mathematical reasoning
DESCRIPTION
Mathematical Reasoning. Goal: To prove correctness Method: Use a reasoning t able Prove correctness on all valid inputs. Example: Prove Correctness. Spec: Operation Do_Nothing ( i : Integer); requires min_intTRANSCRIPT
School of Computing Clemson University
Mathematical Reasoning Goal: To prove correctness Method: Use a reasoning table Prove correctness on all valid inputs
School of Computing Clemson University
Example: Prove CorrectnessSpec: Operation Do_Nothing (i: Integer);
requires min_int <= i and i + 1 <= max_int;
ensures i = #i;
Code:Increment(i);Decrement(i);
School of Computing Clemson University
Design by Contract Requirements and guarantees
Requires clauses are preconditions Ensures clauses are postconditions
Caller is responsible for requirements
Postcondition holds only if caller meets operation’s requirements
School of Computing Clemson University
Basics of Mathematical Reasoning Suppose you are proving the correctness
for some operation P Confirm P’s ensures clause at the last state Assume P’s requires clause in state 0
School of Computing Clemson University
In State 2 – Establish Goal ofDo_Nothing’s Ensures Clause
Assume Confirm0
Increment(i);1
Decrement(i)
2 i2 = i0
School of Computing Clemson University
In State 0Assume Do_Nothing’s Requires Clause
Assume Confirm0 min_int <= i0 and
i0 + 1 <= max_int
Increment(i);1
Decrement(i)
2 i2 = i0
School of Computing Clemson University
More Basics Now, suppose that P calls Q
Confirm Q’s requires clause in the state before Q is called
Assume Q’s ensures clause in the state after Q is called
School of Computing Clemson University
Specification of Integer Operations
Operation Increment (i: Integer); requires i + 1 <= max_int; ensures i = #i + 1;
Operation Decrement (i: Integer); requires min_int <= i - 1; ensures i = #i – 1;
School of Computing Clemson University
Assume Calls Work as AdvertisedAssume Confirm
0 min_int <= i0 and i0 + 1 <= max_int
Increment(i);1 i1 = i0 + 1
Decrement(i)
2 i2 = i1 - 1 i2 = i0
School of Computing Clemson University
More Preconditions Must Be ConfirmedAssume Confirm
0 min_int <= i0 and i0 + 1 <= max_int i0 + 1 <=
max_int
Increment(i);1 i1 = i0 + 1 min_int <= i1 - 1
Decrement(i)
2 i2 = i1 - 1 i2 = i0
School of Computing Clemson University
Write Down Verification Conditions(VCs) Verification Condition for State 0
(min_int <= i0) ^ (i0 + 1 <= max_int) i0 + 1 <= max_int
School of Computing Clemson University
Write Down Verification Conditions(VCs) VC for State 1
P1: min_int <= i0 (from State 0)
P2: i0 + 1 <= max_int (from State 0)
P3: i1 = i0 + 1 VC: P1 ^ P2 ^ P3 min_int <= i1 - 1
VC for State 2 P4: i2 = i1 - 1 VC: P1 ^ P2 ^ P3 ^ P4 i2 = i0
School of Computing Clemson University
Use Direct Proof Method For p q Assume premise ‘p’ Show conclusion ‘q’ is true
Prove VC for State 0 Assume P1: min_int <= i0 Assume P2: i0 + 1 <= max_int Show: i0 + 1 <= max_int
School of Computing Clemson University
Prove VCs for State 1 & State 2 Prove VC for State 1
Assume P1: min_int <= i0 Assume P2: i0 + 1 <= max_int Assume P3: i1 = i0 + 1 Show: min_int <= i1 - 1
Prove VC for State 2 Assume P1 ^ P2 ^ P3 Assume P4: i2 = i1 – 1 Show: i2 = i0