Lecture 18 March 29, 2011 Formal Methods 3 CS 315 Spring 2011 1 Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson)

Slides:



Advertisements
Similar presentations
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
This research is funded in part the U. S. National Science Foundation grant CCR DEET for Component-Based Software Murali Sitaraman, Durga P. Gandi.
Computer Science CPSC 322 Lecture 25 Top Down Proof Procedure (Ch 5.2.2)
A complete citation, notecard, and outlining tool
Computer Science School of Computing Clemson University Introduction to Mathematical Reasoning Jason Hallstrom and Murali Sitaraman Clemson University.
School of Computing Clemson University Mathematical Reasoning  Goal: To prove correctness  Method: Use a reasoning table  Prove correctness on all valid.
Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 5: Process Synchronization.
This research has been funded in part by grants from the U. S. National Science Foundation for the past 20 years. Towards Verified Software: Research and.
Data Structures and Algorithms Data Structures and Algorithms (CS210/ESO207/ESO211) Lecture 12 Application of Stack and Queues Application of Stack and.
CS 206 Introduction to Computer Science II 03 / 06 / 2009 Instructor: Michael Eckmann.
1 Verifying Architecture Jaein Jeong Johnathon Jamison This presentation will probably involve audience discussion, which will create action items. Use.
Queues. From last time: Java's built-in java.util.Stack class Consider the javadoc for Java’s built-in java.util.Stack class (
CSE 143 Lecture 7 Stacks and Queues reading: Stuart Reges notes on website slides created by Marty Stepp
CS 206 Introduction to Computer Science II 10 / 28 / 2009 Instructor: Michael Eckmann.
Computer Science School of Computing Clemson University Mathematical Modeling Murali Sitaraman Clemson University.
Building Java Programs
Creating FrontPage Tasks The task view allows you to add information about what you want to accomplish when creating your Web site.
Mathematics throughout the CS Curriculum Support by NSF #
Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Murali Sitaraman
CSE 143 Lecture 7 Stacks and Queues reading: "Appendix Q" (see course website) slides created by Marty Stepp and Hélène Martin
Computer Science School of Computing Clemson University Specification and Reasoning in SE Projects Using a Web IDE Charles T. Cook (Clemson) Svetlana V.
Towers of Hanoi. Introduction This problem is discussed in many maths texts, And in computer science an AI as an illustration of recursion and problem.
Computer Science School of Computing Clemson University Mathematical Reasoning across the Curriculum Software Development Foundations and Software Engineering.
RMIT University; Taylor's College1 Lecture 6  To apply the Principle of Mathematical Induction  To solve the Towers of Hanoi puzzle  To define a recurrence.
Lecture 16 March 22, 2011 Formal Methods CS 315 Spring Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson)
Reading and Writing Mathematical Proofs
CSE 143 Lecture 5 Stacks and Queues slides created by Marty Stepp
Mark Dixon 1 22 – Web applications: Writing data to Databases using ASP.Net.
Lecture 17 March 24, 2011 Formal Methods 2 CS 315 Spring Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson)
Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Joseph E. Hollingsworth
Reasoning about programs March CSE 403, Winter 2011, Brun.
Stacks and Queues. 2 3 Runtime Efficiency efficiency: measure of computing resources used by code. can be relative to speed (time), memory (space), etc.
1 CSC/ECE 517 Fall 2010 Lec. 3 Overview of Eclipse Lectures Lecture 2 “Lecture 0” Lecture 3 1.Overview 2.Installing and Running 3.Building and Running.
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
This research is funded in part by grant CCR from the U. S. National Science Foundation. Profiles: A Compositional Mechanism for Performance Specification.
1 Performance Specifications Based upon Complete Profiles Joan Krone William F. Ogden Murali Sitaraman.
Updated on: September 4, 2010 CIS67 Foundations for Creating Web Pages Professor Al Fichera.
Class Builder Tutorial Presented By- Amit Singh & Sylendra Prasad.
What is Voice Thread? VoiceThread is an application that runs inside your web browser, so there is no software to download, install, or update. VoiceThread.
C++ LANGUAGE TUTORIAL LESSON 1 –WRITING YOUR FIRST PROGRAM.
Week 10: Loop Invariants, Code correctness Jimmy Voss Disclaimer: Some material may have been borrowed from both the Official Course slides as well as.
Word Create a basic TOC. Course contents Overview: table of contents basics Lesson 1: About tables of contents Lesson 2: Format your table of contents.
Computer Science School of Computing Clemson University Mathematical Reasoning with Objects.
Loop Invariants and Binary Search Chapter 4.4, 5.1.
Integrating Math Units and Proof Checking for Specification and Verification SAVCBS Workshop 2008 SIGSOFT 2008 / FSE 16 November 9th, 2008 Hampton Smith.
CORRECTNESS ISSUES AND LOOP INVARIANTS Lecture 8 CS2110 – Fall 2014.
Computer Science School of Computing Clemson University Reasoning with Queues and Web Interface Demo.
Stacks and Queues. 2 Abstract Data Types (ADTs) abstract data type (ADT): A specification of a collection of data and the operations that can be performed.
Modular Alternatives to Testing
Stacks and Queues.
Component Implementations Using RESOLVE
Formal Specification of Java Interfaces
T_C_N_L_G_ E D I D I E O Y O H I E B J I R E A A W.
Stacks and Queues.
i206: Lecture 11: Stacks, Queues
Stacks and Queues.
Introduction to Components and Specifications Using RESOLVE
Performance Specifications Based upon Complete Profiles
Building Java Programs
Building Java Programs
Formal Specification of Interfaces
Stacks and Queues CLRS, Section 10.1.
Introduction to Components and Specifications Using RESOLVE
Mathematical Reasoning
More Mathematical Reasoning (Conditional Statements)
Mathematical Reasoning with Data Abstractions
Stacks and Queues.
Formal Methods Lecture 16 March 22, 2011 CS 315 Spring 2011
Presentation transcript:

Lecture 18 March 29, 2011 Formal Methods 3 CS 315 Spring Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson)

Example Specification Operation Do_Nothing (restores S: Stack) Goal: Same as ensures S = #S Code: (Same as S.Push(S.Pop()) in Java) Procedure Do_Nothing (restores S: Stack) Var E: Entry Pop(E,S); Push(E,S); end Do_Nothing; CS 315 Spring

Exercise: Complete Table and Prove AssumeConfirm 0…… Pop(E, S); 1…… Push(E, S); 2…… CS 315 Spring Not Yet …

General Stack Template Specification Instead of IntStacks, we will use general stacks for this example reasoning Suppose Stack_Template is parameterized by type Entry and Integer Max_Depth Mathematical Modeling Type Stack is modeled by Str(Entry); exemplar S; constraints |S| <= Max_Depth; initialization ensures S = empty_string CS 315 Spring

Specification of Stack Operations Operation Push (alters E: Entry; updates S: Stack) requires |S| < Max_Depth; ensures S = o #S; Operation Pop (replaces R: Entry; updates S: Stack) requires |S| > 0; ensures #S = o S; Operation Depth (restores S: Stack): Integer ensures Depth = |S|; CS 315 Spring

Exercise: Complete Table and Prove AssumeConfirm 0…… Pop(E, S); 1…… Push(E, S); 2…… CS 315 Spring

Exercise: Complete Table and Prove AssumeConfirm 0…|S0| > 0 Pop(E, S); 1S0 = o S1|S1| < Max_Depth Push(E, S); 2S2 = o S1S2 = S0 CS 315 Spring Answers

Discussion Can you explain why there are three confirm assertions? Is the code Correct? If not, fix it! Two options for the Fix: Rewrite the code with an “if” statement Add the following clause to Do_Nothing requires |S| > 0; CS 315 Spring

Key Ideas Reasoning table can be filled out mechanically Can be done automatically by a computer Principles of reasoning about all objects and operations are the same Need mathematical models and specifications CS 315 Spring

Automated Reasoning The assume and confirm assertions we wrote in the table can be generated automatically Each confirm assertion becomes a “goal” The assumptions that can be used to prove a goal are called “givens” A goal along with the givens is called a verification condition (VC) For the Do_Nothing example, three VCs need to be proved, because ther are three assertions to be confirmed CS 315 Spring

Web Interface Demo Google “clemson resolve” Click on the Web Interface Link Select Stack_Template under Concepts Select Do_Nothing_Capability under the Tab Enhancements Select Do_Nothing_Realiz under the Tab Enhancement Realizations CS 315 Spring

Web Interface Demo Click on the Generate VCs Tab You should see 3 VCs. See if you can prove the goals from the givens! It should be easy … Note #1: The VC generation process minimize the needs for new names such as s1, s2, s3, etc., so there are fewer names Note #2: VC generator uses s’, s’’, etc., instead of s1, s2, etc. Also don’t assume that s1 corresponds to s’, etc. CS 315 Spring

A Second Web Interface Demo Select Queue_Template under Concepts Notice that queues also happen to be modeled using mathematical strings How does the specification of Enqueue differ from Push, if any? How does the specification of Dequeue differ from Pop, if any? CS 315 Spring

A Second Web Interface Demo Select Queue_Template under Concepts Select Append_Capability under Enhancements Select Iterative_Realiz under Enhancement Realizations The loop is annotated with two assertions for verification An invariant (maintaining clause) A progress metric (decreasing clause) CS 315 Spring

A Second Web Interface Demo Select Queue_Template under Concepts Select Append_Capability under Enhancements Select Iterative_Realiz under Enhancement Realizations Click on Generate VCs Prove each VC CS 315 Spring

Wrong Code Demo Go back to Recursive_Realiz by clicking on the RESOLVE tab to the left Click the Edit button Do each of the following and see if the VCs are provable in each case Comment out the Dequeue operation (use -- at the front of the line) Change the decreasing metric from |Q| to |P|; now our termination reason is wrong CS 315 Spring

Iterative Code Demo Select Queue_Template under Concepts Select Append_Capability under Enhancements Select Iterative_Realiz under Enhancement Realizations Loops are annotated with invariants, progress metrics Click on the Verify button The VCs here turn out to be provable automatically CS 315 Spring

Iterative Code Demo Select Queue_Template under Concepts Select Append_Capability under Enhancements Select Iterative_Realiz under Enhancement Realizations Loops are annotated with invariants, progress metrics Click on the Verify button The VCs here turn out to be provable automatically CS 315 Spring

Web Interface Help Click the Help tab on the right top corner You should see Screencasts. They illustrate “how to” for various web interface activities; more use cases continue to be added. You should see Tutorials. The help learn specific principles; more tutorials are under development. CS 315 Spring

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.