)h(of)e(abnormal)37 1731
y(b)q(eha)o(vior.)37 1903 y Fb(Unc)n(hanged)20 b(Expressions)37
1998 y Fn(This)15 b(can)f(b)q(e)h(used)h(to)e(sp)q(ecify)h(expressions)
h(whose)f(v)n(al-)37 2048 y(ues)e(are)f(the)g(same)f(b)q(efore)h(and)g
(after)f(a)h(call)f(to)g(the)h(func-)37 2098 y(tion.)37
2197 y Fl(unchange)n(d)p 226 2197 V 18 w(expr)n(ession)i
Fn(::=)182 2247 y Ff(unc)o(hanged)d Fn(\\\(")j Fl(expr)n(ession)p
677 2247 V 15 w(list)f Fn(\\\)")37 2347 y Fl(expr)n(ession)p
225 2347 V 16 w(list)g Fn(::=)168 2396 y Fl(expr)n(ession)h
Fn(\()g(\\,")f Fl(expr)n(ession)h Fn(\))g(*)79 2504 y(The)36
b(t)o(yp)q(e)g(of)f(an)h Ff(unc)o(hanged)d Fn(expression)j(is)37
2554 y(b)q(o)q(olean.)26 b(It)17 b(ev)n(aluates)f(to)h
Fl(true)f Fn(only)g(if)f(the)j(v)n(alues)e(of)37 2604
y(all)e(the)i(expressions)g(listed)f(remain)f(unc)o(hanged)h(b)q(efore)
37 2654 y(and)f(after)g(a)g(call)f(to)g(the)i(function)e(in)g(whose)i
(seman)o(tics)37 2704 y(clause)g(the)f(expression)i(app)q(ears.)1031
45 y Fb(Other)i(ADL)h(Expressions)1031 131 y Fn(The)11
b(other)g(ADL)g(k)o(eyw)o(ords)g Ff(return)p Fn(,)d Ff(normal)h
Fn(and)h Ff(ab-)1031 181 y(normal)20 b Fn(denote)i(the)g(return)g(v)n
(alue)f(of)f(the)i(function)1031 230 y(call,)e(and)g(the)h(predicates)g
(corresp)q(onding)g(to)f(normal)1031 280 y(and)12 b(abnormal)e(b)q(eha)
o(vior)i(for)g(that)g(particular)g(function)1031 330
y(resp)q(ectiv)o(ely)m(.)25 b(Since)16 b(these)h(are)g(prop)q(erties)g
(of)e(the)h(ter-)1031 380 y(mination)e(of)h(the)i(function,)f(they)h
(can)f(not)g(b)q(e)h(used)g(in)1031 430 y(the)e(call-state.)1031
558 y Fb(4.4)56 b(Prepro)r(cessing)1031 644 y Fn(A)13
b(header)g(\014le)f(consisting)g(of)g(function)g(and)g(class)h(decla-)
1031 694 y(rations)d(can)g(b)q(e)h(included)f(using)g(the)g(standard)h
(C)p Fm(++)e Fn(pre-)1031 744 y(pro)q(cessor)22 b(directiv)o(e)e(\(\\)p
Fl(#include)p Fn("\))g(in)f(an)h(ADL/C)p Fm(++)1031 793
y Fn(sp)q(eci\014cation)j(\014le)f(for)f(giving)f(annotations.)41
b(This)22 b(is)1031 843 y(analogous)11 b(to)h(the)h(w)o(a)o(y)f
(function)f(implemen)o(tations)f(are)1031 893 y(dev)o(elop)q(ed)16
b(in)e(C)p Fm(++)p Fn(.)20 b(T)m(o)14 b(facilitate)g(this,)g(an)h
(ADL/C)p Fm(++)1031 943 y Fn(sp)q(eci\014cation)k(is)f(prepro)q(cessed)
j(using)d(some)f(C)p Fm(++)g Fn(pre-)1031 993 y(pro)q(cessor)f(b)q
(efore)e(it)g(is)g(pro)q(cessed)i(b)o(y)d(an)o(y)h(of)f(the)h(ADL)1031
1043 y(to)q(ols.)1031 1192 y Fo(5)67 b(Reusing)23 b(Sp)r
(eci\014cations)1031 1292 y Fn(Sometimes)11 b(the)i(b)q(eha)o(vior)f
(\(p)q(ost-condition\))g(of)g(a)g(func-)1031 1342 y(tion)d(migh)o(t)f
(just)i(b)q(e)h(a)e(simple)f(re\014nemen)o(t)i(of)g(an)f(existing)1031
1392 y(function)14 b(\(b)q(eha)o(vior\).)20 b(But,)15
b(ADL)f(do)q(es)i(not)e(pro)o(vide)g(a)1031 1442 y(w)o(a)o(y)k(to)g(sp)
q(ecify)h(this)f(re\014nemen)o(t)h(directly)m(.)30 b(In)19
b(stead,)1031 1491 y(there)14 b(is)e(a)g(more)f(general)i(construct)h
(to)e(use)h(the)g(seman-)1031 1541 y(tics)k(\(b)q(eha)o(vior)g(sp)q
(eci\014cation\))g(giv)o(en)g(in)f(ADL/C)p Fm(++)g Fn(of)1031
1591 y(a)c(function)f(while)g(giving)g(the)h(seman)o(tics)f(of)h(other)
g(func-)1031 1641 y(tions.)1031 1741 y Fl(b)n(ehavior)p
1183 1741 V 16 w(expr)n(ession)i Fn(::=)1176 1790 y Ff(b)q(eha)o(vior)e
Fn(\\\(")h Fd(f)h Fl(sele)n(ctor)p 1615 1790 V 14 w(expr)p
1706 1790 V 16 w(pr)n(e\014x)29 b Fd(g)1372 1840 y Fn(IDENTIFIER)14
b Fm(<)f Fd(f)h Fl(p)n(ar)n(am)p 1822 1840 V 15 w(list)f
Fd(g)1358 1890 y(f)h Fn(:)k Fl(expr)n(ession)c Fd(g)f
Fm(>)1031 1990 y Fl(sele)n(ctor)p 1170 1990 V 15 w(expr)p
1262 1990 V 15 w(pr)n(e\014x)h Fn(::=)1176 2039 y Fl(expr)n(ession)g
Fn(\()g(\\.")j Fd(j)d Fn(\\)p Fm(->)p Fn(")f(\))1073
2098 y(The)i(b)q(eha)o(vior)f(op)q(erator)h(requires)h(a)f(function)f
(name)1031 2147 y(and)d(v)n(alues)f(for)h(parameters)f(and)h(a)f(v)n
(alue)g(to)h(denote)g(the)1031 2197 y(return)i(v)n(alue)d(of)h(a)g
(call)f(to)h(the)h(function)f(with)f(those)i(v)n(al-)1031
2247 y(ues.)27 b(The)17 b(actual)f(parameters)h(migh)o(t)d(also)i
(include)h(\(a)1031 2297 y(p)q(oin)o(ter)e(to\))g(the)g(ob)r(ject)g(in)
f(the)h(case)h(of)e(mem)o(b)q(er)f(func-)1031 2347 y(tions.)26
b(The)17 b(syn)o(tax)f(is)h(v)o(ery)f(close)h(to)g(a)f(function)g
(call,)1031 2396 y(so)e(for)g(mem)o(b)q(ers,)f(the)h(ob)r(ject)h(\(or)f
(p)q(oin)o(ter\))h(is)f(supplied)1031 2446 y(using)g(the)g(appropriate)
g(mem)o(b)q(er)f(selector)i(op)q(erator.)1073 2504 y(In)20
b(\\)p Fe(behav)q(ior)q Fn(\()p Fe(a:f)t Fn(\))p Fm(<)q
Fe(ar)q(g)1485 2510 y Fj(1)1503 2504 y Fe(;)7 b(:::;)g(ar)q(g)1639
2510 y Fa(n)1671 2504 y Fn(:)k Fe(r)q(etV)e(al)q Fm(>)p
Fn(",)21 b(the)1031 2554 y(t)o(yp)q(es)16 b(of)f(the)h(expressions)h
Fe(ar)q(g)1544 2560 y Fj(1)1562 2554 y Fe(;)7 b(:::;)g(ar)q(g)1698
2560 y Fa(n)1733 2554 y Fn(ob)q(ey)15 b(all)f(the)1031
2604 y(rules)k(that)f(the)h(t)o(yp)q(es)f(of)g(actual)g(parameters)g
(to)f Fe(f)22 b Fn(do)1031 2654 y(and)13 b(the)h(t)o(yp)q(e)f(of)f
Fl(r)n(etV)m(al)g Fn(should)h(b)q(e)g(the)h(return)g(t)o(yp)q(e)g(of)
1031 2704 y Fe(f)t Fn(.)19 b(The)14 b(t)o(yp)q(e)h(of)e(a)h(b)q(eha)o
(vior)f(expression)i(is)f(b)q(o)q(olean.)p eop
%%Page: 11 11
11 10 bop 79 45 a Fn(\\)p Fe(behav)q(ior)q Fn(\()p Fe(a:f)t
Fn(\))p Fm(<)q Fe(ar)q(g)433 51 y Fj(1)451 45 y Fe(;)7
b(:::;)g(ar)q(g)587 51 y Fa(n)619 45 y Fn(:)k Fe(r)q(etV)e(al)q
Fm(>)p Fn(")42 b(ev)n(alu-)37 95 y(ates)17 b(to)e Fl(true)g
Fn(i\013)g(the)h(seman)o(tics)f(clause)h(corresp)q(onding)37
145 y(to)g(the)f(\(mem)o(b)q(er\))f(function)h Fl(f)g
Fn(of)f Fe(a)i Fn(do)q(es,)f(when)h(ev)n(alu-)37 195
y(ated)d(in)f(the)h(scop)q(e)h(in)e(whic)o(h)g(it)g(is)g(sp)q
(eci\014ed,)i(b)o(y)e(setting)37 244 y(the)17 b(v)n(alues)f(of)f(its)i
(n)f(parameters)g(to)g Fe(ar)q(g)718 250 y Fj(1)736 244
y Fe(;)7 b(:::;)g(ar)q(g)872 250 y Fa(n)908 244 y Fn(re-)37
294 y(sp)q(ectiv)o(ely)m(,)17 b(and)e(setting)h(the)h(v)n(alue)e(of)g
Ff(return)f Fn(to)h Fl(r)n(et-)37 344 y(V)m(al)p Fn(.)79
402 y(Consider)25 b(the)g(follo)o(wing)c(sp)q(eci\014cation)26
b(of)d(a)h Fl(Sort)37 452 y Fn(function)14 b(:)37 555
y Fm(specification)20 b(SortSpec)37 605 y({)103 655 y(typedef)g(Record)
h(RecordArray[100])o(;)103 754 y(RecordArray)e(Sort\(RecordArray)g
(records\))103 804 y(semantics)h({)168 854 y(//)i(First)e(say)i(it)f
(is)g(a)h(permutation)168 904 y(IsPermutation\(retur)o(n,)d(records\);)
168 1003 y(//)j(Then)f(say)g(that)g(the)g(return)f(value)168
1053 y(//)43 b(has)22 b(keys)f(in)g(nondescending)e(order)168
1103 y(forall)i(\(int)g(i)g(:)h(int_range\(0,)495 1153
y(size\(records\))d(-)j(2\)\))168 1202 y({)234 1252 y(return[i].key)d
(<=)452 1302 y(return[i)h(+)h(1].key;)168 1352 y(};)103
1402 y(};)37 1452 y(};)79 1555 y Fn(No)o(w)16 b(consider)h(a)g(stable)f
(sort)h(function,)g Fl(i.e.)p Fn(,)f(a)g(sort)37 1604
y(function)h(whic)o(h)g(preserv)o(es)i(the)f(relativ)o(e)f(order)h(of)e
(ele-)37 1654 y(men)o(ts)11 b(with)f(equal)h(k)o(eys)g(after)h
(sorting.)k(A)11 b(sp)q(eci\014cation)37 1704 y(for)k(this)g(function)g
(can)g(b)q(e)h(written)g(as)f(a)f(re\014nemen)o(t)i(of)37
1754 y(the)g(sort)g(function)f(to)g(sa)o(y)f(that)i(it)e(sorts)i(and)f
(also)g(pre-)37 1804 y(serv)o(es)d(the)f(order)h(of)d(elemen)o(ts)h
(with)g(equal)g(k)o(eys.)18 b(In)10 b(this)37 1853 y(case,)i(the)e(sp)q
(eci\014cation)g Fl(StableSort)g Fn(will)e(b)q(e)j(concise)f(and)37
1903 y(in)o(tuitiv)o(e)g(if)g(it)g(can)h(b)q(e)h(written)f(using)f(the)
i(existing)e(p)q(ost-)37 1953 y(condition)16 b(for)g
Fl(Sort)g Fn(in)g(the)h(spirit)f(of)g(reuse)i(supp)q(orted)37
2003 y(b)o(y)13 b(C)p Fm(++)f Fn(b)o(y)h(w)o(a)o(y)f(of)g(inheritance.)
19 b(This)13 b(can)g(b)q(e)g(done)g(as)37 2053 y(follo)o(ws)g(:)37
2156 y Fm(with)21 b([SortSpec])37 2205 y(specification)f(NewSortSpec)37
2255 y({)103 2305 y(RecordArray)f(StableSort\(RecordAr)o(ray)713
2355 y(records\))103 2405 y(semantics)h({)168 2455 y(//)i(It)f(behaves)
f(like)h(Sort.)168 2504 y(behavior\(Sort\))e(;)
168 2604 y(//)g(Relative)e(order)h(of)g(elements)168
2654 y(//)h(with)f(equal)42 b(key)21 b(is)h(preserved.)168
2704 y(forall)f(\(int)g(i,)g(j)h(:)f(int_range\(0,)1424
45 y(size\(records\))e(-)i(1\)\))1162 95 y({)1227 145
y(if)h(\(i)f(<)h(j)f(&&)h(records[i].key)d(==)1511 195
y(records[j].key\))1227 244 y({)1293 294 y(exists)h(\(int)h(m,)h(n)f(:)
h(int_range\()1424 344 y(0,)f(size\(records\))e(-)j(1\)\))1293
394 y({)1358 444 y(m)g(<)f(n)h(&&)1358 493 y(records[i])e(==)h
(return[m])f(&&)1358 543 y(records[j])g(==)h(return[n];)1293
593 y(};)1227 643 y(};)1162 693 y(};)1097 742 y(};)1031
792 y(};)1073 876 y Fn(As)11 b(the)g(expression)h(language)e(of)h
(ADL/C)p Fm(++)e Fn(includes)1031 926 y(C)p Fm(++)14
b Fn(expression)g(language,)f(a)g(function)h(call)f(in)g(a)h(sp)q(ec-)
1031 976 y(i\014cation)f(refers)h(to)f(its)g(implemen)o(tatio)o(n,)d
(not)j(the)h(sp)q(ec-)1031 1025 y(i\014cation.)j(Since)c(some)e
(function)i(implem)o(en)o(tations)d(can)1031 1075 y(ha)o(v)o(e)18
b(side-e\013ects,)k(it)c(ma)o(y)e(not)j(b)q(e)g(correct)h(to)e(in)o(v)o
(ok)o(e)1031 1125 y(function)13 b(implem)o(en)o(tations.)i(In)e(those)g
(cases,)h(b)q(eha)o(vior)1031 1175 y(expression)h(can)f(b)q(e)h(v)o
(ery)f(useful.)1073 1233 y(Another)23 b(situation)e(where)j(this)e
(will)f(b)q(e)i(useful)f(is)1031 1283 y(when)13 b(one)g(class)g(con)o
(tains)f(ob)r(jects)i(of)e(some)f(other)j(class)1031
1333 y(and)e(uses)h(the)f(con)o(tained)g(class)g(metho)q(ds)f(to)h
(implem)o(en)o(t)1031 1382 y(its)k(o)o(wn)e(metho)q(ds.)22
b(Then)16 b(the)g(sp)q(eci\014cations)g(cab)g(also)1031
1432 y(b)q(e)d(written)h(using)e(the)h(sp)q(eci\014cations)h(of)e(the)h
(con)o(tained)1031 1482 y(ob)r(jects)19 b(using)e(the)h(b)q(eha)o(vior)
f(expression.)30 b(This)17 b(giv)o(es)1031 1532 y(mo)q(dularit)o(y)f
(to)i(sp)q(eci\014cations)i(similar)15 b(to)k(the)g(mo)q(du-)1031
1582 y(larit)o(y)13 b(of)g(implemen)o(tations)e(as)j(supp)q(orted)h(b)o
(y)f(C)p Fm(++)p Fn(.)1073 1640 y(F)m(or)21 b(example,)g(consider)h(a)f
(bank)g(class)h(whic)o(h)f(has)1031 1690 y(metho)q(ds)d(to)g(dep)q
(osit)g(to)g(and)g(withdra)o(w)f(from)f(an)i(ac-)1031
1739 y(coun)o(t)e(giv)o(en)e(the)i(accoun)o(t)f(n)o(um)o(b)q(er.)21
b(Using)15 b(the)h(previ-)1031 1789 y(ously)e(sp)q(eci\014ed)i
Fl(A)n(c)n(c)n(ount)e Fn(class,)g(a)g(sp)q(eci\014cation)h(of)e(the)
1031 1839 y(bank's)h(dep)q(osit)g(metho)q(d)f(can)h(b)q(e)h(giv)o(en)e
(as)h(:)1031 1923 y Fm(with)21 b([AccountSpec])1031 1972
y(specification)e(Bank)i({)1097 2022 y(class)f(Bank)h({)1162
2072 y(Deposit\(int)f(acNum,)g(long)h(amt\))1227 2122
y(throw\(int)f(acNotFound\))1162 2172 y(semantics)g({)1227
2221 y(assign)h(Account)f(*acPtr)h(with)1336 2271 y(acPtr)g(=)h
(GetAccount\(acNum)o(\);)1227 2321 y(if)g(\(normal\))e({)1293
2371 y(behavior\()1358 2421 y(acPtr->Deposit\);)1227
2471 y(};)1162 2520 y(};)1097 2570 y(})1031 2620 y(};)1073
2704 y Fn(This)e(sp)q(eci\014cation)g(just)g(sa)o(ys)h(that)f(the)g
(bank's)g(de-)p eop
%%Page: 12 12
12 11 bop 37 45 a Fn(p)q(osit)25 b(metho)q(d)f(merely)f(lo)q(cates)i
(the)g(accoun)o(t)g(corre-)37 95 y(sp)q(onding)c(to)f(the)h(giv)o(en)f
(accoun)o(t)h(n)o(um)o(b)q(er)e(and)i(then)37 145 y(the)d(amoun)o(t)c
(is)i(dep)q(osited)i(in)o(to)e(the)h(lo)q(cated)f(accoun)o(t.)37
195 y(It)k(also)f(thro)o(ws)h(an)f(exception)h(if)f(it)g(can)g(not)h
(\014nd)f(an)37 244 y(accoun)o(t)c(with)e(a)h(giv)o(en)f(n)o(um)o(b)q
(er.)79 302 y(An)20 b(adv)n(an)o(tage)g(with)g(this)g(sp)q
(eci\014cation)h(is)g(that)f(if)37 352 y(later)e(on)g(some)f(subt)o(yp)
q(es)i(are)f(added)g(to)g(the)g Fl(A)n(c)n(c)n(ount)37
402 y Fn(class,)26 b(sa)o(y)d(something)g(lik)o(e)f(an)h(accoun)o(t)h
(with)f(o)o(v)o(er-)37 452 y(draft)d(protection,)i(the)f(bank)f(sp)q
(eci\014cation)g(need)h(not)37 502 y(b)q(e)14 b(rewritten,)g(m)o(uc)o
(h)e(lik)o(e)h(C)p Fm(++)f Fn(implemen)o(tation)e(of)j(the)37
552 y Fl(Bank)k Fn(class)f(need)h(not)f(b)q(e)g(rewritten)i(\(if)d(it)g
(is)h(prop)q(erly)37 601 y(implemen)o(ted\).)37 746 y
Fo(6)67 b(T)-6 b(esting)23 b(and)g(V)-6 b(alidation)37
846 y Fn(One)14 b(of)d(the)i(imp)q(ortan)o(t)e(b)q(ene\014ts)j(of)e
(writing)f(ADL/C)p Fm(++)37 896 y Fn(sp)q(eci\014cations)18
b(is)f(automatic)e(test-v)n(alidation.)25 b(A)17 b(C)p
Fm(++)37 945 y Fn(implemen)o(tation)9 b(can)j(b)q(e)h(tested)h(b)o(y)d
(giving)g(it)h(a)f(sample)37 995 y(input)18 b(data)g(and)g(then)h(the)f
(test)h(can)g(b)q(e)f(v)n(alidated)f(to)37 1045 y(see)g(if)d(it)h(is)g
(a)g(success)i(or)e(failure)g(using)f(the)i(ADL/C)p Fm(++)37
1095 y Fn(sp)q(eci\014cation.)79 1153 y(A)o(t)g(presen)o(t,)i(only)d
(unit)h(testing)h(of)e(\(mem)o(b)q(er\))g(func-)37 1203
y(tions)e(is)g(supp)q(orted.)19 b(Giv)o(en)13 b(a)g(function)g
(declaration)f(to)37 1253 y(b)q(e)k(tested)g(along)d(with)h(a)g(sample)
g(data,)f(the)j(v)n(alidation)37 1302 y(can)f(b)q(e)f(done)g(in)g(the)g
(follo)o(wing)d(steps.)79 1399 y Fd(\017)21 b Fn(Store)13
b(the)h(v)n(alues)f(of)g(all)f(the)i(parameters)f(that)h(are)121
1449 y(referred)k(to)f(in)f(the)h(seman)o(tics)g(part)g(of)f(the)h
(func-)121 1499 y(tion's)c(b)q(eha)o(vior)g(sp)q(eci\014cation.)79
1581 y Fd(\017)21 b Fn(Ev)n(aluate)9 b(all)f(the)i(call-state)f
(expressions)i(using)f(the)121 1631 y(giv)o(en)e(sample)g(input)h(data)
g(and)h(store)g(them)e(in)h(tem-)121 1681 y(p)q(orary)14
b(v)n(ariables.)79 1763 y Fd(\017)21 b Fn(In)o(v)o(ok)o(e)10
b(the)h(function)f(with)g(the)h(giv)o(en)f(sample)g(data)121
1813 y(to)j(get)h(an)o(y)g(return)h(v)n(alues.)79 1895
y Fd(\017)21 b Fn(Ev)n(aluate)12 b(the)h(predicates)h(for)e(normal)f
(and)i(abnor-)121 1944 y(mal.)j(If)d(neither)i(one)f(ev)n(aluates)g(to)
g Fl(true)p Fn(,)f(then)i(the)121 1994 y(test)f Fl(faile)n(d)p
Fn(.)79 2076 y Fd(\017)21 b Fn(Using)d(the)h(stored)h(parameter)e(v)n
(alues,)h(call-state)121 2126 y(v)n(alues)e(and)g(the)h(return)g(v)n
(alue,)f(ev)n(aluate)g(eac)o(h)h(of)121 2176 y(the)h(expressions)h
(that)e(is)g(giv)o(en)g(in)g(the)h(b)q(eha)o(vior)121
2226 y(sp)q(eci\014cations.)79 2308 y Fd(\017)i Fn(If)8
b(an)o(y)h(of)g(the)h(expressions)h(ev)n(aluates)e(to)g
Fl(false)p Fn(,)h(then)121 2357 y(the)k(test)i Fl(faile)n(d)p
Fn(,)d(that)i(is,)e(the)i(\(C)p Fm(++)p Fn(\))f(implemen)o(ta-)121
2407 y(tion)i(do)q(es)i(not)f(satisfy)g(the)h(ADL/C)p
Fm(++)e Fn(sp)q(eci\014ca-)121 2457 y(tion)11 b(for)h(that)g
(particular)f(input)h(data.)17 b(Otherwise,)121 2507
y(the)d(test)h Fl(suc)n(c)n(e)n(e)n(de)n(d)p Fn(.)79
2604 y(In)o(tuitiv)o(ely)f(this)i(means)e(that)i(an)o(y)f(test)h
(should)f(con-)37 2654 y(form)d(to)i(either)g(normal)d(or)j(abnormal)d
(b)q(eha)o(vior,)i(if)f(not)37 2704 y(there)i(is)d(something)g(wrong)g
(with)h(the)g(implemen)o(tation,)1031 45 y(that)g(is,)g(it)g(is)g
(either)g(returning)h(a)f(v)n(alue)f(or)h(thro)o(wing)f(an)1031
95 y(exception)j(that)f(it)f(is)h(not)g(supp)q(osed)h(to.)k(In)13
b(addition,)e(a)1031 145 y(test)16 b(migh)o(t)d(fail)g(b)q(ecause)k(it)
d(did)g(not)h(cause)h(the)f(appro-)1031 195 y(priate)f(state)h(c)o
(hange)f(that)g(it)g(is)f(supp)q(osed)j(to)d(cause.)1073
253 y(F)m(or)h(example,)f(consider)i(the)g(follo)o(wing)d(\(wrong\))i
(im-)1031 302 y(plemen)o(tation)g(of)g(the)i Fl(A)n(c)n(c)n(ount)g
Fn(class)f(whose)h(sp)q(eci\014ca-)1031 352 y(tion)e(is)f(giv)o(en)h
(in)f(Figure)h(2.)1031 449 y Fm(#include)20 b("account.hh")1031
548 y(void)h(Account::Deposit\(l)o(ong)e(amount\))1140
598 y(throw\(Account::Neg)o(ative)o(Amoun)o(t)g(na\))1031
648 y({)1097 698 y(balance)h(=)i(balance)e(+)h(i;)1031
748 y(})1031 847 y(void)g(Account::Withdraw\()o(long)d(i\))k(throw)1140
897 y(\(Account::Negative)o(Amoun)o(t)d(na,)1162 947
y(Account::Insuffic)o(ientF)o(unds)f(isf\))1031 997 y({)1097
1046 y(if)j(\(i)g(>=)h(balance\))1162 1096 y(throw)f(Account::Negativ)o
(eAmou)o(nt;)1097 1196 y(if)g(\(i)g(>=)h(balance\))1162
1246 y(throw)f(Account::Insuffi)o(cient)o(Funds)o(;)1097
1345 y(balance)f(==)h(balance)g(-)g(i;)1031 1395 y(})1073
1491 y Fn(As)10 b(it)g(can)g(b)q(e)h(seen,)h(the)e Fl(A)n(c)n(c)n
(ount::Withdr)n(aw)g Fn(metho)q(d)1031 1541 y(is)18 b(wrong)f(b)q
(ecause)j(it)d(do)q(es)i(not)f(up)q(date)g(the)g(balance.)1031
1591 y(This)i(is)g(not)g(an)g(unlik)o(ely)f(error)i(b)q(ecause)g(of)f
(the)g(lex-)1031 1641 y(ical)e(similarit)o(y)d(b)q(et)o(w)o(een)20
b(the)e(C)p Fm(++)g Fn(op)q(erators)h Fm(==)f Fn(and)1031
1691 y Fm(=)p Fn(.)g(Similarly)10 b(the)k Fl(A)n(c)n(c)n(ount::Dep)n
(osit)g Fn(metho)q(d)f(is)g(wrong)1031 1741 y(b)q(ecause)18
b(it)e(do)q(es)g(not)g(c)o(hec)o(k)h(for)f(the)g(v)n(alue)g(of)f
Fl(amount)1031 1790 y Fn(b)q(eing)c(negativ)o(e)f(in)g(whic)o(h)h(case)
g(it)f(is)h(supp)q(osed)h(to)e(thro)o(w)1031 1840 y(and)k(exception.)
1073 1898 y(No)o(w,)i(an)o(y)g(test)i(for)e(the)h Fl(Withdr)n(aw)f
Fn(metho)q(d)g(with)g(a)1031 1948 y(nonnegativ)o(e)k(amoun)o(t)f(will)g
(mak)o(e)g(its)h(p)q(ost-condition)1031 1998 y(false,)15
b(and)g(th)o(us)h(can)f(b)q(e)h(classi\014ed)g(as)f(a)g(failure.)21
b(Ev)o(en)1031 2048 y(though)d(this)h(ma)o(y)d(b)q(e)j(a)g(simple)d
(bug)j(to)f(catc)o(h,)i(there)1031 2098 y(migh)o(t)i(b)q(e)i(other)g
(examples)f(where)i(there)g(migh)o(t)c(b)q(e)1031 2147
y(hard-to-catc)o(h)14 b(bugs)f(that)h(can)f(b)q(e)h(detected)i(b)o(y)d
(testing)1031 2197 y(with)f(appropriate)h(test)g(data)f(\(and)h(a)f
(correct)i(sp)q(eci\014ca-)1031 2247 y(tion\).)25 b(Similarly)l(,)13
b(a)j(test)i(of)d Fl(A)n(c)n(c)n(ount::Dep)n(osit)h Fn(with)g(a)1031
2297 y(negativ)o(e)d(v)n(alue)e(for)i Fl(amount)g Fn(will)e(fail)g(b)q
(ecause)j(the)f(\014rst)1031 2347 y(assertion)18 b(in)e(the)h(seman)o
(tics)f(fails)f(b)q(ecause)k Fl(amount)e Fn(is)1031 2396
y(negativ)o(e)k(and)f(the)i(function)e(did)h(not)f(terminate)g(ab-)1031
2446 y(normally)13 b(\(as)i(the)h Fl(Ne)n(gativeA)o(mount)f
Fn(exception)h(is)f(not)1031 2496 y(thro)o(wn\).)1073
2554 y(Th)o(us,)c(an)g(ADL/C)p Fm(++)f Fn(sp)q(eci\014cation)i(giv)o
(es)f(some)f(kind)1031 2604 y(of)16 b(formal)f(basis)h(for)h(test)h(v)n
(alidation)c(rather)k(than)e(the)1031 2654 y(tester)e(deciding)e
(whether)h(the)g(test)g(failed)e(or)h(succeeded)1031
2704 y(based)g(on)f(some)f(informal)e(sp)q(eci\014cation.)18
b(It)11 b(is)f(also)h(p)q(os-)p eop
%%Page: 13 13
13 12 bop 37 45 a Fn(sible)14 b(to)f(giv)o(e)f(a)h(more)f
(\014ne-grained)i(test)g(rep)q(ort)g(in)f(case)37 95
y(of)g(a)g(failure,)f(b)o(y)h(lo)q(oking)f(at)h(the)h(individual)d
(predicates)37 145 y(that)j(ha)o(v)o(e)g(failed)f(for)h(a)f(particular)
h(test)h(data.)79 203 y(Since)i(ADL/C)p Fm(++)f Fn(is)g(v)o(ery)h
(close)h(to)e(C)p Fm(++)p Fn(,)h(it)f(is)g(rela-)37 253
y(tiv)o(ely)e(easy)h(to)f(generate)h(co)q(de)h(from)c(ADL/C)p
Fm(++)h Fn(sp)q(eci-)37 302 y(\014cations)f(that)f(can)h(used)g(for)f
(automating)e(the)j(test)g(v)n(ali-)37 352 y(dation)f(pro)q(cess.)19
b(This)11 b(has)g(the)h(adv)n(an)o(tage)e(that)i(a)f(large)37
402 y(n)o(um)o(b)q(er)g(of)g(tests)i(can)f(b)q(e)g(run)g(automatically)
d(whenev)o(er)37 452 y(an)h(implemen)o(tation)d(is)j(mo)q(di\014ed.)15
b(Detailed)10 b(rep)q(orts)i(for)37 502 y(failed)g(tests)h(can)g(also)e
(b)q(e)i(generated)h(whic)o(h)e(can)g(help)h(in)37 552
y(quic)o(kly)e(lo)q(cating)f(the)h(problem)f(in)g(the)i(implemen)o
(tati)o(on)37 601 y(that)i(caused)h(the)g(test)g(failures.)79
659 y(When)30 b(testing)g(using)g(ADL/C)p Fm(++)f Fn(sp)q
(eci\014cations,)37 709 y(there)13 b(could)e(b)q(e)i(calls)e(to)g
(constructors,)i(assignmen)o(t)e(op-)37 759 y(erators)j(and)e(cop)o(y)h
(constructors.)20 b(Hence,)13 b(users)h(should)37 809
y(k)o(eep)19 b(these)h(relativ)o(ely)d(simple)g(and)h(clean,)h
(otherwise,)37 859 y(the)14 b(testing)f(migh)o(t)e(b)q(ecome)i
(ine\016cien)o(t)g(and)g(imprecise.)79 917 y(A)o(t)k(presen)o(t,)h(the)
f(test)h(data)e(has)h(to)g(b)q(e)g(supplied)f(b)o(y)37
967 y(the)h(user.)25 b(W)m(e)16 b(are)g(curren)o(tly)h(w)o(orking)e(on)
h(coming)e(up)37 1016 y(with)c(a)g(language)f(lik)o(e)h(TDD)f([8)o(])h
(to)g(sp)q(ecify)h(test)g(data)f(for)37 1066 y(testing)17
b(C)p Fm(++)f Fn(mem)o(b)q(er)e(functions.)25 b(In)16
b(fact,)g(to)g(a)g(large)37 1116 y(exten)o(t,)e(TDD)f(itself)g(can)h(b)
q(e)g(used)g(to)f(sp)q(ecify)h(test)h(data)37 1166 y(for)f(C)p
Fm(++)f Fn(functions)h(as)g(w)o(ell.)79 1224 y(W)m(e)i(are)h(also)f(lo)
q(oking)f(at)h(w)o(a)o(ys)g(to)h(generate)g(\\in)o(ter-)37
1274 y(esting")10 b(test)h(data)e(from)f(ADL/C)p Fm(++)h
Fn(sp)q(eci\014cations.)18 b(F)m(or)37 1324 y(simple)e(data)h(t)o(yp)q
(es,)i(it)e(seems)g(to)h(b)q(e)g(v)o(ery)f(feasible)g(to)37
1373 y(automatically)f(generate)k(reasonable)g(test)g(data.)33
b(F)m(or)37 1423 y(example,)15 b(in)h(the)g Fl(A)n(c)n(c)n(ount::Dep)n
(osit)g Fn(metho)q(d,)g(a)f(nega-)37 1473 y(tiv)o(e)h(v)n(alue)f(for)g
(the)h(parameter)f(is)g(in)o(teresting)h(b)q(ecause)37
1523 y(it)i(can)h(cause)g(an)f(exception)h(to)f(b)q(e)g(thro)o(wn.)31
b(So,)19 b(an)o(y)37 1573 y(reasonable)d(test)g(data)f(should)f(ha)o(v)
o(e)h(at)g(least)g(one)g(suc)o(h)37 1623 y(v)n(alue)f(for)f
Fl(amount)p Fn(.)37 1780 y Fo(7)67 b(Comparison)f(and)h(Related)138
1855 y(W)-6 b(ork)37 1956 y Fn(A)p Fm(++)13 b Fn([1])f(is)h(a)g
(language)f(for)h(annotating)f(C)p Fm(++)g Fn(programs)37
2006 y(with)g(seman)o(tics)f(constrain)o(ts.)18 b(This)12
b(is)f(close)i(to)e(ADL)h(in)37 2056 y(spirit)h(in)g(that)g(it)f(uses)j
(\(mostly\))c(C)p Fm(++)i Fn(syn)o(tax)f(for)h(doing)37
2106 y(this.)27 b(But,)18 b(unlik)o(e)e(ADL,)g(A)p Fm(++)g
Fn(pro)o(vides)h(facilities)f(for)37 2156 y(writing)e(complex)f(sp)q
(eci\014cations,)i(lik)o(e)e(legal)h(v)n(alues)g(for)37
2205 y(datat)o(yp)q(es,)f(axioms)d(de\014ning)j(classes)g(i)p
Fl(etc.)k Fn(Dev)o(eloping)37 2255 y(an)o(y)11 b(practically)g(usable)g
(to)q(ols)g(using)g(A)p Fm(++)g Fn(is)g(am)o(bitious,)37
2305 y(b)q(ecause)20 b(sp)q(eci\014cations)e(could)f(range)h(from)d
(high-lev)o(el)37 2355 y(axioms)e(for)i(classes)h(to)f(lo)o(w-lev)o(el)
f(assertions)i(for)f(state-)37 2405 y(men)o(ts.)29 b(On)18
b(the)g(other)h(hand,)e(w)o(e)h(ha)o(v)o(e)g(started)h(with)37
2455 y(the)g(mo)q(dest)e(goal)f(of)h(asso)q(ciating)g(b)q(eha)o(vior)g
(sp)q(eci\014ca-)37 2504 y(tions)22 b(to)f(functions.)40
b(This)22 b(is)f(sho)o(wn)g(to)g(b)q(e)h(ac)o(hiev-)37
2554 y(able)d(and)f(v)o(ery)g(useful)h(b)o(y)f(the)h(success)i(of)c
(ADL)m(T)h(us-)37 2604 y(ing)d(ADL/C.)f(So,)h(ha)o(v)o(e)h(w)o(e)f
(adopted)h(a)f(similar)e(frame-)37 2654 y(w)o(ork)h(for)f(C)p
Fm(++)g Fn(and)g(are)h(building)e(on)i(top)f(of)g(this)g(to)h(in-)37
2704 y(cremen)o(tally)h(supp)q(ort)h(sp)q(eci\014cation)g(of)e(other)i
(features)1031 45 y(of)i(C)p Fm(++)p Fn(,)h(lik)o(e)f(classes)i(and)f
(inheritance.)33 b(It)19 b(has)g(b)q(een)1031 95 y(demonstrated)c(b)o
(y)f(our)h(seman)o(tic)f(constrain)o(ts)h(on)f(non-)1031
145 y(static)20 b(virtual)e(functions,)j(that)e(it)g(is)g(p)q(ossible)h
(to)f(de-)1031 195 y(v)o(elop)g(ADL/C)p Fm(++)g Fn(for)g(sp)q(ecifying)
g(the)h(more)e(complex)1031 244 y(features)f(of)e(C)p
Fm(++)f Fn(with)h(this)h(simple)e(idea)h(as)g(the)h(basis.)1031
294 y(The)f(A)p Fm(++)f Fn(annotations)f(are)i Fl(intrusive)p
Fn(,)e Fl(i.e.)p Fn(,)g(em)o(b)q(edded)1031 344 y(within)21
b(programs,)g(making)d(it)j(di\016cult)f(to)h(use)h(with)1031
394 y(pre-compiled)10 b(libraries.)17 b(ADL/C)p Fm(++)10
b Fn(sp)q(eci\014cations)j(are)1031 444 y Fl(non-intrusive)j
Fn(and)g(hence)h(can)f(b)q(e)g(used)h(for)e(sp)q(eci\014ca-)1031
493 y(tion)f(ev)o(en)g(when)h(the)f(source)h(co)q(de)g(is)f(not)f(a)o
(v)n(ailable.)1073 552 y(The)g(other)h(e\013ort)g(with)e(similar)f
(goals)h(that)h(w)o(e)g(kno)o(w)1031 601 y(of)g(is)g(Larc)o(h/C)p
Fm(++)f Fn([5)o(].)18 b(This)13 b(is)g(a)f(mem)o(b)q(er)g(of)g(the)i
(Larc)o(h)1031 651 y(family)9 b(of)h(languages.)17 b(This)11
b(supp)q(orts)i(t)o(w)o(o-tiered)f(sp)q(ec-)1031 701
y(i\014cations.)29 b(First)18 b(the)g(abstract)h(v)n(alues)e(are)h
(describ)q(ed)1031 751 y(in)e(the)h(larc)o(h)f(shared)i(language)d
(LSL.)h(Then)h(the)g(sp)q(ec-)1031 801 y(i\014cations)23
b(of)f(classes)i(are)f(giv)o(en)f(in)g(Hoare-st)o(yle)h(pre)1031
850 y(and)16 b(p)q(ost-conditions)g(for)g(mem)o(b)q(er)f(functions.)25
b(In)16 b(our)1031 900 y(opinion,)11 b(this)i(is)f(a)g(burdensome)h
(pro)q(cess)h(esp)q(ecially)e(for)1031 950 y(practitioners)g(who)f(w)o
(an)o(t)g(to)g(use)h(formal)c(sp)q(eci\014cations,)1031
1000 y(b)q(ecause)18 b(sp)q(eci\014cations)g(ha)o(v)o(e)e(to)g(b)q(e)h
(written)g(in)f(a)g(dif-)1031 1050 y(feren)o(t)e(language)e(with)g
(totally)g(di\013eren)o(t)i(seman)o(tics.)j(In)1031 1099
y(ADL)g(also)f(the)h(language)f(is)h(di\013eren)o(t,)h(but)f(it)f(is)h
(built)1031 1149 y(around)h(C)p Fm(++)f Fn(and)g(w)o(e)h(made)e(it)h(a)
g(p)q(oin)o(t)g(to)g(in)o(tro)q(duce)1031 1199 y(as)f(little)g(new)g
(notation)f(as)h(p)q(ossible.)25 b(W)m(e)16 b(should)g(also)1031
1249 y(p)q(oin)o(t)f(out)g(that)h(Larc)o(h)f(has)h(a)f(large)f
(collection)h(of)g(LSL)1031 1299 y(traits)22 b(whic)o(h)f(can)h(b)q(e)g
(used)g(to)g(describ)q(e)h(most)d(com-)1031 1349 y(monly)c(o)q
(ccurring)i(data)g(structures.)32 b(Ho)o(w)o(ev)o(er,)19
b(to)e(b)q(e)1031 1398 y(able)f(to)g(pic)o(k)f(the)i(correct)g(trait,)f
(one)g(needs)i(to)d(under-)1031 1448 y(stand)i(the)h(seman)o(tics)e
(that)h(describ)q(e)i(the)e(b)q(eha)o(vior)g(of)1031
1498 y(the)e(trait.)1073 1556 y(T)m(o)10 b(the)i(b)q(est)g(of)f(our)g
(kno)o(wledge,)g(there)i(is)e(no)g(supp)q(ort)1031 1606
y(for)e(testing)h(C)p Fm(++)f Fn(implemen)o(tations)e(against)h(Larc)o
(h/C)p Fm(++)1031 1656 y Fn(sp)q(eci\014cations.)42 b(Larc)o(h)22
b(has)f(a)h(v)o(ery)f(go)q(o)q(d)g(collection)1031 1706
y(of)15 b(to)q(ols,)h(most)e(imp)q(ortan)o(t)g(of)i(whic)o(h)f(is)h(LP)
m(,)f(the)h(larc)o(h)1031 1755 y(pro)o(v)o(er.)21 b(One)16
b(can)e(hop)q(e)i(to)e(do)h(some)e(reasoning)i(ab)q(out)1031
1805 y(Larc)o(h/C)p Fm(++)9 b Fn(sp)q(eci\014cations)i(using)e(LP)m(.)f
(A)o(t)i(presen)o(t)h(there)1031 1855 y(is)18 b(no)g(supp)q(ort)i(for)d
(reasoning)i(ab)q(out)f(ADL)g(sp)q(eci\014ca-)1031 1905
y(tions.)1031 2048 y Fo(8)67 b(Conclusions)84 b(and)f(F)-6
b(uture)1132 2122 y(W)g(ork)1031 2222 y Fn(W)m(e)19 b(ha)o(v)o(e)g
(designed)g(a)g(language)f(ADL/C)p Fm(++)g Fn(to)h(write)1031
2271 y(b)q(eha)o(vioral)g(sp)q(eci\014cations)i(for)f(C)p
Fm(++)f Fn(programs.)36 b(The)1031 2321 y(imp)q(ortan)o(t)12
b(asp)q(ects)k(of)d(this)h(language)f(are)h(:)1073 2405
y Fd(\017)20 b Fl(Is)14 b(e)n(asy)h(to)f(le)n(arn)f(and)i(use)f(for)g
(r)n(e)n(al)f(softwar)n(e)g(engi-)1114 2455 y(ne)n(ers.)18
b Fn(W)m(e)11 b(ha)o(v)o(e)h(b)q(een)h(careful)g(in)e(designing)h(sp)q
(ec-)1114 2504 y(i\014cation)f(constructs)i(that)e(are)g(simple)f(and)h
(easy)g(to)1114 2554 y(use)17 b(for)e(the)i(real)e(soft)o(w)o(are)h
(engineer.)25 b(While)15 b(this)1114 2604 y(has)k(reduced)i(the)f
(expressivit)o(y)g(of)e(the)i(language)1114 2654 y(to)15
b(some)f(exten)o(t,)h(it)g(is)g(surprising)g(ho)o(w)f(m)o(uc)o(h)g(can)
1114 2704 y(still)g(b)q(e)h(expressed.)22 b(ADL/C)14
b(has)g(sho)o(wn)h(itself)f(to)p eop
%%Page: 14 14
14 13 bop 121 45 a Fn(b)q(e)15 b(useful)g(and)g(practical)g(at)g(the)h
(same)e(time,)f(and)121 95 y(ADL/C)p Fm(++)f Fn(will)h(only)g(impro)o
(v)o(e)f(on)i(this.)79 192 y Fd(\017)21 b Fl(Sp)n(e)n(ci\014c)n(ations)
j(c)n(an)h(b)n(e)f(c)n(ompile)n(d)g(into)h(che)n(cking)121
242 y(c)n(o)n(de.)17 b Fn(All)8 b(ADL/C)p Fm(++)h Fn(sp)q
(eci\014cations)h(ma)o(y)e(b)q(e)i(com-)121 291 y(piled)15
b(in)o(to)g(co)q(de)i(that)e(can)h(v)o(erify)g(correct)h(b)q(eha)o(v-)
121 341 y(ior)d(\(or)g(conformance\))g(of)g(API)h(implemen)o(tatio)o
(ns.)121 391 y(Note)22 b(that)g(this)h(is)f(di\013eren)o(t)h(from)d
(\\executable)121 441 y(sp)q(eci\014cations")h(where)h(it)e(is)h(p)q
(ossible)g(to)f(gener-)121 491 y(ate)d(executable)i(implemen)o(tatio)o
(ns)c(directly)j(from)121 540 y(a)i(sp)q(eci\014cation.)38
b(In)21 b(general)g(executable)g(sp)q(eci-)121 590 y(\014cations)f(imp)
q(ose)f(undue)i(restrictions)g(on)f(sp)q(eci-)121 640
y(\014cation)e(constructs)k(to)d(simplify)d(the)k(pro)q(cess)h(of)121
690 y(generating)12 b(executable)h(co)q(de.)18 b(ADL/C)p
Fm(++)11 b Fn(sp)q(eci\014-)121 740 y(cations)f(o\013er)h(a)g
(reasonable)g(middle)e(ground)h(where)121 789 y(the)22
b(sp)q(eci\014cations)g(ma)o(y)e(b)q(e)i(used)h(to)e(e\016cien)o(tly)
121 839 y(c)o(hec)o(k)14 b(conformance,)e(while)h(at)g(the)h(same)e
(time)g(al-)121 889 y(lo)o(ws)h(easy)h(dev)o(elopmen)o(t)f(of)g(sp)q
(eci\014cations.)79 986 y Fd(\017)21 b Fl(Sp)n(e)n(ci\014c)n(ations)d
(may)g(b)n(e)f(develop)n(e)n(d)h(indep)n(endently)121
1036 y(of)e(the)h(pr)n(o)n(gr)n(am.)25 b Fn(ADL/C)p Fm(++)15
b Fn(sp)q(eci\014cations)i(ma)o(y)121 1085 y(b)q(e)10
b(written)g(as)g(separate)h(\014les)f(\(that)g(\\include")g(C)p
Fm(++)121 1135 y Fn(header)17 b(\014les\).)27 b(Hence)19
b(ADL/C)p Fm(++)d Fn(facilitates)g(the)121 1185 y(dev)o(elopmen)o(t)11
b(and)i(use)g(of)f(sp)q(eci\014cations)i(b)o(y)e(orga-)121
1235 y(nizations)d(that)h(do)g(not)g(ha)o(v)o(e)g(access)i(to)d(C)p
Fm(++)h Fn(source)121 1285 y(co)q(de)16 b(\()p Fl(e.g.)p
Fn(,)f(some)f(proprietary)i(API's)g(come)f(with)121 1335
y(precompiled)e(libraries\).)79 1431 y Fd(\017)21 b Fl(V)m(arious)31
b(kinds)i(of)f(to)n(ol)g(supp)n(ort)h(is)f(p)n(ossible.)121
1481 y Fn(Chec)o(k)n(able)13 b(sp)q(eci\014cations)i(ma)o(y)c(b)q(e)k
(used)f(in)f(man)o(y)121 1531 y(w)o(a)o(ys.)k(A)12 b(system)h(suc)o(h)g
(as)g(ADL)m(T)e(uses)j(ADL/C)p Fm(++)121 1581 y Fn(for)21
b(conformance)g(testing.)42 b(In)22 b(suc)o(h)g(a)g(system,)121
1631 y(test-data)27 b(is)f(pro)q(duced)i(indep)q(enden)o(tly)g(of)e
(the)121 1680 y(writing)19 b(of)i(the)g(sp)q(eci\014cations.)39
b(The)22 b(to)q(ol)e(then)121 1730 y(generates)10 b(a)g(driv)o(er)f
(that)g(exercises)j(the)e(API)g(on)f(the)121 1780 y(test-data,)19
b(c)o(hec)o(king)g(the)g(system)f(b)q(eha)o(vior)g(eac)o(h)121
1830 y(time)k(with)i(the)g(sp)q(eci\014cations.)49 b(Sp)q
(eci\014cations)121 1880 y(ma)o(y)12 b(also)i(b)q(e)i(used)f(to)g
(generate)h(self-c)o(hec)o(king)f(in-)121 1929 y(terfaces)24
b(in)e(cases)h(where)h(securit)o(y)f(is)g(an)f(issue.)121
1979 y(Self-c)o(hec)o(king)16 b(in)o(terfaces)i(are)f(also)g(useful)g
(during)121 2029 y(the)d(dev)o(elopmen)o(t)f(cycle.)79
2139 y(The)27 b(design)g(of)e(the)j(language)d(is)h(not)h(y)o(et)g
(com-)37 2189 y(plete.)21 b(W)m(e)14 b(merely)g(extended)i(the)f
(ADL/C-st)o(yle)f(p)q(ost-)37 2239 y(condition)27 b(sp)q
(eci\014cations)h(for)f(functions)h(to)f(sp)q(ecify)37
2288 y(class)11 b(metho)q(d)e(b)q(eha)o(viors)i(with)e(some)h(ob)o
(vious)f(seman)o(tic)37 2338 y(constrain)o(ts)15 b(for)f(virtual)f(mem)
o(b)q(er)f(functions.)79 2396 y(In)e(C)p Fm(++)p Fn(,)f(classes)i(can)f
(also)f(b)q(e)h(considered)h(as)f(the)g(basic)37 2446
y(programming)i(units)j(in)g(addition)f(to)i(global)d(functions)37
2496 y(lik)o(e)f(in)g(C.)f(So,)h(it)g(w)o(ould)f(b)q(e)i(nice)g(if)e
(class)i(b)q(eha)o(viors)f(can)37 2546 y(b)q(e)i(sp)q(eci\014ed)h(and)e
Fl(teste)n(d)f Fn(just)i(lik)o(e)e(function)h(b)q(eha)o(viors.)79
2604 y(Sp)q(eci\014cation)k(of)e(\(metho)q(ds)h(of)s(\))h(abstract)g
(classes)g(is)37 2654 y(di\016cult)j(at)f(presen)o(t.)37
b(This)20 b(is)f(b)q(ecause,)k(usually)c(ab-)37 2704
y(stract)e(classes)g(do)f(not)g(ha)o(v)o(e)f(an)o(y)h(implemen)o(tati)o
(on)d(\(or)1031 45 y(state\))19 b(information)c(that)j(can)g(b)q(e)h
(used)g(for)e(the)i(p)q(ost-)1031 95 y(conditions.)k(So,)15
b(the)h(only)e(w)o(a)o(y)h(to)g(do)h(this)f(at)g(presen)o(t)1031
145 y(in)c(ADL)f(is)h(to)g(come)f(up)h(with)f(some)g(crude)i(implemen)o
(ta-)1031 195 y(tion)j(\(using)g(the)g(auxiliary)f(declarations\))h
(and)g(writing)1031 244 y(the)i(p)q(ost-conditions)g(using)f(that.)26
b(This)16 b(mak)o(es)f(sp)q(eci-)1031 294 y(fying)e(abstract)i(classes)
g(complicated.)1073 352 y(One)h(w)o(a)o(y)f(to)g(solv)o(e)h(these)h
(problems)d(is)i(to)f(adopt)g(an)1031 402 y(algebraic)10
b(sp)q(eci\014cation)g(framew)o(ork,)f(but)h(it)f(is)h(not)g(clear)1031
452 y(ho)o(w)k(testing)g(can)g(b)q(e)h(supp)q(orted)g(in)e(that)h
(framew)o(ork.)1073 510 y(Considering)19 b(these)i(issues,)h(it)d(app)q
(ears)i(some)d(kind)1031 560 y(of)e(trace-based)i(sp)q(eci\014cations)g
(on)e(top)g(of)g(the)h(curren)o(t)1031 610 y(ADL/C)p
Fm(++)j Fn(sp)q(eci\014cations)j(w)o(ould)d(b)q(e)h(a)g(nice)h(w)o(a)o
(y)e(to)1031 659 y(capture)c(class)g(b)q(eha)o(viors,)f(at)g(the)g
(same)g(time)e(preserv-)1031 709 y(ing)k(the)h(t)o(w)o(o)e(de\014ning)i
(features)g(of)f(ADL)g(-)g(testabilit)o(y)1031 759 y(and)11
b(closeness)i(to)e(the)g(base)h(implemen)o(tatio)o(n)c(language.)1031
809 y(W)m(e)k(ha)o(v)o(e)f(some)g(preliminary)e(ideas)j(in)f(this)h
(resp)q(ect)i(and)1031 859 y(w)o(e)e(will)e(b)q(e)j(incorp)q(orating)e
(them)g(in)o(to)g(ADL/C)p Fm(++)f Fn(so)q(on.)1031 1013
y Fo(Av)l(ailabili)q(t)n(y)1031 1114 y Fn(The)34 b(dev)o(elopmen)o(t)e
(of)h(the)h(to)q(ol)e(is)h(curren)o(tly)h(in)1031 1164
y(progress.)k(The)20 b(initial)e(v)o(ersion)i(will)e(b)q(e)j(a)o(v)n
(ailable)c(in)1031 1214 y(ab)q(out)g(a)f(y)o(ear.)27
b(Con)o(tact)16 b(the)i(authors)f(for)f(further)i(in-)1031
1263 y(formation.)1031 1418 y Fo(Ac)n(kno)n(wledgmen)n(ts)1031
1519 y Fn(W)m(e)31 b(w)o(ould)f(lik)o(e)g(to)g(thank)h(Ra)r(jiv)f
(Joshi,)k(Ash)o(vin)1031 1569 y(D'Souza,)26 b(Ro)q(ongk)o(o)d(Do)q(ong)
g(and)h(Mark)g(Hefner)h(for)1031 1618 y(their)11 b(participation)e(in)h
(the)g(n)o(umerous)g(discussions)h(dur-)1031 1668 y(ing)j(the)h(design)
f(of)g(the)h(language.)k(W)m(e)13 b(w)o(ould)h(also)g(lik)o(e)1031
1718 y(to)j(thank)f(Deepak)h(Kapur)f(for)g(his)h(in)o(v)n(aluable)d
(sugges-)1031 1768 y(tions)e(for)f(impro)o(ving)d(the)k(o)o(v)o(erall)f
(qualit)o(y)f(of)h(the)h(pap)q(er.)1031 1922 y Fo(References)1052
2023 y Fn([1])20 b(M.)g(Cline)f(and)i(D.)e(Lea.)h(The)h(Beha)o(vior)g
(of)e(C)p Fm(++)1117 2073 y Fn(Classes.)13 b Fl(Pr)n(o)n(c)n(e)n(e)n
(dings)h(of)g(the)g(Symp)n(osium)h(on)f(Ob-)1117 2123
y(je)n(ct)d(Oriente)n(d)g(Pr)n(o)n(gr)n(amming)g(Emphasizing)h(Pr)n
(ac-)1117 2173 y(tic)n(al)i(Applic)n(ations)p Fn(,)f(Marist)h(College,)
f(1990.)1052 2264 y([2])20 b(Digital)36 b(Equipmen)o(t)i(Corp)q
(oration,)44 b(Hewlett-)1117 2314 y(P)o(ac)o(k)n(ard)24
b(Compan)o(y)m(,)f(Hyp)q(erDesk)j(Corp)q(oration,)1117
2363 y(NCR)20 b(Corp)q(oration,)h(Ob)r(ject)g(Design,)h(Inc.,)f(and)
1117 2413 y(SunSoft)c(,)i(Inc.)f(The)g(Common)d(Ob)r(ject)k(Request)
1117 2463 y(Brok)o(er)12 b(:)17 b(Arc)o(hitecture)c(and)e(Sp)q
(eci\014cation.)h(P)o(ages)1117 2513 y(45-80.)d(OMG)i(Do)q(cumen)o(t)f
(Num)o(b)q(er)g(91.12.1,)f(Revi-)1117 2563 y(sion)k(1.1.)g(Decem)o(b)q
(er)h(1991.)1052 2654 y([3])20 b(John)12 b(V.)g(Guttag)g(and)h(James)f
(J.)g(Horning)g(with)g(S.)1117 2704 y(J.)i(Garland,)g(K.)g(D.)g(Jones,)
i(A.)e(Mo)q(det)h(and)g(J.)f(M.)p eop
%%Page: 15 15
15 14 bop 123 45 a Fn(Wing.)9 b(Larc)o(h)h(:)16 b(Languages)10
b(and)h(T)m(o)q(ols)e(for)h(F)m(ormal)123 95 y(Sp)q(eci\014cation.)k
(Springer-V)m(erlag,)f(1993.)58 178 y([4])20 b(D.)9 b(Kapur)i(and)f(D.)
g(R.)f(Musser.)j(T)m(ecton:)k(A)11 b(F)m(rame-)123 228
y(w)o(ork)g(for)f(Sp)q(ecifying)h(and)g(V)m(erifying)e(Generic)j(Sys-)
123 278 y(tem)18 b(Comp)q(onen)o(ts.)f(Rensselaer)j(P)o(olytec)o(hnic)f
(In-)123 327 y(stitute)11 b(Computer)e(Science)i(T)m(ec)o(hnical)f(Rep)
q(ort)g(92-)123 377 y(20,)j(July)m(,)f(1992.)58 460 y([5])20
b(Gary)15 b(T.)g(Lea)o(vnes.)g(Larc)o(h/C)p Fm(++)g Fn(Reference)j
(Man-)123 510 y(ual.)i(Departmen)o(t)g(of)g(Computer)g(Science,)k(Io)o
(w)o(a)123 560 y(State)14 b(Univ)o(ersit)o(y)m(,)f(Sept)i(1995.)58
643 y([6])20 b(Barbara)11 b(Lisk)o(o)o(v)f(and)g(Jeannette)j(M.)d
(Wing.)g(A)h(Be-)123 693 y(ha)o(vioral)h(Notion)h(of)g(Subt)o(yping.)f
Fl(A)o(CM)i(TOPLAS)123 742 y Fn(16\(6\):1811-1841,)c(No)o(v.)j(1994.)58
826 y([7])20 b(Sriram)11 b(Sank)n(ar)h(and)h(Roger)g(Ha)o(y)o(es.)f
(ADL:)g(An)h(In-)123 875 y(terface)22 b(Language)e(for)g(Sp)q(ecifying)
h(and)f(T)m(esting)123 925 y(Soft)o(w)o(are.)d(In)g Fl(Pr)n(o)n(c)n(e)n
(e)n(dings)i(of)f(the)g(Workshop)i(on)123 975 y(Interfac)n(e)14
b(De\014nition)h(L)n(anguages)p Fn(,)f(Jan)o(uary)f(1994.)58
1058 y([8])20 b(Sriram)e(Sank)n(ar,)i(Roger)f(Ha)o(y)o(es.)g(Sp)q
(ecifying)g(and)123 1108 y(T)m(esting)31 b(Soft)o(w)o(are)f(Comp)q
(onen)o(ts)g(using)h(ADL.)123 1158 y(SMLI)16 b(TR-94-23.)e
Fl(Sun)k(Micr)n(osystems)e(L)n(ab)n(or)n(ato-)123 1207
y(ries,)e(Inc.)p Fn(,)f(April)h(1994.)58 1290 y([9])20
b(J.)f(M.)g(Spiv)o(ey)m(.)g(Understanding)h(Z,)g(A)f(Sp)q(eci\014ca-)
123 1340 y(tion)9 b(Language)g(and)h(its)f(F)m(ormal)f(Seman)o(tics.)g
(Cam-)123 1390 y(bridge)13 b(Univ)o(ersit)o(y)g(Press,)h(1988.)d(T)m
(racts)j(in)e(Theo-)123 1440 y(retical)i(Computer)f(Science,)i(V)m
(olume)d(3.)37 1523 y([10])20 b(Bjarne)29 b(Stroustrup.)g(The)g(C)p
Fm(++)g Fn(Programmi)o(ng)123 1573 y(Language.)13 b(Addison-W)m(esley)m
(,)f(1991.)37 1656 y([11])20 b(Sun)d(Microsystems)f(Inc.,)h(U.S.A.,)f
(and)g(Informa-)123 1706 y(tion)24 b(T)m(ec)o(hnology)h(Promotion)e
(Agency)m(,)28 b(Japan.)123 1755 y(ADL)21 b(T)m(ranslator)f(Design)h
(Sp)q(eci\014cation.)g(Do)q(cu-)123 1805 y(men)o(t)9
b(n)o(um)o(b)q(er)g(MITI/0001/D/0.1.)e(August)k(1993.)p
eop
%%Trailer
end
userdict /end-hook known{end-hook}if
%%EOF