329-251 Chapter 25 Formal Methods. 329-252 Formal methods Specify program using math Develop program using math Prove program matches specification using.

Slides:



Advertisements
Similar presentations
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Advertisements

Semantics Static semantics Dynamic semantics attribute grammars
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Reasoning About Code; Hoare Logic, continued
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.
Partial correctness © Marcelo d’Amorim 2010.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN Chapter 3 Describing Syntax and Semantics.
Dynamic semantics Precisely specify the meanings of programs. Why? –programmers need to understand the meanings of programs they read –programmers need.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
Predicate Transformers
Formal Specification and Verification. Specifications Imprecise specifications can cause serious problems downstream Lots of interpretations even with.
Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.
CS 330 Programming Languages 09 / 19 / 2006 Instructor: Michael Eckmann.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CS 355 – Programming Languages
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Software Engineering and Design Principles Chapter 1.
Language Specfication and Implementation - PART II: Semantics of Procedural Programming Languages Lee McCluskey Department of Computing and Mathematical.
Axiomatic Semantics Dr. M Al-Mulhem ICS
CS 330 Programming Languages 09 / 18 / 2007 Instructor: Michael Eckmann.
Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space html://
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Dr. Muhammed Al-Mulhem 1ICS ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.
Chapter 3 Describing Syntax and Semantics Sections 1-3.
Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.
CS 330 Programming Languages 09 / 16 / 2008 Instructor: Michael Eckmann.
Formal methods Basic concepts. Introduction  Just as models, formal methods is a complement to other specification methods.  Standard is model-based.
Describing Syntax and Semantics
Semantics “Semantics” has to do with the meaning of a program. We will consider two types of semantics: –Static semantics: semantics which can be enforced.
MCA –Software Engineering Kantipur City College. Topics include  Formal Methods Concept  Formal Specification Language Test plan creation Test-case.
Reading and Writing Mathematical Proofs
1 Program Correctness CIS 375 Bruce R. Maxim UM-Dearborn.
Proofs of Correctness: An Introduction to Axiomatic Verification Prepared by Stephen M. Thebaut, Ph.D. University of Florida CEN 5035 Software Engineering.
Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
CS 363 Comparative Programming Languages Semantics.
Muhammad Idrees Lecturer University of Lahore 1. Outline Introduction The General Problem of Describing Syntax Formal Methods of Describing Syntax Attribute.
Chapter 5: Sequences, Mathematical Induction, and Recursion 5.5 Application: Correctness of Algorithms 1 [P]rogramming reliability – must be an activity.
Program Analysis and Verification Spring 2014 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University.
ISBN Chapter 3 Describing Semantics.
Chapter 3 Part II Describing Syntax and Semantics.
Semantics In Text: Chapter 3.
Pre- and postconditions, Using assertions and exceptions 1 Pre- and postconditions Using assertions and exceptions.
Languages and Compilers
COP4020 Programming Languages Introduction to Axiomatic Semantics Prof. Robert van Engelen.
Design - programming Cmpe 450 Fall Dynamic Analysis Software quality Design carefully from the start Simple and clean Fewer errors Finding errors.
ISBN Chapter 3 Describing Syntax and Semantics.
13 Aug 2013 Program Verification. Proofs about Programs Why make you study logic? Why make you do proofs? Because we want to prove properties of programs.
Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University.
Principle of Programming Lanugages 3: Compilation of statements Statements in C Assertion Hoare logic Department of Information Science and Engineering.
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
Cs7100(Prasad)L18-9WP1 Axiomatic Semantics Predicate Transformers.
CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University
C HAPTER 3 Describing Syntax and Semantics. D YNAMIC S EMANTICS Describing syntax is relatively simple There is no single widely acceptable notation or.
Syntax Questions 6. Define a left recursive grammar rule.
Mathematical Structures for Computer Science Chapter 1
Chapter 15 Debugging.
Lecture 5 Floyd-Hoare Style Verification
Programming Languages and Compilers (CS 421)
Programming Languages 2nd edition Tucker and Noonan
Semantics In Text: Chapter 3.
Chapter 15 Debugging.
Predicate Transformers
Programming Languages and Compilers (CS 421)
Programming Languages 2nd edition Tucker and Noonan
COP4020 Programming Languages
Presentation transcript:

Chapter 25 Formal Methods

Formal methods Specify program using math Develop program using math Prove program matches specification using math –“prove program is correct”

Problems with Conventional Specification contradictions ambiguities vagueness imcompleteness mixed levels of abstraction

Formal Specifications Lots of approaches –State machines –Denotational semantics –Pre and post conditions –Z –Algebraic specifications –and many more

Denotational semantics Used to specify programming language Denotational semantics of a language is a function from programs to meanings. “Revised Report on the Algorithmic Language Scheme” Standards/R5RS/HTML/ Standards/R5RS/HTML/

Uses of Denotation Semantics Understanding a language Making sure a language is well-defined Proving things about language (type safe programs can never have a run-time error) Generating a compiler automatically

Pre and post conditions A program consists of some data types and operations on those data types. A running program has a state consisting of a set of variables with values. Operations change the state. Pre and post conditions specify how operations change state.

Example: Banking Types: –BankAccount. Has a balance, which is a number. –Transaction. Has a date, an amount, a type (deposit, withdrawal), and a BankAccount. Invariant: –For each BankAccount, balance = sum of deposits - sum of withdrawals

Example: Banking Operations –Deposit(amount, date, account) Precondition: amount is positive, account.balance = b, account.transactions=t Postcondition: account.balance=b+amount, account.transaction=t + (transaction with amount, date, “deposit”, and account)

Z(ed) Language based on math Logic, sets, sequences, relations, functions Z specification declares variables and predicates that are always true of the variables Some variables are used for input or for output

Z A little like a programming language Not used for assertions about a program, but to specify an entire system Can be extended to refer to a program There are tools to check syntax of Z specifications, to typeset them, and to test them

Formal Program Development Program transformations Hoare axiomatics –C.A.R. Hoare Weakest preconditions –Edsger Dijkstra

Program Transformation Start with a formal specification Make it executable Optimize the “program” by applying transformations to it –“For all x there is a y” is replaced by an algorithm that takes an x and produces a y –A lot like proving a theorem –A lot like an optimizing compiler

Hoare Axiomatics For each kind of statement, there is a rule that shows how a precondition leads to legal postconditions {P} if (e) then S1 else S2 {P  e} S1 {R} {P  ¬ e} S2 {T} {P} if (e) then S1 else S2 {R  T}

Hard part Loops Procedures Pointers Concurrency

Weakest Precondition Like Hoare Axiomatics, but backwards Start with result and work forward. Let’s you derive a program, not just make sure it meets the spec. Both techniques need a language like Z for writing assertions

Advantages of Formal Methods Decreases errors Precise - more likely to agree on meaning of a specification Automatable - easier to make tools to process specification –Error checking –Code generation

Disadvantages of Formal Methods Most programmers don’t know math well enough Most customers can’t read the specification Can lead to false expectations - formal development does not eliminate all errors –Bad specifications –Mistakes in proofs/bugs in tools

Disadvantages of formal methods Some things hard to specify –GUIs –Sound/graphics –Concurrency Can take a long time and be expensive

When to use formal methods When it is very important to get it right –Security –Space shuttle –Pace makers When you have the right people Big payoff often comes from small part of the system