1 / 26

Exercise Solutions: Functional Verification

Exercise Solutions: Functional Verification. Software Testing and Verification. Prepared by Stephen M. Thebaut, Ph.D. University of Florida. Exercise (from Lecture Notes #21). “Identity” function: x,y := x,y. Given P = if x>=y then x,y := y,x f 1 = (x>y  x,y := y,x | true  I )

tatiana-fitzgerald
Download Presentation

Exercise Solutions: Functional Verification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exercise Solutions: Functional Verification Software Testing and Verification Prepared by Stephen M. Thebaut, Ph.D. University of Florida

  2. Exercise (from Lecture Notes #21) “Identity” function: x,y := x,y • Given P = if x>=y then x,y := y,x f1 = (x>y  x,y := y,x | true  I) f2 = (x>y x,y := y,x | x<y  I) f3 = (x≠y x,y := y,x) • Fill in the following “correctness table”: P C=Complete S=Sufficient N=Neither f1 f2 f3

  3. Exercise (from Lecture Notes #22) • Prove f = [A] where f = (x=17  x,y := 17,20 | true  x,y := x,-x) and A is: if x= 17 then y := x+3 else y := -x end_if_else

  4. if_then_else Correctness Conditions • Complete correctness conditions for f = [if p then G else H] (where g = [G] and h = [H] have already been shown): Prove: p (f = g) Л ¬p (f = h) • Working correctness questions: • When p is true, does f equal g? • When p is false, does f equal h?

  5. Proof that f = [P] f = (x=17  x,y := 17,20 | true  x,y := x,-x) A: if x=17 then y := x+3 G else y := -x H end_if_else By observation, g = x,y := x,x+3 h = x,y := x,-x

  6. Proof that f = [P] (cont’d) • Therefore, by the Axiom of Replacement, it is sufficient to show: f = (x=17  x,y := 17,20 | true  x,y := x,-x) = [if x=17 then (x,y := x,x+3)else(x,y := x,-x)] When p is true does f equal g? (x=17)  (f = (x,y := 17,20)) (x=17)  (g = (x,y := x,x+3) √ = (x,y := 17,20)) When p is false does f equal h? (x≠17)  (f = (x,y := x,-x)) (x≠17)  (h = (x,y := x,-x)) g h p √

  7. Exercise 1 (from Lecture Notes #23) • For program M below, where all variables are integers, hypothesize a function f for [M] and prove f = [M]. while i<n do t := t*x i := i+1 end_while Hypothesized f: (i<n  i,t := n,txn-i | i≥n  I) Alternative f: (i≤n  i,t := n,txn-i | i>n  I) Does it make any difference which we use?

  8. while_do Correctness Conditions • Complete correctness conditions for f = [while p do g] (where g = [G] has already been shown): Prove: term(f,M)Л p (f = f o g) Л ¬p(f = I)

  9. while_do Correctness Conditions (cont’d) • Working correctness questions: • Is loop termination guaranteed for any argument of f ? • When p is true does f equal f composed with g? • When p is false does f equal Identity?

  10. Proof that f = [M] f = (i<n  i,t := n,txn-i | i≥n  I) M: while i<n do t := t*x i := i+1 end_while By observation, g = [G] = (i,t := i+1,tx) • Is loop termination guaranteed for any argument in D(f)? YES. (Show this using the Method of Well-Founded Sets.) p G

  11. Proof that f = [M] (cont’d) • Does (i≥n)  ( f = I )? √ ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

  12. Proof that f = [M] (cont’d) • Does (i≥n)  ( f = I )? √ • Does (i<n)  ( f = f o g )? (i<n)  ( f = i,t := n,txn-i) (i<n)  ( f o g = f o (i,t := i+1,tx)) What is f when appliedafter g changes the initial value ofi? There are two cases to consider: i=n-1 & i<n-1 ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

  13. Proof that f = [M] (cont’d) • Does (i<n)  ( f = f o g )? case a: (i=n-1)  ( f = i,t := n,txn-(n-1) = i,t := n,tx) (i=n-1)  ( f o g =?o (i,t := i+1,tx) = ?o (i,t := n-1+1,tx) = Io (i,t := n,tx) since gi(i=n-1) = n ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

  14. Proof that f = [M] (cont’d) • Does (i<n)  ( f = f o g )? case a: √ (i=n-1)  ( f = i,t := n,txn-(n-1) = i,t := n,tx) (i=n-1)  ( f o g =?o (i,t := i+1,tx) = ?o (i,t := n-1+1,tx) = Io (i,t := n,tx) = (i,t := n,tx) ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

  15. Proof that f = [M] (cont’d) • Does (i<n)  ( f = f o g )? case b: (i<n-1)  ( f = i,t := n,txn-i) (i<n-1)  ( f o g = (i,t := n,txn-i) o (i,t := i+1,tx) since gi(i<n-1) < n ( Recall: f = (i<n i,t := n,txn-i | i≥n  I))

  16. Proof that f = [M] (cont’d) • Does (i<n)  ( f = f o g )? √ case b: √ (i<n-1)  ( f = i,t := n,txn-i ) (i<n-1)  ( f o g = (i,t := n,txn-i) o (i,t := i+1,tx) = (i,t := n,(tx)xn-(i+1)) = (i,t := n,(tx)xn-i-1) = (i,t := n,txn-i-1+1) = (i,t := n,txn-i) ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

  17. Exercise 2 (from Lecture Notes #23) • For program R below, where all variables are integers, hypothesize a function r for [R] and prove r = [R]. repeat: x := x−1 y := y+2 until x=0 Hypothesized r: (x>0  x,y := 0,y+2x)

  18. repeat_until Correctness Conditions • Complete correctness conditions for f = [P] = [repeat g until p] (where g = [G] has already been shown): Prove: term(f,P)Л (p o g)  (f = g) Л ¬(p o g) (f = f o g)

  19. Proof that r = [R] r = (x>0  x,y := 0,y+2x) R: repeat: x := x−1 y := y+2 until x=0 By observation, g = [G] = (x,y := x-1,y+2) • Is loop termination guaranteed for any argument in D(r)? YES. (Show this using the Method of Well-Founded Sets.) G p

  20. Proof that r = [R] (cont’d) • Does (pog) (r = g) ? [(x=0) o(x,y := x-1,y+2) ]  (x0=1) (x=1)  ( r = (x,y := 0,y+2x) = (x,y := 0,y+2) ) (x=1)  ( g = (x,y := x-1,y+2) = (x,y := 0,y+2) ) √ ( Recall: r = (x>0  x,y := 0,y+2x) )

  21. Proof that r = [R] (cont’d) • Does ¬(pog) (r = r o g) ? ¬[(x=0) o(x,y := x-1,y+2) ]  (x0≠1) Thus, there are 2 cases to consider: x0<1 and x0>1. case a: (x<1)  ( r = undefined) (x<1)  ( r o g = undefined o g = undefined ) since ((x>0) o g(x<1)) = false √ ( Recall: r = (x>0  x,y := 0,y+2x) )

  22. Proof that r = [R] (cont’d) case b: (x>1)  ( r = (x,y := 0,y+2x) ) (x>1)  ( r o g = (x,y := 0,y+2x) o (x,y := x-1,y+2) since ((x>0) o g(x>1)) = true = (x,y := 0,(y+2)+2(x-1)) = (x,y := 0,(y+2+2x-2)) = (x,y := 0,y+2x) ) Therefore, ¬(p o g) (r = r o g) √ √ ( Recall: r = (x>0  x,y := 0,y+2x) )

  23. Exercise (from Lecture Notes #24) • Derive a limited invariant for the initialized while loop using the Invariant Status Theorem. What function, h, is computed by the loop initialization? {true} Z := X J := 1 while J<>Y do Z := Z+X J := J+1 end_while {Z=XY} (Z,J := X,1) What function, f, is computed by the while loop? (J≤Y  Z,J,X := Z+X(Y-J),Y,X)

  24. For f = (J≤Y  Z,J,X := Z+X(Y-J),Y,X), and h = (Z,J := X,1), an invariant qh(X)=( f(X)=foh(X0) )can be derived by tabulating f(X) and foh(X0) for each member of the data space: and equating components of f(X) and foh(X0): X f(X) foh(X0) Z Z+X(Y-J) X0+X0(Y0-1) J Y Y0 X XX0 Z+X(Y-J)= X0+X0(Y0-1) Y = Y0 X = X0

  25. equating f(X) and foh(X0): Z+X(Y-J)= X0+X0(Y0-1) Y = Y0 X = X0 Z+X(Y-J)= X+X(Y-1) Z= X+X(Y-1) - X(Y-J) = XJ Recall that in Example 3 of Lecture 18, we proved the given assertion using this invariant.

  26. Exercise Solutions: Functional Verification Software Testing and Verification Prepared by Stephen M. Thebaut, Ph.D. University of Florida

More Related