1 / 15

Teaching Software Correctness

Teaching Software Correctness. Session 06 — 9:00-9:45, May 14. May 13-15, 2008, University of Oklahoma. http://www.cs.ou.edu/~rlpage/SEcollab/tsc. Rex Page, U Oklahoma page@ou.edu Assistants Carl Eastlund (lead), Northeastern U cce@ccs.neu.edu Ryan Ralston, U Oklahoma strawdog@ou.edu

huela
Download Presentation

Teaching Software Correctness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Teaching Software Correctness Session 06 — 9:00-9:45, May 14 May 13-15, 2008, University of Oklahoma http://www.cs.ou.edu/~rlpage/SEcollab/tsc • Rex Page, U Oklahoma page@ou.edu • Assistants • Carl Eastlund (lead), Northeastern U cce@ccs.neu.edu • Ryan Ralston, U Oklahoma strawdog@ou.edu • Zac White, U Oklahoma zacwhite@gmail.com Collaboration with Matthias Felleisen - NSF/DUE 0633664, 0813529, 0632872 1

  2. File-I/O in ACL2 or … the unbearable ugliness of state or … how multiple values can ruin your vacation plus DrACuLa's GUIs

  3. (variablevalue) parentheses delimit variable/value pairs value delivered by let* formula Local Definitions with Let* (defun break-at (delimiter xs) …) = (up-to-but-not-incl-first-delimiter-in-xsall-the-rest-of-xs) Example (break-at 'x '(h o m e x o n x t h e x r a n g e)) = '( (h o m e) (x o n x t h e x r a n g e)) • Definition of break-at (defun break-at (delimiter xs) (if (or (endp xs) (equal delimiter (car xs))) (list nil xs) (let* ((first-x (car xs)) (brokn-cdr (break-at delimiter (cdr xs))) (frnt (car brokn-cdr)) (back (cadr brokn-cdr)) ) (list (cons first-x frnt) back))))

  4. associates value-i with symbol-i… may be ordinary value or multiple-value (with any number of components) Examples (mv-let (a b) (mv 1 2) (mv a b (+ a b)))—displays as: (1 2 3) (mv-let (a b c) (mv 1 2 3) (+ a b c))—displays as: 6 Multiple Valuesanother ACL2 data structure • mv — the multiple-value constructor • (mv value-1 value-2 … value-n) • Displays just like a list • (mv 1 2 3) displays as (1 2 3) • (list 1 2 3) displays as (1 2 3) • Serves same purpose as a list • But … it isn’t a list … no car, cdr, cons • mv-let — the multiple-value deconstructor • (mv-let (symbol-1 symbol-2 … symbol-n) (mv value-1 value-2 … value-n) formula-for-value-to-be-delivered)

  5. State (it’s under the hood – don’t look) • ACL2 maintains a state of its world • Commands alter the state (defun f (x) (+ x 1))—makes function f available for invocation (defthm about-f (implies (natp x) (natp (f x)))—adds theorem to logic (include-book "arithmetic/top“ :dir :system)—adds theorems to logic (set-state-ok t) —allows reference to state variable • File-system —part of the ACL2 state • Commands affecting file-system take a special form • (set-state-ok t) command must be in force • Must deliver state • Either as an ordinary value • Or, as part of a multiple value • The symbol “state” denotes the current ACL2 state • You can’t do anything with state except • Supply it as a parameter in a command • Use it to name a value delivered by a command • No-roach-motels rule: If state goes in, it must come out

  6. state goes in I/O function from read-utilities (to be discussed) state goes out ordinary function — no state Counting Lines of Code • Essential structure of loc function (defun loc (file-path state) (mv-let (str error state) (file->string file-path state) (if error (mv error state) (mv (loc-from-file-as-string str) state))))

  7. file must have Unix-style lines dos2unix "code.scm" list-utilities Putting I/O Code Together loc-count.lisp (include-book "io-utilities" :dir :teachpacks) (include-book "list-utilities" :dir :teachpacks) (set-state-ok t) (defun number-of-noncomments (lines) (if (not (consp lines)) 0 (let* ((whitespace '(#\Space #\Newline #\Tab)) (stripped (drop-set whitespace (car lines)))) (if (or (null stripped) (char-equal #\; (car stripped))) (number-of-noncomments (cdr lines)) (+ (number-of-noncomments (cdr lines)) 1))))) (defun loc-from-file (str) (number-of-noncomments (packets #\Newline (str->chrs str)))) (defun loc-count (file-path state) (mv-let (str error state) (file->string file-path state) (if error (mv error state) (mv (loc-from-file str) state)))) Let's try it out Invocation: (loc-count "code.lisp" state)

  8. Utilities Teachpacks • Utilities books • (include-book "list-utilities.lisp" :dir :teachpacks) • (include-book "io-utilities.lisp" :dir :teachpacks) • (include-book "binary-io-utilities.lisp" :dir :teachpacks) • (include-book "avl-rational-keys.lisp" :dir :teachpacks) • Where to find documentation • See source code at http://www.cs.ou.edu/~rlpage/SEcollab/Tools/

  9. Yeah … but What about GUIs? • GUI implementation model • DrACuLa maintains a "world" (not the ACL2 world) • ACL2 functions to DrACuLa events • Clock events (you can set the number of ticks per second) • Keyboard events • Mouse events • DrACuLa binds events to update-functions • (on-tick-event world -> world ) — updates world • (on-redraw-event world -> image) — updates canvas • (on-key-event world key-event -> world ) — updates world • (on-mouse-event world x y mouse-event -> world ) — updates world • DrACuLa graphics operations that deliver images • (empty-scene width height) • (place-image overlay-image x y old-image) • (circle radius mode color) • (add-line image xstart ystart xend yend color) • … etc … • DrACuLa kicks it off • (big-bangwidth height seconds-per-tick initial-world )

  10. Representing the World • Programmer chooses structure • Could be an atom — eg: number, symbol, string, … • Could be a list — eg: (position color label) • Could be a structure (defstructure my-world (component-1 (:assert (type-predicate component-1))) (component-2 (:assert (type-predicate component-2))) … ) • Example — drop ball on canvas with mouse-click • mouse-demo.lisp • World data structure (defstructure m-world (click-ball (:assert (posn? click-ball))) (track-ball (:assert (posn? track-ball))))

  11. deconstructor for m-world struct (automatic with defstructure) place-image superimposes this image (a red disk) on this one in this position deconstructors for make-posn (posn-x (make-posn x y)) = x (posn-x (make-posn x y)) = y connects "draw-balls" function with redraw event (on-redraw draw-balls) formula placed in source code after definitions Responding to Redraw Events(on-draw-event world->image) • Canvas update function: world->image • Input: current world • Output: image • Action: DrACuLa paints image on canvas • Example — drop ball on canvas (defun draw-balls (w) (place-image (circle 5 'solid 'black) (posn-x (m-world-track-ball w)) (posn-y (m-world-track-ball w)) (place-image (circle 15 'solid 'red) (posn-x (m-world-click-ball w)) (posn-y (m-world-click-ball w)) (empty-scene *width* *height*))))

  12. constructor for m-world struct (automatic with defstructure) deconstructor Responding to Mouse Events(on-mouse-event world x y event -> world) • Update function: world x y event -> world • Inputs • current world • x, y — coordinates of current mouse position • event — symbol indicating event: 'move, 'button-down, … • Output: new world • Action: DrACuLa updates old world with new one • Example — drop ball on canvas (defun mouse-handler (w x y me) (let ((xy (make-posn x y))) (cond ((equal me 'move) (m-world (m-world-click-ball w) xy)) ((equal me 'button-down) (m-world xy xy)) ((equal me 'button-up) (m-world xy xy)) ((equal me 'drag) (m-world xy xy)) ((equal me 'enter) (m-world (m-world-click-ball w) xy)) ((equal me 'leave) (m-world (m-world-click-ball w) *ob*)) (t (end-of-time "This cannot happen")))))

  13. constructor for m-world struct (automatic with defstructure) deconstructor Project(on-mouse-event world x y event -> world) • Update function: world x y event -> world • Inputs • current world • x, y — coordinates of current mouse position • event — symbol indicating event: 'move, 'button-down, … • Output: new world • Action: DrACuLa updates old world with new one • Example — drop ball on canvas (defun mouse-handler (w x y me) (let ((xy (make-posn x y))) (cond ((equal me 'move) (m-world (m-world-click-ball w) xy)) ((equal me 'button-down) (m-world xy xy)) ((equal me 'button-up) (m-world xy xy)) ((equal me 'drag) (m-world xy xy)) ((equal me 'enter) (m-world (m-world-click-ball w) xy)) ((equal me 'leave) (m-world (m-world-click-ball w) *ob*)) (t (end-of-time "This cannot happen")))))

  14. Projects • File I/O • Write a program that reads a file and writes a new one like it, but with the lines in the reverse order • Useful functions • packets – list-utilities • file->string – io-utilities • str->chrs – list-utilities • chrs->str – list-utilities • reverse – ACL2 instrinsic • GUI • Modify program: click on red ball to make it disappear http://www.cs.ou.edu/~rlpage/SEcollab/Tools/mouse-demo.lisp • Lectures may be found here: http://www.cs.ou.edu/~rlpage/SEcollab/tsc/Lectures/ • List of importable ACL2 books here: http://www.cs.utexas.edu/users/moore/acl2/v3-3/distrib/acl2-sources/books/Readme.html

  15. The End

More Related