Problem Set 5: Axiomatic Verification - PowerPoint PPT Presentation

Loading...

PPT – Problem Set 5: Axiomatic Verification PowerPoint presentation | free to download - id: 72ff11-OTk0M



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Problem Set 5: Axiomatic Verification

Description:

Problem Set 5: Axiomatic Verification Hints and Notes Consider the assertion of weak correctness: {z – PowerPoint PPT presentation

Number of Views:3
Avg rating:3.0/5.0
Slides: 34
Provided by: SM62
Learn more at: http://www.cise.ufl.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Problem Set 5: Axiomatic Verification


1
Problem Set 5 Axiomatic Verification
  • Hints and Notes

2
  • Consider the assertion of weak correctness
  • zlt0 s yz1. Which of the following
    observations/facts would allow one to deduce that
    the assertion is FALSE and which would not?
    Consider the observations individually and
    briefly justify your answer for each.
  • When the initial value of z is 3, the value of y
    is 4 when s terminates.
  • When the initial value of z is -1, the value of y
    is 17 when s terminates.
  • When the initial value of z is -3, the program
    does not terminate.

3
  • Consider the assertion of weak correctness
  • zlt0 s yz1. Which of the following
    observations/facts would allow one to deduce that
    the assertion is FALSE and which would not?
    Consider the observations individually and
    briefly justify your answer for each.
  • When the initial value of z is 3, the value of y
    is 4 when s terminates. Wound not pre-condition
    not satisfied
  • When the initial value of z is -1, the value of y
    is 17 when s terminates.
  • When the initial value of z is -3, the program
    does not terminate.

4
  • Consider the assertion of weak correctness
  • zlt0 s yz1. Which of the following
    observations/facts would allow one to deduce that
    the assertion is FALSE and which would not?
    Consider the observations individually and
    briefly justify your answer for each.
  • When the initial value of z is 3, the value of y
    is 4 when s terminates. Wound not pre-condition
    not satisfied
  • When the initial value of z is -1, the value of y
    is 17 when s terminates.
  • When the initial value of z is -3, the program
    does not terminate.

5
  • Consider the assertion of weak correctness
  • zlt0 s yz1. Which of the following
    observations/facts would allow one to deduce that
    the assertion is FALSE and which would not?
    Consider the observations individually and
    briefly justify your answer for each.
  • When the initial value of z is 3, the value of y
    is 4 when s terminates. Wound not pre-condition
    not satisfied
  • When the initial value of z is -1, the value of y
    is 17 when s terminates. Wound not Q may or may
    not hold in this case
  • When the initial value of z is -3, the program
    does not terminate.

6
  • Consider the assertion of weak correctness
  • zlt0 s yz1. Which of the following
    observations/facts would allow one to deduce that
    the assertion is FALSE and which would not?
    Consider the observations individually and
    briefly justify your answer for each.
  • When the initial value of z is 3, the value of y
    is 4 when s terminates. Wound not pre-condition
    not satisfied
  • When the initial value of z is -1, the value of y
    is 17 when s terminates. Wound not Q may or may
    not hold in this case
  • When the initial value of z is -3, the program
    does not terminate.

7
  • Consider the assertion of weak correctness
  • zlt0 s yz1. Which of the following
    observations/facts would allow one to deduce that
    the assertion is FALSE and which would not?
    Consider the observations individually and
    briefly justify your answer for each.
  • When the initial value of z is 3, the value of y
    is 4 when s terminates. Wound not pre-condition
    not satisfied
  • When the initial value of z is -1, the value of y
    is 17 when s terminates. Wound not Q may or may
    not hold in this case
  • When the initial value of z is -3, the program
    does not terminate. Wound not weak correctness
    does not require termination

8
  • 2.
  • xgty
  • temp x
  • x y
  • y temp
  • if tempgtz
    then
  • y  z
  • z temp
  • if xgty
    then

  • temp x
  • x
    y
  • y
    temp
  • end_if
  • end_if
  • xyz

9
  • 2.
  • xgty
  • temp x
  • tempx ? xgty
  • x y
  • y temp
  • if tempgtz
    then
  • y  z
  • z temp
  • if xgty
    then

  • temp x
  • x
    y
  • y
    temp
  • end_if
  • end_if
  • xyz

10
  • 2.
  • xgty
  • temp x
  • tempx ? xgty
  • x y
  • xy ? tempx
    ? xgty
  • y temp
  • if tempgtz
    then
  • y  z
  • z temp
  • if xgty
    then

  • temp x
  • x
    y
  • y
    temp
  • end_if
  • end_if
  • xyz

11
  • 2.
  • xgty
  • temp x
  • tempx ? xgty
  • x y
  • xy ? tempx
    ? xgty
  • y temp
  • ytemp ? xy ? tempx ? xgty gt
    ytemp ? tempgtx
  • if tempgtz
    then
  • y  z
  • z temp
  • if xgty
    then

  • temp x
  • x
    y
  • y
    temp
  • end_if
  • end_if
  • xyz

12
  • 2.
  • xgty
  • temp x
  • tempx ? xgty
  • x y
  • xy ? tempx
    ? xgty
  • y temp
  • ytemp ? xy ? tempx ? xgty gt
    ytemp ? tempgtx
  • if tempgtz
    then
  • y  z
  • z temp
  • if xgty
    then

  • temp x
  • x
    y
  • y
    temp
  • end_if
  • end_if
  • xyz

S1
S2
13
2. (cont'd) ytemp ? tempgtx if tempgtz then S1
xyz
14
2. (cont'd) ytemp ? tempgtx if tempgtz then S1
xyz Using the if-then ROI, we need to
show (1) ytemp ? tempgtx ? tempgtz S1
xyz ? (2) (ytemp ? tempgtx ? tempz) gt
xltyz gt Q ?
15
2. (cont'd) ytemp ? tempgtx if tempgtz then S1
xyz Using the if-then ROI, we need to
show (1) ytemp ? tempgtx ? tempgtz S1
xyz ? (2) (ytemp ? tempgtx ? tempz) gt
xltyz gt Q ? For (1) above we have ytemp
? tempgtx ? tempgtz
y z

z temp
if xgty then S2
xyz ?
16
2. (cont'd) ytemp ? tempgtx if tempgtz then S1
xyz Using the if-then ROI, we need to
show (1) ytemp ? tempgtx ? tempgtz S1
xyz ? (2) (ytemp ? tempgtx ? tempz) gt
xltyz gt Q ? For (1) above we have ytemp
? tempgtx ? tempgtz
y z
yz ? ytemp ? tempgtx ? tempgtz
z
temp
if xgty then S2
xyz ?
17
2. (cont'd) ytemp ? tempgtx if tempgtz then S1
xyz Using the if-then ROI, we need to
show (1) ytemp ? tempgtx ? tempgtz S1
xyz ? (2) (ytemp ? tempgtx ? tempz) gt
xltyz gt Q ? For (1) above we have ytemp
? tempgtx ? tempgtz
y z
yz ? ytemp ? tempgtx ? tempgtz
z
temp ztemp ? yz ? ytemp ? tempgtx ? tempgtz
gt ztemp ? tempgtx ? tempgty
if xgty then S2
xyz ?
18
2. (cont'd) ytemp ? tempgtx if tempgtz then S1
xyz Using the if-then ROI, we need to
show (1) ytemp ? tempgtx ? tempgtz S1
xyz ? (2) (ytemp ? tempgtx ? tempz) gt
xltyz gt Q ? For (1) above we have ytemp
? tempgtx ? tempgtz
y z
yz ? ytemp ? tempgtx ? tempgtz
z
temp ztemp ? yz ? ytemp ? tempgtx ? tempgtz
gt ztemp ? tempgtx ? tempgty
if xgty then S2
xyz ? for
which the if-then ROI may be used a second time.

19
  • 3. Prove the following assertion using the
    While-Loop Rule of Inference. Show all steps.
  • N1
  • Found false
  • Index N
  • while (Indexgt0 (not
    Found)) do
  • if KeyListIndex
    then
  • Found true
  • else
  • Index Index-1
  • end_if_else
  • end_while
  • (Found ? KeyListIndex)
    V
  • (Found ? ? 1 i N Key ?
    Listi)

20
  • 3. Prove the following assertion using the
    While-Loop Rule of Inference. Show all steps.
  • N1
  • Found false
  • Index N
  • while (Indexgt0 (not
    Found)) do
  • if KeyListIndex
    then
  • Found true
  • else
  • Index Index-1
  • end_if_else
  • end_while
  • (Found ? KeyListIndex)
    V
  • (Found ? ? 1 i N Key ?
    Listi)
  • What invariant, I, can be used to prove this?

21
  • 3. Prove the following assertion using the
    While-Loop Rule of Inference. Show all steps.
  • N1
  • Found false
  • Index N
  • while (Indexgt0 (not
    Found)) do
  • if KeyListIndex
    then
  • Found true
  • else
  • Index Index-1
  • end_if_else
  • end_while
  • (Found ? KeyListIndex)
    V
  • (Found ? ? 1 i N Key ?
    Listi)
  • I (Found ? ) V (Found ? )

22
  • 3. Prove the following assertion using the
    While-Loop Rule of Inference. Show all steps.
  • N1
  • Found false
  • Index N
  • while (Indexgt0 (not
    Found)) do
  • if KeyListIndex
    then
  • Found true
  • else
  • Index Index-1
  • end_if_else
  • end_while
  • (Found ? KeyListIndex)
    V
  • (Found ? ? 1 i N Key ?
    Listi)
  • I (Found ? KeyListIndex) V
  • (Found ? )

23
  • 3. Prove the following assertion using the
    While-Loop Rule of Inference. Show all steps.
  • N1
  • Found false
  • Index N
  • while (Indexgt0 (not
    Found)) do
  • if KeyListIndex
    then
  • Found true
  • else
  • Index Index-1
  • end_if_else
  • end_while
  • (Found ? KeyListIndex)
    V
  • (Found ? ? 1 i N Key ?
    Listi)
  • I (Found ? KeyListIndex) V
  • (Found ? ? Index lt i N,
    KeyltgtListi)

24
  • 4. Prove the following assertion using a suitable
    Rule of Inference for the Repeat_Until-Loop.
    Clearly state the Rule of Inference and show all
    steps. (Hint Do NOT include P gt I as an
    antecedent in your rule.)

25
  • 4. Prove the following assertion using a suitable
    Rule of Inference for the Repeat_Until-Loop.
    Clearly state the Rule of Inference and show all
    steps. (Hint Do NOT include P gt I as an
    antecedent in your rule.)

P
P repeat s until b Q
s
T
b
F
Q
26
  • 4. Prove the following assertion using a suitable
    Rule of Inference for the Repeat_Until-Loop.
    Clearly state the Rule of Inference and show all
    steps. (Hint Do NOT include P gt I as an
    antecedent in your rule.)

P
P repeat s until b Q
s
I
T
b
F
Q
27
  • 4. Prove the following assertion using a suitable
    Rule of Inference for the Repeat_Until-Loop.
    Clearly state the Rule of Inference and show all
    steps. (Hint Do NOT include P gt I as an
    antecedent in your rule.)

P
P s I, P repeat s until b
Q
s
I
T
b
F
Q
28
  • 4. Prove the following assertion using a suitable
    Rule of Inference for the Repeat_Until-Loop.
    Clearly state the Rule of Inference and show all
    steps. (Hint Do NOT include P gt I as an
    antecedent in your rule.)

P
P s I, I ? b s I, P
repeat s until b Q
s
I
T
b
F
Q
29
  • 4. Prove the following assertion using a suitable
    Rule of Inference for the Repeat_Until-Loop.
    Clearly state the Rule of Inference and show all
    steps. (Hint Do NOT include P gt I as an
    antecedent in your rule.)

P
P s I, I ? b s I, (I ? b)gtQ
P repeat s until b Q
s
I
T
b
F
Q
30
  • 6. Consider the following HYPOTHESIZED rules of
    inference for the "while" construct
  • P gt (b ? Q)
  • a. -----------------------
    ------?
  • P while b do s
    Q
  • P ? b s I, I ? b s I, (I
    ? b) gt Q
  • b. -----------------------------------
    ------------------?
  • P while b do s
    Q
  • Clearly indicate whether or not the rule is
    valid. If valid, provide an assertion of the
    form P while b do S Q for which it could be
    used. If not valid, prove this by providing a
    counterexample.

31
  • 6. Consider the following HYPOTHESIZED rules of
    inference for the "while" construct
  • P gt (b ? Q)
  • a. -----------------------
    ------?
  • P while b do s
    Q
  • P ? b s I, I ? b s I, (I
    ? b) gt Q
  • b. -----------------------------------
    ------------------?
  • P while b do s
    Q
  • Clearly indicate whether or not the rule is
    valid. If valid, provide an assertion of the
    form P while b do S Q for which it could be
    used. If not valid, prove this by providing a
    counterexample.

32
  • 6. Consider the following HYPOTHESIZED rules of
    inference for the "while" construct
  • P gt (b ? Q)
  • a. -----------------------
    ------?
  • P while b do s
    Q
  • The rule is valid, since the antecedent implies
    that whenever the pre-condition, P, holds, the
    false branch will be executed and Q holds. The
    rule could be employed, for example, to prove
  • x17 while xlt0 do x 0
    xgt0

33
  • 6. Consider the following HYPOTHESIZED rules of
    inference for the "while" construct
  • P ? b s I, I ? b s I, (I
    ? b) gt Q
  • b. -----------------------------------
    ------------------?
  • P while b do s
    Q
  • Clearly indicate whether or not the rule is
    valid. If valid, provide an assertion of the
    form P while b do S Q for which it could be
    used. If not valid, prove this by providing a
    counterexample.
About PowerShow.com