lecture 01 java

8/12/2019 Lecture 01 java

1/18

COMP2111 Lecture 1

Session 1, 2013

What, When, How

Kai Engelhardt

Revision: 1.1Credits: Ken Robinson, John Reynolds,. . .

1
http://find/http://goback/


2/18

What

Put the word engineeringback into SE.In marginally more detail (= Immd): climb up the ladder of

evolution1 Crap out code so it beats the compilers checks.

2 Cobble together code that passes a few tests.

3 Craft code that (provably) works according to specifications.

2
http://find/


3/18

When

All of it, and in this one session.Immd: we shall be spending time on

acquiring and understanding languages to specify systems(both fully formal and informal ones)

using such languages to specify some simple systems or tasks,clearly and concisely

developing notions ofrefinementbetween artifacts in saidlanguages to guide a systematic code/system development

processusing refinement to derive correct-by-construction, beautifulcode from concise and clear specifications

3
http://find/http://goback/


4/18

How

Well be using Event-Bfor all practical tasks. (This feeds intoyour SE workshops.)

Well use light-weight informal methods to fosterunderstanding.

Well investigate the mathematical underpinnings of both:1 Whats in a spec?2 Whats in a program?

3 What does refinement mean?

4
http://find/


5/18

Top-Down Program Construction: an Example

Reminder: facts about the factorial function! : N N are:

0! = 1 (fac1)

(n+ 1)! = (n+ 1)n! (fac2)

(fac1) tells us what the factorial of0is while (fac2) shows how tofind the factorial of a number if we know the factorial of itspredecessor.Task: Given a number n N, we want to compute its factorial n!in some variable f without changing n in the process.

Plan:1 Use (fac1) to compute0!.

2 Repeatedly use (fac2) to compute factorials of larger numbers

Who said COMP2111 was going to be difficult?!?

5
http://find/


6/18

We could use fto save the last factorial we have computed, and

an additional variable kto keep track of the number such thatf =k!. Now we can adapt the plan to

1 Achieve f =k!by setting k to0and f to1.

2 As long as k=n, increase kand change f in a way that

preserves f =k!.In C, with comments for pseudo-code

k = 0; f = 1;while (k != n) {

/ increase k and change f while maintaining f=k!/}

6
http://find/


7/18

(In)variants

f =k!is called a loop invariant. Of course, loop bodies aresupposed to change the state, but invariants express properties ofthe state that are preserved by executing the loop body.Invariants are crucial ingredients of correctness proofs, but they donot address termination.

To argue termination of a loop (or recursion) we use variants, i.e.,functions that map program states to N(or any other well-foundeddomain in general). To show that a loop terminates, one provesthat every iteration of the body strictly decreases the value of thevariant.

A suitable variant here would be nkbecause

/ increase k and blah /

decreases the value ofnk by1.

7
http://goforward/http://find/http://goback/


8/18

It remains to implement

/ increase k and change f while maintaining f=k!/

We decide to change k first

k=k+1; / change f to reestablish f=k!/

Observe that the invariant wont hold after the increment, butinstead f = (k1)!is true.

k=k+1; / assuming f=(k1)!, change f to establish f=k!/

(fac2) suggests the implementationf = k f

8
http://find/


9/18

One popular formal notation for pseudo-code specifications such as/ assuming f=(k1)!, change f to establish f=k!/

is Carroll Morgans specification statement

f : [f = (k1)!, f =k!]

which expresses that, if the initial state satisfies the preconditionf = (k 1)!then change only the variables listed in the framef sothat the resulting final state satisfies the postcondition, f =k!.

(See his book Programming from Specifications.)

9
http://www.cs.ox.ac.uk/publications/books/PfS/http://www.cs.ox.ac.uk/publications/books/PfS/http://www.cs.ox.ac.uk/publications/books/PfS/http://find/


10/18

Reflection

Weve followed a simple recipe

1 Take an unwritten portion of the program whose purpose isprecisely and completely specified.

2 Replace this portion by a statement which may in turncontain portions that are unwritten but precisely and

completely specified.

3 Prove (or at least convince yourself) that the new statementwill meet its specification if its unwritten portions meet theirspecifications.

4 Repeat the above process until the entire program is written.Taken almost verbatim from John C Reynolds seminal 1981 book,

following, Niklaus Wirths program development by stepwise refinement

from 1971.

10
http://www.cs.cmu.edu/~jcr/craftprog.htmlhttp://www.cs.cmu.edu/~jcr/craftprog.htmlhttp://dl.acm.org/citation.cfm?doid=362575.362577http://dl.acm.org/citation.cfm?doid=362575.362577http://www.cs.cmu.edu/~jcr/craftprog.htmlhttp://find/


11/18

Reflection contd

We havent accomplished anything we couldnt do before, but thatwasnt really the point.We have alluded to concepts such as

specification

implementationassertion

invariant

What do they really mean?

Carrolls book answers these questions. Abrials book, Modeling inEvent-Bdoes, too. Each in its own way. And so do many otherbooks.

11
http://www.event-b.org/abook.htmlhttp://www.event-b.org/abook.htmlhttp://www.event-b.org/abook.htmlhttp://www.event-b.org/abook.htmlhttp://find/


12/18

Event-B

Lets have a look at how such a development could look in

Event-B.Ken Robinson kindly provided anintroductory exercisetofamiliarise everybody with Rodin and Event-B.

12
http://www.cse.unsw.edu.au/~cs2111/13s1/ass/ass0.htmlhttp://www.cse.unsw.edu.au/~cs2111/13s1/ass/ass0.htmlhttp://find/http://goback/


13/18

Connection to Year 1

Besides the obvious relation to previous SE workshops, theres afundamental connection to COMP1927 that moreover clarifies theapproach of Event-B.Essentially, COMP1927 was about data structures + operations onthem.Our first example is a degenerate one in that respect: the datastructure is a single natural number and the only operationcomputes the factorial of that number. In contrast to COMP1927,

we elicited a formal specification of that operation:f : [n N, f =n!].

13
http://find/


14/18

In COMP1927 youd read an informal requirement such as

the data structure represents a directed graph (V,E)and a desirable operation would tell you whether there isa path between two given verticesx andy

Since weve learned about predicate logic and the specification

statement, we can formalise that as

b:

x, yV, b

n N, f : [0..n]V.f(0) = xf(n) =yi[1..n].(f(i1), f(i)) E

Yes, that means you do need your little bit of predicate logic in thiscourse.

14
http://find/


15/18

General Setting

Some variablesrepresenting our abstract data.

Sanity conditions, or data invariants, on the data representation.An initialisation of the variables that establishes the invariants.A set operations, each of which maintains the data invariants.

15
http://find/


16/18

Example

Variables: a list L Nodes

and a quadratic matrix Mof Booleanvalues to represent the nodes and edges of a directed graph.Data invariants: the list L of nodes should not contain repetitions

n,m[0..|L| 1].n=mL(n)=L(m)

and its length|L| should coincide with the size of quadratic matrix:M(B|L|)2.Initialisation: L= [], M=.Operations: connectedness as above was non-intrusive: it did not

affect the graph. Also imagine intrusive operations such asdelete(e:Edge) and addnode(v:Node). They would naturallycome with a proof obligation.

16
http://find/


17/18

Meaning

To give proper meaning to all the bits, the various existingmethods use one or more of

an article or book describing the formal semantics ofassertions, specifications, programs etc

a software tool implementing a particular semantics of saidnotions

Hopefully, if both are provided, they coincide.If none or only the second is provided, avoid: amateur alert.

Event-B + Rodin are in the good books: they have publishedformal semantics for the language and the tool appears toimplement it.

17
http://find/


18/18

What next

Do theintroductory exercise.

Questions= our COMP2111 forumsComplaints and whingeing= /dev/null.

18
http://www.cse.unsw.edu.au/~cs2111/13s1/ass/ass0.htmlhttps://cgi.cse.unsw.edu.au/~forums/support/viewforum.php?f=1137https://cgi.cse.unsw.edu.au/~forums/support/viewforum.php?f=1137http://www.cse.unsw.edu.au/~cs2111/13s1/ass/ass0.htmlhttp://find/

lecture 01 java

Documents