Verification and Validation

Similar documents
Semantic Entailment and Natural Deduction

Module 5. Knowledge Representation and Logic (Propositional Logic) Version 2 CSE IIT, Kharagpur

Semantic Foundations for Deductive Methods

Logic I or Moving in on the Monkey & Bananas Problem

Does Deduction really rest on a more secure epistemological footing than Induction?

Logical Omniscience in the Many Agent Case

An Introduction to. Formal Logic. Second edition. Peter Smith, February 27, 2019

Day 3. Wednesday May 23, Learn the basic building blocks of proofs (specifically, direct proofs)

2.1 Review. 2.2 Inference and justifications

A Judgmental Formulation of Modal Logic

Quantificational logic and empty names

Artificial Intelligence. Clause Form and The Resolution Rule. Prof. Deepak Khemani. Department of Computer Science and Engineering

Artificial Intelligence: Valid Arguments and Proof Systems. Prof. Deepak Khemani. Department of Computer Science and Engineering

Informalizing Formal Logic

Remarks on a Foundationalist Theory of Truth. Anil Gupta University of Pittsburgh

What would count as Ibn Sīnā (11th century Persia) having first order logic?

(Refer Slide Time 03:00)

Outline. 1 Review. 2 Formal Rules for. 3 Using Subproofs. 4 Proof Strategies. 5 Conclusion. 1 To prove that P is false, show that a contradiction

Haberdashers Aske s Boys School

PHILOSOPHY OF LOGIC AND LANGUAGE OVERVIEW LOGICAL CONSTANTS WEEK 5: MODEL-THEORETIC CONSEQUENCE JONNY MCINTOSH

Understanding Truth Scott Soames Précis Philosophy and Phenomenological Research Volume LXV, No. 2, 2002

Artificial Intelligence Prof. P. Dasgupta Department of Computer Science & Engineering Indian Institute of Technology, Kharagpur

Review of "The Tarskian Turn: Deflationism and Axiomatic Truth"

Knowledge, Time, and the Problem of Logical Omniscience

CONTENTS A SYSTEM OF LOGIC

Belief, Awareness, and Two-Dimensional Logic"

(i) Morality is a system; and (ii) It is a system comprised of moral rules and principles.

15 Does God have a Nature?

A New Parameter for Maintaining Consistency in an Agent's Knowledge Base Using Truth Maintenance System

Logic & Proofs. Chapter 3 Content. Sentential Logic Semantics. Contents: Studying this chapter will enable you to:

Logic and Pragmatics: linear logic for inferential practice

Lecture Notes on Classical Logic

Logic: Deductive and Inductive by Carveth Read M.A. CHAPTER IX CHAPTER IX FORMAL CONDITIONS OF MEDIATE INFERENCE

August 8, 1997, Church s thesis, formal definitions of informal notions, limits of formal systems, Turing machine, recursive functions - BIG

McDougal Littell High School Math Program. correlated to. Oregon Mathematics Grade-Level Standards

CHAPTER 1 A PROPOSITIONAL THEORY OF ASSERTIVE ILLOCUTIONARY ARGUMENTS OCTOBER 2017

Logic: Deductive and Inductive by Carveth Read M.A. CHAPTER VI CONDITIONS OF IMMEDIATE INFERENCE

Introduction to Statistical Hypothesis Testing Prof. Arun K Tangirala Department of Chemical Engineering Indian Institute of Technology, Madras

The Perfect Being Argument in Case-Intensional Logic The perfect being argument for God s existence is the following deduction:

What is Game Theoretical Negation?

A Generalization of Hume s Thesis

Richard L. W. Clarke, Notes REASONING

Artificial Intelligence Prof. P. Dasgupta Department of Computer Science & Engineering Indian Institute of Technology, Kharagpur

Intuitive evidence and formal evidence in proof-formation

Basic Concepts and Skills!

Review of Philosophical Logic: An Introduction to Advanced Topics *

1. Lukasiewicz s Logic

THE FORM OF REDUCTIO AD ABSURDUM J. M. LEE. A recent discussion of this topic by Donald Scherer in [6], pp , begins thus:

UC Berkeley, Philosophy 142, Spring 2016

Necessity and Truth Makers

JELIA Justification Logic. Sergei Artemov. The City University of New York

1. Introduction Formal deductive logic Overview

The way we convince people is generally to refer to sufficiently many things that they already know are correct.

Illustrating Deduction. A Didactic Sequence for Secondary School

Ayer s linguistic theory of the a priori

Intersubstitutivity Principles and the Generalization Function of Truth. Anil Gupta University of Pittsburgh. Shawn Standefer University of Melbourne

All They Know: A Study in Multi-Agent Autoepistemic Reasoning

Introduction Symbolic Logic

Durham Research Online

1. Introduction. Against GMR: The Incredulous Stare (Lewis 1986: 133 5).

16. Universal derivation

Predicate logic. Miguel Palomino Dpto. Sistemas Informáticos y Computación (UCM) Madrid Spain

Lecture 4. Before beginning the present lecture, I should give the solution to the homework problem

Negative Introspection Is Mysterious

Potentialism about set theory

Outline. Uninformed Search. Problem-solving by searching. Requirements for searching. Problem-solving by searching Uninformed search techniques

TWO VERSIONS OF HUME S LAW

Philosophy 240: Symbolic Logic

There are two common forms of deductively valid conditional argument: modus ponens and modus tollens.

PHI2391: Logical Empiricism I 8.0

Announcements. CS243: Discrete Structures. First Order Logic, Rules of Inference. Review of Last Lecture. Translating English into First-Order Logic

Chapter 9- Sentential Proofs

Revisiting the Socrates Example

An alternative understanding of interpretations: Incompatibility Semantics

On Tarski On Models. Timothy Bays

The Problem of Induction and Popper s Deductivism

Exercise Sets. KS Philosophical Logic: Modality, Conditionals Vagueness. Dirk Kindermann University of Graz July 2014

On Infinite Size. Bruno Whittle

Inference in Cyc. Copyright 2002 Cycorp

Early Russell on Philosophical Grammar

Ethical Consistency and the Logic of Ought

4.1 A problem with semantic demonstrations of validity

Circumscribing Inconsistency

Verificationism. PHIL September 27, 2011

Constructive Logic, Truth and Warranted Assertibility

Higher National Unit Specification. General information for centres. Unit title: Philosophy C: An Introduction to Analytic Philosophy

A BRIEF INTRODUCTION TO LOGIC FOR METAPHYSICIANS

Completeness or Incompleteness of Basic Mathematical Concepts Donald A. Martin 1 2

Quine: Quantifiers and Propositional Attitudes

On The Logical Status of Dialectic (*) -Historical Development of the Argument in Japan- Shigeo Nagai Naoki Takato

A. Problem set #3 it has been posted and is due Tuesday, 15 November

Ayer on the criterion of verifiability

Chadwick Prize Winner: Christian Michel THE LIAR PARADOX OUTSIDE-IN

Artificial Intelligence Prof. Deepak Khemani Department of Computer Science and Engineering Indian Institute of Technology, Madras

Is the law of excluded middle a law of logic?

KNOWLEDGE AND THE PROBLEM OF LOGICAL OMNISCIENCE

Putnam: Meaning and Reference

Introducing Our New Faculty

Chapter 3: Basic Propositional Logic. Based on Harry Gensler s book For CS2209A/B By Dr. Charles Ling;

Georgia Quality Core Curriculum 9 12 English/Language Arts Course: American Literature/Composition

Transcription:

2012-2013 Verification and Validation Part III : Proof-based Verification Burkhart Wolff Département Informatique Université Paris-Sud / Orsay

" Now, can we build a Logic for Programs??? 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 2

" Now, can we build a Logic for Programs??? Well, yes! There are actually lots of possibilities... " We consider the Hoare-Logic (Sir Anthony Hoare...), technically an inference system PL + E + A + Hoare 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 3

" Basis: IMP, (following Glenn Wynskell's Book) We have the following commands (cmd) # the empty command SKIP # the assignment x:== E (x # V) # the sequential compos. c 1 ; c 2 # the conditional IF cond THEN c 1 ELSE c 2 # the loop WHILE cond DO c where c, c 1, c 2, are cmd's, V variables, E an arithmetic expression, cond a boolean expr. 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 4

" Core Concept: A Hoare Triple consisting... # of a pre-condition Pre # a post-condition Post # and a piece of program cmd written: {Pre} cmd {Post} P and Q are formulas over the variables V, so they can be seen as set of possible states. 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 5

Hoare Logic vs. Symbolic Execution HL is also based notion of a symbolic state. state sym = V " Set(D) As usual, we denote sets by x E where E is a boolean expression. 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 6

Hoare Logic vs. Symbolic Execution However, instead of: σ::state sym Pre(σ(X 1 ),..., σ (X n ) cmd σ::state sym Post(σ(X 1 ),..., σ (X n ) where Pre and Post are sets of states. we just write: {Pre} cmd {Post} where Pre and Post are expressions over program variables. 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 7

Hoare Logic vs. Symbolic Execution Intuitively: means: {Pre} cmd {Post} If a program cmd starts in a state admitted by Pre if it terminates, that the program must reach a state that satisfies Post. 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 8

" PL + E + A + Hoare (simplified binding) at a glance: 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 9

" The rule for the empty statement: well, states do not change... Therefore, valid states remain valid. 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 10

" The rule for the assignment: Example (1): {1!x x!10} x:== x+2 {3!x x!12} 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 11

" The rule for the assignment Example (2): {true} x:== 2 {x=2} 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 12

" The rule for the conditional: is essentially a case-split. 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 13

" The rule for the conditional: Example (3): 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 14

" The rule for the conditional: Example (3): 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 15

" The rule for the sequence: essentially relational composition on state sets. 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 16

The rule for the sequence. Example (4): 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 17

The rule for the sequence. Example (4): 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 18

" The rule for the while-loop. Critical: The invention of an Invariant P. If we have an invariant (a predicate that remains stable during loop taversal), then it must be true after the loop. And if states after the loop exist, the negation of the condition must be true. 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 19

" The consequence rule: Reflects the intuition that P' is a subset of legal states P and Q is a subset of legal states Q'. The only rule that is not determined by the syntax of the program; it can be applied anywhere in the (Hoare-) proof. 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 20

" The consequence rule: Example (5) (continuation of Example ()): 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 21

" A handy derived rule (False): Proof: by induction over cmd! (At the Blackboard) A very handy corollary of this and the consequence is rule (FalseE): 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 22

" Another handy corollary of (False): Proof: by consequence, while-rule, P and cond-contradiction, False-rule. 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 23

" Yet another handy corollary of (consequence): Proof: by consequence and the fact that P =P' infers P P' Note: We will apply this rule implicitly, allowing local massage of pre- and postconditions. 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 24

" Example (6): 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 25

" Example (6): Proof: 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 26

" Example (6): Note: Hoare-Logic is a calculus for partial correctness; on non-terminating programs, it is possible to prove anything! 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 27

" Example (7): 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 28

" Example (7): Proof: where I'' = I'[x x+1] and where we need solutions to: A = true I B = I $(x < 2) 2! x C = I x <2 I'[x x+1] D = I' I 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 29

" Example (7): Proof: A = true I B = I $(x < 2) 2! x C = I x <2 I'[x x+1] D = I' I # I must be true, this solves A, B, D # we are fairly free with an invariant I'; e.g. x! 2 or x! 5 would do the trick! 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 30

" Example (7): Remarks: # This proof rises the idea of particular construction method of Hoare-Proofs, which can be automated: - apply the consequence rule only at entry points of (the body of) loops (deterministic!) - extract the implications used in these consequence rule - try to find solutions for these implications (worst case: ask the user...) # Essence of all: constraint solving of formulas... 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 31

Hoare Logic: Summary "... in the essence, the Hoare Calculus is an entirely syntactic game that constructs a labelling of the program with assertions P, Q, etc... 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 32

Hoare-Logic : Summary " Note: Validity is a «partial correctness notion» proof under condition that the program terminates. For non-terminating programs, the calculus allows to prove anything " The Proof-Method is therefore two-staged: # verify termination (find mesures for loops and recursive calls that strictly decrease for each iteration) # prove partial correctness of the spec for the program via a Hoare-Calculus (or a wp-calculus)! total correctness = partial correctness + termination 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 33

Hoare Logic: Summary Theorem: Correctness of the Hoare-Calculus Theorem: Relative Completeness of the Hoare-Calculus where we define for a given semantic function C: 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 34

Hoare Logic: Summary Formal Proof # Can be very hard up to infeasible (no one will probably ever prove correctness of MS Word!) # Proof Work typically exceeds Programming work by a factor 10! # Tools and Tool-Chains necessary # Makes assumptions on language, method, toolcorrectness, too! 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 35

Hoare Logic: Outlook " Can we be sure, that the logical systems are consistent? Well, yes, practically. (See Hales Article in AMS: Formal Proof, 2008. http://www.ams.org/ams/press/hales-nots-dec08.html) # Can we ever be sure, that a specification means what we intend? Well, no. But when can we ever be entirely sure that we know what we have in mind? But at least, we can gain confidence validating specs, i.e. by animation and test, thus, by experimenting with them... 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 36

Verification : Test or Proof Test # Requires Testability of Programs (initialisable, reproducible behaviour, sufficient control over non-determinism) # Can be also Work-Intensive!!! # Requires Test-Tools # Requires a Formal Specification # Makes Test-Hypothesis, which can be hard to justify! 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 37

Validation : Test or Proof (end) Test and Proof are Complementary... "... and extreme ends of a continuum : from static analysis to formal proof of deep system properties " In practice, a good verification plan will be necessary to get the best results with a (usually limited) budget!!! # detect parts which are easy to test # detect parts which are easy to prove # good start: maintained formal specification! this leaves room for changes in the conception!... and for different implementation of sub-components 05/11/14 B. Wolff - Ingé. 2 - Proof-Based Verification I 38

2024 © religiondocbox.com Privacy Policy | Terms of Service | Feedback