Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mathematical Reasoning

Published byGlenna Gunawan Modified over 5 years ago

Similar presentations

Presentation on theme: "Mathematical Reasoning"— Presentation transcript:

1 Mathematical Reasoning
Lecture SE-5

2 Overview Methods for checking code is correct, i.e., it meets specification Testing Tracing or inspection Formal verification of correctness

3 Testing Goal: To find bugs Method: Identify “adequate” test points
Recall: Test point = (valid input, expected output) Method: Execute the code on those inputs Cannot test on all inputs Can only show presence of bugs, not absence

4 Tracing or Formal Inspection
Goal: To find bugs Method: Identify “adequate” tracing points Tracing point = test point = (valid input, expected output) Method: Hand trace the code on those inputs Cannot trace on all inputs Can only show presence of bugs, not absence; but some logic check is done

5 Formal Verification Goal: To prove correctness
Method: The rest of this presentation Can prove correctness on all valid inputs Can only show absence of bugs

6 Example Goal: Prove that the following code requires …
ensures I = #J and J = #I; Code: I = sum(I, J); J = difference(I, J); I = difference(I, J);

7 Example Goal: Prove that the following code requires …
ensures I = #J and J = #I; Code: I = sum(I, J); J = difference(I, J); I = difference(I, J);

8 Recall: Specification of Integer Operations
Think of ints as integers in math constraints for all integer I MIN_VALUE <= I <= MAX_VALUE int sum (int I, int J); requires MIN_VALUE <= I + J and I + J <= MAX_VALUE; ensures sum = I + J; int difference (int I, int J); requires MIN_VALUE <= I - J and I - J <= MAX_VALUE; ensures difference = I - J;

9 Example Goal: Prove that the following code requires …
ensures I = #J and J = #I; Code: I = sum(I, J); J = difference(I, J); I = difference(I, J);

10 Establish the goals in state-oriented terms using a table
Assume Confirm 0 … I = sum(I, J); 1 J = difference(I, J); 2 I = difference(I, J); I3 = J0 and J3 = I0;

11 Establish assumptions (and obligations)
Assume Confirm 0 … … I = sum(I, J); 1 I1 = I0 + J0 and … J1 = J0 J = difference(I, J); 2 J2 = I1 - J1 and … I2 = I1 I = difference(I, J); 3 I3 = I2 – J2 and I3 = J0 and J3 = J2 J3 = I0

12 Prove all assertions to be confirmed
Prove I3 = J0 and J3 = I0 Proof of I3 = J0 I3 = I2 – J2 = (I1 – J1) – I1 substitution for I2 and J2 = J1 simplification = J0 substitution for J1 Proof of J3 = I0 exercise Code is correct if all assertions to be confirmed are proved

13 Example: Confirm caller’s obligations (Why?)
Assume Confirm 0 … … I = sum(I, J); 1 I1 = I0 + J0 and MIN_VALUE <= J1 = J0 (I1 – J1) <= MAX_VALUE J = difference(I, J); 2 … …

14 Confirm caller’s obligations
Assume Confirm 0 … MIN_VALUE <= I0 + J <= MAX_VALUE I = sum(I, J); 1 … MIN_VALUE <= I1 – J <= MAX_VALUE J = difference(I, J); 2 … MIN_VALUE <= I2 – J <= MAX_VALUE I = difference(I, J); 3 … I3 = J0 and J3 = I0

15 Prove all assertions to be confirmed
Proofs - exercises Given the goal requires MIN_VALUE <= I + J and I + J <= MAX_VALUE; ensures I = #J and J = #I; The code below is correct I = sum(I, J); J = difference(I, J); I = difference(I, J);

16 Basics of Mathematical Reasoning
Suppose you are verifying code for some operation P Assume its requires clause in state 0 Confirm its ensures clause at the end Suppose that P calls Q Confirm the requires clause of Q in the state before Q is called Why? Because caller is responsible Assume the ensures clause of Q in the state after Q Why? Because Q is assumed to work Prove assertions to be confirmed

17 Another Example Specification:
Operation Do_Nothing (restores S: Stack); Goal: Same as ensures S = #S; Code: Procedure Do_Nothing (restores S: Stack); Var E: Entry; Pop(E, S); Push(E, S); end Do_Nothing;

18 Exercise: Complete table and prove!
Assume Confirm 0 … … Pop(E, S); 1 … … Push(E. S); 2 … …

19 Recall Specification of Stack Operations
Operation Push (alters E: Entry; updates S: Stack); requires |S| < Max_Depth; ensures S = <#E> o #S; Operation Pop (replaces R: Entry; updates S: Stack); requires |S| > 0; ensures #S = <R> o S; Operation Depth (restores S: Stack): Integer; ensures Depth = |S|;

20 Collaborative Exercise: Answers
Assume Confirm 0 … |S| > 0 Pop(E, S); 1 S0 = <E1> o S1 |S| < Max_Depth Push(E. S); 2 S2 = <E1> o S1 S2 = S0 …

21 Discussion Is the code Correct? If not, fix it
Important Idea: The reasoning table can be filled mechanically Principles of reasoning about all objects and operations are the same Need mathematical specifications VC generation and automated verification demo

Download ppt "Mathematical Reasoning"

Similar presentations

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
PROOF BY CONTRADICTION

PROOF BY CONTRADICTION
Computer Science School of Computing Clemson University Introduction to Mathematical Reasoning Jason Hallstrom and Murali Sitaraman Clemson University.

Computer Science School of Computing Clemson University Introduction to Mathematical Reasoning Jason Hallstrom and Murali Sitaraman Clemson University.
School of Computing Clemson University Mathematical Reasoning  Goal: To prove correctness  Method: Use a reasoning table  Prove correctness on all valid.

School of Computing Clemson University Mathematical Reasoning  Goal: To prove correctness  Method: Use a reasoning table  Prove correctness on all valid.
Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?

Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
11111 Functional Program Verification CS 4311 A. M. Stavely, Toward Zero Defect Programming, Addison-Wesley, 1999. Y. Cheon and M. Vela, A Tutorial on.

11111 Functional Program Verification CS 4311 A. M. Stavely, Toward Zero Defect Programming, Addison-Wesley, Y. Cheon and M. Vela, A Tutorial on.
Formal Semantics of Programming Languages 虞慧群 Topic 5: Axiomatic Semantics.

Formal Semantics of Programming Languages 虞慧群 Topic 5: Axiomatic Semantics.
Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.
CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.

CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.
Copyright W. Howden1 Lecture 13: Programming by Contract.

Copyright W. Howden1 Lecture 13: Programming by Contract.
General Announcements Project Due Friday, 1/30 Labs start Wednesday & Thursday – Java review – Weiss 1.19, 1.20 – You may show up & hand in Workshops.

General Announcements Project Due Friday, 1/30 Labs start Wednesday & Thursday – Java review – Weiss 1.19, 1.20 – You may show up & hand in Workshops.
Axiomatic Semantics Dr. M Al-Mulhem ICS535-091.

Axiomatic Semantics Dr. M Al-Mulhem ICS
Dr. Muhammed Al-Mulhem 1ICS535-101 ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.

Dr. Muhammed Al-Mulhem 1ICS ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.
1 Security Architecture and Analysis Software Inspections and Verification Software Testing and Certification.

1 Security Architecture and Analysis Software Inspections and Verification Software Testing and Certification.
1 Advanced Material The following slides contain advanced material and are optional.

1 Advanced Material The following slides contain advanced material and are optional.
Mathematics throughout the CS Curriculum Support by NSF #

Mathematics throughout the CS Curriculum Support by NSF #
Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Murali Sitaraman

Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Murali Sitaraman
Computer Science School of Computing Clemson University Mathematical Reasoning across the Curriculum Software Development Foundations and Software Engineering.

Computer Science School of Computing Clemson University Mathematical Reasoning across the Curriculum Software Development Foundations and Software Engineering.

Similar presentations

Ads by Google