The Guarded Command Language (GCL) is a
programming language
A programming language is a system of notation for writing computer programs.
Programming languages are described in terms of their Syntax (programming languages), syntax (form) and semantics (computer science), semantics (meaning), usually def ...
defined by
Edsger Dijkstra
Edsger Wybe Dijkstra ( ; ; 11 May 1930 – 6 August 2002) was a Dutch computer scientist, programmer, software engineer, mathematician, and science essayist.
Born in Rotterdam in the Netherlands, Dijkstra studied mathematics and physics and the ...
for
predicate transformer semantics
Predicate transformer semantics were introduced by Edsger Dijkstra in his seminal paper " Guarded commands, nondeterminacy and formal derivation of programs". They define the semantics of an imperative programming paradigm by assigning to each ' ...
in EWD472.
It combines programming concepts in a compact way. It makes it easier to develop a program and its proof hand-in-hand, with the proof ideas leading the way; moreover, parts of a program can actually be ''calculated''.
An important property of GCL is
nondeterminism. For example, in the if-statement, several alternatives may be true, and the choice is made at runtime, when the if-statement is executed. This frees the programmer from having to make unnecessary choices and is an aid in the formal development of programs.
GCL includes the multiple assignment statement. For example, execution of the statement is done by first evaluating the righthand side values and then storing them in the lefthand variables. Thus, this statement swaps the values of and .
The following books discuss the development of programs using GCL:
*
*
*
*
*
Guarded command
A guarded command consists of a boolean condition or
guard
Guard or guards may refer to:
Professional occupations
* Bodyguard, who protects an individual from personal assault
* Crossing guard, who stops traffic so pedestrians can cross the street
* Lifeguard, who rescues people from drowning
* Prison gu ...
, and a statement "guarded" by it. The statement is only executed if the guard is true, so when reasoning about the statement, the condition can be assumed true. This makes it easier to prove the
program meets a
specification
A specification often refers to a set of documented requirements to be satisfied by a material, design, product, or service. A specification is often a type of technical standard.
There are different types of technical or engineering specificati ...
.
Syntax
In linguistics, syntax ( ) is the study of how words and morphemes combine to form larger units such as phrases and sentences. Central concerns of syntax include word order, grammatical relations, hierarchical sentence structure (constituenc ...
A guarded command is a
statement
Statement or statements may refer to: Common uses
*Statement (computer science), the smallest standalone element of an imperative programming language
*Statement (logic and semantics), declarative sentence that is either true or false
*Statement, ...
of the form G → S, where
* G is a
proposition
A proposition is a statement that can be either true or false. It is a central concept in the philosophy of language, semantics, logic, and related fields. Propositions are the object s denoted by declarative sentences; for example, "The sky ...
, called the guard
* S is a statement
Semantics
Semantics is the study of linguistic Meaning (philosophy), meaning. It examines what meaning is, how words get their meaning, and how the meaning of a complex expression depends on its parts. Part of this process involves the distinction betwee ...
* If G evaluates to true, S is eligible to be executed. In most GCL constructs, multiple guarded commands may have guards that are true, and exactly one of them is chosen ''arbitrarily'' to be executed.
* If G is false, S will not be executed.
skip and abort
skip and abort are important statements in the guarded command language. abort is the undefined instruction: do anything. It does not even need to terminate. It is used to describe the program when formulating a proof, in which case the proof usually fails. skip is the empty instruction: do nothing. It is often used when the syntax requires a statement but the
state
State most commonly refers to:
* State (polity), a centralized political organization that regulates law and society within a territory
**Sovereign state, a sovereign polity in international law, commonly referred to as a country
**Nation state, a ...
should not change.
Syntax
skip
abort
Semantics
* skip: do nothing
* abort: do anything
Assignment
Assigns values to
variables
Variable may refer to:
Computer science
* Variable (computer science), a symbolic name associated with a value and whose associated value may be changed
Mathematics
* Variable (mathematics), a symbol that represents a quantity in a mathemat ...
.
Syntax
v := E
or
v, v, ..., v := E, E, ..., E
where
* v are program variables
* E are expressions of the same
data type
In computer science and computer programming, a data type (or simply type) is a collection or grouping of data values, usually specified by a set of possible values, a set of allowed operations on these values, and/or a representation of these ...
as their corresponding variables
Catenation
Statements are separated by one semicolon (;)
Selection
Selection may refer to:
Science
* Selection (biology), also called natural selection, selection in evolution
** Sex selection, in genetics
** Mate selection, in mating
** Sexual selection in humans, in human sexuality
** Human mating strat ...
: if
The selection (often called the "conditional statement" or "if statement") is a list of guarded commands, of which one is chosen to execute. If more than one guard is true, one statement whose guard is true is arbitrarily chosen to be executed. If no guard is true, the result is undefined, that is, equivalent to abort. Because at least one of the guards must be true, the empty statement skip is often needed. The statement if fi has no guarded commands, so there is never a true guard. Hence, if fi is equivalent to abort.
Syntax
if G0 → S0
□ G1 → S1
...
□ Gn → Sn
fi
Semantics
Upon execution of a selection, the guards are evaluated. If none of the guards is ''true'', then the selection aborts, otherwise one of the clauses with a ''true'' guard is chosen arbitrarily and its statement is executed.
Implementation
GCL does not specify an implementation. Since guards cannot have
side effects
In medicine, a side effect is an effect of the use of a medicinal drug or other treatment, usually adverse but sometimes beneficial, that is unintended. Herbal and traditional medicines also have side effects.
A drug or procedure usually used ...
and the choice of clause is arbitrary, an implementation may evaluate the guards in any sequence and choose the first ''true'' clause, for example.
Examples
Simple
In
pseudocode
In computer science, pseudocode is a description of the steps in an algorithm using a mix of conventions of programming languages (like assignment operator, conditional operator, loop) with informal, usually self-explanatory, notation of actio ...
:
if a < b then set c to True
else set c to False
In guarded command language:
if a > b → c := true
□ a < b → c := false
fi
Use of skip
In pseudocode:
if error is True then set x to 0
In guarded command language:
if error → x := 0
□ error → skip
fi
If the second guard is omitted and error is False, the result is abort.
More guards true
if a ≥ b → max := a
□ b ≥ a → max := b
fi
If a = b, either a or b is chosen as the new value for the maximum, with equal results. However, the
implementation
Implementation is the realization of an application, execution of a plan, idea, scientific modelling, model, design, specification, Standardization, standard, algorithm, policy, or the Management, administration or management of a process or Goal ...
may find that one is easier or faster than the other. Since there is no difference to the programmer, any implementation will do.
Repetition
Repetition may refer to:
*Repetition (rhetorical device), repeating a word within a short space of words
*Repetition (bodybuilding), a single cycle of lifting and lowering a weight in strength training
*Working title for the 1985 slasher film '' ...
: ''do''
Execution of this repetition, or loop, is shown below.
Syntax
do G0 → S0
□ G1 → S1
...
□ Gn → Sn
od
Semantics
Execution of the repetition consists of executing 0 or more ''iterations'', where an iteration consists of arbitrarily choosing a guarded command whose guard is true and executing the command . Thus, if all guards are initially false, the repetition terminates immediately, without executing an iteration. Execution of the repetition do od, which has no guarded commands, executes 0 iterations, so do od is equivalent to skip.
Examples
Original
Euclidean algorithm
In mathematics, the Euclidean algorithm,Some widely used textbooks, such as I. N. Herstein's ''Topics in Algebra'' and Serge Lang's ''Algebra'', use the term "Euclidean algorithm" to refer to Euclidean division or Euclid's algorithm, is a ...
a, b := A, B;
do a < b → b := b - a
□ b < a → a := a - b
od
This repetition ends when a = b, in which case a and b hold the
greatest common divisor
In mathematics, the greatest common divisor (GCD), also known as greatest common factor (GCF), of two or more integers, which are not all zero, is the largest positive integer that divides each of the integers. For two integers , , the greatest co ...
of A and B.
Dijkstra sees in this algorithm a way of synchronizing two infinite cycles
a := a - b and
b := b - a in such a way that
a≥0 and
b≥0 remains true.
Extended Euclidean algorithm
In arithmetic and computer programming, the extended Euclidean algorithm is an extension to the Euclidean algorithm, and computes, in addition to the greatest common divisor (gcd) of integers ''a'' and ''b'', also the coefficients of Bézout's id ...
a, b, x, y, u, v := A, B, 1, 0, 0, 1;
do b ≠ 0 →
q, r := a div b, a mod b;
a, b, x, y, u, v := b, r, u, v, x - q*u, y - q*v
od
This repetition ends when b = 0, in which case the variables hold the solution to
Bézout's identity
In mathematics, Bézout's identity (also called Bézout's lemma), named after Étienne Bézout who proved it for polynomials, is the following theorem:
Here the greatest common divisor of and is taken to be . The integers and are called B� ...
: xA + yB = gcd(A,B) .
Non-deterministic sort
do a
bubble sort
Bubble sort, sometimes referred to as sinking sort, is a simple sorting algorithm that repeatedly steps through the input list element by element, comparing the current element with the one after it, Swap (computer science), swapping their values ...
is not more efficient than its deterministic version, but easier to prove: it will not stop while the elements are not sorted and that each step it sorts at least 2 elements.
x, y = 1, 1;
do x≠n →
if f(x) ≤ f(y) → x := x+1
□ f(x) ≥ f(y) → y := x; x := x+1
fi
od
This algorithm finds the value 1 ≤ ''y'' ≤ ''n'' for which a given integer function ''f'' is maximal. Not only the computation but also the final state is not necessarily uniquely determined.
.
design because the repetition
allows arbitrary relative delays for the selection of different commands. In this application,
a logic gate driving a node ''y'' in the circuit consists of two guarded commands, as follows:
PullDownGuard → y := 0
PullUpGuard → y := 1
''PullDownGuard'' and ''PullUpGuard'' here are functions of the logic gate's inputs,
which describe when the gate pulls the output down or up, respectively. Unlike classical
circuit evaluation models, the repetition for a set of guarded commands (corresponding to an asynchronous circuit) can accurately describe all possible dynamic behaviors of that circuit.
Depending on the model one is willing to live with for the electrical circuit elements,
additional restrictions on the guarded commands may be necessary for a guarded-command description
to be entirely satisfactory. Common restrictions include stability, non-interference, and absence
of self-invalidating commands.
. SPIN verifies correct operation of concurrent software applications.