Design of Distributed Systems Melinda Tóth, Zoltán Horváth

Similar documents
Hoare Logic (I): Axiomatic Semantics and Program Correctness

Dynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics

Propositional and Predicate Logic - V

Mid-Semester Quiz Second Semester, 2012

Hoare Logic I. Introduction to Deductive Program Verification. Simple Imperative Programming Language. Hoare Logic. Meaning of Hoare Triples

Axiomatic Semantics. Lecture 9 CS 565 2/12/08

Axiomatic Semantics. Semantics of Programming Languages course. Joosep Rõõmusaare

The Underlying Semantics of Transition Systems

The State Explosion Problem

Program Analysis Part I : Sequential Programs

Proof Rules for Correctness Triples

Petri nets. s 1 s 2. s 3 s 4. directed arcs.

Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions

Hoare Logic: Part II

Program verification using Hoare Logic¹

How to reason with Strong-fairness and No-fairness

Exercises 1 - Solutions

Properties of the Integers

a + b = b + a and a b = b a. (a + b) + c = a + (b + c) and (a b) c = a (b c). a (b + c) = a b + a c and (a + b) c = a c + b c.

The Assignment Axiom (Hoare)

Notes. Corneliu Popeea. May 3, 2013

Propositional and Predicate Logic - IV

Static Program Analysis

AN INTRODUCTION TO SEPARATION LOGIC. 2. Assertions

A Theory for Composing Distributed Components, Based on Temporary Interference

5 Set Operations, Functions, and Counting

Lecture Notes 1 Basic Concepts of Mathematics MATH 352

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

Bilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft)

CHAPTER 10. Gentzen Style Proof Systems for Classical Logic

Mathematical Logic Propositional Logic - Tableaux*

THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600/COMP6260 (Formal Methods for Software Engineering)

Chapter 2. Assertions. An Introduction to Separation Logic c 2011 John C. Reynolds February 3, 2011

Equational Logic. Chapter Syntax Terms and Term Algebras

3 Propositional Logic

Spring 2016 Program Analysis and Verification. Lecture 3: Axiomatic Semantics I. Roman Manevich Ben-Gurion University

Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège

Floyd-Hoare Style Program Verification

1 Introduction. 2 First Order Logic. 3 SPL Syntax. 4 Hoare Logic. 5 Exercises

Lecture Notes on Inductive Definitions

ESE601: Hybrid Systems. Introduction to verification

Automata Theory and Formal Grammars: Lecture 1

CS156: The Calculus of Computation

Foundations of Mathematics MATH 220 FALL 2017 Lecture Notes

Abstractions and Decision Procedures for Effective Software Model Checking

THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600 (Formal Methods for Software Engineering)

Hoare Calculus and Predicate Transformers

CS156: The Calculus of Computation Zohar Manna Autumn 2008

A Humble Introduction to DIJKSTRA S A A DISCIPLINE OF PROGRAMMING

Deductive Verification

Deterministic Program The While Program

Combining Propositional Dynamic Logic with Formal Concept Analysis

Spring 2015 Program Analysis and Verification. Lecture 4: Axiomatic Semantics I. Roman Manevich Ben-Gurion University

Unifying Theories of Programming

Hoare Logic and Model Checking

Decision Procedures for Satisfiability and Validity in Propositional Logic

Asynchronous Communication 2

Lecture Notes on Inductive Definitions

Mathematical Preliminaries. Sipser pages 1-28

Dynamic Noninterference Analysis Using Context Sensitive Static Analyses. Gurvan Le Guernic July 14, 2007

Complete Induction and the Well- Ordering Principle

A Short Introduction to Hoare Logic

Propositional Logic Language

Introduction to Kleene Algebras

Sequential programs. Uri Abraham. March 9, 2014

arxiv: v2 [cs.dc] 18 Feb 2015

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

Chapter 2. Reductions and NP. 2.1 Reductions Continued The Satisfiability Problem (SAT) SAT 3SAT. CS 573: Algorithms, Fall 2013 August 29, 2013

Complexity Theory VU , SS The Polynomial Hierarchy. Reinhard Pichler

Outline. Complexity Theory EXACT TSP. The Class DP. Definition. Problem EXACT TSP. Complexity of EXACT TSP. Proposition VU 181.

Program Composition in Isabelle/UNITY

Part III. 10 Topological Space Basics. Topological Spaces

Löwenheim-Skolem Theorems, Countable Approximations, and L ω. David W. Kueker (Lecture Notes, Fall 2007)

Syntax. Notation Throughout, and when not otherwise said, we assume a vocabulary V = C F P.

Decision Procedures. Jochen Hoenicke. Software Engineering Albert-Ludwigs-University Freiburg. Winter Term 2016/17

Learning Goals of CS245 Logic and Computation

Decomposing Specifications of Concurrent Systems

Weakest Precondition Calculus

Applied Logic for Computer Scientists. Answers to Some Exercises

Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations

On the Complexity of the Reflected Logic of Proofs

First-order resolution for CTL

Hoare Logic: Reasoning About Imperative Programs

Axiomatic Semantics. Hoare s Correctness Triplets Dijkstra s Predicate Transformers

The Decent Philosophers: An exercise in concurrent behaviour

Chapter 11: Automated Proof Systems

A Tableau Calculus for Minimal Modal Model Generation

Introduction to Permission-Based Program Logics Part II Concurrent Programs

Space-aware data flow analysis

Proving Inter-Program Properties

What happens to the value of the expression x + y every time we execute this loop? while x>0 do ( y := y+z ; x := x:= x z )

Foundations of Computation

Chapter 4: Computation tree logic

However another possibility is

Verification, Refinement and Scheduling of Real-time Programs

Equivalence of Regular Expressions and FSMs

cse303 ELEMENTS OF THE THEORY OF COMPUTATION Professor Anita Wasilewska

Axiomatic Semantics. Operational semantics. Good for. Not good for automatic reasoning about programs

Supplementary Notes on Inductive Definitions

Marie Farrell Supervisors: Dr Rosemary Monahan & Dr James Power Principles of Programming Research Group

Transcription:

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/1-2011-0052

Table of Contents 1 Lecture 1 1 1 Syllabus 1 11 Syllabus 1 2 Motivation 1 21 Motivation 1 3 Literature 1 31 Literature 1 1 4 Introduction 2 41 Properties of the formal model 1 2 42 Properties of the formal model 2 2 43 Dining philosophers 2 44 Problem specification (requirements) 3 45 Execution model 4 46 Program, Solution 4 47 Example 4 48 4 2 Lecture 2 5 1 Example 5 11 An Example: sorting 5 12 An Implementation: Sorting 5 13 An Implementation: Sorting 5 2 Basic Concepts of the Relational Model 5 21 Concepts 5 22 Relations 6 23 State Space 6 24 Statements and Effect Relation 6 25 Example 6 26 Partial Function and Logical Relation 6 27 Truth Set 7 28 Transitive Disjunctive Closure 7 29 Example TDC Relation 8 3 Lecture 3 9 1 Problem 9 11 Problem 9 12 Specification Relations 9 13 Example 9 14 Problem Definition 10 15 Notation 10 16 Notation 10 17 Example Value of a Function 11 2 Abstract Parallel Program 11 21 Abstract parallel program 11 22 General Assignment 11 23 Example 12 24 Extension 12 25 Conditional Assignment 12 26 Example Abstract Program 12 4 Lecture 4 14 1 Reminder 14 11 Problem 14 12 Abstract Parallel Program 14 13 Example 14 2 Semantics of the Abstract Program 14 21 State Transition Trees 14 22 State Transition Trees 14 23 Abstract Parallel Program Definition 15 iii

Design of Distributed Systems 24 Abstract Parallel Program Notation 15 25 Execution 15 26 Reachable States 16 27 Unconditionally Fair Scheduling 16 3 Program Properties of the Abstract Program 16 31 Weakest Precondition 16 32 Weakest Precondition 16 33 Strongest Postcondition 17 5 Lecture 5 18 1 Reminder 18 11 Abstract Parallel Program and Scheduling 18 12 Weakest Precondition and Strongest Postcondition 18 2 Program Properties of the Abstract Program 18 21 Invariant Properties, Definition 18 22 Strongest Invariant 19 23 Always True Properties, Definition 19 6 Lecture 6 21 1 Reminder 21 11 Invariant Properties 21 2 Program Properties of the Abstract Program 21 21 Unless Properties, Definition 21 22 Unless and Invariant Property 21 23 Ensures Property, Definition 22 24 Leads-to Property, Definition 22 7 Lecture 7 24 1 Reminder 24 11 Program Properties 24 2 Program Properties of the Abstract Program 24 21 Inevitability 24 22 Fixed Point Properties 24 23 Definitions 24 24 Example 25 25 Weakening of fixed point property 25 26 Termination properties 25 27 Behaviour relation of abstract program 25 8 Lecture 8 26 1 Reminder 26 11 Program Properties 26 2 Solution 26 21 Solution 26 22 Reachable states 26 23 Satisfies a specification property 26 24 Satisfies a specification property 27 25 Satisfies a specification property 27 26 Satisfies a specification property 27 27 Satisfies a specification property 28 28 Satisfies a specification property 28 29 Solved by a program 28 210 Set of solutions 28 9 Lecture 9 29 1 Reminder 29 11 Solution 29 12 Solved by a Program 29 2 Derivation Rules 29 21 Refinement of a Problem 29 22 Refinement of Invariant Specification Property 29 23 Refinement of Inevitable Specification Property in Finite Steps 29 24 Variant Function 30 25 Application of a Variant Function 30 26 and Variant Function 30 iv

Design of Distributed Systems 27 Termination 30 28 Refinement of fixed point requirement 30 10 Lecture 10 31 1 Reminder 31 11 Reminder 31 2 Program Constructions 31 21 Union 31 22 Behaviour Relation of Union 31 23 Behaviour Relation of Union 32 24 Derivation Rule of Union 32 25 Union and Subset of the State Spaces (1) 33 26 Union and Subset of the State Spaces (2) 33 27 General Locality Theorem 33 11 Lecture 11 34 1 Reminder 34 11 Union 34 2 Program Constructions 34 21 Superposition 34 22 Behaviour Relation of Superposition 34 23 Weak Extension of a Problem 35 24 Derivation Rule of Superposition 35 25 Sequence of Programs 35 26 Sequence of Programs (cont) 35 27 Sequence of Programs (cont) 36 28 Behaviour Relation of Sequence 36 29 Behaviour Relation of Sequence (cont) 37 210 Derivation Rule of Program Sequencing 37 211 Derivation Rule of Program Sequencing (cont) 37 12 Lecture 12 39 1 Reminder 39 11 Program Constructions 39 2 Computation of the Value of an Associative Function 39 21 Notations 39 22 Notations 39 23 Notations The Problem 39 24 The Formal Specification of the Problem 39 25 The Formal Specification of the Problem 40 26 Properties of Associative Operators 40 27 Auxiliary Function 40 28 Auxiliary Function 40 29 Substitution of a Function by a Variable 40 210 Substitution of a Function by a Variable 41 211 Variant Function 41 212 Refining the Specification of the Problem 41 213 Refining the Specification of the Problem 41 214 Refining the Specification of the Problem 42 215 Refining the Specification of the Problem 42 13 Lecture 13 43 1 Reminder 43 11 Computation of the Value of an Associative Function 43 12 The Formal Specification of the Problem 43 13 Refined Specification of the Problem 43 14 Refined Specification of the Problem 43 2 Solution of the Problem 44 21 Solution of the Problem 44 22 Solution of the Problem 44 23 The Program Solves the Problem 44 24 The Program Solves the Problem 44 25 The Program Solves the Problem 45 26 The Program Solves the Problem 45 v

Design of Distributed Systems 27 The Program Solves the Problem 45 28 The Program Solves the Problem 45 29 The Program Solves the Problem 46 210 The Program Solves the Problem 46 211 The Program Solves the Problem 46 14 Lecture 14 47 1 Reminder 47 11 Computation of the Value of an Associative Function 47 2 Channels 47 21 Channels 47 22 Semantics of Operations 47 3 Natural Number Generator 48 31 Example Natural Number Generator (NNG) 48 32 NNG Refinement of the Problem 48 33 NNG Solution 48 34 The Program Solves the Problem 49 35 The Program Solves the Problem 49 36 The Program Solves the Problem 49 4 Pipeline 49 41 Pipeline 49 42 Specification of Pipeline 49 43 Refinement of the Problem 50 44 Refinement of the Problem 50 45 Solution 50 15 Practice 1 51 1 Definitions 51 11 Relations 51 12 State Space 51 13 Statements and Effect Relation 51 14 Partial Function and Logical Relation 51 15 Truth Set 51 16 General Assignment 51 17 Conditional Assignment 52 18 Abstract Parallel Program 52 19 Weakest precondition 52 110 Strongest Postcondition 52 111 WP of the Abstract Parallel Program 52 112 Properties of WP 53 113 Properties of WP 53 114 Calculating the WP 53 2 Calculating the WP 53 21 Exercise 1 53 22 Exercise 1(cont) 54 23 Exercise 2 54 24 Exercise 3 54 25 Exercises 54 16 Practice 2 55 1 Reminder 55 11 Effect Relation 55 12 Weakest precondition 55 13 WP of the Abstract Parallel Program 55 14 Properties of WP 55 15 Properties of WP 55 16 Calculating the WP 56 2 Calculating WP(S, R) 56 21 Exercise 1 56 22 Exercise 1 56 23 Exercises 56 3 Unless Program Property 57 31 Definition 57 vi

Design of Distributed Systems 32 Properties 57 33 Proof 1 57 34 Proof 2 57 35 Stable Properties 57 4 Calculating Unless 58 41 Exercise 1 58 42 Exercise 1 (solution) 58 43 Exercise 1 (solution) 58 44 Simplified Solution 59 45 Simplified Solution 59 46 Simplified Solution 59 47 Exercise 1 (simplified solution) 59 48 Exercise 1 (simplified solution) 59 49 Exercise 2 60 17 Practice 3 61 1 Reminder 61 11 Program Properties 61 2 Properties of Unless 61 21 Unless and Stable Property 61 22 Unless and Stable Property 61 23 Unless Is Disjunctive and Conjunctive 62 24 Unless Is NOT Transitive 62 25 Consequence Weakening 62 26 Condition Narrowing 62 27 Cancellation 63 3 Exercises 63 31 Exercise 1 63 32 Exercise 2 63 18 Practice 4 64 1 Reminder 64 11 Program Properties 64 2 Ensures 64 21 Ensures Property, Definition 64 22 Properties 64 23 Proof 1 64 24 Properties 65 25 Properties 65 26 Properties 65 3 Calculating Ensures 65 31 Exercise 1 65 32 Exercise 1 (solution) 66 4 Properties 66 41 Ensures and Stable Property 66 42 Ensures and Stable Property 66 43 Ensures Is NOT Transitive 67 44 Ensures Is NOT Disjunctive 67 45 Consequence Weakening 67 46 Corollario 67 47 Impossibility 67 19 Practice 5 69 1 Reminder 69 11 Program Properties 69 2 Ensures 69 21 Exercise 69 3 Leads-to 69 31 Leads-to Property, Definition 69 32 Exercise 70 4 Properties 70 41 Basic Properties 70 42 Implication Property 70 vii

Design of Distributed Systems 43 Consequence Weakening 70 44 Condition Narrowing 70 5 Proof Strategy 70 51 Structural Induction 70 52 Impossibility 71 53 Impossibility 71 54 Impossibility 71 20 Practice 6 73 1 Reminder 73 11 Program Properties 73 12 Program Properties 73 13 Structural Induction 73 2 Leads-to Properties 74 21 Leads-to and Stable Property 74 22 PSP Theorem 74 3 Exercises 74 31 Exercise 1 74 32 Exercise 2 74 33 Exercise 3 74 34 Exercise 3 75 4 Inevitability 75 41 Inevitability 75 42 Inevitability 75 5 Exercises 75 51 Exercise 3 (cont) 75 52 Exercise 4 76 53 Exercise 4 76 54 Exercise 5 76 55 Exercise 6 76 56 Exercise 6 76 21 Practice 7 78 1 Reminder 78 11 Program Properties 78 12 Program Properties 78 2 Fixed Point Properties 78 21 Fixed Point Properties 78 22 Definitions 78 23 Exercise 1 79 24 Exercise 1 79 3 Invariant 79 31 Invariant Properties, Definition 79 32 Exercise 2 79 4 Exercises 80 41 Calculate the Properties of the Program 1 80 42 Calculate the Properties of the Program 1 80 43 Calculate the Properties of the Program 2 81 44 Calculate the Properties of the Program 2 81 22 Practice 8 82 1 Reminder 82 11 Program Properties 82 2 Problem 82 21 Problem 82 22 Specification Relations 82 23 Problem Definition 82 24 Notation 83 25 Example: Greatest Common Divisor GCD 83 3 Solution 83 31 Solution 83 32 Solved by a Program 84 33 Solution 84 viii

Design of Distributed Systems 34 Refinement of fixed point requirement 84 4 Exercise 85 41 Greatest Common Divisor GCD 85 42 Refinement of fixed point requirement 85 43 Solution 86 44 Refinement of fixed point requirement 86 45 S Solves the Problem 86 46 Step 1 86 47 Step 2 87 48 Step 3 87 49 Step 4 87 410 Step 4 87 411 Sorting 87 412 Refinement of fixed point requirement 88 413 Solution 88 23 Practice 9 90 1 Reminder 90 11 Test Scope 90 2 Test Examples 90 21 Does it hold? 90 22 Check the Properties! 90 23 Check the Properties! 90 24 Does S Satisfy the Properties? 91 25 Does S Satisfy the Properties? 91 24 Practice 10 93 1 Reminder 93 11 Where we are now? 93 2 Channels 93 21 Channels 93 22 Semantics of Operations 93 3 FORK 93 31 FORK 94 32 The function split 94 33 Specification 94 34 Solution 94 35 The Program Solves the Problem 95 36 The Program Solves the Problem 95 37 The Program Solves the Problem 96 38 The Program Solves the Problem 96 39 The Program Solves the Problem 96 310 The Program Solves the Problem 96 25 Practice 11 97 1 Reminder 97 11 Channels 97 12 The function split 97 2 Multiplexer 97 21 MUX 97 22 Specification 98 23 Solution 98 24 The Program Solves the Problem 98 25 The Program Solves the Problem 99 26 The Program Solves the Problem 99 27 The Program Solves the Problem 99 28 The Program Solves the Problem 100 3 Exercise 100 31 Specification 100 32 Solution 100 33 Check the properties of the program! 100 34 Check the properties of the program! 101 26 Practice 12 102 ix

Design of Distributed Systems 1 Reminder 102 11 Channels 102 2 Pipeline 102 21 Pipeline 102 22 Specification of Pipeline 102 23 Refinement of the Problem 103 24 Solution 103 3 Exercise 103 31 Reduction to Pipeline Theorem 103 32 Example: Approximation of Square Root 103 33 Specification of the Problem 103 34 Refinement of the Problem 104 35 Refinement of the Problem 104 36 Solution 104 37 Exercise 1 104 38 Exercise 2 104 27 Practice 13 106 1 Reminder 106 11 Reminder 106 2 Union 106 21 Union 106 22 Behaviour Relation of Union 106 23 Properties Based on the Definition 107 24 Counterexample of 107 25 Counterexample of 107 3 Exercises 108 31 Check the property! (1) 108 32 Check the property!(1) 108 33 Check the property! (2) 108 34 Check the property! (2) 108 35 Check the property! (3) 108 36 Check the property! (3) 109 37 Check the property! (4) 109 38 Check the property! (4) 109 39 Check the property! (5) 109 310 Check the property! (5) 109 311 Check the property! (6) 110 312 Check the property! (7) 110 28 Practice 14 111 1 Reminder 111 11 Test Scope 111 2 Test Examples 111 21 Does it hold? 111 22 Check the Properties! 111 23 Check the Properties! 111 24 Check the Properties! 112 25 Check the Properties! 112 26 Reduction 112 27 Reduction 112 x

Chapter 1 Lecture 1 1 Syllabus 11 Syllabus Dining/drinking philosophers Distributed problems Formal specification and properties of distributed systems Safety and progress properties of distributed programs Verification of safety critical properties Program compositions from components with proved properties Computing the value of an associative function Computing the value of an associative function 2 Motivation 21 Motivation Motivation for using formal methods: safety critical applications safe application of software components primary goal: sound concepts about distributed and parallel programs 3 Literature 31 Literature 1 Chandy, KM, Misra, J: Parallel Program Design - A Foundation Addison-Wesley, 1989 Misra, J: A Discipline of Multiprogramming - Programming Theory for Distributed Applications Springer, 2001 Horváth Z: Parallel asynchronous computation of the values of an associative function Acta Cybernetica, Vol12, No 1, Szeged (1995) 83-94 Horváth Z: The Formal Specification of a Problem Solved by a Parallel Program a Relational Model Fóthi Á- Horváth Z- Kozsik T: Parallel Elementwise Processing A Novel Version Annales Uni Sci Budapest de R Eötvös Nom Sectio Computatorica (1996) Horváth Z- Kozsik T- Venczel T: On Composing Problems and Parallel Programs In: Paakki J, ed, Proceedings of the Fifth Symposium on Programming Languages and Software Tools, Jyväskylä, Finland, June 7-8, 1997 (1997) Report C-1997-37, University of Helsinki, 1-12 Horváth Z- Kozsik T- Venczel T: Parallel Programs Implementing Abstract Data Type Operations Pure Mathematics and Applications (PUMA), Volume 11 (2000), Number 2 pp 293-308 1

Lecture 1 4 Introduction 41 Properties of the formal model 1 We need a formal model, which is appropriate for specification of problems and developing the solutions of problems in case of parallel and distributed systems 42 Properties of the formal model 2 The introduced model is an extension of a relational model of nondeterministic sequential programs, provides tools for stepwise refinement of problems, in a functional approach, uses the concept of iterative abstract program of UNITY, the concept of solution is based on the comparison of the problem as a relation and the behaviour relation of the program 43 Dining philosophers States: thinking: t 2

Lecture 1 forks in hands: f eating: e at home: h 44 Problem specification (requirements) : unless: unless: ensures: inevitable leads-to: invariant: fixed point: termination: 3

Lecture 1 Help: thinking: t, forks in hands: f, eating: e, at home: h 45 Execution model Abstract execution model, if No control flow, free processors select assignments asynchronously 46 Program, Solution Program, if scheduling, processes, location, communication infrastructure, language Solution Specification requirements are satisfied by program properties 47 Example Example C/PVM PC-cluster (Parallel Virtual Machine) Erlang VM cluster 48, if The notion of the state space makes it possible to define the semantical meaning of a problem independently of any program The generalized concept of a problem is applicable for cases in which termination is not required but the behaviour of the specified system is restricted by safety and progress properties The solution of a problem may be a sequential program, a parallel one, or even a program built up from both sequential and parallel components 4

Chapter 2 Lecture 2 1 Example 11 An Example: sorting 12 An Implementation: Sorting A valid implementation: the code for the i-th processor: loop < lock a(i) and a(i+1) > x := a(i); y := a(i+1); if x > y then a(i+1):=x; a(i):= y; end if; < unlock a(i) and a(i+1) > end loop; processes 13 An Implementation: Sorting A sequential program: loop for i=1 to n-1 do x := a(i); y := a(i+1); if x > y then a(i+1):=x; a(i):= y; end if; end for end loop 2 Basic Concepts of the Relational Model 21 Concepts A programming model defines the semantics of problems and programs operations for problem and program constructions when a program solves a program Relational model: the elements of the semantic domain are relations 5

Lecture 2 22 Relations An arbitrary subset of a direct product of sets is called a relation Let where and are arbitrary sets The domain of the relation is defined by 23 State Space Let is a finite or numerable set The set is called state space, the sets are called type value sets The projections are called variables is the set of the finite sequences of the points of the state space and the set of the infinite sequences Let A statement is a subset of the direct product 24 Statements and Effect Relation A statement is a subset of the direct product The effect relation of a statement is denoted by The effect relation expresses the functionality of the statement 25 Example var i,j : integer; j:=2; while i <> 5 loop i:=i+j end loop State space:, variables:, seq program:,, etc effect relation: 26 Partial Function and Logical Relation 6

Lecture 2 A relation is called a partial function, if for all the set has at most one element If then is a function If is a relation, where is an arbitrary set and is the set of the logical values, then is called a logical relation 27 Truth Set The truth set of the logical function is defined as The logical functions are defined by their truth sets 28 Transitive Disjunctive Closure The power-set (set of subsets) of set is denoted by relation is the transitive disjunctive closure of relation, if is the smallest relation, for which holds: 7

Lecture 2 if and, then for any numerable set : 29 Example TDC Relation,,, 8

Chapter 3 Lecture 3 1 Problem 11 Problem The problem is defined as a set of specification relations Every specification relation is defined over the powerset of the state space Let be logical functions We define and 12 Specification Relations - ( stable unless ), - ( ensures -t), - ( is inevitable from ),, - (fixed point is inevitable from ), - ( holds in any fixed point), - ( is invariant), ( initially) 13 Example, According to specification requirement the program is enabled to change state to state only According to the specification relation the variable is non-decreasing and can be increased one by one 9

Lecture 3 14 Problem Definition Let be a state space and let be a finite or numerable set The relation, where is called a problem defined over the state space is called the parameter space of the problem Two relations expressing boundary properties and five relations expressing transition properties are associated to every point of set 15 Notation Let denote an arbitrary element of the domain of the problem Let denote an element of The components of are denoted by and by respectively If then we use instead of in the indices for the sake of simplicity 16 Notation 10

Lecture 3 17 Example Value of a Function, 2 Abstract Parallel Program 21 Abstract parallel program The abstract program is a relation generated by a set of conditional assignments; assignments are selected nondeterministically, executions of different processors are fairly interleaved a fixed point is said to be reached in a state, if any statement in that state leaves the state unchanged 22 General Assignment A statement over the state space is called empty and termed, if Let,, where The statement is a general assignment defined by, if 11

Lecture 3 23 Example x,y : N, x,y := x+y, x-y,,, F(2,3)=?, F(3,2)=? 24 Extension We extend the domain of a relation for the whole state space in the following way:,,, where Let The relation is the extension of for the truth set of condition, ie,, if and, otherwise 25 Conditional Assignment Let be an assignment, for which This kind of (simultaneous, nondeterministic) assignment is called a conditional assignment, if We denote the conditional assignment the following way:, if Simultaneous, nondeterministic, conditional assignment:, if, if Abbreviation: 26 Example Abstract Program 12

Lecture 3, if Atomicity: if no atomicity: there is no state, when is 6 13

Chapter 4 Lecture 4 1 Reminder 11 Problem The problem is defined as a set of specification relations Every specification relation is defined over the powerset of the state space Let be logical functions We define and 12 Abstract Parallel Program The abstract program is a relation generated by a set of conditional assignments; assignments are selected nondeterministically, executions of different processors are fairly interleaved a fixed point is said to be reached in a state, if any statement in that state leaves the state unchanged 13 Example, if 2 Semantics of the Abstract Program 21 State Transition Trees Let be an ordered pair of a conditional assignment and of a nonempty, finite set of conditional assignments, such that, where, The semantics of the abstract program is defined as a binary relation which associates equivalence classes of correctly labeled state transition trees to the points of the state space 22 State Transition Trees The labeled state transition trees are generated by the ordered pair 14

Lecture 4 of the effect relation of the initial assignment and of the UP(S) disjoint union of the effect relations of the elements of the abstract program 23 Abstract Parallel Program Definition The relation is called an abstract parallel program, if it associates equivalence classes of labelled transition trees to the element, which trees are generated at by the ordered pairs of relations and have a correct labelling 24 Abstract Parallel Program Notation The abstract parallel program generated by is abbreviated by in the following The conditional assignment is called the initialization in and is said to be an element of the program 25 Execution 15

Lecture 4 Any path of a representative of the equivalence class parallel program starting in the state is called an execution path of the abstract Any concurrent execution of conditional assignments should satisfy the requirement of serializibility Every execution path of the abstract parallel program represents a possible sequential execution sequence of the assignments The introduced semantics is an interleaving semantics of parallel programs 26 Reachable States The labels (states) along the execution paths of set is denoted by is the set of reachable states from state 27 Unconditionally Fair Scheduling An execution path corresponds to the requirement of unconditionally fair scheduling, if every statement is selected infinitely times along the path, ie every label from index set is associated infinitely often to the vertices of the path 3 Program Properties of the Abstract Program 31 Weakest Precondition The program properties are defined in terms of the weakest precondition of the element statements of the abstract program The logical function is called the weakest precondition of the postcondition in respect to the statement We define 32 Weakest Precondition 16

Lecture 4 33 Strongest Postcondition The logical function is called the strongest postcondition of in respect to 17

Chapter 5 Lecture 5 1 Reminder 11 Abstract Parallel Program and Scheduling The abstract parallel program generated by is abbreviated by in the following The conditional assignment is called the initialization in and is said to be an element of the program An execution path corresponds to the requirement of unconditionally fair scheduling, if every statement is selected infinitely times along the path, ie every label from index set is associated infinitely often to the vertices of the path 12 Weakest Precondition and Strongest Postcondition 2 Program Properties of the Abstract Program 21 Invariant Properties, Definition is the set of logical functions of which truth are preserved by the elements of if the program is started from a state satisfying and 18

Lecture 5 22 Strongest Invariant Lemma 1 (Conjunction of invariants) is closed for the conjunction operation is the conjunction of the elements of the set is the strongest invariant Theorem 1 The truth set of is the set of reachable states from 23 Always True Properties, Definition Always true is not invariant 19

Lecture 5 20

Chapter 6 Lecture 6 1 Reminder 11 Invariant Properties is the set of logical functions of which truth are preserved by the elements of if the program is started from a state satisfying is the conjunction of the elements of the set is the strongest invariant 2 Program Properties of the Abstract Program 21 Unless Properties, Definition is stable while Unless 22 Unless and Invariant Property Theorem 2 If and, then Theorem 3 If and, then 21

Lecture 6 23 Ensures Property, Definition is stable while in and there is a conditional assignment which ensures the transition from to Ensures Theorem 4 If and, then 24 Leads-to Property, Definition is the transitive disjunctive closure of relation 22

Lecture 6 is the smallest binary relation satisfying the conditions: if and, then Let denote a countable set If, then Theorem 5 If and, then 23

Chapter 7 Lecture 7 1 Reminder 11 Program Properties is the smallest binary relation satisfying the conditions: if and, then Let denote an countable set If, then 2 Program Properties of the Abstract Program 21 Inevitability Inevitability, if and only if when on all execution paths leading from and satisfying the axiom of the unconditionally fair scheduling there is a node at a finite unbounded distance from of which label is an element of the truth set of, ie, the program inevitable reaches the truth set of started from Theorem 6 ( sound and complete) = 22 Fixed Point Properties A fixed point is said to be reached in a state of the state space, if none of the statements changes the state and is a simultaneous, non deterministic conditional assignment, ie :, if denotes the logical function, which characterizes the set of states over which the relation is deterministic, ie, 23 Definitions Set of fixed point Set of fixed point with deterministic assignments 24

Lecture 7 Fixed point properties Let us denote by the set 24 Example, ha 25 Weakening of fixed point property Theorem 7 If and, then 26 Termination properties Termination properties denotes the set 27 Behaviour relation of abstract program Behaviour relation Let be a program over the state space The system of relations is called the behaviour relation of the parallel program 25

Chapter 8 Lecture 8 1 Reminder 11 Program Properties Invariant Unless Ensures Leads-to Fixed point Termination 2 Solution 21 Solution Definition The abstract parallel program is a solution of the problem, if, such that the program satisfies all the specification properties given in the,,,,, components of assuming that the program starts from a state satisfying all the elements of 22 Reachable states The truth set of an invariant property may be regarded as a characterization of a subset of reachable states It is sufficient for us, if the program satisfies all properties over the truth set of an invariant property 23 Satisfies a specification property Definition The program satisfies the specification property, if and only if there exists an invariant property such that the program satisfies with respect to, ie, and 26

Lecture 8 Theorem 8 The program satisfies the specification property, if it satisfies with respect to the strongest invariant, ie is an always true program property: ( 24 Satisfies a specification property Definition ) The program satisfies the specification property, if and only if there exists an invariant property such that the program satisfies with respect to, ie, and Theorem 9 The program satisfies the specification property, if it satisfies with respect to the strongest invariant, ie 25 Satisfies a specification property Definition The program satisfies the specification property, if and only if there exists an invariant such that the program satisfies with respect to, ie, and Theorem 10 The program satisfies the specification property, if it satisfies with respect to the strongest invariant, ie 26 Satisfies a specification property Definition The program satisfies the specification property, if and only if there exists an invariant such that the program satisfies with respect to, ie, and Theorem 11 The program satisfies the specification property, if it satisfies with respect to the strongest invariant, ie 27

Lecture 8 27 Satisfies a specification property Definition The program satisfies the specification property, if and only if there exists an invariant such that the program satisfies with respect to, ie, and Theorem 12 The program satisfies the specification property, if it satisfies with respect to the strongest invariant, ie 28 Satisfies a specification property Definition The program satisfies the specification property, if and only if there exists an invariant such that the program satisfies ( ) with respect to, ie, and Theorem 13 The program satisfies the specification property, if it satisfies with respect to the strongest invariant, ie 29 Solved by a program Definition The problem is said to be solved by the program with respect to an invariant property, if such that and satisfies all the specification properties given in with respect to and the initial conditions 210 Set of solutions Definition We define as the set of all abstract parallel programs that solve the problem 28

Chapter 9 Lecture 9 1 Reminder 11 Solution Definition The abstract parallel program is a solution of the problem, if, such that the program satisfies all the specification properties given in the,,,,, components of assuming that the program starts from a state satisfying all the elements of 12 Solved by a Program Definition The problem is said to be solved by the program with respect to an invariant property, if such that and satisfies all the specification properties given in with respect to and the initial conditions 2 Derivation Rules 21 Refinement of a Problem Definition Let be problems defined over the state space If : solves solves, then the problem is a refinement of the problem 22 Refinement of Invariant Specification Property Theorem 14 If the abstract program satisfies the specification properties and, then satisfies the specification property too 23 Refinement of Inevitable Specification Property in Finite Steps Theorem 15 satisfies to the specification property, if it can be derived by finite number of application of the following rules: 1 29

Lecture 9 if satisfies, then satisfies too 2 Transitivity: if satisfies and satisfies, then satisfies too 3 Disjunctivity: for all W numerable set: if satisfies 24 Variant Function Definition is a variant function, then satisfies too are logical functions:, 25 Application of a Variant Function Theorem 16 logical functions, is a variant function, for which If satisfies, then satisfies too 26 and Variant Function Theorem 17 logical functions, is a variant function, for which If satisfies, then satisfies 27 Termination too Theorem 18 and is a variant function, for which 28 Refinement of fixed point requirement If satisfies for all, then satisfies Theorem 19 If satisfies and, and, then satisfies 30

Chapter 10 Lecture 10 1 Reminder 11 Reminder Problem Parallel Abstract Program Properties of the Programs Solution Derivation Rules 2 Program Constructions 21 Union Definition Let and be two subspaces of the state space Let denote the largest common subspace of and Let and be the extensions to of two programs on and respectively If all variables belonging to get the same value in the assignments and (ie ), then the program called the union of and 22 Behaviour Relation of Union that is defined on, is Theorem 20 Let Then: 1 2 3 4 for which : 31

Lecture 10 5 6 7 23 Behaviour Relation of Union Theorem 21 Let and be two problems over a common state space and parameter space 1 2 3, 4,, 5, 6, 7 24 Derivation Rule of Union Theorem 22 1 Let and be two problems over a common state space and parameter space 2 32

Lecture 10 Let and be two programs extended to state space, and let the union of this programs exist 3 If is a solution of with respect to and is a solution of with respect to and 4, 5 then is a solution of 25 Union and Subset of the State Spaces (1) Theorem 23 Let, a logical function on state space in such a way, that and In this case: if, then, if, then, if, then 26 Union and Subset of the State Spaces (2) Theorem 24 Let, a logical function on state space in such a way that if, then, if, then,, In this case if and, then 27 General Locality Theorem Theorem 25 and are programs on the same state space denotes the variables in abstract program If 1, then, és 1 33

Chapter 11 Lecture 11 1 Reminder 11 Union Definition Let and be two subspaces of the state space Let denote the largest common subspace of and Let and be the extensions to of two programs on and respectively If all variables belonging to get the same value in the assignments and (ie ), then the program called the union of and 2 Program Constructions 21 Superposition Definition that is defined on, is Let be a subspace of and let be a program over Let be a conditional assignment defined over in such a way, that none of the variables of appear on the left hand side in Let denote the superposition of and Let be the extension of to The a) and the b), where programs are called superpositions of the program and the assignment 22 Behaviour Relation of Superposition Theorem 26 Let the program over state space be a superposition of the program and the statement, if, where is a program over the subspace of Let and be two logical functions over and let and denote the extension of and to is the extension of the logical function and 34

Lecture 11 1, 2, 3, 4, 5, 6 23 Weak Extension of a Problem Definition, is the weak extension of the problem if it is derived from the extension of, from, by leaving out the " " type specification conditions 24 Derivation Rule of Superposition Theorem 27 Let be a problem over the subspace of state space and over the parameter space If is a solution of then any superposition of the program and the statement is a solution of the weak extension of 25 Sequence of Programs Definition Let, be two subspaces of state space Let be a program over, be a program over Let denote the extension of to Let be a logical variable, where the state space component of neither belongs to nor to 26 Sequence of Programs (cont) Definition (cont) 35

Lecture 11 Let denote the program defined on state space, where,, if ) Let denote the program defined on state space, where, if ), if 27 Sequence of Programs (cont) Definition (cont) The and is denoted as program is called the sequence of 28 Behaviour Relation of Sequence Theorem 28 In the following we suppose that the predicates,, etc are independent of the variable and are the extensions of the logical functions of and respectively Let Then: 1 2 if, then, 3 if, then, if, then, 4 if, then, 5 if, then, 6 if, then, 36

Lecture 11 7, 8 if then, 29 Behaviour Relation of Sequence (cont) Theorem 29 In the following we suppose that the predicates,, etc are independent of the variable and are the extensions of the logical functions of and respectively Let Then: 1 2 iff, iff, 3 and iff, 4 if then, if and then 210 Derivation Rule of Program Sequencing Theorem 30 Let and subspaces of state space Let and deterministic problems over and resp and over parameter space Let ; be the sequence of (defined over ) and (defined over ) For any we mark the components of with, the components of with 211 Derivation Rule of Program Sequencing (cont) Theorem 31 If satisfies and conditions under precondition, satisfies and conditions under precondition, and 37

Lecture 11, then satisfies and conditions under precondition 38

Chapter 12 Lecture 12 1 Reminder 11 Program Constructions Union Superposition Sequence 2 Computation of the Value of an Associative Function 21 Notations Let be a set Let denote an arbitrary associative binary operator over is a function describing the single or multiple application of the operator 22 Notations Since is associative, for any arbitrary sequence of length at least three: We write instead of the infix notation in the following We extend for sequences of length one: 23 Notations The Problem Let a finite sequence of the elements of be given Let us compute the value of the function for all, where and 24 The Formal Specification of the Problem We represent the sequences and the values of function by arrays We specify that the program inevitably reaches a fixed point and the array contains the values of in any fixed point 39

Lecture 12 25 The Formal Specification of the Problem 26 Properties of Associative Operators The computation of the values of at place is made easier with the knowledge of the value of for subsequences indexed by the elements of an arbitrary interval The result computed for a subsequence is useful in the computation of the value of includes the subsequence for any sequence which 27 Auxiliary Function Let us introduce the auxiliary function Let denote the value of for the sequence of which the first element is and its length is or the last element is, if Definition The precise definition of the partial function is: 28 Auxiliary Function Lemma 2 If, then 29 Substitution of a Function by a Variable The two-dimensional array is introduced to store the known values of This method is called the substitution of a function by a variable The lines on the next Figure illustrate the connections among the elements of the matrix In fixed points and, 40

Lecture 12 ie is the value of for an at most length prefix 210 Substitution of a Function by a Variable 211 Variant Function Let us choose the variant function in the following way: The variant function depends on the number of elements of the matrix which elements are different from the value of function at the corresponding place and on the number of places where the value of the array is different from the value of function 212 Refining the Specification of the Problem We extend the state space and refine the specification of the problem 213 Refining the Specification of the Problem 41

Lecture 12 214 Refining the Specification of the Problem The connection between the variables and the function is given by the invariants (6)-(8) 215 Refining the Specification of the Problem Lemma 3 The given specification ((4)-(9)) is a refinement of the original specification ((1)- (3)) Proof and in fixed point according to (6) Using (7) it follows that the equation fixed point holds in Since, after the application of the definition of we get, which is the same as property (3) 42

Chapter 13 Lecture 13 1 Reminder 11 Computation of the Value of an Associative Function 12 The Formal Specification of the Problem 13 Refined Specification of the Problem 14 Refined Specification of the Problem 43

Lecture 13 2 Solution of the Problem 21 Solution of the Problem 22 Solution of the Problem Theorem 32 The abstract program below is a solution for the problem specified by (4)-(9), ie, a solution for the problem of the computation of the values of an associative function 23 The Program Solves the Problem Proof (6): using the definition of : We use invariant properties and apply mathematical induction on satisfies in fixed points to prove that the program 24 The Program Solves the Problem 44

Lecture 13 Base Case From (7) and follows Inductive hypothesis 25 The Program Solves the Problem Proof Since, contradicts the hypothesis This means (12) can be simplified to If, then, else (11) does not hold Using the inductive hypothesis and we get, ie, 26 The Program Solves the Problem Proof The last statement contradicts the initial condition: This means, else (12) does not hold Using the invariant (7) we get Based on (10) 27 The Program Solves the Problem Proof (5): Every statement of the program decreases the variant function by 1 or does not cause state transition If the program is not in one of its fixed points, then there exists an corresponding conditional assignment, which assignment increases the value of and a there exists an for which and the value of is different from the value of 28 The Program Solves the Problem Proof (8):, or Since implies and, the equality holds initially All the assignments change the value of and simultaneously 45

Lecture 13 29 The Program Solves the Problem Proof (7): Since, Since is initially, After calculating the weakest preconditions of the assignments it is sufficient to show that 210 The Program Solves the Problem Proof After calculating the weakest preconditions of the assignments it is sufficient to show that and, implies the equality for, ie, and 211 The Program Solves the Problem Proof implies the equality for and, ie, and n the first case implies and implies In the second case implies and implies We use the Lemma: If, then In both of the cases the application of the Lemma leads to the statement 46

Chapter 14 Lecture 14 1 Reminder 11 Computation of the Value of an Associative Function 2 Channels 21 Channels queue, buffer for one directional communication Error-free, unbounded or bounded the history of the channel Operations: (P1) (P2) 22 Semantics of Operations 47

Lecture 14 Locality: any property P of P1 is stable in the other process(es), if outgoing channels variables of P1 only contains local variables and For any property, if and, then is stable in the system 3 Natural Number Generator 31 Example Natural Number Generator (NNG) 32 NNG Refinement of the Problem 33 NNG Solution 48

Lecture 14 34 The Program Solves the Problem Proof (5): We show 35 The Program Solves the Problem Proof (6): 36 The Program Solves the Problem Proof (7): and 4 Pipeline 41 Pipeline 42 Specification of Pipeline 49

Lecture 14 43 Refinement of the Problem 44 Refinement of the Problem Proof By fixed point refinement it is sufficient: Proof by using the lemma: The lemma is proved by induction 45 Solution 50

Chapter 15 Practice 1 1 Definitions 11 Relations An arbitrary subset of a direct product of sets is called a relation Let where and are arbitrary sets The domain of the relation is defined by 12 State Space Let is a finite or numerable set The set is called state space, the sets are called type value sets The projections are called variables is the set of the finite sequences of the points of the state space and the set of the infinite sequences Let A statement is a subset of the direct product 13 Statements and Effect Relation A statement is a subset of the direct product The effect relation of a statement is denoted by The effect relation expresses the functionality of the statement 14 Partial Function and Logical Relation A relation is called a partial function, if for all the set has at most one element If then is a function If is a relation, where is an arbitrary set and is the set of the logical values, then is called a logical relation 15 Truth Set The truth set of the logical function is defined as The logical functions are defined by their truth sets 16 General Assignment 51

Practice 1 A statement over the state space is called empty and termed, if Let,, where The statement is a general assignment defined by, if 17 Conditional Assignment Let be an assignment, for which This kind of (simultaneous, nondeterministic) assignment is called a conditional assignment, if We denote the conditional assignment the following way:, if Simultaneous, nondeterministic, conditional assignment:, if, if Abbreviation: 18 Abstract Parallel Program The conditional assignment is called the initialization in and is said to be an element of the program 19 Weakest precondition The logical function is called the weakest precondition of the postcondition in respect to the statement 110 Strongest Postcondition The logical function is called the strongest postcondition of in respect to 111 WP of the Abstract Parallel Program 52

Practice 1, where 112 Properties of WP, if 113 Properties of WP,, If, then,, 114 Calculating the WP, is a function and is a logical relation then 2 Calculating the WP 21 Exercise 1 53

Practice 1 22 Exercise 1(cont) 23 Exercise 2 24 Exercise 3 25 Exercises,,,,,, 54

Chapter 16 Practice 2 1 Reminder 11 Effect Relation A statement is a subset of the direct product The effect relation of a statement is denoted by The effect relation expresses the functionality of the statement 12 Weakest precondition The logical function is called the weakest precondition of the postcondition in respect to the statement 13 WP of the Abstract Parallel Program, where 14 Properties of WP, if 15 Properties of WP, 55

Practice 2, If, then,, 16 Calculating the WP, is a function and is a logical relation then 2 Calculating WP(S, R) 21 Exercise 1 22 Exercise 1 23 Exercises,, 56

Practice 2, ; 3 Unless Program Property 31 Definition is stable while 32 Properties 33 Proof 1 Theorem 33 Proof 34 Proof 2 Theorem 34 Proof 35 Stable Properties does not always hold: If, then P is stable Counterexample 57

Practice 2 4 Calculating Unless 41 Exercise 1 ;? 42 Exercise 1 (solution) : : 43 Exercise 1 (solution) 58

Practice 2 44 Simplified Solution 45 Simplified Solution SKIP execution paths can be omitted 46 Simplified Solution Condition reordering 47 Exercise 1 (simplified solution) ;? 48 Exercise 1 (simplified solution) Omitting SKIP branches and reordering conditions : 59

Practice 2 : 49 Exercise 2 ;? 60

Chapter 17 Practice 3 1 Reminder 11 Program Properties Weakest Postcondition, where Unless is stable while 2 Properties of Unless 21 Unless and Stable Property Theorem 35 If and, then Proof What s needed? (wp property) 22 Unless and Stable Property Lemma 4 (lemma) 61

Practice 3 Proof 23 Unless Is Disjunctive and Conjunctive Theorem 36 24 Unless Is NOT Transitive Counterexample does not always hold! 25 Consequence Weakening Theorem 37 26 Condition Narrowing Counterexample does not always hold! 62

Practice 3 27 Cancellation Theorem 38 3 Exercises 31 Exercise 1 32 Exercise 2 63

Chapter 18 Practice 4 1 Reminder 11 Program Properties Weakest Postcondition, where Unless is stable while 2 Ensures 21 Ensures Property, Definition is stable while in and there is a conditional assignment which ensures the transition from to Ensures 22 Properties 23 Proof 1 Theorem 39 Proof and 64

Practice 4 is true (see Lecture 2) and 24 Properties does not always hold Counterexample and 25 Properties does not always hold Counterexample 26 Properties does not always hold Counterexample 3 Calculating Ensures 31 Exercise 1 ; 65

Practice 4? 32 Exercise 1 (solution) (see Lecture 2) : 4 Properties 41 Ensures and Stable Property Theorem 40 If and, then Proof What s needed? Needed:, therefore is true (Unless and Stable property) 42 Ensures and Stable Property Proof and, then (wp property), therefore 66

Practice 4 43 Ensures Is NOT Transitive Counterexample does not always hold! 44 Ensures Is NOT Disjunctive Counterexample does not always hold! 45 Consequence Weakening Theorem 41 46 Corollario Theorem 42 47 Impossibility Theorem 43 67

Practice 4 68

Chapter 19 Practice 5 1 Reminder 11 Program Properties Weakest Postcondition, Unless where Ensures 2 Ensures 21 Exercise? 3 Leads-to 31 Leads-to Property, Definition is the transitive disjunctive closure of relation is the smallest binary relation satisfying the conditions: if and, then 69

Practice 5 Let denote a countable set If, then 32 Exercise 4 Properties 41 Basic Properties does not always hold does not always hold does not always hold 42 Implication Property Theorem 44 43 Consequence Weakening Theorem 45 44 Condition Narrowing 5 Proof Strategy 51 Structural Induction Induction on the structure of the proof Applied when appears in the premise of the theorem 70

Practice 5 Strategy: Base case: prove the theorem for Inductive step 1 (transitivity): prove the theorem for, where and for a given Inductive step 2 (disjunction): prove the theorem for, where and and 52 Impossibility Theorem 46 Proof Structural induction: 1 Base case: (Impossibility of ) 53 Impossibility Proof Structural induction: 2 Induction on transitivity:, where and Inductive hypothesis: the theorem holds for and (Inductive hyp) (Inductive hyp) 54 Impossibility Proof Structural induction: 3 Induction on disjunction:, where and Inductive hypothesis: the theorem holds for and (Inductive hyp) 71

Practice 5 (Inductive hyp) 72

Chapter 20 Practice 6 1 Reminder 11 Program Properties Weakest Postcondition, Unless where Ensures 12 Program Properties is the transitive disjunctive closure of relation is the smallest binary relation satisfying the conditions: if and, then Let denote a countable set If, then 13 Structural Induction Induction on the structure of the proof Applied when appears in the premise of the theorem Strategy: Base case: prove the theorem for Inductive step 1 (transitivity): prove the theorem for, where and for a given 73

Practice 6 Inductive step 2 (disjunction): prove the theorem for, where and and 2 Leads-to Properties 21 Leads-to and Stable Property Theorem 47 If and, then Proof Structural induction 1 Base case 2 Induction on transitivity 3 Induction on disjunction 22 PSP Theorem Theorem 48 Progress-Safety-Progress Theorem: Proof Structural induction 1 Base case 2 Induction on transitivity 3 Induction on disjunction 3 Exercises 31 Exercise 1 32 Exercise 2 33 Exercise 3 74

Practice 6 34 Exercise 3 Counterexample How can we prove that? 4 Inevitability 41 Inevitability Inevitability, if and only if when on all execution paths leading from and satisfying the axiom of the unconditionally fair scheduling there is a node at a finite unbounded distance from of which label is an element of the truth set of, ie, the program inevitable reaches the truth set of started from Theorem 49 ( sound and complete) = 42 Inevitability = Confuting is the same as confuting Give an unconditionally fair scheduling starting from 5 Exercises 51 Exercise 3 (cont) that does not reach the truth set of Counterexample 75

Practice 6 52 Exercise 4 53 Exercise 4 Counterexample 54 Exercise 5 55 Exercise 6 56 Exercise 6 Counterexample 76

Practice 6 77

Chapter 21 Practice 7 1 Reminder 11 Program Properties, where is the smallest binary relation satisfying the conditions: if and, then Let denote a countable set If, then 12 Program Properties Inevitability:, if and only if when on all execution paths leading from and satisfying the axiom of the unconditionally fair scheduling there is a node at a finite unbounded distance from of which label is an element of the truth set of, ie, the program inevitable reaches the truth set of started from 2 Fixed Point Properties 21 Fixed Point Properties A fixed point is said to be reached in a state of the state space, if none of the statements changes the state and is a simultaneous, non deterministic conditional assignment, ie :, if denotes the logical function, which characterizes the set of states over which the relation is deterministic, ie, 22 Definitions Set of fixed point 78

Practice 7 Set of fixed point with deterministic assignments Fixed point properties Let us denote by the set 23 Exercise 1 24 Exercise 1 3 Invariant 31 Invariant Properties, Definition is the set of logical functions of which truth are preserved by the elements of if the program is started from a state satisfying and and 32 Exercise 2 79

Practice 7 1) 2) 4 Exercises 41 Calculate the Properties of the Program 1 42 Calculate the Properties of the Program 1 1 2 3 4 80

Practice 7 43 Calculate the Properties of the Program 2 44 Calculate the Properties of the Program 2 1 2 3 81

Chapter 22 Practice 8 1 Reminder 11 Program Properties 2 Problem 21 Problem The problem is defined as a set of specification relations Every specification relation is defined over the powerset of the state space Let be logical functions We define and 22 Specification Relations - ( stable unless ), - ( ensures -t), - ( is inevitable from ),, - (fixed point is inevitable from ), - ( holds in any fixed point), - ( is invariant), ( initially) 23 Problem Definition 82

Practice 8 Let be a state space and let be a finite or numerable set The relation, where is called a problem defined over the state space is called the parameter space of the problem Two relations expressing boundary properties and five relations expressing transition properties are associated to every point of set 24 Notation Let denote an arbitrary element of the domain of the problem Let denote an element of The components of are denoted by and by respectively If then we use instead of in the indices for the sake of simplicity 25 Example: Greatest Common Divisor GCD 1 2 3 3 Solution 31 Solution Definition 83

Practice 8 The abstract parallel program is a solution of the problem, if, such that the program satisfies all the specification properties given in the,,,,, components of assuming that the program starts from a state satisfying all the elements of 32 Solved by a Program Definition The problem is said to be solved by the program with respect to an invariant property, if such that and satisfies all the specification properties given in with respect to and the initial conditions 33 Solution The program satisfies the specification property, if and only if there exists an invariant property such that the program satisfies with respect to, ie, and 34 Refinement of fixed point requirement 84

Practice 8 Theorem 50 If satisfies and, and, then satisfies 4 Exercise 41 Greatest Common Divisor GCD 1 2 3 42 Refinement of fixed point requirement 1 2 85

Practice 8 3 4 43 Solution 44 Refinement of fixed point requirement If satisfies and, and, then satisfies 45 S Solves the Problem We have to check: 1 2 3 4 46 Step 1 Check: and 86

Practice 8 47 Step 2 Check: and 48 Step 3 49 Step 4 Use the Theorem of Variant Function Theorem 51 logical functions, is a variant function, for which If 410 Step 4 Check: too satisfies, then satisfies and Then: Use the variant function: 411 Sorting 87

Practice 8 1 2 3 412 Refinement of fixed point requirement 1 2 3 4 413 Solution 88

Practice 8 89

Chapter 23 Practice 9 1 Reminder 11 Test Scope Program Properties Checking Program Properties Problem Solution 2 Test Examples 21 Does it hold? A B 22 Check the Properties! A, where 1 2 23 Check the Properties! B, where 90

Practice 9 1, 2 24 Does S Satisfy the Properties? A (1) (2) (3) (4) If the program terminate, give a variant function which can be used to proof that S satisfies the property 25 Does S Satisfy the Properties? B (1) (2) (3) (4) If the program terminate, give a variant function which can be used to proof that S satisfies the property 91

Practice 9 92

Chapter 24 Practice 10 1 Reminder 11 Where we are now? Problem Parallel Program Solution 2 Channels 21 Channels queue, buffer for one directional communication Error-free, unbounded or bounded the history of the channel Operations: (P1) (P2) 22 Semantics of Operations 3 FORK 93

Practice 10 31 FORK Requirements: Data must not be lost New data must not be produced The scheduling must be fair FORK must do something ( is not a good solution) 32 The function split A helper function: Take the smallest from these functions 33 Specification 34 Solution 94

Practice 10 35 The Program Solves the Problem Proof (2): Lets see: ( is similar) 36 The Program Solves the Problem Proof (2): We have to proof that: Lets see the following figure: 95

Practice 10 37 The Program Solves the Problem Proof (2): (2) holds based on the definition of the function 38 The Program Solves the Problem Proof (3):, (*) There are two cases: a) b) and and In case of a): we are ready In case of b): we can assume that (based on ) 39 The Program Solves the Problem Proof (3) b): We have to proof that: Then go back to step (*) That results: we can use instead of is transitive: 310 The Program Solves the Problem Proof (3):, we can use the variant function theorem to proof (3) 96

Chapter 25 Practice 11 1 Reminder 11 Channels queue, buffer for one directional communication Error-free, unbounded or bounded the history of the channel Operations: (P1) (P2) 12 The function split Take the smallest from these functions 2 Multiplexer 21 MUX 97

Practice 11 Requirements: Data must not be lost New data must not be produced The scheduling must be fair MUX must do something ( is not a good solution) 22 Specification 23 Solution 24 The Program Solves the Problem Proof (2): 98

Practice 11 Lets see: ( is similar) 25 The Program Solves the Problem Proof (2): We can use the lemma from the previous lecture: (2) holds based on the definition of the function 26 The Program Solves the Problem Proof (3):, and (*) There are two cases:, a) b) and and In case of a): we are ready In case of b): we can assume that 27 The Program Solves the Problem Proof (3) b): We have to proof that: Then go back to step (*) That results: we can use instead of is transitive: 99

Practice 11 28 The Program Solves the Problem Proof (3), is similar 3 Exercise 31 Specification 32 Solution Does this program solve the specified problem? 33 Check the properties of the program! 100

Practice 11 34 Check the properties of the program! 1 2 3 101

Chapter 26 Practice 12 1 Reminder 11 Channels queue, buffer for one directional communication Error-free, unbounded or bounded the history of the channel Special problems: FORK, MUX 2 Pipeline 21 Pipeline 22 Specification of Pipeline 102

Practice 12 23 Refinement of the Problem 24 Solution 3 Exercise 31 Reduction to Pipeline Theorem Given the Pipeline Theorem and a similar problem to solve The specification of the problem corresponds to the specification of pipeline Use the solution of pipeline (S) and transform it according to the correspondence (S ) If S solves pipeline, than S solves the similar problem 32 Example: Approximation of Square Root Given numbers: Calculate the square root of the numbers: Use the following iteration: 33 Specification of the Problem 103

Practice 12 34 Refinement of the Problem, 35 Refinement of the Problem 36 Solution 37 Exercise 1 Given thousands of e-mails:, and ten different spam filters: Calculate the average of the spam filters for every e-mails:! 38 Exercise 2 104

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback