Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Tutorial on Functional Program Verification TR #10-26 September 2010, revised August 2011 Yoonsik Cheon Melisa Vela Presented by Aditi Barua 1.

Published byTyrese Tobin Modified over 9 years ago

Similar presentations

Presentation on theme: "A Tutorial on Functional Program Verification TR #10-26 September 2010, revised August 2011 Yoonsik Cheon Melisa Vela Presented by Aditi Barua 1."— Presentation transcript:

1 A Tutorial on Functional Program Verification TR #10-26 September 2010, revised August 2011 Yoonsik Cheon Melisa Vela Presented by Aditi Barua 1

2 Functional program verification Formal program verification technique Based on Cleanroom Software Engineering Involves: Viewing program as a mathematical function (code function) Documenting function that computes the expected behavior of the code(intended function) Comparing the intended function and the code function. Introduction 2

3 Advantages Requires minimal mathematical background. Reflects the way programmers verify correctness of program. Helps one to be proficient with other verification technique. 3

4 Writing Intended Function & Code Function Program as mathematical function from one state to another Initial state : {x->10, sum->100} sum=sum + x; Final state :{x->10, sum->110} 4

5 Concurrent Assignment Notation to express function that only states changes in input state. [x 1, x 2,…, x n := e 1, e 2, …, e n ] Each x i ’s new value is e i Evaluated concurrently at initial state Program’s variables do not appear remain same. Example: 1) sum= sum + x; [sum: = sum +x] 2) x = x + y; y = x - y;[x, y: = y, x] x = x - y; 5

6 Conditional Concurrent Assignment Different functions for different conditions. Conditions are evaluated in initial state. Conditions are evaluated sequentially. If multiple conditions hold, function for first matched condition is picked. Example: [x>0 -> sign : = 1 |x sign :=-1 |else -> sign := 0] 6

7 Special Symbols and keywords Identity function denoted by I [n > maxSize -> n:= maxSize| else -> I] undefined: [n > 0 -> avg:= sum/n| else -> undefined] anything [sum, i := sum + ∑ j=i…a.length-1 a[j], anything] while(i<a.length){ sum = + a[i]; i++; } 7

8 Verifying Correctness Verification involves showing two properties: dom of f ⊆ dom of p where f=intended function, p= code function. (p(x) = f(x) for x ∈ dom(f)) Assignment Statement Code function and intended function is often same. @//[x:=x+1] x=x+1; 8

9 Verifying Correctness Sequential Composition Annotated code //@ [n > 0 → sum, avg := sum+a, (sum+a)/n] sum = sum + a; avg = sum / n; Proof of correctness [sum := sum + a]; [n != 0 → avg := sum=n] ≡ [n!= 0 → sum; avg := sum + a;(sum + a)/n] ⊑ [n > 0 → sum; avg := sum + a;(sum + a)/n] 9

10 Sequential Composition(Cont.) Trace table x = x + 1; y = 2 * x; z = x * y; x = x + 1; y = 3 * x; Statementsxyz x = x + 1;x+1 y = 2 * x;2*(x+1) z = x * y;(x+1)*2(x+1) x = x + 1;x+2 y = 3 * x;3(x+2) [x, y, z := x+2, 3(x+2), 2x 2 +4x+2] 10

11 Sequential Composition(Cont.) Modular Verification Annotated code //@ [f0] //@ [f1] S1; //@ [f2] S2; Proof of correctness (f1;f2 ⊑ f0). (S1 ⊑ f1) (S2 ⊑ f2) 11

12 Conditional Trace table p = a * r; if (a < b) b = b - a; else b = b - p; StatementConditionpb p = a * r; if (a < b) b = b - a; a<ba * rb-a p = a * r; if (a < b) b = b - p; a>=ba * r;b- (a*r) [a < b → p, b := a*r, b-a | a ≥ b → p, b := a*r, b-(a*r)] Conditional Statement 12

13 Case Analysis Annotated code //@ [f] if (B) S1; else S2; Proof of correctness (B ⇒ S1 ⊑ f) (¬B ⇒ S2 ⊑ f) Conditional Statement(Cont.) 13

14 //@ [f1] while (B) S //@ [f1] if (B) { S while (B) S } Verifying Iteration //@ [f1] if (B) { S [f1] } More involved as there is no known algorithm to calculate code function for whole statements. Solution: Proof by Induction Intended function is the induction hypothesis. 14

15 Annotated code Verifying Iteration(Cont.) Using induction to prove correctness of while statement. Proof of correctness Need to discharge following three proof obligations: 1) Termination of the loop 2) Basis step: ¬(i < a:length) ⇒ I ⊑ f1 3) Induction step: i < a:length ⇒ f2;f1 ⊑ f1 and the correctness of f2 and its code //@ [f1] if (B) { //@[f2] S [f1] } //@ [f1] while (B) //@[f2] S 15

16 Initialized Loop Uninitialized loop is a Generalization of initialized loop. Loop preceded with initialization computes something useful. Example: /*@ f 1 :[sum, i := sum + ∑ j=i…a.length-1 a[j], anything]*/ while(i<a.length){ //@f 2 : [sum,I := sum + a[i], i+1] sum = + a[i]; i++; } 16

17 Verification of Initialized Loop Annotated code //@ [f0] //@ [f1] S1 //@ [f2] while (B) { //@ [f3] S2 } Proof of correctness Discharging the following proof obligations: 1 ) f1;f2 ⊑ f0. 2) S1 ⊑ f1. 3) while (B) S2 ⊑ f2, which requires the following subproofs. a) Termination of the loop. b) Basis step: ¬B ⇒ I ⊑ f2. c) Induction step: B ⇒ f3;f2 ⊑ f2 and S2 ⊑ f3. 17

18 Exercise Annotate with intended function while (i < a.length) { if (a[i] > k) { r++; } i++; } 18

19 Solution // f 1 : [r, i := r + ∑ j=i…a.length-1 (a[j] > 0 ? 1 : 0), anything] while (i < a.length) { // f 2 : [r, i := a[i] > 0 ? r + 1 : r, i + 1] // [r := a[i] > 0 ? r + 1 : r] if (a[i] > k) { [r:=r+1] r++; } [i:= i+1] i++; } 19

20 Reference Yoonsik Cheon and Melisa Vela. A Tutorial on Functional Program Verification, Technical Report 10-26, Department of Computer Science, University of Texas at El Paso, El Paso, TX, September 2010. 20

Download ppt "A Tutorial on Functional Program Verification TR #10-26 September 2010, revised August 2011 Yoonsik Cheon Melisa Vela Presented by Aditi Barua 1."

Similar presentations

Primitive Recursive Functions (Chapter 3)

Primitive Recursive Functions (Chapter 3)
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
11111 Functional Program Verification CS 4311 A. M. Stavely, Toward Zero Defect Programming, Addison-Wesley, 1999. Y. Cheon and M. Vela, A Tutorial on.

11111 Functional Program Verification CS 4311 A. M. Stavely, Toward Zero Defect Programming, Addison-Wesley, Y. Cheon and M. Vela, A Tutorial on.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
CS 111: Introduction to Programming Midterm Exam NAME _________________ UIN __________________ 10/30/08 1.Who is our hero? 2.Why is this person our hero?

CS 111: Introduction to Programming Midterm Exam NAME _________________ UIN __________________ 10/30/08 1.Who is our hero? 2.Why is this person our hero?
Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.

Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.

Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.
CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.

CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.
CSC2110 Discrete Mathematics Tutorial 5 GCD and Modular Arithmetic

CSC2110 Discrete Mathematics Tutorial 5 GCD and Modular Arithmetic
Introduction to Computers and Programming Lecture 4: Mathematical Operators New York University.

Introduction to Computers and Programming Lecture 4: Mathematical Operators New York University.
© Love Ekenberg The Algorithm Concept, Big O Notation, and Program Verification Love Ekenberg.

© Love Ekenberg The Algorithm Concept, Big O Notation, and Program Verification Love Ekenberg.
4/17/2017 Section 3.6 Program Correctness ch3.6.

4/17/2017 Section 3.6 Program Correctness ch3.6.
Describing Syntax and Semantics

Describing Syntax and Semantics
Section 5.4 1. Section Summary Recursive Algorithms Proving Recursive Algorithms Correct Recursion and Iteration (not yet included in overheads) Merge.

Section Section Summary Recursive Algorithms Proving Recursive Algorithms Correct Recursion and Iteration (not yet included in overheads) Merge.
Programming Logic and Design, Introductory, Fourth Edition1 Understanding Computer Components and Operations (continued) A program must be free of syntax.

Programming Logic and Design, Introductory, Fourth Edition1 Understanding Computer Components and Operations (continued) A program must be free of syntax.
Proofs, Recursion, and Analysis of Algorithms Mathematical Structures for Computer Science Chapter 2 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesProofs,

Proofs, Recursion, and Analysis of Algorithms Mathematical Structures for Computer Science Chapter 2 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesProofs,
Chapter 8: Introduction to High-level Language Programming Invitation to Computer Science, C++ Version, Third Edition.

Chapter 8: Introduction to High-level Language Programming Invitation to Computer Science, C++ Version, Third Edition.

Similar presentations

Ads by Google