Plan 1.Introduction a)What is a Program Fault? b)Deterministic/Non-Deterministic Programs 2.A Refinement Calculus 3.Relative Correctness for Non Deterministic.

Slides:

Advertisements

Similar presentations

Introduction to Proofs

Advertisements

Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

Key Stone Problems… Key Stone Problems… next Set 11 © 2007 Herbert I. Gross.

Copyright © Cengage Learning. All rights reserved.

Outline. Theorem For the two processor network, Bit C(Leader) = Bit C(MaxF) = 2[log 2 ((M + 2)/3.5)] and Bit C t (Leader) = Bit C t (MaxF) = 2[log 2 ((M.

Having Proofs for Incorrectness

3.3 Divisibility Definition If n and d are integers, then n is divisible by d if, and only if, n = dk for some integer k. d | n  There exists an integer.

– Alfred North Whitehead,

Background information Formal verification methods based on theorem proving techniques and modelchecking –to prove the absence of errors (in the formal.

Lecture 6 Hyperreal Numbers (Nonstandard Analysis)

Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.

Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.

Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.

The Growth of Functions

Foundations of Data-Flow Analysis. Basic Questions Under what circumstances is the iterative algorithm used in the data-flow analysis correct? How precise.

1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.

An Experimental Evaluation on Reliability Features of N-Version Programming Xia Cai, Michael R. Lyu and Mladen A. Vouk ISSRE’2005.

Writing Good Software Engineering Research Papers A Paper by Mary Shaw In Proceedings of the 25th International Conference on Software Engineering (ICSE),

4/17/2017 Section 3.6 Program Correctness ch3.6.

Floyd Hoare Logic. Semantics A programming language specification consists of a syntactic description and a semantic description. Syntactic description:symbols.

(CSC 102) Discrete Structures Lecture 10.

Verification and Validation Yonsei University 2 nd Semester, 2014 Sanghyun Park.

Objectives Understand the basic concepts and definitions relating to testing, like error, fault, failure, test case, test suite, test harness. Explore.

Studies in Big Data 4 Weng-Long Chang Athanasios V. Vasilakos MolecularComputing Towards a Novel Computing Architecture for Complex Problem Solving.

Model-based Methods for Web Service Verification.

Copyright © Cengage Learning. All rights reserved. CHAPTER 4 ELEMENTARY NUMBER THEORY AND METHODS OF PROOF ELEMENTARY NUMBER THEORY AND METHODS OF PROOF.

Chapter 3 (Part 3): Mathematical Reasoning, Induction & Recursion  Recursive Algorithms (3.5)  Program Correctness (3.6)

© by Kenneth H. Rosen, Discrete Mathematics & its Applications, Sixth Edition, Mc Graw-Hill, 2007 Chapter 4 (Part 3): Mathematical Reasoning, Induction.

Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.

It’s All About Properties of Equality. How could properties of equality be applied to solve this equation? Example 1: 3x + 11 = 32 What is the value of.

The Integers. The Division Algorithms A high-school question: Compute 58/17. We can write 58 as 58 = 3 (17) + 7 This forms illustrates the answer: “3.

Algebra Problems… Solutions Algebra Problems… Solutions © 2007 Herbert I. Gross Set 10 By Herbert I. Gross and Richard A. Medeiros next.

CSCI 3160 Design and Analysis of Algorithms Tutorial 10 Chengyu Lin.

Introduction to Problem Solving. Steps in Programming A Very Simplified Picture –Problem Definition & Analysis – High Level Strategy for a solution –Arriving.

The System and Software Development Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

Loop Analysis and Repair Nafi Diallo Computer Science NJIT Advisor: Dr. Ali Mili.

A Review of Software Testing - P David Coward Reprinted: Information and Software Technology; Vol. 30, No. 3 April 1988 Software Engineering: The Development.

3.2 Semantics. 2 Semantics Attribute Grammars The Meanings of Programs: Semantics Sebesta Chapter 3.

Formal Methods and Testing: Possible Attributes for Success A. J. Cowling Department of Computer Science University of Sheffield.

Testing and inspecting to ensure high quality An extreme and easily understood kind of failure is an outright crash. However, any violation of requirements.

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

Thornton Elementary Third Quarter Data rd Grade ELA Which standard did the students perform the best on in reading? Which standard did students.

INDUCTION Slides of Ken Birman, Cornell University.

Student: Shaobo He, Advisor: Zvonimir Rakamarić TOWARDS AUTOMATED DIFFERENTIAL PROGRAM VERIFICATION FOR APPROXIMATE COMPUTING.

Error Explanation with Distance Metrics Authors: Alex Groce, Sagar Chaki, Daniel Kroening, and Ofer Strichman International Journal on Software Tools for.

Introduction to Different Types of Messages To apply to your Memobook.

CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University

Semilattices presented by Niko Simonson, CSS 548, Autumn 2012 Semilattice City, © 2009 Nora Shader.

Agenda  Quick Review  Finish Introduction  Java Threads.

Section 1.7. Section Summary Mathematical Proofs Forms of Theorems Direct Proofs Indirect Proofs Proof of the Contrapositive Proof by Contradiction.

Abstraction and Abstract Interpretation. Abstraction (a simplified view) Abstraction is an effective tool in verification Given a transition system, we.

SENG521 (Fall SENG 521 Software Reliability & Testing Preparing for Test (Part 6a) Department of Electrical & Computer Engineering,

CS223: Software Engineering Lecture 25: Software Testing.

Certifying and Synthesizing Membership Equational Proofs Patrick Lincoln (SRI) joint work with Steven Eker (SRI), Jose Meseguer (Urbana) and Grigore Rosu.

Laurea Triennale in Informatica – Corso di Ingegneria del Software I – A.A. 2006/2007 Andrea Polini XVIII. Software Testing.

Testing Tutorial 7.

Software Testing.

Correctness Enhancement as a Pervasive SE Paradigm

Hans Bodlaender, Marek Cygan and Stefan Kratsch

Software Testing (Lecture 11-a)

Logical architecture refinement

Axiomatic semantics Points to discuss: The assignment statement

Formal Verification of Partial Good Self-Test Fencing Structures

Negations of quantifiers

Axiomatic Verification I

Axiomatic Verification I

An information flow model FM is defined by

This Lecture Substitution model

Presentation transcript:

Plan 1.Introduction a)What is a Program Fault? b)Deterministic/Non-Deterministic Programs 2.A Refinement Calculus 3.Relative Correctness for Non Deterministic Programs 1.Background 2.Definitions 3.Properties 4.Relative Correctness and Refinement 5.Relative Correctness and Refinement Lattice 6.Concluding Remarks

What is a Program Fault? In Ramics 2014, Mili et al. Introduce the concept of relative correctness: –The property of a program to be more-correct than another one with respect to a given specification. Use relative correctness to define the concept of a fault in a program: –A program fault is any feature that admits a substitution that would make the resulting program strictly more-correct. (e.g. a statement, condition, block of statements, set of non- contiguous statements)

What is a Program Fault? Among the multiple ramifications of relative correctness: Traditionally, candidate programs are divided into two broad classes –correct programs and incorrect programs. With relative correctness, we have a rich structure of partial ordering. Traditionally, verification and testing have a clear cut division of labor: Verification methods are used to prove the correctness of correct programs. Testing methods are used to expose the presence of faults in incorrect programs. With relative correctness, methods can be used across this dividing line; –in particular, we can apply static analytical methods to prove that a program, while incorrect, is still more-correct than another (e.g. a previous version).

Deterministic /Non Deterministic Programs In Ramics 2014: relative correctness defined for deterministic programs. Several reasons why we want to extend it to non- deterministic programs: Reason about relative correctness of designs, partially defined programs, programs that depend on random external events, etc. Reason about relative correctness of deterministic programs without having to capture their behavior in all its details.

A Refinement Calculus

Relative Correctness

Interesting Properties of Relative Correctness for Deterministic Programs: Relative correctness culminates in absolute correctness (a correct program is more-correct than any candidate program). Relative correctness logically implies (and thankfully is not implied by) enhanced reliability (more-correct is not another name for more- reliable). Most interestingly: P’ refines P if and only if P’ is more-correct than P with respect to any specification R. We are interested to explore which of these properties persist when we migrate to relative correctness of non-deterministic programs.

Relative Correctness

Another possible illustration:

Relative Correctness Hence the definition we give for non-deterministic programs does indeed generalize the definition we had for deterministic programs.

Relative Correctness

Relative Correctness and Refinement Relative correctness is equivalent to refinement between equivalence class representatives: Relative Correctness culminates in absolute correctness, i.e. a correct program is more-correct than any candidate.

Relative Correctness and Refinement For deterministic programs, we had found that P’ refines P if and only if P’ is more-correct than P with respect to any specification. For non-deterministic programs… Intuitive: If P’ beats P at its own game… then P’ refines P. Question: If P’ is more-correct than P with respect to R and R refines Q, can we infer that P’ is more-correct than P with respect to Q? Answer: No. Counter-intuitive.

Relative Correctness and Refinement Lattice

The answer is nuanced… For the greatest lower bound, it is straightforward For the least upper bound, things are more complicated Two complications: P’ has to be deterministic; and it is more correct with regardless of whether this represents the least upper bound or not.

Concluding Remarks Summary Redefined relative correctness for non-deterministic programs. Revisited its properties. Explored how proofs of relative correctness can be decomposed along lattice operators. Related Work Many authors (e.g. Microsoft Research) allude to a concept of relative correctness. –They usually define it as having more correct traces, fewer incorrect traces, where correctness is judged by means of executable assertions. –Reminiscent of, but different from, our approach where relative correctness means having a larger competence domain, and violating the specification less often. Prospects Applications in Software Engineering (ICSE 2015). Means to check for relative correctness by verification, testing.