Strengthening vs. Incremental Proof

Temporal Verification of Reactive Systems: Safety

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
CS256/Winter 2007 — Lecture #7 Zohar Manna 7-1 Strengthening vs. Incremental Proof Comparing the Strategies We want to prove 0 q , but q is not inductive. We have two options: 1 Strengthening Strengthen it to q ϕ . Prove 0 ( q ϕ ) and deduce 0 q . 2 Incremental First prove 0 ϕ and then prove 0 q relative to ϕ . Resulting verifcation conditions: 1 I1. Θ q ϕ I2. { q ϕ } T { q ϕ } 2 I1’. Θ ϕ I2’. { ϕ } T { ϕ } 0 ϕ I1”. Θ q I2”. { q ϕ } T { q } 0 q 7-2 Strengthening vs. Incremental Proof (Con’t) 1 is strictly more power±ul than 2 . 2 implies 1 since ρ τ ϕ ϕ 0 | {z } I2’ ρ τ q ϕ q 0 | {z } I2” [ ρ τ q ϕ q 0 ϕ 0 | {z } I2 ] In practice, 2 is o±ten more use±ul than 1 allows breaking down the proo± in more manage- able pieces smaller verifcation conditions more intuitive 7-3 Strengthening vs. Incremental Proof (Con’t) Example: local x : integer where x = 1 0 : loop forever do h 1 : x := x + 1 i Show q 1 : at - 0 x > 0 q 2 : at - 1 x > 0 both are P -valid neither o± them is inductive but q 1 q 2 is inductive! 7-4
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Combining the Strategies Rule inc-inv : (incremental invariance) For assertions q , ϕ , χ 1 ,. . . , χ k I0. P q 0 χ 1 , . . . , 0 χ k I1. P q ( k ^ i =1 χ i ) ϕ q I2. P q Θ ϕ I3. P q n ( k ^ i =1 χ i ) ϕ o T { ϕ } P q 0 q If ϕ satis±es I2 and I3, we say that ϕ is inductive relative to χ 1 , . . . χ k 7-5 Combining the Strategies (Con’t) Note that Θ must be stronger than all the χ i ’s (i.e., P q Θ χ i ) and so P q k ^ i =1 χ i Θ ϕ P q Θ ϕ From now on, we usually omit “ P q ” and “ P q ”. 7-6 Detecting Trivial Verifcation Conditions { ϕ } T { ϕ } Don’t check every τ ∈ T . Ignore { ϕ } τ I { ϕ } always true Ignore { ϕ } τ { ϕ } if τ does not modify any variable in ϕ For { ϕ } τ { ϕ } where ϕ : p q ρ τ p q | {z } ϕ p 0 q 0 | {z } ϕ 0 Consider only τ ’s that validate p or falsify q 7-7 Finding Inductive Assertions Two methods: 1. Bottom-up: based on the program text only algorithmic guaranteed to produce an inductive invariant 2. Top-down: guided by the property we want to prove heuristic not guaranteed to produce an inductive invariant 7-8
Background image of page 2
Finding Inductive Assertions Bottom-Up Approach Transition-validated assertions: 1
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 9

Strengthening vs. Incremental Proof - CS256/Winter 2007 -...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online