Formal methods 1 - introduction
Download as PPTX, PDF•2 likes•2,145 views
This document provides an overview of topics that will be covered in a course on formal methods in software, including finite state machines, stack machines, specification languages, category theory, logic, and more. It discusses the need for formal methods in safety-critical domains like medical devices and aviation but not for applications like social media. As an example, it walks through a proof of the Euclidean algorithm for finding the greatest common divisor. It also covers important concepts in the field like Gödel's incompleteness theorems, the Entscheidungsproblem, the halting problem, and the Collatz conjecture. Finally, it discusses limitations of formal methods and approaches like unit testing.
Formal methods 1 - introduction
- 1. Formal Methods in Software Lecture 1. Introduction Vlad Patryshev SCU 2014
- 2. Content of this course • FSM, deterministic/non-deterministic; (P/NP); regexp; code sample (the one-liner), problem with the code; p!=np • Stack machine, context-free languages; general languages; Turing machine; some Turing stuff, examples of Turing machine • Z specification language • Pi calculus and its fate; • Monoid, Group, Groupoid, Category, Monomorphisms, Epimorphisms, Isomorphisms, show it on sets and monoids; Scala (Java) category • terminal object, initial object; products, unions; show code samples; equalizers, code samples; notation {x|f(x)==g(x)}; pullbacks, sql • functors examples (diagrams; product; exponentiations); currying/yoneda lemma; example with integers/rationals; monad?
- 3. What you have to know • first-order logic; quantifiers (see COEN260 slides) • some set theory; binary relationships, currying; injection/surjection/bijection (see COEN260 slides) • some intro to intuitionistic logic (see COEN260 slides) • javascript or java or scala
- 4. Formal Methods • Need them in: o medical devices o space o military o communications • Don’t need them in: o social networks o ads and sales o startups
- 5. Example of Algorithm Proof Euclidean Algorithm: Find GCD(a,b), where a and b are two natural numbers. 1. If a < b, use the fact that GCD(a,b)=GCD(b,a) 2. GCD(a,0) = a; done. 3. GCD(a,b) = GCD(a-b,a) 4. Repeat until done. Proof: A. Prove that GCD(a,b)=GCD(b,a) B. Prove that GCD(a,0) = a C. Prove that GCD(a,b) = GCD(a-b,a) D. Prove that it takes not more than 2*max(a,b) steps.
- 6. You are asked to double a cube Have a cube, V=x3 Build a cube of size 2*V, using a divider and a ruler Informally: approximate; we only have doubles in Java. Formally: have to calculate √3(2) The thing is: You Can’t
- 7. A similar problem Need an algorithm to find roots of a 5th degree polynomial Explanation: 5 roots, S5 is the group of all permutations, and it cannot be represented via a chain of +/- symmetries. x5-x+1 = 0
- 8. Gödel’s First Theorem Meaning, if we have a theory T, we can always come up with a statement in T that cannot be proved. How? • enumerate all sentences; then all proofs. • isProvable(n) ≡ ∃F (n=#(F) ∧ F is provable) • (diagonal lemma) ∀F ∃p (p ↔ F(#(p)) • how about p ↔ ¬isProvable(#(p)) A theory that contains arithmetics cannot be at the same time consistent and complete.
- 9. Entscheidungsproblem Is there an algorithm that, given a first-order theory, takes a statement and checks whether the statement is true? (The essence of the proof of program validity.) The answer is: NO Church proved that there is no computable function which decides for two given λ calculus expressions whether they are equivalent or not. Turing proved that it reduces to Halting Problem
- 10. Halting Problem Given a program, can we decide if it ever ends? Answer: NO http://ro-che.info/ccc/03
- 11. Collatz Conjecture function(n) { while (n > 1) { println(n); n = n%2==0 ? n/2 : (3*n+1) } } E.g. 11, 34, 17, 52, 26, 13, 40, 20, 10, 5, 16, 8, 4, 2, 1 Will it ever stop? Nobody Knows.
- 12. So, what can we do? • limit ourselves by only provable algorithms • count on the finiteness of the universe (is it finite?) • count on the finiteness of time (is it finite?) • write some unittests and pray (is it a formal method?!)
- 13. Unittests • You cannot prove the program is right, but you can find errors • Can cover main and corner cases • Can check behavior independently from environment • Can feel safe doing refactorings Some people tried to formalize unittest creation (agitar.com) (see e.g. halting problem) Question: can you write a unittest for random numbers generator?