Model Checking Software, Solving Horn Clauses and IC3. Nikolaj Bjørner Microsoft Research SAT/SMT Summer School 2014, Semmering
Size: px
Start display at page:

Download "Model Checking Software, Solving Horn Clauses and IC3. Nikolaj Bjørner Microsoft Research SAT/SMT Summer School 2014, Semmering"

Transcription

1 Model Checking Software, Solving Horn Clauses and IC3 Nikolaj Bjørner Microsoft Research SAT/SMT Summer School 2014, Semmering

2 Takeaways Symbolic Software Model Checking = SMT for Horn Clauses Simplification and pre-processing A Solver using clues from IC3 An Algorithmic Overview (separate slides)

3 Horn Clauses mc(x) = x-10 if x > 100 mc(x) = mc(mc(x+11)) if x 100 assert (x 101 mc(x) = 91) X. X > 100 mc(x, X 10) X, Y, R. X 100 mc(x + 11, Y) mc(y, R) mc(x, R) X, R. mc(x, R) X 101 R = 91 Solver finds solution for mc [Hoder, B. SAT 2012]

4 Transition System V init(v) step(v, V ) safe(v) - program variables - initial states - transition relation - safe states

5 Safe Transition System Inv. V. init(v) Inv(V) V, V. Inv V step(v, V ) Inv(V ) V. Inv(V) safe(v) [Rybalchenko et.al. PLDI 2012, POPL 2014] Termination and reactivity are also handled in framework of solving systems of logical formulas.

6 Recursive Procedures Formulate as Horn clauses: X. X > 100 mc(x, X 10) X, Y, R. X 100 mc(x + 11, Y) mc(y, R) mc(x, R) X, R. mc(x, R) X 101 R = 91 Solve for mc

7 Recursive Procedures Formulate as Predicate Transformer: F (mc)(x,r) = X > 100 R = X 10 X 100 Y. mc X + 11, Y mc(y, R) Check: μf mc X,R X 101 R = 91

8 Recursive Procedures Instead of computing μf mc X,R, then checking μf mc X,R X 101 R = 91 Suffices to find post-fixed point mc post satisfying: X, R. F mc post X, R mc post X, R X, R. mc post X, R X 101 R = 91

9 Program Verification as SMT - aka A Crusade for Hornish Satisfaction Program Verification (Safety) as as Solving fixed-points Satisfiability of Horn clauses [Bjørner, McMillan, Rybalchenko, SMT workshop 2012] Hilbert Sausage Factory: [Grebenshchikov, Lopes, Popeea, Rybalchenko, PLDI 2012]

10 Procedures Horn Formulas Summary as commands Verifying procedure calls

11 Modular Concurrency Horn Clauses Init Initial condition Safe Safety assertion ρ i X i, Y, X i, Y Transition relation of process i R i X i, Y E i Y, Y Summary of process i Summary of process i s environment Init R i X i, Y R i X i, Y ρ i X i, Y, X i, Y R i X i, Y R i X i, Y E i Y, Y R i X i, Y R i X i, Y ρ i X i, Y, X i, Y E j Y, Y j i R 1 X 1 R N X N Safe [Predicate Abstraction and Refinement for Verifying Multi-Threaded Programs Gupta, Popeea, Rybalchenko, POPL 2011]

12 Horn Clauses Γ x: τ P(x)} y: σ Q(x, y) } x: τ P (x)} y: σ Q (x, y) } Extract sufficient Horn Conditions Γ P x P x Γ P x Q x, y Q x, y

13 Generalized Horn Formulas Handling background axioms: R, f. Background R, f P x P i x P j x φ R, f, x P k x Remark: Abductive Logic Programming amounts to symbolic simulation: - Program + Abducibles ans. Query(ans) - Abducibles + Integrity Constraints is consistent eg. solve for negation of above formula: Ab. IC Ab ( P. Program Ab, P ans. Query(ans, Ab, P))

14

15 Simplifying Horn Clauses

16 A model checking Example

17 Abstraction as Boolean Program b := count == old_count [SLAM, BLAST, Graf & Saidi, Uribe,..]

18 (Predicate) Abstraction/Refinement SMT solver used to synthesize (strongest) abstract transition relation F: ρ x, x F(b 1 x, b n x, b 1 x, b n x )

19 Control as Horn Clauses (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) Loop ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test (=> (Loop count old_count lock_state) (WhileTest count count true)))) ; Loop with if-test (=> (Loop count old_count lock_state) (WhileTest (+ 1 count ) count false)))) (=> (and (not (= old_count count )) (WhileTest count old_count lock_state)) (Loop count old_count lock_state)))) While Test (=> (and (= old_count count ) (WhileTest count old_count lock_state)) (= lock_state true)))) (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model)

20 Solving Horn Clauses Pre-processing HornClauses HornClauses Search Find model M such that M HornClauses Or Find refutation proof π: HornClauses π

21 Pre-processing Cone of Influence Simplification Subsumption Inlining Slicing Unfolding

22 Cone of Influence top down P x Q y false R x x > 0 P x R x x < 0 P x P x S x T x S x S is not used S x true x = 2y R x Q y y x Q x

23 Cone of Influence bottom up P x Q y, 0 false R x x > 0 P x R x x < 0 P x There is no rule to produce Q(x,1) Q x, y y = 1 x = 2y R x Q y, z y x Q x, 1

24 Inlining (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test (=> (Loop count old_count lock_state) (WhileTest count count true)))) ; Loop with if-test (=> (Loop count old_count lock_state) (WhileTest (+ 1 count ) count false)))) (=> (and (not (= old_count count )) (WhileTest count old_count lock_state)) (Loop count old_count lock_state)))) (=> (and (= old_count count ) (WhileTest count old_count lock_state)) (= lock_state true)))) (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model) (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop (=> (and (Loop count old_count lock_state) (not (= count count))) (Loop count count true))) ; Loop without if test + loop exit (=> (and (Loop count old_count lock_state) (= count count)) (= true true))) ; Loop with if-test + repeat loop (=> (and (Loop count old_count lock_state) (not (= (+ 1 count ) count )) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (and (Loop count old_count lock_state) (= (+ 1 count ) count ) (= false true))) (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model)

25 (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) Simplification ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop (=> (and (Loop count old_count lock_state) (not (= count count))) (Loop count count true))) ; Loop without if test + loop exit (=> (and (Loop count old_count lock_state) (= count count)) (= truetrue))) ; Loop with if-test + repeat loop (=> (and (Loop count old_count lock_state) (not (= (+ 1 count ) count )) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (and (Loop count old_count lock_state) (= (+ 1 count ) count ) (= false true))) (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop ; Loop without if test + loop exit (=> (Loop count old_count lock_state) (= true true))) ; Loop with if-test + repeat loop (=> (Loop count old_count lock_state) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model) (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model)

26 (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) Simplification ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop (=> (and (Loop count old_count lock_state) (not (= count count))) (Loop count count true))) ; Loop without if test + loop exit (=> (and (Loop count old_count lock_state) (= count count)) (= truetrue))) (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop ; Loop without if test + loop exit ; Loop with if-test + repeat loop (=> (and (Loop count old_count lock_state) (not (= (+ 1 count ) count )) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (and (Loop count old_count lock_state) (= (+ 1 count ) count ) (= false true))) ; Loop with if-test + repeat loop (=> (Loop count old_count lock_state) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model) (=> (Loop count old_count true) false))) (check-sat) (get-model)

27 (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) Cone of Influence ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop (=> (and (Loop count old_count lock_state) (not (= count count))) (Loop count count true))) ; Loop without if test + loop exit (=> (and (Loop count old_count lock_state) (= count count)) (= truetrue))) (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop ; Loop without if test + loop exit ; Loop with if-test + repeat loop (=> (and (Loop count old_count lock_state) (not (= (+ 1 count ) count )) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (and (Loop count old_count lock_state) (= (+ 1 count ) count ) (= false true))) ; Loop with if-test + repeat loop (=> (Loop count old_count lock_state) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model) (=> (Loop count old_count true) false))) (check-sat) (get-model)

28 (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) Result ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop (=> (and (Loop count old_count lock_state) (not (= count count))) (Loop count count true))) ; Loop without if test + loop exit (=> (and (Loop count old_count lock_state) (= count count)) (= truetrue))) ; Loop with if-test + repeat loop (=> (and (Loop count old_count lock_state) (not (= (+ 1 count ) count )) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (and (Loop count old_count lock_state) (= (+ 1 count ) count ) (= false true))) (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model) (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) ; Loop is entered in arbitrary values of count, old_count ; Loop without if test + repeat loop ; Loop without if test + loop exit ; Loop with if-test + repeat loop ; Loop with if-test + loop exit (check-sat) (get-model)

29 Slicing Remove variables that have no effect

30 Unfolding = more aggressive in-lining Also applied to predicates that are not eliminated

31 A Horn Clause Solver

32 Algorithm Objective is to solve for R such that F R X R X, R X Safe X, X Key elements of PDR algorithm: Over-approximate reachable states R 0 F Propagate back from Safe Resolve conflicts Strengthen/propagate using induction false, R 1 R 2 R N true

33 Algorithm Objective is to solve for R such that F R X R X, R X Safe X, X Initialize: Safe R 1 true R 0 F false F R 0 Main invariant: Safe R i+1 R i F R i

34 Main invariant: Algorithm F R i X R i+1 X R i X Safe X R i X R i+1 X

35 Search: Mile-high perspective Modern SMT solver Decisions: Assignments Conflict Resolution Conflict Clauses Fixedpoint solver Bad WP Bad Conflict SP Init Init Resolution

36 Conflict resolution with arithmetic R(0,0,0,0). Initial states T(L,M,Y1,Y2,L,M,Y1,Y2 ) R(L,M,Y1,Y2) R(L,M,Y1,Y2 ) Reachable states R(2,2,Y1,Y2) false Is unsafe state reachable? Step(L,L,Y1,Y2,Y1 ) T(L,M,Y1,Y2,L,M,Y1,Y2) Step(M,M,Y2,Y1,Y2 ) T(L,M,Y1,Y2,L,M,Y1,Y2 ) Step(0,1,Y1,Y2,Y2+1). P 1 takes a step P 2 takes a step l 0 : y y + 1; goto l 1 (Y1 Y2 Y2 = 0) Step(1,2,Y1,Y2,Y1). l 1 : await y = 0 y y ; goto l 2 Step(2,3,Y1,Y2,Y1). l 2 : critical ; goto l 3 Step(3,0,Y1,Y2,0). l 3 : y 0; goto l 0

37 Search: Mile-high perspective I F (I) F 2 (I) B 2 S B S S Conflict Resolution Conflict Propagation Conflict Propagation

38 Interpolating Conflicts L = 0 M = 0 Y2 = 0 Y1 = 0 L = 0 M = 1 Y2 = 0 Conflict Resolution L = 1 M = 1 Y1 = 1 Y2 = 0 L = 1 M = 2 Y2 = 0 L = 2 M = 2 Y2 Y1 + 1 Y1 0 Y2 0 Y2 1 Y2 0 Conflict Resolution Get Generalization from Farkas Lemma Eg., resolve away blue internal variables

39 Interpolating Conflicts L = 1 L 0 L 1 M = 1 M M = 1 M = 1 M = 1 M 2 Y1 = 1 Y2 Y2= 0 1 Y2 1 Y2 1 Y2 = 0 Y2 = 0 Conflict Resolution Conflict Propagation Conflict Propagation L = 0 M = 0 Y2 = 0 Y1 = 0 L = 2 M = 2

40 Generalization from T-lemmas Can we satisfy? R(0, 0, 0, 0). Initial states T L, M, Y1, Y2, L, M, Y1, Y2, R L, M, Y1, Y2 R L, M, Y1, Y2 Reachable states R L, M, Y1, Y2 L = 2 M = 2. Unsafe state is unreachable L = 0 M = 1 Y2 = 0 M F R 0 Pre is unsatisfiable E.g., there is unsat core of: j c j x j c j M F R i Pre Unsat proof uses T-lemmas 5 > x 1 3 < x 3 From M x 1 x 2 > 2 2x 2 x 3 > 1 From Pre

41 Generalization from T-lemmas Can we satisfy? R(0, 0, 0, 0). Initial states T L, M, Y1, Y2, L, M, Y1, Y2, R L, M, Y1, Y2 R L, M, Y1, Y2 Reachable states R L, M, Y1, Y2 L = 2 M = 2. Unsafe state is unreachable Unsat proof uses T-lemmas 5 > x 1 3 < x 3 From M x 1 x 2 > 2 2x 2 x 3 > 1 From Pre 2 x 1 5 x (x 1 x 2 2) 2x 2 x 3 1 2x 1 10 x 3 3 2x 1 2x 2 4 2x 2 x x 1 x 3 5 Block any model satisfying this

Similar documents

Regression Verification: Status Report

Regression Verification: Status Report Regression Verification: Status Report Presentation by Dennis Felsing within the Projektgruppe Formale Methoden der Softwareentwicklung 2013-12-11 1/22 Introduction How to prevent regressions in software

More information

µz An Efficient Engine for Fixed points with Constraints

µz An Efficient Engine for Fixed points with Constraints µz An Efficient Engine for Fixed points with Constraints Kryštof Hoder, Nikolaj Bjørner, and Leonardo de Moura Manchester University and Microsoft Research Abstract. The µz tool is a scalable, efficient

More information

InvGen: An Efficient Invariant Generator

InvGen: An Efficient Invariant Generator InvGen: An Efficient Invariant Generator Ashutosh Gupta and Andrey Rybalchenko Max Planck Institute for Software Systems (MPI-SWS) Abstract. In this paper we present InvGen, an automatic linear arithmetic

More information

Automated Theorem Proving - summary of lecture 1

Automated Theorem Proving - summary of lecture 1 Automated Theorem Proving - summary of lecture 1 1 Introduction Automated Theorem Proving (ATP) deals with the development of computer programs that show that some statement is a logical consequence of

More information

Non-Monotonic Program Analysis

Non-Monotonic Program Analysis Non-Monotonic Program Analysis Daniel Schwartz-Narbonne Philipp Rümmer Martin Schäf Ashish Tiwari New York University Uppsala University SRI International SRI International Thomas Wies New York University

More information

Formal Verification by Model Checking

Formal Verification by Model Checking Formal Verification by Model Checking Natasha Sharygina Carnegie Mellon University Guest Lectures at the Analysis of Software Artifacts Class, Spring 2005 1 Outline Lecture 1: Overview of Model Checking

More information

A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation

A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation PLDI 03 A Static Analyzer for Large Safety-Critical Software B. Blanchet, P. Cousot, R. Cousot, J. Feret L. Mauborgne, A. Miné, D. Monniaux,. Rival CNRS École normale supérieure École polytechnique Paris

More information

Building SMT-based Software Model Checkers: an Experience Report

Building SMT-based Software Model Checkers: an Experience Report Building SMT-based Software Model Checkers: an Experience Report Alessandro Armando Artificial Intelligence Laboratory (AI-Lab) Dipartimento di Informatica Sistemistica e Telematica (DIST) University of

More information

Model Driven Security: Foundations, Tools, and Practice

Model Driven Security: Foundations, Tools, and Practice Model Driven Security: Foundations, Tools, and Practice David Basin, Manuel Clavel, and ETH Zurich, IMDEA Software Institute Thursday 1st, 2011 Outline I 1 Models Analysis. Types. 2 The Object Constraint

More information

Rigorous Software Engineering Hoare Logic and Design by Contracts

Rigorous Software Engineering Hoare Logic and Design by Contracts Rigorous Software Engineering Hoare Logic and Design by Contracts Simão Melo de Sousa RELEASE (UBI), LIACC (Porto) Computer Science Department University of Beira Interior, Portugal 2010-2011 S. Melo de

More information

Model Checking: An Introduction

Model Checking: An Introduction Announcements Model Checking: An Introduction Meeting 2 Office hours M 1:30pm-2:30pm W 5:30pm-6:30pm (after class) and by appointment ECOT 621 Moodle problems? Fundamentals of Programming Languages CSCI

More information

FORMALLY CERTIFIED SATISFIABILITY SOLVING. Duck Ki Oe. An Abstract

FORMALLY CERTIFIED SATISFIABILITY SOLVING. Duck Ki Oe. An Abstract FORMALLY CERTIFIED SATISFIABILITY SOLVING by Duck Ki Oe An Abstract Of a thesis submitted in partial fulfillment of the requirements for the Doctor of Philosophy degree in Computer Science in the Graduate

More information

UFO: Verification with Interpolants and Abstract Interpretation

UFO: Verification with Interpolants and Abstract Interpretation : Verification with Interpolants and Abstract Interpretation and Sagar Chaki Software Engineering Institute Carnegie Mellon University Aws Albarghouthi, Yi i and Marsha Chechik University of Toronto A

More information

Rigorous Software Development CSCI-GA 3033-009

Rigorous Software Development CSCI-GA 3033-009 Rigorous Software Development CSCI-GA 3033-009 Instructor: Thomas Wies Spring 2013 Lecture 11 Semantics of Programming Languages Denotational Semantics Meaning of a program is defined as the mathematical

More information

Satisfiability Checking

Satisfiability Checking Satisfiability Checking SAT-Solving Prof. Dr. Erika Ábrahám Theory of Hybrid Systems Informatik 2 WS 10/11 Prof. Dr. Erika Ábrahám - Satisfiability Checking 1 / 40 A basic SAT algorithm Assume the CNF

More information

Reasoning About the Unknown in Static Analysis

Reasoning About the Unknown in Static Analysis Reasoning About the Unknown in Static Analysis Isil Dillig Thomas Dillig Alex Aiken {isil, tdillig, aiken}@cs.stanford.edu Computer Science Department Stanford University ABSTRACT Static program analysis

More information

Foundational Proof Certificates

Foundational Proof Certificates An application of proof theory to computer science INRIA-Saclay & LIX, École Polytechnique CUSO Winter School, Proof and Computation 30 January 2013 Can we standardize, communicate, and trust formal proofs?

More information

Software safety - DEF-STAN 00-55

Software safety - DEF-STAN 00-55 Software safety - DEF-STAN 00-55 Where safety is dependent on the safety related software (SRS) fully meeting its requirements, demonstrating safety is equivalent to demonstrating correctness with respect

More information

Coverability for Parallel Programs

Coverability for Parallel Programs 2015 http://excel.fit.vutbr.cz Coverability for Parallel Programs Lenka Turoňová* Abstract We improve existing method for the automatic verification of systems with parallel running processes. The technique

More information

On the Use of Logical Abduction in Software Engineering

On the Use of Logical Abduction in Software Engineering On the Use of Logical Abduction in Software Engineering ALESSANDRA RUSSO and BASHAR NUSEIBEH Department of Computing, Imperial College of Science, Technology and Medicine London SW7 2BZ, U.K. E-mail:{ar3,

More information

Lecture 9 verifying temporal logic

Lecture 9 verifying temporal logic Basics of advanced software systems Lecture 9 verifying temporal logic formulae with SPIN 21/01/2013 1 Outline for today 1. Introduction: motivations for formal methods, use in industry 2. Developing models

More information

A Classification of Model Checking-based Verification Approaches for Software Models

A Classification of Model Checking-based Verification Approaches for Software Models A Classification of Model Checking-based Verification Approaches for Software Models Petra Brosch, Sebastian Gabmeyer, Martina Seidl Sebastian Gabmeyer Business Informatics Group Institute of Software

More information

Boolean Expressions, Conditions, Loops, and Enumerations. Precedence Rules (from highest to lowest priority)

Boolean Expressions, Conditions, Loops, and Enumerations. Precedence Rules (from highest to lowest priority) Boolean Expressions, Conditions, Loops, and Enumerations Relational Operators == // true if two values are equivalent!= // true if two values are not equivalent < // true if left value is less than the

More information

Pretty-big-step semantics

Pretty-big-step semantics Pretty-big-step semantics Arthur Charguéraud INRIA October 2012 1 / 34 Motivation Formalization of JavaScript with Sergio Maeis, Daniele Filaretti, Alan Schmitt, Martin Bodin. Previous work: Semi-formal

More information

Sudoku as a SAT Problem

Sudoku as a SAT Problem Sudoku as a SAT Problem Inês Lynce IST/INESC-ID, Technical University of Lisbon, Portugal ines@sat.inesc-id.pt Joël Ouaknine Oxford University Computing Laboratory, UK joel@comlab.ox.ac.uk Abstract Sudoku

More information

Introduction to SPIN. Acknowledgments. Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck. Features PROMELA/SPIN

Introduction to SPIN. Acknowledgments. Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck. Features PROMELA/SPIN Acknowledgments Introduction to SPIN Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck Ralf Huuck COMP 4152 1 Ralf Huuck COMP 4152 2 PROMELA/SPIN PROMELA (PROcess MEta

More information

MEMORY MODEL SENSITIVE ANALYSIS OF CONCURRENT DATA TYPES. Sebastian Burckhardt. Computer and Information Science

MEMORY MODEL SENSITIVE ANALYSIS OF CONCURRENT DATA TYPES. Sebastian Burckhardt. Computer and Information Science MEMORY MODEL SENSITIVE ANALYSIS OF CONCURRENT DATA TYPES Sebastian Burckhardt A DISSERTATION in Computer and Information Science Presented to the Faculties of the University of Pennsylvania in Partial

More information

HECTOR a software model checker with cooperating analysis plugins. Nathaniel Charlton and Michael Huth Imperial College London

HECTOR a software model checker with cooperating analysis plugins. Nathaniel Charlton and Michael Huth Imperial College London HECTOR a software model checker with cooperating analysis plugins Nathaniel Charlton and Michael Huth Imperial College London Introduction HECTOR targets imperative heap-manipulating programs uses abstraction

More information

Problem Sheet 9: Software Model Checking Sample Solutions

Problem Sheet 9: Software Model Checking Sample Solutions Problem Sheet 9: Software Model Checking Sample Solutions Chris Poskitt ETH Zürich 1 Predicate Abstraction i. Let us first visualise c and not c in a Venn diagram: not c c P red(not c) gives the weakest

More information

CS510 Software Engineering

CS510 Software Engineering CS510 Software Engineering Propositional Logic Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Scott A. Carr Slides inspired by Xiangyu Zhang http://nebelwelt.net/teaching/15-cs510-se

More information

Repair of Boolean Programs with an Application to C

Repair of Boolean Programs with an Application to C Repair of Boolean Programs with an Application to C Andreas Griesmayer 1, Roderick Bloem 1, and Byron Cook 2 1 Graz University of Technology 2 Microsoft Research Abstract. We show how to find and fix faults

More information

Interactive Software Verification

Interactive Software Verification Interactive Software Verification Spring Term 2013 Holger Gast gasth@in.tum.de 25.6.2013 1 H.Gast gasth@in.tum.de Interactive Software Verification, 25.6.2013 Today Manipulating lists on the heap Ghost

More information

PROPERTECHNIQUEOFSOFTWARE INSPECTIONUSING GUARDED COMMANDLANGUAGE

PROPERTECHNIQUEOFSOFTWARE INSPECTIONUSING GUARDED COMMANDLANGUAGE International Journal of Computer ScienceandCommunication Vol. 2, No. 1, January-June2011, pp. 153-157 PROPERTECHNIQUEOFSOFTWARE INSPECTIONUSING GUARDED COMMANDLANGUAGE Neeraj Kumar Singhania University,

More information

Static Program Transformations for Efficient Software Model Checking

Static Program Transformations for Efficient Software Model Checking Static Program Transformations for Efficient Software Model Checking Shobha Vasudevan Jacob Abraham The University of Texas at Austin Dependable Systems Large and complex systems Software faults are major

More information

Fundamentals of Software Engineering

Fundamentals of Software Engineering Fundamentals of Software Engineering Model Checking with Temporal Logic Ina Schaefer Institute for Software Systems Engineering TU Braunschweig, Germany Slides by Wolfgang Ahrendt, Richard Bubel, Reiner

More information

Verification of Imperative Programs in Theorema

Verification of Imperative Programs in Theorema Verification of Imperative Programs in Theorema Laura Ildikó Kovács, Nikolaj Popov, Tudor Jebelean 1 Research Institute for Symbolic Computation, Johannes Kepler University, A-4040 Linz, Austria Institute

More information

Bugs, Moles and Skeletons: Symbolic Reasoning for Software Development

Bugs, Moles and Skeletons: Symbolic Reasoning for Software Development Bugs, Moles and Skeletons: Symbolic Reasoning for Software Development Leonardo de Moura and Nikolaj Bjørner Microsoft Research, One Microsoft Way, Redmond, WA, 98052, USA {leonardo, nbjorner@microsoft.com

More information

Formal verification of contracts for synchronous software components using NuSMV

Formal verification of contracts for synchronous software components using NuSMV Formal verification of contracts for synchronous software components using NuSMV Tobias Polzer Lehrstuhl für Informatik 8 Bachelorarbeit 13.05.2014 1 / 19 Problem description and goals Problem description

More information

Introduction to Logic in Computer Science: Autumn 2006

Introduction to Logic in Computer Science: Autumn 2006 Introduction to Logic in Computer Science: Autumn 2006 Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam Ulle Endriss 1 Plan for Today Now that we have a basic understanding

More information

Verifying Refutations with Extended Resolution

Verifying Refutations with Extended Resolution Verifying Refutations with Extended Resolution Marijn J. H. Heule, Warren A. Hunt Jr., and Nathan Wetzler The University of Texas at Austin Abstract. Modern SAT solvers use preprocessing and inprocessing

More information

Boogie: A Modular Reusable Verifier for Object-Oriented Programs

Boogie: A Modular Reusable Verifier for Object-Oriented Programs Boogie: A Modular Reusable Verifier for Object-Oriented Programs M. Barnett, B.E. Chang, R. DeLine, B. Jacobs, K.R.M. Leino Lorenzo Baesso ETH Zurich Motivation Abstract Domains Modular Architecture Automatic

More information

Chair of Software Engineering. Software Verification. Assertion Inference. Carlo A. Furia

Chair of Software Engineering. Software Verification. Assertion Inference. Carlo A. Furia Chair of Software Engineering Software Verification Assertion Inference Carlo A. Furia Proving Programs Automatically The Program Verification problem: Given: a program P and a specification S = [Pre,

More information

A Formal Approach for Network Security Management Based on Qualitative Risk Analysis

A Formal Approach for Network Security Management Based on Qualitative Risk Analysis A Formal Approach for Network Security Management Based on Qualitative Risk Analysis Mohammad Ashiqur Rahman and Ehab Al-Shaer CyberDNA Research Center, University of North Carolina Charlotte, USA Emails:

More information

2 Temporal Logic Model Checking

2 Temporal Logic Model Checking Bounded Model Checking Using Satisfiability Solving Edmund Clarke 1, Armin Biere 2, Richard Raimi 3, and Yunshan Zhu 4 1 Computer Science Department, CMU, 5000 Forbes Avenue Pittsburgh, PA 15213, USA,

More information

Infer: An Automatic Program Verifier for Memory Safety of C Programs

Infer: An Automatic Program Verifier for Memory Safety of C Programs Infer: An Automatic Program Verifier for Memory Safety of C Programs Cristiano Calcagno and Dino Distefano Monoidics Ltd, UK Abstract. Infer 1 is a new automatic program verification tool aimed at proving

More information

Chapter 7 Uncomputability

Chapter 7 Uncomputability Chapter 7 Uncomputability 190 7.1 Introduction Undecidability of concrete problems. First undecidable problem obtained by diagonalisation. Other undecidable problems obtained by means of the reduction

More information

An Integrated Data Model Verifier with Property Templates

An Integrated Data Model Verifier with Property Templates An Integrated Data Model Verifier with Property Templates Jaideep Nijjar Ivan Bocic Tevfik Bultan University of California, Santa Barbara {jaideepnijjar, bo, bultan}@cs.ucsb.edu Abstract Most modern web

More information

Habanero Extreme Scale Software Research Project

Habanero Extreme Scale Software Research Project Habanero Extreme Scale Software Research Project Comp215: Java Method Dispatch Zoran Budimlić (Rice University) Always remember that you are absolutely unique. Just like everyone else. - Margaret Mead

More information

PREDICATE GENERATION FOR LEARNING-BASED QUANTIFIER-FREE LOOP INVARIANT INFERENCE

PREDICATE GENERATION FOR LEARNING-BASED QUANTIFIER-FREE LOOP INVARIANT INFERENCE PREDICATE GENERATION FOR LEARNING-BASED QUANTIFIER-FREE LOOP INVARIANT INFERENCE YUNGBUM JUNG, WONCHAN LEE, BOW-YAW WANG, AND KWANGKUEN YI Seoul National University, Korea e-mail address: dreameye@ropas.snu.ac.kr

More information

Software Engineering and Automated Deduction

Software Engineering and Automated Deduction Software Engineering and Automated Deduction Willem Visser Stellenbosch University Stellenbosch, South Africa visserw@sun.ac.za Nikolaj Bjørner Microsoft Research Redmond, WA, USA nbjorner@microsoft.com

More information

Constructing Contracts: Making Discrete Mathematics Relevant to Beginning Programmers

Constructing Contracts: Making Discrete Mathematics Relevant to Beginning Programmers Constructing Contracts: Making Discrete Mathematics Relevant to Beginning Programmers TIMOTHY S. GEGG-HARRISON Winona State University Although computer scientists understand the importance of discrete

More information

There is no degree invariant half-jump

There is no degree invariant half-jump There is no degree invariant half-jump Rod Downey Mathematics Department Victoria University of Wellington P O Box 600 Wellington New Zealand Richard A. Shore Mathematics Department Cornell University

More information

Solver- aided DSL with. Rui Zhao (rz2290)

Solver- aided DSL with. Rui Zhao (rz2290) Solver- aided DSL with Rui Zhao (rz2290 Solver- aided Programming So>ware is widely used We all want to build programs, not only so>ware engineers Solver- aided Programming 1960 - So>ware crisis 1970 -

More information

Welcome to... Problem Analysis and Complexity Theory 716.054, 3 VU

Welcome to... Problem Analysis and Complexity Theory 716.054, 3 VU Welcome to... Problem Analysis and Complexity Theory 716.054, 3 VU Birgit Vogtenhuber Institute for Software Technology email: bvogt@ist.tugraz.at office hour: Tuesday 10:30 11:30 slides: http://www.ist.tugraz.at/pact.html

More information

Software Engineering using Formal Methods

Software Engineering using Formal Methods Software Engineering using Formal Methods Model Checking with Temporal Logic Wolfgang Ahrendt 24th September 2013 SEFM: Model Checking with Temporal Logic /GU 130924 1 / 33 Model Checking with Spin model

More information

The software model checker BLAST

The software model checker BLAST Int J Softw Tools Technol Transfer (2007) 9:505 525 DOI 10.1007/s10009-007-0044-z SPECIAL SECTION FASE 04/05 The software model checker BLAST Applications to software engineering Dirk Beyer Thomas A. Henzinger

More information

Incremental Analysis of Evolving Administrative Role Based Access Control Policies

Incremental Analysis of Evolving Administrative Role Based Access Control Policies Incremental Analysis of Evolving Administrative Role Based Access Control Policies Silvio Ranise 1 and Anh Truong 1,2 1 Security and Trust Unit, FBK-Irst, Trento, Italia 2 DISI, Università degli Studi

More information

The Software Model Checker BLAST: Applications to Software Engineering

The Software Model Checker BLAST: Applications to Software Engineering International Journal on Software Tools Technology Transfer manuscript No. (will be inserted by the editor) Dirk Beyer Thomas A. Henzinger Ranjit Jhala Rupak Majumdar The Software Model Checker BLAST:

More information

Formal Verification Coverage: Computing the Coverage Gap between Temporal Specifications

Formal Verification Coverage: Computing the Coverage Gap between Temporal Specifications Formal Verification Coverage: Computing the Coverage Gap between Temporal Specifications Sayantan Das Prasenjit Basu Ansuman Banerjee Pallab Dasgupta P.P. Chakrabarti Department of Computer Science & Engineering

More information

LEVERAGING DEDUCTIVE VERIFICATION IN INDUSTRIAL CONTEXTS

LEVERAGING DEDUCTIVE VERIFICATION IN INDUSTRIAL CONTEXTS LEVERAGING DEDUCTIVE VERIFICATION IN INDUSTRIAL CONTEXTS CEA S SOFTWARE SAFETY LABORATORY 1995: LEAP FROM DYNAMIC TO STATIC CODE ANALYSIS! CAVEAT: ARCHITECTURE C source code VC Generator Formal specifications

More information

Computational Methods for Database Repair by Signed Formulae

Computational Methods for Database Repair by Signed Formulae Computational Methods for Database Repair by Signed Formulae Ofer Arieli (oarieli@mta.ac.il) Department of Computer Science, The Academic College of Tel-Aviv, 4 Antokolski street, Tel-Aviv 61161, Israel.

More information

CHAPTER 7 GENERAL PROOF SYSTEMS

CHAPTER 7 GENERAL PROOF SYSTEMS CHAPTER 7 GENERAL PROOF SYSTEMS 1 Introduction Proof systems are built to prove statements. They can be thought as an inference machine with special statements, called provable statements, or sometimes

More information

How To Prove That A Program Is Terminating

How To Prove That A Program Is Terminating I N F O R M A T I K Software Model Checking of Liveness Properties via Transition Invariants Andreas Podelski Andrey Rybalchenko MPI I 2003 2 004 December 2003 FORSCHUNGSBERICHT RESEARCH REPORT M A X -

More information

Introduction to Promela and SPIN. LACL, Université Paris 12

Introduction to Promela and SPIN. LACL, Université Paris 12 Introduction to Promela and SPIN LACL, Université Paris 12 Promela = Process Meta Language A specification language! No programming language! Used for system description : Specify an abstraction of the

More information

CORRECTNESS of computer systems is critical in today s

CORRECTNESS of computer systems is critical in today s IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, VOL. 27, NO. 7, JULY 2008 1165 Keynote Paper A Survey of Automated Techniques for Formal Software Verification Vijay D Silva,

More information

Automated Detection of Non-Termination and NullPointerExceptions for Java Bytecode

Automated Detection of Non-Termination and NullPointerExceptions for Java Bytecode Automated Detection of Non-Termination and NullPointerExceptions for Java Bytecode Marc Brockschmidt, Thomas Ströder, Carsten Otto, and Jürgen Giesl LuFG Informatik 2, RWTH Aachen University, Germany Abstract.

More information

Lecture Notes on Linear Search

Lecture Notes on Linear Search Lecture Notes on Linear Search 15-122: Principles of Imperative Computation Frank Pfenning Lecture 5 January 29, 2013 1 Introduction One of the fundamental and recurring problems in computer science is

More information

Verifying Specifications with Proof Scores in CafeOBJ

Verifying Specifications with Proof Scores in CafeOBJ Verifying Specifications with Proof Scores in CafeOBJ FUTATSUGI, Kokichi 二 木 厚 吉 Chair of Language Design Graduate School of Information Science Japan Advanced Institute of Science and Technology (JAIST)

More information

The Designer's Guide to VHDL

The Designer's Guide to VHDL The Designer's Guide to VHDL Third Edition Peter J. Ashenden EDA CONSULTANT, ASHENDEN DESIGNS PTY. LTD. ADJUNCT ASSOCIATE PROFESSOR, ADELAIDE UNIVERSITY AMSTERDAM BOSTON HEIDELBERG LONDON m^^ yj 1 ' NEW

More information

logic language, static/dynamic models SAT solvers Verified Software Systems 1 How can we model check of a program or system?

logic language, static/dynamic models SAT solvers Verified Software Systems 1 How can we model check of a program or system? 5. LTL, CTL Last part: Alloy logic language, static/dynamic models SAT solvers Today: Temporal Logic (LTL, CTL) Verified Software Systems 1 Overview How can we model check of a program or system? Modeling

More information

Test Case Generation for Ultimately Periodic Paths Joint work with Saddek Bensalem Hongyang Qu Stavros Tripakis Lenore Zuck Accepted to HVC 2007 How to find the condition to execute a path? (weakest precondition

More information

AUTOMATED TEST GENERATION FOR SOFTWARE COMPONENTS

AUTOMATED TEST GENERATION FOR SOFTWARE COMPONENTS TKK Reports in Information and Computer Science Espoo 2009 TKK-ICS-R26 AUTOMATED TEST GENERATION FOR SOFTWARE COMPONENTS Kari Kähkönen ABTEKNILLINEN KORKEAKOULU TEKNISKA HÖGSKOLAN HELSINKI UNIVERSITY OF

More information

Slot machines. an approach to the Strategy Challenge in SMT solving. Stéphane Graham-Lengrand CNRS - Ecole Polytechnique - SRI International,

Slot machines. an approach to the Strategy Challenge in SMT solving. Stéphane Graham-Lengrand CNRS - Ecole Polytechnique - SRI International, Slot machines an approach to the Strategy Challenge in SMT solving Stéphane Graham-Lengrand CNRS - Ecole Polytechnique - SRI International, SMT-Workshop, 19th July 2015 2 Disclaimer This talk will not

More information

Formal Reasoning about Fine-Grained Access Control Policies

Formal Reasoning about Fine-Grained Access Control Policies Formal Reasoning about Fine-Grained Access Control Policies Miguel A. García de Dios Carolina Dania Manuel Clavel IMDEA Software Institute, Spain {miguelangel.garcia,carolina.dania,manuel.clavel}@imdea.org

More information

POLYTYPIC PROGRAMMING OR: Programming Language Theory is Helpful

POLYTYPIC PROGRAMMING OR: Programming Language Theory is Helpful POLYTYPIC PROGRAMMING OR: Programming Language Theory is Helpful RALF HINZE Institute of Information and Computing Sciences Utrecht University Email: ralf@cs.uu.nl Homepage: http://www.cs.uu.nl/~ralf/

More information

INF5140: Specification and Verification of Parallel Systems

INF5140: Specification and Verification of Parallel Systems INF5140: Specification and Verification of Parallel Systems Lecture 7 LTL into Automata and Introduction to Promela Gerardo Schneider Department of Informatics University of Oslo INF5140, Spring 2007 Gerardo

More information

Software Engineering Techniques

Software Engineering Techniques Software Engineering Techniques Low level design issues for programming-in-the-large. Software Quality Design by contract Pre- and post conditions Class invariants Ten do Ten do nots Another type of summary

More information

Formal Verification Toolkit for Requirements and Early Design Stages

Formal Verification Toolkit for Requirements and Early Design Stages Formal Verification Toolkit for Requirements and Early Design Stages Julia M. Badger 1 and Sheena Judson Miller 2 1 NASA Johnson Space Center, Houston, TX 77058, USA 2 Barrios Technology, Houston, TX 77058,

More information

Tr ends in Software Verification

Tr ends in Software Verification Tr ends in Software Verification Gerard J. Holzmann JPL Laboratory for Reliable Software California Institute of Technology 4800 Oak Grove Drive Pasadena, CA 91006 gerard.j.holzmann@jpl.nasa.gov Abstract.

More information

Optimizing Description Logic Subsumption

Optimizing Description Logic Subsumption Topics in Knowledge Representation and Reasoning Optimizing Description Logic Subsumption Maryam Fazel-Zarandi Company Department of Computer Science University of Toronto Outline Introduction Optimization

More information

Minimum Satisfying Assignments for SMT

Minimum Satisfying Assignments for SMT Minimum Satisfying Assignments for SMT Isil Dillig 1, Thomas Dillig 1, Kenneth L. McMillan 2, and Alex Aiken 3 1 College of William & Mary 2 Microsoft Research 3 Stanford University Abstract. A minimum

More information

Consolidation of Queries with User-Defined Functions

Consolidation of Queries with User-Defined Functions Consolidation of Queries with User-Defined Functions Marcelo Sousa University of Oxford marcelo.sousa@cs.ox.ac.uk Thomas Dillig UT Austin tdillig@cs.utexas.edu Isil Dillig UT Austin isil@cs.utexas.edu

More information

Lehrstuhl für Informatik 2

Lehrstuhl für Informatik 2 Analytical Learning Introduction Lehrstuhl Explanation is used to distinguish the relevant features of the training examples from the irrelevant ones, so that the examples can be generalised Introduction

More information

A Semantical Perspective on Verification of Knowledge

A Semantical Perspective on Verification of Knowledge A Semantical Perspective on Verification of Knowledge Paul Leemans, Jan Treur, Mark Willems Vrije Universiteit Amsterdam, Department of Artificial Intelligence De Boelelaan 1081a, 1081 HV Amsterdam The

More information

Model Checking LTL Properties over C Programs with Bounded Traces

Model Checking LTL Properties over C Programs with Bounded Traces Noname manuscript No. (will be inserted by the editor) Model Checking LTL Properties over C Programs with Bounded Traces Jeremy Morse 1, Lucas Cordeiro 2, Denis Nicole 1, Bernd Fischer 1,3 1 Electronics

More information

Automated Quantitative Software Verification

Automated Quantitative Software Verification Automated Quantitative Software Verification by Mark Kattenbelt A thesis submitted for the degree of Doctor of Philosophy Trinity College, Oxford Trinity Term 2010 Abstract Many software systems exhibit

More information

The Course. http://www.cse.unsw.edu.au/~cs3153/

The Course. http://www.cse.unsw.edu.au/~cs3153/ The Course http://www.cse.unsw.edu.au/~cs3153/ Lecturers Dr Peter Höfner NICTA L5 building Prof Rob van Glabbeek NICTA L5 building Dr Ralf Huuck NICTA ATP building 2 Plan/Schedule (1) Where and When Tuesday,

More information

Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science. Unit of Study / Textbook Correlation

Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science. Unit of Study / Textbook Correlation Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science updated 03/08/2012 Unit 1: JKarel 8 weeks http://www.fcps.edu/is/pos/documents/hs/compsci.htm

More information

Introduction to Static Analysis for Assurance

Introduction to Static Analysis for Assurance Introduction to Static Analysis for Assurance John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby Static Analysis for Assurance: 1 Overview What is static analysis?

More information

Software Engineering

Software Engineering Software Engineering Lecture 04: The B Specification Method Peter Thiemann University of Freiburg, Germany SS 2013 Peter Thiemann (Univ. Freiburg) Software Engineering SWT 1 / 50 The B specification method

More information

The Classes P and NP

The Classes P and NP The Classes P and NP We now shift gears slightly and restrict our attention to the examination of two families of problems which are very important to computer scientists. These families constitute the

More information

GameTime: A Toolkit for Timing Analysis of Software

GameTime: A Toolkit for Timing Analysis of Software GameTime: A Toolkit for Timing Analysis of Software Sanjit A. Seshia and Jonathan Kotker EECS Department, UC Berkeley {sseshia,jamhoot}@eecs.berkeley.edu Abstract. Timing analysis is a key step in the

More information

Model Checking of Software

Model Checking of Software Model Checking of Software Patrice Godefroid Bell Laboratories, Lucent Technologies SpecNCheck Page 1 August 2001 A Brief History of Model Checking Prehistory: transformational programs and theorem proving

More information

Engineering a EIA - 632

Engineering a EIA - 632 es for Engineering a System EIA - 632 SE Tutorial es for Engr Sys - 1 Fundamental es for Engineering a System Acquisition and Supply Supply Acquisition es for Engineering A System Technical Management

More information

Analysis of Boolean Programs

Analysis of Boolean Programs Analysis of Boolean Programs Patrice Godefroid 1 Mihalis Yannakakis 2 1 Microsoft Research, pg@microsoft.com 2 Columbia University, mihalis@cs.columbia.edu Abstract. Boolean programs are a popular abstract

More information

Complexity Theory. Jörg Kreiker. Summer term 2010. Chair for Theoretical Computer Science Prof. Esparza TU München

Complexity Theory. Jörg Kreiker. Summer term 2010. Chair for Theoretical Computer Science Prof. Esparza TU München Complexity Theory Jörg Kreiker Chair for Theoretical Computer Science Prof. Esparza TU München Summer term 2010 Lecture 8 PSPACE 3 Intro Agenda Wrap-up Ladner proof and time vs. space succinctness QBF

More information

Introduction to Programming (in C++) Loops. Jordi Cortadella, Ricard Gavaldà, Fernando Orejas Dept. of Computer Science, UPC

Introduction to Programming (in C++) Loops. Jordi Cortadella, Ricard Gavaldà, Fernando Orejas Dept. of Computer Science, UPC Introduction to Programming (in C++) Loops Jordi Cortadella, Ricard Gavaldà, Fernando Orejas Dept. of Computer Science, UPC Example Assume the following specification: Input: read a number N > 0 Output:

More information

Fully Abstract Operation Contracts

Fully Abstract Operation Contracts Fully Abstract Operation Contracts Richard Bubel, Reiner Hähnle, and Maria Pelevina Department of Computer Science Technical University of Darmstadt bubel haehnle@cs.tu-darmstadt.de m.pelevina@gmail.com

More information

Example. Introduction to Programming (in C++) Loops. The while statement. Write the numbers 1 N. Assume the following specification:

Example. Introduction to Programming (in C++) Loops. The while statement. Write the numbers 1 N. Assume the following specification: Example Introduction to Programming (in C++) Loops Assume the following specification: Input: read a number N > 0 Output: write the sequence 1 2 3 N (one number per line) Jordi Cortadella, Ricard Gavaldà,

More information

Chapter 4, Arithmetic in F [x] Polynomial arithmetic and the division algorithm.

Chapter 4, Arithmetic in F [x] Polynomial arithmetic and the division algorithm. Chapter 4, Arithmetic in F [x] Polynomial arithmetic and the division algorithm. We begin by defining the ring of polynomials with coefficients in a ring R. After some preliminary results, we specialize

More information
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information