1 / 31

Executable Specifications: Foundations  MS Tools

Executable Specifications: Foundations  MS Tools. Yuri Gurevich Microsoft Research. Agenda. A short version of the talk A piece of theory Executable specifications Our languages Our tools. The Short Version. Genesis.

asis
Télécharger la présentation

Executable Specifications: Foundations  MS Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Executable Specifications: Foundations  MS Tools Yuri Gurevich Microsoft Research

  2. Agenda • A short version of the talk • A piece of theory • Executable specifications • Our languages • Our tools

  3. The Short Version

  4. Genesis • This project started about 20 years ago when this logician moved to computer science. • What is CS about? While it is about many things, the central role is played by algorithms (in a broad sense of the term). Operating systems, programming languages, compilers, etc. are all algorithms.

  5. Key Question • What’s an algorithm? • The Turing machine is not adequate anymore. What is, if anything?

  6. The Proposed Solution A long analysis led to abstract state machines and the ASM thesis: For every algorithm there is a behaviorally identical ASM.

  7. Experimental Confirmation • By the thesis, ASMs fit to model and specify algorithms. • Many applications are found, in academia and industry. • In the process, experimental confirmation of the thesis accumulates.

  8. The group on Foundations of Software Engineering at MSR • Wolfram Schulte • Margus Veanes • Colin Campbell • Lev Nachmanson • Mike Barnett • Wolfgang Grieskamp • Nikolai Tillman

  9. Behavioral theory of computation • Increasing parts of the ASM thesis are proven from first principles. • In the process, axiomatic definitions of sequential, parallel, etc. algorithms emerge.

  10. A piece of theory

  11. Sequential Time Postulate Any algorithm determines • the set of states, • the subset of initial states, • the transition function. Def. Two seq-time algorithms are behaviorally equivalent if they have the same states, initial states and the transition function.

  12. What are states of an algorithm? • What are states of, say, a C program? • Transparent (or explicit, or honest) states

  13. Abstract State Postulate • The states are logic structures. • ...

  14. Seq algorithms • Seq-time algorithms with bounded-work steps. • How to measure work?

  15. Definition A sequential algorithm is any entity that satisfies the three postulates: • sequential time, • abstract state, • bounded-exploration.

  16. Euclid’s algorithm if b = 0 then d := aelse [do in-parallel] a := b b := a mod b

  17. Seq Characterization Theorem • For every sequential algorithm A,there exists a behaviorally equivalent sequential ASM . • Ref. #141 at the speaker’s website

  18. 7 9 3 5 8 4 1 2 6 0 Parallel algorithms Example Slicing a dag

  19. Slicing a Dag in AsmL forall v in V if forall u in V holds (u,v) in E implies u in X then add v to X

  20. Par Characterization Thm • Analysis • Theorem: For every parallel algorithm A, there is a behaviorally equivalent parallel ASM . • Ref. #157

  21. Intra-step interaction • New object creation, choice, remote procedure calls, messages • The characterization theorems Ref: #166, 170, 171, and forthcomingby Andreas Blass, YG, Dean Rosenzweig and Benjamin Rossman

  22. Distributed algorithms Distributed ASMs were defined long ago, and most ASM applications, at least at Microsoft, are distributed, but the axiomatization problem is still open.

  23. Executable specifications

  24. Nondeterminsm Parallelism A = [1,3,2] A = [2,1,3] A = [1,2,3] In-place one-swap-a-time sorting var A as Seq of Integer = [3,1,2] Swap() choose i,j in Indices(A) where i<j and A(i)>A(j) A(i) := A(j) A(j) := A(i) Sort() step until fixpoint Swap() A = [2,3,1]

  25. Our Languages

  26. AsmL and C# http://research.microsoft.com/fse/asml • Math e.g. set comprehension {x2 | x ∊ {1,..,10} wherex = 0 mod 2} • Transactions, nondeterminism • OO, interoperability via .NET • Literate programming via Word, automated programming via XML

  27. Topological Sorting stepwhile ToSet(S) ne V let X = V - ToSet(S) if X <> {} then S := S + [(any v | v in Xwherenot(exists u in Xwhere (u,v) in E))]

  28. Our Tools

  29. Specs Spec Explorer Test Specs ParameterizedUnit Tests Specs Spec# Dev Time Arch/PM/Lead Software development process CurrentProjects System Design System Test Class Design UnitTest Abstraction Coding

  30. Validating the spec • Human comprehension • Playing scenarios • Deriving an FSM and then testing (including model checking) it

  31. Enforcing the spec • In the deterministic case, generate a test suite with results, and run the suit on various implementations. • Execute the model and implementation in lock step. • Play to test

More Related