Exam 2 help session
This presentation is the property of its rightful owner.
Sponsored Links
1 / 30

Exam 2 Help Session PowerPoint PPT Presentation


  • 33 Views
  • Uploaded on
  • Presentation posted in: General

Exam 2 Help Session. Prepared by Stephen M. Thebaut, Ph.D. University of Florida. Software Testing and Verification. A student writes:

Download Presentation

Exam 2 Help Session

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Exam 2 help session

Exam 2 Help Session

Prepared by

Stephen M. Thebaut, Ph.D.

University of Florida

Software Testing and Verification


Exam 2 help session

  • A student writes:

    I would like to request you to provide some tips on hypothesizing functions for given programs. I refer in particular to Example 2 of Lecture Notes #24 and Question 1 of the self check quiz in lesson plan for Lectures Notes #’s 24 and 25.

    Although I followed the concept of synthesizing limited invariants, I found it difficult to come up with a function to represent the given program when I attempted these on my own.


Exam 2 help session

  • General Rule of Thumb for hypothesizing functions of compound programs:

    • Work top-down, and

    • Use the Axiom of Replacement

  • Good example (nested if_then’s + sequencing): problem 4 of Problem Set 7

  • For while loops, see examples 1 and 2 from Lecture Notes #21.


Example 2 from lecture notes 24

Example 2 (from Lecture Notes #24)

  • Consider the assertion:

    {n≥0}

    p := 1

    k := 0

    while k<>n do

    p := p*2

    k := k+1

    end_while

    {p=2n}

What function, f, is computed by the while loop?


Example 2 cont d

Example 2 (cont’d)

P = while k<>n do p,k := 2p,k+1

When will P terminate?

What measure would you use to prove this using the method of Well-Founded Sets?

Use the measure in one or more conditional rules describing the function.

For this case, the initial relationship between k and n determine three different loop “behaviors.” (What are they?)


Example 2 cont d1

Example 2 (cont’d)

  • P = while k<>n do p,k := 2p,k+1

    k<n  p,k := p2n−k,n

    k=n  p,k := p,k

    := p2n−k,n

    k>n  undefined

    Therefore,

    [P] = (k≤n  p,k := p2n−k,n)


Problem 1 from self check quiz

Problem 1 from Self-Check Quiz

Consider the assertion:

y := 0

t := x

while t<>k do

t := t–1

y := y+1

end_while

What function, f, is computed by the while loop?


Problem 1 from self check quiz cont d

Problem 1 from Self-Check Quiz (cont'd)

P = while t<>k do t,y := t–1,y+1

t>k  t,y := k,y+1*(t-k)

:= k,y+t-k

t=k  t,y := t,y

:= k,y+t-k

t<k  undefined

Therefore,

[P] = (t≥k  t,y := k,y+t-k)


Exam 2 help session

  • Another student writes:

    I have some questions about exam 2 for fall 07, problem No 6. And I do not know how to make up counterexample.


Exam 2 help session

6. (4 pts.) It was noted in class that wp(while b do s, Q) is the weakest (while)loop invariant which guarantees termination. Is it also the case that the wp(Repeat s until b) is the weakest (Repeat_until) loop invariant which guarantees termination? Carefully justify your answer. (Hint: recall that in Problem Set 6, you were asked to prove “finalization” from the while loop ROI using the weakest pre-condition as an invariant. Does “finalization” from the Repeat_until ROI hold using the weakest pre-condition as an invariant?)

Answer: No. In general, the wp(Repeat s until b, Q) cannot be used as an invariant with the Repeat_until ROI. In particular, (wp(Repeat s until b) Лb ≠> Q in general). (Note that the ROI –- i.e., via the “initialization” antecedent {P} s {I} -- does not require “I” to hold until after s executes.


Roi for while loop and repeat until loop

ROI for while loop and repeat_until loop

P  I, {IЛ b} S {I}, (IЛb)  Q

{P} while b do S {Q}

{P} S {I}, {IЛ b} S {I}, (IЛ b)  Q

{P} repeat S until b {Q}

Note that for the repeat_until loop, "I" need not hold UNTIL AFTER S executes.


Exam 2 help session

wp(repeat S until b, Q) = H1 V H2 V H3 V...

where:

H1 = wp(S, b ЛQ)

H2 = wp(S, ~b ЛH1)

H3 = wp(S, ~b ЛH2)

Hk = wp(S, ~b Л Hk-1)

Note that b Л (H1 V H2 V H3 V...)  Q

in general.


Finding counter examples

Finding counter-examples

  • Suppose you wish to prove (A => B) is FALSE.

  • This can be done by finding just one case for which A is true and B is false. This case is referred to as a "counter-example".

  • So, to prove that the hypothesized ROI:

    A, B, C

    {P} while b do S {Q}

    is FALSE, find one case for which A, B, and C are each true, but {P} while b do S {Q} is FALSE.

?


Finding counter examples cont d

Finding counter-examples (cont'd)

  • How do you identify such a case? By exploiting the fallacy in the (FALSE) ROI.

  • For example, what's the fallacy in the following ROI?

    P  I, (IЛb)  Q

    {P} while b do S {Q}

    Answer: The two antecedents do not require that "I" holds after S executes! So, choose P, b, S, Q, and I such that the two antecedents hold, but neither I nor Q will hold after S executes when b becomes false.

?


Finding counter examples cont d1

Finding counter-examples (cont'd)

P  I, (IЛb)  Q

{P} while b do S {Q}

For example, consider, for I: x=1

{x=1 Л y=-17}

while y<0 do

y := y+1

x := 2

end_while

{x=1}

?


Problem 2 exam 2 summer 09

Problem 2, Exam 2, Summer ‘09

  • Suppose {P} while b do S {Q} for some P, Q, b, and S. Suppose, too, that K = wp(while b do S, Q). Circle “necessarily true” or “not necessarily true” for each of the following assertions.

    b. {K Л b} S {K}true (See Lecture Notes #20.)


Loop invariants and wp s

Loop Invariants and wp’s

  • In general, will loops terminate when

    P  wp ?

  • For while loops, does {wp Л b} S {wp} ?

  • Does (wp Л ¬b)  Q ?


Problem 2 exam 2 summer 091

Problem 2, Exam 2, Summer ‘09

  • Suppose {P} while b do S {Q} for some P, Q, b, and S. Suppose, too, that K = wp(while b do S, Q). Circle “necessarily true” or “not necessarily true” for each of the following assertions.

    b. {K Л b} S {K}true (See Lecture Notes #20.)

    e. {K Л b} repeat S until ¬b {Q} true


Exam 2 help session

{K Лb}

{K Лb}

S

K (since {K Лb} S {K})

S

T

=

¬b

T

¬b

F

S

F

{Q} ?

{Q}

(since (K Л ¬b)  Q)


Problem 3 exam 2 summer 09

Problem 3, Exam 2, Summer ‘09

3. Circle either “true” or “false” for each of the following assertions.

k. ({P} S {Q})  ({P} if b then S {(Q b)})

False

The assertion may seem plausible, but consider:

{z=1} y:=5 {z=1}  {z=1} if x=0 then y:=5 {(z=1  x=0)} ?


Problem 2 exam 2 spring 10

Problem 2, Exam 2, Spring ‘10

2. Circle either “true” or “false” for each of the following assertions.

h. [{P Л b} S {Q}]  [{P} while b do S {Q}]

False

Consider the counterexample:

{x=0} while x<5 do x:=x+1 {x=1}


Exam 2 help session

  • A student writes:

    We've learned two ways of identifying loop invariant "I": a heuristic approach and a more systematic approach. My question is: since a systematic approach seems to be more effective, can we always use it to find I for all the problems?

  • Unfortunately, no. The concept of an “invariant” as described in the context of axiomatic verification is directly related to a Rule of Inference (ROI), e.g.:

    P  I, {IЛ b} S {I}, (IЛb)  Q

    {P} while b do S {Q}


Exam 2 help session

  • The antecedents represent the necessary and sufficient requirementsfor I (in terms of P, b, S, and Q) in order to use the ROI to deduce {P} while b do S {Q}.

  • The heuristics considered in class are motivated by these necessary and sufficient requirements, and are therefore dependent on the program’s specification (P and Q), as well as the program itself.

  • In contrast, a (full) invariant as defined in Mill’s Invariant Status Theorem is a logical condition with properties:

    q(X0), ( q(X)Лp(X) ) qog(X), and ( q(X)Л¬p(X) ) ( X=f(X0) )

    where q(X)=( f(X)=f(X0) ).


Exam 2 help session

  • The function f = [while p do g],which is “characterized by q on termination,” need not be consistent with the pre- and post-condition used to specify the program by a user/designer.

  • Thus, an invariant derived using the Invariant Status Theorem may or may not allow one to prove that a user/designer specified post-condition will hold on termination of a loop.

  • In “reasonable” cases, however, q may be useful, at least as a starting point, in a trial-and-error process.

  • Additional research is needed to fully explore this area.


Exam 2 help session

  • A student writes:

    I still have trouble in providing counter examples...

  • Consider the following assertion/ROI:

    “People who wear red shirts do not smoke.”

    =

    Wears red shirts(X) => Does not smoke(X)

    =

    Wears red shirts(X)

    Does not smoke(X)


Exam 2 help session

  • Is the assertion valid (true)?

  • No. Proof by counterexample:

  • This person satisfies the antecedent, but not the consequent!


More examples

More examples

Does [(P Л ¬b)  Q]  [{P} while b do S {Q}] ?

=

[(P Л ¬b)  Q]

[{P} while b do S {Q}]

Counterexample:

{x=0} while y<>5 do x := x+1; y := y+1 {x=0 Л y=5}

?


From exam 2 spring 10 problem 2

From Exam 2, Spring ‘10, problem 2

True or False?

c. {x=5} while k <= 5 do k := k+3 {k-x≥0} strongly

e. {wp(S, Q)}  x>0} x := 17; S {Q}


Confusion re undefined and i identity function

Confusion re “undefined” and “I” (Identity function)

“I am confused about ‘undefined’ and ‘I’.

Suppose we have the program P like this:

                                  if (x>0)                                        x := 9                                   end_if

Is [P] = (x>0 -> x := 9|true ->I) or

[P] = (x>0 -> x := 9|true ->undefined)?


Exam 2 help session1

Exam 2 Help Session

Prepared by

Stephen M. Thebaut, Ph.D.

University of Florida

Software Testing and Verification


  • Login