This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: Intro to Proofs of Correctness Prepared by Stephen M. Thebaut, Ph.D. University of Florida CEN 5035 Software Engineering Outline • Introduction • Axiomatic verification • Predicate transforms • Functional verification • Some limitations Introduction • What is a Proof of Correctness? A collection of techniques that apply the formality and rigor of mathematics to the task of proving the consistency between a program and a rigorous specification of the program. • Also referred to as “formal verification.” Introduction (cont’d) • What are the benefits of studying formal verification? – Understanding its limitations . – Deeper insights into programming and program structures. – Criteria for judging both programs and programming languages. – The ability to formally verify small (or parts of large) programs. – Introduction – Weak correctness predicate – Assignment statements – Sequencing – ifthen statements – Iteration Axiomatic verification Introduction • What is Axiomatic Verification? A formal method of reasoning about the functional correctness of a structured, sequential program by tracing its state changes from an initial (i.e., pre) condition to a final (i.e., post) condition according to a set of selfevident rules (i.e., axioms). Weak Correctness Predicate • To prove that program S is (weakly) correct with respect to precondition P and postcondition Q, it is sufficient to show: {P} S {Q}. • Interpretation of {P} S {Q}: “ if the input (initial state) satisfies pre condition P and ( if ) program S executes and terminates, then the output (final state) must satisfy post condition Q.” Weak Correctness Predicate (cont’d) • Note that {P} S {Q} is really just a “double conditional” of the form: (A Л B) C where A is “P holds before executing S”, B is “S terminates”, and C is “Q holds after executing S”. • Therefore, the one and only case for which {P} S {Q} is false is: “ Q could be false if S terminates, given that P held before S executes.” Weak Correctness Predicate (cont’d) • What are the truth values of the following assertions? (1) {x=1} y := x+1 {y>0} Weak Correctness Predicate (cont’d) • What are the truth values of the following assertions? (1) {x=1} y := x+1 {y>0} True, because if P holds initially, Q must hold when S terminates Weak Correctness Predicate (cont’d) • What are the truth values of the following assertions? (2) {x>0} x := x1 {x>0} Weak Correctness Predicate (cont’d) • What are the truth values of the following assertions? (2) {x>0} x := x1 {x>0} False, because Q may not hold when S terminates given that P holds initially. Weak Correctness Predicate (cont’d) • What are the truth values of the following assertions?...
View
Full
Document
This note was uploaded on 05/27/2011 for the course CEN 5035 taught by Professor Staff during the Fall '08 term at University of Florida.
 Fall '08
 Staff

Click to edit the document details