Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science School of Computing Clemson University Mathematical Reasoning with Objects.

Published byHillary Snow Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Science School of Computing Clemson University Mathematical Reasoning with Objects."— Presentation transcript:

1 Computer Science School of Computing Clemson University Mathematical Reasoning with Objects

2 School of Computing Clemson University Example Specification: Operation Do_Nothing (restores S: Stack); Goal: Same as ensures S = #S; Code: Procedure Do_Nothing (restores S: Stack); Var E: Entry; Pop(E, S); Push(E, S); end Do_Nothing;

3 School of Computing Clemson University Exercise: Complete table and prove! AssumeConfirm 0… … Pop(E, S); 1… … Push(E. S); 2… …

4 School of Computing Clemson University Exercise: Complete table and prove! AssumeConfirm 0… … Pop(E, S); 1… … Push(E. S); 2… …  But we can’t Because there are no stacks in math Because there are no “standard” math specifications of pop and push

5 Computer Science School of Computing Clemson University Mathematical Modeling

6 School of Computing Clemson University Unlike mathematics that is implicit…  We view programming integers as though they are mathematical integers (subject to bounds, of course)  We associate mathematical operators (e.g., +) with operations we can do on integers in programs (e.g., +)

7 School of Computing Clemson University Unlike mathematics that is implicit…  Mathematical connections need to be established and made explicit for typical software objects

8 School of Computing Clemson University Mathematical modeling  Type Integer is modeled by Z;  Constraints for all i: Integer, min_int <= i <= max_int;

9 School of Computing Clemson University Alternatively…  Type Integer is modeled by Z;  Let i be an example Integer;  Constraints min_int <= i <= max_int;

10 School of Computing Clemson University Initial value specification…  Type Integer is modeled by Z;  exemplar i;  Constraints min_int <= i <= max_int;  initialization ensures i = 0;

11 School of Computing Clemson University Specification of operations …  Type Integer is modeled by Z;  …  specification of operations, e.g., i++  Operation Increment (updates i: Integer);  requires i < max_int;  ensures i = #i + 1;

12 School of Computing Clemson University More examples …  What is a suitable way to model the state of a light bulb?  …

13 School of Computing Clemson University More examples …  Type Light_Bulb_State is modeled by B;  exemplar b;  Initialization ensures b = false;  Exercises: specification of operations Turn_On, Turn_Off, and Is_On

14 School of Computing Clemson University More examples …  How would you model the state of a traffic light?  …  Alternative models and discussion

15 School of Computing Clemson University Data abstraction examples …  How would you mathematically model a the contents of a stack?  Is a set model appropriate?  Why or why not?  What about a queue?

16 School of Computing Clemson University Mathematical Modeling Summary  To write formal specifications, we need to model the state mathematically  Some objects we use in programming, such as Integers and Reals, have implicit models  For others, such as stacks, queues, lists, etc., we need to conceive explicit mathematical models

17 School of Computing Clemson University Mathematical Modeling of Stacks Concept Stack_Template(type Entry; Max_Depth: Integer); uses String_Theory; Type Family Stack is modeled by … Operation Push… Operation Pop… … end Stack_Template;

18 School of Computing Clemson University Concept Stack_Template(type Entry; Max_Depth: Integer); uses String_Theory; Type Family Stack is modeled by Str(Entry); exemplar S; constraints |S| <= Max_Depth; initialization ensures S = empty_string; … end Stack_Template; Mathematical Modeling of Stacks

19 School of Computing Clemson University Specification of Stack Operations Operation Push (alters E: Entry; updates S: Stack); requires |S| < Max_Depth; ensures S = o #S; Operation Pop (replaces R: Entry; updates S: Stack); requires |S| > 0; ensures #S = o S; Operation Depth (restores S: Stack): Integer; ensures Depth = |S|; …

20 School of Computing Clemson University Exercise: Complete table and prove! AssumeConfirm 0… … Pop(E, S); 1… … Push(E. S); 2… …

21 School of Computing Clemson University Recall: Basics of Mathematical Reasoning  Suppose you are verifying code for some operation P Assume its requires clause in state 0 Confirm its ensures clause at the end  Suppose that P calls Q Confirm the requires clause of Q in the state before Q is called  Why? Because caller is responsible Assume the ensures clause of Q in the state after Q  Why? Because Q is assumed to work  Prove assertions to be confirmed

22 School of Computing Clemson University Collaborative Exercise: Answers AssumeConfirm 0… |S0| > 0 Pop(E, S); 1S0 = o S1 |S1| < Max_Depth Push(E. S); 2S2 = o S1 S2 = S0 …

23 School of Computing Clemson University Discussion  Is the code Correct? If not, fix it

24 School of Computing Clemson University Collaborative Exercise: Answers AssumeConfirm 0|S0| 0 Pop(E, S); 1S0 = o S1 |S1| < Max_Depth Push(E. S); 2S2 = o S1 S2 = S0 …

25 School of Computing Clemson University Discussion  Is the code Correct? If not, fix it  Important Idea: The reasoning table can be filled mechanically  Principles of reasoning about all objects and operations are the same Need mathematical specifications  VC generation and automated verification demo

26 School of Computing Clemson University Is the code correct for the given spec? Specification: Operation Do_Nothing (restores S: Stack); Code: Procedure Do_Nothing (restores S: Stack); Var E: Entry; If (Depth(S) /= 0) then Pop(E, S); Push(E, S); end; end Do_Nothing;

27 School of Computing Clemson University ConditionAssumeConfirm 0 If (Depth(S) /= 0) then 1|S0| /= 0 Pop(E, S); 2|S0| /= 0 Push(E, S); 3|S0| /= 0 end; 4S4 = S0 Establish the path conditions

28 School of Computing Clemson University Establish the sub-goals in state- oriented terms using a table ConditionAssumeConfirm 0 If (Depth(S) /= 0) then 1|S0| /= 0 Pop(E, S); 2|S0| /= 0 Push(E, S); 3|S0| /= 0 end; 4.1|S0| = 0S4 = S0S4 = S0 4.2|S0| /= 0S4 = S3S4 = S0

29 School of Computing Clemson University ConditionAssumeConfirm 0 If (Depth(S) /= 0) then 1|S0| /= 0…… Pop(E, S); 2|S0| /= 0…… Push(E, S); 3|S0| /= 0… end; 4.1|S0| = 0S4 = S0S4 = S0 4.2|S0| /= 0S4 = S3S4 = S0 Fill in other assumptions and obligations as before…

30 School of Computing Clemson University More Mathematical Reasoning  Create this example using the web interface, generate VCs, and prove them  For recursive implementations  Recursive calls are handled just as any other call  Need to show termination using a programmer-supplied decreasing “metric”  For iterative implementations, invariants and decreasing metrics are used

Download ppt "Computer Science School of Computing Clemson University Mathematical Reasoning with Objects."

Similar presentations

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
This research is funded in part the U. S. National Science Foundation grant CCR-0113181. DEET for Component-Based Software Murali Sitaraman, Durga P. Gandi.

This research is funded in part the U. S. National Science Foundation grant CCR DEET for Component-Based Software Murali Sitaraman, Durga P. Gandi.
Computer Science School of Computing Clemson University Introduction to Mathematical Reasoning Jason Hallstrom and Murali Sitaraman Clemson University.

Computer Science School of Computing Clemson University Introduction to Mathematical Reasoning Jason Hallstrom and Murali Sitaraman Clemson University.
School of Computing Clemson University Mathematical Reasoning  Goal: To prove correctness  Method: Use a reasoning table  Prove correctness on all valid.

School of Computing Clemson University Mathematical Reasoning  Goal: To prove correctness  Method: Use a reasoning table  Prove correctness on all valid.
Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?

Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?
Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.

Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
Formal Semantics of Programming Languages 虞慧群 Topic 5: Axiomatic Semantics.

Formal Semantics of Programming Languages 虞慧群 Topic 5: Axiomatic Semantics.
HCSSAS Capabilities and Limitations of Static Error Detection in Software for Critical Systems S. Tucker Taft CTO, SofCheck, Inc., Burlington, MA, USA.

HCSSAS Capabilities and Limitations of Static Error Detection in Software for Critical Systems S. Tucker Taft CTO, SofCheck, Inc., Burlington, MA, USA.
1 Specifying Object Interfaces. 2 Major tasks in this stage: --are there any missing attributes or operations? --how can we reduce coupling, make interface.

1 Specifying Object Interfaces. 2 Major tasks in this stage: --are there any missing attributes or operations? --how can we reduce coupling, make interface.
Run time vs. Compile time

Run time vs. Compile time
1 Run time vs. Compile time The compiler must generate code to handle issues that arise at run time Representation of various data types Procedure linkage.

1 Run time vs. Compile time The compiler must generate code to handle issues that arise at run time Representation of various data types Procedure linkage.
Computer Science School of Computing Clemson University Mathematical Modeling Murali Sitaraman Clemson University.

Computer Science School of Computing Clemson University Mathematical Modeling Murali Sitaraman Clemson University.
Recursion: Function and Programming Software Engineering at Azusa Pacific University  Evolutionary Approach  Examples and Algorithms  Programming in.

Recursion: Function and Programming Software Engineering at Azusa Pacific University  Evolutionary Approach  Examples and Algorithms  Programming in.
Mathematics throughout the CS Curriculum Support by NSF #

Mathematics throughout the CS Curriculum Support by NSF #
Jason Hallstrom (Clemson), Joan Krone (Denison), Joseph E. Hollingsworth (IU Southeast), and Murali Sitaraman(Clemson) This workshop is funded in part.

Jason Hallstrom (Clemson), Joan Krone (Denison), Joseph E. Hollingsworth (IU Southeast), and Murali Sitaraman(Clemson) This workshop is funded in part.
Computer Science 340 Software Design & Testing Design By Contract.

Computer Science 340 Software Design & Testing Design By Contract.
Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Murali Sitaraman

Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Murali Sitaraman
Computer Science School of Computing Clemson University Specification and Reasoning in SE Projects Using a Web IDE Charles T. Cook (Clemson) Svetlana V.

Computer Science School of Computing Clemson University Specification and Reasoning in SE Projects Using a Web IDE Charles T. Cook (Clemson) Svetlana V.

Similar presentations

Ads by Google