micromodels of software declarative modelling and analysis with Alloy lecture 4: a case study MIT Lab for Computer Science Marktoberdorf, August 2002
|
|
- Paulina Neal
- 6 years ago
- Views:
Transcription
1 micromodels of software declarative modelling and analysis with Alloy lecture 4: a case study Daniel Jackson MIT Lab for Computer Science Marktoberdorf, August 2002
2 on research strategy 2
3 on research strategy I have grown more and more aware that success in science comes not so much to the most gifted, nor the most skillful, nor the most knowledgeable, but rather to the superior strategist and tactician. -- Jack Oliver 2
4 on research strategy I have grown more and more aware that success in science comes not so much to the most gifted, nor the most skillful, nor the most knowledgeable, but rather to the superior strategist and tactician. -- Jack Oliver To make an important discovery, you must study an important problem. -- Peter Medawar 2
5 on research strategy I have grown more and more aware that success in science comes not so much to the most gifted, nor the most skillful, nor the most knowledgeable, but rather to the superior strategist and tactician. -- Jack Oliver To make an important discovery, you must study an important problem. -- Peter Medawar Know your secret weapon. -- Herb Simon 2
6 know where you are knowledge age of discovery time 3
7 4
8 collection of aphorisms at theory.lcs.mit.edu/~dnj/6898/lecture-notes.html Session 20: Hints on Research Strategy 4
9 bakery algorithm 5
10 bakery algorithm why this example? 5
11 bakery algorithm why this example? curiosity -- I hadn t done it before 5
12 bakery algorithm why this example? curiosity -- I hadn t done it before familiarity -- you can compare to Rushby 5
13 bakery algorithm why this example? curiosity -- I hadn t done it before familiarity -- you can compare to Rushby illustrate aspects of Alloy modelling 5
14 bakery algorithm why this example? curiosity -- I hadn t done it before familiarity -- you can compare to Rushby illustrate aspects of Alloy modelling aspects 5
15 bakery algorithm why this example? curiosity -- I hadn t done it before familiarity -- you can compare to Rushby illustrate aspects of Alloy modelling aspects no commitment to fixed topology in model itself 5
16 bakery algorithm why this example? curiosity -- I hadn t done it before familiarity -- you can compare to Rushby illustrate aspects of Alloy modelling aspects no commitment to fixed topology in model itself can easily encode traces in the logic 5
17 bakery algorithm why this example? curiosity -- I hadn t done it before familiarity -- you can compare to Rushby illustrate aspects of Alloy modelling aspects no commitment to fixed topology in model itself can easily encode traces in the logic both invariant reasoning & trace analysis 5
18 bakery algorithm why this example? curiosity -- I hadn t done it before familiarity -- you can compare to Rushby illustrate aspects of Alloy modelling aspects no commitment to fixed topology in model itself can easily encode traces in the logic both invariant reasoning & trace analysis can mitigate effects of finite bounds 5
19 general observations 6
20 general observations Rushby on PVS nothing s easy, but everything s possible 6
21 general observations Rushby on PVS nothing s easy, but everything s possible Jackson on Alloy everything s easy, but nothing s possible 6
22 general observations Rushby on PVS nothing s easy, but everything s possible Jackson on Alloy everything s easy, but nothing s possible not quite it s not always so easy more is possible than you might have guessed 6
23 signatures 7
24 signatures module bakery open std/ord sig Process {} sig Ticket {} sig State { ticket: Process ->? Ticket, part idle, trying, critical: set Process } 7
25 signatures module bakery open std/ord sig Process {} sig Ticket {} sig State { ticket: Process ->? Ticket, part idle, trying, critical: set Process } process in critical phase holds no ticket: hand in ticket when you re being served 7
26 safety condition 8
27 safety condition at most one process is in the critical phase: sig State { ticket: Process ->? Ticket, part idle, trying, critical: set Process } fun Safe (s: State) { sole s.critical } 8
28 transition relation 9
29 transition relation fun Trans (s, s': State, p: Process) { let othertickets = s.ticket[process-p], next = Ord[Ticket].next { p in s.trying othertickets in s.ticket[p].^next p in s'.critical && no s'.ticket[p] } or } 9
30 transition relation fun Trans (s, s': State, p: Process) { let othertickets = s.ticket[process-p], next = Ord[Ticket].next { p in s.trying othertickets in s.ticket[p].^next p in s'.critical && no s'.ticket[p] } or } precondition: p is in trying phase and all other tickets follow its ticket 9
31 transition relation fun Trans (s, s': State, p: Process) { let othertickets = s.ticket[process-p], next = Ord[Ticket].next { p in s.trying othertickets in s.ticket[p].^next p in s'.critical && no s'.ticket[p] } or } precondition: p is in trying phase and all other tickets follow its ticket postcondition: p is in critical phase after, and holds no ticket 9
32 other cases 10
33 other cases fun Trans (s, s': State, p: Process) { let othertickets = s.ticket[process-p], next = Ord[Ticket].next or {p in s.critical p in s'.idle s'.ticket[p] = s.ticket[p]} or {p in s.idle p in s'.trying some s'.ticket[p] & othertickets.^next} } 10
34 frame condition 11
35 frame condition define a condition saying that a process p doesn t change: fun NoChange (s, s': State, p: Process) { s.ticket[p] = s'.ticket[p] p in s.idle => p in s'.idle p in s.trying => p in s'.trying p in s.critical => p in s'.critical } 11
36 initial condition 12
37 initial condition fun Init (s: State) { Safe (s) } 12
38 putting things together 13
39 putting things together fun Interleaving () { Init (Ord[State].first) all s: State - Ord[State].last, s : Ord[State].next[s] some p: Process { Trans (s,s',p) all x: Process - p NoChange(s,s',x) } } 13
40 putting things together fun Interleaving () { Init (Ord[State].first) all s: State - Ord[State].last, s : Ord[State].next[s] some p: Process { Trans (s,s',p) all x: Process - p NoChange(s,s',x) } } use of ordering: instantiation imposes a total order on the set State 13
41 allowing simultaneous actions 14
42 allowing simultaneous actions fun Simultaneity () { Init (Ord[State].first) all s: State - Ord[State].last, s': Ord[State].next[s] all p: Process Trans (s,s',p) or NoChange(s,s',p) } 14
43 checking a conjecture 15
44 checking a conjecture assert InterleavingSafe { Interleaving () => all s: State Safe (s) } check InterleavingSafe for 4 but 2 Process 15
45 counterexamples 16
46 how much assurance? 17
47 how much assurance? analysis within bounded scope: check InterleavingSafe for 4 but 2 Process 17
48 how much assurance? analysis within bounded scope: check InterleavingSafe for 4 but 2 Process 2 processes seems reasonable we ve learned something about a real scenario 17
49 how much assurance? analysis within bounded scope: check InterleavingSafe for 4 but 2 Process 2 processes seems reasonable we ve learned something about a real scenario 4 tickets? 4 states? not at all reasonable running out of tickets is a poor approximation not considering all states may miss bugs 17
50 when is a trace long enough? 18
51 when is a trace long enough? for safety properties, check all traces but how long? ie, what is scope of State? 18
52 when is a trace long enough? for safety properties, check all traces but how long? ie, what is scope of State? idea: bound the diameter if all states reached in path k enough to consider only traces k 18
53 when is a trace long enough? for safety properties, check all traces but how long? ie, what is scope of State? idea: bound the diameter if all states reached in path k enough to consider only traces k strategy ask for loopless trace of length k+1 if none, then k is a bound tighter bounds possible: eg, no shortcuts 18
54 when is a trace long enough? for safety properties, check all traces but how long? ie, what is scope of State? idea: bound the diameter if all states reached in path k enough to consider only traces k strategy ask for loopless trace of length k+1 if none, then k is a bound tighter bounds possible: eg, no shortcuts like bounded model checking but can express conditions directly 18
55 when is a trace long enough? for safety properties, check all traces but how long? ie, what is scope of State? idea: bound the diameter if all states reached in path k enough to consider only traces k strategy ask for loopless trace of length k+1 if none, then k is a bound tighter bounds possible: eg, no shortcuts like bounded model checking but can express conditions directly diameter = 1 max loopless = 1 18
56 when is a trace long enough? for safety properties, check all traces but how long? ie, what is scope of State? idea: bound the diameter if all states reached in path k enough to consider only traces k strategy ask for loopless trace of length k+1 if none, then k is a bound tighter bounds possible: eg, no shortcuts like bounded model checking but can express conditions directly diameter = 1 max loopless = 1 diameter = 1 max loopless = 5 18
57 finding the diameter 19
58 finding the diameter fun NoRepetitionsI () { Interleaving () no disj s, s': State Equiv (s,s') } fun Equiv (s, s': State) { s.ticket = s'.ticket s.idle = s'.idle && s.critical = s'.critical } run NoRepetitionsI for 3 but 2 Process, 8 State 19
59 can we fix the tickets in the same way? 20
60 can we fix the tickets in the same way? what we want to do bound the ticket scope for fast analysis but know that we never run out of tickets 20
61 can we fix the tickets in the same way? what we want to do bound the ticket scope for fast analysis but know that we never run out of tickets one idea find diameter of machine ensure enough tickets for longest trace 20
62 can we fix the tickets in the same way? what we want to do bound the ticket scope for fast analysis but know that we never run out of tickets one idea find diameter of machine ensure enough tickets for longest trace a better idea ticket allocations with same process order are equivalent so find diameter with respect to ticket ordering and show not all tickets are used 20
63 defining the order 21
64 defining the order introduce process ordering as a new field sig StateWithOrder extends State { precedes: Process -> Process }{ all p, p': Process p->p' in precedes iff ticket[p'] in ^(Ord[Ticket].next)[ticket[p]] } fact {State = StateWithOrder} 21
65 defining state equivalence 22
66 defining state equivalence define equivalence modulo ordering fun EquivProcessOrder (s, s': State) { s.precedes = s'.precedes s.idle = s'.idle && s.critical = s'.critical } 22
67 defining state equivalence define equivalence modulo ordering fun EquivProcessOrder (s, s': State) { s.precedes = s'.precedes s.idle = s'.idle && s.critical = s'.critical } define no repetition constraint fun NoRepetitionsUnderOrderI () { Interleaving () no disj s, s': State EquivProcessOrder (s,s') } 22
68 finding the bounds 23
69 finding the bounds find a diameter run NoRepetitionsUnderOrderI for 7 but 3 Process, 13 State 23
70 finding the bounds find a diameter run NoRepetitionsUnderOrderI for 7 but 3 Process, 13 State check that tickets not all used assert EnoughTicketsI { Interleaving () => Ord[Ticket].last!in State.ticket [Process] } check EnoughTicketsI for 7 but 3 Process, 12 State 23
71 finding the bounds find a diameter run NoRepetitionsUnderOrderI for 7 but 3 Process, 13 State check that tickets not all used assert EnoughTicketsI { Interleaving () => Ord[Ticket].last!in State.ticket [Process] } check EnoughTicketsI for 7 but 3 Process, 12 State so now we know for 3 processes, 12 states and 7 tickets is fully general 23
72 getting full coverage 24
73 getting full coverage finally, we check this check InterleavingSafe for 7 but 3 Process, 12 State 24
74 getting full coverage finally, we check this check InterleavingSafe for 7 but 3 Process, 12 State if no counterexample we have a proof for 3 processes 24
75 what we did 25
76 what we did unbounded model of bakery no fixed number of processes or tickets 25
77 what we did unbounded model of bakery no fixed number of processes or tickets analysis in small finite scope may miss counterexamples 25
78 what we did unbounded model of bakery no fixed number of processes or tickets analysis in small finite scope may miss counterexamples established diameter for 3 processes, 12 states and 7 tickets is enough 25
79 what we did unbounded model of bakery no fixed number of processes or tickets analysis in small finite scope may miss counterexamples established diameter for 3 processes, 12 states and 7 tickets is enough full analysis for bounded topology all scenarios for 3 processes 25
80 summary of Alloy 26
81 summary of Alloy a simple language relational first-order logic signatures for structuring: global relations description is set of constraints 26
82 summary of Alloy a simple language relational first-order logic signatures for structuring: global relations description is set of constraints an effective analysis simulation & checking are instance-finding user provides scope, distinct from model tool reduces Alloy to SAT 26
83 summary of Alloy a simple language relational first-order logic signatures for structuring: global relations description is set of constraints an effective analysis simulation & checking are instance-finding user provides scope, distinct from model tool reduces Alloy to SAT applications a variety of case studies used for teaching in ~15 universities 26
84 challenges: better analysis 27
85 challenges: better analysis improving analysis exploiting equalities? eliminating irrelevant constraints? choosing symmetry predicates? 27
86 challenges: better analysis improving analysis exploiting equalities? eliminating irrelevant constraints? choosing symmetry predicates? mitigating effects of scope data independence: scope of 3 enough? decision procedure for subset? 27
87 challenges: better analysis improving analysis exploiting equalities? eliminating irrelevant constraints? choosing symmetry predicates? mitigating effects of scope data independence: scope of 3 enough? decision procedure for subset? analyzing inconsistency what when no instances are found? might have shown false => property tool might show which constraints used 27
88 challenges: applications 28
89 challenges: applications finding bugs in code extract formula from procedure p(s,s0,s1,,s ) check the conjecture pre(s) && p(s,s0,s1,,s ) => post(s,s ) counterexample is trace 28
90 challenges: applications finding bugs in code extract formula from procedure p(s,s0,s1,,s ) check the conjecture pre(s) && p(s,s0,s1,,s ) => post(s,s ) counterexample is trace build veneers on Alloy on API, or as macro language eg, role-based access control eg, semantic web design 28
91 challenges: case studies 29
92 challenges: case studies source code control model CVS at multiple levels is it correct? 29
93 challenges: case studies source code control model CVS at multiple levels is it correct? meta modelling check consistency of UML metamodel check theorems of Unified Theory? 29
94 challenges: case studies source code control model CVS at multiple levels is it correct? meta modelling check consistency of UML metamodel check theorems of Unified Theory? dynamic topology algorithms reverse path forwarding, eg 29
95 thank you! 30
COP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen
COP4020 Programming Languages Introduction to Axiomatic Semantics Prof. Robert van Engelen Assertions and Preconditions Assertions are used by programmers to verify run-time execution An assertion is a
More informationCSE 331 Software Design & Implementation
CSE 331 Software Design & Implementation Kevin Zatloukal Summer 2017 Lecture 2 Reasoning About Code With Logic (Based on slides by Mike Ernst, Dan Grossman, David Notkin, Hal Perkins, Zach Tatlock) Recall
More informationHandout on Logic, Axiomatic Methods, and Proofs MATH Spring David C. Royster UNC Charlotte
Handout on Logic, Axiomatic Methods, and Proofs MATH 3181 001 Spring 1999 David C. Royster UNC Charlotte January 18, 1999 Chapter 1 Logic and the Axiomatic Method 1.1 Introduction Mathematicians use a
More informationCSE 331 Winter 2018 Reasoning About Code I
CSE 331 Winter 2018 Reasoning About Code I Notes by Krysta Yousoufian Original lectures by Hal Perkins Additional contributions from Michael Ernst, David Notkin, and Dan Grossman These notes cover most
More informationRigorous Software Development CSCI-GA
Rigorous Software Development CSCI-GA 3033-009 Instructor: Thomas Wies Spring 2013 Lecture 2 Alloy Analyzer Analyzes micro models of software Helps to identify key properties of a software design find
More informationWhy Learning Logic? Logic. Propositional Logic. Compound Propositions
Logic Objectives Propositions and compound propositions Negation, conjunction, disjunction, and exclusive or Implication and biconditional Logic equivalence and satisfiability Application of propositional
More informationA Short Introduction to Hoare Logic
A Short Introduction to Hoare Logic Supratik Chakraborty I.I.T. Bombay June 23, 2008 Supratik Chakraborty (I.I.T. Bombay) A Short Introduction to Hoare Logic June 23, 2008 1 / 34 Motivation Assertion checking
More informationLogic I - Session 22. Meta-theory for predicate logic
Logic I - Session 22 Meta-theory for predicate logic 1 The course so far Syntax and semantics of SL English / SL translations TT tests for semantic properties of SL sentences Derivations in SD Meta-theory:
More informationHoare Logic: Part II
Hoare Logic: Part II COMP2600 Formal Methods for Software Engineering Jinbo Huang Australian National University COMP 2600 Hoare Logic II 1 Factorial {n 0} fact := 1; i := n; while (i >0) do fact := fact
More informationDynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics
Dynamic Semantics Operational Semantics Denotational Semantic Dynamic Semantics Operational Semantics Operational Semantics Describe meaning by executing program on machine Machine can be actual or simulated
More information1. Prove that the number cannot be represented as a 2 +3b 2 for any integers a and b. (Hint: Consider the remainder mod 3).
1. Prove that the number 123456782 cannot be represented as a 2 +3b 2 for any integers a and b. (Hint: Consider the remainder mod 3). Solution: First, note that 123456782 2 mod 3. How did we find out?
More informationTheories of Programming Languages Assignment 5
Theories of Programming Languages Assignment 5 December 17, 2012 1. Lambda-Calculus (see Fig. 1 for initions of = β, normal order evaluation and eager evaluation). (a) Let Ω = ((λx. x x) (λx. x x)), and
More informationAxiomatic Semantics: Verification Conditions. Review of Soundness and Completeness of Axiomatic Semantics. Announcements
Axiomatic Semantics: Verification Conditions Meeting 12, CSCI 5535, Spring 2009 Announcements Homework 4 is due tonight Wed forum: papers on automated testing using symbolic execution 2 Questions? Review
More informationSupplementary Notes on Inductive Definitions
Supplementary Notes on Inductive Definitions 15-312: Foundations of Programming Languages Frank Pfenning Lecture 2 August 29, 2002 These supplementary notes review the notion of an inductive definition
More informationThe State Explosion Problem
The State Explosion Problem Martin Kot August 16, 2003 1 Introduction One from main approaches to checking correctness of a concurrent system are state space methods. They are suitable for automatic analysis
More informationLast Time. Inference Rules
Last Time When program S executes it switches to a different state We need to express assertions on the states of the program S before and after its execution We can do it using a Hoare triple written
More informationDesign of Distributed Systems Melinda Tóth, Zoltán Horváth
Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/1-2011-0052
More informationCIS 842: Specification and Verification of Reactive Systems. Lecture Specifications: Specification Patterns
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: Specification Patterns Copyright 2001-2002, Matt Dwyer, John Hatcliff, Robby. The syllabus and all lectures for this
More informationMotivation. CS389L: Automated Logical Reasoning. Lecture 10: Overview of First-Order Theories. Signature and Axioms of First-Order Theory
Motivation CS389L: Automated Logical Reasoning Lecture 10: Overview of First-Order Theories Işıl Dillig Last few lectures: Full first-order logic In FOL, functions/predicates are uninterpreted (i.e., structure
More informationAxiomatic Semantics: Verification Conditions. Review of Soundness of Axiomatic Semantics. Questions? Announcements
Axiomatic Semantics: Verification Conditions Meeting 18, CSCI 5535, Spring 2010 Announcements Homework 6 is due tonight Today s forum: papers on automated testing using symbolic execution Anyone looking
More informationAbstractions and Decision Procedures for Effective Software Model Checking
Abstractions and Decision Procedures for Effective Software Model Checking Prof. Natasha Sharygina The University of Lugano, Carnegie Mellon University Microsoft Summer School, Moscow, July 2011 Lecture
More informationNICTA Advanced Course. Theorem Proving Principles, Techniques, Applications
NICTA Advanced Course Theorem Proving Principles, Techniques, Applications λ 1 CONTENT Intro & motivation, getting started with Isabelle Foundations & Principles Lambda Calculus Higher Order Logic, natural
More informationDeduction by Daniel Bonevac. Chapter 3 Truth Trees
Deduction by Daniel Bonevac Chapter 3 Truth Trees Truth trees Truth trees provide an alternate decision procedure for assessing validity, logical equivalence, satisfiability and other logical properties
More information1 Recap: Interactive Proofs
Theoretical Foundations of Cryptography Lecture 16 Georgia Tech, Spring 2010 Zero-Knowledge Proofs 1 Recap: Interactive Proofs Instructor: Chris Peikert Scribe: Alessio Guerrieri Definition 1.1. An interactive
More informationSoftware Testing Lecture 5. Justin Pearson
Software Testing Lecture 5 Justin Pearson 2017 1 / 34 Covering Logical Expressions Logic expression show up in many situations Covering logical expressions have a long history, many are the covering criteria
More informationFoundations of Computation
The Australian National University Semester 2, 2018 Research School of Computer Science Tutorial 6 Dirk Pattinson Foundations of Computation The tutorial contains a number of exercises designed for the
More informationSafety and Liveness Properties
Safety and Liveness Properties Lecture #6 of Model Checking Joost-Pieter Katoen Lehrstuhl 2: Software Modeling and Verification E-mail: katoen@cs.rwth-aachen.de November 5, 2008 c JPK Overview Lecture
More informationTute 10. Liam O'Connor. May 23, 2017
Tute 10 Liam O'Connor May 23, 2017 proc Search(value g : G, value s : V g, value k : K, result v : T, result f : B) Where a graph g : G is dened as a 4-tuple (V, Γ, κ, λ) containing a set of vertices V,
More informationChapter 4: Computation tree logic
INFOF412 Formal verification of computer systems Chapter 4: Computation tree logic Mickael Randour Formal Methods and Verification group Computer Science Department, ULB March 2017 1 CTL: a specification
More informationNunchaku: Flexible Model Finding for Higher-Order Logic
Nunchaku: Flexible Model Finding for Higher-Order Logic Simon Cruanes, Jasmin Blanchette, Andrew Reynolds Veridis, Inria Nancy https://cedeela.fr/~simon/ April 7th, 2016 1 / 21 Summary Introduction Nunchaku
More informationProgramming Languages and Compilers (CS 421)
Programming Languages and Compilers (CS 421) Sasa Misailovic 4110 SC, UIUC https://courses.engr.illinois.edu/cs421/fa2017/cs421a Based in part on slides by Mattox Beckman, as updated by Vikram Adve, Gul
More informationHoare Logic I. Introduction to Deductive Program Verification. Simple Imperative Programming Language. Hoare Logic. Meaning of Hoare Triples
Hoare Logic I Introduction to Deductive Program Verification Işıl Dillig Program Spec Deductive verifier FOL formula Theorem prover valid contingent Example specs: safety (no crashes), absence of arithmetic
More informationMATH CSE20 Homework 5 Due Monday November 4
MATH CSE20 Homework 5 Due Monday November 4 Assigned reading: NT Section 1 (1) Prove the statement if true, otherwise find a counterexample. (a) For all natural numbers x and y, x + y is odd if one of
More informationUndecidability and Rice s Theorem. Lecture 26, December 3 CS 374, Fall 2015
Undecidability and Rice s Theorem Lecture 26, December 3 CS 374, Fall 2015 UNDECIDABLE EXP NP P R E RECURSIVE Recap: Universal TM U We saw a TM U such that L(U) = { (z,w) M z accepts w} Thus, U is a stored-program
More informationAlan Bundy. Automated Reasoning LTL Model Checking
Automated Reasoning LTL Model Checking Alan Bundy Lecture 9, page 1 Introduction So far we have looked at theorem proving Powerful, especially where good sets of rewrite rules or decision procedures have
More informationThe TLA + proof system
The TLA + proof system Stephan Merz Kaustuv Chaudhuri, Damien Doligez, Leslie Lamport INRIA Nancy & INRIA-MSR Joint Centre, France Amir Pnueli Memorial Symposium New York University, May 8, 2010 Stephan
More informationModular Verification of Concurrent Programs via Sequential Model Checking. Dan Rasin
Modular Verification of Concurrent Programs via Sequential Model Checking Dan Rasin Modular Verification of Concurrent Programs via Sequential Model Checking Research Thesis Submitted in partial fulfillment
More informationTheoretical results around Electrum
Theoretical results around Electrum Julien Brunel David Chemouil Denis Kuperberg ONERA/DTIM - IRIT Séminaire DTIM 11/05/2015 Toulouse Introduction Alloy Language Specification language based on First-Order
More informationFirst Order Logic: Syntax and Semantics
CS1081 First Order Logic: Syntax and Semantics COMP30412 Sean Bechhofer sean.bechhofer@manchester.ac.uk Problems Propositional logic isn t very expressive As an example, consider p = Scotland won on Saturday
More informationFoundations of Artificial Intelligence
Foundations of Artificial Intelligence 7. Propositional Logic Rational Thinking, Logic, Resolution Joschka Boedecker and Wolfram Burgard and Frank Hutter and Bernhard Nebel Albert-Ludwigs-Universität Freiburg
More informationEXTRA CREDIT FOR MATH 39
EXTRA CREDIT FOR MATH 39 This is the second, theoretical, part of an extra credit homework. This homework in not compulsory. If you do it, you can get up to 6 points (3 points for each part) of extra credit
More informationLoop Invariants and Binary Search. Chapter 4.4, 5.1
Loop Invariants and Binary Search Chapter 4.4, 5.1 Outline Iterative Algorithms, Assertions and Proofs of Correctness Binary Search: A Case Study Outline Iterative Algorithms, Assertions and Proofs of
More informationLecture Notes on Inductive Definitions
Lecture Notes on Inductive Definitions 15-312: Foundations of Programming Languages Frank Pfenning Lecture 2 August 28, 2003 These supplementary notes review the notion of an inductive definition and give
More informationScalable and Accurate Verification of Data Flow Systems. Cesare Tinelli The University of Iowa
Scalable and Accurate Verification of Data Flow Systems Cesare Tinelli The University of Iowa Overview AFOSR Supported Research Collaborations NYU (project partner) Chalmers University (research collaborator)
More informationHoare Logic: Reasoning About Imperative Programs
Hoare Logic: Reasoning About Imperative Programs COMP1600 / COMP6260 Dirk Pattinson Australian National University Semester 2, 2017 Catch Up / Drop in Lab When Fridays, 15.00-17.00 Where N335, CSIT Building
More informationAnswer set programs with optional rules: a possibilistic approach
: a possibilistic approach Kim Bauters Steven Schockaert, Martine De Cock, Dirk Vermeir Ghent University, Belgium Department of Applied Mathematics, Computer Science and Statistics August 4, 2013 reasoning
More informationPhilosophy 220. Truth-Functional Equivalence and Consistency
Philosophy 220 Truth-Functional Equivalence and Consistency Review Logical equivalency: The members of a pair of sentences [of natural language] are logically equivalent if and only if it is not [logically]
More informationRule-Based Classifiers
Rule-Based Classifiers For completeness, the table includes all 16 possible logic functions of two variables. However, we continue to focus on,,, and. 1 Propositional Logic Meta-theory. Inspection of a
More informationCS 2800: Logic and Computation Fall 2010 (Lecture 13)
CS 2800: Logic and Computation Fall 2010 (Lecture 13) 13 October 2010 1 An Introduction to First-order Logic In Propositional(Boolean) Logic, we used large portions of mathematical language, namely those
More informationApplications of Craig Interpolants in Model Checking
Applications of Craig Interpolants in Model Checking K. L. McMillan Cadence Berkeley Labs Abstract. A Craig interpolant for a mutually inconsistent pair of formulas (A, B) is a formula that is (1) implied
More informationNotes. Corneliu Popeea. May 3, 2013
Notes Corneliu Popeea May 3, 2013 1 Propositional logic Syntax We rely on a set of atomic propositions, AP, containing atoms like p, q. A propositional logic formula φ Formula is then defined by the following
More informationSolution to Proof Questions from September 1st
Solution to Proof Questions from September 1st Olena Bormashenko September 4, 2011 What is a proof? A proof is an airtight logical argument that proves a certain statement in general. In a sense, it s
More informationLinear-time Temporal Logic
Linear-time Temporal Logic Pedro Cabalar Department of Computer Science University of Corunna, SPAIN cabalar@udc.es 2015/2016 P. Cabalar ( Department Linear oftemporal Computer Logic Science University
More informationIris: Higher-Order Concurrent Separation Logic. Lecture 9: Concurrency Intro and Invariants
1 Iris: Higher-Order Concurrent Separation Logic Lecture 9: Concurrency Intro and Invariants Lars Birkedal Aarhus University, Denmark November 21, 2017 Overview Earlier: Operational Semantics of λ ref,conc
More informationLecture Notes on Inductive Definitions
Lecture Notes on Inductive Definitions 15-312: Foundations of Programming Languages Frank Pfenning Lecture 2 September 2, 2004 These supplementary notes review the notion of an inductive definition and
More informationLecture 3 : Predicates and Sets DRAFT
CS/Math 240: Introduction to Discrete Mathematics 1/25/2010 Lecture 3 : Predicates and Sets Instructor: Dieter van Melkebeek Scribe: Dalibor Zelený DRAFT Last time we discussed propositions, which are
More informationPropositional Logic. Fall () Propositional Logic Fall / 30
Propositional Logic Fall 2013 () Propositional Logic Fall 2013 1 / 30 1 Introduction Learning Outcomes for this Presentation 2 Definitions Statements Logical connectives Interpretations, contexts,... Logically
More informationLogic Background (1A) Young W. Lim 5/14/18
Young W. Lim Copyright (c) 2014 2018 Young W. Lim. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later
More informationCSE 105 THEORY OF COMPUTATION
CSE 105 THEORY OF COMPUTATION Spring 2017 http://cseweb.ucsd.edu/classes/sp17/cse105-ab/ Today's learning goals Sipser Ch 5.1 Define and explain core examples of decision problems: A DFA, E DFA, EQ DFA,
More informationLecture 11: Gödel s Second Incompleteness Theorem, and Tarski s Theorem
Lecture 11: Gödel s Second Incompleteness Theorem, and Tarski s Theorem Valentine Kabanets October 27, 2016 1 Gödel s Second Incompleteness Theorem 1.1 Consistency We say that a proof system P is consistent
More informationCSC 7101: Programming Language Structures 1. Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11.
Axiomatic Semantics Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 1 Overview We ll develop proof rules, such as: { I b } S { I } { I } while b do S end { I b } That allow us to verify
More informationMarie Farrell Supervisors: Dr Rosemary Monahan & Dr James Power Principles of Programming Research Group
EXAMINING REFINEMENT: THEORY, TOOLS AND MATHEMATICS Marie Farrell Supervisors: Dr Rosemary Monahan & Dr James Power Principles of Programming Research Group PROBLEM Different formalisms do not integrate
More informationReview Solutions, Exam 2, Operations Research
Review Solutions, Exam 2, Operations Research 1. Prove the weak duality theorem: For any x feasible for the primal and y feasible for the dual, then... HINT: Consider the quantity y T Ax. SOLUTION: To
More informationAbout the impossibility to prove P NP or P = NP and the pseudo-randomness in NP
About the impossibility to prove P NP or P = NP and the pseudo-randomness in NP Prof. Marcel Rémon 1 arxiv:0904.0698v3 [cs.cc] 24 Mar 2016 Abstract The relationship between the complexity classes P and
More informationFormalizing knowledge-how
Formalizing knowledge-how Tszyuen Lau & Yanjing Wang Department of Philosophy, Peking University Beijing Normal University November 29, 2014 1 Beyond knowing that 2 Knowledge-how vs. Knowledge-that 3 Our
More informationCS558 Programming Languages
CS558 Programming Languages Winter 2017 Lecture 2b Andrew Tolmach Portland State University 1994-2017 Semantics Informal vs. Formal Informal semantics Descriptions in English (or other natural language)
More informationAxiomatic Semantics. Operational semantics. Good for. Not good for automatic reasoning about programs
Review Operational semantics relatively l simple many flavors (small vs. big) not compositional (rule for while) Good for describing language implementation reasoning about properties of the language eg.
More informationProof Techniques (Review of Math 271)
Chapter 2 Proof Techniques (Review of Math 271) 2.1 Overview This chapter reviews proof techniques that were probably introduced in Math 271 and that may also have been used in a different way in Phil
More informationCS 730/830: Intro AI. 1 handout: slides. Wheeler Ruml (UNH) Lecture 17, CS / 16. Regression POP
CS 730/830: Intro AI 1 handout: slides Wheeler Ruml (UNH) Lecture 17, CS 730 1 / 16 Aristotle Break Wheeler Ruml (UNH) Lecture 17, CS 730 2 / 16 Aristotle s Means-ends Analysis Aristotle Break We deliberate
More informationSoftware Testing Lecture 7 Property Based Testing. Justin Pearson
Software Testing Lecture 7 Property Based Testing Justin Pearson 2017 1 / 13 When are there enough unit tests? Lets look at a really simple example. import u n i t t e s t def add ( x, y ) : return x+y
More informationIntroduction. Pedro Cabalar. Department of Computer Science University of Corunna, SPAIN 2013/2014
Introduction Pedro Cabalar Department of Computer Science University of Corunna, SPAIN cabalar@udc.es 2013/2014 P. Cabalar ( Department Introduction of Computer Science University of Corunna, SPAIN2013/2014
More informationAI Programming CS S-09 Knowledge Representation
AI Programming CS662-2013S-09 Knowledge Representation David Galles Department of Computer Science University of San Francisco 09-0: Overview So far, we ve talked about search, which is a means of considering
More informationYablo s Paradox and the Omitting Types Theorem for Propositional Languages
Yablo s Paradox and the Omitting Types Theorem for Propositional Languages Thomas Forster April 2, 2012 This on-line version contains a proof of the extended omitting types theorem which is omitted (Ha!)
More informationWarm-Up Problem. Please fill out your Teaching Evaluation Survey! Please comment on the warm-up problems if you haven t filled in your survey yet.
Warm-Up Problem Please fill out your Teaching Evaluation Survey! Please comment on the warm-up problems if you haven t filled in your survey yet Warm up: Given a program that accepts input, is there an
More informationLogical Structures in Natural Language: First order Logic (FoL)
Logical Structures in Natural Language: First order Logic (FoL) Raffaella Bernardi Università degli Studi di Trento e-mail: bernardi@disi.unitn.it Contents 1 How far can we go with PL?................................
More informationIvy: Safety Verification by Interactive Generalization
Ivy: Safety Verification by Interactive Generalization Oded Padon Verification Day 1-June-2016 [PLDI 16] Oded Padon, Kenneth McMillan, Aurojit Panda, Mooly Sagiv, Sharon Shoham. Ivy: Safety Verification
More informationor simply: IC3 A Simplified Description
Incremental Construction of Inductive Clauses for Indubitable Correctness or simply: IC3 A Simplified Description Based on SAT-Based Model Checking without Unrolling Aaron Bradley, VMCAI 2011 Efficient
More informationCSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/33
CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter 4.1-4.8 p. 1/33 CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer
More informationWhat happens to the value of the expression x + y every time we execute this loop? while x>0 do ( y := y+z ; x := x:= x z )
Starter Questions Feel free to discuss these with your neighbour: Consider two states s 1 and s 2 such that s 1, x := x + 1 s 2 If predicate P (x = y + 1) is true for s 2 then what does that tell us about
More informationBounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39
Bounded Model Checking with SAT/SMT Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39 Recap: Symbolic Model Checking with BDDs Method used by most industrial strength model checkers:
More informationComputation and Logic Definitions
Computation and Logic Definitions True and False Also called Boolean truth values, True and False represent the two values or states an atom can assume. We can use any two distinct objects to represent
More informationProject 1 Part 1 & Part 2
Email: larrybush@ll.mit.edu October 13, 2004, 5:00 PM Project 1 Part 1 & Part 2 Project 1 : Part 1 Task 1: For Layout 1, U = { T1, T2, R1, R2, R3, R4, S1, S2 }, write the formulas 1 through 6 in a file
More informationClassical First-Order Logic
Classical First-Order Logic Software Formal Verification Maria João Frade Departmento de Informática Universidade do Minho 2008/2009 Maria João Frade (DI-UM) First-Order Logic (Classical) MFES 2008/09
More informationIntroduction to Arti Intelligence
Introduction to Arti Intelligence cial Lecture 4: Constraint satisfaction problems 1 / 48 Constraint satisfaction problems: Today Exploiting the representation of a state to accelerate search. Backtracking.
More informationRecognizing Safety and Liveness by Alpern and Schneider
Recognizing Safety and Liveness by Alpern and Schneider Calvin Deutschbein 17 Jan 2017 1 Intro 1.1 Safety What is safety? Bad things do not happen For example, consider the following safe program in C:
More informationSection 2.7 Solving Linear Inequalities
Section.7 Solving Linear Inequalities Objectives In this section, you will learn to: To successfully complete this section, you need to understand: Add and multiply an inequality. Solving equations (.1,.,
More informationSoftware Verification using Predicate Abstraction and Iterative Refinement: Part 1
using Predicate Abstraction and Iterative Refinement: Part 1 15-414 Bug Catching: Automated Program Verification and Testing Sagar Chaki November 28, 2011 Outline Overview of Model Checking Creating Models
More informationLecture 25: Cook s Theorem (1997) Steven Skiena. skiena
Lecture 25: Cook s Theorem (1997) Steven Skiena Department of Computer Science State University of New York Stony Brook, NY 11794 4400 http://www.cs.sunysb.edu/ skiena Prove that Hamiltonian Path is NP
More informationCentral Algorithmic Techniques. Iterative Algorithms
Central Algorithmic Techniques Iterative Algorithms Code Representation of an Algorithm class InsertionSortAlgorithm extends SortAlgorithm { void sort(int a[]) throws Exception { for (int i = 1; i < a.length;
More informationLoop Convergence. CS 536: Science of Programming, Fall 2018
Solved Loop Convergence CS 536: Science of Programming, Fall 2018 A. Why Diverging programs aren t useful, so it s useful to know how to show that loops terminate. B. Objectives At the end of this lecture
More informationAgenda. Artificial Intelligence. Reasoning in the Wumpus World. The Wumpus World
Agenda Artificial Intelligence 10. Propositional Reasoning, Part I: Principles How to Think About What is True or False 1 Introduction Álvaro Torralba Wolfgang Wahlster 2 Propositional Logic 3 Resolution
More informationLecture Notes: Axiomatic Semantics and Hoare-style Verification
Lecture Notes: Axiomatic Semantics and Hoare-style Verification 17-355/17-665/17-819O: Program Analysis (Spring 2018) Claire Le Goues and Jonathan Aldrich clegoues@cs.cmu.edu, aldrich@cs.cmu.edu It has
More informationFirst Order Logic vs Propositional Logic CS477 Formal Software Dev Methods
First Order Logic vs Propositional Logic CS477 Formal Software Dev Methods Elsa L Gunter 2112 SC, UIUC egunter@illinois.edu http://courses.engr.illinois.edu/cs477 Slides based in part on previous lectures
More informationFoundations of Logic Programming
Foundations of Logic Programming Deductive Logic e.g. of use: Gypsy specifications and proofs About deductive logic (Gödel, 1931) Interesting systems (with a finite number of axioms) are necessarily either:
More informationAxiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE
Axiomatic Semantics Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE 6341 1 Outline Introduction What are axiomatic semantics? First-order logic & assertions about states Results (triples)
More informationMathematics 114L Spring 2018 D.A. Martin. Mathematical Logic
Mathematics 114L Spring 2018 D.A. Martin Mathematical Logic 1 First-Order Languages. Symbols. All first-order languages we consider will have the following symbols: (i) variables v 1, v 2, v 3,... ; (ii)
More informationDeliberative Agents Knowledge Representation I. Deliberative Agents
Deliberative Agents Knowledge Representation I Vasant Honavar Bioinformatics and Computational Biology Program Center for Computational Intelligence, Learning, & Discovery honavar@cs.iastate.edu www.cs.iastate.edu/~honavar/
More informationAutomatic Fault Localization for BIP
Automatic Fault Localization for BIP Wang Qiang 1, Lei Yan 2, Simon Bliudze 1, and Mao Xiaoguang 3,4 1 École Polytechnique Fédérale de Lausanne, Switzerland 2 Logistical Engineering University of PLA,
More informationWeakest Precondition Calculus
Weakest Precondition Calculus COMP2600 Formal Methods for Software Engineering Rajeev Goré Australian National University Semester 2, 2016 (Most lecture slides due to Ranald Clouston) COMP 2600 Weakest
More informationNICTA Advanced Course. Theorem Proving Principles, Techniques, Applications. Gerwin Klein Formal Methods
NICTA Advanced Course Theorem Proving Principles, Techniques, Applications Gerwin Klein Formal Methods 1 ORGANISATORIALS When Mon 14:00 15:30 Wed 10:30 12:00 7 weeks ends Mon, 20.9.2004 Exceptions Mon
More information