csc 509 lecture notes week 9 the dream of formal
play

CSC 509 Lecture Notes Week 9 The Dream of Formal Verification or is - PowerPoint PPT Presentation

Jan 29, 2024 •182 likes •608 views

CSC509-S14-L9 Slide 1 CSC 509 Lecture Notes Week 9 The Dream of Formal Verification or is it Delusion? CSC509-S14-L9 Slide 2 I. Administrative Matters A. Recap of Remaining work: 1. Assignment 6 -- last set of readings. 2. Assignment 7 --

  1. CSC509-S14-L9 Slide 1 CSC 509 Lecture Notes Week 9 The Dream of Formal Verification or is it Delusion?

  2. CSC509-S14-L9 Slide 2 I. Administrative Matters A. Recap of Remaining work: 1. Assignment 6 -- last set of readings. 2. Assignment 7 -- in-class presentations. 3. Assignment 8 -- final project/paper.

  3. CSC509-S14-L9 Slide 3 Administrative Matters, cont’d B. Presentation scheduling: 1. See wiki. 2. Note no diff between one and two-person teams.

  4. CSC509-S14-L9 Slide 4 Administrative Matters, cont’d C. Final Project Deliverables: 1. See wiki. 2. Tune up brief summary if necessary.

  5. CSC509-S14-L9 Slide 5 -- Now onto the Dream --

  6. CSC509-S14-L9 Slide 6 II. Mathematical Foundations of Computing A. Computer hardware and software are both based on mathematical logic. B. Founders of computer science were logicians. C. So were inventors of programming language con- cepts still in use today.

  7. CSC509-S14-L9 Slide 7 III. How does program verification fit into the scheme of things? A. Began with modern programming languages. B. John McCarthy’s 1962 paper "Towards a mathematical theory of computation" C. Robert Floyd’s 1967 "Assigning Meaning to Programs"

  8. CSC509-S14-L9 Slide 8 How verification fits in, cont’d D. Hoare’s 1969 " An Axiomatic Basis for Computer Programming " E. Hoare and Wirth’s 1973 " An Axiomatic Definition of the Programming Language PASCAL "

  9. CSC509-S14-L9 Slide 9 IV. How Does Verification Relate to Testing? A. Testing: show that a program is correct for n some finite set of inputs. B. Verification: prove that a program is correct for all possible inputs.

  10. CSC509-S14-L9 Slide 10 Now onto the "Reliable Without Proof" and "Verified Software Initiative" papers First the 1996 "Without Proof"

  11. CSC509-S14-L9 Slide 11 V. Noteworthy citations from the "Reliable" paper: A. Hmm, he didn’t giv e any. B. Can he get away with that?

  12. CSC509-S14-L9 Slide 12 VI. Who is Hoare guy, anyway? A. "Sir Tony" to his friends. B. Among other things: 1. Inventor of Quicksort. 2. Co-Inventor of program verification. 3. Inventor of CSP (mentioned in Week 4 notes). 4. 1980 ACM Turing award winner.

  13. CSC509-S14-L9 Slide 13 VII. Some Starter Questions A. Does Hoare like testing OK, or does he still pine for formal verification? B. Back in 1996, how prescient was Hoare about the TDD thing?

  14. CSC509-S14-L9 Slide 14 Some Starter Questions, cont’d C. Overall, how do Hoare’s analyses say square with Agile-style testing? D. Does Hoare say that we can do without formal methods altogether, or just the proof stuff? E. We’ll consider these and other questions further ...

  15. CSC509-S14-L9 Slide 15 VIII. Section 1 -- Introduction A. "... in spite of appearances, modern software engineering practice owes a great deal to the the- oretical concepts"

  16. CSC509-S14-L9 Slide 16 Section 1 -- Introduction, cont’d B. The plain fact -- "the current state of industrial practice lags behind the research we did in the past. Twenty years perhaps?" C. Twenty years at least!

  17. CSC509-S14-L9 Slide 17 IX. Section 2 -- Management A. "Above all, the strictest management is needed to prevent premature commitment to start program- ming as soon as possible." B. "This can only lead to a volume of code of unknown and untestable utility," C. Do these statement contradict agile testing??

  18. CSC509-S14-L9 Slide 18 Management, cont’d D. "... inspections, walk throughs, reviews and gates are required to define important transitions between all subsequent phases in the project ..." E. This is precisely SCRUM, though Hoare may have envisioned it happening monthly rather than daily.

  19. CSC509-S14-L9 Slide 19 Management, cont’d F. And there’s this -- "... there is now increasing experience of the benefits of introducing abstract mathematical concepts and reasoning methods into the process, right from the beginning." G. See, e.g., 2009 IEEE Computer article: "Formal Versus Agile: Survival of the Fittest?"

  20. CSC509-S14-L9 Slide 20 Management, cont’d H. The gist of the paper: "Success in the use of mathematics for specifica- tion, design and code reviews does not require strict formalization of all the proofs."

  21. CSC509-S14-L9 Slide 21 Management, cont’d I. Some appropriate humility: "It [formal reasoning] is not immune from fail- ure; for example simple misprints can be surpris- ingly hard to detect by eye. Fortunately, these are exactly the kind of error that can be removed by early tests."

  22. CSC509-S14-L9 Slide 22 Management, cont’d J. Still a bit of a dream "Informal reasoning among those who are fluent in the idioms of mathematics is extremely effi- cient, and remarkably reliable."

  23. CSC509-S14-L9 Slide 23 Management, cont’d K. And finally "More formal calculation can be reserved for the most crucial issues, ..., where bugs would be most dangerous, expensive, and most difficult to diag- nose by tests."

  24. CSC509-S14-L9 Slide 24 X. Section 3 -- Testing A. "Thorough testing is touchstone of reliability" B. "Tests are applied as early as possible" C. "They are designed rigorously" D. "If a test fails, it is not enough to mend the faulty product."

  25. CSC509-S14-L9 Slide 25 XI. So, how do does testing work so well? A. Skeptics may still say it doesn’t B. Per E.W. Dijkstra "program testing can reveal only the presence of bugs, never their absence" C. And QA folks say "you cannot test quality into a product". How then can testing contribute to reli- ability of programs, theories and products? D. Is the confidence it gives illusory?

  26. CSC509-S14-L9 Slide 26 XII. But it evidently does work. A. "The resolution of the paradox is well known in the theory of quality control." B. "It is to ensure that a test made on a product is not a test of the product itself, but rather of the methods that have been used to produce it"

  27. CSC509-S14-L9 Slide 27 But it does work., cont’d C. "The first lesson is that the test strategy must be laid out in advance." D. "The real value of tests is not that they detect bugs in the code, but that they detect inadequacy in the methods, ... and skills of those who design and produce the code"

  28. CSC509-S14-L9 Slide 28 But it does work., cont’d E. He goes on to point out the specific benefits of black box and regression testing (remember this is 1996).

  29. CSC509-S14-L9 Slide 29 XIII. Section 4 -- Debugging A. He presents a cute Mosquito analogy. B. Vicious biting mosquitos are killed quickly. C. Gentle non-biting ones lurk on. D. Cf. the known "gentle" bugs in, e.g., gcc

  30. CSC509-S14-L9 Slide 30 XIV. Coverage A. Hoare preaches the virtue of coverage. B. Did he read an early version of the 1997 Zhu paper?

  31. CSC509-S14-L9 Slide 31 Coverage, cont’d C. A bit early to have read a draft of the 2009 MS research paper, but he boldly states their conclu- sions anyway: "Equally unfortunately, total coverage is found to be necessary: more errors continue to be discov- ered right up to the last line tested."

  32. CSC509-S14-L9 Slide 32 Coverage, cont’d D. He also gets in his bit about OPs -- "... most general-purpose programs are only used in highly stereotyped ways ..."

  33. CSC509-S14-L9 Slide 33 Coverage, cont’d E. And some more from 2009 -- "Suppose a hundred new errors of this kind are detected each year. Crude extrapolation suggests that there must be about half a million such errors in the code. [Undetected errors] play the same role as the swarms of the gentle kind of mosquito that hardly ever bites."

  34. CSC509-S14-L9 Slide 34 Coverage, cont’d F. Ah, but "The less fortunate corollary is that if all the errors that are detected are immediately cor- rected, it would take a thousand years to reduce the error rate by twenty percent."

  35. CSC509-S14-L9 Slide 35 Coverage, cont’d G. And how little we seemed to have progressed in the last 20ish years: "Unfortunately, before that stage is reached, it often happens that a new version of the system is delivered, and the error rate shoots up again."

  36. CSC509-S14-L9 Slide 36 XV. Section 5 -- Over-engineering A. He mentions defensive programming B. Also software audits , which are nowadays called "code reviews". C. In general, he considers over-engineering to be a sub-optimal tactic for reliability.

  37. CSC509-S14-L9 Slide 37 XVI. Section 6 -- Programming Methodology A. Things are bit dated here. B. He talks about structured programming C. Also the benefits of strong typing (Python folks, are you listening?)

  38. CSC509-S14-L9 Slide 38 ’Programming, cont’d D. And don’t forget information hiding E. He (tries) to argue that more languages have ev olved from formally specified progenitor (e.g., Algol 60) as opposed to less formal ones (e.g., COBOL). Alas, he’s left C out of the mix."

Recommend

CSC 530 Lecture Notes Week 5 More on Formal Semantics with Attribute Grammars CSC530-W02-L5

CSC 530 Lecture Notes Week 5 More on Formal Semantics with Attribute Grammars CSC530-W02-L5

CSC530-W02-L5 Slide 1 CSC 530 Lecture Notes Week 5 More on Formal Semantics with Attribute Grammars CSC530-W02-L5 Slide 2 I. Attribute semantics of real programming languages A. Last weeks pretty trivial B. These notes investigate SIL

790 views • 53 slides
CSC 509 Lecture Notes Week 4 Using Formal Specs to Support Testing (Monday) Class Project

CSC 509 Lecture Notes Week 4 Using Formal Specs to Support Testing (Monday) Class Project

CSC509-S14-L4 Slide 1 CSC 509 Lecture Notes Week 4 Using Formal Specs to Support Testing (Monday) Class Project Proposals (Wednesday) CSC509-S14-L4 Slide 2 I. Quick Notes about "How to Read a Paper" A. A useful little ditty. B.

1.11k views • 67 slides
CSC 309 Lecture Notes Week 4 Formal Specs in Testing Intro to Testing Techniques CSC309-S15-L4

CSC 309 Lecture Notes Week 4 Formal Specs in Testing Intro to Testing Techniques CSC309-S15-L4

CSC309-S15-L4 Slide 1 CSC 309 Lecture Notes Week 4 Formal Specs in Testing Intro to Testing Techniques CSC309-S15-L4 Slide 2 I. Deriving and refining method specs. A. Testing requires that we know exactly what constitutes valid versus

1.91k views • 153 slides
Notes From Last Week Some Class Members Questions WB-Formal training of the artists: Meta

Notes From Last Week Some Class Members Questions WB-Formal training of the artists: Meta

Notes From Last Week Some Class Members Questions WB-Formal training of the artists: Meta Warwick Fuller; PA Museum and School of Art Ecole des Beaux Arts and Atelier of Rodin William H. Johnson; National Academy of Design, Cape Cod School

665 views • 30 slides
CS 678 Machine Learning Lecture Notes 1 Week 1 - chapter 1 and probability 1.1 General

CS 678 Machine Learning Lecture Notes 1 Week 1 - chapter 1 and probability 1.1 General

CS 678 Machine Learning Lecture Notes 1 Week 1 - chapter 1 and probability 1.1 General syllabus what do students know (prog. lang., stats, math, calculus ) 1.2 machine learning 1.2.1 general concepts example of predicting basketball

298 views • 10 slides
CSC 530 Lecture Notes Week 2 Discussion of Assignment 1 Topics from the Lisp Primer Topics from

CSC 530 Lecture Notes Week 2 Discussion of Assignment 1 Topics from the Lisp Primer Topics from

CSC530-W02-L2 Slide 1 CSC 530 Lecture Notes Week 2 Discussion of Assignment 1 Topics from the Lisp Primer Topics from Part 1 of the Readings CSC530-W02-L2 Slide 2 I. Reading this week -- papers 1-4 on functional programming. II. Discussion

1.13k views • 93 slides
CSC 484 Lecture Notes Week 8 Chapters 13, 14, and 15 of the Book CSC484-S08-L8 Slide 2 I.

CSC 484 Lecture Notes Week 8 Chapters 13, 14, and 15 of the Book CSC484-S08-L8 Slide 2 I.

CSC484-S08-L8 Slide 1 CSC 484 Lecture Notes Week 8 Chapters 13, 14, and 15 of the Book CSC484-S08-L8 Slide 2 I. Relevant reading -- See title slide. CSC484-S08-L8 Slide 3 II. Intro to Ch 13 (Sec 13.1). A. Largely a recap. B. Presents eval

796 views • 65 slides
CSC 509 Lecture Notes Week 6 Survey of Test Coverage and Adequacy CSC509-S15-L5 Slide 2 I.

CSC 509 Lecture Notes Week 6 Survey of Test Coverage and Adequacy CSC509-S15-L5 Slide 2 I.

CSC509-S15-L5 Slide 1 CSC 509 Lecture Notes Week 6 Survey of Test Coverage and Adequacy CSC509-S15-L5 Slide 2 I. Administrative Matters A. This coming Wed, brief individual meetings. 1. Ill provide some concrete feedback on your project

354 views • 24 slides
CSC 530 Lecture Notes Week 6 Discussion of Assignment 3, Questions 1 and 2 Introduction to

CSC 530 Lecture Notes Week 6 Discussion of Assignment 3, Questions 1 and 2 Introduction to

CSC530-W02-L6 Slide 1 CSC 530 Lecture Notes Week 6 Discussion of Assignment 3, Questions 1 and 2 Introduction to Denotational Semantics CSC530-W02-L6 Slide 2 I. Turingol Highlights A. Semantics define compilation of a TM language into

715 views • 34 slides
Paxos week and the Temple of Doom Doug Woos Logistics notes Next Monday: International

Paxos week and the Temple of Doom Doug Woos Logistics notes Next Monday: International

Paxos week and the Temple of Doom Doug Woos Logistics notes Next Monday: International Workers Day - No in-class lecture - Will record a video lecture - Please watch by next Wednesday! Lab 2b due tonight at 9pm Problem Set 2 due Friday

1.04k views • 45 slides
CSC 309 Lecture Notes Week 1 Introduction to the Course Introduction to the Design Process

CSC 309 Lecture Notes Week 1 Introduction to the Course Introduction to the Design Process

CSC309-S15-L1 Slide 1 CSC 309 Lecture Notes Week 1 Introduction to the Course Introduction to the Design Process CSC309-S15-L1 Slide 2 I. First-day handouts A. Syllabus B. Milestone 1, including 1. SCO format 2. work breakdown format 3.

977 views • 52 slides
Paxos week! Doug Woos Logistics notes Next Monday: International Workers Day - No in-class

Paxos week! Doug Woos Logistics notes Next Monday: International Workers Day - No in-class

Paxos week! Doug Woos Logistics notes Next Monday: International Workers Day - No in-class lecture - Will record a video lecture - Please watch by next Wednesday! Lab 2b due Wednesday Problem Set 2 due Friday - Typeset, short answers,

580 views • 24 slides
CSC 530 Lecture Notes Week 10 Algebraic Semantics CSC530-S02-L10 Slide 2 I. A grand vision. A.

CSC 530 Lecture Notes Week 10 Algebraic Semantics CSC530-S02-L10 Slide 2 I. A grand vision. A.

CSC530-S02-L10 Slide 1 CSC 530 Lecture Notes Week 10 Algebraic Semantics CSC530-S02-L10 Slide 2 I. A grand vision. A. Algebraic semantics intended to have a wide scope. B. In is grandest form, its a unifying the- oretical framework for:

532 views • 23 slides
CSC 405 Lecture Notes Week 9 OCU/Manet Testing Details CSC405-F10-L9 Slide 2 I. Revisiting

CSC 405 Lecture Notes Week 9 OCU/Manet Testing Details CSC405-F10-L9 Slide 2 I. Revisiting

CSC405-F10-L9 Slide 1 CSC 405 Lecture Notes Week 9 OCU/Manet Testing Details CSC405-F10-L9 Slide 2 I. Revisiting SQLite as a "best practice" example. A. Go over each point in the exec summary. B. Consider if/how these points will be

711 views • 27 slides
CISC101 Reminders & Notes Today Test 3 this week in tutorial From last time

CISC101 Reminders & Notes Today Test 3 this week in tutorial From last time

CISC101 Reminders & Notes Today Test 3 this week in tutorial From last time Finding minimums and maximums USATs at the beginning of next lecture Slides 31-37 Please attend and fill out an evaluation Timing

257 views • 8 slides
CSC 509 Lecture Notes Week 5 The Promise of Spec-Based Test Generation -- a brief oveview of of a

CSC 509 Lecture Notes Week 5 The Promise of Spec-Based Test Generation -- a brief oveview of of a

CSC509-S15-L5 Slide 1 CSC 509 Lecture Notes Week 5 The Promise of Spec-Based Test Generation -- a brief oveview of of a new direction -- CSC509-S15-L5 Slide 2 I. Again, common refrains about manual test gen: A. Its boring and tedious. B.

521 views • 20 slides
C R RAO AIMSCS Lecture Notes Series Author (s): B.L.S. PRAKASA RAO Title of the Notes : Brief

C R RAO AIMSCS Lecture Notes Series Author (s): B.L.S. PRAKASA RAO Title of the Notes : Brief

C R RAO Advanced Institute of Mathematics, Statistics and Computer Science (AIMSCS) C R RAO AIMSCS Lecture Notes Series Author (s): B.L.S. PRAKASA RAO Title of the Notes : Brief Notes on BIG DATA: A Cursory Look Lecture Notes No .: LN2015 - 01

386 views • 16 slides
Lecture 2: 4/15/17 Lecturer: C. Seshadhri Scribe: Matthew Gray Disclaimer : These notes have not

Lecture 2: 4/15/17 Lecturer: C. Seshadhri Scribe: Matthew Gray Disclaimer : These notes have not

CMPS290A: Sublinear algorithms for graphs Spring 2017 Lecture 2: 4/15/17 Lecturer: C. Seshadhri Scribe: Matthew Gray Disclaimer : These notes have not been subjected to the usual scrutiny reserved for formal publications. They may be

394 views • 4 slides
CSC 484 Lecture Notes Week 4, Part 2 Understanding Users, Cognitively CSC484-S08-L4.2 Slide 2 I.

CSC 484 Lecture Notes Week 4, Part 2 Understanding Users, Cognitively CSC484-S08-L4.2 Slide 2 I.

CSC484-S08-L4.2 Slide 1 CSC 484 Lecture Notes Week 4, Part 2 Understanding Users, Cognitively CSC484-S08-L4.2 Slide 2 I. Relevant Reading -- chapter 3 of the book. CSC484-S08-L4.2 Slide 3 II. Applying cognitive understanding to interaction

430 views • 41 slides
Paxos Week: Return of the State Machine Doug Woos Logistics notes No in-class lecture Monday

Paxos Week: Return of the State Machine Doug Woos Logistics notes No in-class lecture Monday

Paxos Week: Return of the State Machine Doug Woos Logistics notes No in-class lecture Monday Problem Set 2 due tonight Lab 3 out Paxos Made Simple Discussion Paxos vs. Primary/Backup Paxos vs. 2PC What about reconfig? The story of Paxos

1.03k views • 79 slides
Week 5 Basic Python (More Assignment 3 Notes) 1 Later this Week Survey: Midterm

Week 5 Basic Python (More Assignment 3 Notes) 1 Later this Week Survey: Midterm

LING 300 - Topics in Linguistics: Introduction to Programming and Text Processing for Linguists Week 5 Basic Python (More Assignment 3 Notes) 1 Later this Week Survey: Midterm self-evaluations Midterm course feedback Final

468 views • 12 slides
CSC 530 Lecture Notes Week 8 Wrap Up of Denotational Semantics Introduction to Axiomatic

CSC 530 Lecture Notes Week 8 Wrap Up of Denotational Semantics Introduction to Axiomatic

CSC530-S02-L8 Slide 1 CSC 530 Lecture Notes Week 8 Wrap Up of Denotational Semantics Introduction to Axiomatic Semantics CSC530-S02-L8 Slide 2 I. Readings: papers 23-33. II. Tennent Wrap Up A. Check out remaining sections of ch 13 (sections

836 views • 37 slides
CSC 357 Lecture Notes Week 4 Unbuffered File I/O UNIX Files and Directories CSC357-S07-L4 Slide

CSC 357 Lecture Notes Week 4 Unbuffered File I/O UNIX Files and Directories CSC357-S07-L4 Slide

CSC357-S07-L4 Slide 1 CSC 357 Lecture Notes Week 4 Unbuffered File I/O UNIX Files and Directories CSC357-S07-L4 Slide 2 I. Relevant reading: A. Stevens chapters 3 and 4. B. Skim chapter 2. CSC357-S07-L4 Slide 3 II. C and UNIX standards

1.12k views • 72 slides
CSC 509 Lecture Notes Week 2 Assignment 1 Ideas Concepts Underlying Testing Research

CSC 509 Lecture Notes Week 2 Assignment 1 Ideas Concepts Underlying Testing Research

CSC509-S14-L2 Slide 1 CSC 509 Lecture Notes Week 2 Assignment 1 Ideas Concepts Underlying Testing Research CSC509-S14-L2 Slide 2 I. As described in assignment 1 writeup, ev eryone briefly presents their selected paper. CSC509-S14-L2 Slide

391 views • 23 slides

More recommend