Presentation is loading. Please wait.

Presentation is loading. Please wait.

Generic Programming and Formal Methods David R. Musser Rensselaer Polytechnic Institute.

Published byRonald Grant Watts Modified over 9 years ago

Similar presentations

Presentation on theme: "Generic Programming and Formal Methods David R. Musser Rensselaer Polytechnic Institute."— Presentation transcript:

1 Generic Programming and Formal Methods David R. Musser Rensselaer Polytechnic Institute

2 Lift Minimal requirements: works with maximal family of types Concrete algorithm: requires specific data type Less specialized: works with more than one type A 0 A 1 Lift A m Remove an unneeded requirement on the type Generic algorithm... Start here

3 float max_element(float a[], int N) { if (N == 0) throw MaxElementEmptyArrayError; int first = 0; float max = a[0]; while (++first < N) if (max < a[first]) max = a[first]; return max; } A Concrete Algorithm

4 int max_element(float a[], int first, int last) { if (first == last) return first; int result = first; while (++first != last) if (a[result] < a[first]) result = first; return result; } A More Useful Interface

5 float_list_node* max_element(float_list_node* first, float_list_node* last) { if (first == last) return first; float_list_node* result = first; while (first->next != last) if (result->data data) result = first; return result; } A Linked-List Counterpart

6 int max_element(float a[], int first, int last) { if (first == last) return first; int result = first; while (++first != last) if (a[result] < a[first]) result = first; return result; } Back to the Array Version

7 template int max_element(E a[], int first, int last) { if (first == last) return first; int result = first; while (++first != last) if (a[result] < a[first]) result = first; return result; } Generalize the Element Type

8 template T* max_element(T* first, T* last) { if (first == last) return first; T* result = first; while (++first != last) if (*result < *first) result = first; return result; } From Arrays to Pointers

9 template ForwardIterator max_element(ForwardIterator first, ForwardIterator last) { if (first == last) return first; ForwardIterator result = first; while (++first != last) if (*result < *first) result = first; return result; } Generalize from Pointers to Iterators

10 int a[] = {6, 3, 7, 5}; int* ai = max_element(a, a+4); vector v(a, a+4); vector ::iterator vi = max_element(v.begin(), v.end()); list x(a, a+4); list ::iterator li = max_element(x.begin(), x.end());... Use with any Container with appropriate iterators

11 Forward Container Concept max_element 3 73 7 Generic algorithm on jk jk k = ++j *j = 3 *k = 7 ++i *i i==j

12 Container Forward Container Reversible Container Random Access Container Sequence Front Insertion Sequence Back Insertion Sequence Vector Deque Slist List … Part of the STL Container Concept Taxonomy

13 Output Iterator Forward Iterator Bidirectional Iterator Random Access Iterator Vector iterator Input Iterator Deque iterator Slist iterator List iterator Istream iterator Ostream iterator The STL Iterator Concept Taxonomy

14 Lift Concrete algorithms A 0 A 1 Lift A m Generic algorithms. Concept Taxonomy Useful Data and Algorithm Abstractions – a Generic Library C requires... template <typename T models C>... assert T models C Making Concepts First Class Constructs... for formal checking of syntactic and semantic properties and using them in software engineering Algorithms, Concepts, and Challenges

15 A Dilemma STL and other concept-based generic libraries are based on mathematical principles, so it should be easier to apply formal methods to them than to “average software” But they rest on a language substrate, C++, whose formal analysis is viewed by many to be intractable Solving this completely will require much work at lower levels of implementation I’m concentrating on developing formal deduction support for the key ideas and methodology of generic programming in a somewhat idealized setting.

16 An Observation Understanding of how to prove something about a new generic component under development often depends heavily on thorough understanding of proofs about similar existing components –especially when studying how to make it even more general without losing correctness or efficiency This means the goal of fully-automated proofs becomes much less important than it is for other applications of formal proof

17 What kind of proof system is most suitable? Resolution provers fail on the readability requirement So do tactics-based provers (although Isabelle-Isar overcomes this problem to an extent) My own earlier work on interactive proof systems (Affirm, Affirm-2, Tecton) fell short A relatively recent development: Denotational Proof Languages, and the Athena proof checking system –Due to Konstantine Arkoudas (MIT PhD Dissertation, 2000)

18 Athena Proof-Checker (K. Arkoudas) Supports proofs that are both human-readable and machine checkable Supports generalization and specialization through methods, which are deductive counterpart of (higher- order) functions Using only its built-in and library-defined capabilities, often requires writing proofs in excessive detail But also allows skipping over details via calls of external full-automation provers (originally Otter, currently SPASS and Vampire) Also connects with a model checker (Paradox) so that one can easily look for counterexamples before investing effort in developing a proof

19 On the C++ Language Issue C++ is the language in which most generic library development has been done –due to better support than most other languages: templates, template partial specialization, operator overloading, function- inlining –resulting in essentially no “abstraction penalty” at runtime Is a formal semantics for C++ possible? –For unrestricted programming it would be very complex since there are few language-imposed restrictions on low-level features like pointers –But generic programming principles impose a simplifying discipline, enforced by well-designed concept requirements Will require collaboration with those who can influence the future evolution of the language –a recent promising development: the C++ Standard Committee is considering proposals to add concepts as a first class feature of the language

20

Download ppt "Generic Programming and Formal Methods David R. Musser Rensselaer Polytechnic Institute."

Similar presentations

M The University Of Michigan Andrew M. Morgan EECS498-006 Lecture 22 Savitch Ch. 16 Intro To Standard Template Library STL Container Classes STL Iterators.

M The University Of Michigan Andrew M. Morgan EECS Lecture 22 Savitch Ch. 16 Intro To Standard Template Library STL Container Classes STL Iterators.
Copyright © 2002 Pearson Education, Inc. Slide 1.

Copyright © 2002 Pearson Education, Inc. Slide 1.
Chapter 19 Standard Template Library. Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 19-2 Learning Objectives Iterators Constant and mutable.

Chapter 19 Standard Template Library. Copyright © 2006 Pearson Addison-Wesley. All rights reserved Learning Objectives Iterators Constant and mutable.
SEG4110 – Advanced Software Design and Reengineering TOPIC J C++ Standard Template Library.

SEG4110 – Advanced Software Design and Reengineering TOPIC J C++ Standard Template Library.
Object Oriented Programming Lect. Dr. Daniel POP Universitatea de Vest din Timişoara Facultatea de Matematică şi Informatică.

Object Oriented Programming Lect. Dr. Daniel POP Universitatea de Vest din Timişoara Facultatea de Matematică şi Informatică.
Data Structures Using C++ 2E

Data Structures Using C++ 2E
. STL: C++ Standard Library (continued). STL Iterators u Iterators are allow to traverse sequences u Methods  operator*  operator->  operator++, and.

. STL: C++ Standard Library (continued). STL Iterators u Iterators are allow to traverse sequences u Methods  operator*  operator->  operator++, and.
TEMPLATES Lecture 32-45 Presented By SHERY KHAN Object Orienting Programming.

TEMPLATES Lecture Presented By SHERY KHAN Object Orienting Programming.
C++ Templates. What is a template? Templates are type-generic versions of functions and/or classes Template functions and template classes can be used.

C++ Templates. What is a template? Templates are type-generic versions of functions and/or classes Template functions and template classes can be used.
Introduction to Programming Languages Nai-Wei Lin Department of Computer Science and Information Engineering National Chung Cheng University.

Introduction to Programming Languages Nai-Wei Lin Department of Computer Science and Information Engineering National Chung Cheng University.
1 STL and Its Design Principles Alexander Stepanov.

1 STL and Its Design Principles Alexander Stepanov.
Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute.

Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute.
C++ Sets and Multisets Set containers automatically sort their elements automatically. Multisets allow duplication of elements whereas sets do not. Usually,

C++ Sets and Multisets Set containers automatically sort their elements automatically. Multisets allow duplication of elements whereas sets do not. Usually,
Generic Programming in the STL and Beyond David R. Musser Rensselaer Polytechnic Institute.

Generic Programming in the STL and Beyond David R. Musser Rensselaer Polytechnic Institute.
What is generic programming? The essence of the generic programming approach is concept development: systematic classification of computing components.

What is generic programming? The essence of the generic programming approach is concept development: systematic classification of computing components.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Standard Template Library (STL) Overview – Part 1 Yngvi Bjornsson.

Standard Template Library (STL) Overview – Part 1 Yngvi Bjornsson.
(c) 2007 Mauro Pezzè & Michal Young Ch 3, slide 1 Basic Principles.

(c) 2007 Mauro Pezzè & Michal Young Ch 3, slide 1 Basic Principles.
Generic programming starts with algorithms. Lift Minimal requirements: works with maximal family of types Concrete algorithm: requires specific data type.

Generic programming starts with algorithms. Lift Minimal requirements: works with maximal family of types Concrete algorithm: requires specific data type.
Data Structures/ Algorithms and Generic Programming Sorting Algorithms.

Data Structures/ Algorithms and Generic Programming Sorting Algorithms.

Similar presentations

Ads by Google