1 / 122

# Exercise Solutions: Functional Verification

Exercise Solutions: Functional Verification. Software Testing and Verification. Prepared by Stephen M. Thebaut, Ph.D. University of Florida. Exercise (from Lecture Notes #21). “Identity” function: x,y := x,y. Given P = if x&gt;=y then x,y := y,x f 1 = (x&gt;y  x,y := y,x | true  I ) Download Presentation ## Exercise Solutions: Functional Verification

E N D

### Presentation Transcript

1. Exercise Solutions: Functional Verification Software Testing and Verification Prepared by Stephen M. Thebaut, Ph.D. University of Florida

2. Exercise (from Lecture Notes #21) “Identity” function: x,y := x,y • Given P = if x>=y then x,y := y,x f1 = (x>y  x,y := y,x | true  I) f2 = (x>y x,y := y,x | x<y  I) f3 = (x≠y x,y := y,x) • Fill in the following “correctness table”: P C=Complete S=Sufficient N=Neither f1 f2 f3

3. Exercise (from Lecture Notes #21) “Identity” function: x,y := x,y • Given P = if x>=y then x,y := y,x f1 = (x>y  x,y := y,x | true  I) f2 = (x>y x,y := y,x | x<y  I) f3 = (x≠y x,y := y,x) • Fill in the following “correctness table”: P C=Complete S=Sufficient N=Neither f1 f2 f3

4. Exercise (from Lecture Notes #21) “Identity” function: x,y := x,y • Given P = if x>=y then x,y := y,x f1 = (x>y  x,y := y,x | true  I) f2 = (x>y x,y := y,x | x<y  I) f3 = (x≠y x,y := y,x) • Fill in the following “correctness table”: P C=Complete S=Sufficient N=Neither f1 f2 f3

5. Exercise (from Lecture Notes #21) “Identity” function: x,y := x,y • Given P = if x>=y then x,y := y,x f1 = (x>y  x,y := y,x | true  I) f2 = (x>y x,y := y,x | x<y  I) f3 = (x≠y x,y := y,x) • Fill in the following “correctness table”: P C=Complete S=Sufficient N=Neither f1 f2 f3

6. Exercise (from Lecture Notes #21) “Identity” function: x,y := x,y • Given P = if x>=y then x,y := y,x f1 = (x>y  x,y := y,x | true  I) f2 = (x>y x,y := y,x | x<y  I) f3 = (x≠y x,y := y,x) • Fill in the following “correctness table”: P C=Complete S=Sufficient N=Neither f1 f2 f3

7. Exercise (from Lecture Notes #21) “Identity” function: x,y := x,y • Given P = if x>=y then x,y := y,x f1 = (x>y  x,y := y,x | true  I) f2 = (x>y x,y := y,x | x<y  I) f3 = (x≠y x,y := y,x) • Fill in the following “correctness table”: P C=Complete S=Sufficient N=Neither f1 f2 f3

8. Exercise (from Lecture Notes #21) “Identity” function: x,y := x,y • Given P = if x>=y then x,y := y,x f1 = (x>y  x,y := y,x | true  I) f2 = (x>y x,y := y,x | x<y  I) f3 = (x≠y x,y := y,x) • Fill in the following “correctness table”: P C=Complete S=Sufficient N=Neither f1 f2 f3

9. Exercise (from Lecture Notes #22) • Prove f = [A] where f = (x=17  x,y := 17,20 | true  x,y := x,-x) and A is: if x=17 then y := x+3 else y := -x end_if_else

10. if_then_else Correctness Conditions • Complete correctness conditions for f = [if p then G else H] (where g = [G] and h = [H] have already been shown): Prove: p (f = g) Л ¬p (f = h) • Working correctness questions: • When p is true, does f equal g? • When p is false, does f equal h?

11. Proof that f = [P] f = (x=17  x,y := 17,20 | true  x,y := x,-x) A: if x=17 then y := x+3 else y := -x end_if_else

12. Proof that f = [P] f = (x=17  x,y := 17,20 | true  x,y := x,-x) A: if x=17 then y := x+3 G else y := -x H end_if_else

13. Proof that f = [P] f = (x=17  x,y := 17,20 | true  x,y := x,-x) A: if x=17 then y := x+3 G else y := -x H end_if_else By observation, g = x,y := x,x+3 h = x,y := x,-x

14. Proof that f = [P] (cont’d) • Therefore, by the Axiom of Replacement, it is sufficient to show: f = (x=17  x,y := 17,20 | true  x,y := x,-x) = [if x=17 then (x,y := x,x+3)else(x,y := x,-x)] g h p

15. Proof that f = [P] (cont’d) • Therefore, by the Axiom of Replacement, it is sufficient to show: f = (x=17  x,y := 17,20 | true  x,y := x,-x) = [if x=17 then (x,y := x,x+3)else(x,y := x,-x)] When p is true does f equal g? When p is false does f equal h? g h p

16. Proof that f = [P] (cont’d) • Therefore, by the Axiom of Replacement, it is sufficient to show: f = (x=17  x,y := 17,20 | true  x,y := x,-x) = [if x=17 then (x,y := x,x+3)else(x,y := x,-x)] When p is true does f equal g? (x=17)  (f = (x,y := 17,20)) When p is false does f equal h? g h p

17. Proof that f = [P] (cont’d) • Therefore, by the Axiom of Replacement, it is sufficient to show: f = (x=17  x,y := 17,20 | true  x,y := x,-x) = [if x=17 then (x,y := x,x+3)else(x,y := x,-x)] When p is true does f equal g? (x=17)  (f = (x,y := 17,20)) (x=17)  (g = (x,y := x,x+3) When p is false does f equal h? g h p

18. Proof that f = [P] (cont’d) • Therefore, by the Axiom of Replacement, it is sufficient to show: f = (x=17  x,y := 17,20 | true  x,y := x,-x) = [if x=17 then (x,y := x,x+3)else(x,y := x,-x)] When p is true does f equal g? (x=17)  (f = (x,y := 17,20)) (x=17)  (g = (x,y := x,x+3) = (x,y := 17,20)) When p is false does f equal h? g h p

19. Proof that f = [P] (cont’d) • Therefore, by the Axiom of Replacement, it is sufficient to show: f = (x=17  x,y := 17,20 | true  x,y := x,-x) = [if x=17 then (x,y := x,x+3)else(x,y := x,-x)] When p is true does f equal g? (x=17)  (f = (x,y := 17,20)) (x=17)  (g = (x,y := x,x+3) √ = (x,y := 17,20)) When p is false does f equal h? g h p

20. Proof that f = [P] (cont’d) • Therefore, by the Axiom of Replacement, it is sufficient to show: f = (x=17  x,y := 17,20 | true  x,y := x,-x) = [if x=17 then (x,y := x,x+3)else(x,y := x,-x)] When p is true does f equal g? (x=17)  (f = (x,y := 17,20)) (x=17)  (g = (x,y := x,x+3) √ = (x,y := 17,20)) When p is false does f equal h? (x≠17)  (f = (x,y := x,-x)) g h p

21. Proof that f = [P] (cont’d) • Therefore, by the Axiom of Replacement, it is sufficient to show: f = (x=17  x,y := 17,20 | true  x,y := x,-x) = [if x=17 then (x,y := x,x+3)else(x,y := x,-x)] When p is true does f equal g? (x=17)  (f = (x,y := 17,20)) (x=17)  (g = (x,y := x,x+3) √ = (x,y := 17,20)) When p is false does f equal h? (x≠17)  (f = (x,y := x,-x)) (x≠17)  (h = (x,y := x,-x)) g h p

22. Proof that f = [P] (cont’d) • Therefore, by the Axiom of Replacement, it is sufficient to show: f = (x=17  x,y := 17,20 | true  x,y := x,-x) = [if x=17 then (x,y := x,x+3)else(x,y := x,-x)] When p is true does f equal g? (x=17)  (f = (x,y := 17,20)) (x=17)  (g = (x,y := x,x+3) √ = (x,y := 17,20)) When p is false does f equal h? (x≠17)  (f = (x,y := x,-x)) (x≠17)  (h = (x,y := x,-x)) g h p √

23. Exercise 1 (from Lecture Notes #23) • For program M below, where all variables are integers, hypothesize a function f for [M] and prove f = [M]. while i<n do t := t*x i := i+1 end_while

24. Exercise 1 (from Lecture Notes #23) • For program M below, where all variables are integers, hypothesize a function f for [M] and prove f = [M]. while i<n do t := t*x i := i+1 end_while Hypothesized f:

25. Exercise 1 (from Lecture Notes #23) • For program M below, where all variables are integers, hypothesize a function f for [M] and prove f = [M]. while i<n do t := t*x i := i+1 end_while Hypothesized f: (i<n  i,t :=

26. Exercise 1 (from Lecture Notes #23) • For program M below, where all variables are integers, hypothesize a function f for [M] and prove f = [M]. while i<n do t := t*x i := i+1 end_while Hypothesized f: (i<n  i,t := n,

27. Exercise 1 (from Lecture Notes #23) • For program M below, where all variables are integers, hypothesize a function f for [M] and prove f = [M]. while i<n do t := t*x i := i+1 end_while Hypothesized f: (i<n  i,t := n,txn-i

28. Exercise 1 (from Lecture Notes #23) • For program M below, where all variables are integers, hypothesize a function f for [M] and prove f = [M]. while i<n do t := t*x i := i+1 end_while Hypothesized f: (i<n  i,t := n,txn-i | i≥n 

29. Exercise 1 (from Lecture Notes #23) • For program M below, where all variables are integers, hypothesize a function f for [M] and prove f = [M]. while i<n do t := t*x i := i+1 end_while Hypothesized f: (i<n  i,t := n,txn-i | i≥n  I)

30. Exercise 1 (from Lecture Notes #23) • For program M below, where all variables are integers, hypothesize a function f for [M] and prove f = [M]. while i<n do t := t*x i := i+1 end_while Hypothesized f: (i<n  i,t := n,txn-i | i≥n  I) Alternative f:

31. Exercise 1 (from Lecture Notes #23) • For program M below, where all variables are integers, hypothesize a function f for [M] and prove f = [M]. while i<n do t := t*x i := i+1 end_while Hypothesized f: (i<n  i,t := n,txn-i | i≥n  I) Alternative f: (i≤n  i,t := n,txn-i | i>n  I)

32. Exercise 1 (from Lecture Notes #23) • For program M below, where all variables are integers, hypothesize a function f for [M] and prove f = [M]. while i<n do t := t*x i := i+1 end_while Hypothesized f: (i<n  i,t := n,txn-i | i≥n  I) Alternative f: (i≤n  i,t := n,txn-i | i>n  I) Does it make any difference which we use?

33. while_do Correctness Conditions • Complete correctness conditions for f = [while p do g] (where g = [G] has already been shown): Prove: term(f,M)Л p (f = f o g) Л ¬p(f = I)

34. Proof that f = [M] f = (i<n  i,t := n,txn-i | i≥n  I) M: while i<n do t := t*x i := i+1 end_while

35. Proof that f = [M] f = (i<n  i,t := n,txn-i | i≥n  I) M: while i<n do t := t*x i := i+1 end_while p G

36. Proof that f = [M] f = (i<n  i,t := n,txn-i | i≥n  I) M: while i<n do t := t*x i := i+1 end_while By observation, g = [G] = (i,t := i+1,tx) p G

37. Proof that f = [M] f = (i<n  i,t := n,txn-i | i≥n  I) M: while i<n do t := t*x i := i+1 end_while By observation, g = [G] = (i,t := i+1,tx) • Is loop termination guaranteed for any argument in D(f)? p G

38. Proof that f = [M] f = (i<n  i,t := n,txn-i | i≥n  I) M: while i<n do t := t*x i := i+1 end_while By observation, g = [G] = (i,t := i+1,tx) • Is loop termination guaranteed for any argument in D(f)? YES. (Show this using the Method of Well-Founded Sets.) p G

39. Proof that f = [M] (cont’d) • Does (i≥n)  ( f = I )?

40. Proof that f = [M] (cont’d) • Does (i≥n)  ( f = I )? ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

41. Proof that f = [M] (cont’d) • Does (i≥n)  ( f = I )? √ ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

42. Proof that f = [M] (cont’d) • Does (i≥n)  ( f = I )? √ • Does (i<n)  ( f = f o g )? ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

43. Proof that f = [M] (cont’d) • Does (i≥n)  ( f = I )? √ • Does (i<n)  ( f = f o g )? (i<n)  ( f = i,t := n,txn-i) ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

44. Proof that f = [M] (cont’d) • Does (i≥n)  ( f = I )? √ • Does (i<n)  ( f = f o g )? (i<n)  ( f = i,t := n,txn-i) (i<n)  ( f o g = f o (i,t := i+1,tx)) ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

45. Proof that f = [M] (cont’d) • Does (i≥n)  ( f = I )? √ • Does (i<n)  ( f = f o g )? (i<n)  ( f = i,t := n,txn-i) (i<n)  ( f o g = f o (i,t := i+1,tx)) What is f when appliedafter g changes the initial value ofi? ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

46. Proof that f = [M] (cont’d) • Does (i≥n)  ( f = I )? √ • Does (i<n)  ( f = f o g )? (i<n)  ( f = i,t := n,txn-i) (i<n)  ( f o g = f o (i,t := i+1,tx)) What is f when appliedafter g changes the initial value ofi? There are two cases to consider: i=n-1 & i<n-1 ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

47. Proof that f = [M] (cont’d) • Does (i<n)  ( f = f o g )? case a: (i=n-1)  ( f = i,t := n,txn-i ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

48. Proof that f = [M] (cont’d) • Does (i<n)  ( f = f o g )? case a: (i=n-1)  ( f = i,t := n,txn-i ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

49. Proof that f = [M] (cont’d) • Does (i<n)  ( f = f o g )? case a: (i=n-1)  ( f = i,t := n,txn-(n-1) ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

50. Proof that f = [M] (cont’d) • Does (i<n)  ( f = f o g )? case a: (i=n-1)  ( f = i,t := n,txn-(n-1) = i,t := n,tx) ( Recall: f = (i<n  i,t := n,txn-i | i≥n  I))

More Related