1 / 31

Understanding Program Verification: Approaches & Tools

Learn about program verification, its importance, different approaches, logical operators, Boolean algebra, and George Boole's contributions. This text explores the theory, tools, and practical applications in software development.

font
Download Presentation

Understanding Program Verification: Approaches & Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSE 3341.03 Winter 2008Introduction to Program VerificationJanuary 8 Boolean operators

  2. January 3 lecture notes available as a PDF file • see link from the table of contents panel on the course home page or • http://www.cse.yorku.ca/course/3341/lecture notes/3341 2008-1-3 slides.pdf

  3. what does verification give you? • a top-down understanding of a piece of software: • general and rigorous, not based on specific examples • the more perspectives, the better for catching errors. • that's the idea behind the argument that open-source will be more reliable than proprietary code.

  4. two main approaches to verification • build a model of a machine that abstractly executes the program • check zillions of cases for key desired properties • works well for hardware, communication protocols • construct and prove a theorem

  5. our approach • construct a logical proof based on the mathematical meaning assigned to the program text (i. e. a theorem) • this has been considered to be controversial from a theoretical/philosophical perspective • it’s been argued that verification, for a variety of reasons, is only conditional, not absolute (some truth to this) • but having a proof is still better than claiming a program is correct without one

  6. "verification is a pain" • another knock on verification, from a practical perspective, is that even simple proofs are too hard to do, and even when “easy” are very tedious • we’ll deal with this objection head on:use tools to do the “heavy lifting”

  7. treat logic as computation • since our tools are computational and concerned with proofs, we will need to develop an understanding of the basics of computational logic • a very different perspective on logic and mathematics than you have been given in your math courses • but inevitable in a computer-based technological society.

  8. contrast with "semantic" approach • logic is about truth? • so logic is about distinguishing correct from incorrect arguments? • in the computational approach, these issues essentially disappear!

  9. the view from 10,000 ft. • verification occupies only a very small part of the field of software development: • http://www.cse.yorku.ca/course/3341/small-large.html

  10. logical operators • chapter 1 • start with a table of logical operators • operator vs operation ? • an operator is a syntactic entity • associated operation is a function • cf. x f y with f(x, y) • is the table of operators complete?

  11. multiple notations

  12. additional operators • two more logic operators: NAND (sometimes NAN) and NOR • we won’t use them • NAND is a basic building block of digital logical circuits we could replace not,and,or expressions involving only the single operator NAND not A =A NAND A • how do we get OR?

  13. it gets worse! (Theorem 54.43 of Principia Mathematics)

  14. standardizing our notation • important to be able to recognize various notations not much pressure on a mathematician to adopt a standard notation; that’s why we get so many. but we are required by the software we want to use to standardize on specific English words.

  15. examples of logical operators in use • Find results of search for strings with all of the words A,B, C • = A and B and C . . with at least one of the words • = A or B or C . . without the words A or B or C • = not A and not B and not C . . .

  16. propositions • propositions are expressions constructed from Boolean operators, the special names true and false, and other names which are assumed to have a fixed truth value • this is a recursive datatype - why? • hint: function composition?

  17. Boolean operators • our approach to logic derives from the work of George Boole Boolean operators are syntactically analogous to +, x, etc. Boolean operations are functions of truth-valued Boolean variables truth-valued = true or false

  18. arithmetic analogue • example: represent true by 1, false by 0 x and y = x*y where * is ordinary multiplication • how about or? • what's the arithmetic analogue to not ?

  19. who was George Boole? - • 19th cent. English mathematician • after whom Boolean algebras, operators, variables are named http://www.home.gil.com.au/~bredshaw/boole.htm • The Mathematical Analysis of Logic (1847)

  20. most famous work • An Investigation of the Laws of Thought, on Which Are Founded the Mathematical Theories of Logic and Probabilities • based on a binary approach, processing only two objects:the now famous 1-0, yes-no, true-false, on-off

  21. logic as rules for correct argument • which arguments yield TRUTHS? • Greeks discovered that one could have correct arguments about incorrect or nonsensical things; • or imagined, idealized objects such as points or lines • what made the argument correct was independent of what it was about; it depended on relationships (patterns) between propositions

  22. logic as a calculus • some 1500 years after the Greeks, Boole invents a radical new perspective: • the arithmetic analogy means that logic can be interpreted as a calculus like arithmetic • propositions can be interpreted as arithmetic expressions

  23. a calculus doesn't require meaning • in mathematics, functions evaluate the values of their arguments they are blind to what's inside those arguments (3401 survivors: compare with macros) • so the truth-value of ". . . " and ". . . . " must depend only on the truth-values of the arguments, as far as propositional logic is concerned. • blind to what the names or non-logical expressions may mean.

  24. in ordinary/natural language this isn't always true: some language use a double negative for emphasis: not not p = not p

  25. operations as binary functions • operator = binary function = 2x2 table • you should be able to construct the 2x2 table for all the binary operators we are concerned with • note: only one non-trivial unary function • more generally, lists of argument -value pairs • if the function has arity n, 2^n entries in the table

  26. operator grammar • operators are syntactic, require grammatical properties • operators involve precedence issues and associativity to avoid writing ( ) the choices: • left-associativity: x + y + z = (x+y) + z • right-associativity ? I don't have an example: x op y op z = x op (y op z) • no associativity: x xor y xor z is an error: have to use parentheses because the function xor is not associative

  27. operator precedence logic operations compared with arithmetic: • and has the precedence of * • or has the precedence of + • iff has the precedence of =

  28. are the boolean values arbitrary? • does it matter what the boolean values are just as long as there are 2?

  29. Boolean values • SVT 1.1 assumes that the range of Boolean functions is {true, false} • is this important? see http://www.cse.yorku.ca/course/3341/lost-logic.html

  30. can logic tells us which is which? • "we can tell which value functions as true and which as false by looking at and/or" • true and false = false • true or false = true • but look at the "logic tables" page

  31. Boolean algebra is self-dual • if we swap the names of Boolean values and the names of and/or? we get exactly the same structure! • you actually knew that, in the form of "De Morgan’s Law" • not(P and Q) = not P or not Q not(P or Q) = not P and not Q

More Related