We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byShayne McManus
Modified about 1 year ago
© M. Winter COSC 4P41 – Functional Programming 10. 1 Testing vs Proving Testing –uses a set of “typical” examples, –symbolic testing, –may find errors, but cannot show absents of errors, –“easy” to do. Proving correctness –establishes properties of programs by a mathematical proof, failure error in the program success program is correct –difficult enterprise. Testing and proving should both be part of the development process of reliable software.
© M. Winter COSC 4P41 – Functional Programming 10. 2 Properties of programs Definedness and termination Evaluating an expression can have one of two outcomes: –the evaluation can halt, or terminate, to give a result, or –the evaluation can go on forever. The proofs we consider state a property that holds for all defined values (partial correctness). Finiteness In a lazy language we have two kinds of special elements: –infinite objects, e.g., infinite lists, –partially defined objects. Programs as formulas A definition square :: Int -> Int square x = x*x leads to the following formula x::Int (square x = x*x)
© M. Winter COSC 4P41 – Functional Programming 10. 3 Verification Principle of extensionality: Two functions f and g are equal if they have the same value at every argument. Principle of induction for natural numbers: In order to prove that a logical property P(n) holds for all natural numbers n we have to do two things: – Base case: Prove P(0). – Induction step: Prove P(n+1) on the assumption that P(n) holds. Principle of structural induction for lists: In order to prove that a logical property P(xs) holds for all finite lists xs we have to do two things: – Base case: Prove P(). – Induction step: Prove P(x:xs) on the assumption that P(xs) holds.
© M. Winter COSC 4P41 – Functional Programming 10. 4 Reasoning about algebraic types Verification for algebraic types follows the example of lists. Principle of structural induction for algebraic types: In order to prove that a logical property P(x) holds for all finite elements of an algebraic type T: – Base case: Prove P(C) for all non-recursive constructors C of T. – Induction step: Prove P(Cr y 1 … y n ) for all recursive constructors Cr of T on the assumption that P(y1) and … and P(y n ) holds. Example: data Tree a = Empty | Node a (Tree a) (Tree a) – Base case: Prove P(Empty) – Induction step: Prove P(Node x t1 t2) for all x of type a on the assumption that P(t1) and … and P(t2) holds.
© M. Winter COSC 4P41 – Functional Programming 10. 5 List induction revisited To prove a property for all finite or partial lists (fp-lists) we can use the following principle: Principle of structural induction for fp-lists: In order to prove that a logical property P(xs) holds for all fp-lists xs we have to do three things: – Base case: Prove P() and P(undef). – Induction step: Prove P(x:xs) on the assumption that P(xs) holds. fp-lists as an approximation of infinite lists: [a 1,a 2,a 3,…] is approximated by the collection undef, a 1 :undef, a 1 :a 2 :undef, a 1 :a 2 :a 3 :undef, … For some properties (admissible or continuous predicates) it is enough to show the property for all approximations to know that it will be valid for all infinite lists as well. In particular, this is true for all equations.
© M. Winter COSC 4P41 – Functional Programming 10. 6 Case study Consider again the following data type for expressions: data Expr = Lit Int | IVar Var | Let Var Expr Expr | Expr :+: Expr | Expr :-: Expr | Expr :*: Expr | Expr :\: Expr deriving Show The meaning (value) of such an expression is evaluated using a Store. Store is an abstract data type providing several functions.
© M. Winter COSC 4P41 – Functional Programming 10. 7 Case study (cont’d) eval :: Expr -> Store -> Int eval (Lit n) store = n eval (IVar v) store = value store v eval (Let v e1 e2) store = eval e2 (update store v (eval e1 store)) eval (e1 :+: e2) store = eval e1 store + eval e2 store eval (e1 :-: e2) store = eval e1 store - eval e2 store eval (e1 :*: e2) store = eval e1 store * eval e2 store eval (e1 :\: e2) store = eval e1 store `div` eval e2 store initial :: Store value :: Store -> Var -> Int update :: Store -> Var -> Int -> Store USER IMPLEMENTOR
© M. Winter COSC 4P41 – Functional Programming 10. 8 Case study (cont’d) Several questions arise: 1.What are the natural properties which should be fulfilled by Expr and the eval function? 2.What are natural properties of the functions provided by the ADT Store ? 3.Are those properties sufficient to show the properties of eval ?
© M. Winter COSC 4P41 – Functional Programming 10. 9 Case study (cont’d) 1.Consider the following function: subst :: Expr -> Expr -> Var -> Expr subst (Lit n) _ _ = Lit n subst (IVar v) e w = if v==w then e else (IVar v) subst (Let v e1 e2) e w = Let v (subst e1 e w) (if v==w then e2 else subst e2 e w) subst (e1 :+: e2) e w = subst e1 e w :+: subst e2 e w subst (e1 :-: e2) e w = subst e1 e w :-: subst e2 e w subst (e1 :*: e2) e w = subst e1 e w :*: subst e2 e w subst (e1 :\: e2) e w = subst e1 e w :\: subst e2 e w A natural property would be eval (subst e1 e2 v) store = eval e1 (update store v (eval e2 store))
© M. Winter COSC 4P41 – Functional Programming 10. 10 Case study (cont’d) 2.Consider the following properties: value initial v = 0 value (update store v n) v = n v /= w value (update store v n) w = value store w Notice, every element of Store can be generated using initial and update. These functions are “abstract” constructor functions for the ADT Store. For all other functions (the function value ) axioms in terms of the constructor functions are provided. This will give a sufficient set of axioms. 3.Yes!!! (see derivation in class).
© M. Winter COSC 4P41 – Functional Programming 10. 11 Proving in Isabelle
© M. Winter COSC 4P41 – Functional Programming 10. 12
© M. Winter COSC 4P41 – Functional Programming 10. 13
© M. Winter COSC 4P41 – Functional Programming Abstract data types (ADTs) An ADT is a data type together with some functions to manipulate elements.
Termination Analysis Math Foundations of Computer Science.
June 21, Reasoning about explicit strictness in a lazy language using mixed lazy/strict semantics Marko van Eekelen Maarten de Mol Nijmegen University,
Chapter 14 Programming With Streams. Streams A stream is an infinite sequence of values. We could define a special data type for them: data Stream.
9.4 Mathematical Induction. Mathematical induction is a form of mathematical proof. Just because a rule, pattern, or formula seems to work for several.
(3.1) Semantics Static semantics – attribute grammars » examples » computing attribute values » status Dynamic semantics – operational semantics –
Copyright © Cengage Learning. All rights reserved. CHAPTER 6 SET THEORY.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Sparkle A theorem prover for the functional language Clean Maarten de Mol University of Nijmegen February 2002.
Chapter 3 Part II Describing Syntax and Semantics.
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
INM175 Topic 8 1 Module INM175 Discrete Mathematics Topic 8 Algebraic Theories.
Classifications LanguageGrammarAutomaton Regular, right- linear Right-linear, left-linear DFA, NFA Context-free PDA Context- sensitive LBA Recursively.
22C:19 Discrete Structures Induction and Recursion Fall 2014 Sukumar Ghosh.
CS 363 Comparative Programming Languages Semantics.
EE1J2 - Slide 1 EE1J2 – Discrete Maths Lecture 12 Number theory Mathematical induction Proof by induction Examples.
Section 2.3 Mathematical Induction. First Example Investigate the sum of the first n positive odd integers. 1= ____ 1 + 3= ____ = ____
Sequences and Series (T) Students will know the form of an Arithmetic sequence. Arithmetic Sequence: There exists a common difference (d) between each.
Formal Methods in Software Engineering1 Lecture 17 Describing Syntax and Semantics.
Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.
PrasadCS7761 Haskell Data Types/ADT/Modules Type/Class Hierarchy Lazy Functional Language.
Mathematical Induction What it is? Why is it a legitimate proof method? How to use it?
ICS 253: Discrete Structures I Induction and Recursion King Fahd University of Petroleum & Minerals Information & Computer Science Department.
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
8. Introduction to Denotational Semantics. © O. Nierstrasz PS — Denotational Semantics 8.2 Roadmap Overview: Syntax and Semantics Semantics of Expressions.
Type Safety Kangwon National University 임현승 Programming Languages.
1 Proving Properties of Recursive List Functions CS 270 Math Foundations of CS Jeremy Johnson.
© M. Winter COSC 4P41 – Functional Programming Programming with actions Why is I/O an issue? I/O is a kind of side-effect. Example: Suppose there.
Proving termination conditions Name Country, City, University Omer Subasi Turkey, Istanbul, Koc University Anton Dergunov
Cs7120 (Prasad)L9-RECUR-IND1 Recursion and Induction.
22C:19 Discrete Structures Induction and Recursion Spring 2014 Sukumar Ghosh.
Operational Semantics Semantics with Applications Chapter 2 H. Nielson and F. Nielson
0 PROGRAMMING IN HASKELL Chapter 10 - Declaring Types and Classes.
© 2003, Yishai Feldman Proving Sufficient Completeness Example: Set ADT.
Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”
What it is? Why is it a legitimate proof method? How to use it?
Copyright © Cengage Learning. All rights reserved. Sequences and Series.
1 Proving Properties of Recursive Functions and Data Structures CS 270 Math Foundations of CS Jeremy Johnson.
Solve and algebraic equation and provide a justification for each step. Identify which property of equality or congruence is being used.
Programming Languages Third Edition Chapter 12 Formal Semantics.
Lecture 1 Overview Topics 1. Proof techniques: induction, contradiction Proof techniques June 1, 2015 CSCE 355 Foundations of Computation.
Section 5.1. Section Summary Mathematical Induction Examples of Proof by Mathematical Induction Mistaken Proofs by Mathematical Induction Guidelines for.
Katz Formal Specifications Larch 1 Algebraic Specification and Larch Formal Specifications of Complex Systems Shmuel Katz The Technion.
CS 611: Lecture 6 Rule Induction September 8, 1999 Cornell University Computer Science Department Andrew Myers.
1 First order theories (Chapter 1, Sections 1.4 – 1.5) From the slides for the book “Decision procedures” by D.Kroening and O.Strichman.
Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.
Operational Semantics Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
Problems on Induction. Mathematical Induction Description Three Steps Mathematical Induction applies to statements which depend on a parameter.
© 2017 SlidePlayer.com Inc. All rights reserved.