# Home

• Applied Formal Logic: Correctness of Quick Search July 16, 2017

When last I left, I had verified that the implementation of Quick Search was safe: the modified algorithm didn’t access memory it shouldn’t, it didn’t have numeric overflows, and it didn’t modify anything outside of its own implementation. And, using Frama-C, the process hadn’t hardly been torturous or even particularly unpleasant at all. The most important tasks were describing the requirements for calling the two functions. Those requirements are…detailed…but nothing more than what an experienced C programmer would have in mind while writing or calling the functions. A final set of shiny set of annotations ensured that the loops and the variable modifications needed by them behaved themselves.

But I hadn’t done anything about proving that the function actually did what it claimed it was supposed to do. It’s not hard to understand (one of the reasons I like Quick Search), but the ANSI/ISO C Specification Language is unfamiliar and I didn’t know how to express what went on, where. Fortunately, Yannick Moy, a software engineer at AdaCore, came to my assistance with an excellent introduction to doing the same thing with SPARK, and Loïc Correnson, one of the creators of Frama-C, popped in with some excellent suggestions (and very flattering comments).

So now, for your software verification pleasure, here is my essay at proving the correctness of Quick Search. It pretty much follows the same pattern as Yannick’s, but I did come up with a slightly different postcondition for make_bad_shift.

• Applied Formal Logic: The bug in Quick Search June 23, 2017

In my last post, I presented a brief introduction to Frama-C and to the process of verifying properties about a very simple C function, a brute force string search. This time around, I intended to do roughly the same thing, using a slightly more complicated function, a faster string searching algorithm. Unfortunately, in doing so, I found a bug in the algorithm. Admittedly, the bug is rather minor and should not affect the actual behavior of an implementation in practice, but still, it is doing something it shouldn’t ought to be doing.

The string searching algorithm I am looking at this time is Quick Search, so named by Daniel M. Sunday in 1990 because it “is a simple, fast, practical algorithm [and] because it can be both coded and debugged quickly” (“A Very Fast Substring Search Algorithm” [PDF]. It is my personal favorite string search because it is, indeed, simple, fast, and practical. Let me quickly show why.

• Applied Formal Logic: Brute Force String Search June 19, 2017

Need is there, but tools are not.

– zzz95

Let’s play with Frama-C.

• Debunking Economics - Ch. 3: The Demand Curve January 25, 2017

• The pain of learning Rust January 19, 2017

I recently saw several posts from ESR discussing his attempts to learn Rust, for use in rewriting NTPsec: “Rust vs. Go” and “Rust severely disappoints me”, as well as “Rust and the limits of swarm design”. These posts gave me the incentive to write down some thoughts I have on the difficulty of approaching Rust. In pariticular, I have noticed are some commonalities among those who have initial difficulties with Rust’s ownership model.

• 2016 Triangle Pen Show September 2, 2016

I managed to miss the Atlanta Pen Show this year, but fortunately, I was in North Carolina for the Triangle Pen Show in Cary, June 2-5. It was somewhat smaller and more intimate, but no less fun. Only one room of tables (plus a couple of hallways), but the contents of those tables was no less mind-blowing.

• A deep dive into regular expression derivatives for lexical analysis August 15, 2016

Although I (embarrassingly) never completed the project, I have written before on derivative-based parsing,1 the work of Matt Might and others. The recent appearance of On the Complexity and Performance of Parsing with Derivatives and a certain immediate interest in parsing re-awakened my curiosity about the subject. (And no, it’s not because Might’s derivative-parsing tool is called Derp (but as an added bonus, the pure recognizer version is “herp” (and the accompanying regular expression package is “rerp”)).2) In this particular post, I would like to demonstrate why I think the technique is cool, by demonstrating that derivative-based regular expressions are cool.

To that end, I’ll start with regular expression matching, then go on to the conversion to a deterministic finite automaton and finally discuss the minor extras needed to build a lexical analyzer, similar to lex or flex (but better).

• Quote o' the Day: Age and Syntax Directed Editing July 13, 2016

Laurence Tratt, writing An Editor for Composed Programs, came up with this interesting factoid regarding syntax-directed editing, a bizarre remnant of something horrible that the ’80s have to answer for:

• Push-parsing and Pony July 2, 2016

Hey, let’s write a quick parser! A simple one, for the simple version of hoc from The Unix Programming Environment. The chapter on hoc is used to demonstrate the use of the yacc parser; it’s a dandy example to play with parsing.

I haven’t hand written a parser in a long time, so that’s what I want to do now. But there is a bit of a catch: it reads from stdin in Pony. And the interface for that is:

interface StdinNotify
"""
Notification for data arriving via stdin.
"""
fun ref apply(data: Array[U8] iso) =>
"""
Called when data is available on stdin.
"""
None

fun ref dispose() =>
"""
Called when no more data will arrive on stdin.
"""
None