Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Naveed Riaz Design and Analysis of Algorithms 1 1 Formal Methods in Software Engineering Lecture # 26.

Published bySusan Bryan Modified over 8 years ago

Similar presentations

Presentation on theme: "Dr. Naveed Riaz Design and Analysis of Algorithms 1 1 Formal Methods in Software Engineering Lecture # 26."— Presentation transcript:

1 Dr. Naveed Riaz Design and Analysis of Algorithms 1 1 Formal Methods in Software Engineering Lecture # 26

2 Dr. Naveed Riaz Design and Analysis of Algorithms 2 2 Conditional Correctness  { P} S {Q}  (initial state) (set of instruction) (Final State)  Expresses the conditional correctness of S  Binary search (pre-condition) - > Array must be in sorted form  Which means that, in-order to work this program properly we need to start with a given condition.  Post Condition: If the key is present then you will get the index, if the key is not present then you will get some value which will tell you that the key is not present (desired output).  If we start with “P” and ended with “Q” then our program is conditional corret.

3 Dr. Naveed Riaz Design and Analysis of Algorithms 3 3 Conditional Correctness  Suppose : post condition: n <0  S: n = n-1  Pre-condition: We started with n=0; n-1; end: n-1  Another point: We started with n = -10 ; n-1; -11  Which means that there are infinite number of values for n which will satisfy the post condition.  Weakest Pre-condition: N <= 0 (infinite possibilities ) and then – then get n <0

4 Dr. Naveed Riaz Design and Analysis of Algorithms 4 4 Weakest Pre-Condition  wp (z : = x, z ≥ y)  x ≥ y  Wp (t := x, t = xo)  x = xo  Wp ( i : = i +1 ; i <= n)  i < n  First and third exmp give many values to satisfy the final state and the middle give just one value

5 Dr. Naveed Riaz Design and Analysis of Algorithms 5 5 Weakest Pre-Condition  Suppose: Array which is not sorted and you want to implement linear search.  Any condition on input: If data is not sorted still the linear search will give you result.  Wp: any arrangement of data in the array will give the out i.e. True  But in Binary search : if your data is not sorted you can not apply binary search  Wp: Specific arrangement required

6 Dr. Naveed Riaz Design and Analysis of Algorithms 6 6 Broad CAT of statements  Assignment statements  Selection ( Control statements)  Loops statements

7 Dr. Naveed Riaz Design and Analysis of Algorithms 7 7 Assignment Axiom  Wp (x : = e, Q(x) ) Q(e) -> e represents an expression  X will have the value which e had before executing the statement  Q(e) denotes the predicate obtained by substituting e for all free occurrences of x in the predicate Q

8 Dr. Naveed Riaz Design and Analysis of Algorithms 8 8 Assignment Axiom  Wp (i : = i-1, i = 0 )  i -1 = 0  Wp (i : = ( l + u ) div 2, l <= i <= u )  l <= ( l + u ) div 2 <= u  Wp (i : = 1, i = 0 )  1 = 0 : false  Hence for single assignment statement “Assignment Axiom perform good but our program contains more than one assignment Statements

9 Dr. Naveed Riaz Design and Analysis of Algorithms 9 9 Rules for Sequential Composition  Suppose that we have only set of assignment statements are given along with post condition so we need to determine the WP  Post condition will be achieved after executing the last statement  Which means that if we are at wp before last statement then -> meet post condition  Means that wp is the post condition for the previous statement  Wp ( S1; S2, Q) Wp ( S1, wp (S2, Q))

10 Dr. Naveed Riaz Design and Analysis of Algorithms 10 Rules for Sequential Composition  Wp (( x: = x +1; y: = y+1 ), x =y  Wp ( x: = x +1, wp (y: = y+1, x =y) -> Group post condition with last statement  Wp ( x: = x +1; x = y+1 ) -> Apply assignment Axiom  x+1 = y+1  x = y  So if we started with initial condition i.e. x= y and then we executed x and y statements then we will end with post condition

11 Dr. Naveed Riaz Design and Analysis of Algorithms 11 Rules for Sequential Composition  Wp (( x: = 2 * x +1; y: = y-1 ), y = 3 * x  Wp (x: = 2 * x +1, wp (y: = y-1, y = 3 * x ) -> Group post condition with last statement  Wp (x: = 2 * x +1; y- 1 = 3 * x ) -> Apply assignment Axiom  y -1 = 3 * ( 2 * x +1)  y = 6 * x + 4 

12 Dr. Naveed Riaz Design and Analysis of Algorithms 12 Rules for Sequential Composition  Pre-condition and post-condition basically gives a specification for a function  Now we have to prove that a function or a set of statements meets its specification  Specification given in the form of pre and post conditions  We can calculate wp from post condition. In the same way we can calculate post condition from wp. But it is easier to work backward i.e. If objective (post condition) is given then it is so easy as compared to hidden objective.

13 Dr. Naveed Riaz Design and Analysis of Algorithms 13 Rules for Sequential Composition  { x = x0 and y = y0 } initial condition  t: = x;  x:=y;  y:=t;  {x = y0 and y = x0} Final output

14 Dr. Naveed Riaz Design and Analysis of Algorithms 14 Rules for Sequential Composition  { x = x0 and y = y0 } t: = x {t = xo and y = y0}  {t = xo and y = y0} post condition become precond  x:=y; y:=t;  { y = x0 and x = y0}  {t = xo and y = y0} x := y {{t = xo and x = y0}  {t = xo and x = y0} y := t { y = x0 and x = y0}

15 Dr. Naveed Riaz Design and Analysis of Algorithms 15 Hoare’s Consequence Rule  Logical Implication  If statement is model by logical implication  P => Q i.e. If P then Q  P => Q Q => R  {Q} S {R} {P} S {Q}  {P} S {R} {P} S {R}

16 Dr. Naveed Riaz Design and Analysis of Algorithms 16 Rules for conditional  {P and C} S {Q}  P and (not C) => Q  {P} If C then S {Q}  If is divided into two portion (i.e. True or False)  So will check both true and false path and if in both cases with end with Q then our program will be correct

17 Dr. Naveed Riaz Design and Analysis of Algorithms 17 Rules for conditional  {P and C} S1 {Q}  {P and (not C)} S2 {Q}  {P} If C then S1 else S2 {Q}  If is divided into two portion (i.e. True or False)  So will check both true and false path and if in both cases with end with Q then our program will be correct

18 Dr. Naveed Riaz Design and Analysis of Algorithms 18 Dijkstra’s Healthiness Condition  wp (S, false) i.e. false – empty set  False – law of excluded miracle  wp (S, true) i.e. true – universal set  termination condition – all states that guarantee termination of S  Second case is special one and normally not in practise  In sequentional statements the program termination is guarantee  When Program may not terminate ?  Stuck in infinite loop

19 Dr. Naveed Riaz Design and Analysis of Algorithms 19 Dijkstra’s Healthiness Condition  In the case of loops when we will give argument about program correctness then => first loop in question actually terminate ( if it did not then no post condition)  If the loop terminate then argue about other  Secondly if loop terminate then what condition occur after it  Wp (while 0 = n do n := n -1, true )  0 <= n  So if we start with any other value of “n” i.e. -1 then we will not get n = 0,

20 Dr. Naveed Riaz Design and Analysis of Algorithms 20 Verification  Invariant  Something which is unchanging  Key to proofs for programs containing loops ( iteration or recursion) Questions seem to ask for the next change Answer lies in determining what does not change

21 Dr. Naveed Riaz Design and Analysis of Algorithms 21 Verification  What was the invariant condition in Dijasktra’s Game? Pulling the ball from jar is an iterative process Parity of white balls count i.e. If we started with even # of white balls we would have black ball at the end If we have started with odd number of white balls then colour of the last ball would be white ball

22 Dr. Naveed Riaz Design and Analysis of Algorithms 22 Verification Invariant => Parity of the white ball does not change i.e. If we take out two white or black balls outside jar, in that case we put a black ball inside jar Number of white balls either reduce by two or zero i.e. Parity does not change Second case: If got different color balls, we put the white ball back into the jar so parity does not change Think: identify the pattern would led us to identify the color of the last ball Why invariant condition is important ?

23 Dr. Naveed Riaz Design and Analysis of Algorithms 23 Verification Why invariant condition is important ? Because of iteration => you want to closer to your objective function You have to follow some pattern which will led's you one step closer to your objective function in iterative process

24 Dr. Naveed Riaz Design and Analysis of Algorithms 24 Classical Problem Can you completely cover the chessboard with these dominoes without partially using a domino? If so how. If not prove that you cannot.

25 Dr. Naveed Riaz Design and Analysis of Algorithms 25 Classical Problem Key of invariant condition i.e. Shape of the tiles which we are using to cover the chessboard ( some information store in color) Given piece will cover one light and one blue tile because on a cheeseboard we do not have two white or black tiles adjusnt to each other We have equal number of blue and white squares on chessboard If do not have equal number of squares then we will not cover the whole chessboard Condition: We have removed two squares of the same color i.e. We are left with more blue then white i.e. 32 blue and 30 whites

Download ppt "Dr. Naveed Riaz Design and Analysis of Algorithms 1 1 Formal Methods in Software Engineering Lecture # 26."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows.

In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.

Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
1 University of Toronto Department of Computer Science © 2001, Steve Easterbrook Lecture 10: Formal Verification Formal Methods Basics of Logic first order.

1 University of Toronto Department of Computer Science © 2001, Steve Easterbrook Lecture 10: Formal Verification Formal Methods Basics of Logic first order.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.

David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.
Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.

Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Simple Example {i = 0} j := i * i {j < 100} Can we ‘verify’ this triple? Only if we know the semantics of assignment.

Simple Example {i = 0} j := i * i {j < 100} Can we ‘verify’ this triple? Only if we know the semantics of assignment.
1 Discrete Structures Lecture 29 Predicates and Programming Read Ch. 10.1 - 10.2.

1 Discrete Structures Lecture 29 Predicates and Programming Read Ch
Predicate Transformers

Predicate Transformers
Program Proving Notes Ellen L. Walker.

Program Proving Notes Ellen L. Walker.
1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.
CS 355 – Programming Languages

CS 355 – Programming Languages
CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.

CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Dr. Muhammed Al-Mulhem 1ICS535-101 ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.

Dr. Muhammed Al-Mulhem 1ICS ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.

Similar presentations

Ads by Google