09 - Program verification
Upcoming SlideShare
Loading in...5
×
 

09 - Program verification

on

  • 757 views

 

Statistics

Views

Total Views
757
Views on SlideShare
757
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

09 - Program verification 09 - Program verification Presentation Transcript

  • Programverificationand testing www.tudorgirba.com
  • 1 ne 5 fl ight 50Aria
  • -25 ac cidentsTherac
  • g tium F DIV buPen
  • Testing Verificationrun the program formally prove thatwith a set of inputs and the programcheck the output for defects has no defects
  • : E xample mbers u atural nmax of 2 n
  • if (x ≥ y) max := xelse max := y : E xample mbers u atural n max of 2 n
  • x = 2y = 3if (x ≥ y) max := xelse max := y : E xample mbers u atural n max of 2 n
  • x = 2y = 3if (x ≥ y) max := xelse max := ymax = 3 : E xample mbers u atural n max of 2 n
  • : E xample mbers u atural nmax of 2 n
  • if (x ≥ y) max := xelse max := y : E xample mbers u atural n max of 2 n
  • (x ≥ 0 ∧ y ≥ 0)if (x ≥ y) max := xelse max := y : E xample mbers u atural n max of 2 n
  • (x ≥ 0 ∧ y ≥ 0)if (x ≥ y) max := xelse max := y(max ≥ x) ∧(max ≥ y) ∧(max = x ∨ max = y) : E xample mbers u atural n max of 2 n
  • computationinformation information computer
  • program S {P} {Q}precondition postcondition
  • Partial correctness {P} S {Q} [P] S [Q]Total correctness
  • Skip {Q} Skip {Q}Abort {P} Abort {False}Assignment {Q[x/E]} x := E {Q}
  • P: (x > 1)S: x := x + 1 le Examp
  • P: (x > 1)S: x := x + 1Q: (x > 2) le Examp
  • S: x := x + 2Q: (x = y) le Examp
  • P: (x = y - 2)S: x := x + 2Q: (x = y) le Examp
  • {P} S1 {Q} , {Q} S2 {R}Sequence {P} S1;S2 {R} {P∧B} S1 {Q} , {P∧¬B} S2 {Q}Conditional {P} if B then S1 else S2 {Q}
  • P I ∧ ({I∧B} S {I}) , (I ∧ ¬B Q)While loop {P} while B do S end {Q}
  • P I ∧ ({I∧B} S {I}) , (I ∧ ¬B Q)While loop {P} while B do S end {Q}Loop invariant II = property which stays true before and after every loop0. initial condition: P I;1. iterative (inductive) condition: {I ∧ B} s {I};2. final condition: I ∧ ¬B Q
  • P: (x ≥ 0) ∧ (y > 0)S: quo := 0; rem := x; while (y ≤ rem) do rem = rem − y; quo = quo + 1 endQ: (quo ∗ y + rem = x) ∧ (0 ≤ rem < y) : E xample inder n d rema s Qu otient a 2 integer ng o f dividi
  • while (lo < hi) { m = (lo + hi) / 2; if (n > m) lo = m + 1; else hi = m; } n = lo; ch : bina ry sear E xample
  • I: lo <= n ∧ n <= hiwhile (lo < hi) { lo <= n ∧ n <= hi*/ /*I: m = (lo + hi) / 2; if (n > m) /* in both cases: lo <= n ∧ n <= hi */ lo = m + 1; /* n > m => n >= m+1 => n >= lo */ else hi = m; /* !(n < m) => n <= m => n <= hi */} /* I stays true */n = lo; /* lo<=n ∧ n<=hi ∧ !(lo<hi) => lo==n ∧ n==hi */ ch : bina ry sear E xample
  • Weakest Precondition wp(S, Q)∀ {P} S {Q} :: P wp(S,Q)
  • Verification of {P} S {Q}1. Compute wp(S, Q)2. Prove P wp(S, Q)
  • Assignmentwp(x:=A, Q) = Qx←AArray Assignmentwp(a[x]:=A, Q) = Qa←a′
  • Assignmentwp(x:=A, Q) = Qx←Awp(x:=5,x+y=6) = 5+y = 6wp(x:=x+1,x+y=6) = x+1+y = 6Array Assignmentwp(a[x]:=A, Q) = Qa←a′
  • Assignmentwp(x:=A, Q) = Qx←Awp(x:=5,x+y=6) = 5+y = 6wp(x:=x+1,x+y=6) = x+1+y = 6Array Assignmentwp(a[x]:=A, Q) = Qa←a′wp(a[1]:=x+1, a[1]=a[2]) = a′[1]=a′[2] where a′[1] = x +1, a′[i] = a[i], ∀ i ≠ 1 = x+1=a[2]
  • Sequencingwp(S1; S2, Q) wp(S1, wp(S2, Q)) =
  • Sequencingwp(S1; S2, Q) wp(S1, wp(S2, Q)) = wp(x:=x+1;y:=y+x,y>10)
  • Sequencingwp(S1; S2, Q) wp(S1, wp(S2, Q)) = wp(x:=x+1;y:=y+x,y>10) = wp(x:=x+1,wp(y:=y+x,y>10)) wp(x:=x+1, y+x>10) = = y+x+1>10
  • Conditionalwp(if (B) then S1 else S2, Q) = (B wp(S1, Q)) ∧ (¬B wp(S2, Q))
  • Conditionalwp(if (B) then S1 else S2, Q) = (B wp(S1, Q)) ∧ (¬B wp(S2, Q))Q: (max ≥ x) ∧ (max ≥ y) ∧ (max = x ∨ max = y)
  • Conditionalwp(if (B) then S1 else S2, Q) = (B wp(S1, Q)) ∧ (¬B wp(S2, Q))Q: (max ≥ x) ∧ (max ≥ y) ∧ (max = x ∨ max = y)(x≥y wp(max:=x, Q))∧(x<y wp(max:=y, Q) =
  • Conditionalwp(if (B) then S1 else S2, Q) = (B wp(S1, Q)) ∧ (¬B wp(S2, Q))Q: (max ≥ x) ∧ (max ≥ y) ∧ (max = x ∨ max = y)(x≥y wp(max:=x, Q))∧(x<y wp(max:=y, Q) = (x≥y Qmax←x) ∧ (x<y Qmax←y) =
  • Conditionalwp(if (B) then S1 else S2, Q) = (B wp(S1, Q)) ∧ (¬B wp(S2, Q))Q: (max ≥ x) ∧ (max ≥ y) ∧ (max = x ∨ max = y)(x≥y wp(max:=x, Q))∧(x<y wp(max:=y, Q) = (x≥y Qmax←x) ∧ (x<y Qmax←y) = (x≥y ((x≥x) ∧ (x≥y) ∧ (x=x ∨ x=y)) ∧
  • Conditionalwp(if (B) then S1 else S2, Q) = (B wp(S1, Q)) ∧ (¬B wp(S2, Q))Q: (max ≥ x) ∧ (max ≥ y) ∧ (max = x ∨ max = y)(x≥y wp(max:=x, Q))∧(x<y wp(max:=y, Q) = (x≥y Qmax←x) ∧ (x<y Qmax←y) = (x≥y ((x≥x) ∧ (x≥y) ∧ (x=x ∨ x=y)) ∧ ((x<y ((y≥x) ∧ (y≥y) ∧ (y=x ∨ y=y))
  • While loopL = while (B) do S endwp(L,Q) I ∧ = ∀y, ((B ∧ I) wp(S, I ∧ x < y)) ∀y, ((¬B ∧ I) Q)
  • While loopL = while (B) do S endwp(L,Q) I ∧ = ∀y, ((B ∧ I) wp(S, I ∧ x < y)) ∀y, ((¬B ∧ I) Q)Loop verificationI = property which stays true before and after every loop0. P I;1. I∧B wp(s, I);2. I∧¬B Q.
  • P: (x≥0) ∧ (y>0)S: quo := 0; rem := x; while (y ≤ rem) do rem = rem − y; quo = quo + 1 endQ: (quo∗y+rem=x) ∧ (0≤rem<y) : E xample inder n d rema s Qu otient a 2 integer ng o f dividi
  • P: (x≥0) ∧ (y>0)S: quo := 0; rem := x;I: (quo∗y+rem=x) ∧ (rem≥0) ∧ (y>0) ∧ (x≥0) while (y ≤ rem) do rem = rem − y; quo = quo + 1 endQ: (quo∗y+rem=x) ∧ (0≤rem<y) : E xample inder n d rema s Qu otient a 2 integer ng o f dividi
  • P: (x≥0) ∧ (y>0)I: (quo∗y+rem=x) ∧ (rem≥0) ∧ (y>0) ∧ (x≥0)Q: (quo∗y+rem=x) ∧ (0≤rem<y)(x ≥ 0) ∧ (y > 0) (x = x) ∧ (x ≥ 0) ∧ (x ≥ 0) ∧ (y > 0)(x=rem+y∗quo) ∧ (x≥0) ∧ (rem≥0) ∧ (y>0) ∧ (y≤rem) (x = (rem − y) + y ∗ (quo + 1)) ∧ x ≥ 0 ∧ rem − y ≥ 0 ∧ y > 0(x=rem+y∗quo) ∧ (x≥0) ∧ (rem≥0) ∧ (y>0) ∧ (y>rem) (x = rem + y ∗ quo) ∧ (0 ≤ rem < y) : E xample tions n condi ve rificatio
  • program S {P} {Q}precondition postcondition
  • Tudor Gîrba www.tudorgirba.comcreativecommons.org/licenses/by/3.0/