Loading...

PPT – Problem Set 5: Axiomatic Verification PowerPoint presentation | free to download - id: 72ff11-OTk0M

The Adobe Flash plugin is needed to view this content

Problem Set 5 Axiomatic Verification

- Hints and Notes

- Consider the assertion of weak correctness
- zlt0 s yz1. Which of the following

observations/facts would allow one to deduce that

the assertion is FALSE and which would not?

Consider the observations individually and

briefly justify your answer for each. - When the initial value of z is 3, the value of y

is 4 when s terminates. - When the initial value of z is -1, the value of y

is 17 when s terminates. - When the initial value of z is -3, the program

does not terminate.

- Consider the assertion of weak correctness
- zlt0 s yz1. Which of the following

observations/facts would allow one to deduce that

the assertion is FALSE and which would not?

Consider the observations individually and

briefly justify your answer for each. - When the initial value of z is 3, the value of y

is 4 when s terminates. Wound not pre-condition

not satisfied - When the initial value of z is -1, the value of y

is 17 when s terminates. - When the initial value of z is -3, the program

does not terminate.

- Consider the assertion of weak correctness
- zlt0 s yz1. Which of the following

observations/facts would allow one to deduce that

the assertion is FALSE and which would not?

Consider the observations individually and

briefly justify your answer for each. - When the initial value of z is 3, the value of y

is 4 when s terminates. Wound not pre-condition

not satisfied - When the initial value of z is -1, the value of y

is 17 when s terminates. - When the initial value of z is -3, the program

does not terminate.

- Consider the assertion of weak correctness
- zlt0 s yz1. Which of the following

observations/facts would allow one to deduce that

the assertion is FALSE and which would not?

Consider the observations individually and

briefly justify your answer for each. - When the initial value of z is 3, the value of y

is 4 when s terminates. Wound not pre-condition

not satisfied - When the initial value of z is -1, the value of y

is 17 when s terminates. Wound not Q may or may

not hold in this case - When the initial value of z is -3, the program

does not terminate.

- Consider the assertion of weak correctness
- zlt0 s yz1. Which of the following

observations/facts would allow one to deduce that

the assertion is FALSE and which would not?

Consider the observations individually and

briefly justify your answer for each. - When the initial value of z is 3, the value of y

is 4 when s terminates. Wound not pre-condition

not satisfied - When the initial value of z is -1, the value of y

is 17 when s terminates. Wound not Q may or may

not hold in this case - When the initial value of z is -3, the program

does not terminate.

- Consider the assertion of weak correctness
- zlt0 s yz1. Which of the following

observations/facts would allow one to deduce that

the assertion is FALSE and which would not?

Consider the observations individually and

briefly justify your answer for each. - When the initial value of z is 3, the value of y

is 4 when s terminates. Wound not pre-condition

not satisfied - When the initial value of z is -1, the value of y

is 17 when s terminates. Wound not Q may or may

not hold in this case - When the initial value of z is -3, the program

does not terminate. Wound not weak correctness

does not require termination

- 2.
- xgty
- temp x
- x y
- y temp
- if tempgtz

then - y z
- z temp
- if xgty

then -

temp x - x

y - y

temp - end_if

- end_if
- xyz

- 2.
- xgty
- temp x
- tempx ? xgty
- x y
- y temp
- if tempgtz

then - y z
- z temp
- if xgty

then -

temp x - x

y - y

temp - end_if

- end_if
- xyz

- 2.
- xgty
- temp x
- tempx ? xgty
- x y
- xy ? tempx

? xgty - y temp
- if tempgtz

then - y z
- z temp
- if xgty

then -

temp x - x

y - y

temp - end_if

- end_if
- xyz

- 2.
- xgty
- temp x
- tempx ? xgty
- x y
- xy ? tempx

? xgty - y temp
- ytemp ? xy ? tempx ? xgty gt

ytemp ? tempgtx - if tempgtz

then - y z
- z temp
- if xgty

then -

temp x - x

y - y

temp - end_if

- end_if
- xyz

- 2.
- xgty
- temp x
- tempx ? xgty
- x y
- xy ? tempx

? xgty - y temp
- ytemp ? xy ? tempx ? xgty gt

ytemp ? tempgtx - if tempgtz

then - y z
- z temp
- if xgty

then -

temp x - x

y - y

temp - end_if

- end_if
- xyz

S1

S2

2. (cont'd) ytemp ? tempgtx if tempgtz then S1

xyz

2. (cont'd) ytemp ? tempgtx if tempgtz then S1

xyz Using the if-then ROI, we need to

show (1) ytemp ? tempgtx ? tempgtz S1

xyz ? (2) (ytemp ? tempgtx ? tempz) gt

xltyz gt Q ?

2. (cont'd) ytemp ? tempgtx if tempgtz then S1

xyz Using the if-then ROI, we need to

show (1) ytemp ? tempgtx ? tempgtz S1

xyz ? (2) (ytemp ? tempgtx ? tempz) gt

xltyz gt Q ? For (1) above we have ytemp

? tempgtx ? tempgtz

y z

z temp

if xgty then S2

xyz ?

2. (cont'd) ytemp ? tempgtx if tempgtz then S1

xyz Using the if-then ROI, we need to

show (1) ytemp ? tempgtx ? tempgtz S1

xyz ? (2) (ytemp ? tempgtx ? tempz) gt

xltyz gt Q ? For (1) above we have ytemp

? tempgtx ? tempgtz

y z

yz ? ytemp ? tempgtx ? tempgtz

z

temp

if xgty then S2

xyz ?

2. (cont'd) ytemp ? tempgtx if tempgtz then S1

xyz Using the if-then ROI, we need to

show (1) ytemp ? tempgtx ? tempgtz S1

xyz ? (2) (ytemp ? tempgtx ? tempz) gt

xltyz gt Q ? For (1) above we have ytemp

? tempgtx ? tempgtz

y z

yz ? ytemp ? tempgtx ? tempgtz

z

temp ztemp ? yz ? ytemp ? tempgtx ? tempgtz

gt ztemp ? tempgtx ? tempgty

if xgty then S2

xyz ?

2. (cont'd) ytemp ? tempgtx if tempgtz then S1

xyz Using the if-then ROI, we need to

show (1) ytemp ? tempgtx ? tempgtz S1

xyz ? (2) (ytemp ? tempgtx ? tempz) gt

xltyz gt Q ? For (1) above we have ytemp

? tempgtx ? tempgtz

y z

yz ? ytemp ? tempgtx ? tempgtz

z

temp ztemp ? yz ? ytemp ? tempgtx ? tempgtz

gt ztemp ? tempgtx ? tempgty

if xgty then S2

xyz ? for

which the if-then ROI may be used a second time.

- 3. Prove the following assertion using the

While-Loop Rule of Inference. Show all steps. - N1
- Found false
- Index N
- while (Indexgt0 (not

Found)) do - if KeyListIndex

then - Found true
- else
- Index Index-1
- end_if_else
- end_while
- (Found ? KeyListIndex)

V - (Found ? ? 1 i N Key ?

Listi)

- 3. Prove the following assertion using the

While-Loop Rule of Inference. Show all steps. - N1
- Found false
- Index N
- while (Indexgt0 (not

Found)) do - if KeyListIndex

then - Found true
- else
- Index Index-1
- end_if_else
- end_while
- (Found ? KeyListIndex)

V - (Found ? ? 1 i N Key ?

Listi) - What invariant, I, can be used to prove this?

- 3. Prove the following assertion using the

While-Loop Rule of Inference. Show all steps. - N1
- Found false
- Index N
- while (Indexgt0 (not

Found)) do - if KeyListIndex

then - Found true
- else
- Index Index-1
- end_if_else
- end_while
- (Found ? KeyListIndex)

V - (Found ? ? 1 i N Key ?

Listi) - I (Found ? ) V (Found ? )

- 3. Prove the following assertion using the

While-Loop Rule of Inference. Show all steps. - N1
- Found false
- Index N
- while (Indexgt0 (not

Found)) do - if KeyListIndex

then - Found true
- else
- Index Index-1
- end_if_else
- end_while
- (Found ? KeyListIndex)

V - (Found ? ? 1 i N Key ?

Listi) - I (Found ? KeyListIndex) V
- (Found ? )

- 3. Prove the following assertion using the

While-Loop Rule of Inference. Show all steps. - N1
- Found false
- Index N
- while (Indexgt0 (not

Found)) do - if KeyListIndex

then - Found true
- else
- Index Index-1
- end_if_else
- end_while
- (Found ? KeyListIndex)

V - (Found ? ? 1 i N Key ?

Listi) - I (Found ? KeyListIndex) V
- (Found ? ? Index lt i N,

KeyltgtListi)

- 4. Prove the following assertion using a suitable

Rule of Inference for the Repeat_Until-Loop.

Clearly state the Rule of Inference and show all

steps. (Hint Do NOT include P gt I as an

antecedent in your rule.)

- 4. Prove the following assertion using a suitable

Rule of Inference for the Repeat_Until-Loop.

Clearly state the Rule of Inference and show all

steps. (Hint Do NOT include P gt I as an

antecedent in your rule.)

P

P repeat s until b Q

s

T

b

F

Q

- 4. Prove the following assertion using a suitable

Rule of Inference for the Repeat_Until-Loop.

Clearly state the Rule of Inference and show all

steps. (Hint Do NOT include P gt I as an

antecedent in your rule.)

P

P repeat s until b Q

s

I

T

b

F

Q

- 4. Prove the following assertion using a suitable

Rule of Inference for the Repeat_Until-Loop.

Clearly state the Rule of Inference and show all

steps. (Hint Do NOT include P gt I as an

antecedent in your rule.)

P

P s I, P repeat s until b

Q

s

I

T

b

F

Q

- 4. Prove the following assertion using a suitable

Rule of Inference for the Repeat_Until-Loop.

Clearly state the Rule of Inference and show all

steps. (Hint Do NOT include P gt I as an

antecedent in your rule.)

P

P s I, I ? b s I, P

repeat s until b Q

s

I

T

b

F

Q

- 4. Prove the following assertion using a suitable

Rule of Inference for the Repeat_Until-Loop.

Clearly state the Rule of Inference and show all

steps. (Hint Do NOT include P gt I as an

antecedent in your rule.)

P

P s I, I ? b s I, (I ? b)gtQ

P repeat s until b Q

s

I

T

b

F

Q

- 6. Consider the following HYPOTHESIZED rules of

inference for the "while" construct - P gt (b ? Q)
- a. -----------------------

------? - P while b do s

Q - P ? b s I, I ? b s I, (I

? b) gt Q - b. -----------------------------------

------------------? - P while b do s

Q - Clearly indicate whether or not the rule is

valid. If valid, provide an assertion of the

form P while b do S Q for which it could be

used. If not valid, prove this by providing a

counterexample.

- 6. Consider the following HYPOTHESIZED rules of

inference for the "while" construct - P gt (b ? Q)
- a. -----------------------

------? - P while b do s

Q - P ? b s I, I ? b s I, (I

? b) gt Q - b. -----------------------------------

------------------? - P while b do s

Q - Clearly indicate whether or not the rule is

valid. If valid, provide an assertion of the

form P while b do S Q for which it could be

used. If not valid, prove this by providing a

counterexample.

- 6. Consider the following HYPOTHESIZED rules of

inference for the "while" construct - P gt (b ? Q)
- a. -----------------------

------? - P while b do s

Q - The rule is valid, since the antecedent implies

that whenever the pre-condition, P, holds, the

false branch will be executed and Q holds. The

rule could be employed, for example, to prove - x17 while xlt0 do x 0

xgt0

- 6. Consider the following HYPOTHESIZED rules of

inference for the "while" construct - P ? b s I, I ? b s I, (I

? b) gt Q - b. -----------------------------------

------------------? - P while b do s

Q - Clearly indicate whether or not the rule is

valid. If valid, provide an assertion of the

form P while b do S Q for which it could be

used. If not valid, prove this by providing a

counterexample.