Notes 39

CS205 Notes 39 (29 November 2006)

Schedule Update

Next Monday, December 4 (in class): Project Demos. Each team will have up to 15 minutes (no need to use all of it) to present and demo your project.
Next Tuesday, December 5 (before 5pm): Project Final Reports

Program Verification

Floyd-Hoare Triple

P { code } Q

Partial correctness: If P is true before executing code, then Q is true after.

Total correctness: Partial correctness and code is guaranteed to terminate.

P { x = 7 } y = 5

What is the weakest pre-condition P?

P { if (x < 3) { x = x * 2; } else { x = x - 1; } } x > 0

What is the weakest pre-condition P?

What constructs of the Java programming language make verification difficult?

Useful Proof Methods
Proof by intimidation: "Trivial" or "obvious."
Proof by exhaustion: An issue or two of a journal devoted to your proof is useful.
Proof by omission: ``The reader may easily supply the details'', ``The other 253 cases are analogous''
Proof by obfuscation: A long plotless sequence of true and/or meaningless syntactically related statements.
Proof by funding: How could three different government agencies be wrong?
Proof by lack of funding: How could anything funded by those bozos be correct?
Proof by democracy: A lot of people believe it's true: how could they all be wrong?
Proof by reference to inaccessible literature: The author cites a simple corollary of a theorem to be found in a privately circulated memoir of the Icelandic Philological Society, 1883. This works even better if the paper has never been translated from the original Icelandic.
Proof by forward reference: Reference is usually to a forthcoming paper of the author, which is often not as forthcoming as at first.
Proof by flashy graphics: A moving sequence of shaded, 3D color models will convince anyone that your object recognition algorithm works. An SGI workstation is helpful here.
Proof by vehement assertion: It is useful to have some kind of authority relation to the audience, so this is particularly useful in classroom settings.
Proof by vigorous handwaving: Works well in a classroom, seminar, or workshop setting.
Proof by cumbersome notation: Best done with access to at least four alphabets, special symbols, and the newest release of LaTeX.
Proof by lack of space: "The proof is not detailled due to lack of space in this proceedings..." works well in conjunction with proof by forward reference.

Selected from http://www.ai.sri.com/~luong/research/proof.html.

The competent programmer is fully aware of the limited size of his own skull. He therefore approaches his task with full humility, and avoids clever tricks like the plague.

Edsger Dijkstra (see also How do we tell truths that might hurt?)

How can one check a large routine in the sense that it's right? In order that the man who checks may not have too difficult a task, the programmer should make a number of definite assertions which can be checked individually, and from which the correctness of the whole program easily follows.

Alan Turing, talk in Cambridge, 1950.