CS 245Logic and Computation

Lecture 1

Richard Trefler

trefler@cs.uwaterloo.ca

DC 2336

http://www.student.math.uwaterloo.ca/˜cs245

uw.cs.se112cs245cs245@student.uwaterloo.ca

– p.1/42

Today’s Agenda

What is this course about?

Motivation

Course Outline

Course Resources

Course Grade

Questions

– p.2/42

CS 245: Logic and Computation

This course is about logic and its use in software engineering.In particular, we will study the use of logic for specificationand checking the correctness of programs.

– p.3/42

Program Correctness

When you write a program:

. . . how do you know what it’s supposed to do?

(specification)

. . . how do you know that it does what it’s supposed todo? (correctness)

inspection

testing

formal verification

– p.4/42

Program Correctness

When you write a program:

. . . how do you know what it’s supposed to do?(specification)

. . . how do you know that it does what it’s supposed todo? (correctness)

inspection

testing

formal verification

– p.4/42

Program Correctness

When you write a program:

. . . how do you know what it’s supposed to do?(specification)

. . . how do you know that it does what it’s supposed todo? (correctness)

inspection

testing

formal verification

– p.4/42

Program Correctness

When you write a program:

. . . how do you know what it’s supposed to do?(specification)

. . . how do you know that it does what it’s supposed todo? (correctness)

inspection

testing

formal verification

– p.4/42

Program Correctness

When you write a program:

. . . how do you know what it’s supposed to do?(specification)

. . . how do you know that it does what it’s supposed todo? (correctness)

inspection

testing

formal verification

– p.4/42

Formal Verification

In this course, we will learn a technique for doing a morethorough check of whether your program is correct.

This is called formal verification (FV) and is based on logicalreasoning. It’s also called “formal methods” or“computer-aided verification”.

Formal verification checks the correctness of your program forall possible inputs.

However, these methods can require more effort, andtherefore are complementary to testing and inspection.

– p.5/42

What is logical reasoning?

Example: If the train arrives late and there are notaxis at the station, then John is late for his meeting.John is not late for his meeting. The train did arrivelate. Were there taxis at the station or not?

This argument has a structure. There are premises (facts).Then there is something we deduce from the facts called aconclusion. The conclusion logically follows from the facts.

– p.6/42

What is logical reasoning?

Example: If the train arrives late and there are notaxis at the station, then John is late for his meeting.John is not late for his meeting. The train did arrivelate. Therefore, there were taxis at the station.

This argument has a structure. There are premises (facts).Then there is something we deduce from the facts called aconclusion. The conclusion logically follows from the facts.

– p.6/42

What is logic?

According to Webster’s, logic is “the science of correctreasoning”.

According to the Free On-Line Dictionary of Computing, “logicis concerned with what is true and how we can know whethersomething is true”.

Using logic, we can reason about a system.

We can determine whether a program behaves correctly forall possible input values.

Testing can only check the program for some (carefullychosen) input values.

– p.7/42

What is logic?

According to Webster’s, logic is “the science of correctreasoning”.

According to the Free On-Line Dictionary of Computing, “logicis concerned with what is true and how we can know whethersomething is true”.

Using logic, we can reason about a system.

We can determine whether a program behaves correctly forall possible input values.

Testing can only check the program for some (carefullychosen) input values.

– p.7/42

What is logic?

According to Webster’s, logic is “the science of correctreasoning”.

According to the Free On-Line Dictionary of Computing, “logicis concerned with what is true and how we can know whethersomething is true”.

Using logic, we can reason about a system.

We can determine whether a program behaves correctly forall possible input values.

Testing can only check the program for some (carefullychosen) input values.

– p.7/42

What is logic?

According to Webster’s, logic is “the science of correctreasoning”.

According to the Free On-Line Dictionary of Computing, “logicis concerned with what is true and how we can know whethersomething is true”.

Using logic, we can reason about a system.

We can determine whether a program behaves correctly forall possible input values.

Testing can only check the program for some (carefullychosen) input values.

– p.7/42

Logical Arguments

Example 1: If the train arrives late and there are notaxis at the station, then John is late for his meeting.John is not late for his meeting. The train did arrivelate. Therefore, there were taxis at the station.

Here’s another example of a logical argument:

Example 2: If it is raining and Jane does not have herumbrella with her, then she will get wet. Jane is notwet. It is raining. Therefore, Jane has her umbrellawith her.

These two arguments have the same structure, but usedifferent sentence fragments.

– p.8/42

Logical Arguments

Example 1: If the train arrives late and there are notaxis at the station, then John is late for his meeting.John is not late for his meeting. The train did arrivelate. Therefore, there were taxis at the station.

Here’s another example of a logical argument:

Example 2: If it is raining and Jane does not have herumbrella with her, then she will get wet. Jane is notwet. It is raining. Therefore, Jane has her umbrellawith her.

These two arguments have the same structure, but usedifferent sentence fragments.

– p.8/42

Logical Arguments

Example 1: If the train arrives late and there are notaxis at the station, then John is late for his meeting.John is not late for his meeting. The train did arrivelate. Therefore, there were taxis at the station.

Example 2: If it is raining and Jane does not have herumbrella with her, then she will get wet. Jane is notwet. It is raining. Therefore, Jane has her umbrellawith her.

Example 1 Example 2

the train is late it is rainingthere are taxis at the station Jane has her umbrella with herJohn is late for his meeting Jane gets wet

– p.9/42

Logical Arguments

The argument can be stated independently of Jane and Johnand umbrellas and trains and taxis by substituting letters forthe sentences as in:

Letter Example 1 Example 2

p the train is late it is raining

q there are taxis at the station Jane has her umbrella with her

r John is late for his meeting Jane gets wet

The valid argument is then:

If p and not q then r.Not r.p.

(therefore)q

– p.10/42

Logic

Logic is concerned with the structure of the argument, not themeaning of the sentences.

In a logic, there are rules about which structures ofarguments are valid and which are not. A logical argument isvery rigorous. Only certain rules (the rules of the logic) canbe used in a logical argument.

In logic, we use symbols to represent the sentences. It’ssometimes called symbolic logic.

– p.11/42

Logical Reasoning and Verification

Using logical reasoning, we can deduce properties of oursoftware.

We can view a program as a logical argument.

Logic has many other applications within computer science:

digital circuits

artificial intelligence

compilers

database queries

etc.

– p.12/42

Today’s Agenda

What is this course about?

Motivation

Course Outline

Course Resources

Course Grade

Questions

– p.13/42

Motivation

It is widely agreed that the main obstacle to “helpcomputers help us more” and relegate to thesehelpful partners even more complex and sensitivetasks is not inadequate speed and unsatisfactory rawcomputing power in the existing machines, but ourlimited ability to design and implement complexsystems with sufficiently high degree of confidence intheir correctness under all circumstances.

– Amir Pnueli, Turing Award Winner

This course is about the basics of techniques for ensuringthat software works “correctly” in the environments of itsintended use.

– p.14/42

Software Engineering

Because of the complexity of software, it can often havesubtle bugs. When used in safety-critical applications, thesebugs can cost lives or huge amounts of money.

Because of these problems, most commercial softwarecomes with no guarantees.

– p.15/42

Safety-critical software

In Britain, the use of techniques based on what you will learnin this course is required for some safety-critical applications.

British Ministry of Defense Interim defense standard 00-55, ison “requirements for the procurement of safety criticalsoftware in defense equipment”:

31.2.1 The Design Team shall construct the ProofObligations that verify the source code with respect toits Formal Design, and discharge them by means ofFormal Arguments, as laid down in 32.1.

32.1.1 Formal Arguments shall be constructed usingFormal Proofs or Rigorous Arguments.

– p.16/42

Loss of Life: Therac-25

A computer-controlled radiation therapy machine called theTherac-25 made by Atomic Energy of Canada overdosed sixpeople between June, 1985 and January 1987. Two of thesepeople died because of the overdose.

In some cases the only indication that something was wrongwas the cryptic message:

malfunction 54

The error was a timing problem on data entry.

– p.17/42

Loss of Life: Therac-25 (cont’d)

The Therac-25 could deliver radiation as either a beam ofelectrons or a beam of X-rays.

If the operator entered “x” for x rays, the setting of themagnets took 8 seconds.

If the operator discovered she had made a mistake and fixedthe entry to be “e” within that 8 seconds, even though thescreen reflected the change, the change did not affect a partof the program.

– p.18/42

Banking... February 1994, automated teller machines (ATMs) atChemical Bank in New York City mistakenly deducted a total of

approximately $15 million dollars from about a

hundred thousand customer accounts . Until the problem was

discovered, any customers making withdrawal were chargeddouble the withdrawal’s actual amount on their accounts,although the printed transaction slip showed the correct amount.Only those people who later checked their balance – and knewwhat it should have been – realized there had been an error.The culprit proved to be a flawed instruction – a single line in

updated computer program the company had installed the daybefore the problem surfaced.– Ivars Peterson, “Fatal Defect: Chasing Killer Computer Bugs”,Vintage Books, 1996, p. 17

– p.19/42

Windows XP

Microsoft released Windows XP on Oct. 25, 2001. That sameday, in what may be a record, the company posted 18megabytes of patches on its Web site: bug fixes, compatibilityupdates, and enhancements. Two patches fixed importantsecurity holes. Or rather, one of them did; the other patch didn’twork. Microsoft advised (and still advises) users to back upcritical files before installing the patches. Buyers of the homeversion of Windows XP, however, discovered that the systemprovided no way to restore these backup files if things wentawry. As Microsoft’s online Knowledge Base blandly explained,the special backup floppy disks created by Windows XP Home"do not work with Windows XP Home.– http://msnbc.com/news/ on the 17 Jun 2002

– p.20/42

Security: SmartCards

Smart cards, the size of a credit card, have a microprocessorand memory, along with a mini operating system. They canrun multiple applications, which may be downloaded after thecard is in use. These “applets” can carry out various functionssuch as being an “electronic wallet”, carry health information,etc.

Because of the high security considerations, a Europeanproject is attempting to verify the code and operating systemof these cards for “non-interference” between applications.For these companies “security is their product”.

See:Verificard: http://www.verificard.org

– p.21/42

Automobiles

The Cayenne has 40 electronic control unitsthat manage and monitor such functions asengine, airbags, navigation system, sun-roof and seat controls. “The most time-consuming thing,” Kloesters adds, “is to testthem with each other, to make sure a soft-ware change with one unit won’t affect thesoftware in another.– Larry Edsall, “A True Porsche?”, Road &Track, Jan 2003.

Image from: http://www2.us.porsche.com– p.22/42

Future Applications

Consider the future applications of computers:

free flight

smart homes

patient monitoring

automated highways

etc.

Formal methods help us make sure the software in thesekinds of systems is correct.

– p.23/42

Caveats

The use of formal methods does NOT solve all problems.

Inspection, testing, and other software engineering practicesare also important.

– p.24/42

Today’s Agenda

What is this course about?

Motivation

Course Outline

Course Resources

Course Grade

Questions

– p.25/42

Course Outline

There are four main topics that we will cover in this course:

propositional logic

the smallest building block is a statement withoutconnectives, such as “and”. The example with thetrains was reasoning in propositional logic.

predicate logic

includes a means of describing relationships betweenobjects, for example, “every course has an instructor”.

specification

ways of describing what a system is required to doFloyd-Hoare logic

logic of programs

– p.26/42

Today’s Agenda

What is this course about?

Motivation

Course Outline

Course Resources

Course Grade

Questions

– p.27/42

Lectures

There are three lecture hours per week for this course.

The slides used in class will be available on the course webpage.

Not all topics covered in class are covered in the textbook.

Sometimes information is left xout of the notes for you tofill in during class (particularly examples).

– p.28/42

Suggested Homework

Suggested homework exercises will be listed – most of theseare from your text.

– p.29/42

Tutorials

The primary purpose of the tutorials is for you to work onproblems.

The tutorials will cover material discussed in the previousweek’s lectures.

The TAs will have some problems prepared for you to try, butthis is also your opportunity to ask questions.

Tutorials start the week of May 12th.

– p.30/42

Teaching Assistants

cs245

Shea Armstrong

Ann Meade

Gulay Unel

se112

Course Tutor: Eric Gerlach egerlach@student.math

– p.31/42

Required Textbook

Introductory Logic and Sets for Computer Scientists, byNimal Nissanke, (1999).

Errors in the textbook will be listed on the course webpage as they are identified. If you think you’veencountered one, please post it to the newsgroup.

Course pack – material from other textbooks for topicscovered later in the course.

– p.32/42

Course Web Page and Newsgroup

http://www.student.math.uwaterloo.ca/~cs245

uw.cs.se112cs245

You are expected to read the course newsgroup and webpages regularly.

Guidelines for use of the newsgroup are the same as thosefound in the cs134 course notes.

– p.33/42

Course Software

We have software to support the kind of logical reasoning thatyou will learn in this course.

The advantage of the software is that it allows you to checkyour work. The software doesn’t allow you to make a mistakein your logical reasoning. The user interface is a simple GUI.

– p.34/42

Today’s Agenda

What is this course about?

Motivation

Course Outline

Course Resources

Course Grade

Questions

– p.35/42

Evaluation

Component Weight

Assignments (9) 27%Midterm Exam 23% Tues, June 10 4:30 – 6:30pmFinal Exam 50%

Students must pass the final exam to pass the course.

Everything seen in class, done in assignments, or covered inthe recommended readings, might be tested by examquestions.

– p.36/42

Assignments

Assignments will be approximately weekly, usually handedout on Friday and due the following Friday.

All assignments are written (neatly handwritten or typed),unless you use the course software.

Assignments are to be handed in at the drop box – mc 4065 –by 11am the day they are due.

Assignments are to be completed individually. The policy onacademic offenses is on the course web page.

– p.37/42

Late Policy for Assignments

Assignments can be turned in late until the Monday after theyare due – turn in late assingments in class.

You may turn in late assingments only twice in the term.

For assignments due just before exams, the late policy willnot apply so that solution sets can be handed out right away.

– p.38/42

Remarking Policy

Requests for remarks of assignments or exams will beaccepted for two weeks after the assignment/exam has beenreturned.

To request a remark, provide a written explanation indicatingwhich question you would like remarked and what you thinkthe problem is with the mark given.

– p.39/42

Help with Course Material

Ask questions in class.Check the lecture notes and textbook.Check the solution sets (assignments, suggestedhomework exercises).Ask questions in tutorial.Post to the newsgroup.Come to office hours:

Instructor’s office hours: Mon 3-4, Wed 3-4. DC 2336.Tutor’s office hours:

Send email to the course tutor(cs245@student.math.uwaterloo.ca)Send email to the instructorLook at previous years’ assignments and exams.

– p.40/42

Expectations

ASK QUESTIONS!

In consideration of other students, only ONE person (me oryou) should be talking at all times.

This course is about details! We will be doing detailed proofsand listing all the justifications.

We welcome feedback on how the course is going ! You can:

Send me email

Send a TA or the course tutor email

Tell your class rep

– p.41/42

Expectations

ASK QUESTIONS!

In consideration of other students, only ONE person (me oryou) should be talking at all times.

This course is about details! We will be doing detailed proofsand listing all the justifications.

We welcome feedback on how the course is going ! You can:

Send me email

Send a TA or the course tutor email

Tell your class rep

– p.41/42

Expectations

ASK QUESTIONS!

In consideration of other students, only ONE person (me oryou) should be talking at all times.

This course is about details! We will be doing detailed proofsand listing all the justifications.

We welcome feedback on how the course is going ! You can:

Send me email

Send a TA or the course tutor email

Tell your class rep

– p.41/42

Expectations

ASK QUESTIONS!

In consideration of other students, only ONE person (me oryou) should be talking at all times.

This course is about details! We will be doing detailed proofsand listing all the justifications.

We welcome feedback on how the course is going ! You can:

Send me email

Send a TA or the course tutor email

Tell your class rep

– p.41/42

Expectations

ASK QUESTIONS!

In consideration of other students, only ONE person (me oryou) should be talking at all times.

This course is about details! We will be doing detailed proofsand listing all the justifications.

We welcome feedback on how the course is going ! You can:

Send me email

Send a TA or the course tutor email

Tell your class rep

– p.41/42

Next Lecture

Topic: Propositions and Propositional Connectives

Reading: Nissanke, Ch. 1, 2, 3.1, 3.2

QUESTIONS?

– p.42/42