can we make use of adts in key
play

Can we make use of ADTs in KeY? Richard Bubel June 28, 2005 Can we - PowerPoint PPT Presentation

Jan 30, 2023 •343 likes •553 views

Can we make use of ADTs in KeY? Richard Bubel June 28, 2005 Can we make use of ADTs in KeY? June 28, 2005 1 / 13 Abstract Data Types (ADT) \sorts { \rules { \object LString; compute_length_1 { } \find (length(cat(ch, lstr))) \replacewith

  1. Can we make use of ADTs in KeY? Richard Bubel June 28, 2005 Can we make use of ADTs in KeY? June 28, 2005 1 / 13

  2. Abstract Data Types (ADT) \sorts { \rules { \object LString; compute_length_1 { } \find (length(cat(ch, lstr))) \replacewith (1+length(lstr)) }; \functions { LString nil; compute_length_2 { // first is char modeled as int \find (length(nil)) \replacewith (0) LString cat(int, LString); }; LString_is_generated { // needs length definition \nonRigid[location] \find (lstr) LString content(java.lang.String); \varcond(\notFreeIn(chV, lstr), \notFreeIn(tailV, lstr)) int length(LString); \add(\exists chV; \exists tailV; LString substring(int, int); ((lstr=cat(chV, tailV) & length(lstr)=length(tailV)+1) | // first is char modeled as int int indexOf(int, LString); lstr=nil | lstr=null) ==>) } }; Can we make use of ADTs in KeY? June 28, 2005 2 / 13

  3. Abstract Data Types (ADT) \sorts { \rules { \object LString; compute_length_1 { } \find (length(cat(ch, lstr))) \replacewith (1+length(lstr)) }; \functions { LString nil; compute_length_2 { // first is char modeled as int \find (length(nil)) \replacewith (0) LString cat(int, LString); }; LString_is_generated { // needs length definition \nonRigid[location] \find (lstr) LString content(java.lang.String); \varcond(\notFreeIn(chV, lstr), \notFreeIn(tailV, lstr)) int length(LString); \add(\exists chV; \exists tailV; LString substring(int, int); ((lstr=cat(chV, tailV) & length(lstr)=length(tailV)+1) | // first is char modeled as int int indexOf(int, LString); lstr=nil | lstr=null) ==>) } }; focus on functional specification well-founded theory initiality → structural induction executable (if axioms allow definition of a term rewriting system) Can we make use of ADTs in KeY? June 28, 2005 2 / 13

  4. Where may abstract data types help in KeY? Structural induction make structural induction available in JavaCardDL generate correctness proof obligation Can we make use of ADTs in KeY? June 28, 2005 3 / 13

  5. Where may abstract data types help in KeY? Structural induction make structural induction available in JavaCardDL generate correctness proof obligation Specification of concrete data types for general use in proofs, e.g. java.lang.String for intermediate usage: use to model partial aspects of a Java data type, e.g. inherent list structures Can we make use of ADTs in KeY? June 28, 2005 3 / 13

  6. Where may abstract data types help in KeY? Structural induction make structural induction available in JavaCardDL generate correctness proof obligation Specification of concrete data types for general use in proofs, e.g. java.lang.String for intermediate usage: use to model partial aspects of a Java data type, e.g. inherent list structures Therefore concrete data type has to be (partially) mapped to an ADT mapping has to be proven correct Can we make use of ADTs in KeY? June 28, 2005 3 / 13

  7. Structural Induction - Preliminaries Definition (Constructors C ) Set of n-ary functions containing at least one nullary function (constants/base elements). The nullary constants are usually described by a characterizing formula φ basis ( x ). For example: C = { null , next } or C = { null , ( left , right ) } Can we make use of ADTs in KeY? June 28, 2005 4 / 13

  8. Structural Induction - Preliminaries Definition (Constructors C ) Set of n-ary functions containing at least one nullary function (constants/base elements). The nullary constants are usually described by a characterizing formula φ basis ( x ). For example: C = { null , next } or C = { null , ( left , right ) } Definition (Generated) A data type T is generated by C , if for all objects o ∈ T there exists a ground term only made up of elements in C . Can we make use of ADTs in KeY? June 28, 2005 4 / 13

  9. Structural Induction - Rule Let Ψ( x ) denote the induction hypothesis over type T Base Case: ==> \ forall T x ; ( φ basis ( x ) -> Ψ( x )) Step Case: ==> � c ∈C ,α ( c )= n \ forall T y , x 1 , . . . , x n ; i =1 ... n Ψ( x i ) & y . ( � = c ( x 1 . . . x n ) -> Ψ( y )) Use Case: \ forall T x ; Ψ( x ) ==> Can we make use of ADTs in KeY? June 28, 2005 5 / 13

  10. Structural Induction - Rule Let Ψ( x ) denote the induction hypothesis over type T Base Case: ==> \ forall T x ; ( φ basis ( x ) -> Ψ( x )) Step Case: ==> � c ∈C ,α ( c )= n \ forall T y , x 1 , . . . , x n ; i =1 ... n Ψ( x i ) & y . ( � = c ( x 1 . . . x n ) -> Ψ( y )) Use Case: \ forall T x ; Ψ( x ) ==> Example (Single Linked List) T = List , Φ basis ( x ) : ⇔ x . = null , C := { next } Base Case: ==> \ forall List x ; ( x = null-> Ψ( x )) ==> \ forall List y , x 1 ; (Ψ( x 1 ) & y . next . Step Case: = x 1 -> Ψ( y )) Use Case: \ forall List x ; Ψ( x ) ==> Can we make use of ADTs in KeY? June 28, 2005 5 / 13

  11. Induction Rule - Soundness Soundness Proofobligation: ∀ y : T . generated ( y ) where generated ( y ) : ⇔ ∃ d : int . ( d > = 0 & generated ( y , d )) : ⇔ � c ∈C ,α ( c )= n ∃ x 1 . . . x n : T . ∃ d 1 . . . d n : int . ( d 1 > = 0 & . . . & d n > = 0 & y = c ( x 1 . . . x n ) & d = max { d 1 . . . d n } + 1 & � i =1 ... n generated ( x i , d i )) Can we make use of ADTs in KeY? June 28, 2005 6 / 13

  12. Structural Induction - In KeY Can we make use of ADTs in KeY? June 28, 2005 7 / 13

  13. Specification of concrete data types Claim: In some cases an ADT specification offers an easier treatment of data types Example ( String support in KeY) String s as an array of characters clutters proof typical interested in the content of a String Introduce a string ADT LString modeling string literals Provide operations like substring or indexOf Link to java.lang.String via content:String->LString function Can we make use of ADTs in KeY? June 28, 2005 8 / 13

  14. Specification of concrete data types Claim: In some cases an ADT specification offers an easier treatment of data types Example ( String support in KeY) String s as an array of characters clutters proof typical interested in the content of a String Introduce a string ADT LString modeling string literals Provide operations like substring or indexOf Link to java.lang.String via content:String->LString function \<{ s = "ab"; }\>s.content = cat(’a’,cat(’b’,nil)) Can we make use of ADTs in KeY? June 28, 2005 8 / 13

  15. Specification of concrete data types Claim: In some cases an ADT specification offers an easier treatment of data types Example ( String support in KeY) String s as an array of characters clutters proof typical interested in the content of a String Introduce a string ADT LString modeling string literals Provide operations like substring or indexOf Link to java.lang.String via content:String->LString function \<{ s = "ab"; }\>s.content = cat(’a’,cat(’b’,nil)) Apply: assign_string_lit {s:=c_new, c_new.content:=cat(’a’,cat(’b’,nil))} \<{ }\>s.content = cat(’a’,cat(’b’,nil)) Can we make use of ADTs in KeY? June 28, 2005 8 / 13

  16. Mapping from Java to ADT Mapping List ADT List f trans List next; C onstructor methods F unctions f ′ trans Rules Symbolic Execution of Java works on the ADT Can we make use of ADTs in KeY? June 28, 2005 9 / 13

  17. Mapping from Java to ADT Mapping List List ADT f trans C onstructor List next; methods F unctions f ′ trans Rules Symbolic Execution of Java works on the ADT rw_eqn { \find(ll1.#next = ll2 ==>) \replacewith(ll1=cons(head(ll1), ll2)==>) }; assign_abstract { \find (\<{.. #o.#next = #se; ...}\> post) \replacewith((!(#o=null)->{#o:=cons(head(#o), #se)} \<{.. ...}\>post)) }; Can we make use of ADTs in KeY? June 28, 2005 9 / 13

  18. Mapping from Java to ADT Mapping List List ADT f trans C onstructor List next; methods F unctions f ′ trans Rules Symbolic Execution of Java works on the ADT list_induction { \varcond(\notFreeIn(ve,ind)) "Base Case": \add(==> {\subst iv; null} ind); "Step Case": \add(==> \forall iv;(ind -> \forall ve;{\subst iv; cons(ve, iv)}ind)); "Use Case": \add(\forall iv;ind==>) }; Can we make use of ADTs in KeY? June 28, 2005 9 / 13

  19. Mapping from Java to ADT Mapping List ADT List f trans List next; C onstructor methods F unctions f ′ trans Rules Symbolic Execution of Java works on the ADT We want = f ′ D | = f trans ( φ ) ⇒ D | trans ( f trans ( φ )) → φ Which properties of the mapping guarantee sound rules? Can we make use of ADTs in KeY? June 28, 2005 9 / 13

  20. Future Work Functional verification of several Java Collection Framework classes (e.g. LinkedList , ArrayList , TreeSet ) Optimising proofs of generateness and well-founded properties Reuse of known structures and proven properties in classes (signature homorphisms) Can we make use of ADTs in KeY? June 28, 2005 10 / 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSE 143 ADTs: Great Idea, but... How do we actually get modularity, abstraction, ADTs, black

CSE 143 ADTs: Great Idea, but... How do we actually get modularity, abstraction, ADTs, black

CSE 143 ADTs: Great Idea, but... How do we actually get modularity, abstraction, ADTs, black boxes, etc. in our Classes programs? How do we actually encapsulate? Main programming construct: the class [Chapter 3, pp. 125-131]

58 views • 4 slides
Testing ADTs in C++ Steven J Zeil February 13, 2013 Testing ADTs in C++ Outline Be

Testing ADTs in C++ Steven J Zeil February 13, 2013 Testing ADTs in C++ Outline Be

Testing ADTs in C++ Testing ADTs in C++ Steven J Zeil February 13, 2013 Testing ADTs in C++ Outline Be Smart: Generate and Check 1 Be Thorough: Mutators and Accessors 2 Example: Unit Testing of the MailingList Class Testing for

601 views • 57 slides
Data Structures in Java Lecture 3: ADTs in Java. 9/16/2015 Daniel Bauer 1 Today ADTs and

Data Structures in Java Lecture 3: ADTs in Java. 9/16/2015 Daniel Bauer 1 Today ADTs and

Data Structures in Java Lecture 3: ADTs in Java. 9/16/2015 Daniel Bauer 1 Today ADTs and Data Structures in Java (Generics, Interfaces etc., Java Standard Library) Linked List Implementation. Binary Search Example. Recitation

458 views • 27 slides
SML Modules and Abstract Data Types (ADTs) Hiding implementa-on details is the most important

SML Modules and Abstract Data Types (ADTs) Hiding implementa-on details is the most important

Overview of Modules and ADTs SML Modules and Abstract Data Types (ADTs) Hiding implementa-on details is the most important strategy for wriCng correct, robust, reusable soEware. Topics: These slides are lightly edited versions of Ben Woods

442 views • 8 slides
ADTs, Arrays, and Linked-Lists EECS2030: Advanced Object Oriented Programming Fall 2017 C HEN -W

ADTs, Arrays, and Linked-Lists EECS2030: Advanced Object Oriented Programming Fall 2017 C HEN -W

ADTs, Arrays, and Linked-Lists EECS2030: Advanced Object Oriented Programming Fall 2017 C HEN -W EI W ANG Abstract Data Types (ADTs) Given a problem, you are required to filter out irrelevant details. The result is an abstract data type

614 views • 27 slides
Sec$on 2: Specifica)on, ADTs, RI WITH MATERIAL FROM MANY Agenda Announcements HW1: due today

Sec$on 2: Specifica)on, ADTs, RI WITH MATERIAL FROM MANY Agenda Announcements HW1: due today

Sec$on 2: Specifica)on, ADTs, RI WITH MATERIAL FROM MANY Agenda Announcements HW1: due today at 23:59 pm Dont forget to commit/push your changes THIS INCLUDES TAGGING YOUR FINAL VERSION Abstract data types (ADT) Representa)on

952 views • 26 slides
Why C++? a better C type safe, e.g., I/O streams better support for ADTs, encapsulation

Why C++? a better C type safe, e.g., I/O streams better support for ADTs, encapsulation

Why C++? a better C type safe, e.g., I/O streams better support for ADTs, encapsulation object-oriented programming add inheritance to encapsulation OO isnt a silver bullet, but it helps in dealing with the complexity of

375 views • 10 slides
Why C++? a better C type safe, e.g., I/O streams better support for ADTs, encapsulation

Why C++? a better C type safe, e.g., I/O streams better support for ADTs, encapsulation

Why C++? a better C type safe, e.g., I/O streams better support for ADTs, encapsulation object-oriented programming add inheritance to encapsulation OO isnt a silver bullet, but it helps in dealing with the complexity of

412 views • 15 slides
WITH C++ Prof. Amr Goneid AUC Part 13. Abstract Data Types (ADTs) Prof. amr Goneid, AUC 1

WITH C++ Prof. Amr Goneid AUC Part 13. Abstract Data Types (ADTs) Prof. amr Goneid, AUC 1

CSCE 110 PROGRAMMING FUNDAMENTALS WITH C++ Prof. Amr Goneid AUC Part 13. Abstract Data Types (ADTs) Prof. amr Goneid, AUC 1 Data Modeling and ADTs Prof. Amr Goneid, AUC 2 Data Modeling and ADTs Data Modeling Abstract Data types

710 views • 48 slides
CSE 373: Introduction, ADTs, Design Decisions, Generics Michael Lee Wednesday Jan 3, 2017 1 2

CSE 373: Introduction, ADTs, Design Decisions, Generics Michael Lee Wednesday Jan 3, 2017 1 2

CSE 373: Introduction, ADTs, Design Decisions, Generics Michael Lee Wednesday Jan 3, 2017 1 2 Overview Michael Lee (mlee42@cs.washington.edu) Currently working on a masters degree in Computer Science Supervised by Adam Blank

875 views • 48 slides
Modularity (1): Childhood Activity Modularity Abstract Data Types (ADTs) EECS3311 A &amp; E:

Modularity (1): Childhood Activity Modularity Abstract Data Types (ADTs) EECS3311 A &amp; E:

Modularity (1): Childhood Activity Modularity Abstract Data Types (ADTs) EECS3311 A &amp; E: Software Design Fall 2020 C HEN -W EI W ANG (I NTERFACE ) S PECIFICATION (A SSEMBLY ) A RCHITECTURE Sources: https://commons.wikimedia.org and

417 views • 5 slides
Learning Development Centre One of the Academic Development Tutors (ADTs for short)

Learning Development Centre One of the Academic Development Tutors (ADTs for short)

School of Engineering and Built Environment Learning Development Centre One of the Academic Development Tutors (ADTs for short) Learning Development Centre (LDC) Provides a range of services and support for ALL students and staff of

532 views • 10 slides
CPSC 221: Algorithms and Data Structures ADTs, Stacks, and Queues Alan J. Hu (Slides borrowed

CPSC 221: Algorithms and Data Structures ADTs, Stacks, and Queues Alan J. Hu (Slides borrowed

CPSC 221: Algorithms and Data Structures ADTs, Stacks, and Queues Alan J. Hu (Slides borrowed from Steve Wolfman) Be sure to check course webpage! http://www.ugrad.cs.ubc.ca/~cs221 1 Lab 1 available very soon! Instructions for Lab 1

755 views • 36 slides
Abstract Data Types (ADTs) The Specification Language&quot; for Data Structures. An ADT Inf

Abstract Data Types (ADTs) The Specification Language&quot; for Data Structures. An ADT Inf

Abstract Data Types (ADTs) The Specification Language&quot; for Data Structures. An ADT Inf 2B: Sequential Data Structures consists of: I a mathematical model of the data; Lecture 3 of ADS thread I methods for accessing and modifying the

95 views • 6 slides
Chapter 5 ADTs Stack and Queue Stacks of Coins and Bills Stacks of Boxes and Books TOP OF THE

Chapter 5 ADTs Stack and Queue Stacks of Coins and Bills Stacks of Boxes and Books TOP OF THE

Chapter 5 ADTs Stack and Queue Stacks of Coins and Bills Stacks of Boxes and Books TOP OF THE STACK TOP OF THE STACK Logical (or ADT) level: A stack is an ordered group of homogeneous items (elements), in which the removal and addition

934 views • 72 slides
Symbolic Abstract Data Types (ADTs) Constantin Enea University Paris Diderot - Paris 7 joint

Symbolic Abstract Data Types (ADTs) Constantin Enea University Paris Diderot - Paris 7 joint

Symbolic Abstract Data Types (ADTs) Constantin Enea University Paris Diderot - Paris 7 joint work with Michael Emmi, IMDEA Madrid Modular Reasoning Abstract Data Types smaller &amp; simpler program, easier to reason about

258 views • 24 slides
CS 126 Lecture P5: Abstract Data Type Outline Introduction Stacks (and queues) Stack

CS 126 Lecture P5: Abstract Data Type Outline Introduction Stacks (and queues) Stack

CS 126 Lecture P5: Abstract Data Type Outline Introduction Stacks (and queues) Stack and queue applications CS126 6-1 Randy Wang Data Type and ADT CS126 6-2 Randy Wang Interface, Implementation, and Client Im plem entation

625 views • 23 slides
Abstract Data Types (Linear) Mason Vail Boise State University Computer Science Abstract Data

Abstract Data Types (Linear) Mason Vail Boise State University Computer Science Abstract Data

Abstract Data Types (Linear) Mason Vail Boise State University Computer Science Abstract Data Type (ADT) An Abstract Data Type, or ADT, is the abstraction of a class of objects that manages data through a specified set of operations. It is the

631 views • 42 slides
Towards Interface Types for Haskell Work in Progress Peter Thiemann Joint work with Stefan Wehr

Towards Interface Types for Haskell Work in Progress Peter Thiemann Joint work with Stefan Wehr

Towards Interface Types for Haskell Work in Progress Peter Thiemann Joint work with Stefan Wehr Universit at Freiburg, Germany WG 2.8 Meeting, Nesjavellir, Island, 17.07.2007 What is a type class? A type class is a signature of an

779 views • 33 slides
What is abstraction? What is abstraction? Workable answer a blurring of details Idea:

What is abstraction? What is abstraction? Workable answer a blurring of details Idea:

What is abstraction? What is abstraction? Workable answer a blurring of details Idea: agree to ignore certain details ( for now ) e.g., with procedural abstraction idea is to convert original problem to a series of simpler

229 views • 12 slides
DM550 / DM857 Introduction to Programming Peter Schneider-Kamp petersk@imada.sdu.dk

DM550 / DM857 Introduction to Programming Peter Schneider-Kamp petersk@imada.sdu.dk

DM550 / DM857 Introduction to Programming Peter Schneider-Kamp petersk@imada.sdu.dk http://imada.sdu.dk/~petersk/DM550/ http://imada.sdu.dk/~petersk/DM857/ ABSTRACT DATATYPES 2 June 2009 Abstract Datatype (ADT) abstract datatype =

755 views • 39 slides
301AA - Advanced Programming Lecturer: Andrea Corradini andrea@di.unipi.it

301AA - Advanced Programming Lecturer: Andrea Corradini andrea@di.unipi.it

301AA - Advanced Programming Lecturer: Andrea Corradini andrea@di.unipi.it http://pages.di.unipi.it/corradini/ AP-17 : Functional Programming Functional Programming - Outline Historical origins Main concepts Languages families: LISP,

503 views • 24 slides
for DSLs Integration Thomas Degueule INRIA, France Mechanical Airlines Structure Human-

for DSLs Integration Thomas Degueule INRIA, France Mechanical Airlines Structure Human-

Towards Language Interfaces for DSLs Integration Thomas Degueule INRIA, France Mechanical Airlines Structure Human- Machine Avionics Interaction Environmental Aerodynamics Impact Multiple Concerns Propulsion Safety System

834 views • 31 slides
Conversions between MCFG and D Logical Characterizations of the Mildly Context-Sensitive

Conversions between MCFG and D Logical Characterizations of the Mildly Context-Sensitive

Setting the Stage MCFGs Displacement Calculus Characterizations Conversions between MCFG and D Logical Characterizations of the Mildly Context-Sensitive Languages Gijs Wijnholds Cool Logic, 21th of February 2014 Gijs Wijnholds Conversions

827 views • 63 slides

More recommend