1 / 19

Software Verification 1 Deductive Verification

Software Verification 1 Deductive Verification. Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik. Propositional Logic. A formal specification method consists of three parts

doane
Télécharger la présentation

Software Verification 1 Deductive Verification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Software Verification 1Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik

  2. Propositional Logic • A formal specification method consists of three parts • syntax, i.e., what are well-formed specifications • semantics, i.e., what is the meaning of a specification • calculus, i.e., what are transformations or deductions of a specification • Propositional logic: probably the first and most widely used specification method • dates back to Aristotle, Chrysippus, Boole, Frege, … • base of most modern logics • fundamental for computer science

  3. Syntax of Propositional Logic • Let Ρbe a finite set {p1,…,pn} of propositions and assume that ,  and (, ) are not inΡ • Syntax PL ::= Ρ |  | (PL  PL) • every p is a wff •  is a wff („falsum“) • if  and  are wffs, then () is a wff • nothing else is a wff

  4. Remarks • Ρ may be empty • still a meaningful logic! • Minimalistic approach • infix-operator  necessitates parentheses • other connectives can be defined as usual ¬ ≙ (  ) (linear blowup!) Τ≙ ¬ () ≙(¬) () ≙¬(¬¬) ≙¬(¬) () ≙(()()) (exponential blowup!) • operator precedence as usual • literal = a proposition or a negated proposition

  5. Exercise • Abbreviations ¬ ≙ (  ) also ~ Τ≙ ¬ () ≙(¬) also (+), (|), (v) () ≙¬(¬¬) ≙¬(¬) also (*), (&), (^) () ≙(()()) also ( <-> ), (<=>) • Write ((pq)  ¬p) unabbreviated

  6. Choice of the Signature • Te set Ρ={p1,…,pn} of propositions is also called the signature of the logic • The choice of Ρ often is the decisive abstraction step for modelling a system • it determines which aspects are “accessible” to the specification • Wittgenstein: “die Welt ist alles was der Fall ist”; the world consists of all true propositions • e.g., sun-is-shining, pot-on-stove, line-busy, button_pressed, window5infocus, motor-on, … • names should be chosen with consideration

  7. Semantics of Propositional Logic • Propositional Model • Truth value universe U: {true, false} • Interpretation I: assignment Ρ↦ U • Model M: (U,I) • Validation relation ⊨ between model M and formula  • M ⊨ p if I(p)=true • M ⊭  • M ⊨ () if M ⊨  implies M ⊨  • M validates or satisfiesiff M ⊨  •  is valid (⊨) iff every model M validates  •  is satisfiable (SAT()) iff some model M satisfies 

  8. Propositional Calculus • Various calculi have been proposed • boolean satisfiability (SAT) algorithms • tableau systems, natural deduction, • enumeration of valid formulæ • Hilbert-style axiom system ⊢ (()) (weakening) ⊢ ((()) (()())) (distribution) ⊢ (¬¬) (excluded middle) , () ⊢  (modus ponens) • Derivability • All substitution instances of axioms are derivable • If all antecedents of a rule are derivable, so is the consequent

  9. An Example Derivation Show ⊢ (pp) • ⊢(p((pp)p))((p(pp))(pp)) (dis) • ⊢(p((pp)p)) (wea) • ⊢((p(pp))(pp)) (1,2,mp) • ⊢(p(pp)) (wea) • ⊢(pp) (3,4,mp)

  10. Correctness and Completeness • Correctness: ⊢  ⊨ Only valid formulæ can be derived • Induction on the length of the derivation • Show that all axiom instances are valid, and thatthe consequent of (mp) is valid if both antecedents are • Completeness: ⊨  ⊢ All valid formulæ can be derived • Show that consistent formulæ are satisfiable~⊢¬  ~⊨¬

  11. Consistency and Satisfiability • A finite set Φ of formulæ is consistent, if ~⊢¬ΛΦ • Extension lemma: If Φ is a finite consistent set of formulæ and  is any formula, then Φ{} or Φ{¬} is consistent • Assume ⊢¬(Φ) and ⊢¬(Φ¬). Then ⊢(Φ¬) and ⊢(Φ¬¬). Therefore ⊢¬Φ, a contradiction. • Let SF() be the set of all subformulæ of  • For any consistent , let # be a maximal consistent extension of  (i.e., # and for every SF(), either #or ¬#. (Existence guaranteed by extension lemma)

  12. Canonical models • For a maximal consistent set #, the canonical modelCM(#) is defined by I(p)=true iff p#. • Truth lemma: For any SF(), I()=true iff # • Case =p: by construction • Case =: Φ{} cannot be consistent • Case =(12): by induction hypothesis and derivation • Therefore, if  is consistent, then for any maximal consistent set #, CM(#)⊨ • any consistent formula is satisfiable • any unsatisfiable formula is inconsistent • any valid formula is derivable

  13. Example: Combinational Circuits Pictures taken from: http://www.scs.ryerson.ca/~aabhari/cps213Chapter4.ppt • Multiplexer • S selects whether I0 or I1 is output to Y • Y = if S then I1else I0end • (Y((SI1)(¬SI0)))

  14. Boolean Specifications • Evaluator (output is 1 if input matches a certain binary value) • Encoder (output i is set if binary number i is on input lines) • Majority function (output is 1 if half or more of the inputs are 1) • Comparator (output is 1 if input0 > input1) • Half-Adder, Full-Adder, …

  15. Software Example • Code generator optimization • if (p and q) then if (r) then x else y else if (q or r) then y else if (p and not r) then x else y • Loop optimization

  16. Puzzle Example: Ivor Spence’s Sudoku http://www.cs.qub.ac.uk/~i.spence/SuDoku/SuDoku.html

  17. How Does He Do It? • Propositional modelling • 9 propositions per cell: proposition “ijk” indicates that row i, column j contains value k • individual cell clauses • each cell contains exactly one value • (ij1 v ij2 v … v ij9) ^ ~(ij1 ^ ij2) ^ … ^ ~(ij8 ^ ij9) • row and column clauses • each row i contains each number, exactly once • (i11 v … v i91) ^ (i12 v … v i92) ^ … (i19 v … v i99) • j1 j2, k=1..9: ~(ij1k ^ ij2k) • same for columns • block clauses – similar • pre-filled cells – easy • SAT solving • 729 propositions, ca. 3200 clauses  few seconds

  18. Verification of Boolean Functions • Latch-Up: can a certain line go up? • does (¬L0) hold? • is (L0) satisfiable? • Given , ; does () hold? • usually reduced to SAT: is ((¬)(¬)) satisfiable? • efficient SAT-solver exist (annual competition) • partitioning techniques • any output depends only on some inputs • find which ones • generate test patterns (BIST: built-in-self-test)

  19. Optimizing Boolean Functions • Given ; find  such that () holds and  is „optimal“ • much harder question • optimal wrt. speed / size / power /… • translation to normal form (e.g., OBDD)

More Related