Presentation is loading. Please wait.

Presentation is loading. Please wait.

329-251 Chapter 25 Formal Methods. 329-252 Formal methods Specify program using math Develop program using math Prove program matches specification using.

Published byBritney Barton Modified over 8 years ago

Similar presentations

Presentation on theme: "329-251 Chapter 25 Formal Methods. 329-252 Formal methods Specify program using math Develop program using math Prove program matches specification using."— Presentation transcript:

1 329-251 Chapter 25 Formal Methods

2 329-252 Formal methods Specify program using math Develop program using math Prove program matches specification using math –“prove program is correct”

3 329-253 Problems with Conventional Specification contradictions ambiguities vagueness imcompleteness mixed levels of abstraction

4 329-254 Formal Specifications Lots of approaches –State machines –Denotational semantics –Pre and post conditions –Z –Algebraic specifications –and many more

5 329-255 Denotational semantics Used to specify programming language Denotational semantics of a language is a function from programs to meanings. “Revised Report on the Algorithmic Language Scheme” http://www.schemers.org/Documents/ Standards/R5RS/HTML/ http://www.schemers.org/Documents/ Standards/R5RS/HTML/

6 329-256 Uses of Denotation Semantics Understanding a language Making sure a language is well-defined Proving things about language (type safe programs can never have a run-time error) Generating a compiler automatically

7 329-257 Pre and post conditions A program consists of some data types and operations on those data types. A running program has a state consisting of a set of variables with values. Operations change the state. Pre and post conditions specify how operations change state.

8 329-258 Example: Banking Types: –BankAccount. Has a balance, which is a number. –Transaction. Has a date, an amount, a type (deposit, withdrawal), and a BankAccount. Invariant: –For each BankAccount, balance = sum of deposits - sum of withdrawals

9 329-259 Example: Banking Operations –Deposit(amount, date, account) Precondition: amount is positive, account.balance = b, account.transactions=t Postcondition: account.balance=b+amount, account.transaction=t + (transaction with amount, date, “deposit”, and account)

10 329-2510 Z(ed) Language based on math Logic, sets, sequences, relations, functions Z specification declares variables and predicates that are always true of the variables Some variables are used for input or for output

11 329-2511 Z A little like a programming language Not used for assertions about a program, but to specify an entire system Can be extended to refer to a program There are tools to check syntax of Z specifications, to typeset them, and to test them http://www.afm.sbu.ac.uk/z/ http://softeng.comlab.ox.ac.uk/usingz/

12 329-2512 Formal Program Development Program transformations Hoare axiomatics –C.A.R. Hoare Weakest preconditions –Edsger Dijkstra

13 329-2513 Program Transformation Start with a formal specification Make it executable Optimize the “program” by applying transformations to it –“For all x there is a y” is replaced by an algorithm that takes an x and produces a y –A lot like proving a theorem –A lot like an optimizing compiler

14 329-2514 Hoare Axiomatics For each kind of statement, there is a rule that shows how a precondition leads to legal postconditions {P} if (e) then S1 else S2 {P  e} S1 {R} {P  ¬ e} S2 {T} {P} if (e) then S1 else S2 {R  T}

15 329-2515 Hard part Loops Procedures Pointers Concurrency

16 329-2516 Weakest Precondition Like Hoare Axiomatics, but backwards Start with result and work forward. Let’s you derive a program, not just make sure it meets the spec. Both techniques need a language like Z for writing assertions

17 329-2517 Advantages of Formal Methods Decreases errors Precise - more likely to agree on meaning of a specification Automatable - easier to make tools to process specification –Error checking –Code generation

18 329-2518 Disadvantages of Formal Methods Most programmers don’t know math well enough Most customers can’t read the specification Can lead to false expectations - formal development does not eliminate all errors –Bad specifications –Mistakes in proofs/bugs in tools

19 329-2519 Disadvantages of formal methods Some things hard to specify –GUIs –Sound/graphics –Concurrency Can take a long time and be expensive

20 329-2520 When to use formal methods When it is very important to get it right –Security –Space shuttle –Pace makers When you have the right people Big payoff often comes from small part of the system

Download ppt "329-251 Chapter 25 Formal Methods. 329-252 Formal methods Specify program using math Develop program using math Prove program matches specification using."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.

David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.
Partial correctness © Marcelo d’Amorim 2010.

Partial correctness © Marcelo d’Amorim 2010.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Dynamic semantics Precisely specify the meanings of programs. Why? –programmers need to understand the meanings of programs they read –programmers need.

Dynamic semantics Precisely specify the meanings of programs. Why? –programmers need to understand the meanings of programs they read –programmers need.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
Predicate Transformers

Predicate Transformers
Formal Specification and Verification. Specifications Imprecise specifications can cause serious problems downstream Lots of interpretations even with.

Formal Specification and Verification. Specifications Imprecise specifications can cause serious problems downstream Lots of interpretations even with.
Fall 20021 Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.

Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.
CS 330 Programming Languages 09 / 19 / 2006 Instructor: Michael Eckmann.

CS 330 Programming Languages 09 / 19 / 2006 Instructor: Michael Eckmann.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CS 355 – Programming Languages

CS 355 – Programming Languages
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Software Engineering and Design Principles Chapter 1.

Software Engineering and Design Principles Chapter 1.

Similar presentations

Ads by Google