1 / 24

Functional Verification I

Functional Verification I. Software Testing and Verification Lecture Notes 21. Prepared by Stephen M. Thebaut, Ph.D. University of Florida. Overview of Functional Verification Topics. Lecture Notes #21 - Functional Verification I Introduction

satinka
Download Presentation

Functional Verification I

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Functional Verification I Software Testing and Verification Lecture Notes 21 Prepared by Stephen M. Thebaut, Ph.D. University of Florida

  2. Overview of Functional Verification Topics Lecture Notes #21 - Functional Verification I • Introduction • Verifying correctness in program reading, writing, and validation • Complete and sufficient correctness • Compound programs and the Axiom of Replacement Lecture Notes #22 - Functional Verification II • Correctness conditions and working correctness questions: sequencing and decision statements

  3. Overview of Functional Verification Topics Lecture Notes #23 - Functional Verification III • Iteration Recursion Lemma (IRL) (Very Cool!) • Termination predicate • Correctness conditions for while_do statement • Sufficient correctness conditions • Correctness conditions for repeat_until statement • Subgoal Induction Lecture Notes #24 – Functional Verification IV • Invariant Status Theorem (EXTREMELY Cool!) • While Loop Initialization

  4. Today’s Topics: • Introduction • Verifying correctness in program reading, writing, and validation • Complete and sufficient correctness • Compound programs and the Axiom of Replacement

  5. Introduction • What is functional verification? A methodology originally developed by Mills for verifying program correctness with respect to an intended function specification. It represents a viable alternative to the axiomatic verification method developed by Hoare and Floyd.

  6. Introduction (cont’d) • References: Linger, Mills, & Witt, Structured Programming: Theory and Practice, Addison-Wesley, 1979. Dunlop & Basili, “A Comparative Analysis of Functional Correctness,” Computing Surveys, Vol. 14, No. 2, June 1982.† Linger, “Cleanroom Software Engineering for Zero-Defect Software,” Proceedings, 15th Int. Conf. on Soft. Eng. (1993), IEEE Computer Society Press.† † Required readings.

  7. Tasks in Program Reading, Writing, and Verification • Program Reading: • Abstract a given program construct (e.g., an if_then_ else statement) into a hypothesized function f. • To confirm that your understanding of the program is correct, show: f = [if p then G else H]

  8. Tasks in Program Reading, Writing, and Verification (cont’d) • Program Writing: • Expand a given function finto a hypothesized program construct (e.g., an if_then_else statement). • To confirm that your expansion of f into a program is correct, show: f = [if p then G else H]

  9. Tasks in Program Reading, Writing, and Verification (cont’d) • Program Verification: • You are given both function f and its hypothesized program expansion (e.g., an if_then_ else statement). • To confirm the correctness of the hypothesized program expansion with respect to f, show: f = [if p then G else H]

  10. Tasks in Program Reading, Writing, and Verification (cont’d) • In all three cases, the final task is to confirm the equivalence (or subset relationship) of two expressions, each representing the function of a program.

  11. Complete and Sufficient Correctness • Given a function f and a program P (claimed to implement f ), correctness is concerned with one of two questions: • Is f = [P] ? (“Is f equivalent to the function computed by P ?”) – A question of complete correctness. • Is f  [P] ? (“Is f a subset of the function computed by P ?”) – A question ofsufficient correctness.

  12. Complete and Sufficient Correctness (cont’d) • In the case of complete correctness,P computes the correct values of f for arguments in D(f) only; [P]is undefined (P does not terminate) for arguments outside D(f). • In the case ofsufficient correctness,P may compute values from arguments not in D(f). • Note that, by definition, f = [P] impliesf  [P]

  13. Correctness Relationships (X,Y)f(X,Y)[P] (X,Y)f  (X,Y)[P] [P] f f [P] (X,Y)f (X,Y)[P] (X,Y)f (X,Y)[P] [P], f [P] f

  14. Example • For integers x,y consider the function: f = (y≥0  x,y := x+y,0) and the programs: P1 = while y>0 do x,y := x+1,y-1 P2 = while y<>0 do x,y := x+1,y-1 Use heuristics to hypothesize functions for P1and P2 and compare these to f.

  15. Example (cont’d) • Consider P1 = while y>0 do x,y := x+1,y-1 y>0  y=0  y<0  f = (y≥0  x,y := x+y,0)

  16. Example (cont’d) • Consider P2 = while y<>0 do x,y := x+1,y-1 y>0  y=0  y<0  f = (y≥0  x,y := x+y,0)

  17. Example (cont’d) • Both programs satisfy sufficient correctness. (Both correctly compute f(x,y) for y≥0.) • Only P2 satisfies complete correctness. (P1 terminates for negative y.)

  18. Defensive Programming: Handling Invalid Inputs • f and P can be redefinedto handle invalid inputs: f’ = (y≥0  x,y,z := x+y,0,z | true  x,y,z := x,y,‘error’) P’ = if y<0 then z := ‘error’ else while y>0 do x,y := x+1,y-1 end_while end_if_then_else • Does f’ = [P’] ?

  19. Exercise “Identify” function: x,y := x,y • Given P = if x>=y then x,y := y,x f1 = (x>y  x,y := y,x | true  I) f2 = (x>y x,y := y,x | x<y  I) f3 = (x≠y x,y := y,x) • Fill in the following “correctness table”: P C=Complete (and Sufficient) S=Sufficient (only) N=Neither f1 f2 f3

  20. Compound Programs and the Axiom of Replacement • The algebraic structure of compound program P permits decomposition into a hierarchy of abstractions. • The proof of correctness of P is thereby decomposed into a proof of correctness of each such abstraction.

  21. Compound Programs and the Axiom of Replacement (cont’d) • For example, to show that compound program Fimplements function f, where F = if p then Gelse H and G, H are themselves programs: • hypothesize functions g, h and attempt to prove g = [G] and h = [H]

  22. Compound Programs and the Axiom of Replacement (cont’d) • If successful, use the Axiom of Replacementto reduce the problem to proving f = if p then gelse h • If successful again, you will have proved f = [F]

  23. Compound Programs and the Axiom of Replacement (cont’d) • Thus, the Axiom of Replacement allows one to prove the correctness of complex programs in a bottom-up, incremental fashion. • In the next lecture, we consider correctness conditions for sequencing and decision statements.

  24. Functional Verification I Software Testing and Verification Lecture Notes 21 Prepared by Stephen M. Thebaut, Ph.D. University of Florida

More Related