# Problem Set 5: Axiomatic Verification - PowerPoint PPT Presentation

PPT – Problem Set 5: Axiomatic Verification PowerPoint presentation | free to download - id: 72ff11-OTk0M

The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
Title:

## Problem Set 5: Axiomatic Verification

Description:

### Problem Set 5: Axiomatic Verification Hints and Notes Consider the assertion of weak correctness: {z – PowerPoint PPT presentation

Number of Views:3
Avg rating:3.0/5.0
Slides: 34
Provided by: SM62
Category:
Tags:
Transcript and Presenter's Notes

Title: Problem Set 5: Axiomatic Verification

1
Problem Set 5 Axiomatic Verification
• Hints and Notes

2
• Consider the assertion of weak correctness
• zlt0 s yz1. Which of the following
observations/facts would allow one to deduce that
the assertion is FALSE and which would not?
Consider the observations individually and
• When the initial value of z is 3, the value of y
is 4 when s terminates.
• When the initial value of z is -1, the value of y
is 17 when s terminates.
• When the initial value of z is -3, the program
does not terminate.

3
• Consider the assertion of weak correctness
• zlt0 s yz1. Which of the following
observations/facts would allow one to deduce that
the assertion is FALSE and which would not?
Consider the observations individually and
• When the initial value of z is 3, the value of y
is 4 when s terminates. Wound not pre-condition
not satisfied
• When the initial value of z is -1, the value of y
is 17 when s terminates.
• When the initial value of z is -3, the program
does not terminate.

4
• Consider the assertion of weak correctness
• zlt0 s yz1. Which of the following
observations/facts would allow one to deduce that
the assertion is FALSE and which would not?
Consider the observations individually and
• When the initial value of z is 3, the value of y
is 4 when s terminates. Wound not pre-condition
not satisfied
• When the initial value of z is -1, the value of y
is 17 when s terminates.
• When the initial value of z is -3, the program
does not terminate.

5
• Consider the assertion of weak correctness
• zlt0 s yz1. Which of the following
observations/facts would allow one to deduce that
the assertion is FALSE and which would not?
Consider the observations individually and
• When the initial value of z is 3, the value of y
is 4 when s terminates. Wound not pre-condition
not satisfied
• When the initial value of z is -1, the value of y
is 17 when s terminates. Wound not Q may or may
not hold in this case
• When the initial value of z is -3, the program
does not terminate.

6
• Consider the assertion of weak correctness
• zlt0 s yz1. Which of the following
observations/facts would allow one to deduce that
the assertion is FALSE and which would not?
Consider the observations individually and
• When the initial value of z is 3, the value of y
is 4 when s terminates. Wound not pre-condition
not satisfied
• When the initial value of z is -1, the value of y
is 17 when s terminates. Wound not Q may or may
not hold in this case
• When the initial value of z is -3, the program
does not terminate.

7
• Consider the assertion of weak correctness
• zlt0 s yz1. Which of the following
observations/facts would allow one to deduce that
the assertion is FALSE and which would not?
Consider the observations individually and
• When the initial value of z is 3, the value of y
is 4 when s terminates. Wound not pre-condition
not satisfied
• When the initial value of z is -1, the value of y
is 17 when s terminates. Wound not Q may or may
not hold in this case
• When the initial value of z is -3, the program
does not terminate. Wound not weak correctness
does not require termination

8
• 2.
• xgty
• temp x
• x y
• y temp
• if tempgtz
then
• y  z
• z temp
• if xgty
then

• temp x
• x
y
• y
temp
• end_if
• end_if
• xyz

9
• 2.
• xgty
• temp x
• tempx ? xgty
• x y
• y temp
• if tempgtz
then
• y  z
• z temp
• if xgty
then

• temp x
• x
y
• y
temp
• end_if
• end_if
• xyz

10
• 2.
• xgty
• temp x
• tempx ? xgty
• x y
• xy ? tempx
? xgty
• y temp
• if tempgtz
then
• y  z
• z temp
• if xgty
then

• temp x
• x
y
• y
temp
• end_if
• end_if
• xyz

11
• 2.
• xgty
• temp x
• tempx ? xgty
• x y
• xy ? tempx
? xgty
• y temp
• ytemp ? xy ? tempx ? xgty gt
ytemp ? tempgtx
• if tempgtz
then
• y  z
• z temp
• if xgty
then

• temp x
• x
y
• y
temp
• end_if
• end_if
• xyz

12
• 2.
• xgty
• temp x
• tempx ? xgty
• x y
• xy ? tempx
? xgty
• y temp
• ytemp ? xy ? tempx ? xgty gt
ytemp ? tempgtx
• if tempgtz
then
• y  z
• z temp
• if xgty
then

• temp x
• x
y
• y
temp
• end_if
• end_if
• xyz

S1
S2
13
2. (cont'd) ytemp ? tempgtx if tempgtz then S1
xyz
14
2. (cont'd) ytemp ? tempgtx if tempgtz then S1
xyz Using the if-then ROI, we need to
show (1) ytemp ? tempgtx ? tempgtz S1
xyz ? (2) (ytemp ? tempgtx ? tempz) gt
xltyz gt Q ?
15
2. (cont'd) ytemp ? tempgtx if tempgtz then S1
xyz Using the if-then ROI, we need to
show (1) ytemp ? tempgtx ? tempgtz S1
xyz ? (2) (ytemp ? tempgtx ? tempz) gt
xltyz gt Q ? For (1) above we have ytemp
? tempgtx ? tempgtz
y z

z temp
if xgty then S2
xyz ?
16
2. (cont'd) ytemp ? tempgtx if tempgtz then S1
xyz Using the if-then ROI, we need to
show (1) ytemp ? tempgtx ? tempgtz S1
xyz ? (2) (ytemp ? tempgtx ? tempz) gt
xltyz gt Q ? For (1) above we have ytemp
? tempgtx ? tempgtz
y z
yz ? ytemp ? tempgtx ? tempgtz
z
temp
if xgty then S2
xyz ?
17
2. (cont'd) ytemp ? tempgtx if tempgtz then S1
xyz Using the if-then ROI, we need to
show (1) ytemp ? tempgtx ? tempgtz S1
xyz ? (2) (ytemp ? tempgtx ? tempz) gt
xltyz gt Q ? For (1) above we have ytemp
? tempgtx ? tempgtz
y z
yz ? ytemp ? tempgtx ? tempgtz
z
temp ztemp ? yz ? ytemp ? tempgtx ? tempgtz
gt ztemp ? tempgtx ? tempgty
if xgty then S2
xyz ?
18
2. (cont'd) ytemp ? tempgtx if tempgtz then S1
xyz Using the if-then ROI, we need to
show (1) ytemp ? tempgtx ? tempgtz S1
xyz ? (2) (ytemp ? tempgtx ? tempz) gt
xltyz gt Q ? For (1) above we have ytemp
? tempgtx ? tempgtz
y z
yz ? ytemp ? tempgtx ? tempgtz
z
temp ztemp ? yz ? ytemp ? tempgtx ? tempgtz
gt ztemp ? tempgtx ? tempgty
if xgty then S2
xyz ? for
which the if-then ROI may be used a second time.

19
• 3. Prove the following assertion using the
While-Loop Rule of Inference. Show all steps.
• N1
• Found false
• Index N
• while (Indexgt0 (not
Found)) do
• if KeyListIndex
then
• Found true
• else
• Index Index-1
• end_if_else
• end_while
• (Found ? KeyListIndex)
V
• (Found ? ? 1 i N Key ?
Listi)

20
• 3. Prove the following assertion using the
While-Loop Rule of Inference. Show all steps.
• N1
• Found false
• Index N
• while (Indexgt0 (not
Found)) do
• if KeyListIndex
then
• Found true
• else
• Index Index-1
• end_if_else
• end_while
• (Found ? KeyListIndex)
V
• (Found ? ? 1 i N Key ?
Listi)
• What invariant, I, can be used to prove this?

21
• 3. Prove the following assertion using the
While-Loop Rule of Inference. Show all steps.
• N1
• Found false
• Index N
• while (Indexgt0 (not
Found)) do
• if KeyListIndex
then
• Found true
• else
• Index Index-1
• end_if_else
• end_while
• (Found ? KeyListIndex)
V
• (Found ? ? 1 i N Key ?
Listi)
• I (Found ? ) V (Found ? )

22
• 3. Prove the following assertion using the
While-Loop Rule of Inference. Show all steps.
• N1
• Found false
• Index N
• while (Indexgt0 (not
Found)) do
• if KeyListIndex
then
• Found true
• else
• Index Index-1
• end_if_else
• end_while
• (Found ? KeyListIndex)
V
• (Found ? ? 1 i N Key ?
Listi)
• I (Found ? KeyListIndex) V
• (Found ? )

23
• 3. Prove the following assertion using the
While-Loop Rule of Inference. Show all steps.
• N1
• Found false
• Index N
• while (Indexgt0 (not
Found)) do
• if KeyListIndex
then
• Found true
• else
• Index Index-1
• end_if_else
• end_while
• (Found ? KeyListIndex)
V
• (Found ? ? 1 i N Key ?
Listi)
• I (Found ? KeyListIndex) V
• (Found ? ? Index lt i N,
KeyltgtListi)

24
• 4. Prove the following assertion using a suitable
Rule of Inference for the Repeat_Until-Loop.
Clearly state the Rule of Inference and show all
steps. (Hint Do NOT include P gt I as an

25
• 4. Prove the following assertion using a suitable
Rule of Inference for the Repeat_Until-Loop.
Clearly state the Rule of Inference and show all
steps. (Hint Do NOT include P gt I as an

P
P repeat s until b Q
s
T
b
F
Q
26
• 4. Prove the following assertion using a suitable
Rule of Inference for the Repeat_Until-Loop.
Clearly state the Rule of Inference and show all
steps. (Hint Do NOT include P gt I as an

P
P repeat s until b Q
s
I
T
b
F
Q
27
• 4. Prove the following assertion using a suitable
Rule of Inference for the Repeat_Until-Loop.
Clearly state the Rule of Inference and show all
steps. (Hint Do NOT include P gt I as an

P
P s I, P repeat s until b
Q
s
I
T
b
F
Q
28
• 4. Prove the following assertion using a suitable
Rule of Inference for the Repeat_Until-Loop.
Clearly state the Rule of Inference and show all
steps. (Hint Do NOT include P gt I as an

P
P s I, I ? b s I, P
repeat s until b Q
s
I
T
b
F
Q
29
• 4. Prove the following assertion using a suitable
Rule of Inference for the Repeat_Until-Loop.
Clearly state the Rule of Inference and show all
steps. (Hint Do NOT include P gt I as an

P
P s I, I ? b s I, (I ? b)gtQ
P repeat s until b Q
s
I
T
b
F
Q
30
• 6. Consider the following HYPOTHESIZED rules of
inference for the "while" construct
• P gt (b ? Q)
• a. -----------------------
------?
• P while b do s
Q
• P ? b s I, I ? b s I, (I
? b) gt Q
• b. -----------------------------------
------------------?
• P while b do s
Q
• Clearly indicate whether or not the rule is
valid. If valid, provide an assertion of the
form P while b do S Q for which it could be
used. If not valid, prove this by providing a
counterexample.

31
• 6. Consider the following HYPOTHESIZED rules of
inference for the "while" construct
• P gt (b ? Q)
• a. -----------------------
------?
• P while b do s
Q
• P ? b s I, I ? b s I, (I
? b) gt Q
• b. -----------------------------------
------------------?
• P while b do s
Q
• Clearly indicate whether or not the rule is
valid. If valid, provide an assertion of the
form P while b do S Q for which it could be
used. If not valid, prove this by providing a
counterexample.

32
• 6. Consider the following HYPOTHESIZED rules of
inference for the "while" construct
• P gt (b ? Q)
• a. -----------------------
------?
• P while b do s
Q
• The rule is valid, since the antecedent implies
that whenever the pre-condition, P, holds, the
false branch will be executed and Q holds. The
rule could be employed, for example, to prove
• x17 while xlt0 do x 0
xgt0

33
• 6. Consider the following HYPOTHESIZED rules of
inference for the "while" construct
• P ? b s I, I ? b s I, (I
? b) gt Q
• b. -----------------------------------
------------------?
• P while b do s
Q
• Clearly indicate whether or not the rule is
valid. If valid, provide an assertion of the
form P while b do S Q for which it could be
used. If not valid, prove this by providing a
counterexample.