Presentation is loading. Please wait.

Presentation is loading. Please wait.

2.7.2015 Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut.

Similar presentations


Presentation on theme: "2.7.2015 Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut."— Presentation transcript:

1 2.7.2015 Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut für offene Kommunikationssysteme FOKUS

2 Folie 2 H. Schlingloff, Software-Verifikation I Before and after the questions... Can you explain the wp-calculus? What is wp (x+=4, x<21)? How to determine wp(while (b) ,  )? What is a guarded command? Why is it useful? What is a contract?

3 Folie 3 H. Schlingloff, Software-Verifikation I Contracts weakest preconditions and strongest postconditions are related to the require-ensure-paradigm (also called assume- guarantee-paradigm): void foo(...) requires  ensures   ; is equivalent to (  wp( ,  ))  (sp( ,  )  ) such a statement is called contract  use of contract: {  [x 1 :=t 1,..., x n :=t n ]} foo(t 1,...,t n ) {  }

4 Folie 4 H. Schlingloff, Software-Verifikation I Example with contracts int min (int a, int b) if (a<b) min=a else min=b; {a>=min  b>=min  (a=min  b=min)} {T}{x = 5; y = 7; z = min (x, y)} {z==5} proof: { x = 5; y = 7; a = x; b = y;} {a==5  b==7} {if (a<b) min=a else min=b;} {a==5  b==7  a>=min  b>=min  (a=min  b=min)} {min==5} {z = min;} {z==5}

5 Folie 5 H. Schlingloff, Software-Verifikation I Parameter Passing Call by value  value of actual parameter is passed Call by reference  address of actual parameter is passed Call by value-result  value is passed, result is copied back Call by result  no value, but copying of result Call by name  name of actual parameter is passed

6 Folie 6 H. Schlingloff, Software-Verifikation I Example void strange (int x) { x+=2; a[i] = 4; i = 1; x+=2; } a = [1, 1]; i = 0; //a[0], a[1] strange(a[i]); reference: a=[6, 1] value: a=[4, 1] result: a=[?, 1] value-result: a=[5, 1] name: a=[4, 3]

7 Folie 7 H. Schlingloff, Software-Verifikation I Recursive Functions Example int pow(int a, int b){ if (b==0) return 1 else if (b%2==1) return a*pow(a,b-1) else return pow(a*a, b/2); How to define the semantics? How to verify correctness? How to prove termination?

8 Folie 8 H. Schlingloff, Software-Verifikation I Semantics denotational: least fixed points of functionals operational: substitution rule, e.g. in lambda- calculus (beta-reduction) pow(5,2) = if (2==0) return 1 else if (2%2==1) return 5*pow(5,2-1) else return pow(5*5, 2/2) =pow(25,1) = if (1==0) return 1 else if (1%2==1) return 25*pow(25,1-1) else return pow(25*25, 1/2) = 25*pow(25,0) = 25* if (0==0) return 1 else... = 25

9 Folie 9 H. Schlingloff, Software-Verifikation I Replacement Possibilities if there are several occurrences of a recursive function, which one to replace?  example term: f = g(f(x 0,f(x 1,x 2 )),f(f(x 3,x 4 ),f(x 5,x 6 ))) leftmost-innermost: g(f(x 0,f(x 1,x 2 )),f(f(x 3,x 4 ),f(x 5,x 6 ))) parallel-innermost: g(f(x 0,f(x 1,x 2 )),f(f(x 3,x 4 ),f(x 5,x 6 ))) leftmost: g(f(x 0,f(x 1,x 2 )),f(f(x 3,x 4 ),f(x 5,x 6 ))) parallel-outermost: g(f(x 0,f(x 1,x 2 )),f(f(x 3,x 4 ),f(x 5,x 6 ))) free-argument: g(f(x 0,f(x 1,x 2 )),f(f(x 3,x 4 ),f(x 5,x 6 ))) full-substitution : g(f(x 0,f(x 1,x 2 )),f(f(x 3,x 4 ),f(x 5,x 6 ))) Differences in the result?

10 Folie 10 H. Schlingloff, Software-Verifikation I Church-Rosser-Property “Diamond property”: if t 0  t 1 and t 0  t 2, then there is a t 3 such that t 1  t 3 and t 2  t 3  here  is repeated replacement by any rule Consequence: if computation terminates with result x according to replacement rule A and result y according to replacement rule B, then x=y Example:  int fun(int x, int y) { if (x==0) return 1 else return fun (x-1, fun(x-y, y))}  fun(2,1) = ?  fun(3,2) = ?

11 Folie 11 H. Schlingloff, Software-Verifikation I Axiomatic – Proof Rules for Recursion Correctness: ⊢ int f() {  } {} {  }  requires  ensures  Example:  int pow(int a, int b) {b>0}{...}{pow=a**b}  can be used in the verification of f!

12 Folie 12 H. Schlingloff, Software-Verifikation I Example: Fibonacci in Dafny function fib(n: nat): nat { if n == 0 then 0 else if n == 1 then 1 else fib(n - 1) + fib(n – 2)} method ComputeFib(n: nat) returns (b: nat) ensures b == fib(n) { var i := 1; var a := 0; b := 1; while i < n { a, b := b, a + b; i := i + 1; }


Download ppt "2.7.2015 Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut."

Similar presentations


Ads by Google