Dr. Naveed Riaz Design and Analysis of Algorithms 1 1 Formal Methods in Software Engineering Lecture # 24

Dr. Naveed Riaz Design and Analysis of Algorithms 2 2 Use of Formal Methods in SE  Branch of computer science in which we argue and analyze the computer programs using formal techniques.  Programs specification and verification.  Constructing programs.  Each step written is valid and lead to a correct solution  Number of tools and techniques are available.

Dr. Naveed Riaz Design and Analysis of Algorithms 3 3  Can we properly test the software?  Famous saying by Dijesktra -> By testing we can only prove the present of bug not the absence of bug  In order to prove mathematical theorem, counter examples are provided 1.All numbers are < 1000  You can either provide formal prove or counter example  Overhead with test cases: Not possible to write huge number of test cases

Dr. Naveed Riaz Design and Analysis of Algorithms 4 4 Test Cases VS F-M  Test two equal Strings.  isEqual (“Cat”, Dog”) – Expected output: False  isEqual (“Testing”, Testing”) – Expected output: True  isEqual (“House”, Home”) – Expected output: False  Many number of possibilities

Dr. Naveed Riaz Design and Analysis of Algorithms 5 5 Test Cases VS F-M  Programming Exp:. Equal = strlen(String1)== strlen(String2); If (equal) for ( i =0; i<strlen(String1); i++) equal = String1[i] = = String2 [i]; return equal;

Dr. Naveed Riaz Design and Analysis of Algorithms 6 6 Structure Programming  Same phenomena can be seen with structure programming.  Usage of flow graph to understand program structure  Components of flow graph (Sequence, selection and loop)

Dr. Naveed Riaz Design and Analysis of Algorithms 7 7 Flow Graphs  Identify the flow diagram

Dr. Naveed Riaz Design and Analysis of Algorithms 8 8 Flow Graphs  Bubble sort Flow graph  Sorted = false ; //1  While (!sorted){ //2  Sorted = true;  For(int i=0;i<size-1;i++){//3  If(a[i]>a[i+1]){ //4  Swap(a[i]>a[i+1]); //5  Sorted = false;  } //6  }//7  } //

Dr. Naveed Riaz Design and Analysis of Algorithms 9 9 Flow Graphs  Base upon flow graphs we try to write test cases to test the different components of flow graph  Limitations of these kind of testing  3 types of test coverage's that we have when using flow graphs  Statement coverage: We make sure that every statement must be executed at least once.  Branch Coverage: Identify branches and try to test all the branches  Path Coverage: Execute all possible paths and then write test cases

Dr. Naveed Riaz Design and Analysis of Algorithms 10 Path Coverage overhead  For(int i=0; i<N; i++) { //1  If(condition1)  // some statement //2  Else  Some statement //3  //some statement } //5 How many paths are there For N iteration?

Dr. Naveed Riaz Design and Analysis of Algorithms 11 Model-based solution  We try to develop model of the system  We analyze the correctness of these models using mathematical techniques  What is a Model? Why Model required and How it help us?  Diskstra’s Game

Dr. Naveed Riaz Design and Analysis of Algorithms 12 Model-based solution  Color of the last ball?  1 Ball Game : Suppose there is only one ball in jar  2 Ball Game: Suppose there is two balls in jar -> 3 possibilities  Both White  Both Black  1 W, 1 B

Dr. Naveed Riaz Design and Analysis of Algorithms 13 Model-based solution  3 Balls Game

Dr. Naveed Riaz Design and Analysis of Algorithms 14 Model-based solution  If even number of white balls -> Last ball color Black  If odd number of white balls -> Last ball color White  Can you verify this for 100 balls in the jar? i.e. Our hypothesis is true or not?  To verify this we need formal proof -> built mathematical model

Dr. Naveed Riaz Design and Analysis of Algorithms 15 Mathematical Model  If even number of white balls -> Last ball color Black  If odd number of white balls -> Last ball color White (2 B out, 1 B in ) B-2+1, W=b-1, W  F(B,W) = (2 W out, 1 B in) B+1, W-2 (1 of each out, 1 W in) B-1, W-1+1 = B-1, W In tow cases we reduces the black ball by 1 and maintain the number of white balls In third case, we reduce the white ball by two and increases the black ball by 1. Total number of balls is reduced by exactly one in each move. Parity of the white ball does not change ( either 0 or 2)

Dr. Naveed Riaz Design and Analysis of Algorithms 16 Propositional Calculus  Two tools will be used to built mathematical models ?  Logic and Set theory  What is a proposition?  Statement which is either true or false e.g. My is name is Ali (true or false)  A = B (true or false)  Which statement is not a proposition?  You should read this book carefully.  Logic is built on proposition

Dr. Naveed Riaz Design and Analysis of Algorithms 17 Propositional Calculus  Two tools will be used to built mathematical models ?  Logic and Set theory  What is a proposition?  Statement which is either true or false e.g. My is name is Ali (true or false)  A = B (true or false)  Which statement is not a proposition?  You should read this book carefully.  Logic is built on proposition

Dr. Naveed Riaz Design and Analysis of Algorithms 18 Truth Table  Implication  Only false when P (T) and F (F) otherwise implication is always True.  If P is true only then we can make a statement about Q.  If P is false then we do not need to say any thing about Q.  Originally conditional statement (if or If-then-Else) PQP  Q TTT TFF FTT FFT

Dr. Naveed Riaz Design and Analysis of Algorithms 19 Truth Table  Bi-Conditional – (If and only If)  P  > means p-> Q and Q ->P  Outcome is true if P and Q have the same value  If P and Q do not have same values then Bi-conditional is not true  Compare it with Exclusive OR  Can be used for equal statements PQP <  Q TTT TFF FFT FTF

Dr. Naveed Riaz Design and Analysis of Algorithms 20 Tautology  A Compound proposition which is always true, irrespective of the truth values of the comprising propositions.  p V ┐p  Contradiction -> Opposite to tautology.  Proposition which is always false  p ˄ ┐p (outcome always false)  It is an important tool to prove the theorem  For example; We can take a hypothesis and then we can show that if we can assume something that end up in a logical contradiction and hence the hypothesis is incorrect else we can prove it.

Dr. Naveed Riaz Design and Analysis of Algorithms 21  Logical Equivalence  The proposition P and Q are called logically equivalent if p  >q is tautology  It is written as;  P ≡Q  For example ; ┐(p v q) ≡ ┐p ˄ ┐q ( Demorgans Law)

Dr. Naveed Riaz Design and Analysis of Algorithms 22 Logic Puzzle  The Island of Knights Knaves  Two types of resident -> Knights and Knaves  They have some special characteristics  Knights -> Always speak truth  Knaves -> Always speak lie  Based upon these information we need to solve some problems

Dr. Naveed Riaz Design and Analysis of Algorithms 23 Logic problem for the day  Some one asks person A,  “Are you a knight?”  He replies,  “If I am a knight then I will eat my hat”.  Prove that A has to eat his hat.  Use the logic to solve this problem;  First you have identify the proposition – then hypothesis is required  Think that what does this mean that a person A make a statement “S” on island  If person A is knight then statement “S” is true else False

Dr. Naveed Riaz Design and Analysis of Algorithms 24 Logic problem for the day  Two solution possible: Truth table and Logical deduction rule  First conversion to proposition is required  A is a knight: A  A eats his hat: H  If I am a knight then I will eat my hat.  A=> H  We have seen that ( X  S)  Both have the same truth values there for;  (A  A => H)

Dr. Naveed Riaz Design and Analysis of Algorithms 25 Using Truth Table  Truth table column AHA=> HA  (A => H) AHA=> H TTT FTT TFF FFT

Dr. Naveed Riaz Design and Analysis of Algorithms 26 Using Truth Table  Truth table column AHA=> HA  (A => H) AA=> HA  (A => H) TTT FTF TFF FTF

Dr. Naveed Riaz Design and Analysis of Algorithms 27 Using Truth Table  Truth table column AHA=> HA  (A => H) AHA=> HA  (A => H) TTTT FTTF TFFF FFTF  If another H having true result but with False value then?

Dr. Naveed Riaz Design and Analysis of Algorithms 28 Problem with Truth Table  Any problem with the truth table?  Perform good when the number of proposition is small but if the number of proposition is large then?  In truth table number of rows depends on the number of variables: If we have two variables then …  Another method is to built logical argument using deduction rules.