the magic of specifications and type systems
play

The Magic of Specifications and Type Systems Amin Bandali June 17, - PowerPoint PPT Presentation

Oct 14, 2023 •229 likes •850 views

The Magic of Specifications and Type Systems Amin Bandali June 17, 2017 Software Engineering Lab, EECS York University Outline 1. Introduction 2. Significance & Contributions 3. Type Checking 4. Well-definedness Checking 5. Conclusion

  1. The Magic of Specifications and Type Systems Amin Bandali June 17, 2017 Software Engineering Lab, EECS York University

  2. Outline 1. Introduction 2. Significance & Contributions 3. Type Checking 4. Well-definedness Checking 5. Conclusion 1

  3. Introduction

  4. Specifications Architects draw detailed plans before a brick is laid or a nail is hammered. Programmers and software engineers don’t. Can this be why houses seldom collapse and programs often crash? To designers of complex systems, the need for formal specifications should be as obvious as the need for blueprints of a skyscraper. But few software developers write specifications because they have little time to learn how on the job, and they are unlikely to have learned in school. — Leslie Lamport, Turing Award Winner, 2013 2

  5. Specifications Architects draw detailed plans before a brick is laid or a nail is hammered. Programmers and software engineers don’t. Can this be why houses seldom collapse and programs often crash? To designers of complex systems, the need for formal specifications should be as obvious as the need for blueprints of a skyscraper. But few software developers write specifications because they have little time to learn how on the job, and they are unlikely to have learned in school. — Leslie Lamport, Turing Award Winner, 2013 2

  6. Specifications Architects draw detailed plans before a brick is laid or a nail is hammered. Programmers and software engineers don’t. Can this be why houses seldom collapse and programs often crash? To designers of complex systems, the need for formal specifications should be as obvious as the need for blueprints of a skyscraper. But few software developers write specifications because they have little time to learn how on the job, and they are unlikely to have learned in school. — Leslie Lamport, Turing Award Winner, 2013 2

  7. Specifications Architects draw detailed plans before a brick is laid or a nail is hammered. Programmers and software engineers don’t. Can this be why houses seldom collapse and programs often crash? To designers of complex systems, the need for formal specifications should be as obvious as the need for blueprints of a skyscraper. But few software developers write specifications because they have little time to learn how on the job, and they are unlikely to have learned in school. — Leslie Lamport, Turing Award Winner, 2013 2

  8. Specifications Architects draw detailed plans before a brick is laid or a nail is hammered. Programmers and software engineers don’t. Can this be why houses seldom collapse and programs often crash? To designers of complex systems, the need for formal specifications should be as obvious as the need for blueprints of a skyscraper. But few software developers write specifications because they have little time to learn how on the job, and they are unlikely to have learned in school. — Leslie Lamport, Turing Award Winner, 2013 2

  9. Gaining Traction Formal methods used to be relegated to safety critical systems: • nuclear plants • avionics • medical devices 3

  10. Gaining Traction Some formal methods are now practical and adopted by technology leaders: • Amazon • Microsoft • Facebook • Dropbox 4

  11. Significance & Contributions

  12. Unit-B Unit-B [3] is a new framework for specifying and modelling systems that must satisfy both safety and liveness properties. 5

  13. Unit-B Logic Unit-B Logic supports arithmetic , sets , functions , relations , and intervals theories. 6

  14. Unit-B Logic & Related Work Unit-B vs Event-B [1] • record types • complete well-definedness • type checking • [static] well-definedness checking • quantification over infinite sets 1 Unit-B vs Logitext • support for higher-order logic in both predicate and sequent calculi 7 Unit-B vs TLA + [4]

  15. Unit-B Logic & Related Work Unit-B vs Event-B [1] • record types • complete well-definedness • type checking • [static] well-definedness checking • quantification over infinite sets 1 Unit-B vs Logitext • support for higher-order logic in both predicate and sequent calculi 1 limitation of the TLC tooling 7 Unit-B vs TLA + [4]

  16. Unit-B Logic & Related Work Unit-B vs Event-B [1] • record types • complete well-definedness • type checking • [static] well-definedness checking • quantification over infinite sets 1 Unit-B vs Logitext • support for higher-order logic in both predicate and sequent calculi 1 limitation of the TLC tooling 7 Unit-B vs TLA + [4]

  17. Unit-B Web Unit-B Web makes the Literate Unit-B prover available on the web. While Literate Unit-B supports both the Unit-B Logic and Unit-B’s computation models, Unit-B Web currently only supports Unit-B Logic. 8

  18. Unit-B Web Unit-B Web makes the Literate Unit-B prover available on the web. While Literate Unit-B supports both the Unit-B Logic and Unit-B’s computation models, Unit-B Web currently only supports Unit-B Logic. 8

  19. Unit-B Web Teaching • demonstrations • online evaluations • support for assignments Online Proof Environment • making specifications more accessible to casual users • proof of concept for a web IDE for full modelling capabilities of Unit-B 9

  20. Unit-B Web Teaching • demonstrations • online evaluations • support for assignments Online Proof Environment • making specifications more accessible to casual users • proof of concept for a web IDE for full modelling capabilities of Unit-B 9

  21. Technology Stack Prover • Predicate prover Z3 • Proof tactics • Well-definedness • Type checking Haskell • Yesod / Haskell Syntax • JSON • JavaScript Web EX -based A T • L 10

  22. Technology Stack Prover • Predicate prover Z3 • Proof tactics • Well-definedness • Type checking Haskell • Yesod / Haskell Syntax • JSON • JavaScript Web EX -based A T • L 10

  23. Technology Stack Prover • Predicate prover Z3 • Proof tactics • Well-definedness • Type checking Haskell • Yesod / Haskell Syntax • JSON • JavaScript Web EX -based A T • L 10

  24. Type Checking

  25. Type Checking • not meaningful • caught by Unit-B’s type checker 11 • { x } + 3 ≤ 7 • TLA + doesn’t recognize this as an error

  26. Type Checking • not meaningful • caught by Unit-B’s type checker 11 • { x } + 3 ≤ 7 • TLA + doesn’t recognize this as an error

  27. Type Checking • not meaningful • caught by Unit-B’s type checker 11 • { x } + 3 ≤ 7 • TLA + doesn’t recognize this as an error

  28. Figure 1: A type error — x is expected to be a set of numbers

  29. Type Checking • not meaningful • caught by Unit-B’s type checker 13 • { x } + 3 ≤ 7 • TLA + doesn’t recognize this as an error

  30. Type Checking • not meaningful • caught by Unit-B’s type checker 13 • { x } + 3 ≤ 7 • TLA + doesn’t recognize this as an error

  31. Challenges & Rewards • Event-B’s simple type system forbids this • ??? • subtyping to the rescue! 14 • TLA + ’s untyped logic allows { 3 , { 7 }} • type variables → polymorphic definitions

  32. Challenges & Rewards • Event-B’s simple type system forbids this • ??? 14 • TLA + ’s untyped logic allows { 3 , { 7 }} • subtyping to the rescue! • type variables → polymorphic definitions

  33. Challenges & Rewards • Event-B’s simple type system forbids this • ??? • subtyping to the rescue! 14 • TLA + ’s untyped logic allows { 3 , { 7 }} • type variables → polymorphic definitions

  34. Challenges & Rewards • Event-B’s simple type system forbids this 14 • TLA + ’s untyped logic allows { 3 , { 7 }} • ??? • subtyping to the rescue! • type variables → polymorphic definitions

  35. Challenges & Rewards • Event-B’s simple type system forbids this 14 • TLA + ’s untyped logic allows { 3 , { 7 }} • ??? • subtyping to the rescue! • type variables → polymorphic definitions

  36. Well-definedness Checking

  37. Well-definedness Checking Catches meaningless formulas that type checker can’t catch: • division by zero • array index out of bounds • more sophisticated errors 15

  38. Well-definedness Checking Catches meaningless formulas that type checker can’t catch: • division by zero • array index out of bounds • more sophisticated errors 15

  39. Well-definedness Checking Catches meaningless formulas that type checker can’t catch: • division by zero • array index out of bounds • more sophisticated errors 15

  40. Well-definedness Checking Catches meaningless formulas that type checker can’t catch: • division by zero • array index out of bounds • more sophisticated errors 15

  41. Figure 2: An ill-defined predicate — x is not in the domain of f

  42. Conclusion

  43. Summary • Unit-B Web , a web application for doing predicate calculus proofs, bringing the Literate Unit-B prover to the web. • Type Checking helps identify a certain class of meaningless formulas (i.e. type-incorrect formulas) efficiently. • Well-definedness Checking catches the rest of meaningless formulas that are not type errors. 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

+ MAGIC results on X-ray binary systems Roberta Zanin (IFAE) on behalf of the MAGIC

+ MAGIC results on X-ray binary systems Roberta Zanin (IFAE) on behalf of the MAGIC

+ MAGIC results on X-ray binary systems Roberta Zanin (IFAE) on behalf of the MAGIC collaboration + 2 Outline Wind/wind or jets? GAMMA-RAY BINARIES: 1. LS I 61+303 2. HESS J0632 +057 MICROQUASARS: 1. Cygnus X-3 2. Scorpius X-1 3.

433 views • 29 slides
1 Type systems are the most widely used form of sta;c

1 Type systems are the most widely used form of sta;c

{HEADSHOT} This lesson introduces a popular kind of sta;c analysis called type systems. Type systems are o?en specified as part of the programming

923 views • 66 slides
The Mathemagic of Magic Squares History of Magic Squares Mathematics and Magic Squares

The Mathemagic of Magic Squares History of Magic Squares Mathematics and Magic Squares

The Mathemagic of Magic Squares Steven Klee Outline What is a Magic Square? The Mathemagic of Magic Squares History of Magic Squares Mathematics and Magic Squares Constructing Steven Klee Magic Squares Magic Circles University of

968 views • 86 slides
MAGIC II Project review by Thomas Schweizer MAGIC II in memory of Florian Thomas Schweizer The

MAGIC II Project review by Thomas Schweizer MAGIC II in memory of Florian Thomas Schweizer The

MAGIC II Project review by Thomas Schweizer MAGIC II in memory of Florian Thomas Schweizer The MAGIC Collaboration MAGIC goes stereo MAGIC-I: Discovered many new sources and lots of publications in refereed journals Many discoveries

611 views • 34 slides
Calibration chamber for thermometers (Liquid bath type) Specifications : 85 to 50

Calibration chamber for thermometers (Liquid bath type) Specifications : 85 to 50

Calibration chamber for thermometers (Liquid bath type) Specifications : 85 to 50 85 to 50 Range Range : Accuracy: 0.01 Dimensions (Internal): 300 H450mm Purpose of use

246 views • 6 slides
From Shang Gao Magic 15 If a 2 + b 2 = c 2 , then ( a , b , c ) is called to be a Background

From Shang Gao Magic 15 If a 2 + b 2 = c 2 , then ( a , b , c ) is called to be a Background

Magic 15 Magic 15 Background Two Square Theorem Galois Finite Fields Magic 15: A STORY OVER 380 YEARS Proofs of 2-Square Theorem Three Square Theorem Four Square Theorem Universal Polynomials Magic 15 Proof of Fifteen Theorem 15

1.31k views • 97 slides
INF 212/CS 253 Type Systems Instructors: Harry Xu Crista Lopes What is a Data Type? A type

INF 212/CS 253 Type Systems Instructors: Harry Xu Crista Lopes What is a Data Type? A type

INF 212/CS 253 Type Systems Instructors: Harry Xu Crista Lopes What is a Data Type? A type is a collection of computational entities that share some common property Programming languages are designed to help programmers organize

803 views • 32 slides
Type Systems Authored By Luca Cardelli ACM Computing Surveys, 1996 Type Systems - Why, What

Type Systems Authored By Luca Cardelli ACM Computing Surveys, 1996 Type Systems - Why, What

Type Systems Authored By Luca Cardelli ACM Computing Surveys, 1996 Type Systems - Why, What & How? (Informally) Why : to prevent forbidden(all untrapped and some trapped) errors OR to prove the absence of certain program behaviour

358 views • 11 slides
Hybrid Type Systems Jose A. Lopes Max Planck Institute for Software Systems (MPI-SWS) MOVEP 2012

Hybrid Type Systems Jose A. Lopes Max Planck Institute for Software Systems (MPI-SWS) MOVEP 2012

Hybrid Type Systems Jose A. Lopes Max Planck Institute for Software Systems (MPI-SWS) MOVEP 2012 Type systems Type systems are a lightweight verification method Common in programming languages Increase software reliability Verify

588 views • 21 slides
Teaching old type systems Teaching old type systems new tricks with type providers new tricks

Teaching old type systems Teaching old type systems new tricks with type providers new tricks

Teaching old type systems Teaching old type systems new tricks with type providers new tricks with type providers Tomas Petricek Tomas Petricek University of Kent and The Alan Turing Institute http://tomasp.net tomas@tomasp.net @tomaspetricek

839 views • 38 slides
Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Outline Formal specifications CISC422/853: Formal Methods Types of formal specifications: in Software Engineering: assertions invariants Computer-Aided Verification safety and liveness properties How to express safety

226 views • 22 slides
A magic particle machine Imagine this setup... Alice Magic Particle Machine Bob A magic

A magic particle machine Imagine this setup... Alice Magic Particle Machine Bob A magic

Pictures of non-locality in quantum mechanics 1 Aleks Kissinger Oxford University Department of Computer Science May 21, 2014 1 Joint work with Bob Coecke (Oxford), Ross Duncan (ULB), and Quanlong Wang (Beijing) A magic particle machine

1.66k views • 92 slides
File Systems Chi Zhang czhang@cs.fiu.edu 1 File Attributes Name only information kept

File Systems Chi Zhang czhang@cs.fiu.edu 1 File Attributes Name only information kept

COP 4225 Advanced Unix Programming File Systems Chi Zhang czhang@cs.fiu.edu 1 File Attributes Name only information kept in human-readable form. Type Extension-based Magic numbers stored at the beginning of a file (Unix)

251 views • 23 slides
Course Specifications/Detailed Course Outline Course code : STA 331 2.0 Course title :

Course Specifications/Detailed Course Outline Course code : STA 331 2.0 Course title :

Course Specifications/Detailed Course Outline Course code : STA 331 2.0 Course title : Stochastic Processes Course type : Core Batch : AS2017 Year : 2020 Semester : 2 No. of notional hours : 100 hours Pre-requisites : STA 114 2.0

316 views • 7 slides
TOGETHER TO MAGIC PLACES COLLABORATIVE VR SOLUTIONS TOGETHER TO MAGIC PLACES CHALLENGES

TOGETHER TO MAGIC PLACES COLLABORATIVE VR SOLUTIONS TOGETHER TO MAGIC PLACES CHALLENGES

TOGETHER TO MAGIC PLACES COLLABORATIVE VR SOLUTIONS TOGETHER TO MAGIC PLACES CHALLENGES & OPPORTUNITIES CHALLENGE B2C 90% of all VR applications are designed for single-player. High-end VR is not yet affordable for mass

608 views • 14 slides
Type Systems Lecture 3 Nov. 3rd, 2004 Sebastian Maneth

Type Systems Lecture 3 Nov. 3rd, 2004 Sebastian Maneth

Type Systems Lecture 3 Nov. 3rd, 2004 Sebastian Maneth http://lampwww.epfl.ch/teaching/typeSystems/2004 Today: into the types 1. A Type System for Arithmetic Expressions 2. Proving Type Safety 3. Simply Typed Lambda Calculus

988 views • 50 slides
Poincar e-Verdier duality Having proved Verdier duality, our next goal is to compute f ! G ,

Poincar e-Verdier duality Having proved Verdier duality, our next goal is to compute f ! G ,

Verdier duality Last time, we stated for f : X Y map between finite-dimensional, locally compact Hausdorff spaces: RHom Sh( Y ) ( Rf ! F , G ) = RHom Sh( X ) ( F , f ! G ) D + ( Ab ) . H om X ( F , f ! G ) D + (Sh( Y )) . R H

185 views • 5 slides
Remaining ASEN 5007 Class Schedule Today Solving FEM Equations (descriptive, no assignments)

Remaining ASEN 5007 Class Schedule Today Solving FEM Equations (descriptive, no assignments)

Introduction to FEM Remaining ASEN 5007 Class Schedule Today Solving FEM Equations (descriptive, no assignments) 12/7 Demo of a complete plane stress program (Ch 27) 12/9 Description of take-home exam Stress recovery (Ch

292 views • 12 slides
Optimizing Multidimensional skyline queries Sofian Maabout Nicolas Hanusse Carlos Ordonez

Optimizing Multidimensional skyline queries Sofian Maabout Nicolas Hanusse Carlos Ordonez

Optimizing Multidimensional skyline queries Sofian Maabout Nicolas Hanusse Carlos Ordonez Patrick Kamnang Overview Skyline queries? Multidimensional Skylines Problem definition The interplay between functional dependencies and

693 views • 38 slides
Backwards Analysis Gerth Stlting Brodal Pre-talent track activity in Algorithms, Department of

Backwards Analysis Gerth Stlting Brodal Pre-talent track activity in Algorithms, Department of

Backwards Analysis Gerth Stlting Brodal Pre-talent track activity in Algorithms, Department of Computer Science, Aarhus University, February 19, 2019 Pareto optimal / non-dominated points / skyline No points Pareto optimal Dominated points

256 views • 25 slides
0114 marketing MARKETING POWER HOUR WEEK 3 IDENTIFYING & FINDING YOUR IDEAL CUSTOMER |

0114 marketing MARKETING POWER HOUR WEEK 3 IDENTIFYING & FINDING YOUR IDEAL CUSTOMER |

0114 marketing MARKETING POWER HOUR WEEK 3 IDENTIFYING & FINDING YOUR IDEAL CUSTOMER | Learn What Am I Talking About? | Apply How Does This Apply To My Business? | Implement How Can I Implement This? Who, When, Why? 9

479 views • 34 slides
Towards Optimized Multimodal Concept Indexing Navid Rekabsaz, Ralf Bierig, Mihai Lupu, Allan

Towards Optimized Multimodal Concept Indexing Navid Rekabsaz, Ralf Bierig, Mihai Lupu, Allan

Towards Optimized Multimodal Concept Indexing Navid Rekabsaz, Ralf Bierig, Mihai Lupu, Allan Hanbury Navid Rekabsaz (navid.rekabsaz@student.tuwien.ac.at) [last_name]@ifs.tuwien.ac.at Mihai Lupu (lupu@ifs.tuwien.ac.at) Agenda Multimodal

576 views • 23 slides
Derived Torelli Theorem and Orientation Paolo Stellari Dipartimento di Matematica F .

Derived Torelli Theorem and Orientation Paolo Stellari Dipartimento di Matematica F .

Derived Torelli Theorem and Orientation Paolo Stellari Dipartimento di Matematica F . Enriques Universit` a degli Studi di Milano Joint work with D. Huybrechts and E. Macr` (math.AG/0608430 + work in progress) Paolo Stellari Derived

655 views • 46 slides
Slide 4 / 41 3 A crate is lifted by a force F which is greater in magnitude than the crates

Slide 4 / 41 3 A crate is lifted by a force F which is greater in magnitude than the crates

Slide 1 / 41 AP Physics C Work and Energy Algebra Based Multiple Choice www.njctl.org Slide 2 / 41 1 A student throws a ball upwards from the ground level where gravitational potential energy is zero. At a height of 15 m, the ball has a

294 views • 14 slides

More recommend