Foundations, Reasoning About Algorithms, and Design By Contract CMPSC 122

Similar documents
More Complicated Recursion CMPSC 122

We'll dive right in with an example linked list. Our list will hold the values 1, 2, and 3.!

Lecture 1: Overview

Intro. Scheme Basics. scm> 5 5. scm>

CITS5501 Software Testing and Quality Assurance Formal methods

Formal Methods of Software Design, Eric Hehner, segment 1 page 1 out of 5

Outline. Introduction. 2 Proof of Correctness. 3 Final Notes. Precondition P 1 : Inputs include

CSCI 1100L: Topics in Computing Lab Lab 11: Programming with Scratch

CS 4349 Lecture August 21st, 2017

CS 161 Computer Security

Lecture 4: examples of topological spaces, coarser and finer topologies, bases and closed sets

Lecture 1 Contracts : Principles of Imperative Computation (Fall 2018) Frank Pfenning

Section 0.3 The Order of Operations

Section 1.1 Definitions and Properties

Induction and Semantics in Dafny

6.001 Notes: Section 17.5

Formal Methods of Software Design, Eric Hehner, segment 24 page 1 out of 5

6.001 Notes: Section 8.1

AXIOMS OF AN IMPERATIVE LANGUAGE PARTIAL CORRECTNESS WEAK AND STRONG CONDITIONS. THE AXIOM FOR nop

Lecture 10 Notes Linked Lists

Unit 4: Client View of a Component Methods

Lecture 8 Data Structures

Introduction to Asymptotic Running Time Analysis CMPSC 122

CS125 : Introduction to Computer Science. Lecture Notes #4 Type Checking, Input/Output, and Programming Style

Lecture 1 Contracts. 1 A Mysterious Program : Principles of Imperative Computation (Spring 2018) Frank Pfenning

Lecture 10 Notes Linked Lists

Lecture Transcript While and Do While Statements in C++

In our first lecture on sets and set theory, we introduced a bunch of new symbols and terminology.

6.001 Notes: Section 6.1

III. Check if the divisors add up to the number. Now we may consider each of these tasks separately, assuming the others will be taken care of

Pointers in C/C++ 1 Memory Addresses 2

CS61A Notes Week 1A: Basics, order of evaluation, special forms, recursion

MITOCW watch?v=kz7jjltq9r4

6.001 Notes: Section 4.1

Problem One: A Quick Algebra Review

(Refer Slide Time 3:31)

The Dynamic Typing Interlude

CS125 : Introduction to Computer Science. Lecture Notes #11 Procedural Composition and Abstraction. c 2005, 2004 Jason Zych

1 Achieving IND-CPA security

This is already grossly inconvenient in present formalisms. Why do we want to make this convenient? GENERAL GOALS

Recursively Enumerable Languages, Turing Machines, and Decidability

CS103 Spring 2018 Mathematical Vocabulary

Most of the class will focus on if/else statements and the logical statements ("conditionals") that are used to build them. Then I'll go over a few

introduction to Programming in C Department of Computer Science and Engineering Lecture No. #40 Recursion Linear Recursion

CS 370 The Pseudocode Programming Process D R. M I C H A E L J. R E A L E F A L L

These are notes for the third lecture; if statements and loops.

(Refer Slide Time: 06:01)

6. Hoare Logic and Weakest Preconditions

APCS-AB: Java. Recursion in Java December 12, week14 1

Hardware versus software

Skill 1: Multiplying Polynomials

Part II Composition of Functions

Notes on Turing s Theorem and Computability

SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION

Lecture 3: Recursion; Structural Induction

Types, Expressions, and States

Introduction to Programming in C Department of Computer Science and Engineering. Lecture No. #43. Multidimensional Arrays

6.096 Introduction to C++

4. Java Project Design, Input Methods

Shorthand for values: variables

Reliable programming

CS125 : Introduction to Computer Science. Lecture Notes #6 Compound Statements, Scope, and Advanced Conditionals

CS 132 Exam #1 - Study Suggestions

EECS 203 Spring 2016 Lecture 8 Page 1 of 6

P1 Engineering Computation

Lecture 2: SML Basics

CS61A Notes Week 6: Scheme1, Data Directed Programming You Are Scheme and don t let anyone tell you otherwise

CS 1110, LAB 10: ASSERTIONS AND WHILE-LOOPS 1. Preliminaries

Reasoning About Imperative Programs. COS 441 Slides 10

Lecture Notes on Contracts

Section 05: Solutions

Repetition Through Recursion

CS103 Handout 29 Winter 2018 February 9, 2018 Inductive Proofwriting Checklist

Lecture 3 Notes Arrays

CS 3512, Spring Instructor: Doug Dunham. Textbook: James L. Hein, Discrete Structures, Logic, and Computability, 3rd Ed. Jones and Barlett, 2010

1. The Normal Distribution, continued

What a lot of folks might call the class but as we ll see later, it s not entirely accurate.

6.001 Notes: Section 15.1

14.1 Encoding for different models of computation

Shared Variables and Interference

Reasoning about programs

CS158 Section B Exam 1 Key

Last time. Reasoning about programs. Coming up. Project Final Presentations. This Thursday, Nov 30: 4 th in-class exercise

9. MATHEMATICIANS ARE FOND OF COLLECTIONS

CSE 143. Programming is... Principles of Programming and Software Engineering. The Software Lifecycle. Software Lifecycle in HW

Chapter 3. Set Theory. 3.1 What is a Set?

STATS 507 Data Analysis in Python. Lecture 2: Functions, Conditionals, Recursion and Iteration

Introduction to Programming in C Department of Computer Science and Engineering. Lecture No. #17. Loops: Break Statement

Propositional Logic Formal Syntax and Semantics. Computability and Logic

CMSC 201 Fall 2016 Lab 09 Advanced Debugging

CSCI-1200 Data Structures Spring 2018 Lecture 14 Associative Containers (Maps), Part 1 (and Problem Solving Too)

CONTENTS: What Is Programming? How a Computer Works Programming Languages Java Basics. COMP-202 Unit 1: Introduction

TOPIC 2 INTRODUCTION TO JAVA AND DR JAVA


Pseudocode. 1 Guidelines for writing pseudocode. CS 231 Naomi Nishimura

Laboratory 5: Implementing Loops and Loop Control Strategies

Introduction to Algorithms / Algorithms I Lecturer: Michael Dinitz Topic: Shortest Paths Date: 10/13/15

Lecture 2: Analyzing Algorithms: The 2-d Maxima Problem

SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION

Lecture 05 I/O statements Printf, Scanf Simple statements, Compound statements

Transcription:

Foundations, Reasoning About Algorithms, and Design By Contract CMPSC 122 I. Logic 101 In logic, a statement or proposition is a sentence that can either be true or false. A predicate is a sentence in terms of a finite number of variables that becomes a statement whenever values are substituted for those variables. Examples: A statement: Not a statement: A predicate: A value that makes it true: A value that makes it false: Okay, so what does this have to do with programming? Quite a lot, in fact! Any statement is either true or false and programs establish the state of memory and produce side effects -- things like messages that uses see -- and we can formally write down what s going on. Sometimes you ll see statements about what s going on in a program referred to as assertions. We can use them both to communicate about algorithms and to reason about their correctness. There are three primary kinds of assertions that are fundamental in computer science: preconditions, postconditions, and loop invariants. We ll look at each in detail and write them as we proceed. While we ll get a little taste of the idea of reasoning about algorithms in this course, your formal training about logic will come in CMPSC 360 and you ll work more with formal correctness proofs there and in CMPSC 465 (both of which have this course as a prerequisite). II. Design By Contract Lawyers and businesses use contracts all the time. We steal the idea here. Question: Suppose your friend who s doing a science experiment knows you re studying computer science and figures you could help with caclulations. Your friend is shooting projectiles in a lab and wants to know if, say, some object will have hit the ground 1 second after the launch. What should be in contract for you to agree to compute results safely? What might your friend want in the contract? Second Question: What if, instead of one trial, your friend had several hundred trials of the same experiment and wanted you to crunch some statistics quickly? What would you want to put in the contract to agree to do this work? Page 1 of 7! Prepared by D. Hogan for PSU CMPSC 122

So, let s make the language a little more generic and precise all at the same time. We re usually talking about algorithms, but when we do, we tend to break them up into little chunks -- functions or methods. (Important tangent: What s the difference between a method and a function?) We then specify each method by a few things: Its header, i.e. its name and the names of inputs and outputs (what we call the parameters) Its precondition, i.e. a predicate that the method assumes is true in doing whatever it does Its body, i.e. the algorithm and logic inside the method Its postcondition, i.e. a predicate that is guaranteed to be true after the method has completed Two discussion points: 1. I said the precondition and postcondition were predicates, so that implies they re written in terms of some variables. Where do these variables come from? 2. Where is the contract in this? Writing preconditions and postconditions requires using very precise language, really rooted in the language of mathematics. Clarity should always be a major goal. But, mathematicians are lazy, so we have some shorthand you ll see used commonly: PRE is the precondition POST is the postcondition FCTVAL means function value, i.e. whatever a function computes and returns. Example: Let s formally write down the physics example defined earlier. Page 2 of 7! Prepared by D. Hogan for PSU CMPSC 122

III. More Issues to Consider for PRE and POST First, here are some guidelines for when to include preconditions and postconditions: 1. Every method (except main) needs a POST because every method does something. Here are some common questions to consider: a. Does the method change the state of any variables? b. Does the method return anything? c. Does the method produce any output? (Consider the screen, files, and databases.) 2. A method needs a PRE if its behavior depends on something external to work correctly. Here are some common external factors to consider: a. Are there any input parameters? Address each one. b. Does the method depend on a file? (Consider the path and format.) c. Does the method depend on a connection to an external resource, like a database, being open? Here are some important guidelines for clear PRE/POST (and to save you time too): 1. Use complete sentences. (Mathematical operators like "==" count as verbs, though. 2. Use variable names explicitly: a. All parameters must be referenced by name. b. Remember this is external documentation: Reference only the names of parameters (from this function's header) or class data members (we ll learn about those very soon). Never reference local variables. 3. Write abstractly: The "someone else" using your method doesn't care about what's going on inside the braces, doesn't want to read any of that code, doesn't really care about your algorithms within. He or she only cares about the end result. So, PRE/POST should only focus on things in the parameters and factors external to the method. 4. Write specifically: Address details such as format (e.g. "one value per line" or "comma-separated"), units, and valid ranges. 5. Write concisely: Write the strongest condition possible and don't state the obvious. You ll get more practice with these issues in the homework and in programming assignments. IV. Abstraction and Information Hiding I have some questions for you: Can you drive a car? Can you send a message with a cell phone? Can you fix my car when it s broken? Can you explain what went on to get the message from your cell phone to your friend s phone? Okay, this brings us to the principle of abstraction: More examples: So where does this fit in with software? Page 3 of 7! Prepared by D. Hogan for PSU CMPSC 122

Answer: Methods. Why? Another fundamental (and certainly related but not the same) principle is that of information hiding: So The user of a method (or client) should only know what is necessary to use the method and nothing more. The implementor of a method should only know what is necessary to implement the method and nothing more. What does the client not need to know to use a method? What does the implementer not need to know to implement a method? (Why is this so important?) What do both need to know? Ah, so design by contract is not only about reasoning about programs, but also about communication. V. Loops Let s take a moment to review some things about loops. But, let s initially not concern ourselves with syntax, but instead speak of loops in general. First, all loops include a guard or loop test, which is a logical statement that is true for the loop to continue iterating. This might be something simple like x < 10 or something like x < 5 and not(temp > 100 or numvalid > MIN). Next, loops can be broken down into two categories: determinate loops - those for which the is known indeterminate loops - those for which the number of iterations is not known until Examples: Determinate loop applications: Indeterminate loop applications: The guard can be in the form of a pretest, i.e. a test that is checked before an iteration of a loop to see if that iteration should be executed, or in the form of a posttest, i.e. a test that is checked after an iteration of a loop to see if another iteration should be executed. Page 4 of 7! Prepared by D. Hogan for PSU CMPSC 122

Question: How does C++ implement each of these kinds of loops? Each construct a programming language provides has a reason for existing, and, while you can twist some tools to fit other scenarios (really, though, that s abuse of the tools), your code is cleanest and most natural when you use the right tools for the right job. Let s summarize the ideal application of loops here: In this course, you ll be expected to make the ideal choices. (People will appreciate your code later on if you keep this up!) VI. Pseudocode vs. Real Code You may notice in the loop test example I gave above, I didn t quite use code from a language you know. Sometimes, in reasoning about algorithms, we will prefer to leave out syntax details that are specific to any one language and write the algorithms down using pseudocode. Pseudocode is nice, because it allows us to get to the real meat of the issue at hand, omitting details that have more to do with the language. Thus, it is also language independent. There isn t a prescribed syntax for pseudocode; it s mixture of English, math, and things you see in most programming languages. It leaves out variable types and declarations and leaves out a lot of the punctuation you see in many languages. In many lessons where it s appropriate, I ll start with pseudocode to emphasize the essential computer science ideas before getting into language-specific syntax. Since you have some programming experience under your belt, most everything in pseudocode will be obvious to you, but don t hesitate to ask questions when you have them. VII. Loop Invariants Now back to assertions Question: What does vary mean? What, then, would something that is invariant do? A loop invariant is a predicate that is true at some point in the body of a loop, every time that point is reached, regardless of which iteration is being executed. Now, while an invariant could technically be written anywhere in a loop, it s silly (and problematic later) to write them about somewhere in the middle of the loop. Writing an invariant about the end makes some sense, but the ideal and standard practice is to write loop invariants about the state and the start of an iteration of a loop. Thus, pretty much every invariant you ever write should start Before the start of the ith iteration, Page 5 of 7! Prepared by D. Hogan for PSU CMPSC 122

Example: Trace the first few iterations of and write an invariant for the following loop: sum = 0 for i = 1 to 10 sum = sum + i Example: Write an invariant for the following loop, assuming code that precedes it has initialized key and vals[0..last]: i = 0 found = FALSE while i LAST and not found if vals[i] = key found = TRUE i = i + 1 Problem: Write an invariant for the following loop, assuming code that precedes it has initialized key, TOL, and vals[0..last]: i = 0 found = FALSE while i LAST and not found if vals[i] - TOL key vals[i] + TOL found = TRUE i = i + 1 Page 6 of 7! Prepared by D. Hogan for PSU CMPSC 122

Problem: Consider this loop, which assumes input is initialized and array f has been allocated with size 100: i = 0 for j = 1 to input/2 if input mod j = 0 f [i] = j i = i + 1 a. First trace the execution of this loop for input = 20 b. Write an invariant for this loop. VIII. A Preview of Correctness Proofs Question: If you test your program on one input, are you sure your program is correct? 2 inputs? 3? 1000? We can prove a algorithm is correct using some tools from mathematics. Really, it s all logic, but you ll need some formal training in that (and especially in a technique called mathematical induction) to be able to write a full correctness proof for most interesting algorithms. You ll get that in 360, but I want you to be aware of the big picture now. Suppose we have an algorithm (packaged in a method) that contains one loop. Then the correctness proof of that algorithm involves three parts: Initialization: Assume that the precondition is true and use that and the code before the loop to establish why the loop invariant is true before the loop begins. Maintenance: Assume that the loop invariant is true at the start of any arbitrary iteration and use the loop body to prove that the invariant is still true at the end of that iteration. (Whoa! Okay, don t panic ) Termination: Assume that the loop invariant is true at the end of the last iteration and that the guard is false (since the loop is done) and use whatever code is after the loop to prove that the postcondition is true. I urge you to think about the initialization and termination steps while you re programming this semester. IX. Closing Opening Thoughts There are some exercises I have for you to do on a separate worksheet. They draw upon both what I ve taught you here and some concepts often taught in a first-semester computer science course (CS1). I have a link on the course site to my own CS1 notes you can use if you need to look anything up. All of the language in the review worksheets is language I will use in this course and expect you to know, both to understand the lectures, but also to read or respond to exam and quiz questions. Page 7 of 7! Prepared by D. Hogan for PSU CMPSC 122

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback