MAT-71506 Program Verication: Exercises



Similar documents
Chapter 1: Key Concepts of Programming and Software Engineering

3. Mathematical Induction

136 CHAPTER 4. INDUCTION, GRAPHS AND TREES

Logic in Computer Science: Logic Gates

Section IV.1: Recursive Algorithms and Recursion Trees

WHAT ARE MATHEMATICAL PROOFS AND WHY THEY ARE IMPORTANT?

Lecture 16 : Relations and Functions DRAFT


Analysis of Binary Search algorithm and Selection Sort algorithm

INCIDENCE-BETWEENNESS GEOMETRY

Mathematics for Computer Science/Software Engineering. Notes for the course MSM1F3 Dr. R. A. Wilson

= = 3 4, Now assume that P (k) is true for some fixed k 2. This means that

Mathematical Induction

CHAPTER 2. Logic. 1. Logic Definitions. Notation: Variables are used to represent propositions. The most common variables used are p, q, and r.

Why? A central concept in Computer Science. Algorithms are ubiquitous.

Probability Using Dice

Rigorous Software Development CSCI-GA

Predicate Logic. Example: All men are mortal. Socrates is a man. Socrates is mortal.

Propositional Logic. A proposition is a declarative sentence (a sentence that declares a fact) that is either true or false, but not both.

Chapter 31 out of 37 from Discrete Mathematics for Neophytes: Number Theory, Probability, Algorithms, and Other Stuff by J. M.

Mathematical Induction. Lecture 10-11

A simple algorithm with no simple verication

Lecture 17 : Equivalence and Order Relations DRAFT

it is easy to see that α = a

VISUAL ALGEBRA FOR COLLEGE STUDENTS. Laurie J. Burton Western Oregon University

Discrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 2

Lecture Notes on Linear Search

1. True or False? A voltage level in the range 0 to 2 volts is interpreted as a binary 1.

Chapter 3. Cartesian Products and Relations. 3.1 Cartesian Products

MATHEMATICAL INDUCTION. Mathematical Induction. This is a powerful method to prove properties of positive integers.

def: An axiom is a statement that is assumed to be true, or in the case of a mathematical system, is used to specify the system.

CSE373: Data Structures and Algorithms Lecture 3: Math Review; Algorithm Analysis. Linda Shapiro Winter 2015

Likewise, we have contradictions: formulas that can only be false, e.g. (p p).

HAVE NO PAPERS/ARE OUT OF STATUS/ UNDOCUMENTED

Number Theory Hungarian Style. Cameron Byerley s interpretation of Csaba Szabó s lectures

simplicity hides complexity

Sexual Assault of a Child VOIR DIRE QUESTIONS

MACM 101 Discrete Mathematics I

Theorem3.1.1 Thedivisionalgorithm;theorem2.2.1insection2.2 If m, n Z and n is a positive

DEDUCTIVE & INDUCTIVE REASONING

Predicate logic Proofs Artificial intelligence. Predicate logic. SET07106 Mathematics for Software Engineering

VISUAL GUIDE to. RX Scripting. for Roulette Xtreme - System Designer 2.0

Vocabulary. Term Page Definition Clarifying Example. biconditional statement. conclusion. conditional statement. conjecture.

If A is divided by B the result is 2/3. If B is divided by C the result is 4/7. What is the result if A is divided by C?

Dedekind s forgotten axiom and why we should teach it (and why we shouldn t teach mathematical induction in our calculus classes)

Math 55: Discrete Mathematics

Chair of Software Engineering. Software Verification. Assertion Inference. Carlo A. Furia

Regular Languages and Finite Automata

How To Solve The Stable Roommates Problem

Pretty-big-step semantics

CS/COE

Automated Theorem Proving - summary of lecture 1

So far we have considered only numeric processing, i.e. processing of numeric data represented

An Innocent Investigation

WOLLONGONG COLLEGE AUSTRALIA. Diploma in Information Technology

Quotient Rings and Field Extensions

Homework until Test #2

Invertible elements in associates and semigroups. 1

Binary Adders: Half Adders and Full Adders

So let us begin our quest to find the holy grail of real analysis.

Handout #1: Mathematical Reasoning

Some Polynomial Theorems. John Kennedy Mathematics Department Santa Monica College 1900 Pico Blvd. Santa Monica, CA

BX in ( u, v) basis in two ways. On the one hand, AN = u+

Algorithmic Software Verification

Invalidity in Predicate Logic

Information Theory and Coding Prof. S. N. Merchant Department of Electrical Engineering Indian Institute of Technology, Bombay

Beyond Propositional Logic Lukasiewicz s System

Factoring Polynomials

CSL105: Discrete Mathematical Structures. Ragesh Jaiswal, CSE, IIT Delhi

CS 103X: Discrete Structures Homework Assignment 3 Solutions

Introduction to Automata Theory. Reading: Chapter 1

WRITING PROOFS. Christopher Heil Georgia Institute of Technology

Matrix Algebra. Some Basic Matrix Laws. Before reading the text or the following notes glance at the following list of basic matrix algebra laws.

Lecture 3: Finding integer solutions to systems of linear equations

TRIAL DEFENSE SERVICE FACT SHEET Rights as a Suspect

ML for the Working Programmer

Cartesian Products and Relations

CHAPTER 3. Methods of Proofs. 1. Logical Arguments and Formal Proofs

The Set Data Model CHAPTER What This Chapter Is About

3 length + 23 size = 2

ALLIED PAPER : DISCRETE MATHEMATICS (for B.Sc. Computer Technology & B.Sc. Multimedia and Web Technology)

Static Program Transformations for Efficient Software Model Checking

SECTION 10-2 Mathematical Induction

CHAPTER 7 GENERAL PROOF SYSTEMS

Topology-based network security

Oct: 50 8 = 6 (r = 2) 6 8 = 0 (r = 6) Writing the remainders in reverse order we get: (50) 10 = (62) 8

11 Ideals Revisiting Z

FOUNDATIONS OF ALGEBRAIC GEOMETRY CLASS 22

Revised Version of Chapter 23. We learned long ago how to solve linear congruences. ax c (mod m)

Cubes and Cube Roots

Chapter 21: The Discounted Utility Model

THE DIMENSION OF A VECTOR SPACE

6 EXTENDING ALGEBRA. 6.0 Introduction. 6.1 The cubic equation. Objectives

Massachusetts Major City Chiefs. Best Practices in Eyewitness Identification and the Recording of Suspect Interviews

CS422 - Programming Language Design

SUPERIOR COURT OF CALIFORNIA-COUNTY OF CONTRA COSTA 1. Mock Trial Script: The Case of a Stolen Car

CONTENTS 1. Peter Kahn. Spring 2007

LAWS OF TRINIDAD AND TOBAGO CRIMINAL LAW ACT CHAPTER 10:04

Transcription:

MAT-71506 Program Verication: Exercises Antero Kangas Tampere University of Technology Department of Mathematics September 11, 2014 Accomplishment Exercises are obligatory and probably the grades will be determined by the exercises. That will be decided during the rst lectures. The course is valid for post-graduate studies. Exercises are given on the following way In the beginning of an exercise the instructor calls the names and asks who have done which problems, and selects the presenter. The precedence is usually given to him who have least presentations, so far. But there can be execptions. If, while presentation, there reveals error(s) in the solution, then 1. the presenter may try to x it himself, with the instructors help if necessary, 2. the problem is given to the presenter as a personal task for the next time, or 3. another student can be asked to present his solution. Be prepared to present your answers. The grade is (or may be) given by the exercises. It is better to solve fewer problems carefully than many poorly. Although the grade is not determined by the number of the problems you have solved, but it is not possible to show what you have learned if you solve only few problems.

OHJ-2506 Program Verication: Exercises. September 11, 2014 2 Some notications considering this course: Use of truth tables is usually not strictly denied (unless when it is explicitely denied), but since in practical calculations they are quite useless or at least ecientless, it is strongly recommended to avoid them. (Of course you can use them for verifying your answers.) For truth values we use symbols False and True, which can be abbreviated as F and T, correspondingly. It is not allowed to use values 0 and 1 to express logical values since (1) even they are used in digital techniques, they denote bits not logical values, and (2) we do have need to use both integers and logical expressions in same formulas and therefore it is possible that values False and 0, and/or True and 1 exist in same formulas. Also, remember to write a sucient amount of intermediate phases so that your solution is easy to follow. Exercise group 1 The idea is to show in which kind of programming problems the program verication techniques are useful. We are going to redo some of them after we have learned new means. 1. The following implementation of quicksort algorithm is used as an example in a C++ textbook: 1 void qsort (int *ia, int low, int high) { 2 if (low < high ) { 3 int lo = low; 4 int hi = high + 1; 5 int elem = ia [low]; // pivot 6 for (;;) { 7 while (ia [++lo] < elem); 8 while (ia [--hi] > elem); 9 if (lo < hi) 10 swap (ia, lo, hi); 11 else break; 12 } 13 swap (ia, low, hi); 14 qsort (ia, low, hi - 1); 15 qsort (ia, hi + 1, high); 16 } // end, if (low < high) 17 } (a) The implementation has an error that the author seems not noticed. What? (b) Estimate verbally the possibility to nd the error by testing. Estimate also the possibility that the error never appears when the program is used.

OHJ-2506 Program Verication: Exercises. September 11, 2014 3 2. Before beginning of the following binary search program for array A[1... n] it holds that A[1] A[2] A[n]. The program tries to nd the greatest a such that A[i] < key whenever 1 i < a. 1 a := 1; y := n; 2 while a < y do 3 v := (a + y) div 2; 4 if A[v] < key then a := v + 1; 5 else y := v 6 endif 7 endwile (a) Find the error. (b) Estimate the probability that the error appears in m tests or production runs, if A[1],..., A[n] all are non-equal and key is one of them. (c) Like (b), but now all A[1],..., A[n], and key are non-equal. 3. Does the following program nd the longest proper ascending sequence B[1... k] that is created from A[1... n] by removing elements? Reason or give a counterexample. 1 k := 0; 2 for i := 1 to n do 3 h := 1; C[1] := A[i]; 4 for j := i + 1 to n do 5 if A[j] > C[h] then h := h + 1; C[h] := A[j] 6 endif 7 endfor 8 if h > k then 9 k := h; 10 for j := 1 to k do B[j] := C[j] endfor 11 endif 12 endfor 4. Prove the followings without truth tables. (a) (P Q) Q P (b) P Q) ( P Q) Q (c) P (P 1 P 2 P n ) (P P 1 ) (P P 2 ) (P P n ), for all n 1, hint: use induction Do the followings hold? Either prove without truth tables or give a counter-example. (d) P (P Q) Q (e) P Q P P Q Q (f) P (Q R) P Q R

OHJ-2506 Program Verication: Exercises. September 11, 2014 4 5. Building a binary operator requires creating such an expression l(p, Q) that P Q l(p, Q) for all combinations of truth values of P and Q. This denition generalises also for other operators than just for binary operators. In principle and suce for the basic operators of propositional logic, since other operators False, True,,, and can be build using them if we have at least one propositional symbol. E.g. P Q ( P Q), and True P P. (a) We have at least one propositional symbol, and operators and. operators False, True,,, and can be created using them. Show how (b) Sometimes with propositional symbols just one operator suces to create the other operators. Let us denote by the operator that is dened as: False True False True False True False False Show how by using the common operators False, True,,,,, and can be created. (Hint: think rst how is created using the common operators and rst create.) 6. Let us denote by the operator that is dened as: False True False True True True True False How can you build using? And how using?

OHJ-2506 Program Verication: Exercises. September 11, 2014 5 Exercise group 2 7. Reduce the followings. Do not use truth tables. (a) P P P P (b) P (P P ) P (c) P ((P P ) P ) (d) P (P (P P )) (e) (P P ) (P P ) 8. Do the following claims hold or not? Reason your answers. Do not use truth tables. (a) P Q R P P Q. (b) P Q R P P Q. (c) P Q R P Q R. (d) P Q R P Q R. 9. Prove the following absorption laws. That is, without using themselves. Do not use truth tables. (a) P (P Q) P. (b) P (P Q) P. 10. Prove the followings. Do not use truth tables. Assume that you have the transitive law (P Q) (Q R) (P R) proven for only at most three propositions (here P, Q, and R). Remember that does not have the congruence property, and you cannot use (c) to prove item (b). Hint: instead of using transitive law for three propositional symbols use (a), but, of course, after you have rst proved it. (a) P (P Q) P Q (b) (P Q) (Q R) (R S) P S (c) For all n 1 it holds that i ; 1 i < n : P i P i+1 P 1 P n

OHJ-2506 Program Verication: Exercises. September 11, 2014 6 Introduction to next problems : In a country there are two kind of people, citizens who always speak truth and politicians who always lie. We assume that everyone in that country is either citizen or politician, unless something else is told in the problem. Solve the following problems by (1) formalising the problem, (2) solving it using means of propositional logic, and (3) interpret your solution. An example problem and its solution: The problem: someone asks from a person A (who is either citizen or politician): Are you citizen?. Where he answers: If I am citizen, I'll eat my hat. Prove that A must eat his hat. Solution: we introduce the following abbreviations: X X is citizen (where X is A, B, C,... ) L The truth value of L, the sentence spoken by X. H A eats his hat. Now, if X is citizen then the sentence spoken by him, L, is true, in other words, X L. Correspondingly, if X is politician, it holds that X, and we know that L is not true, in other words, X L. These are also the only alternatives. In other words, the premices of the problem are X L and X L which can be written in a shorter form X L. This means that X is citizen if and only if the sentence spoken by him is true. Person A's answer or sentence can be written in form A H, meaning if I am citizen (A), then I shall eat my hat (H). The problem can now be presented in a form where we start from the premice A (A H) and we must derive H using means of logic. A (A H) (remove implication) A ( A H) (remove equivalence) A ( A H) A ( A H) (distributive law and DeMorgan) A A A H A A H (2 miscellaneous law) False A H False H (commutativity) and ϕ F F) False A H False (commutativity and 2 ϕ F ϕ) A H (miscellaneous law) H Especially elimination of operator can easily lead to long expressions. Often a problem can be solved easier by emiliminating some variable, that is, by setting its value to True and False, in turn. The previous problem can be solved by elimination e.g. in the following way: If A True then A (A H) True (True H) True H H. But, if A False then A (A H) False (False H) False True False. By setting True to A the value of H became True, but setting False to A causes a contradiction. Therefore the only possible solution is that both A and H are true. That implies H, in other words, A eats his hat is true.

OHJ-2506 Program Verication: Exercises. September 11, 2014 7 11. We are now in the country of citizens and politicians. Formalize the following problems and solve them using means of propositional logic. (a) I met two people, A and B, of that country. B said that if A is politician then also he is. What type A and B are? (b) There had been a robbery. A, B, and C were brought to police station for interrogation. The police found out that no one else than A, B, or C has been involved in the case, A will never do a heist alone, and that C is not guilty Is B guilty or not guilty? 12. We are still in the country of citizen and politicians (a) X and Y are prosecuted for involvement of a robbery. A and B saw the case. A says that if X is guilty then also Y is. B claims that either X is not guilty or Y is guilty (notice the inclusive or!). Can you say are A and B of same type? (Are they both either citizens or politicians.) (b) There had happened a crime but luckily some suspects were arrested and interrogated. The following facts were found out: if A is guilty and B is not guilty then C is guilty, C will never do a heist alone, A will never do a heist with C, and no one else than A, B, or C has been involved in the case, and at least one of them is guilty. After interrogations the police ocer in charge said that he cannot be sure who are guilty and who are not, but that they have enough evidences to proceed against one person. Who is he?

OHJ-2506 Program Verication: Exercises. September 11, 2014 8 Exercise group 3 13. We move to the next country where half of its people are citizens and half are politicians. Also in this country the citizens tell always true and the politicians always lie. But in this country half of the people are crazy having delusions and therefore they believe that the true sentences are untrue and the false sentences are true. Instead of that half of the citizens are sane and they know which claims are true and which are untrue. Therefore the people of this country are of four dierent types: (1) sane citizens who speak always true because they know what is true and what is not, (2) crazy citizens who always lie but because they believe that lies are true, (3) sane politicians who always lie even they know what is true and what is untrue, and (4) crazy politicians who speak always true but because they believe that they are lying. Let us investigate a person X of that other country. (a) Let us denote that he (=X) is sane by S(X), and he (=X) is citizen by C(X) (if we have only one person we can use only symbols S and C). Formalize the four types of people of that country. (b) Let us denote (the truth value of) the sentence that X says by L(X). Formalize the problem: Person X says sentence L. What type he is? (C.f the introduction for citizen/politician problems.) (c) Formalize the following problem and solve it using means of propositional logic: I once met a guy from that country and he said that he is sane or citizen. Which type he is? What about if he had said that he is either sane or citizen? Hint! You can use also this formula: P xor Q P Q. Your task is to dene state predicates and some notions. Give them also a short name and a suitable parameter list. You can use notions you have already dened in the same problem. You can also try to dene and use your own auxiliary notions. All the asked notions must be well-dened, that is, there is no division by zero, indexing past the range of an array etc. The auxiliary notions which itself are not answers need not be well-dened. It suces that when they are used the environment guarantees that there will happen no division by zero etc. In the other hand, it is often very handy to make also them well-dened. 14. A[1... n] is an array. Write state predicates that dene the followings. (a) x is the smallest element in A. (b) x is the greatest element in A. (c) The sum of the smallest and the greatest element in A is x.

OHJ-2506 Program Verication: Exercises. September 11, 2014 9 15. A[1... n] and B[1... m] are arrays. Dene the followings. (a) Both A and B have equally many elements and the sums of the elements of their corresponding indexes perform a palindrom (= a sequence that is same if it is read in either directions). (b) The smallest element of A is also the smallest element of B. (c) A has indexes k and l so that all the elements before k are smaller than the element in position k, and correspondingly all the elements after l are greater than the element in position l. 16. Write the following specications (the pre- and postcondition) for programs that get as their input an array A[1... n]. (a) Find from A the key that is promised to be there. Explain: i. How your program returns it results. ii. How the program must behave if the key is not in A? iii. How the program must behave if the key is in the array more than once? (b) Write a similar specication than in (a) but now the key is not promised to be in the array. How the program now behaves if the key is not in A? (c) Find where is the smallest element of A (d) Set to x the value of the smallest element of A (e) Set to the last position where is the smallest element of A the value of x.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information