Beweren en bewijzen/de zuilen/Artefacten/1. Het Rationaliteitsvierkant
literatuur
|
Een →artefact is iets dat door mensen gemaakt is voor een bepaald doel. We noemen het correct als het aantoonbaar de eigenschappen heeft die het moet hebben. Een correct gewichtsstuk van 1 kg moet bijvoorbeeld precies 1 kg massa hebben en een correcte Nederlandse vlag precies drie bepaalde kleurvelden van een bepaalde vorm.
In ons vak is het gedrag van computergestuurde artefacten een van de belangrijkste eigenschappen. Een computerprogramma moet aantoonbaar ervoor zorgen dat het hele ding doet wat het moet doen. Om zeker te zijn moeten we zijn structuur (welke onderdelen zitten op welke manier in elkaar?) en zijn gedrag (wat doet het?) aan elkaar praten. Preciezer: we moeten een beschrijving van zijn structuur en een beschrijving van zijn gedrag aan elkaar relateren en nagaan of als de ene waar is ook de andere waar is.
- Daartoe maken we onderscheid tussen:
- een ding of fenomeen in de fysieke realiteit
- beschrijvingen: teksten met syntax en semantiek (i.t.t. inktvlekken op papier)
- Orthogonaal hierop maken we onderscheid tussen:
- →structuur: welke onderdelen zitten op welke manier in elkaar?
- →eigenschappen: wat is/doet/heeft/kan het?
Met deze tweemaal twee begrippen kunnen we deze moeilijke vraag aanpakken:
"How can we make things (especially artefacts containing some IT) in such a way that we can be sure beyond reasonable doubt that they do what they are intended to do?"
Maar allereerst de vraag: wat betekent eigenlijk zeker zijn "beyond reasonable doubt"? We voegen hier het relevante hoofdstuk uit de taxonomie van de informatica in:
"Beyond reasonable doubt" – what does that mean? InhoudCertaintyThere are four ways to be sure that something is the case. The most reliable one does not guarantee anything about reality. The other three can be misleading. So we better be careful. DeductionWe deduce (derive) conclusions from assumptions. Such a derivation is valid if it follows the rules of →deduction. Such rules have been established (by means of induction) during the last two thousand years. They ensure that if some assumptions hold in reality, a valid conclusion from these assumptions will also hold in reality. →formal rules and techniques of deduction have been developed to highest standards during the last two centuries. Deduction provides certainty – but not about the physical world, only about statements (descriptions), be it in natural, be it in a formal language. In the best case, these statements have well-defined semantics in the world of mathematical objects. InductionIf we want to be sure that our assumptions about physical phenomena hold indeed we try to get evidence by repeated observations: →induction justifies statements about reality. During the last centuries experimental science has developed a discipline of induction. About simple things like planets, billard balls, lenses, or transistors, induction provides reliable knowledge. Applied to complex things like computers, it can be misleading. Ill-understood induction leads to superstition, as in the case of Skinner's pigeons [1]. InsightIn some lucky cases →insight – acute observation – makes us understand immediately, without further explanation or reasoning, how an artefact works, what a formula means, or that a theorem holds. "ηὕρηκα!" Insight can be misleading. Insight can also be trained.
Faith
When we don't have the time, motivation, knowledge, or means to find out whether something really is the case, we can nevertheless →faithfully believe it. Civil engineers, for example, have faith that the laws of nature hold. Programmers have faith that their programs are compiled and executed correctly. Otherwise they couldn't start their work. When we buy a product from a →provider we consider as reliable, we have faith that it meets its specification. Believing something, however, does not guarantee it is true, as thousands of millions of people show who believe that Windows is the best operating system. Mathematics has established a discipline to deal with belief: in "axioms" and "assumptions" belief is explicified. Rationality attempts careful combination of deduction, induction and insight, getting rid of unjustified belief. However, it is impossible to get rid of all belief. Most mathematicians still stress the intuitive appeal or usefulness of their axioms, trying to justify their beliefs. The Rationality Square: reasoning applied to physical realityObjects and descriptionsWe want certainty about things. Deduction is the most powerful means to obtain certainty, but deduction is applied to statements, to descriptions of things, not to things themselves. Philosophy has taught us to distinguish carefully between objects and their descriptions. Anne is a four-letter word. Anne has a baby. But Anne is not a four-letter word that has a baby. We have learned to use quotes for disambiguation: "Anne" has four letters, while Anne has a baby. A note for software engineers: A program, viz. a piece of software can be seen as both, a description, which can be subject to reasoning, and a piece of physical reality (magnetism) inside the machine that executes it. Software engineers tend to identify these two, but they live at different levels. (Similarly, the Constitution is a set of rules that prescribe how people should behave, and it is a physical object that one can buy or study in an archive.) We need induction (possibly in combination with deduction) to relate things to their descriptions. In the Rationality Square, physical reality is represented at the bottom, below its description. Represented, as it is difficult to include real things in a diagram. We mean a thing, but we can only draw a picture or write some hints to indicate what we mean. In any case, at the top of the Rationality Square, we mean descriptions, not the objects described.
Structure and propertiesScience uses mathematics to establish valid relations between the →structure of →things and their →properties. To understand a complex object we impose structure on it. We reason about structure to understand why something has its properties, how it "works", and how it can be made. Structure, however, is a subjective, conceptual idea, not an objective property of the object itself. Under different →views, the same thing can be considered to have different structures. An example of imposing structure is to understand a lump of matter as a canon pointed in a certain direction, filled with a certain amount of gun-powder and a ball of a certain weight. Someone from a culture where canons, ballistics, and gun-powder are unknown will not recognise this. Simple examples of an object’s properties are its weight, speed or colour. An interesting property of the structure mentioned above is whether its ball will hit a certain target. In the context of information technology one is mainly interested in complex, dynamic properties like ‘controlling a nuclear reactor’s temperature’ or ‘navigating an aeroplane’. In the context of classical software engineering, a typical property is the input-output relation of a program. The left half of the Rationality Square deals with structure, the right half with properties.
Corner stonesStructure vs. properties, reality vs. mathematics - this gives rise to the corner stones of what we will call the Rationality Square.
This square is common to all exact sciences and engineering disciplines, as a few examples may illustrate. It can be used to describe research questions, design problems, and verification problems. When you explore the examples below, please follow the numbering 1., 2., 3., 4.
RelationsPhysical things and mathematical theories must be made to fit. That means that the following relations between the corner stones have to be established carefully:
VerificationWhen these relations are defined, how can we convince ourselves that, in a particular case, they hold? Deduction is only applicable in the mathematical world. If the problem is complex, we would like to deal with as much complexity as possible within the mathematical world, where also computerised tools can be used to support reasoning. Then, ideally, the transition between the two worlds can be verified by insight.
|