contract based programming - doc.ic.ac.ukak6309/topics/docs/pbl-ai topics...
TRANSCRIPT
![Page 1: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/1.jpg)
CONTRACT BASED PROGRAMMING
Alexander KarapetianFraser WatersAmélie Windel
![Page 2: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/2.jpg)
Theorem Proving
Natural Deduction systems
Pandora – Functionally sound & complete
Limited – Relies on user’s introduction/elimination rules
![Page 3: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/3.jpg)
Mathematical Theorem Proving
Automated deduction
E
Equational Calculus
Proof by refutation
Otter
First Order Logic
Dev. halted in 2004
![Page 4: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/4.jpg)
Program Analysis
Contracts in programs
Pre conditions
Must be satisfied prior to program load
Assumed by the program to be satisfied
Indeterministic result if not satisfied
Post conditions
Describe state of output after execution
Assumed by higher order methods to be satisfied
Invariants
![Page 5: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/5.jpg)
Code Checking Code
Programs proving correctness of code
Vampire theorem prover
Equinox first order theorem prover
Microsoft Research contract code enforcer
![Page 6: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/6.jpg)
Code Checking Code
Programs proving correctness of code
Vampire theorem prover
Equinox first order theorem prover
Microsoft Research contract code enforcer
![Page 7: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/7.jpg)
Microsoft Research – Spec#
Contract code – Visual Studio 2008/2010 RC
using System.Diagnostics.Contract;
Contract.Requires() // Pre condition
Contract.Ensures() // Post condition
Contract.Invariant()
Contract.Assume() // Truth assumed for condition
Tautology deletion
Reduction to Truth
![Page 8: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/8.jpg)
Code Contracts
Available in all .NET 4.0 languages
VB, C#, F#
Static analysis engine
Infers loop invariants
Infers method contracts
![Page 9: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/9.jpg)
Code Examples
Simple division methodpublic static int Divide(int dividend, int divisor)
{
return dividend / divisor;
}
![Page 10: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/10.jpg)
Code Examples
Simple division method
Call with divisor argument 0
public static int Divide(int dividend, int divisor)
{
return dividend / divisor;
}
static void Main(string[] args)
{
Divide(5, 0);
}
![Page 11: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/11.jpg)
Code Examples
Simple division method
Call with divisor argument 0
DivideByZero exception thrown
public static int Divide(int dividend, int divisor)
{
return dividend / divisor;
}
static void Main(string[] args)
{
Divide(5, 0);
}
![Page 12: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/12.jpg)
Contract Code Enforcement
Pre-conditioning
![Page 13: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/13.jpg)
Pre-conditioning
Using Contract.Requires()
public static int Divide(int dividend, int divisor)
{
Contract.Requires(divisor != 0);
return dividend / divisor;
}
![Page 14: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/14.jpg)
Pre-conditioning
Using Contract.Requires()
Static checker: condition breach
public static int Divide(int dividend, int divisor)
{
Contract.Requires(divisor != 0);
return dividend / divisor;
}
![Page 15: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/15.jpg)
Pre-conditioning
Using Contract.Requires()
Static checker: condition breach/possible overflow
public static int Divide(int dividend, int divisor)
{
Contract.Requires(divisor != 0);
return dividend / divisor;
}
![Page 16: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/16.jpg)
Pre-conditioning
Possible overflow remedied
Change from divisor != 0 to divisor > 0
public static int Divide(int dividend, int divisor)
{
Contract.Requires(divisor > 0);
return dividend / divisor;
}
![Page 17: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/17.jpg)
Contract Code Enforcement
Pre-conditioning
Post-conditioning
![Page 18: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/18.jpg)
Post-conditioning
Add new method GetNumber()
public static int GetNumber(int i)
{
return i * 2;
}
![Page 19: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/19.jpg)
Post-conditioning
Add new method GetNumber()
Call Divide with method
Divisor source unknown
public static int GetNumber(int i)
{
return i * 2;
}
static void Main(string[] args)
{
Divide(5, GetNumber(0));
}
![Page 20: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/20.jpg)
Post-conditioning
Add new method GetNumber()
Call Divide with method
Divisor source unknown
Static checker warning Precondition unproven
public static int GetNumber(int i)
{
return i * 2;
}
static void Main(string[] args)
{
Divide(5, GetNumber(0));
}
![Page 21: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/21.jpg)
Post-conditioning
Provide Contract.Ensures() code
Postcondition of returning int > 0
public static int GetNumber(int i)
{
Contract.Ensures(Contract.Result<int>() > 0);
return i * 2;
}
![Page 22: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/22.jpg)
Post-conditioning
Provide Contract.Ensures() code
Postcondition of returning int > 0
Static checker warning upon compilation – postcondition unproven
public static int GetNumber(int i)
{
Contract.Ensures(Contract.Result<int>() > 0);
return i * 2;
}
![Page 23: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/23.jpg)
Contract Code Enforcement
Pre-conditioning
Post-conditioning
Static checking
![Page 24: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/24.jpg)
Static Checking
Remedy warning from static checker
Add precondition of i > 0
Checker verifies that i > 0 implies 2i > 0
public static int GetNumber(int i)
{
Contract.Requires(i > 0);
Contract.Ensures(Contract.Result<int>() > 0);
return i * 2;
}
![Page 25: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/25.jpg)
Static Checking
Remedy warning from static checker
Add precondition of i > 0
Checker verifies that i > 0 implies 2i > 0
GetNumber() is now also contracted
public static int GetNumber(int i)
{
Contract.Requires(i > 0);
Contract.Ensures(Contract.Result<int>() > 0);
return i * 2;
}
![Page 26: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/26.jpg)
Contract Code Enforcement
Pre-conditioning
Post-conditioning
Static checking
Runtime checking
![Page 27: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/27.jpg)
Runtime Checking
Run preconditioned Divide() with 0 divisor
public static int Divide(int dividend, int divisor)
{
Contract.Requires(divisor != 0);
return dividend / divisor;
}
![Page 28: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/28.jpg)
Runtime Checking
Run preconditioned Divide() with 0 divisor
Static checker warning shown
public static int Divide(int dividend, int divisor)
{
Contract.Requires(divisor != 0);
return dividend / divisor;
}
![Page 29: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/29.jpg)
Runtime Checking
Run preconditioned Divide() with 0 divisor
Static checker warning shown
Runtime exception thrown if executed
public static int Divide(int dividend, int divisor)
{
Contract.Requires(divisor != 0);
return dividend / divisor;
}
![Page 30: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/30.jpg)
Runtime Checking
Runtime contract checking can be disabled
Prevents slowdown due to verification
Example would throw DivideByZero exception
![Page 31: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/31.jpg)
Contract Code Enforcement
Pre-conditioning
Post-conditioning
Static checking
Runtime checking
The Future
![Page 32: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/32.jpg)
The Future
When will I see Contracts in widespread use?
![Page 33: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/33.jpg)
The Future
When will I see Contracts in widespread use?
Languages implement native support
![Page 34: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/34.jpg)
The Future
When will I see Contracts in widespread use?
Languages implement native support
Contract code libraries/extensions popularise
![Page 35: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/35.jpg)
The Future
When will I see Contracts in widespread use?
Languages implement native support
Contract code libraries/extensions popularise
Microsoft releases .NET Framework 4.0
![Page 36: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/36.jpg)
The Future
When will I see Contracts in widespread use?
Languages implement native support
Contract code libraries/extensions popularise
Microsoft releases .NET Framework 4.0 Tools in early stages
Static checker under development for stronger type support
Cleared for Release Candidate status – Feb 2010
Visual Studio 2010 RC – Quarter 1 – 2010
![Page 37: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/37.jpg)
References
Images http://en.wikipedia.org/wiki/File:Agda_proof.jpg
http://en.wikipedia.org/wiki/File:First-order_tableau_with_unification.svg
http://www3.imperial.ac.uk/portal/page/portallive/computing/research/areas/LAI
http://commons.wikimedia.org/wiki/File:P_np_np-complete_np-hard.svg
http://members.deri.at/~michaels/phd/html-sources/images/sdcprototype-architecture.jpg
http://www.cs.miami.edu/~tptp/Seminars/ATP/THMPrf.gif
Information http://members.deri.at/~michaels/phd/html-sources/prototype.html
http://research.microsoft.com/en-us/projects/contracts/default.aspx
http://www.cs.miami.edu/~tptp/OverviewOfATP.html
http://plato.stanford.edu/entries/reasoning-automated/
Automated Theorem Proving: A Quarter Century Review - Donald W Loveland
Screenshots/Code Internally generated
![Page 38: CONTRACT BASED PROGRAMMING - doc.ic.ac.ukak6309/topics/Docs/PBL-AI Topics Presentation.pdfMathematical Theorem Proving Automated deduction E Equational Calculus Proof by refutation](https://reader030.vdocument.in/reader030/viewer/2022041204/5d552dc288c993c72f8bc6b4/html5/thumbnails/38.jpg)
Questions?
Alexander Karapetian
Fraser Waters
Amélie Windel