Executable Specifications: Foundations  MS Tools

Slides:

Advertisements

Similar presentations

Program Termination, and Well Partial Orderings Andreas Blass and Yuri Gurevich.

Advertisements

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.

Abstract State Machines, and lessons of an ASM-based project at Microsoft Yuri Gurevich ( Erdos #2 ) Microsoft Research.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Giving a formal meaning to “Specialization” In these note we try to give a formal meaning to specifications, implementations, their comparisons. We define.

Model-Based Testing Using Spec Explorer Aditya Mathur Purdue University CS Software Testing Spring 2011 Material extracted mostly from: “Model-Based.

Best-First Search: Agendas

1 Academia Europaea 18th Annual Conference events Grand Challenges of Informatics and Computer Mathematics Budapest, September 20, 2006 From Computable.

Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.

Faculty Of Computer Science Simon Fraser University Cmpt 880 presentation An Abstract Communication Model Uwe Glasser, Yuri Gurevich and Margus Veanes.

A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.

Real-Time System Requirements & Design Specs Shaw - Chapters 3 & 4 Homework #2: 3.3.1, 3.4.1, Add Error states to Fig 4.1 Lecture 4/17.

Software Testing and QA Theory and Practice (Chapter 10: Test Generation from FSM Models) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory.

Advanced Modeling Model Based Test Generation and Abstract state machine Language Keith Stobie Test Architect XML Web Services Microsoft Corporation.

Texas A&M University Department of Computer Science Sameh S. Sharkawi

Introduction to ASMs Dumitru Roman Digital Enterprise Research Institute

1 The Theory of NP-Completeness 2012/11/6 P: the class of problems which can be solved by a deterministic polynomial algorithm. NP : the class of decision.

Finite State Machines Chapter 5. Languages and Machines.

Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.

Microsoft Research, Foundations of Software EngineeringW. Grieskamp et. al: Behavioral Compositions in Symbolic Domains Behavioral Composition in Symbolic.

1 Generating FSMs from Abstract State Machines Wolfgang Grieskamp Yuri Gurevich Wolfram Schulte Margus Veanes Foundations of Software Engineering Microsoft.

The Semantics of AsmL in a Proper Perspective Yuri Gurevich Microsoft Research.

1 The Theory of NP-Completeness 2 Cook ’ s Theorem (1971) Prof. Cook Toronto U. Receiving Turing Award (1982) Discussing difficult problems: worst case.

Toward a Semantic Anchoring Infrastructure for Domain-Specific Modeling Languages Kai Chen Janos Sztipanovits Sandeep Neema Matthew Emerson Sherif Abdelwahed.

2007 Science of Design (SoD) PI Meeting – Project Nuggets NSF SoD Award No: NSF SoD-HCER Project Title: Learning Based Programming Investigator.

Time Complexity. Solving a computational program Describing the general steps of the solution –Algorithm’s course Use abstract data types and pseudo code.

Predicate Abstraction. Abstract state space exploration Method: (1) start in the abstract initial state (2) use to compute reachable states (invariants)

By: Nelson Webster. Algorithm Engineers Algorithm engineers study the effectiveness and efficiency of procedures of solving problems on a computer.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Formal Methods. What Are Formal Methods Formal methods refers to a variety of mathematical modeling techniques that are applicable to computer system.

1 Interactive Computer Theorem Proving CS294-9 October 19, 2006 Adam Chlipala UC Berkeley Lecture 9: Beyond Primitive Recursion.

CSC 172 P, NP, Etc.

Sub-fields of computer science. Sub-fields of computer science.

Modular Decomposition, Abstraction and Specifications

Automatic Test Generation

The NP class. NP-completeness

Paul Ammann & Jeff Offutt

UML Diagrams By Daniel Damaris Novarianto S..

Gödel's Legacy: The Limits Of Logics

Types for Programs and Proofs

“Language Mechanism for Synchronization”

Graph Coverage for Specifications CS 4501 / 6501 Software Testing

Turing Machines Chapter 17.

UML Diagrams Jung Woo.

Principles of Computing – UFCFA Lecture-1

Algorithm and Ambiguity

Introduction to Software Testing Chapter 5.1 Syntax-based Testing

IP – Based Design Methodology

Internet of Things A Process Calculus Approach

Over-Approximating Boolean Programs with Unbounded Thread Creation

Software Test Automation and Tools

Introduction To software engineering

MA/CSSE 474 Theory of Computation

CS21 Decidability and Tractability

Institute of Computing Tech.

Overview of the ETSI Test Description Language

Introduction to Software Testing Chapter 5.1 Syntax-based Testing

Applying Use Cases (Chapters 25,26)

Instructor: Aaron Roth

Applying Use Cases (Chapters 25,26)

Principles of Computing – UFCFA Week 1

Instructor: Aaron Roth

Subject Name: FORMAL LANGUAGES AND AUTOMATA THEORY

Program correctness Axiomatic semantics

Dichotomies in CSP Karl Lieberherr inspired by the paper:

Instructor: Aaron Roth

Algorithms CSCI 235, Spring 2019 Lecture 37 The Halting Problem

Discrete Mathematics CS 2610

Interactive computability

Presentation transcript:

Executable Specifications: Foundations  MS Tools Yuri Gurevich Microsoft Research

Agenda A short version of the talk A piece of theory Executable specifications Our languages Our tools

The Short Version

Genesis This project started about 20 years ago when this logician moved to computer science. What is CS about? While it is about many things, the central role is played by algorithms (in a broad sense of the term). Operating systems, programming languages, compilers, etc. are all algorithms.

Key Question What’s an algorithm? The Turing machine is not adequate anymore. What is, if anything?

The Proposed Solution A long analysis led to abstract state machines and the ASM thesis: For every algorithm there is a behaviorally identical ASM.

Experimental Confirmation By the thesis, ASMs fit to model and specify algorithms. Many applications are found, in academia and industry. In the process, experimental confirmation of the thesis accumulates.

The group on Foundations of Software Engineering at MSR Wolfram Schulte Margus Veanes Colin Campbell Lev Nachmanson Mike Barnett Wolfgang Grieskamp Nikolai Tillman

Behavioral theory of computation Increasing parts of the ASM thesis are proven from first principles. In the process, axiomatic definitions of sequential, parallel, etc. algorithms emerge. 2: rather than the theory of recursive functions or specialized theories of sorting algorithm, linear programming, etc.

A piece of theory

Sequential Time Postulate Any algorithm determines the set of states, the subset of initial states, the transition function. Def. Two seq-time algorithms are behaviorally equivalent if they have the same states, initial states and the transition function.

What are states of an algorithm? What are states of, say, a C program? Transparent (or explicit, or honest) states In the seq-time case, a state is examinable and – unless the process stops – the next state exists

Abstract State Postulate The states are logic structures. ... Define structures in one sentence.

Seq algorithms Seq-time algorithms with bounded-work steps. How to measure work?

Definition A sequential algorithm is any entity that satisfies the three postulates: sequential time, abstract state, bounded-exploration.

Euclid’s algorithm if b = 0 then d := a else [do in-parallel] a := b b := a mod b

Seq Characterization Theorem For every sequential algorithm A, there exists a behaviorally equivalent sequential ASM . Ref. #141 at the speaker’s website

Parallel algorithms 1 2 3 4 5 6 7 8 9 Example Slicing a dag

Slicing a Dag in AsmL forall v in V if forall u in V holds (u,v) in E implies u in X then add v to X

Par Characterization Thm Analysis Theorem: For every parallel algorithm A, there is a behaviorally equivalent parallel ASM . Ref. #157

Intra-step interaction New object creation, choice, remote procedure calls, messages The characterization theorems Ref: #166, 170, 171, and forthcoming by Andreas Blass, YG, Dean Rosenzweig and Benjamin Rossman

Distributed algorithms Distributed ASMs were defined long ago, and most ASM applications, at least at Microsoft, are distributed, but the axiomatization problem is still open.

Executable specifications

In-place one-swap-a-time sorting var A as Seq of Integer = [3,1,2] Swap() choose i,j in Indices(A) where i<j and A(i)>A(j) A(i) := A(j) A(j) := A(i) Sort() step until fixpoint A = [2,3,1] Nondeterminsm A = [1,3,2] A = [2,1,3] A = [1,2,3] Parallelism

Our Languages

AsmL and C# http://research.microsoft.com/fse/asml Math e.g. set comprehension {x2 | x ∊ {1,..,10} where x = 0 mod 2} Transactions, nondeterminism OO, interoperability via .NET Literate programming via Word, automated programming via XML AmsL can call methods from e.g. C# programs, and the other round. No marshaling is involved. The first .Net specification language (as far as we know). Why is this important? You want to simulate, say, a component in its natural environment which may involve interaction with various other components.

Topological Sorting step while ToSet(S) ne V let X = V - ToSet(S) if X <> {} then S := S + [(any v | v in X where not(exists u in X where (u,v) in E))]

Our Tools

Software development process Current Projects Specs Spec Explorer Dev Arch/PM/Lead Test System Design System Test Specs Parameterized Unit Tests Class Design Unit Test Spec# Specs Abstraction Coding Time

Validating the spec Human comprehension Playing scenarios Deriving an FSM and then testing (including model checking) it

Enforcing the spec In the deterministic case, generate a test suite with results, and run the suit on various implementations. Execute the model and implementation in lock step. Play to test