teaching software correctness
DESCRIPTION
Teaching Software Correctness. Session 06 — 9:00-9:45, May 14. May 13-15, 2008, University of Oklahoma. http://www.cs.ou.edu/~rlpage/SEcollab/tsc. Rex Page, U [email protected] Assistants Carl Eastlund (lead), Northeastern [email protected] Ryan Ralston, U [email protected] - PowerPoint PPT PresentationTRANSCRIPT
1
Teaching Software CorrectnessMay 13-15, 2008, University of
Oklahoma
Rex Page, U Oklahoma [email protected]
AssistantsCarl Eastlund (lead), Northeastern U [email protected] Ralston, U [email protected] White, U [email protected]
http://www.cs.ou.edu/~rlpage/SEcollab/tsc
1
Collaboration with Matthias Felleisen - NSF/DUE 0633664, 0813529, 0632872
Session 06 — 9:00-9:45, May 14
2
File-I/O in ACL2or …
the unbearable ugliness of stateor …
how multiple values can ruin your vacation
plusDrACuLa's GUIs
3
(variable value)
pare
nth
ese
s d
elim
itvari
ab
le/v
alu
e p
air
s
Local Definitions with Let
Definition of break-at(defun break-at (delimiter xs) (if (or (endp xs)
(equal delimiter (car xs))) (list nil xs) (let ((first-x (car xs)) (brokn-cdr (break-at delimiter (cdr xs))) (frnt (car brokn-cdr)) (back (cadr brokn-cdr)) ) (list (cons first-x frnt) back))))
(defun break-at (delimiter xs) …) = (up-to-but-not-incl-first-delimiter-in-xs all-the-rest-of-xs)Example (break-at 'x '(h o m e x o n x t h e x r a n g e)) = '( (h o m e) (x o n x t h e x r a n g e))
value delivered by let formula
4
Multiple Valuesanother ACL2 data structure
mv — the multiple-value constructor (mv value-1 value-2 … value-n) Displays just like a list
(mv 1 2 3) displays as (1 2 3)(list 1 2 3) displays as (1 2 3)
Serves same purpose as a list But … it isn’t a list … no car, cdr, cons
mv-let — the multiple-value deconstructor (mv-let (symbol-1 symbol-2 … symbol-n) (mv value-1 value-2 … value-n) formula-for-value-to-be-delivered)
may be ordinary value ormultiple-value (with any number of components)
associates
value-i w
ith sym
bol-
i…
(mv-let (a b) (mv 1 2) (mv a b (+ a b))) —displays as: (1 2 3)(mv-let (a b c) (mv 1 2 3) (+ a b c)) —displays as: 6
Examples
5
State (it’s under the hood – don’t look)
ACL2 maintains a state of its world Commands alter the state(defun f (x) (+ x 1)) —makes function f available for invocation(defthm about-f (implies (natp x) (natp (f x))) —adds theorem to
logic(include-book "arithmetic/top“ :dir :system) —adds theorems to logic(set-state-ok t) —allows reference to state variable
File-system —part of the ACL2 state Commands affecting file-system take a special form
(set-state-ok t) command must be in forceMust deliver state
– Either as an ordinary value– Or, as part of a multiple value
The symbol “state” denotes the current ACL2 stateYou can’t do anything with state except
– Supply it as a parameter in a command– Use it to name a value delivered by a command
No-roach-motels rule: If state goes in, it must come out
6
I/O function from read-utilities(to be discussed)
Counting Lines of Code
Essential structure of loc function
(defun loc (file-path state) (mv-let (str error state) (filestring file-path state) (if error (mv error state) (mv (loc-from-file-as-string str) state))))
state goes out
ordinary function — no state
state goes in
7
Putting I/O Code Together
(include-book "io-utilities" :dir :teachpacks)(include-book "list-utilities" :dir :teachpacks)(set-state-ok t)
(defun number-of-noncomments (lines) (if (not (consp lines)) 0 (let* ((whitespace '(#\Space #\Newline #\Tab)) (stripped (drop-set whitespace (car lines)))) (if (or (null stripped) (char-equal #\; (car stripped))) (number-of-noncomments (cdr lines)) (+ (number-of-noncomments (cdr lines)) 1)))))(defun loc-from-file (str) (number-of-noncomments (packets #\Newline (str->chrs str))))(defun loc-count (file-path state) (mv-let (str error state) (file->string file-path state) (if error (mv error state) (mv (loc-from-file str) state))))
loc-count.lisp
Let's try it out Invocation: (loc-count "code.lisp" state)
file must haveUnix-style lines
dos2unix "code.scm"
list-utilities
8
Utilities TeachpacksUtilities books
(include-book "list-utilities.lisp" :dir :teachpacks) (include-book "io-utilities.lisp" :dir :teachpacks) (include-book "binary-io-
utilities.lisp" :dir :teachpacks) (include-book "avl-rational-
keys.lisp" :dir :teachpacks)
Where to find documentation See source code at http://www.cs.ou.edu/~rlpage/SEcollab/Tools/
9
Yeah … but What about GUIs? GUI implementation model
DrACuLa maintains a "world" (not the ACL2 world) ACL2 functions to DrACuLa events
Clock events (you can set the number of ticks per second)Keyboard eventsMouse events
DrACuLa binds events to update-functions(on-tick-event world world ) — updates world(on-redraw-event world image) — updates canvas(on-key-event world key-event world ) — updates world(on-mouse-event world x y mouse-event world )
— updates world
DrACuLa graphics operations that deliver images(empty-scene width height)(place-image overlay-image x y old-image)(circle radius mode color)(add-line image xstart ystart xend yend color) … etc …
DrACuLa kicks it off(big-bang width height seconds-per-tick initial-world )
10
Programmer chooses structure Could be an atom — eg: number, symbol, string, … Could be a list — eg: (position color label) Could be a structure
(defstructure my-world (component-1 (:assert (type-predicate component-1))) (component-2 (:assert (type-predicate component-2))) … )
Example — drop ball on canvas with mouse-click mouse-demo.lisp World data structure
(defstructure m-world (click-ball (:assert (posn? click-ball))) (track-ball (:assert (posn? track-ball))))
Representing the World
11
Canvas update function: worldimage Input: current world Output: image Action: DrACuLa paints image on canvas
Example — drop ball on canvas(defun draw-balls (w) (place-image (circle 5 'solid 'black) (posn-x (m-world-track-ball w)) (posn-y (m-world-track-ball w)) (place-image (circle 15 'solid 'red) (posn-x (m-world-click-ball w)) (posn-y (m-world-click-ball w)) (empty-scene width height))))
Responding to Redraw Events(on-draw-event worldimage)
deconstructors for make-posn (posn-x (make-posn x y)) x (posn-x (make-posn x y)) y
place-image superimposes this image (a red disk) on this one in this position
connects "draw-balls" functionwith redraw event
deconstructor for m-world struct(automatic with defstructure)
(on-redraw draw-balls)formula placed in source code after definitions
12
Update function: world x y event world Inputs
current world x, y — coordinates of current mouse position event — symbol indicating event: 'move, 'button-down, …
Output: new world Action: DrACuLa updates old world with new one
Example — drop ball on canvas(defun mouse-handler (w x y me) (let ((xy (make-posn x y))) (cond ((equal me 'move) (m-world (m-world-click-ball w) xy)) ((equal me 'button-down) (m-world xy xy)) ((equal me 'button-up) (m-world xy xy)) ((equal me 'drag) (m-world xy xy)) ((equal me 'enter) (m-world (m-world-click-ball w) xy)) ((equal me 'leave) (m-world (m-world-click-ball w) ob)) (t (end-of-time "This cannot happen")))))
Responding to Mouse Events(on-mouse-event world x y event
world)
constructor for m-world struct(automatic with defstructure)
deconstructor
13
Update function: world x y event world Inputs
current world x, y — coordinates of current mouse position event — symbol indicating event: 'move, 'button-down, …
Output: new world Action: DrACuLa updates old world with new one
Example — drop ball on canvas(defun mouse-handler (w x y me) (let ((xy (make-posn x y))) (cond ((equal me 'move) (m-world (m-world-click-ball w) xy)) ((equal me 'button-down) (m-world xy xy)) ((equal me 'button-up) (m-world xy xy)) ((equal me 'drag) (m-world xy xy)) ((equal me 'enter) (m-world (m-world-click-ball w) xy)) ((equal me 'leave) (m-world (m-world-click-ball w)
ob)) (t (end-of-time "This cannot
happen")))))
Project(on-mouse-event world x y event
world)
constructor for m-world struct(automatic with defstructure)
deconstructor
14
Projects File I/O
Write a program that reads a file and writes a new one like it, but with the lines in the reverse order
Useful functions packets – list-utilities file->string – io-utilities str->chrs – list-utilities chrs->str – list-utilities reverse – ACL2 instrinsic
GUI Modify program: click on red ball to make it
disappearhttp://www.cs.ou.edu/~rlpage/SEcollab/Tools/mouse-demo.lisp
Lectures may be found here:http://www.cs.ou.edu/~rlpage/SEcollab/tsc/Lectures/
List of importable ACL2 books here:http://www.cs.utexas.edu/users/moore/acl2/v3-3/distrib/acl2-
sources/books/Readme.html
15
The End