1 / 14

Automated Reasoning with Stack Operations: Do Nothing Example at Clemson University

Explore the automated reasoning process through stack operations in this demonstration by Jason Hallstrom and Murali Sitaraman of Clemson University. Delve into the "Do Nothing" operation, which restores the stack to its original state while ensuring the stack's constraints are met. The session covers general stack templates, mathematical modeling, and verification conditions. Engage in collaborative exercises to complete tables and prove the specifications of push and pop operations. Utilize the web interface to generate verification conditions and streamline the reasoning process.

stu
Télécharger la présentation

Automated Reasoning with Stack Operations: Do Nothing Example at Clemson University

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reasoning with Objects and Web Interface Demo Jason Hallstrom and Murali Sitaraman Clemson University

  2. Example Specification: Operation Do_Nothing (restores S: Stack); Goal: Same as ensures S = #S; Code: (Same as S.Push(S.Pop()) in Java) Procedure Do_Nothing (restores S: Stack); Var E: Entry; Pop(E, S); Push(E, S); end Do_Nothing;

  3. Exercise: Complete table and prove! Assume Confirm 0 … … Pop(E, S); 1 … … Push(E, S); 2 … … • Don’t yet! Instead of IntStacks, we will use general stacks for this example reasoning…because verifying reusable, generic software has more pay-off!

  4. General Stack Template Specification • Instead of IntStacks, we will use general stacks for this example reasoning • Suppose Stack_Template is parameterized by type Entry and Integer Max_Depth • Mathematical Modeling • Type Stack is modeled by Str(Entry); • exemplar S; • constraints |S| <= Max_Depth; • initializationensures S = empty_string;

  5. Specification of Stack Operations Operation Push (alters E: Entry; updates S: Stack); requires |S| < Max_Depth; ensures S = <#E> o #S; Operation Pop (replaces R: Entry; updates S: Stack); requires |S| > 0; ensures #S = <R> o S; Operation Depth (restores S: Stack): Integer; ensures Depth = |S|; …

  6. Collaborative Exercise: Complete table and prove! Assume Confirm 0 … … Pop(E, S); 1 … … Push(E, S); 2 … …

  7. Collaborative Exercise: Answers Assume Confirm 0 … |S0| > 0 Pop(E, S); 1 S0 = <E1> o S1 |S1| < Max_Depth Push(E, S); 2 S2 = <E1> o S1 S2 = S0 …

  8. Discussion Can you explain why there are three confirm assertions? Is the code Correct? If not, fix it!

  9. Discussion Can you explain why there are three confirm assertions? Is the code Correct? If not, fix it! You can either rewrite the code with an “if” statement or add the following requires clause to Do_Nothing operation requires |S| > 0;

  10. Key Ideas The reasoning table can be filled mechanically; no intelligence is required and even a computer can do it! Principles of reasoning about all objects and operations are the same Need mathematical models and specifications

  11. Automated Reasoning The assume and confirm assertions we wrote out in the table can be generated automatically Each confirm assertion becomes a “goal”. The assumptions that can be used to prove that are the “givens”. A goal along with the givens is called a verification condition (VC). For the Do_Nothing example, three VCs need to be proved, because there are three assertions to be confirmed.

  12. Web Interface Demo Google “clemson resolve” Click on the web interface link Select Stack_Template under Concepts Select Do_Nothing_Capability under the tab Enhancements Select Do_Nothing_Realiz under the Tab Enhancement Realizations

  13. Web Interface Demo Click on Generate VCs tab. You should see 3 VCs. See if you can prove the goals from the givens! It should be easy… Note #1: The VC generator minimizes the need for new names, such as S1, S2, S3, etc., so there are less names and they don’t correspond to states in the code directly. Note #2: VC generator uses S’, S’’, etc.

  14. Web Interface Help Click the Help tab on the right top corner You should see Screencasts. They illustrate “how to” for various web interface activities; more use cases continue to be added. You should see Tutorials. The help learn specific principles; more tutorials are under development.

More Related