Download presentation
Presentation is loading. Please wait.
Published byJonas Reeves Modified over 6 years ago
1
Executable Specifications: Foundations MS Tools
Yuri Gurevich Microsoft Research
2
Agenda A short version of the talk A piece of theory
Executable specifications Our languages Our tools
3
The Short Version
4
Genesis This project started about 20 years ago when this logician moved to computer science. What is CS about? While it is about many things, the central role is played by algorithms (in a broad sense of the term). Operating systems, programming languages, compilers, etc. are all algorithms.
5
Key Question What’s an algorithm?
The Turing machine is not adequate anymore. What is, if anything?
6
The Proposed Solution A long analysis led to abstract state machines and the ASM thesis: For every algorithm there is a behaviorally identical ASM.
7
Experimental Confirmation
By the thesis, ASMs fit to model and specify algorithms. Many applications are found, in academia and industry. In the process, experimental confirmation of the thesis accumulates.
8
The group on Foundations of Software Engineering at MSR
Wolfram Schulte Margus Veanes Colin Campbell Lev Nachmanson Mike Barnett Wolfgang Grieskamp Nikolai Tillman
9
Behavioral theory of computation
Increasing parts of the ASM thesis are proven from first principles. In the process, axiomatic definitions of sequential, parallel, etc. algorithms emerge. 2: rather than the theory of recursive functions or specialized theories of sorting algorithm, linear programming, etc.
10
A piece of theory
11
Sequential Time Postulate
Any algorithm determines the set of states, the subset of initial states, the transition function. Def. Two seq-time algorithms are behaviorally equivalent if they have the same states, initial states and the transition function.
12
What are states of an algorithm?
What are states of, say, a C program? Transparent (or explicit, or honest) states In the seq-time case, a state is examinable and – unless the process stops – the next state exists
13
Abstract State Postulate
The states are logic structures. ... Define structures in one sentence.
14
Seq algorithms Seq-time algorithms with bounded-work steps.
How to measure work?
15
Definition A sequential algorithm is any entity that satisfies the three postulates: sequential time, abstract state, bounded-exploration.
16
Euclid’s algorithm if b = 0 then d := a else [do in-parallel] a := b b := a mod b
17
Seq Characterization Theorem
For every sequential algorithm A, there exists a behaviorally equivalent sequential ASM . Ref. #141 at the speaker’s website
18
Parallel algorithms 1 2 3 4 5 6 7 8 9 Example Slicing a dag
19
Slicing a Dag in AsmL forall v in V
if forall u in V holds (u,v) in E implies u in X then add v to X
20
Par Characterization Thm
Analysis Theorem: For every parallel algorithm A, there is a behaviorally equivalent parallel ASM . Ref. #157
21
Intra-step interaction
New object creation, choice, remote procedure calls, messages The characterization theorems Ref: #166, 170, 171, and forthcoming by Andreas Blass, YG, Dean Rosenzweig and Benjamin Rossman
22
Distributed algorithms
Distributed ASMs were defined long ago, and most ASM applications, at least at Microsoft, are distributed, but the axiomatization problem is still open.
23
Executable specifications
24
In-place one-swap-a-time sorting
var A as Seq of Integer = [3,1,2] Swap() choose i,j in Indices(A) where i<j and A(i)>A(j) A(i) := A(j) A(j) := A(i) Sort() step until fixpoint A = [2,3,1] Nondeterminsm A = [1,3,2] A = [2,1,3] A = [1,2,3] Parallelism
25
Our Languages
26
AsmL and C# http://research.microsoft.com/fse/asml
Math e.g. set comprehension {x2 | x ∊ {1,..,10} where x = 0 mod 2} Transactions, nondeterminism OO, interoperability via .NET Literate programming via Word, automated programming via XML AmsL can call methods from e.g. C# programs, and the other round. No marshaling is involved. The first .Net specification language (as far as we know). Why is this important? You want to simulate, say, a component in its natural environment which may involve interaction with various other components.
27
Topological Sorting step while ToSet(S) ne V let X = V - ToSet(S)
if X <> {} then S := S + [(any v | v in X where not(exists u in X where (u,v) in E))]
28
Our Tools
29
Software development process
Current Projects Specs Spec Explorer Dev Arch/PM/Lead Test System Design System Test Specs Parameterized Unit Tests Class Design Unit Test Spec# Specs Abstraction Coding Time
30
Validating the spec Human comprehension Playing scenarios
Deriving an FSM and then testing (including model checking) it
31
Enforcing the spec In the deterministic case, generate a test suite with results, and run the suit on various implementations. Execute the model and implementation in lock step. Play to test
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.