- By
**doane** - Follow User

- 120 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about ' Software Verification 1 Deductive Verification' - doane

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### Software Verification 1Deductive Verification

Prof. Dr. Holger Schlingloff

Institut für Informatik der Humboldt Universität

und

Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik

Propositional Logic

- A formal specification method consists of three parts
- syntax, i.e., what are well-formed specifications
- semantics, i.e., what is the meaning of a specification
- calculus, i.e., what are transformations or deductions of a specification
- Propositional logic: probably the first and most widely used specification method
- dates back to Aristotle, Chrysippus, Boole, Frege, …
- base of most modern logics
- fundamental for computer science

Syntax of Propositional Logic

- Let Ρbe a finite set {p1,…,pn} of propositions

and assume that , and (, ) are not inΡ

- Syntax PL ::= Ρ | | (PL PL)
- every p is a wff
- is a wff („falsum“)
- if and are wffs, then () is a wff
- nothing else is a wff

Remarks

- Ρ may be empty
- still a meaningful logic!
- Minimalistic approach
- infix-operator necessitates parentheses
- other connectives can be defined as usual

¬ ≙ ( ) (linear blowup!)

Τ≙ ¬

() ≙(¬)

() ≙¬(¬¬) ≙¬(¬)

() ≙(()()) (exponential blowup!)

- operator precedence as usual
- literal = a proposition or a negated proposition

Exercise

- Abbreviations

¬ ≙ ( ) also ~

Τ≙ ¬

() ≙(¬) also (+), (|), (v)

() ≙¬(¬¬) ≙¬(¬) also (*), (&), (^)

() ≙(()()) also ( <-> ), (<=>)

- Write ((pq) ¬p) unabbreviated

Choice of the Signature

- Te set Ρ={p1,…,pn} of propositions is also called the signature of the logic
- The choice of Ρ often is the decisive abstraction step for modelling a system
- it determines which aspects are “accessible” to the specification
- Wittgenstein: “die Welt ist alles was der Fall ist”; the world consists of all true propositions
- e.g., sun-is-shining, pot-on-stove, line-busy, button_pressed, window5infocus, motor-on, …
- names should be chosen with consideration

Semantics of Propositional Logic

- Propositional Model
- Truth value universe U: {true, false}
- Interpretation I: assignment Ρ↦ U
- Model M: (U,I)
- Validation relation ⊨ between model M and formula
- M ⊨ p if I(p)=true
- M ⊭
- M ⊨ () if M ⊨ implies M ⊨
- M validates or satisfiesiff M ⊨
- is valid (⊨) iff every model M validates
- is satisfiable (SAT()) iff some model M satisfies

Propositional Calculus

- Various calculi have been proposed
- boolean satisfiability (SAT) algorithms
- tableau systems, natural deduction,
- enumeration of valid formulæ
- Hilbert-style axiom system

⊢ (()) (weakening)

⊢ ((()) (()())) (distribution)

⊢ (¬¬) (excluded middle)

, () ⊢ (modus ponens)

- Derivability
- All substitution instances of axioms are derivable
- If all antecedents of a rule are derivable, so is the consequent

An Example Derivation

Show ⊢ (pp)

- ⊢(p((pp)p))((p(pp))(pp)) (dis)
- ⊢(p((pp)p)) (wea)
- ⊢((p(pp))(pp)) (1,2,mp)
- ⊢(p(pp)) (wea)
- ⊢(pp) (3,4,mp)

Correctness and Completeness

- Correctness: ⊢ ⊨

Only valid formulæ can be derived

- Induction on the length of the derivation
- Show that all axiom instances are valid, and thatthe consequent of (mp) is valid if both antecedents are
- Completeness: ⊨ ⊢

All valid formulæ can be derived

- Show that consistent formulæ are satisfiable~⊢¬ ~⊨¬

Consistency and Satisfiability

- A finite set Φ of formulæ is consistent, if ~⊢¬ΛΦ
- Extension lemma: If Φ is a finite consistent set of formulæ and is any formula, then Φ{} or Φ{¬} is consistent
- Assume ⊢¬(Φ) and ⊢¬(Φ¬). Then ⊢(Φ¬) and ⊢(Φ¬¬). Therefore ⊢¬Φ, a contradiction.
- Let SF() be the set of all subformulæ of
- For any consistent , let # be a maximal consistent extension of (i.e., # and for every SF(), either #or ¬#. (Existence guaranteed by extension lemma)

Canonical models

- For a maximal consistent set #, the canonical modelCM(#) is defined by I(p)=true iff p#.
- Truth lemma: For any SF(), I()=true iff #
- Case =p: by construction
- Case =: Φ{} cannot be consistent
- Case =(12): by induction hypothesis and derivation
- Therefore, if is consistent, then for any maximal consistent set #, CM(#)⊨
- any consistent formula is satisfiable
- any unsatisfiable formula is inconsistent
- any valid formula is derivable

Example: Combinational Circuits

Pictures taken from: http://www.scs.ryerson.ca/~aabhari/cps213Chapter4.ppt

- Multiplexer
- S selects whether I0 or I1 is output to Y
- Y = if S then I1else I0end
- (Y((SI1)(¬SI0)))

Boolean Specifications

- Evaluator (output is 1 if input matches a certain binary value)
- Encoder (output i is set if binary number i is on input lines)
- Majority function (output is 1 if half or more of the inputs are 1)
- Comparator (output is 1 if input0 > input1)
- Half-Adder, Full-Adder, …

Software Example

- Code generator optimization
- if (p and q) then if (r) then x else y else if (q or r) then y else if (p and not r) then x else y
- Loop optimization

Puzzle Example: Ivor Spence’s Sudoku

http://www.cs.qub.ac.uk/~i.spence/SuDoku/SuDoku.html

How Does He Do It?

- Propositional modelling
- 9 propositions per cell: proposition “ijk” indicates that row i, column j contains value k
- individual cell clauses
- each cell contains exactly one value
- (ij1 v ij2 v … v ij9) ^ ~(ij1 ^ ij2) ^ … ^ ~(ij8 ^ ij9)
- row and column clauses
- each row i contains each number, exactly once
- (i11 v … v i91) ^ (i12 v … v i92) ^ … (i19 v … v i99)
- j1 j2, k=1..9: ~(ij1k ^ ij2k)
- same for columns
- block clauses – similar
- pre-filled cells – easy
- SAT solving
- 729 propositions, ca. 3200 clauses few seconds

Verification of Boolean Functions

- Latch-Up: can a certain line go up?
- does (¬L0) hold?
- is (L0) satisfiable?
- Given , ; does () hold?
- usually reduced to SAT: is ((¬)(¬)) satisfiable?
- efficient SAT-solver exist (annual competition)
- partitioning techniques
- any output depends only on some inputs
- find which ones
- generate test patterns (BIST: built-in-self-test)

Optimizing Boolean Functions

- Given ; find such that () holds and is „optimal“
- much harder question
- optimal wrt. speed / size / power /…
- translation to normal form (e.g., OBDD)

Download Presentation

Connecting to Server..