Software Correctness Interacting programs SWEN224 2016-T2. David Streader Engineering & Computer Science Victoria University of Wellington

Learning objectives Truth may be absolute but often appears relative Transactional programs can be specified by functions from State to State or by Post Conditions. Interacting programs preform events that can be observed before the program terminates There are many types of real event. Interacting programs can be specified by automata

Lies we like to tell small children! 1+1 = 2 Why is 1+1 ≠ 2 ? We are computer scientists we know that 1+1 takes longer to compute that 2. And, takes more memory to compute. Consequently we know 1+1 is NOT equal to 2. So what do we mean when we say 1+1 = 2? We are telling people we are not considering – observing the time it takes to compute nor the steps used in the computation. All we observe is the value computed. So 1+1=2 is true or false depending upon what you observe!

Specifying transactional programs A function from initial states to final states can be viewed as a specificaion for transactional programs Programs progOne and progTwo both satisfy the same functional specification are functionaly equivalent What about programs that interact? How do you specify simple interacting programs? When are two interacting programs equivalent? progOne(x ; int) x := x + 1; x := 2 * x; return x; progTwo(x ; int) x := 2 * x; x := x + 2; return x;

Σ= {Act,STOP,ERROR, _->_, _|_} Event based processes Event based programs and their specifications are often called processes. The processes we will consider use: Act, atomic events, first letter lower case, and processes, first letter upper case The simplest processes are STOP and ERROR Additional processes are built by composing an event e and a process P or two processes P and Q event prefixing e->P Choice P|Q Its called an algebra – or a simple programming language Σ= {Act,STOP,ERROR, _->_, _|_}

Action prefixing event -> Process The Process STOP does nothing New process = event -> old process Initially process Sp can only perform a coffeeBtn event it can not perform the coffee event. automata { Simp = coffee -> STOP. } automata { Sp = coffeeBtn->coffee -> STOP. }

Choice | Processes can offer two events and allow a user to select which event they want. Choice = a -> STOP | b->STOP. VM = coin ->(coffeeBtn->coffee->STOP | teaBtn->tea->STOP).

Determinism The Vmx process can initially perform the coin event but what happens next?

Process equality If all we can see of a process is the language they accept then VM and VMx are equal as they both accept: coin,coffeeBtn,coffee coin,teaBtn,tea Alternatively if you repeatedly try to get a coffee from each machine you can observer their difference. Which processes you can distinguish depends upon how you interact with, or observe, them. We will return to this in more detail later.

What is an event? In the real informal world vending machines do not respond to a button being pushed until after a coin is inserted. By not putting a coin in a vending machine you may block it from performing any event. Receiving an email is an event but not reading the email will not block some one from sending it. Events in our formal model behave like button pushing events Later we will formalise the ability to block an event when we define how events from different processes synchronise!

Learning objectives Truth may be absolute but often appears relative what you observe controls weather 1+1=2 or not. Transactional programs can be specified by functions from State to State or by Post Conditions. Interacting programs preform events that can be observed before the program terminates There are many types of real event. Interacting programs can be specified by automata