Download
1 / 14
140 likes | 355 Views
Mathematical Reasoning. Goal: To prove correctness Method: Use a reasoning t able Prove correctness on all valid inputs. Example: Prove Correctness. Spec: Operation Do_Nothing ( i : Integer); requires min_int <= i and i + 1 <= max_int ; ensures i = # i ; Code :
E N D
Mathematical Reasoning Goal: To prove correctness Method: Use a reasoning table Prove correctness on all valid inputs
Example: Prove Correctness Spec: OperationDo_Nothing(i: Integer); requiresmin_int <= i and i + 1 <= max_int; ensuresi= #i; Code: Increment(i); Decrement(i);
Design by Contract • Requirements and guarantees • Requires clauses are preconditions • Ensures clauses are postconditions • Caller is responsible for requirements • Postcondition holds only if caller meets operation’s requirements
Basics of Mathematical Reasoning • Suppose you are proving the correctness for some operation P • Confirm P’s ensures clause at the last state • Assume P’s requires clause in state 0
In State 2 – Establish Goal of Do_Nothing’s Ensures Clause Assume Confirm 0 Increment(i); 1 Decrement(i) 2 i2 = i0
In State 0 Assume Do_Nothing’s Requires Clause Assume Confirm 0 min_int <= i0 and i0 + 1 <= max_int Increment(i); 1 Decrement(i) 2 i2 = i0
More Basics • Now, suppose that P calls Q • Confirm Q’s requires clause in the state before Q is called • Assume Q’s ensures clause in the state after Q is called
Specification of Integer Operations OperationIncrement (i: Integer); requiresi + 1 <= max_int; ensuresi= #i+ 1; Operation Decrement (i: Integer); requiresmin_int <= i - 1; ensuresi = #i – 1;
Assume Calls Work as Advertised Assume Confirm 0 min_int<= i0 and i0 + 1 <= max_int Increment(i); 1 i1 = i0 + 1 Decrement(i) 2 i2 = i1 - 1i2 = i0
More Preconditions Must Be Confirmed Assume Confirm 0 min_int<= i0 and i0 + 1 <= max_inti0 + 1 <= max_int Increment(i); 1 i1 = i0 + 1 min_int <= i1 - 1 Decrement(i) 2 i2 = i1 - 1i2 = i0
Write Down Verification Conditions(VCs) • Verification Condition for State 0 • (min_int <= i0) ^ (i0 + 1 <= max_int) • i0 + 1 <= max_int
Write Down Verification Conditions(VCs) • VC for State 1 • P1: min_int <= i0 (from State 0) • P2: i0 + 1 <= max_int(from State 0) • P3: i1 = i0 + 1 • VC: P1 ^ P2 ^ P3 min_int <= i1 - 1 • VC for State 2 • P4: i2 = i1 - 1 • VC: P1 ^ P2 ^ P3 ^ P4 i2 = i0
Use Direct Proof Method • For p q • Assume premise ‘p’ • Show conclusion ‘q’ is true • Prove VC for State 0 • Assume P1: min_int <= i0 • Assume P2: i0 + 1 <= max_int • Show: i0 + 1 <= max_int
Prove VCs for State 1 & State 2 • Prove VC for State 1 • Assume P1: min_int <= i0 • Assume P2: i0 + 1 <= max_int • Assume P3: i1 = i0 + 1 • Show: min_int <= i1 - 1 • Prove VC for State 2 • Assume P1 ^ P2 ^ P3 • Assume P4: i2 = i1 – 1 • Show: i2 = i0
