Computer Science School of Computing Clemson University Mathematical Reasoning with Objects.

Slides:



Advertisements
Similar presentations
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
This research is funded in part the U. S. National Science Foundation grant CCR DEET for Component-Based Software Murali Sitaraman, Durga P. Gandi.
Computer Science School of Computing Clemson University Introduction to Mathematical Reasoning Jason Hallstrom and Murali Sitaraman Clemson University.
School of Computing Clemson University Mathematical Reasoning  Goal: To prove correctness  Method: Use a reasoning table  Prove correctness on all valid.
Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?
Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.
Reasoning About Code; Hoare Logic, continued
Formal Semantics of Programming Languages 虞慧群 Topic 5: Axiomatic Semantics.
HCSSAS Capabilities and Limitations of Static Error Detection in Software for Critical Systems S. Tucker Taft CTO, SofCheck, Inc., Burlington, MA, USA.
1 Specifying Object Interfaces. 2 Major tasks in this stage: --are there any missing attributes or operations? --how can we reduce coupling, make interface.
Run time vs. Compile time
1 Run time vs. Compile time The compiler must generate code to handle issues that arise at run time Representation of various data types Procedure linkage.
Computer Science School of Computing Clemson University Mathematical Modeling Murali Sitaraman Clemson University.
Recursion: Function and Programming Software Engineering at Azusa Pacific University  Evolutionary Approach  Examples and Algorithms  Programming in.
Mathematics throughout the CS Curriculum Support by NSF #
Jason Hallstrom (Clemson), Joan Krone (Denison), Joseph E. Hollingsworth (IU Southeast), and Murali Sitaraman(Clemson) This workshop is funded in part.
Computer Science 340 Software Design & Testing Design By Contract.
Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Murali Sitaraman
Computer Science School of Computing Clemson University Specification and Reasoning in SE Projects Using a Web IDE Charles T. Cook (Clemson) Svetlana V.
Towers of Hanoi. Introduction This problem is discussed in many maths texts, And in computer science an AI as an illustration of recursion and problem.
From Program Verification to Program Synthesis Saurabh Srivastava * Sumit Gulwani ♯ Jeffrey S. Foster * * University of Maryland, College Park ♯ Microsoft.
Computer Science School of Computing Clemson University Mathematical Reasoning across the Curriculum Software Development Foundations and Software Engineering.
Lecture 16 March 22, 2011 Formal Methods CS 315 Spring Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson)
Computer Science School of Computing Clemson University Introduction to Formal Specification Murali Sitaraman Clemson University.
Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.
Chapter 3 (Part 3): Mathematical Reasoning, Induction & Recursion  Recursive Algorithms (3.5)  Program Correctness (3.6)
© by Kenneth H. Rosen, Discrete Mathematics & its Applications, Sixth Edition, Mc Graw-Hill, 2007 Chapter 4 (Part 3): Mathematical Reasoning, Induction.
Lecture 17 March 24, 2011 Formal Methods 2 CS 315 Spring Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson)
1 Inference Rules and Proofs (Z); Program Specification and Verification Inference Rules and Proofs (Z); Program Specification and Verification.
Nirmalya Roy School of Electrical Engineering and Computer Science Washington State University Cpt S 223 – Advanced Data Structures Course Review Midterm.
Compiler Construction
Computer Science Department Data Structure & Algorithms Lecture 8 Recursion.
SWE 619 © Paul Ammann Procedural Abstraction and Design by Contract Paul Ammann Information & Software Engineering SWE 619 Software Construction cs.gmu.edu/~pammann/
Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Joseph E. Hollingsworth
CSC3315 (Spring 2008)1 CSC 3315 Subprograms Hamid Harroud School of Science and Engineering, Akhawayn University
© Paul Ammann, 2008 Design by Contract Paul Ammann CS/SWE 332.
Runtime Organization (Chapter 6) 1 Course Overview PART I: overview material 1Introduction 2Language processors (tombstone diagrams, bootstrapping) 3Architecture.
CSE Winter 2008 Introduction to Program Verification January 31 proofs through simplification.
This research is funded in part by grant CCR from the U. S. National Science Foundation. Profiles: A Compositional Mechanism for Performance Specification.
1 Performance Specifications Based upon Complete Profiles Joan Krone William F. Ogden Murali Sitaraman.
More on Correctness. Prime Factorization Problem: Write a program that computes all the prime factors of a given number Solution (Idea): Factors are less.
Week 10: Loop Invariants, Code correctness Jimmy Voss Disclaimer: Some material may have been borrowed from both the Official Course slides as well as.
1/24 An Introduction to PVS Charngki PSWLAB An Introduction to PVS Judy Crow, Sam Owre, John Rushby, Natarajan Shankar, Mandayam Srivas Computer.
/ PSWLAB Thread Modular Model Checking by Cormac Flanagan and Shaz Qadeer (published in Spin’03) Hong,Shin Thread Modular Model.
Integrating Math Units and Proof Checking for Specification and Verification SAVCBS Workshop 2008 SIGSOFT 2008 / FSE 16 November 9th, 2008 Hampton Smith.
Functional Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 21.
Lecture 18 March 29, 2011 Formal Methods 3 CS 315 Spring Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson)
서울대한양대 ( 안 산 ) 충남대 1년1년 컴퓨터기초 (C) 컴퓨터프로그래밍 (C, Java) 컴퓨터프로그래밍 (C) 2. 봄 프로그래밍 원리 (Scheme, ML) Structure & Interpretation of Computer Programs 프로그래밍 방법론.
Computer Science School of Computing Clemson University Reasoning with Queues and Web Interface Demo.
Chapter 4 (Part 3): Mathematical Reasoning, Induction & Recursion
Modular Alternatives to Testing
Topic: Recursion – Part 1
Component Implementations Using RESOLVE
Formal Specification of Java Interfaces
Specifying Object Interfaces
Introduction to Components and Specifications Using RESOLVE
Functional Verification I
Performance Specifications Based upon Complete Profiles
Formal Specification of Interfaces
Functional Verification I
Introduction to Components and Specifications Using RESOLVE
Mathematical Reasoning
UNIT V Run Time Environments.
More Mathematical Reasoning (Conditional Statements)
Administrivia- Introduction
Mathematical Reasoning with Data Abstractions
Computer Science 340 Software Design & Testing
RUN-TIME STORAGE Chuen-Liang Chen Department of Computer Science
Formal Methods Lecture 16 March 22, 2011 CS 315 Spring 2011
Presentation transcript:

Computer Science School of Computing Clemson University Mathematical Reasoning with Objects

School of Computing Clemson University Example Specification: Operation Do_Nothing (restores S: Stack); Goal: Same as ensures S = #S; Code: Procedure Do_Nothing (restores S: Stack); Var E: Entry; Pop(E, S); Push(E, S); end Do_Nothing;

School of Computing Clemson University Exercise: Complete table and prove! AssumeConfirm 0… … Pop(E, S); 1… … Push(E. S); 2… …

School of Computing Clemson University Exercise: Complete table and prove! AssumeConfirm 0… … Pop(E, S); 1… … Push(E. S); 2… …  But we can’t Because there are no stacks in math Because there are no “standard” math specifications of pop and push

Computer Science School of Computing Clemson University Mathematical Modeling

School of Computing Clemson University Unlike mathematics that is implicit…  We view programming integers as though they are mathematical integers (subject to bounds, of course)  We associate mathematical operators (e.g., +) with operations we can do on integers in programs (e.g., +)

School of Computing Clemson University Unlike mathematics that is implicit…  Mathematical connections need to be established and made explicit for typical software objects

School of Computing Clemson University Mathematical modeling  Type Integer is modeled by Z;  Constraints for all i: Integer, min_int <= i <= max_int;

School of Computing Clemson University Alternatively…  Type Integer is modeled by Z;  Let i be an example Integer;  Constraints min_int <= i <= max_int;

School of Computing Clemson University Initial value specification…  Type Integer is modeled by Z;  exemplar i;  Constraints min_int <= i <= max_int;  initialization ensures i = 0;

School of Computing Clemson University Specification of operations …  Type Integer is modeled by Z;  …  specification of operations, e.g., i++  Operation Increment (updates i: Integer);  requires i < max_int;  ensures i = #i + 1;

School of Computing Clemson University More examples …  What is a suitable way to model the state of a light bulb?  …

School of Computing Clemson University More examples …  Type Light_Bulb_State is modeled by B;  exemplar b;  Initialization ensures b = false;  Exercises: specification of operations Turn_On, Turn_Off, and Is_On

School of Computing Clemson University More examples …  How would you model the state of a traffic light?  …  Alternative models and discussion

School of Computing Clemson University Data abstraction examples …  How would you mathematically model a the contents of a stack?  Is a set model appropriate?  Why or why not?  What about a queue?

School of Computing Clemson University Mathematical Modeling Summary  To write formal specifications, we need to model the state mathematically  Some objects we use in programming, such as Integers and Reals, have implicit models  For others, such as stacks, queues, lists, etc., we need to conceive explicit mathematical models

School of Computing Clemson University Mathematical Modeling of Stacks Concept Stack_Template(type Entry; Max_Depth: Integer); uses String_Theory; Type Family Stack is modeled by … Operation Push… Operation Pop… … end Stack_Template;

School of Computing Clemson University Concept Stack_Template(type Entry; Max_Depth: Integer); uses String_Theory; Type Family Stack is modeled by Str(Entry); exemplar S; constraints |S| <= Max_Depth; initialization ensures S = empty_string; … end Stack_Template; Mathematical Modeling of Stacks

School of Computing Clemson University Specification of Stack Operations Operation Push (alters E: Entry; updates S: Stack); requires |S| < Max_Depth; ensures S = o #S; Operation Pop (replaces R: Entry; updates S: Stack); requires |S| > 0; ensures #S = o S; Operation Depth (restores S: Stack): Integer; ensures Depth = |S|; …

School of Computing Clemson University Exercise: Complete table and prove! AssumeConfirm 0… … Pop(E, S); 1… … Push(E. S); 2… …

School of Computing Clemson University Recall: Basics of Mathematical Reasoning  Suppose you are verifying code for some operation P Assume its requires clause in state 0 Confirm its ensures clause at the end  Suppose that P calls Q Confirm the requires clause of Q in the state before Q is called  Why? Because caller is responsible Assume the ensures clause of Q in the state after Q  Why? Because Q is assumed to work  Prove assertions to be confirmed

School of Computing Clemson University Collaborative Exercise: Answers AssumeConfirm 0… |S0| > 0 Pop(E, S); 1S0 = o S1 |S1| < Max_Depth Push(E. S); 2S2 = o S1 S2 = S0 …

School of Computing Clemson University Discussion  Is the code Correct? If not, fix it

School of Computing Clemson University Collaborative Exercise: Answers AssumeConfirm 0|S0| 0 Pop(E, S); 1S0 = o S1 |S1| < Max_Depth Push(E. S); 2S2 = o S1 S2 = S0 …

School of Computing Clemson University Discussion  Is the code Correct? If not, fix it  Important Idea: The reasoning table can be filled mechanically  Principles of reasoning about all objects and operations are the same Need mathematical specifications  VC generation and automated verification demo

School of Computing Clemson University Is the code correct for the given spec? Specification: Operation Do_Nothing (restores S: Stack); Code: Procedure Do_Nothing (restores S: Stack); Var E: Entry; If (Depth(S) /= 0) then Pop(E, S); Push(E, S); end; end Do_Nothing;

School of Computing Clemson University ConditionAssumeConfirm 0 If (Depth(S) /= 0) then 1|S0| /= 0 Pop(E, S); 2|S0| /= 0 Push(E, S); 3|S0| /= 0 end; 4S4 = S0 Establish the path conditions

School of Computing Clemson University Establish the sub-goals in state- oriented terms using a table ConditionAssumeConfirm 0 If (Depth(S) /= 0) then 1|S0| /= 0 Pop(E, S); 2|S0| /= 0 Push(E, S); 3|S0| /= 0 end; 4.1|S0| = 0S4 = S0S4 = S0 4.2|S0| /= 0S4 = S3S4 = S0

School of Computing Clemson University ConditionAssumeConfirm 0 If (Depth(S) /= 0) then 1|S0| /= 0…… Pop(E, S); 2|S0| /= 0…… Push(E, S); 3|S0| /= 0… end; 4.1|S0| = 0S4 = S0S4 = S0 4.2|S0| /= 0S4 = S3S4 = S0 Fill in other assumptions and obligations as before…

School of Computing Clemson University More Mathematical Reasoning  Create this example using the web interface, generate VCs, and prove them  For recursive implementations  Recursive calls are handled just as any other call  Need to show termination using a programmer-supplied decreasing “metric”  For iterative implementations, invariants and decreasing metrics are used

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.