Download Collaborative reasoning - School of Computing

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
Document related concepts

Corecursion wikipedia , lookup

Trusted Computing wikipedia , lookup

Time value of money wikipedia , lookup

Theoretical computer science wikipedia , lookup

Social computing wikipedia , lookup

Lempel–Ziv–Welch wikipedia , lookup

Natural computing wikipedia , lookup

Lateral computing wikipedia , lookup

Transcript 
Mathematical Reasoning
Computer Science  School of Computing  Clemson University
Jason Hallstrom and Murali Sitaraman
Clemson University
Overview
School of Computing  Clemson University
 Methods for checking code is correct,
i.e., it meets specification
 Testing
 Tracing or inspection
 Formal verification of correctness
Testing
School of Computing  Clemson University
 Goal: To find bugs
 Method: Identify “adequate” test
points
 Recall: Test point = (valid input, expected
output)
 Method: Execute the code on those
inputs
 Cannot test on all inputs
 Can only show presence of bugs, not
absence
Tracing or Formal Inspection
School of Computing  Clemson University
 Goal: To find bugs
 Method: Identify “adequate” tracing
points
 Tracing point = test point = (valid input,
expected output)
 Method: Hand trace the code on those
inputs
 Cannot trace on all inputs
 Can only show presence of bugs, not
absence; but some logic check is done
Formal Verification
School of Computing  Clemson University
 Goal: To prove correctness
 Method: The rest of this presentation
 Can prove correctness on all valid
inputs
 Can only show absence of bugs
Example
School of Computing  Clemson University
Goal: Prove that the following code
requires …
ensures I = #J and J = #I;
Code:
I = sum(I, J);
J = difference(I, J);
I = difference(I, J);
Example
School of Computing  Clemson University
Goal: Prove that the following code
requires …
ensures I = #J and J = #I;
Code:
I = sum(I, J);
J = difference(I, J);
I = difference(I, J);
Recall: Specification of Integer
Operations
School of Computing  Clemson University
 Think of ints as integers in math
 constraints for all integer I
 MIN_VALUE <= I <= MAX_VALUE
 int sum (int I, int J);
 requires MIN_VALUE <= I + J
and I + J <= MAX_VALUE;
 ensures sum = I + J;
 int difference (int I, int J);
 requires MIN_VALUE <= I - J
and I - J <= MAX_VALUE;
 ensures difference = I - J;
Example
School of Computing  Clemson University
Goal: Prove that the following code
requires …
ensures I = #J and J = #I;
Code:
I = sum(I, J);
J = difference(I, J);
I = difference(I, J);
Establish the goals in state-oriented
terms using a table
School of Computing  Clemson University
Assume
0
Confirm
…
I = sum(I, J);
1
J = difference(I, J);
2
I = difference(I, J);
3
I3 = J0 and
J3 = I0;
Establish assumptions (and
obligations)
School of Computing  Clemson University
Assume
0
Confirm
…
…
I1 = I0 + J0 and
J1 = J0
…
I = sum(I, J);
1
J = difference(I, J);
2
J2 = I1 - J1 and
I2 = I1
…
I3 = I2 – J2 and
J3 = J2
I3 = J0 and
J3 = I0
I = difference(I, J);
3
Prove all assertions to be confirmed
School of Computing  Clemson University
 Prove I3 = J0 and J3 = I0
 Proof of I3 = J0
 I3 = I2 – J2
 = (I1 – J1) – I1 substitution for I2 and J2
 = J1
simplification
 = J0
substitution for J1
 Proof of J3 = I0
 exercise
 Code is correct if all assertions to be
confirmed are proved
Example: Confirm caller’s
obligations (Why?)
School of Computing  Clemson University
0
Assume
Confirm
…
…
I1 = I0 + J0 and
J1 = J0
MIN_VALUE <=
(I1 – J1)
<= MAX_VALUE
I = sum(I, J);
1
J = difference(I, J);
2
…
…
Confirm caller’s obligations
School of Computing  Clemson University
Assume
0
Confirm
…
MIN_VALUE <= I0 + J0
<= MAX_VALUE
1
…
MIN_VALUE <= I1 – J1
<= MAX_VALUE
2
J = difference(I, J);
…
3
I = difference(I, J);
…
I = sum(I, J);
MIN_VALUE <= I2 – J2
<= MAX_VALUE
I3 = J0 and J3 = I0
Prove all assertions to be confirmed
School of Computing  Clemson University
 Proofs - exercises
 Given the goal
 requires MIN_VALUE <= I + J
and I + J <= MAX_VALUE;
 ensures I = #J and J = #I;
 The code below is correct
I = sum(I, J);
J = difference(I, J);
I = difference(I, J);
Basics of Mathematical Reasoning
School of Computing  Clemson University
 Suppose you are verifying code for some
operation P
 Assume its requires clause in state 0
 Confirm its ensures clause at the end
 Suppose that P calls Q
 Confirm the requires clause of Q in the state
before Q is called
 Why? Because caller is responsible
 Assume the ensures clause of Q in the state
after Q
 Why? Because Q is assumed to work
Another Example
School of Computing  Clemson University
Specification:
Operation Do_Nothing (restores S: Stack);
Goal: Same as ensures S = #S;
Code:
Procedure Do_Nothing (restores S: Stack);
Var E: Entry;
Pop(E, S);
Push(E, S);
end Do_Nothing;
Exercise: Complete table and prove!
School of Computing  Clemson University
Assume
0
Confirm
…
…
…
…
…
…
Pop(E, S);
1
Push(E. S);
2
Recall Specification of Stack
Operations
School of Computing  Clemson University
Operation Push (alters E: Entry; updates S: Stack);
requires |S| < Max_Depth;
ensures S = <#E> o #S;
Operation Pop (replaces R: Entry; updates S: Stack);
requires |S| > 0;
ensures #S = <R> o S;
Operation Depth (restores S: Stack): Integer;
ensures Depth = |S|;
…
Collaborative Exercise: Answers
School of Computing  Clemson University
Assume
0
Confirm
…
|S| > 0
S0 = <E1> o S1
|S| < Max_Depth
S2 = <E1> o S1
S2 = S0
Pop(E, S);
1
Push(E. S);
2
…
Discussion
School of Computing  Clemson University
 Is the code Correct? If not, fix it
 Important Idea: The reasoning table
can be filled mechanically
 Principles of reasoning about all
objects and operations are the same
 Need mathematical specifications
 VC generation and automated
verification demo
Related documents
Data Management Plan Section I. Types of Data Data produced as a
Data Management Plan Section I. Types of Data Data produced as a
Find plants suited to growing in our region of
Find plants suited to growing in our region of
Operation - Clemson University
Operation - Clemson University
refine and evaluate marketing actions (PROBLEM SOLVING)
refine and evaluate marketing actions (PROBLEM SOLVING)
LINEAR INDEPENDENCE IN A RANDOM BINARY VECTOR
LINEAR INDEPENDENCE IN A RANDOM BINARY VECTOR
Grid and DG connected mode
Grid and DG connected mode
clemson university dg conference
clemson university dg conference
Nutrition Facts Panel
Nutrition Facts Panel
Assessment of Bacterial Survival on Disposable Lab Coats Used in
Assessment of Bacterial Survival on Disposable Lab Coats Used in
20110201-schmiedt_wang-openflow
20110201-schmiedt_wang-openflow
Introduction to Physical Chemistry
Introduction to Physical Chemistry