Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Joseph E. Hollingsworth

Published byMaria Gallagher Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Joseph E. Hollingsworth"— Presentation transcript:

1 Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Joseph E. Hollingsworth (jholly@ius.edu)jholly@ius.edu Murali Sitaraman (murali@clemson.edu)murali@clemson.edu http://www.cs.clemson.edu/group/resolve/ This research is funded in part by NSF grants CCF-0811748, CCF ‐ 1161916, DUE-1022191, and DUE-1022941.

2 School of Computing Clemson University Overview  Software correctness proofs  Connections between software correctness and discrete math foundations  Key example: Recursive code correctness and induction

3 School of Computing Clemson University Basics  Software is correct if it meets its specifications.  Is the following code segment correct? Assume all variables are Integers. Assume I = #I and J = #J; Temp = I; I = J; J = Temp; Confirm I = #J and J = #I;

4 School of Computing Clemson University Basics  Software is correct if it meets its specifications.  Is the following code segment correct? Assume all variables are Integers. Assume I = #I and J = #J; Temp := I; I := J; J := Temp; Confirm I = #J and J = #I;

5 School of Computing Clemson University Assignment Rule Assume I = #I and J = #J; Temp := I; I := J; J := Temp; Confirm I = #J and J = #I;  Since J is assigned Temp, if we can prove Temp = #I before the last assignment, then J would equal #I after that assignment (our goal)

6 School of Computing Clemson University Simplify Assume I = #I and J = #J; Temp := I; I := J; J := Temp; Confirm I = #J and J = #I;  becomes (change is shown in italics) Assume I = #I and J = #J; Temp := I; I := J; Confirm I = #J and Temp = #I;

7 School of Computing Clemson University Simplify again Assume I = #I and J = #J; Temp := I; I := J; Confirm I = #J and Temp = #I;  becomes Assume I = #I and J = #J; Temp := I; Confirm J = #J and Temp = #I;

8 School of Computing Clemson University Simplify one more time Assume I = #I and J = #J; Temp := I; Confirm J = #J and Temp = #I;  becomes Assume I = #I and J = #J; Confirm J = #J and I = #I;

9 School of Computing Clemson University Correctness to Discrete Math  Simplify one more time. Assume I = #I and J = #J; Confirm J = #J and I = #I;  The above is the same as: (I = #I and J = #J)  (J = #J and I = #I);  True, because P  P;

10 School of Computing Clemson University Basics  What did we just do?  Mathematically prove that a piece of code is correct using integer theory and logic.  The process is mechanical.  This is unlike testing where we can only show presence of errors, but not their absence.

11 School of Computing Clemson University Exercise  Is the following code segment correct? Assume all variables are Integers.  Work it out on the given sheet. Assume I = #I and J = #J; I := I + J; J := I - J; I := I - J; Confirm I = #J and J = #I;

12 School of Computing Clemson University Simplify Assume I = #I and J = #J; I := I + J; J := I - J; I := I - J; Confirm I = #J and J = #I;  becomes Assume I = #I and J = #J; I := I + J; J := I - J; Confirm (I – J) = #J and J = #I;

13 School of Computing Clemson University Simplify again Assume I = #I and J = #J; I := I + J; J := I - J; Confirm (I – J) = #J and J = #I;  becomes Assume I = #I and J = #J; I := I + J; Confirm (I – (I – J)) = #J and (I – J) = #I;

14 School of Computing Clemson University Simplify expression Assume I = #I and J = #J; I := I + J; Confirm (I – (I – J)) = #J and (I – J) = #I;  becomes Assume I = #I and J = #J; I := I + J; Confirm J = #J and (I – J) = #I;

15 School of Computing Clemson University Simplify one last time Assume I = #I and J = #J; I := I + J; Confirm J = #J and (I – J) = #I;  becomes Assume I = #I and J = #J; Confirm J = #J and ((I + J) – J) = #I;  becomes Assume I = #I and J = #J; Confirm J = #J and I = #I;

16 School of Computing Clemson University Discussion and Demo  Is the code correct?  Math integers vs. computational integers  Assume and confirm assertions come from requires and ensures clauses of operations  Mechanical “proof” rules exist for all programming constructs, including if statements, while statements, objects, pointers, etc.  They all have discrete math foundations.  Demo site: http://www.cs.clemson.edu/group/resolve/ http://www.cs.clemson.edu/group/resolve/

17 School of Computing Clemson University Part II: Recursion and induction

18 School of Computing Clemson University Example int sum(int j, int k) // requires j >= 0 // ensures result = j + k { if (j == 0) { return k; } else { j--; int r = sum(j, k); return r + 1; }

19 School of Computing Clemson University Reasoning Pattern  Similar to an inductive proof  Base case (e.g., j == 0)  Reason code works for the base case  Recursive case (e.g., j != 0)  Assume that the recursive call j--; r = sum(j, k) works  Reason that the code works for the case of j  Show assumption is legit, i.e., show termination

20 School of Computing Clemson University Recursion: Base case int sum(int j, int k) // requires j >= 0 // ensures result = j + k { if (j == 0) { return k; // Assume: (j = 0) ^ (result = k) // Confirm ensures: result = 0 + k } else {... }

21 School of Computing Clemson University Recursion: Inductive Assumption int sum(int j, int k) // requires j >= 0 // ensures result = j + k { if (j == 0) {... } else { j--; int r = sum(j, k); // Assume: r = (j – 1) + k return r + 1; }

22 School of Computing Clemson University Recursion: Inductive Proof Step int sum(int j, int k) // requires j >= 0 // ensures result = j + k {if (j == 0) {... } else { j--; int r = sum(j, k); return r + 1; // Assume: (r = (j – 1) + k) ^ //(result = r + 1) // Confirm ensures: result = j + k }

23 School of Computing Clemson University Reasoning: Recursive Case  For the inductive proof to be legit, the inductive assumption must be legit  This requires showing that an argument passed to the recursive call is strictly smaller  This is the proof of termination  To prove termination automatically, programmers need to provide a progress metric ( j decreases in the example)

24 School of Computing Clemson University Reasoning about iterative code  Also appeals to induction  Loops need to include an “invariant” and a progress metric for termination  Invariant is established for the base case (i.e., before the loop is entered)  Invariant is assumed at the beginning of an iteration and confirmed at the beginning of the next  Also needs a progress metric and a proof of termination

25 School of Computing Clemson University Part III: Discrete Math and Software Modeling

26 School of Computing Clemson University Discrete Math and Specifications  Discrete structures, such as numbers, sets, etc., are used in mathematical modeling of software  Example using another discrete structure: Mathematical strings  Strings are useful to specify and reason about CS structures, such as stacks, queues, lists, etc.  Example: Verify recursive code that reverses a character string or a queue

27 School of Computing Clemson University Basic Math Strings  Unlike sets, strings have order Example: Str(Z) for String of integers  Notations Empty string (written empty_string or ) Concatenation ( alpha o beta ) Length ( |alpha| ) String containing one entry ( )

28 School of Computing Clemson University Theorems from string theory  Various theorems from string theory are necessary to prove software correctness  VCs in proving correctness of iterative Queue Append realization  Demo:http://www.cs.clemson.edu/g roup/resolve/http://www.cs.clemson.edu/g roup/resolve/  Theorem: string concatenation is associative: , : Str(), x: , (( o ) o ) = ( o ( o ))

29 School of Computing Clemson University Theorems from string theory  Various theorems from string theory are necessary to prove software correctness  VCs in proving correctness of recursive Queue Flip or Text Flip realization  Demo:http://www.cs.clemson.edu/g roup/resolve/http://www.cs.clemson.edu/g roup/resolve/  String reversal theorem: : Str(), x: , Reverse ( o ) = o Reverse()

30 School of Computing Clemson University Summary  Discrete math foundations are central for developing correct software.  Modern programming languages are being enhanced with specification language counterparts to facilitate verification of software correctness  Example spec/programming language combinations include JML (Java Modeling Language)/Java, Spec#/C#, and RESOLVE (an integrated language).

Download ppt "Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Joseph E. Hollingsworth"

Similar presentations

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
This research is funded in part the U. S. National Science Foundation grant CCR-0113181. DEET for Component-Based Software Murali Sitaraman, Durga P. Gandi.

This research is funded in part the U. S. National Science Foundation grant CCR DEET for Component-Based Software Murali Sitaraman, Durga P. Gandi.
Computer Science School of Computing Clemson University Introduction to Mathematical Reasoning Jason Hallstrom and Murali Sitaraman Clemson University.

Computer Science School of Computing Clemson University Introduction to Mathematical Reasoning Jason Hallstrom and Murali Sitaraman Clemson University.
Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?

Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CS 355 – Programming Languages

CS 355 – Programming Languages
Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.

Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.
Self-Reference - Induction Cmput 115 - Lecture 7 Department of Computing Science University of Alberta ©Duane Szafron 1999 Some code in this lecture is.

Self-Reference - Induction Cmput Lecture 7 Department of Computing Science University of Alberta ©Duane Szafron 1999 Some code in this lecture is.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Describing Syntax and Semantics

Describing Syntax and Semantics
Proofs, Recursion, and Analysis of Algorithms Mathematical Structures for Computer Science Chapter 2 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesProofs,

Proofs, Recursion, and Analysis of Algorithms Mathematical Structures for Computer Science Chapter 2 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesProofs,
Mathematics throughout the CS Curriculum Support by NSF #

Mathematics throughout the CS Curriculum Support by NSF #
Discrete Maths Objective to show the close connection between recursive definitions and recursive functions 242-213, Semester 2, 2014-2015 9. Recursion.

Discrete Maths Objective to show the close connection between recursive definitions and recursive functions , Semester 2, Recursion.
Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Murali Sitaraman

Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Murali Sitaraman
Computer Science School of Computing Clemson University Specification and Reasoning in SE Projects Using a Web IDE Charles T. Cook (Clemson) Svetlana V.

Computer Science School of Computing Clemson University Specification and Reasoning in SE Projects Using a Web IDE Charles T. Cook (Clemson) Svetlana V.
Computer Science School of Computing Clemson University Mathematical Reasoning across the Curriculum Software Development Foundations and Software Engineering.

Computer Science School of Computing Clemson University Mathematical Reasoning across the Curriculum Software Development Foundations and Software Engineering.
Lecture 16 March 22, 2011 Formal Methods CS 315 Spring 2011 1 Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson)

Lecture 16 March 22, 2011 Formal Methods CS 315 Spring Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson)

Similar presentations

Ads by Google