Mathematical Reasoning

Slides:



Advertisements
Similar presentations
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
PROOF BY CONTRADICTION
Computer Science School of Computing Clemson University Introduction to Mathematical Reasoning Jason Hallstrom and Murali Sitaraman Clemson University.
School of Computing Clemson University Mathematical Reasoning  Goal: To prove correctness  Method: Use a reasoning table  Prove correctness on all valid.
Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?
Reasoning About Code; Hoare Logic, continued
11111 Functional Program Verification CS 4311 A. M. Stavely, Toward Zero Defect Programming, Addison-Wesley, Y. Cheon and M. Vela, A Tutorial on.
Formal Semantics of Programming Languages 虞慧群 Topic 5: Axiomatic Semantics.
Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.
CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.
Copyright W. Howden1 Lecture 13: Programming by Contract.
General Announcements Project Due Friday, 1/30 Labs start Wednesday & Thursday – Java review – Weiss 1.19, 1.20 – You may show up & hand in Workshops.
Axiomatic Semantics Dr. M Al-Mulhem ICS
Dr. Muhammed Al-Mulhem 1ICS ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.
1 Security Architecture and Analysis Software Inspections and Verification Software Testing and Certification.
1 Advanced Material The following slides contain advanced material and are optional.
Mathematics throughout the CS Curriculum Support by NSF #
Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Murali Sitaraman
Computer Science School of Computing Clemson University Mathematical Reasoning across the Curriculum Software Development Foundations and Software Engineering.
RMIT University; Taylor's College1 Lecture 6  To apply the Principle of Mathematical Induction  To solve the Towers of Hanoi puzzle  To define a recurrence.
Lecture 16 March 22, 2011 Formal Methods CS 315 Spring Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson)
Lecture 17 March 24, 2011 Formal Methods 2 CS 315 Spring Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson)
CS 261 – Data Structures Preconditions, Postconditions & Assert.
Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Joseph E. Hollingsworth
9.4 Mathematical Induction
Introduction to Data Structures and Algorithms CS 110: Data Structures and Algorithms First Semester,
Recursive Algorithms &
What is Testing? Testing is the process of finding errors in the system implementation. –The intent of testing is to find problems with the system.
COP4020 Programming Languages Introduction to Axiomatic Semantics Prof. Robert van Engelen.
This research is funded in part by grant CCR from the U. S. National Science Foundation. Profiles: A Compositional Mechanism for Performance Specification.
More on Correctness. Prime Factorization Problem: Write a program that computes all the prime factors of a given number Solution (Idea): Factors are less.
RESOLVE VERIFICATION: A New Perspective Joan Krone William F. Ogden.
Software Testing. System/Software Testing Error detection and removal determine level of reliability well-planned procedure - Test Cases done by independent.
Computer Science School of Computing Clemson University Mathematical Reasoning with Objects.
Lecture 18 March 29, 2011 Formal Methods 3 CS 315 Spring Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson)
INDUCTION David Kauchak CS52 – Spring to-1 multiplexer control control_negate and_out1 input0 input1 and_out2 output.
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
Computer Science School of Computing Clemson University Reasoning with Queues and Web Interface Demo.
1 Mathematical Induction. 2 What is induction? A method of proof It does not generate answers: it only can prove them Three parts: Base case(s): show.
Mathematical Induction. The Principle of Mathematical Induction Let S n be a statement involving the positive integer n. If 1.S 1 is true, and 2.the truth.
INDUCTION David Kauchak CS52 – Spring to-1 multiplexer control control_negate and_out1 input0 input1 and_out2 output.
Testing Verification and the Joy of Breaking Code
Modular Alternatives to Testing
COMP108 Algorithmic Foundations Mathematical Induction
Component Implementations Using RESOLVE
Formal Specification of Java Interfaces
Chapter 3 The Real Numbers.
Software engineering – 1
UNIT-4 BLACKBOX AND WHITEBOX TESTING
Design by Contract Fall 2016 Version.
Introduction to Components and Specifications Using RESOLVE
Programming Languages 2nd edition Tucker and Noonan
Formal Specification of Interfaces
Mathematical Induction I
Introduction to Components and Specifications Using RESOLVE
Lecture 3.1: Mathematical Induction
Functional Program Verification
More Mathematical Reasoning (Conditional Statements)
Axiomatic Verification I
Mathematical Reasoning with Data Abstractions
Program correctness Axiomatic semantics
CSE 1020:Software Development
CSE 311: Foundations of Computing
Mathematics Code Breaker
Lecture 3.1: Mathematical Induction
Programming Languages 2nd edition Tucker and Noonan
Formal Methods Lecture 16 March 22, 2011 CS 315 Spring 2011
UNIT-4 BLACKBOX AND WHITEBOX TESTING
COMP108 Algorithmic Foundations Mathematical Induction
Presentation transcript:

Mathematical Reasoning Lecture SE-5

Overview Methods for checking code is correct, i.e., it meets specification Testing Tracing or inspection Formal verification of correctness

Testing Goal: To find bugs Method: Identify “adequate” test points Recall: Test point = (valid input, expected output) Method: Execute the code on those inputs Cannot test on all inputs Can only show presence of bugs, not absence

Tracing or Formal Inspection Goal: To find bugs Method: Identify “adequate” tracing points Tracing point = test point = (valid input, expected output) Method: Hand trace the code on those inputs Cannot trace on all inputs Can only show presence of bugs, not absence; but some logic check is done

Formal Verification Goal: To prove correctness Method: The rest of this presentation Can prove correctness on all valid inputs Can only show absence of bugs

Example Goal: Prove that the following code requires … ensures I = #J and J = #I; Code: I = sum(I, J); J = difference(I, J); I = difference(I, J);

Example Goal: Prove that the following code requires … ensures I = #J and J = #I; Code: I = sum(I, J); J = difference(I, J); I = difference(I, J);

Recall: Specification of Integer Operations Think of ints as integers in math constraints for all integer I MIN_VALUE <= I <= MAX_VALUE int sum (int I, int J); requires MIN_VALUE <= I + J and I + J <= MAX_VALUE; ensures sum = I + J; int difference (int I, int J); requires MIN_VALUE <= I - J and I - J <= MAX_VALUE; ensures difference = I - J;

Example Goal: Prove that the following code requires … ensures I = #J and J = #I; Code: I = sum(I, J); J = difference(I, J); I = difference(I, J);

Establish the goals in state-oriented terms using a table Assume Confirm 0 … I = sum(I, J); 1 J = difference(I, J); 2 I = difference(I, J); 3 I3 = J0 and J3 = I0;

Establish assumptions (and obligations) Assume Confirm 0 … … I = sum(I, J); 1 I1 = I0 + J0 and … J1 = J0 J = difference(I, J); 2 J2 = I1 - J1 and … I2 = I1 I = difference(I, J); 3 I3 = I2 – J2 and I3 = J0 and J3 = J2 J3 = I0

Prove all assertions to be confirmed Prove I3 = J0 and J3 = I0 Proof of I3 = J0 I3 = I2 – J2 = (I1 – J1) – I1 substitution for I2 and J2 = J1 simplification = J0 substitution for J1 Proof of J3 = I0 exercise Code is correct if all assertions to be confirmed are proved

Example: Confirm caller’s obligations (Why?) Assume Confirm 0 … … I = sum(I, J); 1 I1 = I0 + J0 and MIN_VALUE <= J1 = J0 (I1 – J1) <= MAX_VALUE J = difference(I, J); 2 … …

Confirm caller’s obligations Assume Confirm 0 … MIN_VALUE <= I0 + J0 <= MAX_VALUE I = sum(I, J); 1 … MIN_VALUE <= I1 – J1 <= MAX_VALUE J = difference(I, J); 2 … MIN_VALUE <= I2 – J2 <= MAX_VALUE I = difference(I, J); 3 … I3 = J0 and J3 = I0

Prove all assertions to be confirmed Proofs - exercises Given the goal requires MIN_VALUE <= I + J and I + J <= MAX_VALUE; ensures I = #J and J = #I; The code below is correct I = sum(I, J); J = difference(I, J); I = difference(I, J);

Basics of Mathematical Reasoning Suppose you are verifying code for some operation P Assume its requires clause in state 0 Confirm its ensures clause at the end Suppose that P calls Q Confirm the requires clause of Q in the state before Q is called Why? Because caller is responsible Assume the ensures clause of Q in the state after Q Why? Because Q is assumed to work Prove assertions to be confirmed

Another Example Specification: Operation Do_Nothing (restores S: Stack); Goal: Same as ensures S = #S; Code: Procedure Do_Nothing (restores S: Stack); Var E: Entry; Pop(E, S); Push(E, S); end Do_Nothing;

Exercise: Complete table and prove! Assume Confirm 0 … … Pop(E, S); 1 … … Push(E. S); 2 … …

Recall Specification of Stack Operations Operation Push (alters E: Entry; updates S: Stack); requires |S| < Max_Depth; ensures S = <#E> o #S; Operation Pop (replaces R: Entry; updates S: Stack); requires |S| > 0; ensures #S = <R> o S; Operation Depth (restores S: Stack): Integer; ensures Depth = |S|; …

Collaborative Exercise: Answers Assume Confirm 0 … |S| > 0 Pop(E, S); 1 S0 = <E1> o S1 |S| < Max_Depth Push(E. S); 2 S2 = <E1> o S1 S2 = S0 …

Discussion Is the code Correct? If not, fix it Important Idea: The reasoning table can be filled mechanically Principles of reasoning about all objects and operations are the same Need mathematical specifications VC generation and automated verification demo

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.