Presentation is loading. Please wait.

Presentation is loading. Please wait.

4/17/2017 Section 3.6 Program Correctness ch3.6.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "4/17/2017 Section 3.6 Program Correctness ch3.6."— Presentation transcript:

1 4/17/2017 Section 3.6 Program Correctness ch3.6

2 Program Correctness A correct program is a program that always produces correct output It is easy to prove that a program is incorrect: test program with sample input if it produces incorrect results, it is incorrect The converse is not so simple, however: can’t prove correctness by testing unless all possible inputs can be tested

3 Proving Program Correctness
Also known as program verification Uses rules for inference and mathematical reasoning, including mathematical induction Difficult, perhaps impossible to automate the process

4 Proving Program Correctness
Two major steps: Prove partial correctness: that is, prove that the program produces correct output if it terminates Prove that the program always terminates Two propositions involved: initial assertion: gives properties input values must have final assertion: gives properties output should have, if program performed correctly

5 Proving Program Correctness
A program or program segment S is said to be partially correct with respect to initial assertion p and final assertion q if: whenever p is true for the input values of S and S terminates, q is true for output values of S The notation p{S}q indicates such partial correctness

6 Partial Correctness Note that partial correctness does not state that a program always terminates; it focuses on whether or not a program performs correctly if it terminates Note also that partial correctness is only proven within the context of the initial and final assertions

7 Example 1 Show that the following program segment is correct with respect to the assertions below: program segment: y = 2; z = x + y; initial & final assertions: p: x = 1 q: z = 3

8 Example 1 Suppose p is true: x equals 1 when program begins
Than y is assigned 2, and z is assigned the sum of x and y, or 3 Since z=3 is the final assertion, p{S}q is true

9 Rules of Inference and Program Correctness
Several rules of inference are useful in proving program correctness The first of these is called the composition rule, which in essence states that a program is correct if each of its subprograms is correct

10 Composition Rule Suppose a program S is split into subprograms S1 and S2 - the notation S=S1;S2 indicates S is made up of S1 followed by S2 Suppose S1 and S2 can each be proven partially correct with respect to assertions p, q and r - then we have p{S1}q and q{S2}r Thus, if p is true and S=S1;S2 executes and terminates, then r is true

11 Composition Rule Stated mathematically, the composition rule is:
p{S1}q q{S2}r  p{S1;S2}r

12 Conditional Statements
Conditional statements are program segments of the form: if condition then S (where S is a block of statements) When condition is true, S is executed When condition is untrue, S is not executed

13 Conditional Statements
To verify the segment is correct with respect to initial assertion p and final assertion q: show that when p is true and condition is true, then q is true after S terminates show that when p is true and condition is false, then q is true (that is, S does not execute)

14 Rule of Inference for Conditional Statements
(p  condition){S}q (p  condition)  q  p{if condition then S}q

15 Example 2 Verify that the following program segment is correct with respect to initial assertion p=T and final assertion q = y  x: if x > y then y := x Since p=T, we need only check condition: if x > y is true, y := x; thus y  x, so q is true if x > y is not true, then y  x, so q is true The program is correct with respect to given p and q

16 More complex conditional statements
With a statement of the form: if condition then S1 else S2 the logic is somewhat more complicated: if condition is true, S1 executes; if condition is untrue, S2 executes

17 Verifying more complex conditionals
To verify segment correct with respect to initial assertion p and final assertion q: show that when p is true and condition is true, q is true after S1 terminates; show that when p is true and condition is false, q is true after S2 terminates

18 Rule of Inference (p  condition){S1}q (p  condition){S2}q
 p{if condition then S1 else S2}q

19 Example 3 Verify that the program segment: x:=2 z:=x+y
if y > 0 then z:=z+1 else z:=0 is correct with respect to initial assertion y=3 and final assertion z=6

20 Example 3 Start by assuming p is true: that is, y=3
The assignment statements preceding the conditional set x to 2 and z to the sum of x and y, or 5 Since y=3 and 3>0, the condition is true, and the assignment statement sets z to z+1, or 6 So at the end, z=6 and q is true

21 Loops and loop invariants
A loop is a statement of the form: while condition S where S is executed repeatedly until condition becomes false A loop invariant is an assertion that remains true each time S is executed Assertion p is a loop invariant if (pcondition){S}p is true

22 Rule of Inference for Loops
(p  condition){S}p  p{while condition S}(condition  p)

23 Example 4 Verify the program segment below terminates with factorial = n! when n  Z: x := 1 factorial := 1 while x < n x = x + 1 factorial = factorial * x Let p be the proposition: factorial:=x! and x<=n We need to prove [p  (x < n)]{S}p in order to prove p{while x<n S}[(x  n)  p] is true

24 Example 4 Note that p is true before the loop is entered, since at that that point factorial=1=1! Assume p is true and x<n after one iteration of the loop assume loop executes again: x increments by 1 x is still <= n, since by the inductive hypothesis x<n before loop is entered, and x & n are positive factorial, which was (x-1)! by the inductive hypothesis, is set to (x-1)!*x = x!

25 Example 4 So p remains true, and p is a loop invariant
then [p  (x < n)]{S}p is true if follows that p{while x<n S}[(x  n)  p] is true The loop terminates after n-1 iterations with x=n, since x was 1 at the beginning of the program, is incremented by 1 during each iteration, and the loop terminates when x  n So, at termination, factorial = n!

26 Proving correctness of entire programs
Split the program into segments: the rule of composition can be used to build the correctness proof Prove the correctness of each segment: for example, if there are 4 segments, prove p{S1}q, q{S2}r, r{S3}s, and s{S4}t If all are true, then p{S}t is true If all 4 segments terminate, then S terminates, and correctness is proven

27 Program Correctness - ends -
Section 3.6 Program Correctness - ends -

Download ppt "4/17/2017 Section 3.6 Program Correctness ch3.6."

Similar presentations

In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows.

In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows.
Lecture 2 Based on Chapter 1, Weiss. Mathematical Foundation Series and summation: 1 + 2 + 3 + ……. N = N(N+1)/2 (arithmetic series) 1 + r+ r 2 + r 3 +………r.

Lecture 2 Based on Chapter 1, Weiss. Mathematical Foundation Series and summation: ……. N = N(N+1)/2 (arithmetic series) 1 + r+ r 2 + r 3 +………r.
PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 1 PZ03D - Program verification Programming Language Design.

PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, PZ03D - Program verification Programming Language Design.
Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.

Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
11111 Functional Program Verification CS 4311 A. M. Stavely, Toward Zero Defect Programming, Addison-Wesley, 1999. Y. Cheon and M. Vela, A Tutorial on.

11111 Functional Program Verification CS 4311 A. M. Stavely, Toward Zero Defect Programming, Addison-Wesley, Y. Cheon and M. Vela, A Tutorial on.
Loops (Part 1) Computer Science Erwin High School Fall 2014.

Loops (Part 1) Computer Science Erwin High School Fall 2014.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.

David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.
Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.

Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.

CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.
1 Operational Semantics Mooly Sagiv Tel Aviv University 640-6706 Textbook: Semantics with Applications.

1 Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Dr. Muhammed Al-Mulhem 1ICS535-101 ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.

Dr. Muhammed Al-Mulhem 1ICS ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.
Using Decision Procedures for Program Verification Christopher Lynch Clarkson University.

Using Decision Procedures for Program Verification Christopher Lynch Clarkson University.
Describing Syntax and Semantics

Describing Syntax and Semantics
Chapter Mathematical Induction

Chapter Mathematical Induction

Similar presentations

Ads by Google