Mid-Semester Quiz Second Semester, 2012

Similar documents
THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600 (Formal Methods for Software Engineering)

THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600/COMP6260 (Formal Methods for Software Engineering)

THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600 (Formal Methods for Software Engineering)

THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600 (Formal Methods in Software Engineering)

Hoare Logic: Part II

Weakest Precondition Calculus

Hoare Logic: Reasoning About Imperative Programs

Hoare Calculus and Predicate Transformers

Foundations of Computation

Axiomatic Semantics. Hoare s Correctness Triplets Dijkstra s Predicate Transformers

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

Deductive Verification

WITH SOME SAMPLE SOLUTIONS

Dynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics

The Assignment Axiom (Hoare)

Proving simple set properties...

Exercises 1 - Solutions

Proof Calculus for Partial Correctness

Proof Rules for Correctness Triples

Soundness and Completeness of Axiomatic Semantics

COMP2111 Glossary. Kai Engelhardt. Contents. 1 Symbols. 1 Symbols 1. 2 Hoare Logic 3. 3 Refinement Calculus 5. rational numbers Q, real numbers R.

With Question/Answer Animations. Chapter 2

Axiomatic Semantics: Verification Conditions. Review of Soundness and Completeness of Axiomatic Semantics. Announcements

Program verification. 18 October 2017

Hoare Logic I. Introduction to Deductive Program Verification. Simple Imperative Programming Language. Hoare Logic. Meaning of Hoare Triples

Axiomatic Semantics: Verification Conditions. Review of Soundness of Axiomatic Semantics. Questions? Announcements

Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions

Discrete Mathematics Review

Axiomatic Semantics. Lecture 9 CS 565 2/12/08

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

What happens to the value of the expression x + y every time we execute this loop? while x>0 do ( y := y+z ; x := x:= x z )

(c) Give a proof of or a counterexample to the following statement: (3n 2)= n(3n 1) 2

Packet #2: Set Theory & Predicate Calculus. Applied Discrete Mathematics

3 Propositional Logic

09 Modal Logic II. CS 3234: Logic and Formal Systems. October 14, Martin Henz and Aquinas Hobor

Program verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program

Learning Goals of CS245 Logic and Computation

Two hours. Note that the last two pages contain inference rules for natural deduction UNIVERSITY OF MANCHESTER SCHOOL OF COMPUTER SCIENCE

Math 13, Spring 2013, Lecture B: Midterm

Deterministic Program The While Program

COMP 2600: Formal Methods for Software Engineeing

Unifying Theories of Programming

CS156: The Calculus of Computation Zohar Manna Autumn 2008

Mathematical Preliminaries. Sipser pages 1-28

Discrete Mathematical Structures: Theory and Applications

Gerwin Klein, June Andronick, Ramana Kumar S2/2016

Predicate Logic: Sematics Part 1

Formal Methods for Probabilistic Systems

Programming Languages and Compilers (CS 421)

Sets, Logic, Relations, and Functions

n Empty Set:, or { }, subset of all sets n Cardinality: V = {a, e, i, o, u}, so V = 5 n Subset: A B, all elements in A are in B

Hoare Logic: Reasoning About Imperative Programs

University of Toronto Scarborough. Aids allowed: None... Duration: 3 hours.

Conjunction: p q is true if both p, q are true, and false if at least one of p, q is false. The truth table for conjunction is as follows.

Propositional Logic, Predicates, and Equivalence

Verification and Validation

In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and

Propositional Logic Not Enough

Logic, Sets, and Proofs

A Short Introduction to Hoare Logic

Hoare Logic (I): Axiomatic Semantics and Program Correctness

Spring 2016 Program Analysis and Verification. Lecture 3: Axiomatic Semantics I. Roman Manevich Ben-Gurion University

Topics in Logic and Proofs

Bilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft)

Axiomatic Semantics. Semantics of Programming Languages course. Joosep Rõõmusaare

Lecture Notes 1 Basic Concepts of Mathematics MATH 352

Chapter 4, Logic using Propositional Calculus Handout

Handout on Logic, Axiomatic Methods, and Proofs MATH Spring David C. Royster UNC Charlotte

CS156: The Calculus of Computation

Set Theory. CSE 215, Foundations of Computer Science Stony Brook University

Computation and Logic Definitions

Your quiz in recitation on Tuesday will cover 3.1: Arguments and inference. Your also have an online quiz, covering 3.1, due by 11:59 p.m., Tuesday.

COMP 182 Algorithmic Thinking. Proofs. Luay Nakhleh Computer Science Rice University

Propositional Logic: Syntax

Review 1. Andreas Klappenecker

Spring 2015 Program Analysis and Verification. Lecture 4: Axiomatic Semantics I. Roman Manevich Ben-Gurion University

CIS (More Propositional Calculus - 6 points)

Math 3336: Discrete Mathematics Practice Problems for Exam I

Introduction to Axiomatic Semantics

INF3170 Logikk Spring Homework #8 For Friday, March 18

Strength; Weakest Preconditions

First Order Logic vs Propositional Logic CS477 Formal Software Dev Methods

A Guide to Proof-Writing

On the Complexity of the Reflected Logic of Proofs

3. Only sequences that were formed by using finitely many applications of rules 1 and 2, are propositional formulas.

Do not start until you are given the green signal

Foundations of Mathematics MATH 220 FALL 2017 Lecture Notes

Chapter 1 Elementary Logic

The Process of Mathematical Proof

Program verification using Hoare Logic¹

Review CHAPTER. 2.1 Definitions in Chapter Sample Exam Questions. 2.1 Set; Element; Member; Universal Set Partition. 2.

CA320 - Computability & Complexity

Informal Statement Calculus

Propositional Logic: Models and Proofs

Comp487/587 - Boolean Formulas

Section Summary. Predicate logic Quantifiers. Negating Quantifiers. Translating English to Logic. Universal Quantifier Existential Quantifier

Program Analysis Part I : Sequential Programs

Formal Reasoning CSE 331. Lecture 2 Formal Reasoning. Announcements. Formalization and Reasoning. Software Design and Implementation

Introduction to Metalogic

Propositional and Predicate Logic - V

Transcription:

THE AUSTRALIAN NATIONAL UNIVERSITY Mid-Semester Quiz Second Semester, 2012 COMP2600 (Formal Methods for Software Engineering) Writing Period: 1 hour duration Study Period: 10 minutes duration Permitted Materials: One A4 page with hand-written notes on both sides The questions are followed by labelled blank spaces into which your answers are to be written. Additional answer panels are provided at the end of the paper should you wish to use more space for an answer than is provided in the associated labelled panels. Student Number: Q1 Mark Q2 Mark Q3 Mark Q4 Mark Q5 Mark Total Mark COMP2600 (Formal Methods for Software Engineering) Page 1 of 14

QUESTION 1 [12 marks] Natural Deduction (a) Using truth tables, prove or disprove for the following statement. Indicate whether the statement has a proof, or give a counterexample. A (B C) (A B) C QUESTION 1(a) [3 marks] A B C B C A (B C) A B (A B) C result T T T T T F T F T T F F F T T F T F F F T F F F (b) Give a natural deduction proof of A (B C) (A B) C (may be continued next page) QUESTION 1(b) [5 marks] COMP2600 (Formal Methods for Software Engineering) Page 2 of 14

QUESTION 1(b), continued (c) Give a natural deduction proof of QUESTION 1(c) ( x. P(x)) x. P(x) [4 marks] COMP2600 (Formal Methods for Software Engineering) Page 3 of 14

QUESTION 2 [10 marks] Structural Induction Here is the usual Haskell definition of a binary tree: data Tree a = Nul Node a ( Tree a) ( Tree a) Given these function definitions: sumt Nul = 0 -- ( ST1 ) sumt ( Node a t1 t2) = a + sumt t1 + sumt t2 -- ( ST2 ) suml [] = 0 -- ( SL1 ) suml (x:xs) = x + suml xs -- ( SL2 ) flatten Nul = [] -- (F1) flatten ( Node a t1 t2) = flatten t1 ++ ( a : flatten t2) -- ( F2) [] ++ ys = ys -- (A1) (x:xs) ++ ys = x : (xs ++ ys) -- (A2) and the following lemma: suml ( xs ++ ys) = suml xs + suml ys -- ( L1) Prove the following property using structural induction: sumt t = suml ( flatten t) (a) State and prove the base case goal. QUESTION 2(a) [2 marks] COMP2600 (Formal Methods for Software Engineering) Page 4 of 14

(b) State the induction hypotheses. QUESTION 2(b) [2 marks] (c) State and prove the step case goal. QUESTION 2(c) [6 marks] COMP2600 (Formal Methods for Software Engineering) Page 5 of 14

QUESTION 3 [11 marks] Hoare Logic Consider the following code fragment Square, in which all variables are typed integer: i := 0; s := 0; while (i n) do s := s + n; i := i + 1 } Body Loop Square This code takes an integer n, and is intended to calculate n 2 and assign that value to s. To confirm this, we we wish to use the rules of Hoare Logic (Appendix 3) to show that { True } Square { s = n 2 }. In the questions below (and your answers), we may refer to the loop code as Loop, and the body of the loop as Body. Make sure that every step of your proof is numbered, and is justified by citing the rule, and any previous proof steps, that you are using. (a) We will need an invariant for Loop. We suggest Inv ( s = i n ). Prove that {Inv} Body {Inv}. QUESTION 3(a) [4 marks] COMP2600 (Formal Methods for Software Engineering) Page 6 of 14

(b) Using the result of part (a), prove that {Inv} Loop {s = n 2 }. QUESTION 3(b) [3 marks] (c) Using the result of part (b), prove that {True} Square {s = n 2 }. QUESTION 3(c) [3 marks] (d) The code fragment Square would get stuck in an infinite loop for some initial values of n. Explain why it is not necessary to consider this possibility when choosing a precondition for this code. QUESTION 3(d) [1 mark] COMP2600 (Formal Methods for Software Engineering) Page 7 of 14

QUESTION 4 [11 marks] Weakest Precondition Calculus As with the previous question, we will consider the code fragment Square: i := 0; s := 0; while (i n) do s := s + n; i := i + 1 } Body Loop Square We will use the rules of the weakest precondition calculus (Appendix 4) to calculate wp(square, s = n 2 ). As in the previous question we will use the abbreviations Loop and Body for the indicated parts of the code. Remember to simplify your answers wherever possible, and show all your working when you do so. (a) We will need to calculate wp(loop, s = n 2 ). First, state P 0 (the predicate expressing success for this weakest precondition after zero loop iterations). QUESTION 4(a) [1 mark] COMP2600 (Formal Methods for Software Engineering) Page 8 of 14

(b) We claim that the general format for P k (expressing success after k loop iterations for k 0) is P k ( i + k = n s = i 2 + k i ) Suppose that this holds for some k. Then prove that P k+1 ( i + (k + 1) = n s = i 2 + (k + 1) i ) QUESTION 4(b) [6 marks] COMP2600 (Formal Methods for Software Engineering) Page 9 of 14

(c) Given parts (a) and (b), state wp(loop, s = n 2 ). Do not attempt any simplification at this stage. QUESTION 4(c) [1 mark] (d) Hence find wp(square, s = n 2 ). State this result in the simplest form possible. QUESTION 4(d) [3 marks] COMP2600 (Formal Methods for Software Engineering) Page 10 of 14

QUESTION 5 [6 marks] Specification using Z A certain software engineering student, planning to write a program to keep track of her collection of DVDs, is starting with a specification of the system. It is called MyDVDs, and this is where she is up to: [Movie] [Actor] Score == {i : N i 10} MyDVDs mine : P Movie stars : Movie Actor rating : Movie Score dom stars mine dom rating mine Initial MyDVDs mine = AddMovie o MyDVDs m? : Movie cast? : P Actor AddActor o MyDVDs m? : Movie a? : Actor m? mine mine = mine {m?} rating = rating a : Actor ((m? a) stars ) (a cast?) n : movie n m? {n} stars = {n} stars m? mine (m? a?) stars stars = stars ({m? a?}) rating = rating RankMovie o MyDVDs m? : Movie s? : Score m? mine stars = stars rating (m?) = s? n : Movie (n m?) rating (n) = rating(n) Duets o ΞMyDVDs a?, b? : Actor ms! : P Movie (a) What are the types that are either (i) given or (ii) introduced by definition? QUESTION 5(a) [1 mark] COMP2600 (Formal Methods for Software Engineering) Page 11 of 14

(b) Explain why is used in the type of the variable rating, rather than or. QUESTION 5(b) [1 mark] (c) Why does the predicate part of the Initial schema only mention one global variable? QUESTION 5(c) [1 mark] (d) The postcondition n : movie n m? {n} stars = {n} stars appears in the schema AddMovie o. Express the author s intent simply in English. QUESTION 5(d) [1 mark] (e) It turns out that there is an error in the schema AddActor o that is repeated in the predicate part of RankMovie o. Suggest what it is. QUESTION 5(e) [1 mark] (f) The predicate part of the enquiry schema, Duets o, is blank! The intention of this enquiry is to return a list of movies in the database in which both given actors appear. Suggest suitable pre-conditions and/or post-conditions to complete the schema. QUESTION 5(f) [1 mark] COMP2600 (Formal Methods for Software Engineering) Page 12 of 14

Additional answers. Clearly indicate the corresponding question and part. Additional answers. Clearly indicate the corresponding question and part. COMP2600 (Formal Methods for Software Engineering) Page 13 of 14

Additional answers. Clearly indicate the corresponding question and part. Additional answers. Clearly indicate the corresponding question and part. COMP2600 (Formal Methods for Software Engineering) Page 14 of 14

Appendix 1 Natural Deduction Rules Propositional Calculus ( I) p q p q ( E) p q p p q q [p] [q] ( I) p p q p q p ( E).. p q r r r [p]. ( I) q p q ( E) p q p q [p] [ p].. ( I) q q p ( E) q q p Predicate Calculus ( I) P(a) (a arbitrary) x. P(x) ( E) x. P(x) P(a) [P(a)] ( I) P(a) x. P(x) ( E) x. P(x). q (a arbitrary) q (a is not free in q) COMP2600 (Formal Methods for Software Engineering) Additional material

Appendix 2 Truth Table Values p q p q p q p q p p q T T T T T F T T F T F F F F F T T F T T F F F F F T T T COMP2600 (Formal Methods for Software Engineering) Additional material

Appendix 3 Hoare Logic Rules Precondition Strengthening: P s P w {P w } S {Q} {P s } S {Q} Postcondition Weakening: Assignment: Sequence: Conditional: While Loop: {P} S {Q s } Q s Q w {P} S {Q w } {Q(e)} x := e {Q(x)} {P} S 1 {Q} {Q} S 2 {R} {P} S 1 ; S 2 {R} {P b} S 1 {Q} {P b} S 2 {Q} {P} if b then S 1 else S 2 {Q} {P b} S {P} {P} while b do S {P b} Appendix 4 Weakest Precondition Rules wp(x := e, Q(x)) Q(e) wp(s 1 ; S 2, Q) wp(s 1, wp(s 2, Q)) wp(if b then S 1 else S 2, Q) (b wp(s 1, Q)) ( b wp(s 2, Q)) (b wp(s 1, Q)) ( b wp(s 2, Q)) P k is the weakest predicate that must be true before while b do S executes, in order for the loop to terminate after exactly k iterations in a state that satisfies Q. P 0 b Q P k+1 b wp(s, P k ) wp(while b do S, Q) k. (k 0 P k ) COMP2600 (Formal Methods for Software Engineering) Additional material

Appendix 5 Short Glossary of Mathematical Symbols in Z Logic conjunction for all implies disjunction there exists if and only if negation B type boolean Sets empty set subset cartesian product { } empty set superset P power set in set set union # set size not in set set intersection.. up to (as in {1.. 7}) min smallest in set max greatest in set N natural numbers Relations and Functions relation dom domain domain restriction total function ran range range restriction partial function R 1 inverse of R maplet R( S ) image of set S under R Schemas indicates operation Ξ indicates enquiry = schema definition COMP2600 (Formal Methods for Software Engineering) Additional material

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback