teaching vdm teaching formal methods
play

Teaching VDM & Teaching Formal Methods Ana Paiva - PowerPoint PPT Presentation

Nov 24, 2023 •229 likes •651 views

Teaching VDM & Teaching Formal Methods Ana Paiva apaiva@fe.up.pt www.fe.up.pt/~apaiva OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 1 Agenda Our semester is structured in 13 lecture So, This talk has 13 sections OVT 17: 17TH OVERTURE

  1. Teaching VDM & Teaching Formal Methods Ana Paiva apaiva@fe.up.pt www.fe.up.pt/~apaiva OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 1

  2. Agenda Our semester is structured in 13 lecture So, This talk has 13 sections OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 2

  3. 1 st Lecture Convince your students that Formal Methods are important (three different ways you may use for this purpose) OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 3

  4. Why formal methods? (Facts) ■ The main source of bugs is in the requirements specification phase - ambiguous and incomplete ■ Formal methods are unambiguous - During the formal specification phase, the engineer rigorously defines a system using a modeling language ■ Formal methods differ from other specification systems by their heavy emphasis on provability and correctness ■ Once the model has been specified and verified, it is implemented by converting the specification into code (some times automatically ) OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 4

  5. 1 st Lecture Prove Formal Methods are important OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 5

  6. Use your own dog food! Software is bad (P1). Software differs from physical systems in at least two ways (P2): software is discontinuous (P3), and software is complex (P4). Software is complex (P4), and complexity results in design flaws (P5); therefore, software has design flaws (P6). Design flaws must be handled (P7). The three ways to handle design flaws are testing, design diversity, and fault avoidance (P8). [Holloway C. Michael. 1997. Why Engineers should Consider Formal Methods. Technical Report. NASA Langley Technical Report Server.] OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 6

  7. Use your own dog food! Because software is discontinuous (P3), testing is inadequate (P9). Also, because software is discontinuous (P3), design diversity is inadequate (P10). Because there are only three ways to handle design flaws (P8), and the other two are inadequate (P9, P10), fault avoidance must be used to handle design flaws (P11). Because formal methods are the most rigorous fault avoidance method (P12), and the greater the rigor, the more promising the method (P13), formal methods are the most promising fault avoidance method (P14). OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 7

  8. Use your own dog food! Because software has design flaws (P6), and design flaws must be handled (P7), and fault avoidance methods must be used to handle design flaws (P11), and formal methods are the most promising of these methods (P14), software engineers should use appropriate formal methods (P15) . OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 8

  9. Use your own dog food! OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 9

  10. 1 st Lecture: Illustrate with examples (2004) The teacher placement problem was solved by a new computer solution ■ designed in six days and executed in 30 minutes. The revelation was made by one of the five members of the ATX software team, an outside company hired by the ministry of education to "unlock" the unskilled teacher placement program created by Compta. From the same ministry database that contains all the faculty to be posted, ■ ATX software has created a new algorithm, a computer solution, "thought out in full for six days and based on very solid mathematical principles ," he said yesterday. computer engineer and author of the solution, Luis Andrade, during a press conference in Lisbon OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 10

  11. Formal Methods Europe OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 11

  12. 2 nd Lecture Now that you have convinced them… Start with the Basics OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 12

  13. Hoare Logic ■ Hoare Logic forms the basis of all deductive verification techniques ■ Named after Tony Hoare : inventor of Quick Sort (in 1960, when he was just 26), father of formal verification, 1980 Turing award winner ■ Logic is also known as Floyd-Hoare logic: some ideas introduced by Robert Floyd in 1967 paper “Assigning Meaning to Programs” OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 13

  14. Charles Antony Richard (Tony) Hoare ■ A quote: • Computer programming is an exact science in that all the properties of a program and all the consequences of executing it in any given environment can, in principle, be found out from the text of the program itself by means of purely deductive reasoning . OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 14

  15. Hoare Triple { P } S { Q } Partial correctness or [P] S [Q] Total correctness OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 15

  16. 3 rd Lecture Let’s have some fun OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 16

  17. Let’s start the fun! ■ You may know everything and want to prove it { P } S { Q } ■ You may not know everything and want to find it { ? } S { Q } { P } S { ? } { P } ? { Q } OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 17

  18. Let’s start the fun! Hoare Triple Question Technique {P} S {Q} S satisfies specification? Inference Rules {?} S {Q} Which the precondition? Weakest precondition {P} S {?} Which is the program? Strongest post condition {P} S {Q} Which is the post condition? Refinement OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 18

  19. 4th Lecture Hopefully, at this class your students ask: How can we do that? OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 19

  20. 4 th Lecture: How can we do that? Nº Instruction Inference Rules R1 skip {P} skip {P} R2 Assignment {P[E/x]} x := E {P(x)} R3 Sequence or Composition {P} S {Q} , {Q} T {R} {P} S; T {R} {P Ù C} S {Q} , {P Ù ¬ C} T {Q} R4 If {P} if C then S else T {Q} I Ù C Þ v Î N, {I Ù C Ù v=V} S {I Ù v<V} R5 Cycle {I} while C do S {I Ù ¬ C} P’ Þ P, {P} S {Q} R6 Strengthening the precondition {P’} S {Q} {P} S {Q}, Q Þ Q’ R7 Weakening the postcondition {P} S {Q’} {P Ù A} assert A {P} R8 Intermediate assertions …or Weakest precondition rules OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 20

  21. 4 th Lecture: How can we do that? Nº Name Refinement Rules If Q’ Þ Q then Spec(P, S, Q) ⊑ Spec(P, S, Q’) 1 Strengthen Post-condition Rule If P Þ P’, then Spec(P,S,Q) ⊑ Spec(P’,S,Q) 2 Weaken Pre-condition Rule If P Þ Q then Spec(P,S,Q) ⊑ Spec(P, skip, Q) 3 Skip Rule if P Þ Q[E/ x ] then Spec(P, x :S, Q) ⊑ Spec(P, x :=E, Q] 4 Assignment Rule 5 Composition Rule {P} S {Q} ⊑ {P} S 1 {M}; S 2 {Q} {P}S{Q} ⊑ {P} S 1 {Q[ E/x ]}; x := E{Q} 6 Following Assignment Rule If P Þ G 1 Ú G 2 Ú … Ú G n , then 7 Selection Rule {P} if G 1 → {G 1 Ù P} S 1 {Q} {P} S {Q} ⊑ [] G 2 → {G 2 Ù P} S 2 {Q} [] … [] G n → {G n Ù P} S n {Q} fi {Q} Suppose G = G 1 Ú G 2 Ú … Ú G n , then 8 Repetition Rule {I} S {I Ù ¬ G} ⊑ {I} DO {I Ù ¬G} where DO is do G 1 → {I Ù G 1 Ù V = V 0 } S 1 {I Ù (0 ≤ V < V 0 )} [] … [] G n → {I Ù G n Ù V = V 0 } S n {I Ù (0 ≤ V < V 0 )} od OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 21

  22. 5 th to 7 th Lecture Exercises Apply different rules in small examples OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 22

  23. At this point… The students think… ■ Oh, Ok…. ■ This works just for small toy examples ■ It does not scale... OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 23

  24. 8 th Lecture Exercises Use the overall approach in more real examples OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 24

  25. Challenges There no way to avoid that, so, ■ Students have other courses balance the effort in parallel ■ Find real complex examples Real, not too complex and fun ■ Motivate the students Overture? ■ Find good tools ■ Make them conscious of Make them gather metrics Formal Methods advantages to be conscious of the benefits ■ … OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 25

  26. Real & not too complex ■ I Already tried several different themes: • Information systems : system to manage the information of an University; System to manage a football championship, etc. • Board games : monopoly; chess, go, abalone, etc… - This worked quite well because they had to specify the rules and at the end they could play... - However I didn’t ask for a GUI and an API interface to play a game is not very attractive… • So, • I combined the Formal Methods course with the Computer Graphics course so the students could have a graphical user interface connected with a background developed in VDM++ OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 26

  27. Good Tools ■ Alloy Analyzer (for Alloy) ■ Dafny (to prove program’s correctness. Good thing: it is on the web) ■ VDM tools (to illustrate the end-to-end process) ■ Overture (to illustrate the end-to-end process) • Main problems - Code generator – several problems - Students need to look into the generated code to fix the problems and such code is not easy to read. OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 27

  28. Conscious of the advantages ■ Gather metrics • How much time did you spend with the specification? • How much time did you spend in testing the specification? • How much time did you spend generating the code? • How much time did you spend testing the code? OVT 17: 17TH OVERTURE WORKSHOP -- Ana Paiva 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Adapting to Different Types of Target Audience in Teaching Formal Methods Antonio Cerone

Adapting to Different Types of Target Audience in Teaching Formal Methods Antonio Cerone

Adapting to Different Types of Target Audience in Teaching Formal Methods Antonio Cerone Department of Computer Science, Nazarbayev University, Kazakhstan antonio.cerone,@nu.edu.kz Karl Lermer Department of Computer Science, ZHAW, Switzerland

650 views • 51 slides
Teaching Formal Set Theory with Regard to Students Comprehension Libor Bhounek Workshop on

Teaching Formal Set Theory with Regard to Students Comprehension Libor Bhounek Workshop on

Teaching Formal Set Theory with Regard to Students Comprehension Libor Bhounek Workshop on Modern Teaching, May 16, 2019 Libor Bhounek (U Ostrava) Teaching Set Theory 1 / 15 Situation The task Ive been given since 3 years ago:

551 views • 15 slides
No magic wand for teaching physics Diversity of pedagogical tools: a need D. Buskulic,

No magic wand for teaching physics Diversity of pedagogical tools: a need D. Buskulic,

No magic wand for teaching physics Diversity of pedagogical tools: a need D. Buskulic, Universit de Savoie, FFP Marseille, 15-19 juin 2014 Overview Innovative teaching methods ? ! Innovative teaching methods ? ! Diversity, a must: examples !

295 views • 27 slides
GPs and GP trainees Introduction Expanding GP teaching Importance of GP teaching &amp;

GPs and GP trainees Introduction Expanding GP teaching Importance of GP teaching &amp;

Teaching opportunities for GPs and GP trainees Introduction Expanding GP teaching Importance of GP teaching &amp; students time spent in practice Association between clinical GP teaching and students career destination of

294 views • 10 slides
Inclusive Teaching Practices Alicia Cundell Teaching Consultant Centre for Teaching &amp;

Inclusive Teaching Practices Alicia Cundell Teaching Consultant Centre for Teaching &amp;

Inclusive Teaching Practices Alicia Cundell Teaching Consultant Centre for Teaching &amp; Learning Centre for Teaching &amp; Learning (FB 620) Todays Goals &amp; Objectives Provide a space for participants to discuss issues of diversity

625 views • 21 slides
Teaching-Research NYCity model Teaching Research Cycle Teaching-Research NYCity Model

Teaching-Research NYCity model Teaching Research Cycle Teaching-Research NYCity Model

Teaching-Research NYCity model Teaching Research Cycle Teaching-Research NYCity Model Czarnocha, Prabhu,2006 , Dydaktyka Matematyki It is the classroom investigations of learning processes conducted simultaneously with teaching by the

540 views • 16 slides
Who are we teaching and Who are we teaching and how do we teach them? how do we teach them?

Who are we teaching and Who are we teaching and how do we teach them? how do we teach them?

Who are we teaching and Who are we teaching and how do we teach them? how do we teach them? William O. Bond and John C. Mayer University of Alabama at Birmingham Greater Birmingham Mathematics Partnership 1 Sept 2008 Motivating Questions

518 views • 27 slides
Teaching Vocabulary Pre-Teaching Vocabulary + Pre-Teaching Vocabulary: An Example for 2 nd -5 th

Teaching Vocabulary Pre-Teaching Vocabulary + Pre-Teaching Vocabulary: An Example for 2 nd -5 th

Teaching Vocabulary Pre-Teaching Vocabulary + Pre-Teaching Vocabulary: An Example for 2 nd -5 th Grades Teacher says the word and asks students to repeat the 1. word three times. Teacher states the word in context from the text. 2. Teacher

524 views • 31 slides
Interac(ve Teaching &amp; Ac(ve Learning Best Prac(ces for

Interac(ve Teaching &amp; Ac(ve Learning Best Prac(ces for

Interac(ve Teaching &amp; Ac(ve Learning Best Prac(ces for Teaching and Learning Outline 1. Introduc+on 2. One-on-one teaching 3. Ac+ve Learning Methods

374 views • 21 slides
Teaching Computer Science/ TLA+ Friedrich Vogt/Paul Tavolato University of Technology

Teaching Computer Science/ TLA+ Friedrich Vogt/Paul Tavolato University of Technology

General and Specific Issues in Teaching Computer Science/ TLA+ Friedrich Vogt/Paul Tavolato University of Technology Hamburg-Harburg and University of Applied Science, St. Plten, Austria 1 | Scope The paper Integrating Formal Methods into

470 views • 19 slides
SOCIAL JUSTICE 101: Based on Materials from Teaching Tolerance About Teaching Tolerance

SOCIAL JUSTICE 101: Based on Materials from Teaching Tolerance About Teaching Tolerance

SOCIAL JUSTICE 101: Based on Materials from Teaching Tolerance About Teaching Tolerance Founded in 1991, Teaching Tolerance is dedicated to reducing prejudice, improving intergroup relations and supporting equitable school experiences for

389 views • 22 slides
Teaching methods Pre-reading Ground Rules Research 1.

Teaching methods Pre-reading Ground Rules Research 1.

Teaching methods Pre-reading Ground Rules Research 1. Be on Gme and dont leave early Lecture 2. Mobiles and laptops off Discussion 3.

368 views • 8 slides
Distance Teaching and Learning Distance Teaching and Learning without Walls: without Walls:

Distance Teaching and Learning Distance Teaching and Learning without Walls: without Walls:

Distance Teaching and Learning Distance Teaching and Learning without Walls: without Walls: Developing academics skills in video-conferencing in the CREO Project at The University of Sydney Kim McShane The Institute for Teaching &amp;

701 views • 19 slides
Designing Curricula Why are you here? Agenda setting: What questions do you have? What

Designing Curricula Why are you here? Agenda setting: What questions do you have? What

Professor Mark Schofield Dean of Teaching and Learning Development, National Teaching Fellow, Director, Centre for Learning and Teaching, Academic Director - SOLSTICE Centre for Excellence in Teaching and Learning, U.K Director EHU

912 views • 54 slides
Teaching Slides For Respiratory Disease Teaching Slides For Respiratory Disease Teaching Slides

Teaching Slides For Respiratory Disease Teaching Slides For Respiratory Disease Teaching Slides

Teaching Slides For Respiratory Disease.pdf Teaching Slides For Respiratory Disease Teaching Slides For Respiratory Disease Teaching Slides For Respiratory Disease by Klaus Aachen Study Group can be downloaded and install free of cost below.

1.03k views • 52 slides
NJCTL NJCTL The Center for Teaching and Learning (CTL) is a non- Programs profit organization,

NJCTL NJCTL The Center for Teaching and Learning (CTL) is a non- Programs profit organization,

Slide 1 / 110 Slide 2 / 110 New Jersey Center for Teaching New Jersey Center for Teaching and Learning and Learning New Paradigm Methods Training This material is made freely available at www.njctl.org and is intended for the non-commercial

590 views • 19 slides
Information Theory and Statistical Inference Samuel Cheng School of ECE University of Oklahoma

Information Theory and Statistical Inference Samuel Cheng School of ECE University of Oklahoma

Information Theory and Statistical Inference Samuel Cheng School of ECE University of Oklahoma August 23, 2018 S. Cheng (OU-ECE) Information Theory and Statistical Inference August 23, 2018 1 / 45 Lecture 2 Introduction to probabilistic

1.1k views • 88 slides
Introduction to Gaussian Processes Iain Murray School of Informatics, University of Edinburgh

Introduction to Gaussian Processes Iain Murray School of Informatics, University of Edinburgh

Introduction to Gaussian Processes Iain Murray School of Informatics, University of Edinburgh The problem Learn scalar function of vector values f ( x ) 1 f(x) 0.5 y i 5 0 0 f 0.5 5 0 1 1 0.5 1.5 0.5 0 0.2 0.4 0.6

767 views • 42 slides
Voyaging around nacre with the x-ray shuttle from biomineralisation to prosthetics via mollusc

Voyaging around nacre with the x-ray shuttle from biomineralisation to prosthetics via mollusc

Voyaging around nacre with the x-ray shuttle from biomineralisation to prosthetics via mollusc phylogeny Daniel Chateigner, Magali Morales, Luca Lutterotti CRISMAT-ENSICAEN, IUT-Caen, France TMS 2010, X-ray and neutron symposium calcite -

298 views • 13 slides
Event Calendar SHIMA Daio,

Event Calendar SHIMA Daio,

Event Calendar SHIMA Daio, Funakoshi Funakoshi Atarashiki Maehamashou Park Jan

244 views • 11 slides
Infinitely many corks with shadow complexity one . . . . . Hironobu Naoe (Tohoku University)

Infinitely many corks with shadow complexity one . . . . . Hironobu Naoe (Tohoku University)

4-manifolds and its exotic pairs Polyhedron and reconstruction of 4-manifold Main result . . Infinitely many corks with shadow complexity one . . . . . Hironobu Naoe (Tohoku University) October 28, 2015 Topology and Geometry of

593 views • 58 slides
MLSS 06 - Canberra Elements Hierarchical Basis Sparse Grids Sparse Grids Combination

MLSS 06 - Canberra Elements Hierarchical Basis Sparse Grids Sparse Grids Combination

MLSS 06 - Canberra Sparse Grids Jochen Garcke (Very) Short Course on Finite MLSS 06 - Canberra Elements Hierarchical Basis Sparse Grids Sparse Grids Combination Technique Jochen Garcke Regression / Classification via Function

977 views • 68 slides
Wentworth Lawyers COMMERCIAL LAWYERS D IRECTORS D UTIES : L ESSONS FROM THE PAST TO GUIDE

Wentworth Lawyers COMMERCIAL LAWYERS D IRECTORS D UTIES : L ESSONS FROM THE PAST TO GUIDE

Wentworth Lawyers COMMERCIAL LAWYERS D IRECTORS D UTIES : L ESSONS FROM THE PAST TO GUIDE FUTURE CONDUCT FOR D IRECTORS SOME PRACTICAL TIPS FOR NFP S On 30 November 2017, we presented a webinar in partnership with Better Boards Australasia

621 views • 42 slides
Building the Kamus Besar Bahasa Indonesia (KBBI) Database and Its Applications David Moeljadi 1 ,

Building the Kamus Besar Bahasa Indonesia (KBBI) Database and Its Applications David Moeljadi 1 ,

Building the Kamus Besar Bahasa Indonesia (KBBI) Database and Its Applications David Moeljadi 1 , Ian Kamajaya 2 , Dora Amalia 3 1 Nanyang Technological University, Singapore 2 ASTrio Pte Ltd, Singapore 3 Badan Pengembangan dan Pembinaan Bahasa,

733 views • 31 slides

More recommend