data invariants abstraction and refinement liam o connor
play

Data Invariants, Abstraction and Refinement Liam OConnor University - PowerPoint PPT Presentation

May 09, 2023 •379 likes •1.07k views

Data Invariants and ADTs Validation Data Refinement Administrivia Software System Design and Implementation Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Data Invariants

  1. Data Invariants and ADTs Validation Data Refinement Administrivia Software System Design and Implementation Data Invariants, Abstraction and Refinement Liam O’Connor University of Edinburgh LFCS (and UNSW) Term 2 2020 1

  2. Data Invariants and ADTs Validation Data Refinement Administrivia Motivation We’ve already seen how to prove and test correctness properties of our programs. How do we come up with correctness properties in the first place? 2

  3. Data Invariants and ADTs Validation Data Refinement Administrivia Structure of a Module A Haskell program will usually be made up of many modules, each of which exports one or more data types . Typically a module for a data type X will also provide a set of functions, called operations , on X . • to construct the data type: c :: · · · → X • to query information from the data type: q :: X → · · · • to update the data type: u :: · · · X → X A lot of software can be designed with this structure. Example (Data Types) A dictionary data type, with empty, insert and lookup. 3

  4. Data Invariants and ADTs Validation Data Refinement Administrivia Data Invariants One source of properties is data invariants . Data Invariants Data invariants are properties that pertain to a particular data type. Whenever we use operations on that data type, we want to know that our data invariants are maintained. Example That a list of words in a dictionary is always in sorted order That a binary tree satisfies the search tree properties. That a date value will never be invalid (e.g. 31/13/2019). 4

  5. Data Invariants and ADTs Validation Data Refinement Administrivia Properties for Data Invariants For a given data type X , we define a wellformedness predicate wf :: X → Bool For a given value x :: X , wf x returns true iff our data invariants hold for the value x . Properties For each operation, if all input values of type X satisfy wf , all output values will satisfy wf . In other words, for each constructor operation c :: · · · → X , we must show wf ( c · · · ), and for each update operation u :: X → X we must show wf x = ⇒ wf ( u x ) Demo: Dictionary example, sorted order. 5

  6. Data Invariants and ADTs Validation Data Refinement Administrivia Stopping External Tampering Even with our sorted dictionary example, there’s nothing to stop a malicious or clueless programmer from going in and mucking up our data invariants. Example The malicious programmer could just add a word directly to the dictionary, unsorted, bypassing our carefully written insert function. We want to prevent this sort of thing from happening. 6

  7. Data Invariants and ADTs Validation Data Refinement Administrivia Abstract Data Types An abstract data type (ADT) is a data type where the implementation details of the type and its associated operations are hidden. 7

  8. Data Invariants and ADTs Validation Data Refinement Administrivia Abstract Data Types An abstract data type (ADT) is a data type where the implementation details of the type and its associated operations are hidden. newtype Dict type Word = String type Definition = String emptyDict :: Dict insertWord :: Word -> Definition -> Dict -> Dict lookup :: Word -> Dict -> Maybe Definition If we don’t have access to the implementation of Dict , then we can only access it via the provided operations, which we know preserve our data invariants. Thus, our data invariants cannot be violated if this module is correct. 8

  9. Data Invariants and ADTs Validation Data Refinement Administrivia Abstract Data Types An abstract data type (ADT) is a data type where the implementation details of the type and its associated operations are hidden. newtype Dict type Word = String type Definition = String emptyDict :: Dict insertWord :: Word -> Definition -> Dict -> Dict lookup :: Word -> Dict -> Maybe Definition If we don’t have access to the implementation of Dict , then we can only access it via the provided operations, which we know preserve our data invariants. Thus, our data invariants cannot be violated if this module is correct. Demo : In Haskell, we make ADTs with module headers. 9

  10. Data Invariants and ADTs Validation Data Refinement Administrivia Abstract? Data Types In general, abstraction is the process of eliminating detail. The inverse of abstraction is called refinement . Abstract data types like the dictionary above are abstract in the sense that their implementation details are hidden, and we no longer have to reason about them on the level of implementation. 10

  11. Data Invariants and ADTs Validation Data Refinement Administrivia Validation Suppose we had a sendEmail function sendEmail :: String -- email address -> String -- message -> IO () -- action (more in 2 wks) It is possible to mix the two String arguments, and even if we get the order right, it’s possible that the given email address is not valid. Question Suppose that we wanted to make it impossible to call sendEmail without first checking that the email address was valid. How would we accomplish this? 11

  12. Data Invariants and ADTs Validation Data Refinement Administrivia Validation ADTs We could define a tiny ADT for validated email addresses, where the data invariant is that the contained email address is valid: module EmailADT(Email, checkEmail, sendEmail) newtype Email = Email String checkEmail :: String -> Maybe Email checkEmail str | '@' `elem` str = Just (Email str) | otherwise = Nothing 12

  13. Data Invariants and ADTs Validation Data Refinement Administrivia Validation ADTs We could define a tiny ADT for validated email addresses, where the data invariant is that the contained email address is valid: module EmailADT(Email, checkEmail, sendEmail) newtype Email = Email String checkEmail :: String -> Maybe Email checkEmail str | '@' `elem` str = Just (Email str) | otherwise = Nothing Then, change the type of sendEmail : sendEmail :: Email -> String -> IO() 13

  14. Data Invariants and ADTs Validation Data Refinement Administrivia Validation ADTs We could define a tiny ADT for validated email addresses, where the data invariant is that the contained email address is valid: module EmailADT(Email, checkEmail, sendEmail) newtype Email = Email String checkEmail :: String -> Maybe Email checkEmail str | '@' `elem` str = Just (Email str) | otherwise = Nothing Then, change the type of sendEmail : sendEmail :: Email -> String -> IO() The only way (outside of the EmailADT module) to create a value of type Email is to use checkEmail . 14

  15. Data Invariants and ADTs Validation Data Refinement Administrivia Validation ADTs We could define a tiny ADT for validated email addresses, where the data invariant is that the contained email address is valid: module EmailADT(Email, checkEmail, sendEmail) newtype Email = Email String checkEmail :: String -> Maybe Email checkEmail str | '@' `elem` str = Just (Email str) | otherwise = Nothing Then, change the type of sendEmail : sendEmail :: Email -> String -> IO() The only way (outside of the EmailADT module) to create a value of type Email is to use checkEmail . checkEmail is an example of what we call a smart constructor : a constructor that enforces data invariants. 15

  16. Data Invariants and ADTs Validation Data Refinement Administrivia Reasoning about ADTs Consider the following, more traditional example of an ADT interface, the unbounded queue: data Queue emptyQueue :: Queue enqueue :: Int -> Queue -> Queue front :: Queue -> Int -- partial dequeue :: Queue -> Queue -- partial size :: Queue -> Int We could try to come up with properties that relate these functions to each other without reference to their implementation, such as: dequeue (enqueue x emptyQueue) == emptyQueue However these do not capture functional correctness (usually). 16

  17. Data Invariants and ADTs Validation Data Refinement Administrivia Models for ADTs We could imagine a simple implementation for queues, just in terms of lists: 17

  18. Data Invariants and ADTs Validation Data Refinement Administrivia Models for ADTs We could imagine a simple implementation for queues, just in terms of lists: emptyQueueL = [] enqueueL a = (++ [a]) frontL = head dequeueL = tail sizeL = length 18

  19. Data Invariants and ADTs Validation Data Refinement Administrivia Models for ADTs We could imagine a simple implementation for queues, just in terms of lists: emptyQueueL = [] enqueueL a = (++ [a]) frontL = head dequeueL = tail sizeL = length But this implementation is O ( n ) to enqueue! Unacceptable! 19

  20. Data Invariants and ADTs Validation Data Refinement Administrivia Models for ADTs We could imagine a simple implementation for queues, just in terms of lists: emptyQueueL = [] enqueueL a = (++ [a]) frontL = head dequeueL = tail sizeL = length But this implementation is O ( n ) to enqueue! Unacceptable! However! This is a dead simple implementation, and trivial to see that it is correct. If we make a better queue implementation, it should always give the same results as this simple one. Therefore: This implementation serves as a functional correctness specification for our Queue type! 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Data Invariants, Abstraction and Refinement Practice Curtis Millar CSE, UNSW (and Data61) 24

Data Invariants, Abstraction and Refinement Practice Curtis Millar CSE, UNSW (and Data61) 24

Exercise 2 Specification and Refinement Editor Example Administrivia Software System Design and Implementation Data Invariants, Abstraction and Refinement Practice Curtis Millar CSE, UNSW (and Data61) 24 June 2020 1 Exercise 2

1.06k views • 52 slides
Data Abstraction and Modularity Modular program development Step-wise refinement

Data Abstraction and Modularity Modular program development Step-wise refinement

CS 242 Topics Data Abstraction and Modularity Modular program development Step-wise refinement Interface, specification, and implementation Language support for modularity John Mitchell Procedural abstraction Abstract

234 views • 8 slides
SAT based Abstraction-Refinement using ILP and Machine Learning Techniques Edmund Clarke Anubhav

SAT based Abstraction-Refinement using ILP and Machine Learning Techniques Edmund Clarke Anubhav

SAT based Abstraction-Refinement using ILP and Machine Learning Techniques 1 SAT based Abstraction-Refinement using ILP and Machine Learning Techniques Edmund Clarke Anubhav Gupta James Kukula Ofer Strichman SAT based Abstraction-Refinement

822 views • 36 slides
Counterexample Guided Abstraction Refinement (CEGAR) Peyman Rasouli Gianluca Turin 1

Counterexample Guided Abstraction Refinement (CEGAR) Peyman Rasouli Gianluca Turin 1

Counterexample Guided Abstraction Refinement (CEGAR) Peyman Rasouli Gianluca Turin 1 Abstraction Definition of abstraction on Wikipedia: Abstractions may be formed by reducing the information content of a concept or an observable

575 views • 18 slides
Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Outline Introduction Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software Counterexample-Guided Abstraction Refinement Computing Existential Abstractions of Programs Version 1.0, 2010 Checking the

429 views • 12 slides
Data Abstraction Announcements Data Abstraction Data Abstraction Programmers Compound

Data Abstraction Announcements Data Abstraction Data Abstraction Programmers Compound

Data Abstraction Announcements Data Abstraction Data Abstraction Programmers Compound values combine other values together All A date: a year, a month, and a day A geographic position: latitude and longitude Data abstraction

430 views • 19 slides
Abstraction refinement and plan revision for control synthesis under high level specifications

Abstraction refinement and plan revision for control synthesis under high level specifications

Abstraction refinement and plan revision for control synthesis under high level specifications Pierre-Jean Meyer Dimos V. Dimarogonas KTH, Royal Institute of Technology July 12 th 2017 Outline Abstraction-based synthesis Global framework

603 views • 34 slides
Part III: Abstraction Refinement Javier Esparza Technische Universitt Mnchen Javier Esparza

Part III: Abstraction Refinement Javier Esparza Technische Universitt Mnchen Javier Esparza

Part III: Abstraction Refinement Javier Esparza Technische Universitt Mnchen Javier Esparza Part III: Abstraction Refinement Example 1 ( X 0 ) ( X > 0 ) 2 3 The problem: X := X ( Y > 0 ) Is the error label reachable? ( Y

1.18k views • 82 slides
Existential Types and Abstraction Liam OConnor CSE, UNSW (and data61) Term 3 2019 1

Existential Types and Abstraction Liam OConnor CSE, UNSW (and data61) Term 3 2019 1

Abstract Data Types Existential Types Existential Types and Abstraction Liam OConnor CSE, UNSW (and data61) Term 3 2019 1 Abstract Data Types Existential Types Motivation Throughout your studies, lecturers have (hopefully) expounded on

291 views • 14 slides
Closed-loop Verification of Medical Devices with Model Abstraction and Refinement Zhihao

Closed-loop Verification of Medical Devices with Model Abstraction and Refinement Zhihao

Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) Closed-loop Verification of Medical Devices with Model Abstraction and Refinement Zhihao Jiang, Miroslav Pajic, Rajeev Alur and Rahul Mangharam University

759 views • 22 slides
THETA: a Framework for Abstraction Refinement-Based Model Checking Tams Tth 1 , kos Hajdu

THETA: a Framework for Abstraction Refinement-Based Model Checking Tams Tth 1 , kos Hajdu

THETA: a Framework for Abstraction Refinement-Based Model Checking Tams Tth 1 , kos Hajdu 1,2 , Andrs Vrs 1,2 , Zoltn Micskei 1 , Istvn Majzik 1 1 Budapest University of Technology and Economics Department of Measurement and

786 views • 12 slides
Announcements Data Abstraction Data Abstraction Compound values combine other values together

Announcements Data Abstraction Data Abstraction Compound values combine other values together

Announcements Data Abstraction Data Abstraction Compound values combine other values together Programmers A date: a year, a month, and a day All A geographic position: latitude and longitude Data abstraction lets us manipulate

383 views • 3 slides
Data Abstraction Announcements Data Abstraction Data Abstraction 4 Data Abstraction

Data Abstraction Announcements Data Abstraction Data Abstraction 4 Data Abstraction

Data Abstraction Announcements Data Abstraction Data Abstraction 4 Data Abstraction Compound values combine other values together 4 Data Abstraction Compound values combine other values together A date: a year, a month, and

1.38k views • 124 slides
SAT-based Abstraction Refinement for Real-time Systems Stephanie Kemper 1 e Platzer 2 , 3 Andr

SAT-based Abstraction Refinement for Real-time Systems Stephanie Kemper 1 e Platzer 2 , 3 Andr

SAT-based Abstraction Refinement for Real-time Systems Stephanie Kemper 1 e Platzer 2 , 3 Andr 1 Centrum voor Wiskunde en Informatica, Software Engineering, Amsterdam, The Netherlands 2 University of Oldenburg, Department of Computing Science,

773 views • 66 slides
Counterexample-guided Cartesian Abstraction Refinement and Saturated Cost Partitioning for

Counterexample-guided Cartesian Abstraction Refinement and Saturated Cost Partitioning for

Counterexample-guided Cartesian Abstraction Refinement and Saturated Cost Partitioning for Optimal Classical Planning Jendrik Seipp February 28, 2018 University of Basel Planning Find a sequence of actions that achieves a goal. 1/35 Optimal

1.08k views • 85 slides
Predicate Abstraction with SATABS Version 1.0, 2010 Outline Introduction Existential

Predicate Abstraction with SATABS Version 1.0, 2010 Outline Introduction Existential

Predicate Abstraction with SATABS Version 1.0, 2010 Outline Introduction Existential Abstraction Predicate Abstraction for Software Counterexample-Guided Abstraction Refinement Computing Existential Abstractions of Programs Checking the

1.66k views • 162 slides
FPGA-specific arithmetic pipeline design using FloPoCo Bogdan Pasca, Ar enaire CARAMEL,

FPGA-specific arithmetic pipeline design using FloPoCo Bogdan Pasca, Ar enaire CARAMEL,

FPGA-specific arithmetic pipeline design using FloPoCo Bogdan Pasca, Ar enaire CARAMEL, 17/02/2011 Outline FPGAs and floating-point Datapath design using FloPoCo Inside FloPoCo Back-end for HLS Conclusion Bogdan Pasca, Ar enaire

1.12k views • 79 slides
DeePattern: Layout Pattern Generation with Transforming Convolutional Auto-Encoder Haoyu Yang 1 ,

DeePattern: Layout Pattern Generation with Transforming Convolutional Auto-Encoder Haoyu Yang 1 ,

DeePattern: Layout Pattern Generation with Transforming Convolutional Auto-Encoder Haoyu Yang 1 , Piyush Pathak 2 , Frank Gennari 2 , Ya-Chieh Lai 2 , Bei Yu 1 1 The Chinese University of Hong Kong 2 Cadence Design Systems, Inc. 1 / 16 <latexit

533 views • 16 slides
Prototypes and Matrix Relevance Learning in Complex Fourier Space M. Straat, M. Kaden, M. Gay, T.

Prototypes and Matrix Relevance Learning in Complex Fourier Space M. Straat, M. Kaden, M. Gay, T.

Prototypes and Matrix Relevance Learning in Complex Fourier Space M. Straat, M. Kaden, M. Gay, T. Villmann, A. Lampe, U. Seiffert, M. Biehl, and F. Melchert June 26, 2017 Overview A study of classification of time series. In Fourier space:

470 views • 23 slides
-4 -2 0 in 2 r, E 10 Erro 15 x 0 In-sample 20 x 1 25 s W eights, w ( )

-4 -2 0 in 2 r, E 10 Erro 15 x 0 In-sample 20 x 1 25 s W eights, w ( )

PSfrag replaements Review of Leture 9 Gradient desent -10 -8 Logisti regression -6 -4 -2 0 in 2 r, E 10 Erro 15 x 0 In-sample 20 x 1 25 s W eights, w ( ) - Initialize w (0) x h x 2 ( ) - F o r t =

357 views • 22 slides
Cryo-SeaNice : CryoSat SciEnce-oriented data ANalysis over Sea-ICE areas Pierre Fabry, Nicolas

Cryo-SeaNice : CryoSat SciEnce-oriented data ANalysis over Sea-ICE areas Pierre Fabry, Nicolas

Cryo-SeaNice : CryoSat SciEnce-oriented data ANalysis over Sea-ICE areas Pierre Fabry, Nicolas Bercher (A-T) Sara Fleury (LEGOS), Elena Zakharova (LEGOS) Jrme Boufgard, Pierre Fmnias (ESA-ESRIN) Context

526 views • 16 slides
Language-based methods for software security Gilles Barthe IMDEA Software, Madrid, Spain Part 1

Language-based methods for software security Gilles Barthe IMDEA Software, Madrid, Spain Part 1

Language-based methods for software security Gilles Barthe IMDEA Software, Madrid, Spain Part 1 Motivation Mobile code is ubiquitous: large distributed networks of JVM devices aimed at providing a global and uniform access to services provide

1.52k views • 136 slides
JUNCTION BASED ROUTING: A SCALABLE TECHNIQUE TO SUPPORT SOURCE ROUTING IN LARGE NOC PLATFORMS

JUNCTION BASED ROUTING: A SCALABLE TECHNIQUE TO SUPPORT SOURCE ROUTING IN LARGE NOC PLATFORMS

JUNCTION BASED ROUTING: A SCALABLE TECHNIQUE TO SUPPORT SOURCE ROUTING IN LARGE NOC PLATFORMS Shabnam Badri, Rickard Holsmark and Shashi Kumar JNKPING UNIVERSITY, SWEDEN NoCArc Workshop, Vancouver, Canada, 2012-12-01 Outline Goals

550 views • 34 slides
Title LIGO-G1100174 DC Readout in Enhanced LIGO 1 Enhanced LIGO Try out Advanced LIGO

Title LIGO-G1100174 DC Readout in Enhanced LIGO 1 Enhanced LIGO Try out Advanced LIGO

Title LIGO-G1100174 DC Readout in Enhanced LIGO 1 Enhanced LIGO Try out Advanced LIGO technologies Bet that increased sensitivity outweighs the downtime exposure = time * (range)^3 New Laser More Power New input optics New

711 views • 36 slides

More recommend