SCIENCE RESEARCH COUNCIL

RITTHERFORD LABORATORY ATLAS COMPUTING DIVISION

#### FR80 TECHNICAL PAPER 21

FR80 DRIVER Software Construction

R W Witty

10 December 1975

DISTRIBUTION: F R A Hopgood A H Francis

P Brandwood J R Callop F R A nopposed
R Brandwood J R Gallop
I Buchanan P M Nelson
A W Burraston D Ralphs
M F Chiu D C Sutcliffe
R E Thomas L O Ford R W Witty

#### INTRODUCTION

New software, FR80 DRIVER, is under construction to ease the current maintenance problems with the existing III Displayer, and to provide new facilities (FR80 DRIVER is outlined in FR80 Discussion Paper 15).

This paper describes the methods of design and construction in use with DRIVER. These methods include designing by Step Wise Refinement and its representation by flowcharts, the encoding of these flowcharts into an intermediate language, and the translation of this language into an FR80 program. The paper closes with a discussion of DRIVER programming standards and style.

2. FLOWCHARTING AND STEP WISE REFINEMENT

# 2.1 Conventional Flowcharting

FR80 SYSLOG was designed and implemented by top down, disciplined programming techniques. Flowcharts of the program were produced at successive levels of detail using the method of Step Wise Refinement [7]. The final flowchart was sufficiently detailed for FR80 Assembler code to be produced almost mechanically. During the design of SYSLOG several inadequacies of conventional flowcharting were encountered:-

- (1) they are difficult to draw and lay out as they spread out in all directions from a given starting point. This makes formatting on a page a problem, often requiring redrawing.
- (2) they have complex symbols which are hard to draw neatly freehand.
- (3) if a template is used then fitting text into the boxes is a grave problem.
- (4) they cannot be drawn 'naturally'; programming language source is easier because it follows the normal lexical 'directions' of English.
- (5) they are difficult to convert to a machine readable form.
- (6) they are difficult to draw 'automatically'.
- (7) they are usually drawn on A4 paper which is too small to convey the logic of a complex module. Arbitrary, redundant branches are caused by page boundaries making a disjointed flowchart that is hard to visualise overall.
- (8) they fail to represent such properties as parallelism because sequential actions are spread out over both dimensions of the page.
- (9) they positively encourage undisciplined branches and 'cluttered' logic because it is so easy to draw branches in all directions.
- (10) they fail completely to show how the final detailed design has been achieved through Step Wise Refinement (SWR).

The above problems were overcome by developing a variant of flowcharting called Dimensional Flowcharting, described below. The final design of SYSLOG was actually represented by this method.

# 2.2 Dimensional Flowcharting

Consider the CASE statement



figure 2.1 Conventional CASE statement

This is a well-disciplined construct having one entry point and one exit point. It shows how the conventional direction of sequential control is from the top to the bottom of a flowchart. It also reveals that the executable code blocks e<sub>1</sub>, e<sub>2</sub>, e<sub>3</sub> exit as parallel alternatives, although only one is executed to the exclusion of the others. This is the selective CASE statement, the most common form. In a generalised CASE statement whose semantics are that each and every true case is executed, then the parallelism is more obvious [3]. (Note that IF-THEN-ELSE is a simple CASE statement, the cases being 'boolean expression is true' and 'boolean expression is false'.)

From this example we can postulate that the 'dimensions' of a flowchart are sequential control flow (SCF) and parallel execution (P), figure 2.2.



# 2.2.1 Sequential Statements

For the flow of control to be <u>always</u> top to bottom we must impose a discipline on branch instructions. Every program must be a sequence of statements, having only one entry and one exit point, such as IF-THEN-ELSE, CASE and LOOP. Hence in Dimensional Flowcharting a sequence of statements \$1,52,....,\$n is shown as



Any Si represents either program source text or an informal description of an action depending on the level of abstraction of Si. There is now no need to draw a box around the statements.



figure 2.4 Contrasting Representations of Sequential Statements

#### 2.2.2 CASE

The CASE statement is drawn as



figure 2.5 Dimensional CASE Statement

The selection mechanism is controlled by the Conditional statement



Its semantics are that if <boolean expression> is true then control passes on down the vertical line (crosses the bridge [12]). If <boolean expression> is false then control is prevented from continuing along the vertical branch. This is a general mechanism which is used in other constructs.

Returning specifically to the CASE statement, its action is that if one or more vertical branches have true <boolexp-i>s then the corresponding <action-i>s are executed. Control only passes to the statement after the CASE when all of these have finished execution. This shows the parallel dimension of the flowchart to its full advantage as control can be imagined to instantaneously flow along a horizontal line and down into each vertical line as though an infinite number of parallel processors were available to execute the statement. If all vertical branches are blocked by false <booleyp-i>s then the whole statement is terminated and control passes to the next sequential statement.

The simple boolean blocking statement described above is good enough to represent purely serial algorithms. If a designer were to use this flowcharting method for constructing real parallel algorithms it is likely that he would add his own synchronisation devices. The main point being made in this section is that the rigorous use of the two dimensional page elegantly represents parallel code and sequential ordering.

#### 2,2.3 IF-THEN-ELSE

Using the above scheme, IF-THEN-ELSE is



figure 2.7 Dimensional IF-THEN-ELSE

Note that now, because of the explicit parallelism, the <then code> and <else code> blocks must both be conditionally executed. This forces the programmer to consider fully all the implications of the <else code> operating on the (usually) large set of possibilities <not bool>, and is put forward as an advantage of the 'parallel' way of thinking.

Obviously for normal, serial programming languages, the flowchart will be encoded using the conventional 'jump to <else code' if boolean is false' technique.

# previous statement LOOP S1 boolean S2 next statement (a) (b)

figure 2.8 Contrasting Loops

In the LOOP statement, figure 2.8a, the loop body (S1, conditional exit, S2) is repeated while <book is true. Loops are discussed further in section 3.4. To help differentiate between a sequence of statements which is repeated (loop body) and one which is not (block body, section 3.5) it is sometimes helpful to use the symbols '\*' and 'F' which indicate repetition and termination respectively. However they are usually omitted. Figure 2.9 demonstrates their use.



# 2.2.5 Branch

Dimensional Flowcharting can encompass direct branches but it clearly shows how they spoil the elegance and discipline of the design, and how their occurrence, in practice, seems unnatural and unnecessary. This feeling grows after using the disciplined Dimensional Flowcharting method; one quickly forgets that GOTOs ever existed. The FR80 SYSLOG design was free from direct GOTOs, and it was greatly improved by thinking more deeply about the reliability of the control flow.

If an explicit GOTO must be used, it can be shown as figure 2.10.



figure 2.10 Branch

The resemblance between the GOTO notation and the Devil's tail is not coincidental.

# 2.3 Step Wise Refinement

A property of Step Wise Refinement (SWR) is that the most up-to-date design is expressed in terms of the lowest level reached so far. This means that, at worst, the derivation of large parts of the design are 'lost' as they are refined, or at best, can only be deduced from a study of separate flowcharts of the various intermediate stages (figure 2.11). Is there a unified method of representation which will preserve what amounts to a record of the designer's thoughts?

```
solve quadratic equn.
                                             level 1
input data
perform computation on data
                                             level 2
output results
read A;
read B;
read C;
if descriminant <0 then print (imaginary roots);posroot:=negroot:=0;
                                                                              level.
                     else posroot:=(-b+\sqrt{b^2-4ac})/2a;
                          negroot:=(-b-\sqrt{b^2-4ac})/2a:
print A;
      B;
      C;
      posroot:
      negroot:
stop;
```

figure 2.11 SWR Example

By using the Algol-like rule that every program is a single (compount) statement which can be recursively split into sequences of statements (the process of refinement) we can formally recognise a SWR design (see section 2.5). These separate stages of refinement can be connected if the flowchart is given a third dimension, called the Refinement(R).



figure 2.12 3-D Axes

The example given in figure 2.11 now becomes figure 2.13.



figure 2.13 3-D Flowchart

Now one can study the program's design at any desired level of abstraction; one may study the design at varying stages of refinement as the area of interest changes, digging deeper down into the details of, say, 'input data' to see exactly what is happening. Having once understood the action of the input phase one need never again go deeper than the 'input data' level to recall the program's action at this point.

If one regards the higher levels of abstraction as comments about the lowest level, then this hierarchy of comments may be 'folded' or 'linearised' into the source code text, whence the correspondence between the flowchart and the source code is exact in the refinement sense and the source program-flowchart couple becomes much easier to read and understand. This proposal was followed with FR80 SYSLOG and works well in practice (see example DRIL program, section 4.2).

# 2.4 Design and Construction

Tackling a problem by creating a 3-D flowchart via SWR produces a model of a logical solution, not a working program. This result is analogous to the hardware engineers' Logic Diagram. Actually constructing a program from the logical solution introduces a new set of practical problems which vary with the peculiarities of particular source languages, compilers and machines. Considerations such as page-bank addressing boundaries, core sizes, macros being defined before being called, and separate compilation for individual subroutines cause a working source program to vary considerably from the neat order of the abstract logical solution. Thus a second 'engineering drawing' should be made, again using the 3-D SWR technique, which is a map of the way the source code is physically constructed. (See figures 2.15 and 4.4.) This is exactly analogous to the way hardware engineers must produce a circuit board component and wiring layout from the Logic Diagram.

(If the program is non-trivial then the two flowcharts are unlikely to fit onto single A4 pages; do not split them up into several pages, making them disconnected and hard to visualise - draw them on larger pieces of paper. Regard the flowcharts as engineering drawings. No engineer builds bridges with A4!)

A simple example will show the working relationship between the Logic Diagram and the physical layout. Consider a typical program which contains a recursive binary to decimal conversion and print subroutine, BIOTDS, stolen from [1]. In figure 2.14 see how easy it is to spot and understand the recursive action of ITOS when the subroutine definition is 'refined' from its call. In the program's source text Physical Construction, figure 2.15, the call and subroutine bodies are separated, obscuring their logical connection, just because of the way the compiler is written.

read resignation of situation with the boundaries and boundaries of the beautiful translations.

one may display the design on varying stages of refinement on the steel of interest changes, display despite four this sing details of, say, fiapulational character changes, displaying the character of one understood the



figure 2.14 Recursive Binary Integer to Decimal String Conversion



figure 2.15 Physical Construction of Typical Program

Using the Logic Design flowchart in conjunction with the Physical Construction flowchart and the source text with its 'folded' SWR comments greatly simplifies the problem of relating the physical program code to its logical design and action. Again, this observation is based on the experience gained from FR80 SYSLOG.

#### 2.5 Flowchart Syntax

A direct benefit of introducing discipline into the design methodology is that a context free grammar can be defined which will generate 3-D flowcharts. Figure 2.16 is the TREE-META [9] definition of such a grammar. This property means a flowchart can be shown to conform to the design methodology and to the project standards which should be built into the grammar.

```
.META FLOW
FLOW = '.NAME' .ID ';' NODE '.END' .ID ';';
NODE = SERAL $ ( SERAL ) '#';
SERAL = '!' STMT (NEXTLEV / .EMPTY) $ ( PARAL ) ;
PARAL = '-' NODE ;
NEXTLEV = 'L' NODE ;
STMT = ( ACTST / EXSIT ) ;
ACTST = '=' .SR ;
EXSIT = '?' .SR ;
.END
```

# figure 2.16 3-D Flowchart Syntax

#### 2.6 Automated Drafting

It can be shown from the grammar (figure 2.16) that a flowchart is a tree. A simple tree-walk will produce a linear machine-readable version if the various straight lines and flowcharting symbols are encoded as unique identifiers. Such a tree-walk is similar to unparsing [2]. This human process is quick and easy, and the output matches the original drawing (figure 2.17).

The linear tree-walk can be fed into a syntax analyser (figure 2.16) for validation, and a straightforward recursive graphical algorithm can be constructed to produce high quality output on a plotting device by exploiting the grammar rules to draw the flowchart left to right, top to bottom, which makes the formatting very easy (it is 'context free'). The ease with which drafting may be automated is another major advantage of Dimensional Flowcharting.

#### In figure 2.17

- ! represents a vertical line, the SCF direction
- represents a horizontal line, the P direction
- L represents an angled line, the R direction
- # represents the '=' symbol indicating the end of a series of sequential statements

GSIN2 . FLOWA

U15 BY JOB 1:651N21.FLOWAT ON 140CT75 AT 20.07.36 70CT75 AT 29,56,30 #LISTING OF (GSIN21, TESTALL (1/) PRODUCED ON - NA WOUTPUT ON SRC 6A G832V6

figure 2.17 Machine Readable Flowchart さらら 1 0 TXX LL. NAME TESTALL: END TESTALL 13 1999: 21 TESTALL 0000 TOP I TAAA! 10001-I I I I 888 母母母母母 100 E DOCUMENT

- 2.7 Summary of Advantages of Dimensional Flowcharting
- 1. Quick and easy to draw, by hand or machine, because drawn left to right, top to bottom, i.e. naturally.
- 2. Grammar ensures flowcharts are well-formed.
- 3. Grammar provides a mechanism for enforcing project standards.
- 4. Easy to convert to machine readable form via simple 'tree-walk' method.
- 5. Grammar makes automatic drafting very easy.
- 6. Statements may be any length.
- 7. Statements are not constrained to fit into boxes.
- No need for templates.
- 9. Few special symbols.
- 10. Adaptable to any source code and machine.
- 11. Easy to introduce new features such as control constructs and synchronisation devices.
- 12. Shows inherent parallelism which is often not obvious from the source code.
- 13. Recursion easier to represent and understand.
- 14. 'Automatically' ensures will disciplined program design. Cluttered logic is prevented.
- 15. Encourages and facilitates SWR design.
- 16. Makes it easy for a 3rd party to understand how the design arrived at because SWR explicit.
- 17. One flowchart shows all 3 dimensions at once, making it possible (and easy) to visualise the whole program at varying levels of abstraction.
- 18. When both the logical design and the physical construction diagrams are drawn as large size 'engineering drawings' and when all the levels of abstraction are 'folded' into the source code as comments then the 3 documents work in unison to greatly improve the speed and understanding of the program by a 3rd party (and the designer himself).

3. DRIL

#### 3.1 Introduction

FR80 SYSLOG was designed using high level control constructs. The FR80 only has an assembler so these control constructs had to be hand-compiled - a tedious, error-prone process. As DRIVER will be a much larger program than SYSLOG, it was decided to create a simple implementation language (DRIL), based on these control constructs, which could be easily translated into FR80 Assembler source code. DRIL is an aid to assembler programming, similar to but more powerful than macros, rather than a full scale high level language. A DRIL program should therefore be the easiest, fastest way to produce a correct FR80 Assembler program.

The aims of DRIL are

- (1) a reduction in coding errors.
  Cases, Loops and Boolean Expressions are difficult to hand-compile accurately first time, every time.
- (2) an improvement in the 'readability' of the code.

  Assembler versions of control constructs, especially their boolean expressions, are not easy to understand. DRIL's free format helps to highlight loop bodies.
- (3) an improvement in the consistency of construction.

  The tendency to locally optimise assembler code in SYSLOG caused a lack of uniformity which made 3rd party understanding more difficult.
- (4) that the DRIL statements should reflect the 3-D flowcharting system (section 2) making SWR and reliable control flow easier to achieve so that DRIL, the Logic Design and Physical Construction flowcharts all work in harmony.

The object program produced by the DRIL translator (section 4) is an FR80 Assembler source code program because

- (1) this simplifies the process of translation; the work of the assembler is not duplicated by the DRIL translator.
- (2) the DRIVER program will be transportable to other sites in source form [8]. This is one reason why the DRIL translator attempts to produce an object program which looks like a hand written assembler program.
- (3) this simplifies checking the translator.
- (4) this allows incorporation of non-DRIL produced code at the assembler source level.
- (5) macro-15 programs can also be produced from DRIL source programs.

A translator writing system is used to produce the DRIL translator because

- (1) it is the fastest method of implementation; the effort is put into defining DRIL, not into producing a syntax analyser etc.
- (2) it is the easiest method as it builds on existing work.
- (3) it is the most reliable way as an already proven system is being used (Tree-Meta on the ICL 1906A [9]).
- (4) it is the most flexible; DRIL and DRIVER are likely to evolve together and Tree-Meta allows DRIL to be modified easily.
- (5) it allows software development to exploit the power of the ICL 1906A, freeing the FR80 for production work.
- (6) Tree-Meta's flexible code generation system makes it possible to produce translator-commented code, neatly laid out with the source code comments retained, so that a DRIL object program is an FR80 Assembler source code program indistinguishable from a well written hand-coded equivalent.

An example showing the full range of DRIL source statements, their flowcharts and the code they produce is given in section 3.2. An actual DRIL module producing valid FR80 code is shown in section 4.2. The individual DRIL statements are explained below.

### 3.2 DRIL Statements



figure 3.1 3-D Flowchart of all DRIL Statements

#### 3.3 Boolean Expressions

Control constructs need powerful boolean expressions to be really effective. DRIL has a comprehensive implementation of boolean expressions to encourage clear and exhaustive handling of all eventualities. This should reduce errors of omission and default, and should improve the clarity of programs. Boolean expressions coded in assembler are never obvious. The speed and accuracy of automatic encoding is a great improvement over the hand compilation technique. DRIL has the usual boolean operators and a syntax which copes with the lack of formal boolean variables; see section 4 for the syntax and section 3.8 for a summary of the boolean operators.

```
Col beantered a franci before patentian och tron betanne benner broken bank padentingen angrak paranna panti bertana probentian probentian panti betan bank panti betan 
                                                                                                                                вивор и годов в веначий вы вонина виновний вида в вонина вида в провет в вонина в в в в в в в в в в в в в в в в
                                                                                                                                : GSIN21, PETA
                                                                                                                                BOLLABARADASI ECLOFIL BUADADADERERALDUG: BUDILABRADEFER: DOGLAR
#LISTING OF 1751721, ALLORIL(3/) PRODUCED ON 1740775 AT 21,29,35
MOSTP IT UN SEC 04 6832V3 UNIT U15 BY JOB ":GC1421.4ETA" ON 2140475 AT 18.40.50
POCHIENT
                        ALLORIL
            O . PROG PROSMAME:
            3
            6 7 1/ ZAMY LOOP - WITH GUARANTEED TERMINATION';
                . MAXLOOP REPTLIN := 779:
          10 LOUP
                               LOUP BODY":
                               LUDY BUDY';

EXIT E1 : IFF BUDLA .EQ BOOLB;

COP BOOY';

EXIT E2 .IFF .DONE REPTLIM .TIMES;

LUDY BUDY';
          11
          13 1
          14
          15 1
          16 .REPEAT
                                                                               GOGD EXIT CODET: .ENDS: TGO MANY REPEATS!: .ENDS:
                              SIT E1 , CAUSES 1
                               SIT EZ .CAUSES !
          13
          19 .EHOL:
          30
          21 1/ END OF ZAHN LCOP!;
          25
          26 1/ SELECTIVE CASE STATEMENT";
                                                                                                                                                                            Example DRIL Prog Source
                                                                                                                                       figure 3.2
                ,BLOCK .4IT4 .EXITS CA.CB.CC.OF;

.EXIT CA .IFF VAR1 .GE VAR2;

.EXIT CB .IFF VAR2 .GT .40;

.EXIT CC .IFF VAR3 .ZERC;
          28
          30
          31
                                EXIT OF:
          33 .EP1109
                                                                                 ACTIONATI .. ENDS:
          36
                               SIT CA , CAUSES .
                               SIT CB .CAUSES !
                                                                                ACTIONS'; ENDS;
ACTIONC'; ENDS;
          35
          37
                               .SIT DF . CAUSES .
                                                                                 DEFAULT': ,ENDS:
          38 . ENOB;
          40 1/ END OF SELECTIVE- CASE STATEMENT':
          41
          42
          43
          44
          45
          46 1/ INTEGER DRIVEN CASE STATEMENT 1:
          47
          49 .EXIT .CASE INTVAL .OF C1,C2,C3 .DEFAULT CD: 50 .EPILOG
                               .SIT C1 .CAUSES ! .SIT C2 .CAUSES ! .SIT C3 .CAUSES !
          51
                                                                                 ACTION11: .EVOS:
                                                                                ACTIONS'; ENDS;
          52
          53
                               SIT CO . CAUSES .
                                                                                DEFAULT': , ENJS:
          55 .ENDB;
          55
           S7 1/ END OF INTEGER DRIVEN CASE STATEMENT':
          39
          AU
          62 1/ IF-THEY-ELSE";
                                STOWS LHARY AND BINARY DOOLEAN JPERATORS!:
          65 01
          65 (IF (VAR1 (EQ 877) OR 65 (VAR2 (LE 999) AND 67 (VAR3 (NC)ZERJ) 68 (THEN CODE RO)
                                        THEN CODE RODY !!
                              .ELSE
          71
                                        ELSE CODE SUDY';
          72 ,E401;
          74 1/ END OF IF-THEN-ELSE":
          76
                . ENDP PROGNAME:
          79
          NU
```

```
#LISTING OF :SSIN21, ALLOBUSS/) PROBLEED ON 21NOV75 AT 18,30.11
 17P-37 DY SRC 64 GH32V3 UNIT U15 BY JOB ":GS1421, META! ON 2140775 AT 18.40.59
SOCHIENT ALLUNG
    U / UBJ: ORIL PROGNAME OBJECT PROGNAME
    4 /
      8 /
         DRIL MACRO DEFINITIONS
    12 . INSERT ROBIDRIL MACROS
    14 /
         END OF DRIL MACROS
    15 /
     18
    19
    20
    55
      25
    26
      / DRIL FATAL ERRCR HANDLER
    29
    30 / INSERT FATAL ERROR HANDLER CODE
     INSERT ROBICRIL FATAL
                                              figure 3.3
                                                            Example DRIL Prog Object
    31
    32
    33 /
    34
     / FATAL ERRORS ARE: -
    35
    36 /
    37
      / FAILURE TO EXIT FROM BLOCK
    38
      BLKERR.
             FATAL (DRIL)-HIT BLCCK BOTTOM AT=, BLKERR
    39 /
    41)
    41
   42 /
    43
      / END OF FATAL ERRCR HANDLER
    45
    46
     50 /
      / BEGIN USER CODE
    52 /
53 /
    54
   55
55
   57
   59
   60
       ZAHN LOOP - WITH GUARANTEED TERMINATION
   62 /
     / SET LOGP LIMIT COUNTER VARIABLE
          LAC (779.)
   65
   65
67
          DAC #REPTLIS
   68 /
   49 /
79 /
       START LOOP
   71 LB1,
   72
75 /
74 /
          LUGP BODY
   75
     1 EX177
   76
          SKPEU BOCLA, BOOLB
                 / SKP IF FALSE
   77
   79
79
          J-19 E1
                    / EXIT E1
    39
          LUGP HCDY
   81 /
    12 /
15 / EXIT?
```

STEP . TEST LIGH LIMIT COUNTER, (AND EXITE)

```
ISZ REFTLIM
SEP / SKP IF FALSE
 15
  10
             J 10 E2
                              / EXIT F2
  18 /
  10
             LOOP BODY
 00 /
  01 /
       SEPEAT LOOP
  02 /
 95
 06 /
 06 / SITUATION ET
              GUOD EXIT CUCE
 29
                               / LEAVE BLOCK, LOUP
              J'12 L82
100 /
101 /
101 /
102 / SITUATION E2
105 E2,
104 TOO MANY
115 LSZ, / END CF BLOCK, LOOP
130 / END LUOP
178 /
179 / END OF ZAHN LOCP
110 /
111 /
115 /
114 / SELECTIVE CASE STATEMENT
115 /
116 /
117 /
118 / START BLUCK
119 / .WITH .EXITS CA, CB, CC, DF
120 /
122 / EXIT?
123
124
125
              SKPVE VART, VAR2
SKP / SKP
              SKP VART, VARZ
SKP / SKP IF FALSE
JMP CA / EXIT CA
126 /
127 /
128 /
129 / EXIT?
              SKPGT VARZ, (40)
SKP / SKP IF FALSE
JMP CB / EXIT CB
130
131
132 JA
133 /
134 /
135 /
136 / EXIT?
137
              SKPZE YAR3
              SKP
JMP CC
138
                         / SKP IF FALSE
                               / EXTY CC
140 /
141
142 /
143
              JAP DE
                               / EXIT DF
              JAS BEKERR
                                    JON YE CATIXE SAN DAUGHE !
144 /
145 /
146 / SITUATION CA
147 CA.
148 ACTIONA
149 JUP LE3
150 /
151 /
152 / SITUATION C3
153 C9,
              ACTIONA
                                 / LEAVE BLOCK, LOOP
154
              ACTIONS
              JHP LB4
                                 / LEAVE BLOCK, LOOP
156 /
157 /
158 / SITUATION CC
159 CC.
100
              ACTIONO
161
              JHP LBS
                                 / LEAVE BLOCK, LOOP
162 /
163 /
164 / SITUATION OF
165 DF.
155
157 L95,
              DEFAULT
              / END OF BLOCK, LOOP
/ END OF BLOCK, LOOP
/ END OF BLOCK, LOOP
168 194, /
169 193, /
179 / END BLOCK
172 /
175 / END OF SELECTIVE CASE STATEMENT
175 /
170 /
177 /
178 /
179 / INTEGER DRIVEN CASE STATEMENT
140 /
                                                                                                                   figure 3.3 cont'd
132 /
135 / START BLOCK
1 10 / . CASE THTVAL . CF
```

```
SKRGE THTVAL. (1)
- 148
149
                 JHP 1 L36
                                       / TAKE CEFAULT IF 41
                 LAC (ELA6)
                 TCA
TAD (ELB?)
  190
  101
  102
                                         / OFFSET-DEFAULT SO FOR OK
                 TAD INTVAL
 PAX
106 JUP 1 CIPCXR / INDEX REG DESTROYED BY CASE
107 / TABLE OF ACCESSES OF .CITCATIONS
108 L97, JUP LUT? / SHOULD NEVER BE EXECUTED
109 EC1
200 EC1
 105
                 5'14
  217
                 EC3
  NOITENTIES THE PROPERTY OF STURTION 203 LOO, ECO
  203 LBO, ECD
214 / END OF , EXIT , CASE
215 /
  216 /
  217
                 JMS BLKERR
                                          / SHOULD HAVE EXITED BY NOW
 218 /
  210 / SITUATION C1
 211 01,
                 ACTION1
  213
                 JMP LBE
                                     / LEAVE BLCCK, LOOP
  214 /
  215 /
 216 / SITUATION C2
217 C2.
                 ACTION2
  218
                             / LEAVE BLOCK, LOOP
                 JMP LB9
 219 220 /
 221 /
222 / SITUATION C3
223 C3,
                 ACTION3
  224
                                / LEAVE BLCCK, LOOP
  225
                 JMP LB10
 226 /
 228 / SITUATION CD
229 CD.
230 DEFAULT
                 / END OF BLOCK, LOCP
/ END OF BLOCK, LOOP
/ END OF BLOCK, LOOP
  231 LB10,
 231 LBTO, / END OF BLOCK, LOOP
232 LB9, / END CF BLOCK, LOOP
234 / END BLOCK
235 /
236 /
237 / END OF INTEGER DRIVEN CASE STATEMENT
 238 /
 249 /
240 /
241 /
242 / IF-THEN-ELSE
243 / SHOWS UN
244 /
245 /
                  SHOWS UNARY AND BINARY BOOLEAN OPERATORS
 246 /
247 / 1F
                 SKPEQ VAR1, (77)
 248
                 SKP / FALSE - TRY NEXT
JMP LB11+1 / TRUE
SKPLE VAR2, (999.)
  249
 250
251
 251 SKPLE VARZ, (999.)
252 JMP LB12
253 SKP4Z VAR3
254 LB12, / AND IS FALSE
255 LB11, / LB11+1 IF TRUE
256 JMP LB13 / JMP IF FALSE
257 / THEN
               THEY CODE BJDY
  258
  259
                 J'1P L814
  240 / ELSE
 261 6815,
                ELSE CODE BODY
 243 LB14,
264 / EVD OF IF
265 /
  255 /
  247 / END OF IF-THEN-ELSE
 200 /
 270 /
  272 /
  275 /
  274 /
  276 /
  277 1
 239 /
  232 1
  215 / E 10 OF PROG PROGNAME
                                                                                                                                 figure 3.3 cont'd
  234 /
 215 /
216 START
  217
```

117

#### 3.4 LOOP

figure 3.4a

The LOOP is illustrated by lines 7-21 of figure 3.2, and by the flowchart equivalent in figure 3.1. Loops are infinite unless the loop body contains one or more exit statements (section 3.7). When a LOOP is terminated by an exit the program is said to be in a particular situation determined by which exit caused the termination. The occurrence of a particular situation causes the execution of a list of statements, the epilog code, associated with that situation by the <sit name causes> statement. This mechanism facilitates the handling of multiple exits from a LOOP and is called the Zahn construction, see section 3.4.1.

# 3.4.1 The N1 Times Problem

Why does DRIL not use the conventional DO-WHILE and REPEAT-UNTIL statements? To cope with the  $N_2$  times problem [6] and to guarantee termination (section 3.4.2) are the answers. The  $N_2$  times problem is illustrated by figure 3.4. The routine prints a string terminated by '>' on the teletype. To use a DO-WHILE construct would require repetition of the 'get byte' code, figure 3.4a. To overcome this overhead a more general form of loop is required, figure 3.4b. (See section 4 for the DRIL version of this routine.)



Nº Times Problem

# 3.4.2 Proof of Termination of Zahn Loops

In a reliable program, all loops of finite design must be shown to terminate. The only way to guarantee this is to include a maxloop construction, lines 9 and 14 of figure 3.2, which limits the number of iterations performed. This mechanism not only guarantees termination but, with sensible repetition maxima, is a valuable error-checking facility. The teletype printing routine, figure 4.3, shows this reliable loop construction, and SYSLOG had cause to be thankful for it. An amendment to SYSLOG, unrelated to TTYOUT, erroneously set the .ASCII operator to 6-bit instead of 8-bit mode. The end of string

figure 3.4b

was not detected as GTSIGN held an impossible value. Instead of looping infinitely, wearing out the teletype, SYSLOG stopped gracefully after 72 characters and printed out a meaningful error message. The error was spotted immediately because the only way a valid string could cause such an error was by TTYOUT failing to recognise '>'.

The actual SYSLOG version of TTYOUT looked like figure 3.5.



figure 3.5 SYSLOG Loop Construction

Figure 3.5 shows how the general LOOP allows multiple loop exits (impossible with DO-WHILE), but it is inefficient and tedious to follow each loop with a CASE statement to determine the exact cause of termination. The Zahn loop [4,5,6] is a construction in which the CASE statement is made an integral part of the LOOP, forming a loop epilog. The flowcharting symbol '\*' now defines the end of the loop body and the start of the epilog CASE statement, see section 3.10 and figure 3.1. The Zahn loop greatly simplifies the representation of a reliable loop and this encourages its use. DRIL insists on an epilog for every loop. See figure 3.2 for the source code form and figure 3.3 for the FR80 Assembler implementation.

#### 3.5 Block & Case

A block is a list of statements which are executed once. Blocks are simplified loops and must have exit statement(s) and epilog code. A fatal run-time error occurs if control reaches the epilog word. A major use of the conditional block is to program the selective and integer CASE statements. These are shown in lines 26-40 and lines 46-57 respectively in the example program, figure 3.2.

Note the difference between the flowchart of the CASE statement, figure 3.1, which shows the parallel CASE, and the serial selective CASE [3] encoded in lines 26-40. The parallel flowchart forces the complete and mutually exclusive conditions to be specified. The DRIL coding, though efficient, implicitly defines the cases and is more prone to errors of omission and default. This neatly demonstrates the advantage of parallel thinking.

#### 3.6 IF-THEN-ELSE

Although IF-THEN-ELSE is a simple form of the CASE statement, it is implemented specifically because it is such a natural mode of expression. As long as it is not nested, the I-T-E is clean and easy to understand. Nested I-T-Es breed errors and obscurity [3]. They should be replaced by CASE statements whose boolean expressions clearly define the conditions which allow a given action to proceed. The IF-THEN form is not allowed as a failure to appreciate the implied ELSE can lead to errors. Null ELSE clauses must be explicitly coded using the null or ok statements which generate no code but give greater clarity to the source program and encourage exhaustive analysis. See figure 3.2, lines 26-33.

#### 3.7 Exit

The EXIT statement causes loop termination and the execution of its associated epilog code. There are four variants of this statement.

- EXIT <situation name>;
- EXIT <sitname> IFF <boolean exp true>;
- 3. EXIT <sitname> IFF DONE <var> TIMES;
- 4. EXIT CASE <INTVAR> OF <sitname1>, <sitname2>,...DEFAULT <sitname>;

This comprehensive range should encourage the construction of reliable loops whose termination is guaranteed, and of CASE statements with clear and comprehensive boolean expressions governing their actions.

#### 3.8 String

FR80 Assembler directives and statements, including comments, are enclosed by string quotes. The reason for the quotes is that they allow free format input of DRIL programs. The advantages of indenting source statements are well known. Careful use of the space character will produce a neat DRIL source program and a neat object program, see figure 3.1, 3.2, 4.1, 4.2.

# 3.9 DRIL Summary

Figure 3.9 is an informal summary of the present DRIL statements. Reserved words are typed as in Algol but are input as <dot><upper case reserved word>.

```
prog <ID>;
   maxloop <ID>:=<num>;
   loop
       exit <ID>;
       exit <ID> iff <BOOLEXP>;
       exit <ID> iff done <ID> times;
   repeat
       sit <ID> causes <LIST OF STATEMENTS> ends;
   end1;
   '/THIS IS A COMMENT';
   ' LAC VAR / FR80 ASM STATEMENT';
   block with exits <LIST OF IDS>;
      exit case <ID> of <LIST OF IDS> default <ID>;
      null;
      ok;
   epilog
      sit <ID> causes ok; ends;
   endb;
   if <BOOLEXP> then <LIST OF STATEMENTS>
                else <LIST OF STATEMENTS> endi;
endp <ID>;
```

# 3.9.1 DRIL Boolean Operators

binary

unary

gt lt

zero

ge le

nonzero

eg ne

and

or

()

<decimal number> ::= <string of digits>

<octal number> ::= #<string of digits 0-7>

# 3.10 Flowchart Equivalents of DRIL Statements





Zahn loop





#### REFINEMENT

source and abject proposity converse, there 26, 26, 26 of figure A

how every statement and solute has one entry point and one out

time all DRIL loops are John loops, which make error handling and

hew the fire throat of 201h searce progress allows indenturing of

4. TREE-META PRODUCED DRIL TRANSLATOR

# 4.1 Tree-Meta Implementation of DRIL

The DRIL translator is produced by the Tree-Meta compiler-compiler for the reasons given in section 3.1. The Tree-Meta definition of the DRIL language is shown in figure 4.6. This definition is a prototype which is being used to develop DRIL and the cross-compilation system. To date several small programs have been written in DRIL, translated in the ICL 1906A and successfully moved to and run on the FR80. The prototype definition does not take advantage of such Tree-Meta features as semantic checking and object code optimisation. The checking by the FR80 Assembler and sympathetic use of the source language respectively make up for these gaps in the implementation, which can be plugged at a later date. Priority has been given to demonstrating the feasibility of the DRIL philosophy advocated in this paper.

#### 4.2 TTYOUT - A Working Example

TTYOUT is an FR80 routine to print a string of characters on the teletype. Hopefully this example demonstrates all the points mentioned in this paper, and in particular

- 1. the harmony between the Logic Design, figure 4.1, the Physical Construction, figure 4.2, and the DRIL source program, figure 4.3, plus the smooth transition through to the DRIL object program, figures 4.4, 4.5, which should resemble a hand-written program. The smallness of the example makes the Physical Construction seem rather artificial.
- 2. how the refinement in the Logic Diagram is 'folded' to produce the source and object programs' comments, lines 24, 26, 36 of figure 4.3 and lines 98, 100, 122 of figure 4.5.
- 3. that this module is an example of the  $N_2^1$  times problem (section 3.4.1).
- 4. how every statement and module has one entry point and one exit point.
- 5. that all DRIL loops are Zahn loops, which make error handling and proof of termination easy.
- 6. how the number of loop repetitions is governed by lines 12, 22 figure 4.3
- 7. that the loop can be proved to terminate, and hence the module itself can be shown to always exit correctly.
- 8. how the free format of DRIL source programs allows indentation of loop bodies, lines 14-46 of figure 4.3. Compare the source and object programs; see how the free format and the string statement are used to produce a neat object program as well as a clear source program.
- 9. how much clearer is the source program's IF-THEN-ELSE (lines 27-34, figure 4.3) than its assembler equivalent at lines 103-119 of figure 4.5.

- 10. how source comments are passed to the object program.
- 11. how the exit statement and its associated situation are implemented.
- 12. how assembler statements are passed from source to object programs via the string statement.

With the aid of the Tree-Meta manual [9] it should not be too difficult to follow the translation from source (figure 4.3) to object code (figure 4.5) according to the DRIL definition (figure 4.6).

# 4.3 Output from the DRIL Translator

The DRIL translator is run by a George Job Description, parameters to which allow the various output listings to be on paper or microfiche. A large DRIL program can generate over 100 pages of source program, object program (figure 4.4, 4.5), DRIL macros, fatal error handler and current Tree-Meta definition listings, all of which occupies less than half a microfiche. Microfiche are the key to a manageable project history (section 5.2).

The object program file has appended to it the source program, the DRIL macros and fatal error handler in such a format that RET's program [10] can be used to create an FR80 readable magnetic tape with each of these items as a separate file. Creation of such a tape is parametrically controlled in the Job Description.



figure 4.1 TTYOUT Logic Diagram



figure 4.2 TTYOUT Physical Construction

EDECT THE CONTRACTOR OF THE CO

IGSIN21.TTYOUT

67 68 69

20

.ENDP TTYCUT;

民国社会社会工作的证据,这个证明,这个证明,我们是这个证明,我们是这个证明,我们会对证明的证明,这一个证明的证明的证明,我们是这种知识,我们的证明的证明,我们可以证明的证明的证明,我们可以证明的证明,我们可以证明的证明, #LISTING OF :GSINZ1.TTYOUT(9/) PRODUCED ON 17NOV75 AT 15.42.23 RECUTPUT ON SRC 64 GR32VA UNIT U14 BY JOB ":GSIN21.TTYOUT" ON 15NOV75 AT 21.13.28 DOCUMENT TUCVYT O .PROG TTYOUT: 1/ ROUTINE TO PRINT STRING ON TTY': // STRING DELAMINATED BA 1976.;
// STRING DELAMINATED BA 1976.; 6 1/ INVALID CHARS PRINTED AS ? "; 9 'TTYQUT, XX / ROUTINE ENTRY POINT': 11 1/ LOOP THRU THE BUFFER, MAX 73 SO NOT OFF END OF LINE'S 12 .MAX[00P MAX73 1= 73; 13 .LOOP 14 .WITH .EXITS EOSTR.TMNY: "/ GET BYTE"; LAC I TBUFF'; 17 18 19 .EXIT EOSTR . IFF BYTE . EQ GTSIGNI 21 TRANTT. ETXAM SHOOT TREE YMMT TIKES. 22 23 24 25 26 27 "/ PRINT BYTE": '/ CHECK VALID CHAR': .IF (BYTE .GT #177) .OR (BYTE .LT 0) 28 29 30 .THEN . CHANGE TO ? .: LAC QHARK : DAC BYTE : 31 32 33 34 . ELSE .ENDI; 35 '/ PRINT ON TTY'; LAC BYTE'; TLS'; 36 37 TTYOUT DRIL Source figure 4.3 38 Prog Listing 39 40 41 "/ SUSPEND UNTIL I/O FINISHED"; . 42 43 44 JMP .-1'; .-'/ STEP POINTER'; . ISZ TBUFF': 45 46 47 48 .REPEAT .SIT EOSTR .CAUSES .OK; .ENDS; .SIT TMNY .CAUSES ' JMS TOOLNG'; .ENDS; 49 50 .ENDL: 51 53 1 / EXIT TO CALLER': JMP I TTYOUT 54 55 56 57 "/ LOCAL STORAGE"; \$ . 0 : 58 BYTE GTSIGN. .ASCII/>/ ': I GMRK. .ASCII/?/ 1; 60 61 62 '/ GLOBAL REFERENCES';
'/ TBUFF - POINTS TO START OF STRING, CHANGED BY THIS ROUTINE';
'/ TOOLNG - PRINTS ERROR MESSAGE, LINE TOO LONG'; 66 65



figure 4.4 TTYOUT DRIL Object Prog Physical Construction

```
IGSIN21. TTYOUT
                                                                                                            RENNINGREENERE STEENE VERTON VE
                                                                                                            #LISTING OF 1651N21.TTYOUT09J(17/) PRODUCED ON 18NOV75 AT 21.06.52
SOUTPUT OF SRC 68 G832V8 UNIT U14 BY JOB ":GS1821.1TYOUT" ON 1880V75 BT 21.13.36
DOCUMENT
                   TTYOUTOBJ
                                                OBJECT TTYOUT
          O /OBJ:ORIL TIYOUT
          3 /
              Q
         10 /
                     Dali MACRO DEFINITIONS .
        12 .INSERT ROS: DRIL MACRUS
                     END OF DRIL MACROS
         94 /
        16
             19
        20
        21
         23
        24
25
             26 /
27 / DRIL FATAL ERROR HANDLER
         28
         29
             / INSERT FATAL ERFOR HANDLER CODE .INSERT ROB; DRIL FATAL
         30
         31
         32
         33
             / FATAL ERRORS ARE:-
         34
         35
                                                                                                            figure 4.5
                                                                                                                                           TTYOUT DRIL Object Prog
        37 / FAILUFE TO EXIT FROM BLOCK
                                                                                                                                           Listing
                               FATAL (DRIL) - HIT BLOCK BOTTOM AT = , BLKERR
         38
              BLKERR.
         40
        41 /
         42
         43
             / END OF FATAL ERROR HANDLER
         44
        45 /
         47
              48
        49
         51 / BEGIN USER CODE
        52 /
53 /
        54 /
55 / ROUTINE TO PRINT STRING ON TTY
         56 / STRING POINTED TO BY TBUFF
         57 / STRING TERMINATED BY >
        58 / ONE CHAP PER WORD
59 / INVALID CHARS PRINTED AS ?
         60
        61
        62 TTYOUT, XX
                                        / ROUTINE ENTRY POINT
         63 /
         64 / LGOP THRU THE BUFFER, MAX 73 SO NOT OFF END OF LINE
        65 /
         67 / SET LOOP LIMIT COUNTER VARIABLE
        68
                        LAC (73.)
TC4
        70
                        DAC #MAX73
        71 /
72 /
73 / STAPT LOOP
         74 181,
                          .WITH .EXITS EOSTR: TMNY
        75 / .WIT
76 /
77 / GET BYTE
        78
79
                        LAC I TBUFF
DAC BYTE
         AO
         91
         42
         85 / EXIT?
```

- 36 -

SKOFO BYTE, GTS16N

SYP / SKP IF FALSE

85

```
87 /
88 /
  P9 /
 90 /
91 / EXIT?
         STEP + TEST LOOP LIMIT COUNTER. (AND EXITT)
 02 /
             ISZ MAX73
SKP / SKP IF FALSE
 04
                                / EXIT THNY
 96 /
              JHP THYY
 97 /
98 / PRINT SYTE
09 /
100 / CHECK VALID CHAR
102 /
103 / 1F
104
              SKPGT SYTE, (177)
              SKP / FALSE - TRY NEXT
JMP LB2+1 / TRUE
105
106
             SKPLT BYTE,(0.)

/ LB2+1 IF TRUE
JMP LB3 / JMP IF FALSE
107
108 182.
109
110 / THEN
111 / CHANGE TO 7
112 LAC QMARK
113 DAC BYTE
112 LAC 0/
113 DAC B/
114 JMP LT
115 / ELSE
116 LE3,
117 / OK,NI
118 LB4,
119 / END OF IF
120 /
              JMP LB4
               OK, NULL STATEMENT
121 /
122 / PRINT ON TTY
123 LAC BYTE
124 TLS
125 /
126 / SUSPEND UNTIL 1/O FINISHED
127 TSF
128
              JMP . - 1
130 / STEP POINTER
131
              ISZ TBUFF
132
              NOD
135 /
136 / REPEAT LOOP
137
            JMP L81
139 /
140 / SITUATION EOSTR
141 EOSTR.
142 / OK, NULL STATEMENT
143 JMP LB5 -/ LEAV
                          ./ LEAVE BLOCK, LOOP
144 /
145 /
146 / SITUATION TMNY
147 TMNY,
148 JMS TOOLNG
149 LB5, / END OF BLOCK, LOOP
150 / END LOOP
151 /
152 /
153
             JMP I TTYOUT / EXIT TO CALLER
154 /
155 /
156 /
157 / LOCAL STORAGE
158 BYTE,
                0
                    .ASCII/>/
159 GTSIGN,
160 QMRK,
                    .ASC11/7/
161 /
162 /
143 / GLOBAL REFERENCES
164 / TBUFF - POINTS TO START OF STRING, CHANGED BY THIS ROUTINE
165 / TOOLNG - PRINTS ERROR MESSAGE, LINE TOO LONG
166 /
167 /
168 /
169 /
170 /
171 CONSTANTS VARIABLES
172 /
173 /
174 / END USEP CODE
175 /
176 /
177 /
                                                                                                              figure 4.5 cont'd
179 / END OF PROG TTYOUT
180 /
183 /SRC; DRIL TYOUT SOURCE TTYOUT
184 /
185 /
TRA . PROG TTYCUT:
187 /
188 1/ ROUTINE TO PRINT STRING ON TTY*:
```

- 37 -

```
145 1/ STRING PRINTED DO BY PRUFF'S
191 1/ ONE CHAR PER WORD!!
 102 1/ INVALID CHARS PRINTED AS 7 "1
 193 /
 104 /
 195 ITTYOUT, XX / ROUTINE ENTRY POINTS!
195 /
197 1/ LGOP THRU THE BUFFER, MAX 73 SO NOT OFF END OF LINE*1
 108 . MAXLOOP NAX73 := 73:
100 .1008
200
              . WITH . EXITS EOSTR. TMNY:
201 /
              '/ GET BYTE';
202
              LAC 1 TOUFF';
DAC BYTE';
203 1
204 .
205 /
              .EXIT EOSTR . IFF BYTE . EO GYSIGN;
207 /
208
              .EXIT TMYY . IFF . DONE MAX73 . TIMES:
209 /
210
              "/ PRINT BYTE";
211 /
              '/ CHECK VALID CHAR';
.IF (BYTE .GT #177) .OR (BYTE .LT 0)
212
213
                 THEN '/ CHANGE TO 7 ':
215
                  LAC GMARK';
DAC BYTE';
216
217
                 .ELSE
2:8
219
             .ENDI;
220
221 /
             "/ PRINT ON TIY";
224 1
              TLS";
             '/ SUSPEND UNTIL I/O FINISHED'; TSF';
226
227 1
              JMP .-1';
558 ,
229 /
              1/ STEP POINTER1;
231 1
              ISZ TBUFF';
232 1
233 /
234 .REPEAT
235 .SI
         SIT EOSTR .CAUSES .QK; .ENDS;
                                    AMS TOOLNG': .ENDS:
235
237 .ENDL;
238 /
239 ·
           JMP I TYYOUT / EXIT TO CALLER';
240 /
240 /
241 /
242 /
243 <sup>3</sup>/ LOCAL STORAGE<sup>4</sup>:
18YTE. 0<sup>1</sup>:
          GTSIGN.
                         .ASCII/>/ ";
245
245
           · QMRK.
                          .ASCII/?/ ";
247
248./
249 '/ GLOBAL REFERENCES';
250 '/ TBUFF - POINTS TO START OF STRING, CHANGED BY THIS ROUTINE';
251 '/ TOOLING - PRINTS ERROR MESSAGE, LINE TOO LONG';
252 /
253 /
254 .ENDP TTYOUT:
255 /
256 ****
257 /
258 START
259 /RCB; DRIL MACROS
260 /
261 /
267 / Dail Macro Definitions
263 /
264 / 265 / COMPUTE A-8
246 .DEF MINUS 4,8
247 LAC B
268
            TCA
            TAD A
270 :TERM
271 /
272 /
273 / SKIP IF A>8
274 .DEF SKRGT 4,8
275 MINUS 4,8
276
            SPA I SNA
283
            SPA
284 .TERM
285 /
286 /
                                                                                                     figure 4.5 cont'd
287 / SYIP 15 A#8
288 .085 SYDEQ A.B
289 LAC A
```

```
201 SKP
202 TERM
203 /
204 /
205 / SKIP IF A=2680
206 .06F SKPZE A
207 LAC A
204 TERM
300 /
301 /
302 / SKIP IF A NONZERO
303 .DEF SKPNZ A
304 LAC A
305 SNA
306 .TERM
307 /
308 /
309 / SKIP IF A NE B
310 .DEF SKPNE A,B
311 LAC A
312 SAD B
313 .TERM
314 /
315 /
316 / SKIP IF A NE B
317 .DEF SKPLE A,B
318 MINUS A,B
319 SMA I SZA
320 .TERM
321 /
322 /
323 / SKIP IF A NE
324 .DEF SKPLT A,B
325 MINUS A,B
326 SMA
327 .TERM
328 /
329 /
330 / END DRIL MACROS
331 /
332 START
```

NUNGERUN NUNGEN NUNGEN NUNGEN NUNGEREN NUNGEN NUNGE

figure 4.5 cont'd

```
:GSIN21.TIYOUT
```

```
#LISTING OF IGSIN21, TRNOEF(R/) PRODUCED ON 18NOV75 AT 16.27.59
              UNIT U14 BY JOB ":GSINZ1.TTYOUT" ON 18NOV75 AT 21.14.08
FOUTPUT ON SRC 64 G932V8
DOCUMENT
      TRYDER
```

```
O . META DRIL
   DRIL * '.POG' .ID ':' :FNAMc(:) * STNAT * S ( SINAT * ) '.ENANC(:) * ; '.ENANC(:) * ;
 9 STENT * ( LOOPS / BLCKS / IFTES / FREDS / NULLS / O EXITS / SITUS / UNTLS / HAXLS ; '1';
12
14 LISTS = STHAT ( LISTS :LISTCE2] / .EMPTY :LISTCE1) ;
18 MAXLS = '.MAXLOOP'
                        .ID ": # PRIMS :MAXEC(2) ;
20
21
22 LOOPS = 1.LOOP
               LISTS
23
24
            . REPEAT
           EPILS
26
27
           : LOOPS[2] :
31 EPILS = STMNT ( EPILS : EPILC(2) / . EMPTY : EPILC(1) ;
35 SITUS = ".SIT" .ID ".CAUSES" LISTS ".ENDS"
                                                    :SITUCIZI :
36
37
38
39 BLCKS = '.BLOCK'
40
               LISTS
                                                                                  TREE-META Definition
                                                               figure 4.6
            .EPILOG .
42
           EPILS
                                                                                   of DRIL
44
            :BLCKC[2] :
45
46
48 IFTES # '.IF' SEXPS '.THEY' LISTS '.ELSE' LISTS '.ENDI' :IFTEC(3) :
50 BEXPS = BANDS ( '.OP' BEXPS ':BEXPC(2) / .EMPTY :BEXPC(1) ) :
52 BANDS = CONDS ( '.AND' CONDS :BANDC(2) / .EMPTY :BANDC(1) ) :
54 CONDS = ( PRIMS ( 1.67 PRIMS
                                    ** GT
                                            :SKPTC[3] /
                                    11GE1
                       .GE PRIMS
55
                                            :SXPTC[3] /
55
                       . EQ! PRIMS
                                            :5KPTC[3]
                       . NE PRIMS
57
                                            :SKPTC[3] /
                                    PINET
                                                                            . :
                                    PILET
59
                        LT POIMS
                                    + FLT F
                                            :SKPTC[3]
50
                       ZERO*
                                            ISKPZE[1] /
           . NONZESO.
61
                                            13XPNZ[1] ) /
                           : BEXPC[1] ) :
64 PRIMS # ( . 10
                         : IDENC[1]
                         : DNUMCE11
               NUM
45
              MUM. PR
                        :ONUMC[1]
67
4.9
70 FR80s # .SR :FR80C[1];
73
74 NULLS = ( '.NULL' / '.OK' ) ↑ 'OK, NULL STATEMENT' :NULLC[1]
76
78 EXITS = '.EXIT'
            ( .ID ( ".1FF" ( ".DOME" .ID ".TIMES" IDOMECTED IEXITC(2) /
                            BEXPS (EXITC(2) ) /
80
                     YTAMB.
81
82
               / ECASS : EXITC(1) ) 1
HE CASS # 1.CASE! .ID 1.GF! SITIS 1.DEFAULT .ID (ECASC(3));
```

```
AR SITES # . 10 ( '. SITES ESITECTE / . EMPTY ESITECTED )
91
 OZ UNTLS " ( ".UNTIL" / ".WITH" ".EXITS" ) ELSTS
43
95
96 ELSTS * .10 ( 1,1 ELSTS | FLSTC[2] / .EMPTY | ELSTC[1] ) ;
28
99
100
101
102
103
104
105
106
                 "> 1/08J; DR1L * +1 1
                                        OBJECT * +1 X X %
107 PNAMC[-]
                   MACROLI
109
                   FATAL[]
110
111
112 MACRO/
                *> X X X X
113
                   114
115
                       DRIL MACRO DEFINITIONS
                   X X
*.INSERT ROB; DEIL MACROS*
116
117
118
                        END OF DRIL MACROS
119
                   120
121
122
123
124
125
126 FATAL
               /=> X X X
127
                   X X X '' DRIL FATAL ERROR HANDLER'
128
129
130
                   X X X
                      INSERT FATAL ERROR HANDLER CODE * %
131
132
133
                   1.1NSERT ROB; DRIL FATAL X
                   1/ FATAL ERRORS ARE:- 1 %
134
                   X X '/ FAILURE TO EXIT FROM BLOCK' X
136
137
                   *BLKERR, FATAL (DRIL)-HIT BLOCK BOYTOM AT=, BLKERR * %
                   % % % % % * PATAL ERROR HANDLER*
139
                   141
142
143
                   X X X X '/ BEGIN USER CODE' X X X
144
145
146
                => X X X
CONSTANTS VARIABLES*
148 ENAMC [-]
149
150
151
                   % % % "/ END USER CODE' % % % % % "/ END OF PROG ' *1 % % % "START' %
152
153
154
                   */SRC: DRIL * +1 *
                                       SOURCE .
155
156
157
159 LISTC[-,-]
                => +1 +2
        [-1
160
                => +1 ;
161
142
163
164 MAXICE - . - 1
                      SET LOOP LIMIT COUNTER VARIA
LAC * +2 %
TCA* %
166
                          TCA * * # +1
147
168
149
170
                => % % "/ START LOOP" %
171 LOOPC[-,-]
173
                   X X 1/ REPEAT LOCP' X
174
176
                   */ END LOOP' * * ;
178
179 EPILC[-,-]
                          JMP ' #1
                                            / LEAVE BLOCK . LOOP' X
                                                                              figure 4.6 cont'd
181
152
                                   / END OF BLOCK, LOOP &
183
         [-]
                4>
                   . 1
185
                *> % % '/ SITUATION ' 41 %
187 $1700(-,-1
```

```
100
101
192
103 B; CKC[=, +]
                                              x> X X "/ START SLOCK" X
194
                                                                                                                   / SHOULD HAVE EXITED BY NOW &
                                                                        JMS BLYERR
105
196
 197
                                                       . \ END BFOCK, # # :
108
199
200 1FTEC(-.-.-) *> X X */ 1F * X
                                                     *1
202
                                                                          JRP 1 #1 1
                                                                                                                          / JMP IF FALSE' X
204
                                                       */ THEN " %
                                                       * 2
                                                                          JMP " #2 %
 206
                                                       "/ ELSE" %
 207
 2.08
                                                      #1
200
                                                      + 3
                                                       "/ END OF IF" % % ;
212
213
215
216 SEXPC[-,-]
                                              2> 41
                                                                         218
                                                      42
220
                                                                            . / * #1 *+5 IF TRUE * %
                                              #1
#> e1 ;
                        [-]
222
223
224
225 BANDC[-,-]
                                                                         JMP * 81 *
                                                                                                                          / JMP IF FALSE! M
559
227
                                                      +2
                                                                                                 / .AND IS FALSE! X
229
                       [-]
                                              E> +1 ;
230
231 SXPTC[-,-,-] =>
                                                                          SKP 43. 1 1 61 1,1 42 X ;
.232
233 SKPZE[-1
234
                                                                         SKPZE *
                                              => 1
                                                                                                 +1
                                                                                                          *
235 SKPNZ[-]
                                                                          SKPNZ .
                                                                                                # 1
236
237 [DENC[-]
238
239 DNUMC[-]
                                               => 1(1
                                                                 * 1
                                                                           2,)1 ;
240
 241 ONUMCE-1
                                                                                 131 1
243
244
245 FR80C[-]
                                               => +1 % ;
245
 248
                                              => % % '/ EXIT?' %
249 EXITC[-,-]
250
                                                      *2
251
                        SKP / SKP IF FALSE # | SKP | SKP IF FALSE # | SKP | SKP IF FALSE # | SKP | SKP IF FALSE # |
 252
253
254
255 [-] => ' JMP ' .

256

257 ECASC[-,-,-] => % % '/ .CASE ' .SKPGE '
                                                                                               #1 ' .OF'
                                                                         .UASE ' +1 '.OF'

SKPGE ' +1 '.(1)'

JMP I ' #2 '

LAC (S' #2 ')' %

TCA' %
                                                                                                                                 %
258
259
                                                                                                                             / TAKE DEFAULT IF <1"
260
261
                                                                         TAD (5' #1 ')'
TAD (5' #1 ')'
TAD ' •1 '
SMA' X
JMP I ' #2 '
PAX' Y
 242
                                                                                                                         X / OFFSET-DEFAULT CO FOR OK X
264
                                                                                                                              / TAKE DEFAULT >= G *
                                                       * JMP I DIPCKE' / INDEX
*/ TABLE OF ADDRESSES OF .SITUATIONS:
#1 ', JMP ' #1 ' / SHOULD N
247
268
                                                                                                                                          / INDEX REG DESTROYED BY CASE: X
 269
                                                                                                                                  / SHOULD NEVER BE EXECUTED!
 270
                                                       */ DEFAULT .SITUATION' %
                                                       #2 ', $' +3 %
'/ END OF .EXIT .CASE' X
274
276
277 DONECT-1
                                              => '/ STEP + TEST LOOP LIMIT COUNTER, (AND EXITY)' % ' 137' ' 1 %
 278
279
 220
 281
282
 283 SITLC[-,-]
                                               E> 1
                                                                          5 41 X
                                                                                                                                                                                                                      figure 4.6 cont'd
                                              => 1
 244
                         f - 1
                                                                                 45 X 1
 285
 236
 797
 288
289 UNTLCE-1
                                               x> +/
                                                                                            . EX1751 +1 :
```

42 1

figure 4.6 cont'd

5. PROGRAMMING STYLE AND STANDARDS

## 5.1 Discussion

Style is still a major ingredient in programs because they are written by individuals. A clear, consistent style facilitates third party understanding and reliability. It is worth bearing in mind that the third party often referred to in this paper is likely to be the program's creator ten weeks after the code has been written!

A programmer's style includes his methods and his assumptions. When more than one individual works on a project these methods and assumptions must be shared by all. This is the point where a 'style' must become a 'standard' if consistency is to be maintained. Only when a good style has been developed should it be used widely and evolve into a standard. Standards should be a welcome feature of a project, being formal and helpful statements of good points, not millstones.

To help the author, and anyone else who gets involved with DRIVER, section 5.2 outlines those practices which are currently 'common law'. They form the nucleus of an evolving set of DRIVER standards. Section 5.3 is based on a book called 'The Elements of Programming Style' [1]. If the reader has any good tips to add to this list then RWW will be pleased to receive them. Hopefully the differences and similarities between 5.2 and 5.3 show the evolution from style to standards. Programming is still a craft [11]; let us encourage craftsmanship.

## 5.2 DRIVER Standards

- 1. A Project History must be kept.
  Use microfiche as much as possible.
- 2. A Project Diary must be kept as part of the Project History.
- 3. All design must be by SWR, and documented by 3-D flowcharts. All design decisions must be recorded in the Project History.
- 4. All code must be written in DRIL directly from the 3-D flowchart. No program is to be patched at the assembler or binary level.
- 5. Code and flowcharts (logical and physical) must maintain their exact correspondence. Amend all three simultaneously.
- 6. Flowchart refinement must be 'folded' to form source comments.
- 7. All current versions of programs must have a complete set of listings filed in the Project History. The set must include source, object, DRIL definition, FR80 listing assembler and cross-reference listings, preferably on microfiche.
- 8. All modules must have a single entry point and a single exit point.
- 9. All modules must declare, as comment, those global variables referenced within, and what happens to them.

- 10. Data, both local and global must be physically separate from the code, because of overlaying activity.
- 11. All code must be pure, again because of overlaying.
- 12. All modules must be proven to always exit whenever they are entered; therefore all loops must terminate. Prove as much as possible about the module's behaviour document the assumptions.
- 13. All tests must be planned. The plan and results must be filed in the Project History.
- 14. Construction and testing must be by the top-down, program stub method. No test beds.
- 15. Write down 'the little things'. File them in the Project History so they are not forgotten.
- 16. All modules must be designed down to the last detail before coding commences. Good detailed design is good engineering.

## 5.3 Style

- 1. Always aim for simplicity, clarity and reliability. Gain efficiency by good design not by 'tricky' coding. Avoid the temptation to make irrelevant local optimisations. Instrument the program, determine the bottlenecks, then remove them 'hygenically'.
- 2. Do not be afraid to build a prototype module to gain an understanding of the problem. Learn from it, scrap it and then build the production module.
- 3. Design and re-design, rather than code and re-code. 'Polish' the module as an author improves a paragraph. Bad programs are easy to create; good programs are hard work.
- 4. Write your program as though it were going to be compiled and tested by a complete stranger.
- 5. Write clearly, don't be too clever.
- 6. Say what you mean, simply and directly.
- 7. Use library functions.
- 8. Avoid temporary variables.
- 9. Write clearly don't sacrifice clarity for 'efficiency'.
- 10. Let the machine do the dirty work.
- 11. Replace repetitive expressions by calls to a common function.
- 12. Parenthesize to avoid ambiguity.
- 13. Choose variable names that won't be confused.

- 14. Avoid unnecessary branches.
- 15. Don't use conditional branches as a substitute for a logical expression.
- 16. If a logical expression is hard to understand, try transforming it.
- 17. Use data arrays to avoid repetitive control sequences.
- 18. Choose a data representation that makes the program simple.
- 19. Write first in an easy-to-understand pseudo-language; then translate into whatever language you have to use ie 3-D flowcharts → DRIL → FR80 ASM.
- 20. Use CASE to implement multi-way branches.
- 21. Modularize. Use subroutines.
- 22. Do not nest IF-THEN-ELSE, use a CASE.
- 23. Use GOTOs only to implement a fundamental structure such as LOOP.
- 24. Avoid GOTOs completely if you can keep the program readable.
- 25. Don't patch bad code rewrite it.
- 26. Write and test a big program in small pieces. Plan the test. Top-down stubs method.
- 27. Use recursive procedures for recursively-defined data structures.
- 28. Test input for plausibility and validity.
- 29. Make sure input doesn't violate the limits of the program.
- 30. Terminate input by end-of-file or marker, not by count.
- 31. Identify bad input; recover if possible.
- 32. Make input easy to prepare and output self-explanatory.
- 33. Use uniform input formats.
- 34. Make input easy to proofread.
- 35. Use free-form input when possible.
- 36. Use self-identifying input. Allow defaults, Echo both on output.
- 37. Make sure all variables are initialized before use by executable code.
- 38. Don't stop at one bug.
- 39. Use debugging compilers.
- 40. Initialize constants with DATA statements or INITIAL attributes; initialize variables with executable code.

- 41. Watch out for off-by-one errors.
- 42. Take care to branch the right way on equality.
- 43. Prove loop termination.
- 44. Make sure your code 'does nothing' gracefully.
- 45. Test programs at their boundary values.
- 46. Check some answers by hand.
- 47. 10.0 times 0.1 is hardly ever 1.0.
- 48. Don't compare floating point numbers solely for equality.
  - 49. Make it right before you make it faster.
  - 50. Make it fail-safe before you make it faster.
  - 51. Make it clear before you make it faster.
  - 52. Don't sacrifice clarity for small gains in 'efficiency'.
  - 53. Let your compiler do the simple optimizations.
  - 54. Don't strain to re-use code; reorganise instead.
  - 55. Make sure special cases are truly special.
  - 56. Keep it simple to make it faster.
  - 57. Don't diddle code to make it faster find a better algorithm.
  - 58. Instrument your programs. Measure before making 'efficiency' changes.
  - 59. Make sure comments and code agree. Fold 3-D comment hierarchy into program source code.
  - 60. Don't just echo the code with comments make every comment count.
  - 61. Don't comment bad code rewrite it.
  - 62. Use variable names that mean something.
  - 63. Use statement labels that mean something.
  - 64. Format a program to help the reader understand it.
  - 65. Document your data layouts.
  - 66. Don't over-comment.
  - 67. Make sure every loop always terminates.
  - 68. Prove termination of program.
  - 69. Loops should have only one entry and one entry point.
  - 70. Modules should have only one entry and one entry point.

- 6. REFERENCES
- I. KERNIGHAN, PLAUSER
  Elements of Programming Style
  McGraw Hill
- 2. DONZEAU-GOUGE et al A Structure-oriented Program Editor International Computing Symposium 1975 ed Potier
- 3. WEINBERG et al IF-THEN-ELSE Considered Harmful Sigplan August 1975
- 4. ZAHN
  A Control Statement for Natural Top Down Structured Programming.
  Lecture Notes in Computer Science
  Vol 19 Paris 1974 ed Goos, Hartmanis
- 5. KNUTH, ZAHN
  Ill Chosen Use of 'Event'
  CACM Vol 18 No 6 June 75
- 6. KNUTH
  Structured Programming with goto Statements
  Computing Surveys Vol 6 No 4 Dec 74
- 7. DIJKSTRA, DAHL, HOARE
  Structured Programming
  Academic Press 72
- 8. FR80 Discussion Paper 15, paragraph 1.9
- 9. HOPGOOD
  The 1906A Tree-Meta Manual
  ACL
- 10. FR80 Technical Paper 14
- 11. DIJKSTRA EWD469
- BURROUGHS CORP
  B6700 CANDE Manual