1 / 39

´ ´

Propositions have truth-values. Variables have types. Sets have elements. Schema assert truths. What do ∆ and Ξ mean?. ´ ´. 3. Combining schema This is so easy. Suppose we have schema A , B , B ′ :. B ′. A. B. a :. a , b. : Z. B :. Z. PZ. = 42. = b +2. 42 ∈ B. a. a. < 10. b.

natan
Download Presentation

´ ´

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Propositionshavetruth-values. Variableshavetypes. Setshaveelements. Schemaasserttruths.Whatdo∆andΞmean? ´´ 3

  2. Combiningschema Thisissoeasy.SupposewehaveschemaA,B,B′: B′ A B a: a,b :Z B: Z PZ =42 =b+2 42∈B a a <10 b =A∧BfortheschemawhichassertsAandB! WriteAandB AandB a,b:Z =42∧(a=(b+2)∧b<10) a 4

  3. Combiningschema Ofcourse!AandBestablishauniverseofdiscourseandassertsome propertiesofit.SoAandBjustcombinesthoseuniversesandthose truths. It’sjustlikeinphysicsclass,wherewemaydescribethebehaviourofa particlebya4-dimensionalvectorspaceplusitsequationsofmotion(3 dimensionsspace,1dimensiontime). Ifwewanttodescribethebehaviouroftwoparticles,why,wejustusea 7-dimensionalvectorspaceplusthetwoequationsofmotion. 5

  4. Combiningschema Butwhystopat∧?Wehave∨,⇒,and⇔.Thepatternisalwaysthe same:combinetheuniversesofdiscourse(that’sthevariablesdeclared intheschema)andthepredicates. WriteAimpliesB′ =A⇒B′for AimpliesB′ a:Z,B:PZ =42⇒(42∈B) a =A∨B. TryAorB Thepossibilitiesareendless!!!!! 6

  5. Recall:ClubState ClubState badminton:PSTUDENT hall:PSTUDENT hall⊆badminton #hall≤maxplayers Thissays: 7

  6. ClubState •badmintonisasetofstudents(I’dbeguessing:thestudentsthat playbadminton). •hallisasetofstudents(thestudentsinthebadmintonhall,which hasacapacityof20?). •Studentsinthehallmustplaybadminton(sothey’veobviouslygota manonthedoorchecking?). •...andyoucan’thavemorepeopleinthehallthanitscapacity. 8

  7. Recall:AddMember AddMember :PSTUDENT, :PSTUDENT badminton hall badminton′:PSTUDENT, newmember?:STUDENT hall′:PSTUDENT ⊆badminton #hall≤maxplayers hall hall′⊆badminton′ #hall′≤maxplayers′ newmember?∈badminton badminton′=badminton∪{newmember?} hall′=hall 9

  8. Recall:AddMember Ormoresuccinctly: AddMember ∆ClubState newmember? :STUDENT newmember?∈badminton badminton′=badminton∪{newmember?} hall′=hall 10

  9. Parentheticnote:Renaming Whatifyouwanttorenamevariablesinaschema? S[x/a,y/b,z/c]representsSwitharenamedtox—youcanguess therest. ClubState FootyClub :PSTUDENT :PSTUDENT badminton football :PSTUDENT pitch:PSTUDENT hall ⊆badminton ⊆football hall pitch #hall≤maxplayers #pitch≤maxplayers 11

  10. Recall:AddMember Sowecanwrite ∆ClubState as ∧ClubState[hall′/hall,badminton′/badminton]. ClubState 12

  11. RefiningAddMember Remember:hallisjustthestudentsinthebadmintonclubinthehall— hall⊆badmintonhintsatthat. Theremayindeedbeotherpeopleinthehall.What,youthoughtthat badmintonissopopularinthisschoolthatitcanfillanentiresportshall? Thisspecificationhastobeatleastalittlebitrealistic. Therearetherowersinthecornerontheirmachines,thehockey players,therock-climbers,maybeevenabitofping-pong. Ifoneofthesenon-badminton-playersseestheemptyfutilityoftheir non-badminton-playerways,theymayjointhebadmintonclub.This epiphanymightarriveatanytime;whilethey’reinthehall,orevenjust whilethey’reoutsidethehall,perhapsstudyingFormalSpec. 13

  12. RefiningAddMember ::=inside|outside LOCATION AddMemberInHall ∆ClubState AddMemberOutHall ∆ClubState newmember? :STUDENT newmember? :STUDENT where? where? :LOCATION =inside where? where? :LOCATION =outside newmember?∈badminton #hall<maxPlayers ′ {newmember?} ′ newmember?∈badminton ′ {newmember?} ′ badminton=badminton∪ badminton=badminton∪ hall=hall hall=hall∪newMember? 14

  13. RefiningAddMember Then =AddMemberInHall∨AddMemberOutHall. AddMemberAnywhere Ineffect,AddMemberAnywheredescribesaprogramwhichchecks wherethememberis(inside,ouside)anddoestherightthing accordingly. Isn’tthatabitmagic? Thisisacase-split.∨isacase-split.∨onschemaisacase-splitfor schema.∧islikeaparallelexecution. Buttheyarenot.Thereisnonotionofflowofcontrolorexecutionhere. Justspecifications. 15

  14. InitialState What’stheinitialstateofthebadmintonclub(backin1934,probably). Maybesomethinglikethis: InitClubState ClubState′ badminton′ ={} hall′={} It’sjustconventiontouse‘after’(withprime;withdash)statevariablesin initialstate. 16

  15. InitialState TheinitialstatehadbettersatisfytheconditionsforClubState. Thatis,hall′ ⊆badminton′and#hall′≤maxplayers. Solet’scheck{} ⊆{}and0≤maxplayers. 17

  16. Totalisingoperations AddMember ∆ClubState newmember? :STUDENT newmember?∈badminton badminton′=badminton∪{newmember?} hall′=hall Notethepreconditionnewmember?∈badminton.AddMember specifiesaPARTIALfunction.Ifnewmember?∈badmintonthen AddMemberisnotdefined,asafunctiononclubstates. 18

  17. Totalisingoperations Supposenewmember? ∈badmintonandsomebodytriesadding newmember?. Somebodyiseitherstupid,orplayingapracticaljoke...orperhapsthey purchasedlifetimemembership30yearspreviouslyandjustforgot. Perhapstheyarealecturerandtheirbrainhasbeenblastedbythe howlingwindsofathousanddataprojectors. Howdowemakethisspecificationofapartialfunction,intoa specificationofatotalfunction? 19

  18. Totalisingoperations Recalltheno-op: ΞClubState ∆ClubState badminton′=badminton hall′=hall ΞClubState badminton,hall:PSTUDENT badminton′,hall′:PSTUDENT hall⊆badminton,#hall≤maxplayers hall′⊆badminton′,#hall′≤maxplayers′ hall′=hall,badminton′=badminton 20

  19. Totalisingoperations ::=success|isMember SuccessMessage MESSAGE IsMember ΞClubState newMember?:STUDENT outcome!:MESSAGE newMember? ∈badminton outcome! =isMember Totalise: outcome! outcome! :MESSAGE =SUCCESS =(AddMember∧SuccessMessage)∨IsMember. TotalAddMember FormalSpecF22HO2,Lecture5 21

  20. Totalisingoperations Aschemaistotalwhentheoutcomeisspecifiedforallpossibleinputs. ProgramsinCandJavaaretotal;theytakeaninput,giveanoutput. Specificationsoftheseprogramsmaybepartial;wemayonlyspecify partialinformation. Gothroughthepreviousspecs:RemoveMember,EnterHall,LeaveHall, NotInHall.Whichofthesearetotal?Totalisetheonesthatarenot. FormalSpecF22HO2,Lecture5 22

  21. Hiding S\bistheschemaobtainedbyexistentiallyquantifyingbinS.Best explainedbyexample: A HideA B HideB :Z :Z :Z a a,b a ∃a:Z• ∃b:Z• =42 =b+2 a =42 a a b<10 (a=b+2∧ <10) b \a,bandsoon. SimilarlyforS FormalSpecF22HO2,Lecture5 23

  22. Hiding Notethat∃b :Z.•(a=b+2∧b<10)meansthesamethingas a<12. SowecanequivalentlywriteHideBas: HideB a:Z <12 a FormalSpecF22HO2,Lecture5 24

  23. Anotherexampleofhiding =AddMember\newMember?: AddWho ∆ClubState DefineAddWho AddMember ∆ClubState newmember? :STUDENT ∃newmember?:STUDENT• newmember?∈badminton badminton′=badminton∪ {newmember?} hall′=hall (newmember?∈badminton∧ ′ {newmember?}∧ =badminton∪ badminton ′ =hall) hall WhatdoesAddWhodo? FormalSpecF22HO2,Lecture5 25

  24. Calculatingpreconditions =AddMember∧SuccessMessage. SuccessMessage outcome!:MESSAGE DefineSuccessAddMember AddMember ∆ClubState newmember? :STUDENT outcome! =SUCCESS newmember?∈badminton badminton′=badminton∪ {newmember?} hall′=hall Whatdoesthisspecificationsay?Let’ssee... FormalSpecF22HO2,Lecture5 26

  25. Partiallyexpandthedefinition SuccessAddMember ∆ClubState newmember?:STUDENT outcome!:MESSAGE newmember?∈badminton badminton′=badminton∪{newmember?} hall′=hall outcome!=success That’sabitbetter—butnotgoodenough.Wewanttoexpandmore! FormalSpecF22HO2,Lecture5 27

  26. Expandfurther SuccessAddMember ClubState badminton′,hall′:PSTUDENT newmember?:STUDENT outcome!:MESSAGE hall′⊆badminton′ #hall′≤maxPlayers newmember?∈badminton badminton′=badminton∪{newmember?} hall′=hall outcome!=success FormalSpecF22HO2,Lecture5 28

  27. Calculatingpreconditions Recall: badminton′,hall′ badminton′,hall′ :PSTUDENTarethestateafter. :PSTUDENTarethestatebefore. newMember?istheinput. output!istheoutput. That’sjustourreadingofthemeaningofthesevariables,butitisa convention;′forafter,?forinput,!foroutput. IsAddMemberSuccessdefinedforallpossibleinputsandinputstates? FormalSpecF22HO2,Lecture5 29

  28. \{badminton′,hall′,output!} SuccessAddMember preSuccessAddMember ClubState newmember? :STUDENT ∃badminton′,hall′:PSTUDENT;outcome!:MESSAGE• hall′ ⊆badminton′∧#hall′≤maxPlayers ∧newmember?∈badminton ∧badminton′=badminton∪{newmember?} ∧hall′=hall∧outcome!=success Sethall′ =hallanddropoutcome!.∃outcome!:MESSAGE•outcome!=successis trueandwedonotmentionoutcome!elsewhere. FormalSpecF22HO2,Lecture5 30

  29. \{badminton′,hall′,output!},simplified SuccessAddMember preSuccessAddMember ClubState newmember? :STUDENT ∃badminton′• ∧newmember?∈badminton ′ ∧badminton′=badminton∪{newmember?} ∧hall=hall Wedrophall=hallandnotethat#hall≤maxPlayers,whichwasa conditiononhall′,isnowsomethingthat’salreadyinClubState. FormalSpecF22HO2,Lecture5 31

  30. \{badminton′,hall′,output!},simplifiedmore SuccessAddMember preSuccessAddMember ClubState newmember? :STUDENT ∃badminton′• ′ ∧badminton′=badminton∪{newmember?} hall⊆badmintonbyClubStateand badminton′=badminton∪{newmember?},sohall guaranteed. FormalSpecF22HO2,Lecture5 ⊆badminton′is 32

  31. \{badminton′,hall′,output!},simplifiedeven SuccessAddMember more preSuccessAddMember ClubState newmember? :STUDENT ∃badminton′• newmember?∈badminton ∧badminton′=badminton∪{newmember?} ∃badminton′•badminton′=badminton∪{newmember?}isas usefulasabarbershoponthestepsoftheguillotine;cutitoff. FormalSpecF22HO2,Lecture5 33

  32. \{badminton′,hall′,output!},simplifiedridicu- SuccessAddMember lously preSuccessAddMember ClubState newmember?:STUDENT newmember? ∈badminton There’syourprecondition:newmember? ∈badminton. Wefoundabug!!Theprogramfailsifnewmember? FormalSpecF22HO2,Lecture5 ∈badminton. 34

  33. preSuccessAddMember TheoperationdescribedbySuccessAddMemberisnottotal. Asafunctionfromclubstatestoclubstatestakinginputnewmember?, outputisnotdefinedifnewmember?∈badminton. FormalSpecF22HO2,Lecture5 35

  34. Fact Fact.predistributesoverdisjunction: pre(S ∨T)=preS∨preT. SotocheckifTotalAddMemberreallyistotal,itsufficestocalculate preIsMemberandseeifitisnewMember?∈badminton. Let’sdoit:letoursloganbeexpand,hide,simplify. FormalSpecF22HO2,Lecture5 36

  35. Expand,hide,simplify:IsMember IsMember ΞClubState newMember?:STUDENT outcome!:MESSAGE newMember?∈badminton outcome!=isMember FormalSpecF22HO2,Lecture5 IsMember ClubState badminton′,hall′:PSTUDENT newMember?:STUDENT outcome!:MESSAGE hall′⊆badminton′ #hall′≤maxPlayers newMember?∈badminton outcome!=isMember badminton′=badminton hall′=hall 37

  36. Expand,hide,simplify:IsMember preIsMember ClubStatenewMember? :STUDENT ∃badminton′,hall′:PSTUDENT;outcome!:MESSAGE• hall′⊆badminton′ ∧#hall′≤maxPlayers ∧newMember?∈badminton ∧outcome!=isMember ∧badminton′=badminton ∧hall′=hall FormalSpecF22HO2,Lecture5 38

  37. Expand,hide,simplify:IsMember preIsMember ClubState newMember?:STUDENT ∃outcome!:MESSAGE• hall⊆badminton ∧#hall≤maxPlayers ∧newMember?∈badminton ∧outcome!=isMember (Don’trushthis.Onestepatatime.) FormalSpecF22HO2,Lecture5 39

  38. Expand,hide,simplify:IsMember preIsMember ClubStatenewMember? :STUDENT ⊆badminton hall ∧#hall≤maxPlayers ∧newMember?∈badminton FormalSpecF22HO2,Lecture5 40

  39. Expand,hide,simplify:IsMember preIsMember ClubStatenewMember? :STUDENT newMember? ∈badminton That’sit,we’redone.TotalAddMemberistotal. =preSuccessAddMember∨preIsMember =newMember?∈badminton∨newMember?∈badminton =T 41 preTotalAddMember FormalSpecF22HO2,Lecture5

More Related