# Java+ITP: A Verification Tool Based on Hoare Logic and Algebraic Semantics

Save this PDF as:

Size: px
Start display at page:

Download "Java+ITP: A Verification Tool Based on Hoare Logic and Algebraic Semantics"

## Transcription

1 : A Verification Tool Based on Hoare Logic and Algebraic Semantics Department of Computer Science University of Illinois at Urbana-Champaign 6th International Workshop on Rewriting Logic and its Applications, 2006

2 Outline 1 Long-Term Goals General Idea Previous Work 2

3 Long-Term Goals Long-Term Goals General Idea Previous Work Investigate modularity and extensibility of programming languages Hoare logics Source-code level reasoning. Generic and modular program logics wanted. Develop theorem proving technology on top of the logics. This case study is a first step in this direction.

4 Problem Considered Long-Term Goals General Idea Previous Work Sequential Java subset: arithmetic expressions, assignments, sequential composition, loops Hoare logic for this programming language with side-effects, mathematically justified. Standard Hoare rules break down! Mechanization available, supporting: Compositional reasoning to decompose Hoare triples Generation of first-order verification conditions Discharging verification conditions with Maude s inductive theorem prover (ITP)

5 ASIP+ITP Long-Term Goals General Idea Previous Work We have benefitted from previous experience at UCM on ASIP+ITP, a tool that works on Hoare logics for a simple toy language. However, in ASIP+ITP: no side-effects in conditions no variable declarations and shadowing simple state infrastructure: direct mapping of variables to values no compositional decomposition of Hoare triples supported

6 Java Semantics Algebraic semantics (only equations used) Continuation passing style approach Extracted from a larger rewriting logic semantics for Java (JavaFAN)

7 Hoare Triples Consist of: pre condition A post condition B program p Written: {A} p {B} Implicit state S used, made explicit when necessary. Meaning: A(S) B(S/(S p))

8 Our Hoare Rules Standard sequential composition rule: {A} p {B} {B} q {C} {A} p q {C} Standard conditional rule, breaks down here: {A t} p {B} {A t} q {B} {A} if t p else q {B} Correct conditional rule, for side-effects in condition: {A t} t p {B} {A t} t q {B} {A} if t p else q {B}

9 Our Hoare Rules Standard sequential composition rule: {A} p {B} {B} q {C} {A} p q {C} Standard conditional rule, breaks down here: {A t} p {B} {A t} q {B} {A} if t p else q {B} Correct conditional rule, for side-effects in condition: {A t} t p {B} {A t} t q {B} {A} if t p else q {B}

10 Our Hoare Rules Standard sequential composition rule: {A} p {B} {B} q {C} {A} p q {C} Standard conditional rule, breaks down here: {A t} p {B} {A t} q {B} {A} if t p else q {B} Correct conditional rule, for side-effects in condition: {A t} t p {B} {A t} t q {B} {A} if t p else q {B}

11 Our Hoare Rules Standard while loop rule, breaks down here: {A t} p {A} {A} while t p {A t} Correct while loop rule, for side-effects in condition: {A t} t p {A} {A t} t {A t} {A} while t p {A t}

12 Our Hoare Rules Standard while loop rule, breaks down here: {A t} p {A} {A} while t p {A t} Correct while loop rule, for side-effects in condition: {A t} t p {A} {A t} t {A t} {A} while t p {A t}

13 tool: javax-inv The javax-inv command applies multiple rules and creates first-order proof obligations. Target Hoare triple is {P} init loop {Q}. {P} init {I} I I {I} loop {I t} (I t) Q {I} loop {Q} {P} init loop {Q} loop = while t p: {I t} t p {I} {I t} t {I t} {I} while t p {I t}

14 tool: javax-inv The javax-inv command applies multiple rules and creates first-order proof obligations. Target Hoare triple is {P} init loop {Q}. {P} init {I} I I {I} loop {I t} (I t) Q {I} loop {Q} {P} init loop {Q} loop = while t p: {I t} t p {I} {I t} t {I t} {I} while t p {I t}

15 tool: Compositionality Hoare triples can be added as proof goals without translating them to first-order goals right away. supports decomposition of such Hoare triples. Simpler Hoare triples can be translated to first-order goals on user command.

16 Example Program Binomial coefficient program for ( n k), with inputs N and K. int N ; int Nfac ; int K ; int Kfac ; int N-Kfac ; int BC ; int I ; I = #i(0) ; Nfac = #i(1) ; while ( I < N) { I = I + #i(1) ; Nfac = Nfac * I ; } I = #i(0) ; Kfac = #i(1) ; while ( I < K) { I = I + #i(1) ; Kfac = Kfac * I ; } I = #i(0) ; N-Kfac = #i(1) ; while ( I < ( N - K)) { I = I + #i(1) ; N-Kfac = N-Kfac * I ; } BC = Nfac / ( Kfac * N-Kfac) ;

17 Verification Property Property to be verified, with S the state and N and K the inputs: {S[ N] = N S[ K] = K 0 <= N 0 <= K 0 <= N - K} binomial-coefficient-program {S[ Nfac] = N! S[ Kfac] = K! S[ N-Kfac] = (N - K)! S[ BC] = bc(n, K)}

18 Example Roadmap Load all necessary parts into Maude: our modified ITP our Java semantics the module defining the binomial coefficient code Enter the property we want to show, as seen above. Decompose the proof obligation. Transform proof obligations to first-order proof obligations, done for one proof obligation here. Use ITP to discharge the first-order proof obligations.

19 Enter Proof Obligation select ITP-TOOL. loop init-itp. (add-hoare-triple CHOOSE-JAVAX : --- specification variables (N:Int ; K:Int) --- precondition ((int-val(s:wrappedstate[ N])) = (N:Int) & (int-val(s:wrappedstate[ K])) = (K:Int) & (0 <= N:Int) = (true) & (0 <= K:Int) = (true) & (0 <= N:Int - K:Int) = (true)) --- program choose

20 Enter Proof Obligation (II) --- postcondition ((int-val(s:wrappedstate[ Nfac])) = ((N:Int)!) & (int-val(s:wrappedstate[ Kfac])) = ((K:Int)!) & (int-val(s:wrappedstate[ N-Kfac])) = ((N:Int - K:Int)!) & (int-val(s:wrappedstate[ BC])) = (choose(n:int, K:Int))) --- initialization code choose-init.)

21 Decompose Proof Obligation (decomp: ---- name of the HT ---- prefix code facn ---- midcondition ((int-val(s:wrappedstate[ N])) = (N:Int) & (int-val(s:wrappedstate[ K])) = (K:Int) & (0 <= N:Int) = (true) & (0 <= K:Int) = (true) & (0 <= N:Int - K:Int) = (true) & (int-val(s:wrappedstate[ Nfac])) = ((N:Int)!)) ---- rest of code choose/facn.)

22 First Decomposed Proof Obligation ================================= hoare-label: ================================= { (int-val(s:wrappedstate[ N])= N:Int) &(int-val(s:wrappedstate[ K])= K:Int)) &(0 <= N:Int - K:Int = true)) &(0 <= N:Int = true)) &(0 <= K:Int = true)} facn { (int-val(s:wrappedstate[ Nfac])= N:Int!) &(int-val(s:wrappedstate[ N])= N:Int) &(int-val(s:wrappedstate[ K])= K:Int) &(0 <= N:Int - K:Int = true) &(0 <= N:Int = true) &(0 <= K:Int = true)}

23 Create First-Order Proof Obligation for (create-fo-goal-hoare-inv: ---- name of the HT --- invariant ((int-val(s:wrappedstate[ Nfac])) = ((int-val(s:wrappedstate[ I]))!) & (0 <= int-val(s:wrappedstate[ I]))= (true) & (int-val(s:wrappedstate[ I]) <= int-val(s:wrappedstate[ N]))= (true) & (int-val(s:wrappedstate[ N]))= (N:Int) & (int-val(s:wrappedstate[ K]))= (K:Int) & (0 <= N:Int) = (true) & (0 <= K:Int) = (true) & (0 <= N:Int - K:Int) = (true) ).)

24 Proof of concept for Hoare logics for a non-trivial language. Compositionality on the source-code level. Useful in teaching about algebraic semantics and Hoare logics. Outlook Extend this to a larger Java fragment. Generalize it, independent of the actual language, each rule only dependent on a single language feature.

### Rigorous Software Development CSCI-GA 3033-009

Rigorous Software Development CSCI-GA 3033-009 Instructor: Thomas Wies Spring 2013 Lecture 11 Semantics of Programming Languages Denotational Semantics Meaning of a program is defined as the mathematical

### Program Correctness I

22c:111 Programming Language Concepts Fall 2008 Program Correctness I Copyright 2007-08, The McGraw-Hill Company and Cesare Tinelli. These notes were originally developed by Allen Tucker, Robert Noonan

### Frama-C Training Session Introduction to ACSL and its GUI

Frama-C Training Session Introduction to ACSL and its GUI Virgile Prevosto CEA List October 21 st, 2010 outline Presentation ACSL Specifications Function contracts First-order logic Loops Assertions Deductive

### Rigorous. Development. Software. Program Verification. & Springer. An Introduction to. Jorge Sousa Pinto. Jose Bacelar Almeida Maria Joao Frade

Jose Bacelar Almeida Maria Joao Frade Jorge Sousa Pinto Simao Melo de Sousa Rigorous Software Development An Introduction to Program Verification & Springer Contents 1 Introduction 1 1.1 A Formal Approach

### COMPUTER SCIENCE 123. Foundations of Computer Science. 20. Mathematical induction

COMPUTER SCIENCE 123 Foundations of Computer Science 20. Mathematical induction Summary: This lecture introduces mathematical induction as a technique for proving the equivalence of two functions, or for

### Verification of Imperative Programs in Theorema

Verification of Imperative Programs in Theorema Laura Ildikó Kovács, Nikolaj Popov, Tudor Jebelean 1 Research Institute for Symbolic Computation, Johannes Kepler University, A-4040 Linz, Austria Institute

### Induction and Recursion

Induction and Recursion Winter 2010 Mathematical Induction Mathematical Induction Principle (of Mathematical Induction) Suppose you want to prove that a statement about an integer n is true for every positive

### Rigorous Software Engineering Hoare Logic and Design by Contracts

Rigorous Software Engineering Hoare Logic and Design by Contracts Simão Melo de Sousa RELEASE (UBI), LIACC (Porto) Computer Science Department University of Beira Interior, Portugal 2010-2011 S. Melo de

### Proofs of Program Correctness

Proofs of Program Correctness CS160 Spring 2012 Proofs about Programs Why make you study logic? Why make you do proofs? Because we want to prove properties of programs In particular, we want to prove properties

### Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science. Unit of Study / Textbook Correlation

Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science updated 03/08/2012 Unit 1: JKarel 8 weeks http://www.fcps.edu/is/pos/documents/hs/compsci.htm

### Interactive Software Verification

Interactive Software Verification Spring Term 2013 Holger Gast gasth@in.tum.de 25.6.2013 1 H.Gast gasth@in.tum.de Interactive Software Verification, 25.6.2013 Today Manipulating lists on the heap Ghost

### Extended Static Checking for Java

Lukas TU München - Seminar Verification 14. Juli 2011 Outline 1 Motivation 2 ESC/Java example 3 ESC/JAVA architecture VC generator Simplify 4 JML + ESC/Java annotation language JML What ESC/Java checks

### Formal Verification of Software

Formal Verification of Software Sabine Broda Department of Computer Science/FCUP 12 de Novembro de 2014 Sabine Broda (DCC-FCUP) Formal Verification of Software 12 de Novembro de 2014 1 / 26 Formal Verification

### Automated Program Behavior Analysis

Automated Program Behavior Analysis Stacy Prowell sprowell@cs.utk.edu March 2005 SQRL / SEI Motivation: Semantics Development: Most engineering designs are subjected to extensive analysis; software is

### Chapter 6 Finite sets and infinite sets. Copyright 2013, 2005, 2001 Pearson Education, Inc. Section 3.1, Slide 1

Chapter 6 Finite sets and infinite sets Copyright 013, 005, 001 Pearson Education, Inc. Section 3.1, Slide 1 Section 6. PROPERTIES OF THE NATURE NUMBERS 013 Pearson Education, Inc.1 Slide Recall that denotes

### Calculus and the centroid of a triangle

Calculus and the centroid of a triangle The goal of this document is to verify the following physical assertion, which is presented immediately after the proof of Theorem I I I.4.1: If X is the solid triangular

### Boogie: A Modular Reusable Verifier for Object-Oriented Programs

Boogie: A Modular Reusable Verifier for Object-Oriented Programs M. Barnett, B.E. Chang, R. DeLine, B. Jacobs, K.R.M. Leino Lorenzo Baesso ETH Zurich Motivation Abstract Domains Modular Architecture Automatic

### Runtime Verification of Computer Programs and its Application in Programming Education

Runtime Verification of Computer Programs its Application in Programming Education Magdalina V. Todorova, Petar R. Armyanov Abstract The paper presents a technique for runtime program verification its

### Verifying Semantic of System Composition for an Aspect-Oriented Approach

2012 International Conference on System Engineering and Modeling (ICSEM 2012) IPCSIT vol. 34 (2012) (2012) IACSIT Press, Singapore Verifying Semantic of System Composition for an Aspect-Oriented Approach

### Verifying Specifications with Proof Scores in CafeOBJ

Verifying Specifications with Proof Scores in CafeOBJ FUTATSUGI, Kokichi 二 木 厚 吉 Chair of Language Design Graduate School of Information Science Japan Advanced Institute of Science and Technology (JAIST)

### HOL-Boogie An Interactive Prover for the Boogie Program-Verifier

HOL-Boogie An Interactive Prover for the Boogie Program-Verifier Sascha Böhme 1, K. Rustan M. Leino 2 and Burkhart Wolff 3 1 Technische Universität München, 2 Microsoft Research, 3 Université Paris-Sud

### Correctness proofs. James Aspnes. January 9, 2003

Correctness proofs James Aspnes January 9, 2003 A correctness proof is a formal mathematical argument that an algorithm meets its specification, which means that it always produces the correct output for

### CHAPTER 1 ENGINEERING PROBLEM SOLVING. Copyright 2013 Pearson Education, Inc.

CHAPTER 1 ENGINEERING PROBLEM SOLVING Computing Systems: Hardware and Software The processor : controls all the parts such as memory devices and inputs/outputs. The Arithmetic Logic Unit (ALU) : performs

### Introducing Formal Methods. Software Engineering and Formal Methods

Introducing Formal Methods Formal Methods for Software Specification and Analysis: An Overview 1 Software Engineering and Formal Methods Every Software engineering methodology is based on a recommended

### StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java

StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java Jesús Mauricio Chimento 1, Wolfgang Ahrendt 1, Gordon J. Pace 2, and Gerardo Schneider 3 1 Chalmers University of Technology, Sweden.

### Specification and Analysis of Contracts Lecture 1 Introduction

Specification and Analysis of Contracts Lecture 1 Introduction Gerardo Schneider gerardo@ifi.uio.no http://folk.uio.no/gerardo/ Department of Informatics, University of Oslo SEFM School, Oct. 27 - Nov.

### Formal Methods for Software Development

Formal Methods for Software Development Till Mossakowski, Lutz Schröder 03./08.11.2004 2 Monadic QuickCheck extension of QuickCheck for monadic (= imperative) programs specifications are equations between

### Unified Static and Runtime Verification of Object-Oriented Software

Unified Static and Runtime Verification of Object-Oriented Software Wolfgang Ahrendt 1, Mauricio Chimento 1, Gerardo Schneider 2, Gordon J. Pace 3 1 Chalmers University of Technology, Gothenburg, Sweden

### Automated Theorem Proving - summary of lecture 1

Automated Theorem Proving - summary of lecture 1 1 Introduction Automated Theorem Proving (ATP) deals with the development of computer programs that show that some statement is a logical consequence of

### Induction. Mathematical Induction. Induction. Induction. Induction. Induction. 29 Sept 2015

Mathematical If we have a propositional function P(n), and we want to prove that P(n) is true for any natural number n, we do the following: Show that P(0) is true. (basis step) We could also start at

### Lecture 5: Specifying Java Programs

Lecture 5: Specifying Java Programs This lecture aims to:! Introduce the basic ingredients of a program specification.! Show how to map Object-Z specifications into program specifications! Define reasoning

### Software Quality Assurance Overview

Software Quality Assurance Overview Content Situation Analysis Consequences Classification of Test Methods Test Methods 2 Construction Methods large OO funct. decomp. Semi-formal Automaton based small

### Language-oriented Software Development and Rewriting Logic

Language-oriented Software Development and Rewriting Logic Christiano Braga cbraga@ic.uff.br http://www.ic.uff.br/ cbraga Universidade Federal Fluminense (UFF) Language-oriented Software Development and

### What's Wrong With Formal Programming Methods? Eric C.R. Hehner

What's Wrong With Formal Programming Methods? Eric C.R. Hehner Department of Computer Science, University of Toronto, Toronto M5S 1A4 Canada The January 1991 issue of Computing Research News includes the

### A Framework for the Semantics of Behavioral Contracts

A Framework for the Semantics of Behavioral Contracts Ashley McNeile Metamaxim Ltd, 48 Brunswick Gardens, London W8 4AN, UK ashley.mcneile@metamaxim.com Abstract. Contracts have proved a powerful concept

### 4. Factor polynomials over complex numbers, describe geometrically, and apply to real-world situations. 5. Determine and apply relationships among syn

I The Real and Complex Number Systems 1. Identify subsets of complex numbers, and compare their structural characteristics. 2. Compare and contrast the properties of real numbers with the properties of

### Safe Object-Oriented Software: The Verified Design-By-Contract Paradigm

Safe Object-Oriented Software: The Verified Design-By-Contract Paradigm David Crocker Escher Technologies Ltd. Aldershot, United Kingdom dcrocker@eschertech.com Abstract. In recent years, large sectors

### arxiv:math/ v1 [math.nt] 31 Mar 2002

arxiv:math/0204006v1 [math.nt] 31 Mar 2002 Additive number theory and the ring of quantum integers Melvyn B. Nathanson Department of Mathematics Lehman College (CUNY) Bronx, New York 10468 Email: nathansn@alpha.lehman.cuny.edu

### Properties of Real Numbers

16 Chapter P Prerequisites P.2 Properties of Real Numbers What you should learn: Identify and use the basic properties of real numbers Develop and use additional properties of real numbers Why you should

### Computer Programming I & II*

Computer Programming I & II* Career Cluster Information Technology Course Code 10152 Prerequisite(s) Computer Applications, Introduction to Information Technology Careers (recommended), Computer Hardware

### Charles University in Prague Faculty of Mathematics and Physics MASTER THESIS. Automated Theorem Proving and Program Verification

Charles University in Prague Faculty of Mathematics and Physics MASTER THESIS Mikoláš Janota Automated Theorem Proving and Program Verification Department of Theoretical Computer Science and Mathematical

### MAP-I Programa Doutoral em Informática. Rigorous Software Development

MAP-I Programa Doutoral em Informática Rigorous Software Development Unidade Curricular em Teoria e Fundamentos Theory and Foundations (UCTF) DI-UM, DCC-FCUP May, 2012 Abstract This text presents a UCTF

### MATHEMATICAL INDUCTION AND DIFFERENCE EQUATIONS

1 CHAPTER 6. MATHEMATICAL INDUCTION AND DIFFERENCE EQUATIONS 1 INSTITIÚID TEICNEOLAÍOCHTA CHEATHARLACH INSTITUTE OF TECHNOLOGY CARLOW MATHEMATICAL INDUCTION AND DIFFERENCE EQUATIONS 1 Introduction Recurrence

### 8.7 Mathematical Induction

8.7. MATHEMATICAL INDUCTION 8-135 8.7 Mathematical Induction Objective Prove a statement by mathematical induction Many mathematical facts are established by first observing a pattern, then making a conjecture

### Applications of formal verification for secure Cloud environments at CEA LIST

Applications of formal verification for secure Cloud environments at CEA LIST Nikolai Kosmatov joint work with A.Blanchard, F.Bobot, M.Lemerre,... SEC2, Lille, June 30 th, 2015 N. Kosmatov (CEA LIST) Formal

### A Theorem Proving Approach to Analysis of Secure Information Flow

A Theorem Proving Approach to Analysis of Secure Information Flow Ádám Darvas, Reiner Hähnle, and David Sands Chalmers University of Technology & Göteborg University Department of Computing Science S-41296

### Introduction to Abstraction and Specification. EE 564 Lecture 2

Introduction to Abstraction and Specification EE 564 Lecture 2 Today: Abstraction & specification Two abstraction mechanisms - abstraction by parameterization - abstraction by specification Four kinds

### CHAPTER 5: MODULAR ARITHMETIC

CHAPTER 5: MODULAR ARITHMETIC LECTURE NOTES FOR MATH 378 (CSUSM, SPRING 2009). WAYNE AITKEN 1. Introduction In this chapter we will consider congruence modulo m, and explore the associated arithmetic called

### Constructing Contracts: Making Discrete Mathematics Relevant to Beginning Programmers

Constructing Contracts: Making Discrete Mathematics Relevant to Beginning Programmers TIMOTHY S. GEGG-HARRISON Winona State University Although computer scientists understand the importance of discrete

### Mathematical Induction. Rosen Chapter 4.1 (6 th edition) Rosen Ch. 5.1 (7 th edition)

Mathematical Induction Rosen Chapter 4.1 (6 th edition) Rosen Ch. 5.1 (7 th edition) Mathmatical Induction Mathmatical induction can be used to prove statements that assert that P(n) is true for all positive

### Formal Engineering for Industrial Software Development

Shaoying Liu Formal Engineering for Industrial Software Development Using the SOFL Method With 90 Figures and 30 Tables Springer Contents Introduction 1 1.1 Software Life Cycle... 2 1.2 The Problem 4 1.3

### 3 Extending the Refinement Calculus

Building BSP Programs Using the Refinement Calculus D.B. Skillicorn? Department of Computing and Information Science Queen s University, Kingston, Canada skill@qucis.queensu.ca Abstract. We extend the

### Program Correctness. 1 Introduction. Hing Leung. Nov 19, 2010

1 Program Correctness Hing Leung Nov 19, 2010 1 Introduction In this project, we ll learn how to prove the correctness of a program. We will read excerpts from the pioneering paper of Robert W. Floyd on

### Definition: Group A group is a set G together with a binary operation on G, satisfying the following axioms: a (b c) = (a b) c.

Algebraic Structures Abstract algebra is the study of algebraic structures. Such a structure consists of a set together with one or more binary operations, which are required to satisfy certain axioms.

### Chapter 4: Design Principles I: Correctness and Robustness

Chapter 4: Design Principles I: Correctness and Robustness King Fahd University of Petroleum & Minerals SWE 316: Software Design & Architecture Semester: 072 Objectives To introduce two design principles

### From Program Verification to Certified Binaries

From Program Verification to Certified Binaries The Quest for the Holy Grail of Software Engineering Angelos Manousaridis, Michalis A. Papakyriakou, and Nikolaos S. Papaspyrou National Technical University

### 1.1 Logical Form and Logical Equivalence 1

Contents Chapter I The Logic of Compound Statements 1.1 Logical Form and Logical Equivalence 1 Identifying logical form; Statements; Logical connectives: not, and, and or; Translation to and from symbolic

### Sequences and Mathematical Induction. CSE 215, Foundations of Computer Science Stony Brook University

Sequences and Mathematical Induction CSE 215, Foundations of Computer Science Stony Brook University http://www.cs.stonybrook.edu/~cse215 Sequences A sequence is a function whose domain is all the integers

### A Case Study on Verification of a Cloud Hypervisor by Proof and Structural Testing

A Case Study on Verification of a Cloud Hypervisor by Proof and Structural Testing Nikolai Kosmatov 1, Matthieu Lemerre 1, and Céline Alec 2 1 CEA, LIST, Software Reliability Laboratory, PC 174, 91191

### PROPERTECHNIQUEOFSOFTWARE INSPECTIONUSING GUARDED COMMANDLANGUAGE

International Journal of Computer ScienceandCommunication Vol. 2, No. 1, January-June2011, pp. 153-157 PROPERTECHNIQUEOFSOFTWARE INSPECTIONUSING GUARDED COMMANDLANGUAGE Neeraj Kumar Singhania University,

### WUCT121. Discrete Mathematics. Logic

WUCT121 Discrete Mathematics Logic 1. Logic 2. Predicate Logic 3. Proofs 4. Set Theory 5. Relations and Functions WUCT121 Logic 1 Section 1. Logic 1.1. Introduction. In developing a mathematical theory,

Advances in Programming Languages Lecture 13: Certifying Correctness Ian Stark School of Informatics The University of Edinburgh Tuesday 4 November 2014 Semester 1 Week 8 http://www.inf.ed.ac.uk/teaching/courses/apl

### Indiana State Core Curriculum Standards updated 2009 Algebra I

Indiana State Core Curriculum Standards updated 2009 Algebra I Strand Description Boardworks High School Algebra presentations Operations With Real Numbers Linear Equations and A1.1 Students simplify and

### The Lean Theorem Prover

The Lean Theorem Prover Jeremy Avigad Department of Philosophy and Department of Mathematical Sciences Carnegie Mellon University (Lean s principal developer is Leonardo de Moura, Microsoft Research, Redmond)

### Automated Reasoning. Robert Constable & Christoph Kreitz

Automated Reasoning Robert Constable & Christoph Kreitz 1. What is Automated Reasoning? 2. The Nuprl project 3. Applications 4. Areas for Study and Research Why Automated Reasoning? Too many errors in

### Tool Support for Invariant Based Programming

Tool Support for Invariant Based Programming Ralph-Johan Back and Magnus Myreen Abo Akademi University, Department of Computer Science Lemminkainenkatu 14 A, FIN-20520 Turku, Finland Email: backrj@abo.fi,

### Section 4.3 Image and Inverse Image of a Set

Section 43 Image and Inverse Image of a Set Purpose of Section: To introduce the concept of the image and inverse image of a set We show that unions of sets are preserved under a mapping whereas only one-to-one

### Code Generation for High-Assurance Java Card Applets

Code Generation for High-Assurance Java Card Applets Alessandro Coglio Kestrel Institute 3260 Hillview Avenue, Palo Alto, CA 94304, USA Ph. +1-650-493-6871 Fax +1-650-424-1807 http://www.kestrel.edu/ coglio

### WESTMORELAND COUNTY PUBLIC SCHOOLS 2011 2012 Integrated Instructional Pacing Guide and Checklist Computer Math

Textbook Correlation WESTMORELAND COUNTY PUBLIC SCHOOLS 2011 2012 Integrated Instructional Pacing Guide and Checklist Computer Math Following Directions Unit FIRST QUARTER AND SECOND QUARTER Logic Unit

### Week 12 Tutorial Separation Logic

Department of Computer Science, Australian National University COMP2600 Formal Methods in Software Engineering Semester 2, 2015 Week 12 Tutorial Separation Logic You should hand in attempts to the questions

### 1 A New Look at Formal Methods for Software Construction

1 A New Look at Formal Methods for Software Construction by Reiner Hähnle This chapter sets the stage. We take stock of formal methods for software construction and sketch a path along which formal methods

### Cleanroom Software Engineering

Cleanroom Software Engineering Harlan Mills (Linger, Dyer, Poore), IBM, 1980 Analogy with electronic component manufacture Use of statistical process control features Certified software reliability Improved

### Advanced Higher Mathematics Course Specification (C747 77)

Advanced Higher Mathematics Course Specification (C747 77) Valid from August 2015 This edition: April 2015, version 1.1 This specification may be reproduced in whole or in part for educational purposes

### Electronic Voting Protocol Analysis with the Inductive Method

Electronic Voting Protocol Analysis with the Inductive Method Introduction E-voting use is spreading quickly in the EU and elsewhere Sensitive, need for formal guarantees Inductive Method: protocol verification

### Geometry - Chapter 2 Review

Name: Class: Date: Geometry - Chapter 2 Review Multiple Choice Identify the choice that best completes the statement or answers the question. 1. Determine if the conjecture is valid by the Law of Syllogism.

### Computer Programming I

Computer Programming I COP 2210 Syllabus Spring Semester 2012 Instructor: Greg Shaw Office: ECS 313 (Engineering and Computer Science Bldg) Office Hours: Tuesday: 2:50 4:50, 7:45 8:30 Thursday: 2:50 4:50,

### Lecture Notes on Polynomials

Lecture Notes on Polynomials Arne Jensen Department of Mathematical Sciences Aalborg University c 008 Introduction These lecture notes give a very short introduction to polynomials with real and complex

### A Systematic Approach. to Parallel Program Verication. Tadao TAKAOKA. Department of Computer Science. Ibaraki University. Hitachi, Ibaraki 316, JAPAN

A Systematic Approach to Parallel Program Verication Tadao TAKAOKA Department of Computer Science Ibaraki University Hitachi, Ibaraki 316, JAPAN E-mail: takaoka@cis.ibaraki.ac.jp Phone: +81 94 38 5130

### 6.2 Permutations continued

6.2 Permutations continued Theorem A permutation on a finite set A is either a cycle or can be expressed as a product (composition of disjoint cycles. Proof is by (strong induction on the number, r, of

### DELAWARE MATHEMATICS CONTENT STANDARDS GRADES 9-10. PAGE(S) WHERE TAUGHT (If submission is not a book, cite appropriate location(s))

Prentice Hall University of Chicago School Mathematics Project: Advanced Algebra 2002 Delaware Mathematics Content Standards (Grades 9-10) STANDARD #1 Students will develop their ability to SOLVE PROBLEMS

### Geometry Essential Curriculum

Geometry Essential Curriculum Unit I: Fundamental Concepts and Patterns in Geometry Goal: The student will demonstrate the ability to use the fundamental concepts of geometry including the definitions

### Math 313 Lecture #10 2.2: The Inverse of a Matrix

Math 1 Lecture #10 2.2: The Inverse of a Matrix Matrix algebra provides tools for creating many useful formulas just like real number algebra does. For example, a real number a is invertible if there is

### COMPUTER SCIENCE TRIPOS

CST.98.5.1 COMPUTER SCIENCE TRIPOS Part IB Wednesday 3 June 1998 1.30 to 4.30 Paper 5 Answer five questions. No more than two questions from any one section are to be answered. Submit the answers in five

### Computing Concepts with Java Essentials

2008 AGI-Information Management Consultants May be used for personal purporses only or by libraries associated to dandelon.com network. Computing Concepts with Java Essentials 3rd Edition Cay Horstmann

### Course notes on Number Theory

Course notes on Number Theory In Number Theory, we make the decision to work entirely with whole numbers. There are many reasons for this besides just mathematical interest, not the least of which is that

### Rigorous Software Development CSCI-GA 3033-009

Rigorous Software Development CSCI-GA 3033-009 Instructor: Thomas Wies Spring 2013 Lecture 5 Disclaimer. These notes are derived from notes originally developed by Joseph Kiniry, Gary Leavens, Erik Poll,

### A Reasoning Concept Inventory for Computer Science

A Reasoning Concept Inventory for Computer Science Joan Krone, Joseph E. Hollingsworth, Murali Sitaraman, and Jason O. Hallstrom Technical Report RSRG-09-01 School of Computing 100 McAdams Clemson University

### Translating Stochastic CLS into Maude

Translating Stochastic CLS into Maude (ONGOING WORK) Thomas Anung Basuki 1 Antonio Cerone 1 Paolo Milazzo 2 1. Int. Institute for Software Technology, United Nations Univeristy, Macau SAR, China 2. Dipartimento

### An introduction to RGSep. Viktor Vafeiadis

An introduction to RGSep Viktor Vafeiadis Example: lock-coupling list 2 3 5 7 11 13 There is one lock per node; threads acquire locks in a hand over hand fashion. If a node is locked, we can insert a node

### Software Engineering Techniques

Software Engineering Techniques Low level design issues for programming-in-the-large. Software Quality Design by contract Pre- and post conditions Class invariants Ten do Ten do nots Another type of summary

### Reasoning about Safety Critical Java

Reasoning about Safety Critical Java Chris Marriott 27 th January 2011 Motivation Safety critical systems are becoming part of everyday life Failure can potentially lead to serious consequences Verification

### Composite Refactorings for Java Programs

Composite Refactorings for Java Programs Mel ÓCinnéide1 and Paddy Nixon 2 1 Department of Computer Science, University College Dublin, Dublin 4, Ireland. mel.ocinneide@ucd.ie http://www.cs.ucd.ie/staff/meloc/default.htm

### Artificial Intelligence Automated Reasoning

Artificial Intelligence Automated Reasoning Andrea Torsello Automated Reasoning Very important area of AI research Reasoning usually means deductive reasoning New facts are deduced logically from old ones

### Georgia Department of Education. Calculus

K-12 Mathematics Introduction Calculus The Georgia Mathematics Curriculum focuses on actively engaging the students in the development of mathematical understanding by using manipulatives and a variety

### Mathematical Reasoning in Software Engineering Education. Peter B. Henderson Butler University

Mathematical Reasoning in Software Engineering Education Peter B. Henderson Butler University Introduction Engineering is a bridge between science and mathematics, and the technological needs of mankind.

### Introduction to Proofs

Chapter 1 Introduction to Proofs 1.1 Preview of Proof This section previews many of the key ideas of proof and cites [in brackets] the sections where they are discussed thoroughly. All of these ideas are

### Lecture Notes on Linear Search

Lecture Notes on Linear Search 15-122: Principles of Imperative Computation Frank Pfenning Lecture 5 January 29, 2013 1 Introduction One of the fundamental and recurring problems in computer science is

### A Classification of Model Checking-based Verification Approaches for Software Models

A Classification of Model Checking-based Verification Approaches for Software Models Petra Brosch, Sebastian Gabmeyer, Martina Seidl Sebastian Gabmeyer Business Informatics Group Institute of Software