3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, O’Reilly Institute 3BA31 Formal Methods 2 Remember This? “A Stock Exchange is a collection of companies, where each company has a collection of shares; moreover these collections of shares are mutually disjoint. Each company has an associated share price. Furthermore, investors own shares in several companies; the collections of shares held by investors are mutually disjoint. Additionally, there is one dealer, who acts as an intermediary for the buying and selling of shares.”
3BA31 Formal Methods 3 3BA21 Mathematics — Sample Paper, Q1 Why revisit this? What can formal methods do for us here? 3BA31 Formal Methods 4 3BA21 Sample Q1—Basic Domain Shr = d domain of shares f Cmp = d domain of company f Inv = d domain of investors f data Shr = S Nat data Cmp = C1 | C2 | C3 | C4 data Inv = I1 | I2 | I3 | I4
3BA31 Formal Methods 5 3BA21 Sample Q1—State ς : Shr � → Cmp ̟ : Cmp � → N ψ : Shr � → Inv d : Inv type CmpShr = Map Shr Cmp type ShrPri = Map Cmp Nat type InvShr = Map Shr Inv type SEState = (CmpShr,ShrPri,InvShr,Inv) 3BA31 Formal Methods 6 3BA21 Sample Q1—Constraint StcExcCns ( ς, ̟, ψ, d ) = d ( rng ς = dom ̟ ) ∧ ( dom ς = dom ψ ) f stcExcCns(cmpshr,shrpri,invshr,dlr) = rng cmpshr == dom shrpri && dom cmpshr == dom invshr
3BA31 Formal Methods 7 3BA21 Sample Q1—Change Share Price c ∈ dom ̟ pre - ChgPri [ c , p ]( ς, ̟, ψ, d ) = d f ChgPri [ c , p ]( ς, ̟, ψ, d ) = d ( ς, ̟ † [ c �→ p ] , ψ, d ) f preChgPri (c,p) (cmpshr,shrpri,invshr,dlr) = c ‘mOf‘ dom shrpri chgPri (c,p) (cmpshr,shrpri,invshr,dlr) = (cmpshr,shrpri ‘override‘ (iMap c p),invshr,dlr) 3BA31 Formal Methods 8 3BA21 Sample Q1—Sell Share ( S ⊆ ψ − 1 { i } ) ∧ ( i � = d ) pre - SellShr [ i , S ]( ς, ̟, ψ, d ) = d f SellShr [ i , S ]( ς, ̟, ψ, d ) = d ( ς, ̟, ψ † [ s �→ d | s ∈ S ] , d ) f preSellShr (i,ss) (cmpshr,shrpri,invshr,dlr) = ss ‘subSet‘ invImg invshr (iSet i) && i /= dlr sellShr (i,ss) (cmpshr,shrpri,invshr,dlr) = (cmpshr,shrpri,invshr ‘override‘ imapset ss dlr,dlr)
3BA31 Formal Methods 9 3BA21 Sample Q1—New Company pre - NewCmp [ c , S , p ]( ς, ̟, ψ, d ) = d ( c �∈ rng ς ) ∧ ( S ∩ dom ς = ∅ ) ∧ ( S � = ∅ ) f NewCmp [ c , S , p ]( ς, ̟, ψ, d ) = d ( ς ⊔ [ s �→ c | s ∈ S ] , ̟ ⊔ [ c �→ p ] f , ψ ⊔ [ s �→ d | s ∈ S ] , d ) preNewCmp(c,ss,p)(cmpshr,shrpri,invshr,dlr) = not (c ‘mOf‘ rng cmpshr) && ss ‘intersect‘ dom cmpshr == nullSet && not(isNullSet ss) newCmp(c,ss,p)(cmpshr,shrpri,invshr,dlr) = ( cmpshr ‘mextend‘ imapset ss c , shrpri ‘mextend‘ iMap c p , invshr ‘mextend‘imapset ss dlr , dlr ) 3BA31 Formal Methods 10 3BA21 Sample Q1—Share Price s ∈ dom ς pre - CmpShrPri [ s ]( ς, ̟, ψ, d ) = d f CmpShrPri [ s ]( ς, ̟, ψ, d ) = d ( ̟ ◦ ς )( s ) f preCmpShrPri s (cmpshr,shrpri,invshr,dlr) = s ‘mOf‘ dom cmpshr cmpShrPri s (cmpshr,shrpri,invshr,dlr) = (mApp shrpri . mApp cmpshr) s
3BA31 Formal Methods 11 3BA21 Sample Q1—Investor Holding i ∈ rng ψ pre - CmpInvIn [ i ]( ς, ̟, ψ, d ) = d f rng ⊳ [ ψ − 1 { i } ] ς CmpInvIn [ i ]( ς, ̟, ψ, d ) = d f preCmpInvIn i (cmpshr,shrpri,invshr,dlr) = i ‘mOf‘ rng invshr cmpInvIn i (cmpshr,shrpri,invshr,dlr) = rng (mrestrict (invImg invshr (iSet i)) cmpshr) 3BA31 Formal Methods 12 3BA21 Sample Q1—Portfolio Value i ∈ rng ψ pre - PrtV al [ i ]( ς, ̟, ψ, d ) = d f � PrtV al [ i ]( ς, ̟, ψ, d ) = d ( ̟ ◦ ς )( s ) f s ∈ ψ − 1 { i } prePrtVal i (cmpshr,shrpri,invshr,dlr) = i ‘mOf‘ rng invshr prtVal i (cmpshr,shrpri,invshr,dlr) = sum [ (mApp shrpri . mApp cmpshr)s | s <- ssort (invImg invshr (iSet i)) ]
3BA31 Formal Methods 13 3BA21 Sample Q1—Remove Company pre - RmvCmp [ c ]( ς, ̟, ψ, d ) = d c ∈ rng ς f − [ ς − 1 { c } ] ς, ⊳ − [ ς − 1 { c } ] ψ, d ) RmvCmp [ c ]( ς, ̟, ψ, d ) = d ( ⊳ − [ { c } ] ̟, ⊳ f preRmvCmp c (cmpshr,shrpri,invshr,dlr) = c ‘mOf‘ rng cmpshr rmvCmp c (cmpshr,shrpri,invshr,dlr) = ( mremove remSS cmpshr , mremove cc shrpri , mremove remSS invshr , dlr ) where cc = iSet c remSS = invImg cmpshr cc 3BA31 Formal Methods 14 3BA21 Sample Q1—Constraint Preservation StcExcCns ◦ RmvCmp [ c ] ⇐ pre - RmvCmp [ c ] ∧ StcExcCns
3BA31 Formal Methods 15 3BA21 Sample Q1— Constraint Preservation (rework) StcExcCns ( ς, ̟, ψ, d ) ⇒ StcExcCns ( RmvCmp [ c ]( ς, ̟, ψ, d )) ∧ pre - RmvCmp [ c ]( ς, ̟, ψ, d ) rmvCmp_preserves_StcExcCns (c::Cmp) (se::SEState) = stcExcCns se && preRmvCmp c se ==> stcExcCns(rmvCmp c se) 3BA31 Formal Methods 16 What’s the Point? Haskell/QuickCheck Demo
3BA31 Formal Methods 17 What are “Formal” Systems? 3BA31 Formal Methods 18 Formal Systems: Rules of the Game • Specified collection of Symbols • Specified ways or putting them together (well-formedness) • Specific ways of manipulating symbol-sequences
3BA31 Formal Methods 19 Example: System � � ℑ • Symbols: � � ℑ • Well-Formed Sequences: Flijet Zero or more � Blirgle A � followed by a Flijet Xixos ℑ followed by two Blirgles • Manipulations (let f 1 and f 2 stand for arbitrary Flijets). – ℑ �� f 1 becomes � f 1 – ℑ � � f 1 � f 2 becomes ℑ � f 1 � f 2 � • Goal: convert a Xixos into a Blirgle 3BA31 Formal Methods 20 Interpretation � 0 � +1 ℑ + ℑ � �� � ��� + 0 + 1 + 1 0 + 1 + 1 + 1 ℑ � � � ���� + 0 + 1 0 + 1 + 1 + 1 + 1 ℑ �� ����� + 0 0 + 1 + 1 + 1 + 1 + 1 0 + 1 + 1 + 1 + 1 + 1 � �����
3BA31 Formal Methods 21 What’s the point? • We give meanings to the symbols • The symbols could be manipulated without our having to understand them – which is exactly how a computer does it ! Formal Methods allow us to limit the scope for human error and to exploit the use of machines to help our analysis 3BA31 Formal Methods 22 Another System • Symbols: – infinite supply of variables u , v , x , y , z , . . . , x 1 , x 2 , . . . – punctuation: λ, • , ( , ) • Well-Formed Sequences ( M , N ): – x – ( λ x • M ) – M N • Manipulations – ( λ x • M ) N becomes M [ N / x ] ( M where N replaces all (free) occurrences of x ) A variable x is free if not inside an enclosing ( λ x • . . . ) • Goal: eliminate as many λ s as possible.
3BA31 Formal Methods 23 The Lambda Calculus • The system just introduced is the Lambda Calculus • It is Turing-Complete — anything a Turing machining or general-purpose computer can do, it can do. • You have already seen it in action (with lots of syntactic sugar) ??? 3BA31 Formal Methods 24 Remember these poor folks?
3BA31 Formal Methods 25 And the relevance to 3BA31 is . . . ? • That 747 was not “fly-by-wire” — the pilot landed it, not a computer! • Pilots as professionals train so they can take care to get it right • Formal Methods are the Programmers’ way of taking care to get it rightr 3BA31 Formal Methods 26 Scribbles 1 : An example of Xixos conversion ℑ � ��� � �→ 2nd rule ℑ � �� � � �→ 2nd rule ℑ � � � �� �→ 2nd rule ℑ �� ��� �→ 1st rule � ���
3BA31 Formal Methods 27 Scribbles 1 : Examples of λ -calculus Expressions a variable is a λ -calculus expr. x v so is this one λ x • x an abstraction built on x λ x • v an abstraction built on v λ x • ( λ x • v ) another abstraction λ v • ( λ x • v ) yet another λ y • ( λ x • v ) using a new variable to abstract x ( λ v • v ) an application 3BA31 Formal Methods 28 Scribbles 1 : λ -Elimination ( λ x • x ) ( λ x • v ) �→ λ x • v ( λ x • v ) ( λ x • x ) �→ v ( λ x • x x ) ( λ x • x x ) �→ ( λ x • x x ) ( λ x • x x )
3BA31 Formal Methods 29 3BA31: Approach Monday 12noon Lb01 Theory and small exercise to be handed up at start of . . . Thursday 12noon Lb04 Practice Friday 11am Lb01 Tools Hilary Term Focus on formalism and method Trinity Term Focus on scale, real-world, and some backing theory Webpage: www.cs.tcd.ie/Andrew.Butterfield/Teaching/3BA31/ 3BA31 Formal Methods 30 The λ -Calculus • Invented by Alonzo Church in 1930s • Intended as a form of logic • Turned into a model of computation • Not shown completely sound until early 70s ! We shall now revisit it in a little more detail, and a little more formally.
Recommend
More recommend
