We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byShayne McManus
Modified about 1 year ago
© M. Winter COSC 4P41 – Functional Programming Testing vs Proving Testing –uses a set of “typical” examples, –symbolic testing, –may find errors, but cannot show absents of errors, –“easy” to do. Proving correctness –establishes properties of programs by a mathematical proof, failure error in the program success program is correct –difficult enterprise. Testing and proving should both be part of the development process of reliable software.
© M. Winter COSC 4P41 – Functional Programming Properties of programs Definedness and termination Evaluating an expression can have one of two outcomes: –the evaluation can halt, or terminate, to give a result, or –the evaluation can go on forever. The proofs we consider state a property that holds for all defined values (partial correctness). Finiteness In a lazy language we have two kinds of special elements: –infinite objects, e.g., infinite lists, –partially defined objects. Programs as formulas A definition square :: Int -> Int square x = x*x leads to the following formula x::Int (square x = x*x)
© M. Winter COSC 4P41 – Functional Programming Verification Principle of extensionality: Two functions f and g are equal if they have the same value at every argument. Principle of induction for natural numbers: In order to prove that a logical property P(n) holds for all natural numbers n we have to do two things: – Base case: Prove P(0). – Induction step: Prove P(n+1) on the assumption that P(n) holds. Principle of structural induction for lists: In order to prove that a logical property P(xs) holds for all finite lists xs we have to do two things: – Base case: Prove P(). – Induction step: Prove P(x:xs) on the assumption that P(xs) holds.
© M. Winter COSC 4P41 – Functional Programming Reasoning about algebraic types Verification for algebraic types follows the example of lists. Principle of structural induction for algebraic types: In order to prove that a logical property P(x) holds for all finite elements of an algebraic type T: – Base case: Prove P(C) for all non-recursive constructors C of T. – Induction step: Prove P(Cr y 1 … y n ) for all recursive constructors Cr of T on the assumption that P(y1) and … and P(y n ) holds. Example: data Tree a = Empty | Node a (Tree a) (Tree a) – Base case: Prove P(Empty) – Induction step: Prove P(Node x t1 t2) for all x of type a on the assumption that P(t1) and … and P(t2) holds.
© M. Winter COSC 4P41 – Functional Programming List induction revisited To prove a property for all finite or partial lists (fp-lists) we can use the following principle: Principle of structural induction for fp-lists: In order to prove that a logical property P(xs) holds for all fp-lists xs we have to do three things: – Base case: Prove P() and P(undef). – Induction step: Prove P(x:xs) on the assumption that P(xs) holds. fp-lists as an approximation of infinite lists: [a 1,a 2,a 3,…] is approximated by the collection undef, a 1 :undef, a 1 :a 2 :undef, a 1 :a 2 :a 3 :undef, … For some properties (admissible or continuous predicates) it is enough to show the property for all approximations to know that it will be valid for all infinite lists as well. In particular, this is true for all equations.
© M. Winter COSC 4P41 – Functional Programming Case study Consider again the following data type for expressions: data Expr = Lit Int | IVar Var | Let Var Expr Expr | Expr :+: Expr | Expr :-: Expr | Expr :*: Expr | Expr :\: Expr deriving Show The meaning (value) of such an expression is evaluated using a Store. Store is an abstract data type providing several functions.
© M. Winter COSC 4P41 – Functional Programming Case study (cont’d) eval :: Expr -> Store -> Int eval (Lit n) store = n eval (IVar v) store = value store v eval (Let v e1 e2) store = eval e2 (update store v (eval e1 store)) eval (e1 :+: e2) store = eval e1 store + eval e2 store eval (e1 :-: e2) store = eval e1 store - eval e2 store eval (e1 :*: e2) store = eval e1 store * eval e2 store eval (e1 :\: e2) store = eval e1 store `div` eval e2 store initial :: Store value :: Store -> Var -> Int update :: Store -> Var -> Int -> Store USER IMPLEMENTOR
© M. Winter COSC 4P41 – Functional Programming Case study (cont’d) Several questions arise: 1.What are the natural properties which should be fulfilled by Expr and the eval function? 2.What are natural properties of the functions provided by the ADT Store ? 3.Are those properties sufficient to show the properties of eval ?
© M. Winter COSC 4P41 – Functional Programming Case study (cont’d) 1.Consider the following function: subst :: Expr -> Expr -> Var -> Expr subst (Lit n) _ _ = Lit n subst (IVar v) e w = if v==w then e else (IVar v) subst (Let v e1 e2) e w = Let v (subst e1 e w) (if v==w then e2 else subst e2 e w) subst (e1 :+: e2) e w = subst e1 e w :+: subst e2 e w subst (e1 :-: e2) e w = subst e1 e w :-: subst e2 e w subst (e1 :*: e2) e w = subst e1 e w :*: subst e2 e w subst (e1 :\: e2) e w = subst e1 e w :\: subst e2 e w A natural property would be eval (subst e1 e2 v) store = eval e1 (update store v (eval e2 store))
© M. Winter COSC 4P41 – Functional Programming Case study (cont’d) 2.Consider the following properties: value initial v = 0 value (update store v n) v = n v /= w value (update store v n) w = value store w Notice, every element of Store can be generated using initial and update. These functions are “abstract” constructor functions for the ADT Store. For all other functions (the function value ) axioms in terms of the constructor functions are provided. This will give a sufficient set of axioms. 3.Yes!!! (see derivation in class).
© M. Winter COSC 4P41 – Functional Programming Proving in Isabelle
© M. Winter COSC 4P41 – Functional Programming
© M. Winter COSC 4P41 – Functional Programming
Completeness and Expressiveness. Consistency: a syntactic definition, related to the proof system. A set of formulas is consistent if there is no formula.
Mathematical Induction Rosen 3.3. Basics The Well-Ordering Property - Every nonempty set of nonnegative integers has a least element. Many theorems state.
Ch 3.2: Solutions of Linear Homogeneous Equations; Wronskian Let p, q be continuous functions on an interval I = ( , ), which could be infinite. For.
Algorithm Analysis. Assignment #8 Submit in PDF format ONLY !!! Assignment will NOT be accepted in format other than pdf. See and blackboard announcements.
Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.
Functional Programming Lecture 10 - type checking.
Lecture 1Discrete Structures 1 1 u Introduction to sets and set notation (5.1, 5.3) u Visualizing sets: Venn diagrams (5.1) u Axiom of extension (5.1)
CS4026 Formal Models of Computation Part II The Logic Model Lecture 6 – Arithmetic, fail and the cut.
Some important properties Lectures of Prof. Doron Peled, Bar Ilan University.
Chapter 22 Implementing lists: linked implementations.
Types and Programming Languages Lecture 4 Simon Gay Department of Computing Science University of Glasgow 2006/07.
In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows.
Softrare Reliability Methods Prof. Doron A. Peled Bar Ilan University, Israel And Univeristy of warwick, UK Version 2008.
5.1 Real Vector Spaces. Definition (1/2) Let V be an arbitrary nonempty set of objects on which two operations are defined, addition and multiplication.
Program verification: flowchart programs Book: chapter 7.
The Game of Algebra or The Other Side of Arithmetic The Game of Algebra or The Other Side of Arithmetic © 2007 Herbert I. Gross by Herbert I. Gross & Richard.
Automata Theory CS 3313 Chapter 3 Regular Expression and Regular Languages.
Relational Calculus and Datalog Helena Galhardas DEI IST (Slides baseados No Cap 5 livro DB Concepts Silberchatz et al, e disciplina CSE330 – Database.
Programmed Strategies for Program Verification Richard B. Kieburtz OHSU/OGI School of Science and Engineering and Portland State University.
Functional Programming Lecture 13 - induction on lists.
1 Program verification: flowchart programs (Book: chapter 7)
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.
Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
With examples from Number Theory (Rosen 1.5, 3.1, sections on methods of proving theorems and fallacies)
Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.
0 PROGRAMMING IN HASKELL Chapter 7 - Higher-Order Functions.
CS4026 Formal Models of Computation Part II The Logic Model Lecture 5 – Lists.
© 2016 SlidePlayer.com Inc. All rights reserved.