Presentation is loading. Please wait.

Presentation is loading. Please wait.

MAT-71506 Program Verification Designing a Program and its Proof Together Antero Kangas 2014 1.

Published byLiana Sullen Modified over 9 years ago

Similar presentations

Presentation on theme: "MAT-71506 Program Verification Designing a Program and its Proof Together Antero Kangas 2014 1."— Presentation transcript:

1 MAT-71506 Program Verification Designing a Program and its Proof Together Antero Kangas 2014 1

2 Applications for Proving  Program verification, i.e. proving, should be used in the most critical parts, and usually in pseudo-code level  Usually the final code is not correct, thus proving cannot succeed But  A proof trial is a useful means of review: problems in proof trials give easily a counter example, i.e. a test case that reveals on error (the previous lecture)  Proving can be used as a design method Antero Kangas 2014 2

3 Designing a Program and its Proof together It is worth  to design a difficult part of program together with its proof  to document the main ideas of the progression of the program by writing predicates that describe the interphases  to design a loop, and its invariant and bound function together (The first example was to design an efficient implementation for Horner’s Rule) Antero Kangas 2014 3

4 Second example: Compute cube  Task: Compute the cube of a natural number  in one loop  without raising to a power nor multiplication operations.  Specification n is fixed n ≥ 0 Compute_cube r = n 3  n is the input variable and r is the output variable (result) Antero Kangas 2014 4

5 A Preliminary Task  Designing the program and its proof together – how? ⇒ we can use the already familiar means for program verification  Task: Discuss a moment with your partner about  what kind of strategy we could use, e.g. what kind of program statements and structures  What kind of program verification techniques we have and could use Antero Kangas 2014 5

6 n ≥ 0 Compute_cube r = n 3 n ≥ 0 inv: r = i 3 while do i := expr3; r := expr4 end while r = n 3 Start of Design  One loop structure, where  Cube of a variable (e.g.) i is computed in every cycle.  Invariant candidate would be r = i 3  Loop must terminate when i = n,  and then it would be r = i 3 ∧ i=n,  which implies the post condition  The variables i and r must be initialised Antero Kangas 2014 6 n ≥ 0 i := expr1; r := expr2; inv: r = i 3 while i < n do i := expr3; r := expr4 end while r = i 3 ∧ i=n r = n 3

7 n ≥ 0 i := expr1; r := expr2; inv: r = i 3 while i < n do i := expr3; r := expr4 end while r = i 3 ∧ i=n r = n 3 n ≥ 0 i := 0; r := expr2; inv: r = i 3 while i < n do i := expr3; r := expr4 end while r = i 3 ∧ i=n r = n 3 n ≥ 0 i := 0; r := 0; inv: r = i 3 while i < n do i := expr3; r := expr4 end while r = i 3 ∧ i=n r = n 3 n ≥ 0 i := 0; r := 0; inv: r = i 3 while i < n do i := i + 1; r := expr4 end while r = i 3 ∧ i=n r = n 3 Solving expressions 1 to 3  i must be initialised to 0 to compute cube when n=0  inv must hold in the beginning ⇒ r must be initialised to 0  Loop terminates ⇒ i must be increased in every cycle Antero Kangas 2014 7

8 n ≥ 0 i := 0; r := 0; inv: r = i 3 while i < n do inv ∧ i < n i := i + 1; r := expr4 inv end while r = i 3 ∧ i=n r = n 3 n ≥ 0 i := 0; r := 0; inv: r = i 3 ∧ s=3i 2 +3i+1 while i < n do inv ∧ i < n i := i + 1; r := expr4 inv end while r = i 3 ∧ i=n r = n 3 n ≥ 0 i := 0; r := 0; inv: r = i 3 ∧ s=3i 2 +3i+1 while i < n do inv ∧ i < n i := i + 1; r := r + s inv end while r = i 3 ∧ i=n r = n 3 n ≥ 0 i := 0; r := 0; s := expr5; inv: r = i 3 ∧ s=3i 2 +3i+1 while i < n do inv ∧ i < n i := i + 1; r := r + s; s := expr6 inv end while r = i 3 ∧ i=n r = n 3 Solving expression 4  How?  Hint: expr4 is the new value of r, and r is in invariant  inv ∧ i < n ⇒ wp(i :=i+1; r := expr4, inv )  Let inv ∧ i < n hold, thus  wp(i :=i+1; r := expr4, r = i 3 ) ⇔ expr4 = (i+1) 3 = i 3 +3i 2 +3i+1  inv ⇔ r = i 3, thus expr4 = r+3i 2 +3i+1  strengthen the invariant by s = 3i 2 +3i+1  ⇒ expr4 = r + s  s must be initialized and maintained in every cycle Antero Kangas 2014 8 =: s

9 Initialise s := 1 inv ∧ i < n i := i + 1; r := r + s; s := expr6 inv must hold wp(i := i + 1; r := r + s; s := expr6, r = i 3 ∧ s=3i 2 +3i+1) ⇔ wp(i := i + 1; r := r + s, r = i 3 ∧ expr6 =3i 2 +3i+1) ⇔ wp(i := i + 1; r+s = i 3 ∧ expr6 =3i 2 +3i+1 ⇔ r+s = (i+1) 3 ∧ expr6 =3(i+1) 2 +3(i+1)+1 Since inv ⇒ r+s = (i+1) 3, we get expr6 = 3(i+1) 2 +3(i+1)+1 = 3i 2 +9i+7, and since s = 3i 2 +3i+1, we get expr6 = s + 6i + 6 = s + i + i + i + i + i + i + 6 This suffices but let us make it more elegant by introducing a new variable t so that we can write expr6 = s + t Strengthen the invariant by t = 6i + 6 Initialise t := 6 for that the new invariant would hold Solving expression 6 Antero Kangas 2014 9 inv ⇔ r = i 3 ∧ s=3i 2 +3i+1 =: t

10 Solving expression7  How?  inv ∧ i < n i := i + 1; r := r + s; s := s+t; t := expr7 inv must hold  wp(i := i + 1; r := r + s; s := s + t; t := expr7, r = i 3 ∧ s=3i 2 +3i+1 ∧ t = 6i+6) ⇔ r+s = (i+1) 3 ∧ s+t = 3(i+1) 2 +3(i+1)+1 ∧ expr7 = 6(i+1)+6 ⇒ (look invariant) expr7 = 6(i+1)+6 = 6i+12 = t + 6  The program and its proof are ready ! Our cube program this far: n ≥ 0 i := 0; r := 0; s := 1; t:= 6 inv: r = i 3 ∧ s=3i 2 +3i+1 ∧ t = 6i+6 while i < n do inv ∧ i < n i := i + 1; r := r + s; s := s + t; t := expr7 inv end while r = i 3 ∧ i=n r = n 3 Antero Kangas 2014 10 Final code: n ≥ 0 i := 0; r := 0; s := 1; t:= 6 inv: r = i 3 ∧ s=3i 2 +3i+1 ∧ t = 6i+6 while i < n do inv ∧ i < n i := i + 1; r := r + s; s := s + t; t := t + 6 inv end while r = i 3 ∧ i=n r = n 3

11 Last words  The proof can be checked and kept with the code  The loop variable i is used only for counting cycles ⇒ it can be done also at the end of the loop  Therefore Compute cube can be implemented using a for-loop =======>  The main idea was to ”lower the power” by introducing a new variable, strenghtening the invariant, initialising, it so that inv holds in the beginning, etc.  A similar program can be designed at the same way for any polynom, if we know its degree and coefficients n ≥ 0 r := 0; s := 1; t := 6; for i := 0 to n─1 do r := r + s; s := s + t; t := t + 6 end for r = n 3 Antero Kangas 2014 11 Test run: irstirst 00160016 1 1 712 2 8 1918 3 27 3724 4 64 6130

Download ppt "MAT-71506 Program Verification Designing a Program and its Proof Together Antero Kangas 2014 1."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Analysis of Computer Algorithms

Analysis of Computer Algorithms
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
1 Program verification: flowchart programs (Book: chapter 7)

1 Program verification: flowchart programs (Book: chapter 7)
GCSE Computing Lesson 5.

GCSE Computing Lesson 5.
Design by Contract.

Design by Contract.
Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.

Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.
Engineering H192 - Computer Programming The Ohio State University Gateway Engineering Education Coalition Lect 10P. 1Winter Quarter Repetition Structures.

Engineering H192 - Computer Programming The Ohio State University Gateway Engineering Education Coalition Lect 10P. 1Winter Quarter Repetition Structures.
Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.

Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
11111 Functional Program Verification CS 4311 A. M. Stavely, Toward Zero Defect Programming, Addison-Wesley, 1999. Y. Cheon and M. Vela, A Tutorial on.

11111 Functional Program Verification CS 4311 A. M. Stavely, Toward Zero Defect Programming, Addison-Wesley, Y. Cheon and M. Vela, A Tutorial on.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.

Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.
1 Discrete Structures Lecture 29 Predicates and Programming Read Ch. 10.1 - 10.2.

1 Discrete Structures Lecture 29 Predicates and Programming Read Ch
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.
© Janice Regan, CMPT 102, Sept. 2006 0 CMPT 102 Introduction to Scientific Computer Programming The software development method algorithms.

© Janice Regan, CMPT 102, Sept CMPT 102 Introduction to Scientific Computer Programming The software development method algorithms.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
Bellevue University CIS 205: Introduction to Programming Using C++ Lecture 3: Primitive Data Types.

Bellevue University CIS 205: Introduction to Programming Using C++ Lecture 3: Primitive Data Types.

Similar presentations

Ads by Google