1 / 33

Problem Set 5: Axiomatic Verification

Problem Set 5: Axiomatic Verification. Hints and Notes. Consider the assertion of weak correctness:

wenda
Download Presentation

Problem Set 5: Axiomatic Verification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Problem Set 5: Axiomatic Verification Hints and Notes

  2. Consider the assertion of weak correctness: {z<0} s {y=z+1}. Which of the following observations/facts would allow one to deduce that the assertion is FALSE and which would not? Consider the observations individually and briefly justify your answer for each. • When the initial value of z is 3, the value of y is 4 when s terminates. • When the initial value of z is -1, the value of y is 17 when s terminates. • When the initial value of z is -3, the program does not terminate.

  3. Consider the assertion of weak correctness: {z<0} s {y=z+1}. Which of the following observations/facts would allow one to deduce that the assertion is FALSE and which would not? Consider the observations individually and briefly justify your answer for each. • When the initial value of z is 3, the value of y is 4 when s terminates. Wound not: pre-condition not satisfied • When the initial value of z is -1, the value of y is 17 when s terminates. • When the initial value of z is -3, the program does not terminate.

  4. Consider the assertion of weak correctness: {z<0} s {y=z+1}. Which of the following observations/facts would allow one to deduce that the assertion is FALSE and which would not? Consider the observations individually and briefly justify your answer for each. • When the initial value of z is 3, the value of y is 4 when s terminates. Wound not: pre-condition not satisfied • When the initial value of z is -1, the value of y is 17 when s terminates. • When the initial value of z is -3, the program does not terminate.

  5. Consider the assertion of weak correctness: {z<0} s {y=z+1}. Which of the following observations/facts would allow one to deduce that the assertion is FALSE and which would not? Consider the observations individually and briefly justify your answer for each. • When the initial value of z is 3, the value of y is 4 when s terminates. Wound not: pre-condition not satisfied • When the initial value of z is -1, the value of y is 17 when s terminates. Wound not: Q may or may not hold in this case • When the initial value of z is -3, the program does not terminate.

  6. Consider the assertion of weak correctness: {z<0} s {y=z+1}. Which of the following observations/facts would allow one to deduce that the assertion is FALSE and which would not? Consider the observations individually and briefly justify your answer for each. • When the initial value of z is 3, the value of y is 4 when s terminates. Wound not: pre-condition not satisfied • When the initial value of z is -1, the value of y is 17 when s terminates. Wound not: Q may or may not hold in this case • When the initial value of z is -3, the program does not terminate.

  7. Consider the assertion of weak correctness: {z<0} s {y=z+1}. Which of the following observations/facts would allow one to deduce that the assertion is FALSE and which would not? Consider the observations individually and briefly justify your answer for each. • When the initial value of z is 3, the value of y is 4 when s terminates. Wound not: pre-condition not satisfied • When the initial value of z is -1, the value of y is 17 when s terminates. Wound not: Q may or may not hold in this case • When the initial value of z is -3, the program does not terminate. Wound not: weak correctness does not require termination

  8. 2. {x>y} temp := x x := y y := temp if temp>z then y := z z := temp if x>y then temp := x x := y y := temp end_if end_if {x≤y≤z}

  9. 2. {x>y} temp := x {x>y Л temp=x Лtemp>y} x := y y := temp if temp>z then y := z z := temp if x>y then temp := x x := y y := temp end_if end_if {x≤y≤z}

  10. 2. {x>y} temp := x {x>y Л temp=x Лtemp>y} x := y {x=y Лtemp>y Лtemp>x} y := temp if temp>z then y := z z := temp if x>y then temp := x x := y y := temp end_if end_if {x≤y≤z}

  11. 2. {x>y} temp := x {x>y Л temp=x Лtemp>y} x := y {x=y Лtemp>y Лtemp>x} y := temp {y=temp Л temp>x Лy>x} if temp>z then y := z z := temp if x>y then temp := x x := y y := temp end_if end_if {x≤y≤z}

  12. 2. {x>y} temp := x {x>y Л temp=x Лtemp>y} x := y {x=y Лtemp>y Лtemp>x} y := temp {y=temp Л temp>x Лy>x} if temp>z then y := z z := temp if x>y then temp := x x := y y := temp end_if end_if {x≤y≤z} S1 S2

  13. 2. (cont'd) {y=temp Л temp>x Л y>x} if temp>z then S1 {x≤y≤z}

  14. 2. (cont'd) {y=temp Л temp>x Л y>x} if temp>z then S1 {x≤y≤z} Using the if-then ROI, we need to show: (1) {y=temp Л temp>x Л y>x Лtemp>z} S1 {x≤y≤z} ? (2) (y=tempЛtemp>x Л y>xЛtemp≤z) => x<y≤z => Q

  15. 2. (cont'd) {y=temp Л temp>x Л y>x} if temp>z then S1 {x≤y≤z} Using the if-then ROI, we need to show: (1) {y=temp Л temp>x Л y>x Лtemp>z} S1 {x≤y≤z} ? (2) (y=tempЛtemp>x Л y>xЛtemp≤z) => x<y≤z => Q For (1) above we have: {y=temp Л temp>x Лy>x Л temp>z} y := z z := temp if x>y then S2 {x≤y≤z} ?

  16. 2. (cont'd) {y=temp Л temp>x Л y>x} if temp>z then S1 {x≤y≤z} Using the if-then ROI, we need to show: (1) {y=temp Л temp>x Л y>x Лtemp>z} S1 {x≤y≤z} ? (2) (y=tempЛtemp>x Л y>xЛtemp≤z) => x<y≤z => Q For (1) above we have: {y=temp Л temp>x Лy>x Л temp>z} y := z {y=zЛtemp>xЛtemp>z Лtemp>y} z := temp if x>y then S2 {x≤y≤z} ?

  17. 2. (cont'd) {y=temp Л temp>x Л y>x} if temp>z then S1 {x≤y≤z} Using the if-then ROI, we need to show: (1) {y=temp Л temp>x Л y>x Лtemp>z} S1 {x≤y≤z} ? (2) (y=tempЛtemp>x Л y>xЛtemp≤z) => x<y≤z => Q For (1) above we have: {y=temp Л temp>x Лy>x Л temp>z} y := z {y=zЛtemp>xЛtemp>z Лtemp>y} z := temp {z=tempЛtemp>x Лtemp>y Лz>x Лz>y} if x>y then S2 {x≤y≤z} ?

  18. 2. (cont'd) {y=temp Л temp>x Л y>x} if temp>z then S1 {x≤y≤z} Using the if-then ROI, we need to show: (1) {y=temp Л temp>x Л y>x Лtemp>z} S1 {x≤y≤z} ? (2) (y=tempЛtemp>x Л y>xЛtemp≤z) => x<y≤z => Q For (1) above we have: {y=temp Л temp>x Лy>x Л temp>z} y := z {y=zЛtemp>xЛtemp>z Лtemp>y} z := temp {z=tempЛtemp>x Лtemp>yЛz>x Лz>y} if x>y then S2 {x≤y≤z} ? for which the if-then ROI may be used a second time.

  19. 3. Prove the following assertion using the While-Loop Rule of Inference. Show all steps. {N≥1} Found := false Index := N while (Index>0 & (not Found)) do if Key=List[Index] then Found := true else Index := Index-1 end_if_else end_while {(Found Л Key=List[Index]) V (~Found Л 1≤ i ≤ N • Key  List[i])}

  20. 3. Prove the following assertion using the While-Loop Rule of Inference. Show all steps. {N≥1} Found := false Index := N while (Index>0 & (not Found)) do if Key=List[Index] then Found := true else Index := Index-1 end_if_else end_while {(Found Л Key=List[Index]) V (~Found Л 1≤ i ≤ N • Key  List[i])} What invariant, I, can be used to prove this?

  21. 3. Prove the following assertion using the While-Loop Rule of Inference. Show all steps. {N≥1} Found := false Index := N while (Index>0 & (not Found)) do if Key=List[Index] then Found := true else Index := Index-1 end_if_else end_while {(Found Л Key=List[Index]) V (~Found Л 1≤ i ≤ N • Key  List[i])} I = (Found Л…) V (~Found Л…)

  22. 3. Prove the following assertion using the While-Loop Rule of Inference. Show all steps. {N≥1} Found := false Index := N while (Index>0 & (not Found)) do if Key=List[Index] then Found := true else Index := Index-1 end_if_else end_while {(Found Л Key=List[Index]) V (~Found Л 1≤ i ≤ N • Key  List[i])} I = (Found ЛKey=List[Index]) V (~Found Л…)

  23. 3. Prove the following assertion using the While-Loop Rule of Inference. Show all steps. {N≥1} Found := false Index := N while (Index>0 & (not Found)) do if Key=List[Index] then Found := true else Index := Index-1 end_if_else end_while {(Found Л Key=List[Index]) V (~Found Л 1≤ i ≤ N • Key  List[i])} I = (Found ЛKey=List[Index]) V (~Found Л Index < i ≤ N, Key<>List[i])

  24. 4. Prove the following assertion using a suitable Rule of Inference for the Repeat_Until-Loop. Clearly state the Rule of Inference and show all steps. (Hint: Do NOT include P => I as an antecedent in your rule.)

  25. 4. Prove the following assertion using a suitable Rule of Inference for the Repeat_Until-Loop. Clearly state the Rule of Inference and show all steps. (Hint: Do NOT include P => I as an antecedent in your rule.) {P} {P} repeat s until b {Q} s T b F {Q}

  26. 4. Prove the following assertion using a suitable Rule of Inference for the Repeat_Until-Loop. Clearly state the Rule of Inference and show all steps. (Hint: Do NOT include P => I as an antecedent in your rule.) {P} {P} repeat s until b {Q} s I T b F {Q}

  27. 4. Prove the following assertion using a suitable Rule of Inference for the Repeat_Until-Loop. Clearly state the Rule of Inference and show all steps. (Hint: Do NOT include P => I as an antecedent in your rule.) {P} {P} s {I}, {P} repeat s until b {Q} s I T b F {Q}

  28. 4. Prove the following assertion using a suitable Rule of Inference for the Repeat_Until-Loop. Clearly state the Rule of Inference and show all steps. (Hint: Do NOT include P => I as an antecedent in your rule.) {P} {P} s {I}, {IЛ ~b} s {I}, {P} repeat s until b {Q} s I T b F {Q}

  29. 4. Prove the following assertion using a suitable Rule of Inference for the Repeat_Until-Loop. Clearly state the Rule of Inference and show all steps. (Hint: Do NOT include P => I as an antecedent in your rule.) {P} {P} s {I}, {IЛ ~b} s {I}, (IЛ b)=>Q {P} repeat s until b {Q} s I T b F {Q}

  30. 6. Consider the following HYPOTHESIZED rules of inference for the "while" construct: P => (~b Л Q) a. -----------------------------? {P} while b do s {Q} {P Л b} s {I}, {IЛ b} s {I}, (IЛ~b) => Q b. -----------------------------------------------------? {P} while b do s {Q} …Clearly indicate whether or not the rule is valid. If valid, provide an assertion of the form {P} while b do S {Q} for which it could be used. If not valid, prove this by providing a counterexample.

  31. 6. Consider the following HYPOTHESIZED rules of inference for the "while" construct: P => (~b Л Q) a. -----------------------------? {P} while b do s {Q} {P Л b} s {I}, {IЛ b} s {I}, (IЛ~b) => Q b. -----------------------------------------------------? {P} while b do s {Q} …Clearly indicate whether or not the rule is valid. If valid, provide an assertion of the form {P} while b do S {Q} for which it could be used. If not valid, prove this by providing a counterexample.

  32. 6. Consider the following HYPOTHESIZED rules of inference for the "while" construct: P => (~b Л Q) a. -----------------------------? {P} while b do s {Q} The rule is valid, since the antecedent implies that whenever the pre-condition, P, holds, the false branch will be executed and Q holds. The rule could be employed, for example, to prove: {x=17} while x<0 do x := 0 {x>0}

  33. 6. Consider the following HYPOTHESIZED rules of inference for the "while" construct: {P Л b} s {I}, {IЛ b} s {I}, (IЛ~b) => Q b. -----------------------------------------------------? {P} while b do s {Q} …Clearly indicate whether or not the rule is valid. If valid, provide an assertion of the form {P} while b do S {Q} for which it could be used. If not valid, prove this by providing a counterexample.

More Related