Software verification 1 deductive verification
This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

Software Verification 1 Deductive Verification PowerPoint PPT Presentation


  • 77 Views
  • Uploaded on
  • Presentation posted in: General

Software Verification 1 Deductive Verification. Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik. Propositional Logic. A formal specification method consists of three parts

Download Presentation

Software Verification 1 Deductive Verification

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Software verification 1 deductive verification

Software Verification 1Deductive Verification

Prof. Dr. Holger Schlingloff

Institut für Informatik der Humboldt Universität

und

Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik


Propositional logic

Propositional Logic

  • A formal specification method consists of three parts

    • syntax, i.e., what are well-formed specifications

    • semantics, i.e., what is the meaning of a specification

    • calculus, i.e., what are transformations or deductions of a specification

  • Propositional logic: probably the first and most widely used specification method

    • dates back to Aristotle, Chrysippus, Boole, Frege, …

    • base of most modern logics

    • fundamental for computer science


Syntax of propositional logic

Syntax of Propositional Logic

  • Let Ρbe a finite set {p1,…,pn} of propositions

    and assume that ,  and (, ) are not inΡ

  • SyntaxPL ::= Ρ |  | (PL  PL)

    • every p is a wff

    •  is a wff („falsum“)

    • if  and  are wffs, then () is a wff

    • nothing else is a wff


Remarks

Remarks

  • Ρ may be empty

    • still a meaningful logic!

  • Minimalistic approach

    • infix-operator  necessitates parentheses

    • other connectives can be defined as usual

      ¬ ≙ (  )(linear blowup!)

      Τ≙ ¬

      () ≙(¬)

      () ≙¬(¬¬) ≙¬(¬)

      () ≙(()()) (exponential blowup!)

    • operator precedence as usual

    • literal = a proposition or a negated proposition


Exercise

Exercise

  • Abbreviations

    ¬ ≙ (  ) also ~

    Τ≙ ¬

    () ≙(¬) also (+), (|), (v)

    () ≙¬(¬¬) ≙¬(¬)also (*), (&), (^)

    () ≙(()())also ( <-> ), (<=>)

  • Write ((pq)  ¬p) unabbreviated


Choice of the signature

Choice of the Signature

  • Te set Ρ={p1,…,pn} of propositions is also called the signature of the logic

  • The choice of Ρ often is the decisive abstraction step for modelling a system

    • it determines which aspects are “accessible” to the specification

    • Wittgenstein: “die Welt ist alles was der Fall ist”; the world consists of all true propositions

    • e.g., sun-is-shining, pot-on-stove, line-busy, button_pressed, window5infocus, motor-on, …

    • names should be chosen with consideration


Semantics of propositional logic

Semantics of Propositional Logic

  • Propositional Model

    • Truth value universe U: {true, false}

    • Interpretation I: assignment Ρ↦ U

    • Model M: (U,I)

  • Validation relation ⊨ between model M and formula 

    • M ⊨ p if I(p)=true

    • M ⊭ 

    • M ⊨ () if M ⊨  implies M ⊨ 

  • M validates or satisfiesiff M ⊨ 

    •  is valid (⊨) iff every model M validates 

    •  is satisfiable (SAT()) iff some model M satisfies 


Propositional calculus

Propositional Calculus

  • Various calculi have been proposed

    • boolean satisfiability (SAT) algorithms

    • tableau systems, natural deduction,

    • enumeration of valid formulæ

  • Hilbert-style axiom system

    ⊢ (())(weakening)

    ⊢ ((()) (()()))(distribution)

    ⊢ (¬¬)(excluded middle)

    , () ⊢ (modus ponens)

  • Derivability

    • All substitution instances of axioms are derivable

    • If all antecedents of a rule are derivable, so is the consequent


An example derivation

An Example Derivation

Show ⊢ (pp)

  • ⊢(p((pp)p))((p(pp))(pp)) (dis)

  • ⊢(p((pp)p)) (wea)

  • ⊢((p(pp))(pp)) (1,2,mp)

  • ⊢(p(pp)) (wea)

  • ⊢(pp) (3,4,mp)


Correctness and completeness

Correctness and Completeness

  • Correctness: ⊢  ⊨

    Only valid formulæ can be derived

    • Induction on the length of the derivation

    • Show that all axiom instances are valid, and thatthe consequent of (mp) is valid if both antecedents are

  • Completeness: ⊨  ⊢

    All valid formulæ can be derived

    • Show that consistent formulæ are satisfiable~⊢¬  ~⊨¬


Consistency and satisfiability

Consistency and Satisfiability

  • A finite set Φ of formulæ is consistent, if ~⊢¬ΛΦ

  • Extension lemma: If Φ is a finite consistent set of formulæ and  is any formula, then Φ{} or Φ{¬} is consistent

    • Assume ⊢¬(Φ) and ⊢¬(Φ¬). Then ⊢(Φ¬) and ⊢(Φ¬¬). Therefore ⊢¬Φ, a contradiction.

  • Let SF() be the set of all subformulæ of 

  • For any consistent , let # be a maximal consistent extension of  (i.e., # and for every SF(), either #or ¬#. (Existence guaranteed by extension lemma)


Canonical models

Canonical models

  • For a maximal consistent set #, the canonical modelCM(#) is defined by I(p)=true iff p#.

  • Truth lemma: For any SF(), I()=true iff #

    • Case =p: by construction

    • Case =: Φ{} cannot be consistent

    • Case =(12): by induction hypothesis and derivation

  • Therefore, if  is consistent, then for any maximal consistent set #, CM(#)⊨

    • any consistent formula is satisfiable

    • any unsatisfiable formula is inconsistent

    • any valid formula is derivable


Example combinational circuits

Example: Combinational Circuits

Pictures taken from: http://www.scs.ryerson.ca/~aabhari/cps213Chapter4.ppt

  • Multiplexer

    • S selects whether I0 or I1 is output to Y

    • Y = if S then I1else I0end

    • (Y((SI1)(¬SI0)))


Boolean specifications

Boolean Specifications

  • Evaluator (output is 1 if input matches a certain binary value)

  • Encoder (output i is set if binary number i is on input lines)

  • Majority function (output is 1 if half or more of the inputs are 1)

  • Comparator (output is 1 if input0 > input1)

  • Half-Adder, Full-Adder, …


Software example

Software Example

  • Code generator optimization

    • if (p and q) then if (r) then x else y else if (q or r) then y else if (p and not r) then x else y

  • Loop optimization


Puzzle example ivor spence s sudoku

Puzzle Example: Ivor Spence’s Sudoku

http://www.cs.qub.ac.uk/~i.spence/SuDoku/SuDoku.html


How does he do it

How Does He Do It?

  • Propositional modelling

    • 9 propositions per cell: proposition “ijk” indicates that row i, column j contains value k

    • individual cell clauses

      • each cell contains exactly one value

        • (ij1 v ij2 v … v ij9) ^ ~(ij1 ^ ij2) ^ … ^ ~(ij8 ^ ij9)

    • row and column clauses

      • each row i contains each number, exactly once

        • (i11 v … v i91) ^ (i12 v … v i92) ^ … (i19 v … v i99)

        • j1 j2, k=1..9: ~(ij1k ^ ij2k)

      • same for columns

    • block clauses – similar

    • pre-filled cells – easy

  • SAT solving

    • 729 propositions, ca. 3200 clauses  few seconds


Verification of boolean functions

Verification of Boolean Functions

  • Latch-Up: can a certain line go up?

    • does (¬L0) hold?

    • is (L0) satisfiable?

  • Given , ; does () hold?

    • usually reduced to SAT:is ((¬)(¬)) satisfiable?

    • efficient SAT-solver exist (annual competition)

    • partitioning techniques

  • any output depends only on some inputs

    • find which ones

    • generate test patterns (BIST: built-in-self-test)


Optimizing boolean functions

Optimizing Boolean Functions

  • Given ; find  such that () holds and  is „optimal“

    • much harder question

    • optimal wrt. speed / size / power /…

    • translation to normal form (e.g., OBDD)


  • Login