Mathematics throughout the CS Curriculum

Support by NSF #

General Consensus

• Most CS faculty agree that math is important.• Discrete Math is usually required.

The Problem

• Students study math, but don’t see the connection to their CS courses.

• Content• Reasoning skills• Why Reasoning Skills?• What Reasoning Skills??

Beyond the Classroom

• Current Software is too large for one person to understand at the code level.

• Software engineers must work at the modular level.

• How do we prepare future programmers?• What do they need to know?• How can they reason about large programs

composed of many parts?

What reasoning skills are necessary?Concept Inventory

Boolean Logic Standard Logic Symbols, Standard Proof Techniques

Discrete Math Structures Sets, Strings, Numbers, Relations, and other mathematical theories as needed

Precise Specifications Mathematical Descriptions of Software interfaces for clients and implementers.Math models for structuresPre and Post conditions for operations.

Modular Reasoning Each Module needs to be proven correct only once.

Verification Conditions Mathematical Assertions equivalent to the correctness of the program.

Correctness Proofs Application of Proof Techniques to the program

Apply in All Courses

• Introductory Level Programming• Data Structures and Algorithms• Software Engineering• Theory of Programming Languages• Electives

Motivation for Reasoning

• Binary search in C++ library• Proven correct?• Failed!

Need Precise Specs

• Need to distinguish between mathematical integers and computer integers

• Specs take this distinction into account.

Introductory Programming

• Informal and Formal Reasoning• Reasoning Tables• Reasoning based on specification without

needing to see code.

Example

Operation PlusTwo(updates i: int)requires ??ensures i = #i + 2;

CodeIncrement(i);Increment(i);

Increment

• Operation Increment (updates i: int)requires i < max_int;

ensures i = #i + 1;

No need to seeCode i := i + 1;

Example

Operation PlusTwo(updates i: int) requires i < max_int - 1; ensures i = #i + 2;

Code Increment(i);Increment(i);

Reasoning TableOperation PlusTwo

State Number Assume Confirm

0 I0 < max_int - 1

Increment(i)

1 i1 = i0 + 1 i1 < max_int

Increment(i)

2 i2 = i1 + 1 i2 = i0 + 2

Upper Level

• Formal Methods in Software Engineering• Algorithms (Distinction between proving an

algorithm and that an implementation meets the specification of the algorithm)

• Theory of Programming Languages– (Verifying Compiler Challenge)

Formal Methods Unit

• Often at end of text• Missing altogether

Precise Specifications

• requires clause (pre-condition)• ensures clause (post-condition)• loop invariants• Math modeling

Stack Model

• Stack_Family is_modeled_by Str(Entry)exemplar S;Initialization

ensures S = Λ;

Note: Entry is a generic type.

Example

Operation Push(alters E: Entry; updates S: Stack);

requires |S| < Max_Depth; ensures S = <#E> o #S; Operation Pop(replaces R: Entry; updates S:

Stack); requires |S| > 0; ensures #S = <R> o S;

Proof Rules for Verification

• code: Assume B; code1; Confirm Q;• code; Assume B; code2; Confirm Q;• -------------------------------------------------------------

-• code; If B then code1 else code2; endif;

Confirm Q;

Verification Conditions

• Automated generation of VC’s• http://resolve.cs.clemson.edu/interface/#

Summary

• To meet the challenges of current software, students need– To reason about large programs modularly– To read and write mathematical specs– To distinguish between spec and implementation