the truth of a procedure
play

The Truth of a Procedure Lisa Lippincott Meeting C++, November 2018 - PowerPoint PPT Presentation

Mar 27, 2024 •256 likes •1.04k views

The Truth of a Procedure Lisa Lippincott Meeting C++, November 2018 Why dont we routinely write down the reasoning behind our programs in a formal way, and have computers check it? The mathematical tools we use for proofs present a poor

  1. The Truth of a Procedure Lisa Lippincott Meeting C++, November 2018

  2. Why don’t we routinely write down the reasoning behind our programs in a formal way, and have computers check it? The mathematical tools we use for proofs present a poor user interface for procedural programming.

  3. Logic

  4. Procedural Logic

  5. A procedure is an embodied algorithm, conceived as a scheme by which events may be arranged in time, space, possibility and causality. Procedures are sentences. A sentence is a statement about the world, which may either be in agreement with the world (“true”) or be in disagreement with the world (“false”).

  6. Sentence ( false and true ) or (( true or false ) and true )

  7. true false false false true or true true and and and and and and or or or or or

  8. 🙃 makes a choice or or 😉 makes a choice and and and 💀 loses the game false true or true true 🙂 loses the game true false false

  9. 🙃 makes a choice or or This sentence is true: 😉 makes a choice and and 🙃 has a winning strategy. 💀 loses the game or true true true

  10. or and and and or or false true or true true false and false true false false true

  11. or and This sentence is true: This sentence is false: and or 🙃 has a winning strategy. 😉 has a winning strategy. or true and false true false

  12. The code here is written in a fantasy C++, with extensions that make proofs fit into the code.

  13. void foo() interface { void foo() void bar() … implementation interface …prologue { { … … …prologue … … … implementation; bar(); implementation; … … … … … …epilogue …epilogue } } … }

  14. 😉 🙃 🙃 void foo() interface { void foo() void bar() … implementation interface …prologue { { … … …prologue … … … implementation; bar(); implementation; … … … … … …epilogue …epilogue } } … } 💀 🙃 😉

  15. 😉 🙃 🙃 void foo() interface { void foo() void bar() … implementation interface …prologue { { … … …prologue … … … implementation; bar(); implementation; … … … … … …epilogue …epilogue } } … } 💀 🙃 😉

  16. const int factorial( const int& n ) interface { claim n >= 0; claim usable( n ); implementation; claim usable( n ); claim usable( result ); }

  17. claim statements are assertions const int factorial( const int& n ) interface that must hold for local reasons. { claim n >= 0; Yellow claims for reasons in this function; purple claims for reasons in other functions. claim usable( n ); implementation; 💀🙂 If a claim statement fails, claim usable( n ); the current player loses. claim usable( result ); }

  18. An lvalue is usable if it may be const int factorial( const int& n ) interface used in the usual manner for its { cv-qualified type. claim n >= 0; claim usable( n ); Usable scalar lvalues — have a stable value (if not volatile), and implementation; — are modifiable (if not const). claim usable( n ); claim usable( result ); Class types may have more complicated } rules for usability.

  19. If an operation is used in the const int factorial( const int& n ) interface procedure, its interface is part { of the game. claim n >= 0; claim usable( n ); We’ll start the game with the interface of operator>=( const int&, const int& ) . implementation; claim usable( n ); claim usable( result ); }

  20. The current player const bool operator>=( const int& a, announces the value const int& b ) of each usable lvalue. interface { claim usable( a ); The value of a is six. 😉 claim usable( b ); And the value of b is zero. implementation; claim usable( a ); claim usable( b ); claim usable( result ); }

  21. If the object hasn’t been const bool operator>=( const int& a, changed, the player must const int& b ) repeat the previous value. interface { claim usable( a ); The value of a is six. 😉 claim usable( b ); And the value of b is zero. implementation; a is still six, claim usable( a ); and b is still zero. claim usable( b ); 😉 claim usable( result ); And the result is true. } 💀🙂 Unexpectedly changing a value is penalized.

  22. Lvalues asserted usable directly within the prologue provide the const int factorial( const int& n ) direct input to the function. interface { The result is true ; the claim succeeds! claim n >= 0; 😉 The value of n is six. claim usable( n ); implementation; The epilogue likewise describes claim usable( n ); claim usable( result ); the direct output. }

  23. const int factorial( const int& n ) const int factorial( const int& n ) interface implementation { { claim n >= 0; int r = 1; claim usable( n ); for ( int i = n; i != 0; --i ) if ( can_multiply( r, i ) ) implementation; r *= i; else claim usable( n ); throw factorial_overflow(); claim usable( result ); } return r; }

  24. ☞ int r = 1; for ( int i = n; i != 0; --i ) for ( int i = n; i != 0; --i ) return r; if ( can_multiply( r, i ) ) r *= i; throw factorial_overflow(); for ( int i = n; i != 0; --i )

  25. When substitutable is claimed, lvalues must have identical values. int::int( const int& a ) interface { 🙃 The value of a is one. claim usable( a ); implementation; a and *this are both one. claim substitutable( a, *this ); The value of a is one, and claim usable( a ); 😉 claim usable( *this ); *this is one. *this can be changed. }

  26. ☞ int r = 1; for ( int i = n; i != 0; --i ) for ( int i = n; i != 0; --i ) return r; if ( can_multiply( r, i ) ) r *= i; throw factorial_overflow(); for ( int i = n; i != 0; --i )

  27. ☞ int r = 1; for ( int i = n; i != 0; --i ) for ( int i = n; i != 0; --i ) return r; if ( can_multiply( r, i ) ) r *= i; throw factorial_overflow(); for ( int i = n; i != 0; --i )

  28. inline Inline functions without const bool operator!=( const int& a, declared interfaces are const int& b ) played by the entering { return !( a == b ); player. } Sometimes showing what a function does is simpler than describing it. inline But this also makes the program brittle! const bool operator!( const bool& c ) { return c ? false : true; }

  29. Branch directions are also part const bool operator==( const int& a, const int& b ) of the direct input and output. interface { The value of a is six, claim usable( a ); 🙃 claim usable( b ); and b is zero. implementation; The result is false; swerve right! if ( result ) claim substitutable( a, b ); The value of a is still six, claim usable( a ); b is still zero, claim usable( b ); 😉 claim usable( result ); and the result is false. }

  30. inline Inline functions without const bool operator!=( const int& a, declared interfaces are const int& b ) played by the entering { return !( a == b ); player. } Sometimes showing what a function does is simpler than describing it. inline But this also makes the program brittle! const bool operator!( const bool& c ) { return c ? false : true; }

  31. ☞ int r = 1; for ( int i = n; i != 0; --i ) for ( int i = n; i != 0; --i ) return r; if ( can_multiply( r, i ) ) r *= i; throw factorial_overflow(); for ( int i = n; i != 0; --i )

  32. can_multiply has a basic interface: usable input, const bool can_multiply( const int& a, usable output. const int& b ) interface { claim usable( a ); The value of a is one, and 🙃 claim usable( b ); the value of b is six. implementation; a is still one, claim usable( a ); and b is still six. claim usable( b ); 😉 claim usable( result ); And the result is true. }

  33. ☞ int r = 1; for ( int i = n; i != 0; --i ) for ( int i = n; i != 0; --i ) return r; if ( can_multiply( r, i ) ) r *= i; throw factorial_overflow(); for ( int i = n; i != 0; --i )

  34. int& int::operator*=( const int m ) interface { claim can_multiply( *this, m ); claim usable( m ); claim usable( *this ); implementation; claim aliased( result, *this ); claim usable( m ); claim usable( *this ); claim usable( result ); }

  35. If a function’s direct input is const bool can_multiply( const int& a, repeated, its direct output const int& b ) must also be repeated. interface { claim usable( a ); As before, the value of a is one, 🙃 claim usable( b ); and the value of b is six. implementation; a is still one, claim usable( a ); and b is still six. claim usable( b ); 😉 claim usable( result ); Like last time, the result is true. } 💀🙂 Announcing different direct output is penalized.

  36. Lvalues are aliased when they int& int::operator*=( const int m ) interface refer to the same object. { The can_multiply claim succeeds! claim can_multiply( *this, m ); The value of m is six, and while claim usable( m ); 🙃 claim usable( *this ); *this is currently one, it can change. implementation; result and *this are the same object. claim aliased( result, *this ); m is still six; claim usable( m ); *this is now six and can change; claim usable( *this ); 😉 claim usable( result ); the result is six and can change. } 💀🙂 There is a penalty for not mentioning observable aliasing.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Truth, T Truth-values, and the l like Fabien Schang National Research University Higher

Truth, T Truth-values, and the l like Fabien Schang National Research University Higher

Truth, T Truth-values, and the l like Fabien Schang National Research University Higher School of Economics Moscow (Russia) schang.fabien@voila.fr Content 1. Truth 2. Truth-values 3. The like 1. Truth A basic difference, in philosophy,

1.77k views • 163 slides
SYMBOLIC LOGIC UNIT 3: COMPUTING TRUTH VALUES Truth Values The truth value of a

SYMBOLIC LOGIC UNIT 3: COMPUTING TRUTH VALUES Truth Values The truth value of a

SYMBOLIC LOGIC UNIT 3: COMPUTING TRUTH VALUES Truth Values The truth value of a formula/sentence is always (at least in this class) either true (T) or false (F). Notes: Truth values has nothing to do with how valuable a sentence is.

727 views • 47 slides
Optimizing Procedure Calls Inlining Procedure calls can be costly (A.k.a. procedure integration,

Optimizing Procedure Calls Inlining Procedure calls can be costly (A.k.a. procedure integration,

Optimizing Procedure Calls Inlining Procedure calls can be costly (A.k.a. procedure integration, unfolding, beta-reduction, ...) direct costs of call, return, argument & result passing, stack frame maintainance Replace call with body of

279 views • 5 slides
Optimizing Procedure Calls Inlining Procedure calls can be costly (A.k.a. procedure integration,

Optimizing Procedure Calls Inlining Procedure calls can be costly (A.k.a. procedure integration,

Optimizing Procedure Calls Inlining Procedure calls can be costly (A.k.a. procedure integration, unfolding, beta-reduction, ...) direct costs of call, return, argument & result passing, stack frame maintainance Replace call with body of

497 views • 4 slides
Truth Revisited: What is Truth? Truth is Important. Pilate therefore said to Jesus: Art

Truth Revisited: What is Truth? Truth is Important. Pilate therefore said to Jesus: Art

Truth Revisited: What is Truth? Truth is Important. Pilate therefore said to Jesus: Art thou a king then? Jesus answered: Thou sayest that I am a king. For this was I born, and for this came I into the world; that I should give

939 views • 66 slides
The Top Ten Errors (and Misconceptions) in LED Photometry LED Specifications: the Truth, the

The Top Ten Errors (and Misconceptions) in LED Photometry LED Specifications: the Truth, the

The Top Ten Errors (and Misconceptions) in LED Photometry LED Specifications: the Truth, the Whole Truth and Nothing but the Truth Robert Yeo, Pro-Lite Technology Dr Gareth John, Photometric & Optical Testing Services Lighting Fixture

429 views • 27 slides
Sojourner Truth By Heath Colbert Lourie & Penelope Blatman Who Is Sojourner Truth Sojourner

Sojourner Truth By Heath Colbert Lourie & Penelope Blatman Who Is Sojourner Truth Sojourner

Sojourner Truth By Heath Colbert Lourie & Penelope Blatman Who Is Sojourner Truth Sojourner Truth was born in Ulster County, New York in 1797 with the name her owner gave her, Isabella Baumfree. At age 9 she was sold to John Neely for $100

225 views • 5 slides
T HE L OGIC OF A TOMIC S ENTENCES : P ROOFS OF ( IN )V ALIDITY Wednesday, 1 September Wednesday,

T HE L OGIC OF A TOMIC S ENTENCES : P ROOFS OF ( IN )V ALIDITY Wednesday, 1 September Wednesday,

P UZZLE Mr. X always tells the truth on Monday, Tuesday, and Wednesday and never tells the truth on the other days. Ms. Y always tells the truth on Thursday, Friday, and Saturday and never tells the truth on the other days. On a certain day,

539 views • 9 slides
10/13/15 Nega%on Truth Table A A Propositional Logic and Truth Tables 0 1

10/13/15 Nega%on Truth Table A A Propositional Logic and Truth Tables 0 1

10/13/15 Nega%on Truth Table A A Propositional Logic and Truth Tables 0 1 (Rosen, Sections 1.1, 1.2, 1.3) 1 0 TOPICS Propositional Logic Logical Operations Logical Equivalences CS160 - Fall Semester 2015 Truth

230 views • 4 slides
Class 17 Final Analysis Review of a few things about types The truth about lambda Set equality

Class 17 Final Analysis Review of a few things about types The truth about lambda Set equality

Class 17 Final Analysis Review of a few things about types The truth about lambda Set equality and equality testing Revisit big O Main ideas Two more useful theorems Example of a complete analysis of a procedure or two Big-O, take

768 views • 28 slides
Truth in Taxation County Auditors Regional Training Truth in Taxation Basics Texas

Truth in Taxation County Auditors Regional Training Truth in Taxation Basics Texas

Truth in Taxation County Auditors Regional Training Truth in Taxation Basics Texas Constitution Provisions for TNT Article VIII, Section 21 Four principles to Truth in Taxation Property Owners right to know Taxing Units are

565 views • 31 slides
LCLSII Warm FPC Assembly to Cryomodule 1.0 General notes 1.1 This procedure specifies and documents

LCLSII Warm FPC Assembly to Cryomodule 1.0 General notes 1.1 This procedure specifies and documents

LCLSII Warm FPC Assembly to Cryomodule Procedure Title CP L2PRO FPCW AC Procedure ID This procedure specifies the assemble of the LCLSII Warm FPC Procedure Description to the cryomodule. R1 Revision Sign : Date : Author Name : Mircea

413 views • 18 slides
Todays Topics 1. Procedures and Procedure Call 2. Array and Record Types Procedure and

Todays Topics 1. Procedures and Procedure Call 2. Array and Record Types Procedure and

Todays Topics 1. Procedures and Procedure Call 2. Array and Record Types Procedure and Function Calls How to type check? - Example-driven, modelling, coding to the spec. Example: PROCEDURE foo (x : INTEGER; y : REAL) : BOOLEAN;

189 views • 8 slides
Fatigue Management Procedure Your organization NEEDS a fatigue management procedure

Fatigue Management Procedure Your organization NEEDS a fatigue management procedure

Fatigue Management Procedure Your organization NEEDS a fatigue management procedure Procedure Absolutes: Clear Work Day, Work Hour, and rest period limits Exceptions: Job Critical Can employees perform the work safely

451 views • 4 slides
Lecture 4: Procedure Calls Todays topics: Procedure calls Large constants The

Lecture 4: Procedure Calls Todays topics: Procedure calls Large constants The

Lecture 4: Procedure Calls Todays topics: Procedure calls Large constants The compilation process Reminder: Assignment 1 is due on Thursday 1 Recap The jal instruction is used to jump to the procedure and save the

442 views • 23 slides
Procedure Procedure: a description of a computation that, given an input, produces an output.

Procedure Procedure: a description of a computation that, given an input, produces an output.

Procedure Procedure: a description of a computation that, given an input, produces an output. Example: def mul(p,q): return p*q Computational Problem: an input-output specification that a procedure might be required to satisfy. Example: Integer

673 views • 32 slides
Output g f after looking at data ( x n , y n ). 2. Can We do it? E in E out simple H ,

Output g f after looking at data ( x n , y n ). 2. Can We do it? E in E out simple H ,

recap: Three Learning Principles Scientist 1 Scientist 2 Scientist 3 resistivity resistivity resistivity Occams razor: simpler is better; falsifiable. Learning From Data temperature T temperature T temperature T Lecture 15 not

835 views • 3 slides
Lecture 10: Epilogue Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi T-79.159

Lecture 10: Epilogue Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi T-79.159

T-79.159 Cryptography and Data Security Lecture 10: Epilogue Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi T-79.159 Cryptography and Data Security, 09.04.2003 Lecture 10: Epilogue, Helger Lipmaa 1 Overview of the Lecture

216 views • 10 slides
Conjugate duality in stochastic optimization Ari-Pekka Perkki o, Institute of Mathematics ,

Conjugate duality in stochastic optimization Ari-Pekka Perkki o, Institute of Mathematics ,

Conjugate duality in stochastic optimization Ari-Pekka Perkki o, Institute of Mathematics , Aalto University Ph.D. instructor/joint work with Teemu Pennanen , Institute of Mathematics , Aalto University March 15th 2010 1 / 13 Introduction

486 views • 27 slides
Seminar: Recreational Computer Science 2. How to write a (Seminar) Paper Gabi R oger

Seminar: Recreational Computer Science 2. How to write a (Seminar) Paper Gabi R oger

Seminar: Recreational Computer Science 2. How to write a (Seminar) Paper Gabi R oger Universit at Basel October 2, 2017 Getting started Structure Citation Common problems Getting started Getting started Structure Citation Common

357 views • 24 slides
From 2 days to 2 seconds - the birth of DevOps Dan North @tastapod Once upon a time

From 2 days to 2 seconds - the birth of DevOps Dan North @tastapod Once upon a time

From 2 days to 2 seconds - the birth of DevOps Dan North @tastapod Once upon a time Once upon a time back in the mists of 2005 Once upon a time back in the mists of 2005 before Continuous Delivery Once upon a time

907 views • 72 slides
Archiving Computational Research in Virtual Machines Sorin Mitran Applied Mathematics

Archiving Computational Research in Virtual Machines Sorin Mitran Applied Mathematics

UNCvm Prologue Teaching Research Epilogue Archiving Computational Research in Virtual Machines Sorin Mitran Applied Mathematics University of North Carolina Chapel Hill Applied Mathematics Perspectives Reproducible Research Workshop

812 views • 55 slides
The Timepix3 telescope Martin van Beuzekom, Panagiotis Tsopelas 1 on behalf of the LHCb Velo

The Timepix3 telescope Martin van Beuzekom, Panagiotis Tsopelas 1 on behalf of the LHCb Velo

The Timepix3 telescope Martin van Beuzekom, Panagiotis Tsopelas 1 on behalf of the LHCb Velo Upgrade group Telescopes & Testbeams Workshop DESY 2014 1 email: ptsopel@nikhef.nl Introduction The Timepix3 detector The telescope Epilogue

409 views • 17 slides
Procedure Calls (Part 2) March 4, 2013 1 / 23 Schedule for the rest of the quarter . . .

Procedure Calls (Part 2) March 4, 2013 1 / 23 Schedule for the rest of the quarter . . .

Procedure Calls (Part 2) March 4, 2013 1 / 23 Schedule for the rest of the quarter . . . Assignments PA3 due tonight at 11:59pm! PA4 posted tomorrow, due Wed, March 13 HW2 posted Friday, due in class Fri, March 15 (this

429 views • 23 slides

More recommend