Presentation is loading. Please wait.

Presentation is loading. Please wait.

PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 1 PZ03D - Program verification Programming Language Design.

Published byMarlee Rake Modified over 10 years ago

Similar presentations

Presentation on theme: "PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 1 PZ03D - Program verification Programming Language Design."— Presentation transcript:

1 PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 1 PZ03D - Program verification Programming Language Design and Implementation (4th Edition) by T. Pratt and M. Zelkowitz Prentice Hall, 2001 Section 4.2.4

2 PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 2 Formal Specifications Every program can be represented by a flowchart: P1 P2 P3 Fcn1 Fcn4 Fcn3 Fcn2 S1 S2 S3 S4 Signatures: function: domain  range  fun1: S1 and P1  S3  fun2: S1 and not(P1)  S3  fun3: S3 and not(P3)  S4  fun4: S3 and P3  S4  S2 and P2 = S4  S2 and not(P2) = S3

3 PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 3 Formal specifications (continued) A program is then some complex function C of its primitive components: C(fun1, fun2, fun3, fun4, p1, p2, p3):S1  S4 If we could derive these relationships formally, then we have a mathematical proof that given S1 we would HAVE to end with S4. Problem: Such proofs are hard. Note, however, that we are always showing the equivalence between a program and a given specification. The statement “Is this program correct?” makes no sense if the specification is not also given.

4 PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 4 Axiomatic verification Tony Hoare developed method in 1969. Each program statement obeys a formal axiomatic definition. Validation: Demonstrating that a program meets its specifications by testing the program against a series of data sets Verification: Demonstrating that a program meets its specifications by a formal argument based upon the structure of the program. Validation assumes an execution of the program; verification generally does not.

5 PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 5 Axioms for predicate logic {P1}S{P2} means that if P1 is true and S executes, then if S terminates, P2 will be true. A B if A is true then you can state that B is true. Axioms of logic: Composition{P}S1{Q},{Q}S2{R} [Combine statements] {P}S1;S2{R} Consequence1{P}S{R}, R  Q [Add postcondition] {P}S{Q} Consequence2P  R, {R}S{Q} [Add precondition] {P}S{Q}

6 PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 6 Axioms for statement types Conditional1{P^B}S{Q}, P^not(B)  Q {P}if B then S{Q} Conditional2{P^B}S1{Q},{P^not(B)S2{Q} {P}if B then S1 else S2{Q} While{P^B}S{P} {P}while B do S{P ^ not(B)} where P is an invariant Assignment{P(e)}x:=e{P(x)} where P(x) is some predicate in x.

7 PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 7 Axiomatic program proof Given program: s1; s2; s3; s4; … sn and specifications P and Q: P is the precondition Q is the postcondition Show that {P}s1;…sn{Q} by showing: {P}s1{p1} {p1}s2{p2} … {pn-1}sn{Q} Repeated applications of composition yield: {P}s1; …; sn{Q}

8 PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 8 Example proof {B>=0} 1X:=B 2Y:=0 3while X>0 do 4 begin 5 Y:= Y+A 6 X:= X-1 7 end {Y=AB} That is, given B non-negative, show that when the program halts, Y=A*B.

9 PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 9 Proof outline General method is to work backwards. Look for loop invariant first: Y is part of partial product, and X is count of what remains So Y and X*A should be the product needed, i.e., invariant Y+X*A = A*B is proposed invariant Try: (Y+X*A=A*B and X³0)

10 PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 10 Proof Axiom of assignment(6): {(Y+(X-1)A=A*B and X-1>=0)} X:=X-1 {(Y+X*A=A*B and X>=0)} Axiom of assignment(5): {((Y+A)+(X-1)A=A*B and X-1>=0)} Y:=Y+A {(Y+(X-1)*A=A*B and X-1>=0)} Axiom of composition(5,6): {(Y+A)+(X-1)*A=A*B and X-1>=0)} Y:=Y+A; X:=X-1 {(Y+X*A=A*B and X>=0)} Mathematical Theorem: Y+X*A=A*B and X>0  ((Y+A)+(X- 1)*A=A*B and X-1>=0) Axiom of consequence: {Y+X*A=A*B and X>0} Y:=Y+A; X:=X-1 {(Y+X*A=A*B and X>=0)} Mathematical theorem: (Y+X*A=A*B and X>=0) and (X>0)  Y+X*A=A*B and X>0 Axiom of consequence: {(Y+X*A=A*B and X>=0)and (X>0)} Y:=Y+A; X:=X-1 {(Y+X*A=A*B and X>=0)} [Call this **] While axiom: ** {Y+X*A=A*B and X>=0}while X>0 do Y:=Y+A; X:=X-1 {(Y+X*A=A*B and X>=0) and not(X>0)}

11 PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 11 Proof (continued) Mathematical theorem: (Y+X*A=A*B and X>=0) and not(X>0)  (Y+X*A=A*B and X=0)  Y=AB Axiom of consequence: {Y+X*A=A*B and X>=0}while X>0 do Y:=Y+A; X:=X-1 {Y+A*B} Axiom of assignment: {0+X*A=A*B and X>=0} Y:=0 {Y+X*A=A*B and X>=0} Axiom of assignment: {0+B*A=A*B and B>=0} X:=B {0+X*A=A*B and X>=0)} Axiom of composition: {0+B*A=A*B and B>=0} X:=B; Y:=0 {Y+X*A=A*B and X>=0)} Mathematical theorem: (B>=0)  0+B*A=A*B and B>=0 Axiom of consequence: {B>=0} X:=B; Y:=0{Y+X*A=A*B and X>=0)} Composition: {B>=0} program {Y=A*B}

12 PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 12 Summary – Axiomatic verification Need to develop axioms for all language features. Can do it for simple arrays, procedure calls, parameters Difficult, even on small programs; very hard to scale up to larger programs Does not translate well to non-mathematical problems; extremely expensive to implement Hard to automate. Manual process leads to many errors. But Precise; clearly delineates the “what” with the “how” Basis for most other verification methods, including semiformal specification notations. For critical applications, it may be worth the cost.

Download ppt "PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 1 PZ03D - Program verification Programming Language Design."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Program verification: flowchart programs Book: chapter 7.

Program verification: flowchart programs Book: chapter 7.
Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.

Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Copyright 2003-04, Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.

Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
11111 Functional Program Verification CS 4311 A. M. Stavely, Toward Zero Defect Programming, Addison-Wesley, 1999. Y. Cheon and M. Vela, A Tutorial on.

11111 Functional Program Verification CS 4311 A. M. Stavely, Toward Zero Defect Programming, Addison-Wesley, Y. Cheon and M. Vela, A Tutorial on.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
PZ08A Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 1 PZ08A - Prime programs Programming Language Design and.

PZ08A Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, PZ08A - Prime programs Programming Language Design and.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.

David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.
Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.

Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.
Partial correctness © Marcelo d’Amorim 2010.

Partial correctness © Marcelo d’Amorim 2010.
Axiomatic Semantics The meaning of a program is defined by a formal system that allows one to deduce true properties of that program. No specific meaning.

Axiomatic Semantics The meaning of a program is defined by a formal system that allows one to deduce true properties of that program. No specific meaning.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Program Proving Notes Ellen L. Walker.

Program Proving Notes Ellen L. Walker.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.
CS 355 – Programming Languages

CS 355 – Programming Languages

Similar presentations

Ads by Google