Software Verification 1 Deductive Verification - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Software Verification 1 Deductive Verification

Description:

Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut f r Informatik der Humboldt Universit t und Fraunhofer Institut f r offene ... – PowerPoint PPT presentation

Number of Views:72
Avg rating:3.0/5.0
Slides: 17
Provided by: Holge56
Category:

less

Transcript and Presenter's Notes

Title: Software Verification 1 Deductive Verification


1
Software Verification 1Deductive Verification
  • Prof. Dr. Holger Schlingloff
  • Institut für Informatik der Humboldt Universität
  • und
  • Fraunhofer Institut für offene Kommunikationssyste
    me FOKUS

2
Contracted questions ...
  • What is a function contract?
  • Why is it necessary for verification?
  • Which parameter passing mechanisms do you know?
  • Can you explain the Church-Rosser property?
  • What is the semantics of a recursive function?
  • denotational?
  • operational?
  • axiomatic?

3
Parallelism
  • increasing importance (multicore processors)
  • in C, parallelism by multithreading
  • unfortunately not standardized
  • POSIX pthread_create (name, function, args)
  • pthread_join, pthread_exit, ...
  • key issue synchronization
  • hard to understand, error-prone

4
Multithreading in Java
  • class TicTac implements Runnable
  • static int summe 0
  • Thread faden
  • private int wer
  • public TicTac(int w)
  • faden new Thread(this)
  • werw
  • public void run()
  • for(int i1 ilt100 i)
  • if(wer1) summe summe 1
  • else summe summe - 1

public static void main(String args)
TicTac tic new TicTac(1) TicTac tac new
TicTac(2) tic.faden.start()
tac.faden.start() try tic.faden.join()
tac.faden.join() catch (Exception
e) System.out.println("Summe" summe)

Ergebnis ???
5
Concept Language
  • we add the following new constructs to the
    language of while-programs
  • ?1 ?2 or, more generally, ?1 ...
    ?n
  • await (b) ?
  • semantics
  • parallel (interleaved) execution of the ?i
  • blocking wait until condition is satisfied
    program fragment within await is
    noninterruptable
  • for simplicity, assignments are atomic actions
  • semaphore-concept (Dijkstra), monitor-concept
    (Hoare)
  • test-and-set-operation in processor hardware

6
Examples
  • int n0 for (int i 0 ilt100 i)
    n for (int i 0 ilt100 i) n--
  • int n0 int l, r for (int i 0 ilt100 i)
    ln l nl for (int i 0 ilt100 i)
    rn r-- nr
  • int n0 for (int i 0 ilt100 i) await
    (true) ln l nl for (int i 0 ilt100
    i) await (true) rn r-- nr

7
More Examples
  • a0 aa a-5 a2a3 a1-a
  • a0 a a--
  • a0 a a0 a--
  • a0 await (agt0) a await (alt0) a--
  • a0 await (agt0) a await (alt0) a--

8
A realistic example
  • an b0 c1
  • while (a!n-k) cca a--
  • while (b!k) b await (abltn) cc/b
  • program calculates binomial coefficient

9
Interleaving Semantics
  • A state of the program consists of
  • an assignment of values to variables
  • a set of program counters (depending on the
    number of parallel components), and
  • SOS-rules for parallel programs
  • if (U,I,V) ? b and (?, V)? (skip,V), then
    (await (b) ?, V)? (skip,V)
  • if (?1, V)? (?1,V), then (?1 ? 2, V)?
    (?1 ?2,V)if (?2, V)? (?2,V), then (?1
    ? 2, V)? (?1 ?2,V)(skip skip,
    V)? (skip,V)
  • In general, several possible executions! (tree of
    possibilities)

10
A realistic example
  • an b0 c1
  • ?
  • ?1 while (a!n-k)
  • ?2 cca
  • ?3 a--
  • ?4
  • ?1 while (b!k)
  • ?2 b
  • ?3 await (abltn)
  • ?4 cc/b
  • ?5

11
Deadlocks
  • a0 b0await (a!0) await (b!0)
  • a0 b0await (a1) b1 await (b1) a1
  • prtT dskTawait (prt) prtF await(dsk)
    dskF foo prtT dskT await (dsk) dskF
    await(prt) prtF bar prtT dskT

12
Invariants for Parallel Programs
  • Assume ? is a formula such that ? ? ?for
    every subprogram ? of ?1 ?2 .Then ?
    ?1 ?2 ?
  • Example a0 ? a ? a-- ? ?
  • Invariant a0?-? (or, more explicit
    (????a0 ? ????a0 ? ????a1 ? ????a-1)
    )
  • int n0 for (int i 0 ilt100 i) n
    for (int j 0 jlt100 j) n--
  • Invariant ni-j

13
Problem with Invariant Method
  • Non-compositionality In order to show ? ?1
    ?2 ?it is not sufficient to show ?
    ?1? and ??2 ?
  • Sequential composition rule (seq)if ? ? ?1
    ? and ? ? ?2 ?, then ??1 ?2?
  • ? if ? ?1 ?1 ?1 and ? ?2 ?2 ?2, then ?1
    ? ?2?1 ?2?1 ? ?2

14
Hoare-Rule for Parallel Programs
  • Susan Owicki, 1975 If ? ?1 ?1 ?1 and ? ?2
    ?2 ?2, then ? ?1??2 ?1 ?2 ?1??2,if
    the proofs of ?1 ?1 ?1 and ?2 ?2 ?2 are
    interference free
  • Two proofs are interference-free, if for any two
    Hoare triples ?a ?a ?a in ?1 ?1 ?1
    and?b ?b ?b in ?2 ?2 ?2 it holds
    that?a??b ?a ?b
  • Example x0 ? x2 x x1 ? x3interferes
    with x0 x2 x2but not with x0 ? x1
    x2 x2 ? x3

15
Hoare-Owicki-Proof
  • x0 ? x-1 x x1 ? x0x0 ? x1
    x-- x-1 ? x0
  • Interference freedom
  • x0 ? x-1 ? x0 ? x1 x x0 ? x1
  • x0 ? x1 ? x0 ? x-1 x-- x0 ? x-1
  • Therefore, x0 ? x-1 ? x0 ? x1
    xx-- x1 ? x0 ? x-1 ? x0x0
    xx-- x0
  • Proof does not work for x0 hx h xh
    hx h-- xh x0

16
Proof (scetch) of example program
  • an b0 c1 // calculate n over k
  • while (a!n-k) cca a--
  • while (b!k) b await (abltn) cc/b
  • Idea at the await it holds thatc(n(n-1)...(n
    -j1)/12...(i-1)an-j, bi
  • If abltn, then iltj. In this case, c is
    divisible by j
  • n is divisible by 1
  • n(n-1) is divisible by 2
  • n(n-1)(n-2) is divisible by 2 and 3
  • n(n-1)(n-2)(n-3) is divisible by 1234
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Software Verification 1 Deductive Verification" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!