Exercises: program verification using SAT/SMT
|
|
- Laurence Floyd
- 5 years ago
- Views:
Transcription
1 Exercises: program verification using SAT/SMT For these exercises, we will use the program verifier Dafny. There is an online tutorial for Dafny available at: The source files of these exercises and a ZIP with Dafny for Linux/MacOSX can be found at ~sccblom/ipa_course.html. As we are in particular interested in the SMT problems that are generated by Dafny, we will use Dafny mainly from the commandline. Part 1: Getting Started With Dafny Exercise A Consider the file Incr-good.dfy with the following Dafny program: c l a s s MyClass method i n c r ( x : i n t ) r e t u r n s ( y : i n t ) r e q u i r e s x > 0 ; e n s u r e s y==x+481; y := x+481; Remark: Source code available as Incr-good.dfy Run Dafny on it from the commandline, using > dafny /compile:0 Incr-good.dfy You will get the following output: Dafny program verifier version , Copyright (c) , Microsoft. Dafny program verifier finished with 2 verified, 0 errors N.B. The option /compile:0 disables the compilation of succesfully verified code, because that part of Dafny does not work on Linux and MacOSX. Exercise B Copy your program to a file Incr-bad.dfy, and in this copy change the assignment in the program to y := x+37;. Run Dafny on Incr-bad.dfy. This program does not fulfill its contract, and Dafny will report a problem. Run Dafny, and understand the error message. Try to change the program in other ways, and study the different error messages. 1
2 Exercise C As explained during the lecture, Dafny works by translating the given program into a BoogiePL program. The BoogiePL program start with the contents of the file DafnyPrelude.bpl, which defines the Dafny predefined datatypes, such as sequences, sets and bags. From the Boogie program, verification conditions are generated that are checked by Z3. To get an idea of how this process works, you can call Dafny with the options that will save the Boogie program and the Z3 inputs: The option /print:@file@.bpl will record the encoding of the Dafny program as a Boogie program into a file. The option /proverlog:@file@-@proc@ will record the SMT problems submitted to Z3. The use is intentional. These string will be replaced by the Dafny file and the BoogiePL procedure being processed, respectively. Generate BoogiePL files for Incr-good.dfy and Incr-bad.dfy and study them. This results in quite long file, because checks for various aspects, such as heap access and types are added to the program. However, the original program can still be recognized in the implementations, which start with Impl$$_module. Look at the generated code, and try to match it to the original programs. Exercise D Now generate the SMT problems submitted to Z3 for both programs. Search for the line(s) containing (check-sat). The text above these lines encodes the actual check. Use the difference between Incr-good.dfy and Incr-bad.dfy to understand the generated verification condition. Exercise E Finally, change the body of Incr-good.dfy y := x+400; y := y+81; and study what changes in the generated BoogiePL code and SMT problems. Exercise F And now for something completely different. Do you recognize the following example? method search ( a : int, b : int, c : int, d : i n t ) r e t u r n s ( ) e n s u r e s! ( 2 a > b + c && 2 b > c + d && 2 c > 3 d && 3 d > a + c ) ; The code is in search.dfy. Run Dafny with SMT model printing enabled: > dafny /printmodel:2 /compile:0 search.dfy Then find a solution to the equation in the output. Exercise G In the search example, convert the method parameters to global variables. Then run Dafny again. Can you still find the counter example? 2
3 Part 2: Specification Exercises We will first look at some specification and verification examples using Dafny. These exercises have been borrowed from the online Dafny tutorial at Exercise A The following example is not quite right. Find the error, fix it and verify the fix. method MultipleReturns ( x : int, y : i n t ) r e t u r n s ( more : int, l e s s : i n t ) e n s u r e s l e s s < x ; e n s u r e s x < more ; more := x + y ; l e s s := x y ; Remark: Source code available as multiplereturn.dfy Exercise B Write a method Max that takes two integer parameters and returns their maximum. Add appropriate annotations and make sure your code respects its specification. method Max( a : int, b : i n t ) r e t u r n s ( c : i n t ) Exercise C In Dafny, inductively defined functions can be used in method contracts. For example, function fib gives the standard mathematical definition of the Fibonacci numbers, while method ComputeFib provides an efficient algorithm to compute Fibonacci numbers. f u n c t i o n f i b ( n : nat ) : nat i f n == 0 then 0 e l s e i f n == 1 then 1 e l s e f i b ( n 1) + f i b ( n 2) method ComputeFib ( n : nat ) r e t u r n s ( b : nat ) e n s u r e s b == f i b ( n ) ; i f ( n == 0) r eturn 0 ; var i : i n t := 1 ; var a := 0 ; b := 1 ; while ( i < n ) a, b := b, a + b ; i := i + 1 ; Remark: Source code available as fibonacci.dfy Add loop invariants to make the method ComputeFib verify. 3
4 Exercise D Implement and verify a binary search algorithm, respecting the following method specification: p r e d i c a t e s o r t e d ( a : array<int >) r e q u i r e s a!= n u l l ; reads a ; f o r a l l j, k : : 0 <= j < k < a. Length ==> a [ j ] <= a [ k ] method BinarySearch ( a : array<int >, value : i n t ) r e t u r n s ( index : i n t ) r e q u i r e s a!= n u l l && 0 <= a. Length && s o r t e d ( a ) ; e n s u r e s Remark: Source code available as sort.dfy If you would like to try a more challenging verification exercise, we recommend the prefix sum problem, available in the prefixsum directory. 1 1 The prefix sum was the second challenge in the 2012 VerifyThis verification competition: verifythis.org/challenges. 4
5 Part 3: SMT Encodings Exercise A Consider method Blank. method Blank ( a : array<int >) r e t u r n s ( ) m o d i f i e s a ; r e q u i r e s a!= n u l l ; e n s u r e s f o r a l l i : : 0 <= i < a. Length ==> a [ i ] == 0 ; var k : i n t := 0 ; while ( k<a. Length ) i n v a r i a n t 0 <= k <= a. Length ; i n v a r i a n t f o r a l l i : : 0 <= i < k ==> a [ i ] == 0 ; d e c r e a s e s a. Length k ; a [ k ] := 0 ; k := k + 1 ; Remark: Source code available as blank.dfy Use the same steps as in Exercise 1 to understand the generated SMT problems. In particular, we recommend that you make small variations in your program, and study the changes in the generated SMT problems. For example, commenting out parts of the specifications and/or code and then re-running and re-inspecting allows you to see what traces to what. 5
6 Exercise B This is the well-known Zune leap year bug. Consider the following loop : while ( days > 365) d e c r e a s e s days ; i f ( IsLeapYear ( year ) ) i f ( days > 366) days := days 366; year := year + 1 ; e l s e days := days 365; year := year + 1 ; Remark: Source code available as zune.dfy It is supposed to convert a large number of days into a number of years and a day of the year. Use Dafny model printing to find an initial value, where the loop fails to work. 6
BOOGIE. Presentation by Itsik Hefez A MODULAR REUSABLE VERIFIER FOR OBJECT-ORIENTED PROGRAMS MICROSOFT RESEARCH
BOOGIE A MODULAR REUSABLE VERIFIER FOR OBJECT-ORIENTED PROGRAMS MICROSOFT RESEARCH Presentation by Itsik Hefez Introduction Boogie is an intermediate verification language, intended as a layer on which
More informationCOMP 507: Computer-Aided Program Design
Fall 2014 April 7, 2015 Goal: Correctness proofs Prove that an algorithm written in an imperative language is correct Induction for algorithmic correctness Induction for functional programs: The program
More informationDafny: An Automatic Program Verifier for Functional Correctness Paper by K. Rustan M. Leino (Microsoft Research)
Dafny: An Automatic Program Verifier for Functional Correctness Paper by K. Rustan M. Leino (Microsoft Research) Presentation by Patrick Spettel Seminar: Research Topics in Software Engineering, Spring
More informationThe Boogie Intermediate Language
The Boogie Intermediate Language What is BoogiePL? A simplified C-like language that s structured for verification tasks Has constructs that allow specification of assumptions and axioms, as well as assertions
More informationLecture 10 Design by Contract
CS 5959 Writing Solid Code Fall 2015 Nov-23 Lecture 10 Design by Contract Zvonimir Rakamarić University of Utah Design by Contract Also called assume-guarantee reasoning Developers annotate software components
More informationTesting, Debugging, and Verification
Testing, Debugging, and Verification Formal Specification, Part II Srinivas Pinisetty 23 November 2017 Introduction Today: Introduction to Dafny: An imperative language with integrated support for formal
More informationProgramming Languages 3. Definition and Proof by Induction
Programming Languages 3. Definition and Proof by Induction Shin-Cheng Mu Oct. 22, 2015 Total Functional Programming The next few lectures concerns inductive definitions and proofs of datatypes and programs.
More informationBOBJ: A Quickstart for Software Engineers
BOBJ: A Quickstart for Software Engineers Lutz Hamel Dept. of Computer Science and Statistics University of Rhode Island Kingston, RI 02881 hamel@cs.uri.edu DRAFT 12/7/03 Getting Started BOBJ is a specification
More informationWeek 3 Lecture 2. Types Constants and Variables
Lecture 2 Types Constants and Variables Types Computers store bits: strings of 0s and 1s Types define how bits are interpreted They can be integers (whole numbers): 1, 2, 3 They can be characters 'a',
More informationUsing Dafny, an Automatic Program Verifier
Downloaded from orbit.dtu.dk on: Nov 24, 2017 Using Dafny, an Automatic Program Verifier Herbert, Luke Thomas; Leino, K. Rustan M.; Carvalho Quaresma, Jose Nuno Publication date: 2011 Link back to DTU
More information1.3. Conditional expressions To express case distinctions like
Introduction Much of the theory developed in the underlying course Logic II can be implemented in a proof assistant. In the present setting this is interesting, since we can then machine extract from a
More informationCMPSCI 250: Introduction to Computation. Lecture #14: Induction and Recursion (Still More Induction) David Mix Barrington 14 March 2013
CMPSCI 250: Introduction to Computation Lecture #14: Induction and Recursion (Still More Induction) David Mix Barrington 14 March 2013 Induction and Recursion Three Rules for Recursive Algorithms Proving
More informationIdentify recursive algorithms Write simple recursive algorithms Understand recursive function calling
Recursion Identify recursive algorithms Write simple recursive algorithms Understand recursive function calling With reference to the call stack Compute the result of simple recursive algorithms Understand
More informationIncremental Proof Development in Dafny
15-414 Lecture 17 1 Instructor: Matt Fredrikson Incremental Proof Development in Dafny TA: Ryan Wagner In this discussion, we ll see in more detail how to go about proving the total correctness of imperative
More informationCIS 194: Homework 6. Due Wednesday, 4 March. Fibonacci numbers. It s all about being lazy.
CIS 194: Homework 6 Due Wednesday, 4 March It s all about being lazy. Fibonacci numbers The Fibonacci numbers F n are defined as the sequence of integers, beginning with 1 and 1, where every integer in
More informationLecture 22. While Loops
Lecture 22 While Loops Announcements for This Lecture Assignments Prelim 2 A5 is now graded Will be returned in lab Mean: 52 Median: 53 Std Dev: 5.5 Passing Grade: 30 A6 due next Tuesday Dataset should
More informationHaskell Types COMP360
Haskell Types COMP360 No computer has ever been designed that is ever aware of what it's doing; but most of the time, we aren't either. Marvin Minsky Haskell Programming Assignment A Haskell programming
More informationCSE100 Principles of Programming with C++
1 Instructions You may work in pairs (that is, as a group of two) with a partner on this lab project if you wish or you may work alone. If you work with a partner, only submit one lab project with both
More informationESC/Java2 Use and Features
ESC/Java2 Use and Features The ESC/Java2 tool David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry & Erik Poll - ESC/Java2
More informationESC/Java2 Use and Features
ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry & Erik Poll - ESC/Java2 & JML Tutorial
More informationTesting, Debugging, and Verification exam DIT082/TDA567. Day: 9 January 2016 Time: Will be published mid February or earlier
Testing, Debugging, and Verification exam DIT08/TDA567 Responsible: Day: 9 January 016 Time: 14 00 18 00 Atze van der Ploeg Results: Extra aid: Will be published mid February or earlier Only dictionaries
More informationto calculate Fib(N) very quickly 1 Task 1: High-school algebra helps to design your program
University of New South Wales SENG 2011 Software Engineering Workshop 2A 2014 Session 1 Assignment 2 Using coupling invariants to calculate Fib(N) very quickly Due Friday of Week 7 (Good Friday) 1 18 April
More informationCase study: compare and swap
Arrays Arrays are objects on the heap. Arrays are accessed by pointers. Arrays are sequences of mutable locations: its items. Arrays have an immutable Length field. var a := new int[5]; a[0], a[1], a[2],
More informationCSCI-1200 Data Structures Spring 2018 Lecture 7 Order Notation & Basic Recursion
CSCI-1200 Data Structures Spring 2018 Lecture 7 Order Notation & Basic Recursion Review from Lectures 5 & 6 Arrays and pointers, Pointer arithmetic and dereferencing, Types of memory ( automatic, static,
More informationCIS 194: Homework 6. Due Monday, February 25. Fibonacci numbers
CIS 194: Homework 6 Due Monday, February 25 Files you should submit: Fibonacci.hs This week we learned about Haskell s lazy evaluation. This homework assignment will focus on one particular consequence
More informationCorrectness of specifications. Correctness. Correctness of specifications (2) Example of a Correctness Proof. Testing versus Correctness Proofs
CS 390 Lecture 17 Correctness A product is correct if it satisfies its output specifications when operated under permitted conditions Correctness of specifications Incorrect specification for a sort (Figure
More informationCS Lecture 19: Loop invariants
CS 1110 Lecture 19: Loop invariants Announcements Prelim 2 conflicts Today (April 2) is two weeks before the prelim, and the deadline for submitting prelim conflicts. Instructor travel This week and the
More informationTrends in Automated Verification
Trends in Automated Verification K. Rustan M. Leino Senior Principal Engineer Automated Reasoning Group (ARG), Amazon Web Services 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
More informationSoftware Verification for Java 5
Software Verification for Java 5 KeY Symposium 2007 Mattias Ulbrich June 14, 2007 Content KeY + Java 5 Typesafe Enumeration Datatypes Enhanced For Loops Generic Classes 1. Keep pace with the progress of
More informationFunctional Programming. Overview. Topics. Definition n-th Fibonacci Number. Graph
Topics Functional Programming Christian Sternagel Harald Zankl Evgeny Zuenko Department of Computer Science University of Innsbruck WS 2017/2018 abstract data types, algebraic data types, binary search
More informationRecursion and Induction
Recursion and Induction Paul S. Miner NASA Langley Formal Methods Group p.s.miner@nasa.gov 28 November 2007 Outline Recursive definitions in PVS Simple inductive proofs Automated proofs by induction More
More informationRecitation 1. Scan. 1.1 Announcements. SkylineLab has been released, and is due Friday afternoon. It s worth 125 points.
Recitation 1 Scan 1.1 Announcements SkylineLab has been released, and is due Friday afternoon. It s worth 125 points. BignumLab will be released on Friday. 1 2 RECITATION 1. SCAN 1.2 What is scan? In the
More informationIntroduction to Programming in C Department of Computer Science and Engineering. Lecture No. #06 Loops: Operators
Introduction to Programming in C Department of Computer Science and Engineering Lecture No. #06 Loops: Operators We have seen comparison operators, like less then, equal to, less than or equal. to and
More informationComputing Fundamentals 2 Introduction to CafeOBJ
Computing Fundamentals 2 Introduction to CafeOBJ Lecturer: Patrick Browne Lecture Room: K408 Lab Room: A308 Based on work by: Nakamura Masaki, João Pascoal Faria, Prof. Heinrich Hußmann. See notes on slides
More informationCS61A Notes Disc 11: Streams Streaming Along
CS61A Notes Disc 11: Streams Streaming Along syntax in lecture and in the book, so I will not dwell on that. Suffice it to say, streams is one of the most mysterious topics in CS61A, trust than whatever
More informationSymbolic and Concolic Execution of Programs
Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015 Information Security, CS 526 1 Reading for this lecture Symbolic execution and program testing - James
More informationGoal. Overflow Checking in Firefox. Sixgill. Sixgill (cont) Verifier Design Questions. Sixgill: Properties 4/8/2010
Goal Overflow Checking in Firefox Brian Hackett Can we clean a code base of buffer overflows? Keep it clean? Must prove buffer accesses are in bounds Verification: prove a code base has a property Sixgill
More informationFinding heap-bounds for hardware synthesis
Finding heap-bounds for hardware synthesis B. Cook + A. Gupta # S. Magill* A. Rybalchenko # J. Simsa* S. Singh + V. Vafeiadis + *CMU # MPI-SWS + MSR Coding hardware in advanced languages Use of advanced
More informationGNATprove a Spark2014 verifying compiler Florian Schanda, Altran UK
1 GNATprove a Spark2014 verifying compiler Florian Schanda, Altran UK Tool architecture User view Source gnatprove Verdict 2 Tool architecture More detailed view... Source Encoding CVC4 gnat2why gnatwhy3
More informationG Programming Languages - Fall 2012
G22.2110-003 Programming Languages - Fall 2012 Lecture 4 Thomas Wies New York University Review Last week Control Structures Selection Loops Adding Invariants Outline Subprograms Calling Sequences Parameter
More informationAdvances in Programming Languages
T O Y H Advances in Programming Languages APL4: JML The Java Modeling Language David Aspinall (slides originally by Ian Stark) School of Informatics The University of Edinburgh Thursday 21 January 2010
More informationMastering Multiprecision Arithmetic
Mastering Multiprecision Arithmetic Norman Ramsey April 2018 Introduction Uncivilized programming languages provide crappy integer arithmetic. You better hope your results fit in a machine word if they
More informationFormally Certified Satisfiability Solving
SAT/SMT Proof Checking Verifying SAT Solver Code Future Work Computer Science, The University of Iowa, USA April 23, 2012 Seoul National University SAT/SMT Proof Checking Verifying SAT Solver Code Future
More informationOperators in C. Staff Incharge: S.Sasirekha
Operators in C Staff Incharge: S.Sasirekha Operators An operator is a symbol which helps the user to command the computer to do a certain mathematical or logical manipulations. Operators are used in C
More informationWe first learn one useful option of gcc. Copy the following C source file to your
Lecture 5 p.1 Faculty of Computer Science, Dalhousie University CSCI 2132 Software Development Lab 5: gcc and gdb tools 10-Oct-2018 Location: Teaching Labs Time: Thursday Instructor: Vlado Keselj Lab 5:
More informationInduction and Semantics in Dafny
15-414 Lecture 11 1 Instructor: Matt Fredrikson Induction and Semantics in Dafny TA: Ryan Wagner Encoding the syntax of Imp Recall the abstract syntax of Imp: a AExp ::= n Z x Var a 1 + a 2 b BExp ::=
More informationRepetitive Program Execution
Repetitive Program Execution Quick Start Compile step once always mkdir labs javac Vowel3java cd labs mkdir 3 Execute step cd 3 java Vowel3 cp /samples/csc/156/labs/3/* Submit step emacs Vowel3java & submit
More informationIntroduction to Programming in Turing. Input, Output, and Variables
Introduction to Programming in Turing Input, Output, and Variables The IPO Model The most basic model for a computer system is the Input-Processing-Output (IPO) Model. In order to interact with the computer
More informationWhy3 where programs meet provers
Why3 where programs meet provers Jean-Christophe Filliâtre CNRS KeY Symposium 2017 Rastatt, Germany October 5, 2017 history started in 2001, as an intermediate language in the process of verifying C and
More informationCSE507. Practical Applications of SAT. Computer-Aided Reasoning for Software. Emina Torlak
Computer-Aided Reasoning for Software CSE507 Practical Applications of SAT courses.cs.washington.edu/courses/cse507/18sp/ Emina Torlak emina@cs.washington.edu Today Past 2 lectures The theory and mechanics
More informationCS13002 Programming and Data Structures, Spring 2005
CS13002 Programming and Data Structures, Spring 2005 Mid-semester examination : Solutions Roll no: FB1331 Section: @ Name: Foolan Barik Answer all questions. Write your answers in the question paper itself.
More informationLecture 10: Recursion vs Iteration
cs2010: algorithms and data structures Lecture 10: Recursion vs Iteration Vasileios Koutavas School of Computer Science and Statistics Trinity College Dublin how methods execute Call stack: is a stack
More informationCredit Cards. Validating Credit Cards. Answers
Answers 7 8 9 10 11 12 TI-Nspire Coding Student 60 min Validating Credit Cards Imagine you are building a website that requires financial transactions to take place. Users need to enter their credit card
More informationCSc 225 Algorithms and Data Structures I Case Studies
CSc 225 Algorithms and Data Structures I Case Studies Jianping Pan Fall 2007 9/12/07 CSc 225 1 Things we have so far Algorithm analysis pseudo code primitive operations worst-case scenarios Asymptotic
More informationCS 2110 Fall Instructions. 1 Installing the code. Homework 4 Paint Program. 0.1 Grading, Partners, Academic Integrity, Help
CS 2110 Fall 2012 Homework 4 Paint Program Due: Wednesday, 12 November, 11:59PM In this assignment, you will write parts of a simple paint program. Some of the functionality you will implement is: 1. Freehand
More informationOutline. software testing: search bugs black-box and white-box testing static and dynamic testing
Outline 1 Verification Techniques software testing: search bugs black-box and white-box testing static and dynamic testing 2 Programming by Contract assert statements in Python using preconditions and
More informationSankalchand Patel College of Engineering - Visnagar Department of Computer Engineering and Information Technology. Assignment
Class: V - CE Sankalchand Patel College of Engineering - Visnagar Department of Computer Engineering and Information Technology Sub: Design and Analysis of Algorithms Analysis of Algorithm: Assignment
More informationRecursion. Chapter 7. Copyright 2012 by Pearson Education, Inc. All rights reserved
Recursion Chapter 7 Contents What Is Recursion? Tracing a Recursive Method Recursive Methods That Return a Value Recursively Processing an Array Recursively Processing a Linked Chain The Time Efficiency
More informationUnit 3. Operators. School of Science and Technology INTRODUCTION
INTRODUCTION Operators Unit 3 In the previous units (unit 1 and 2) you have learned about the basics of computer programming, different data types, constants, keywords and basic structure of a C program.
More informationFrom Event-B Models to Dafny Code Contracts
From Event-B Models to Dafny Code Contracts Mohammadsadegh Dalvandi, Michael Butler, Abdolbaghi Rezazadeh Electronic and Computer Science School, University of Southampton Southampton, United Kingdom {md5g11,mjb,ra3}@ecs.soton.ac.uk
More informationESC/Java2 vs. JMLForge. Juan Pablo Galeotti, Alessandra Gorla, Andreas Rau Saarland University, Germany
ESC/Java2 vs. JMLForge Juan Pablo Galeotti, Alessandra Gorla, Andreas Rau Saarland University, Germany ESC/Java2: the formula is built using Dijsktra s Weakes precondition. Automatic theorem prover: Simplify
More informationOutline for Today CSE 142. CSE142 Wi03 G-1. withdraw Method for BankAccount. Class Invariants
CSE 142 Outline for Today Conditional statements if Boolean expressions Comparisons (=,!=, ==) Boolean operators (and, or, not - &&,,!) Class invariants Conditional Statements & Boolean Expressions
More informationSoftwaretechnik. Lecture 08: Testing and Debugging Overview. Peter Thiemann SS University of Freiburg, Germany
Softwaretechnik Lecture 08: Testing and Debugging Overview Peter Thiemann University of Freiburg, Germany SS 2012 Literature Essential Reading Why Programs Fail: A Guide to Systematic Debugging, A Zeller
More informationStreams. CS21b: Structure and Interpretation of Computer Programs Spring Term, 2004
Streams CS21b: Structure and Interpretation of Computer Programs Spring Term, 2004 We ve already seen how evaluation order can change behavior when we program with state. Now we want to investigate how
More informationLaboratory 5: Implementing Loops and Loop Control Strategies
Laboratory 5: Implementing Loops and Loop Control Strategies Overview: Objectives: C++ has three control structures that are designed exclusively for iteration: the while, for and do statements. In today's
More informationLecture Notes on Contracts
Lecture Notes on Contracts 15-122: Principles of Imperative Computation Frank Pfenning Lecture 2 August 30, 2012 1 Introduction For an overview the course goals and the mechanics and schedule of the course,
More informationSoftwaretechnik. Lecture 08: Testing and Debugging Overview. Peter Thiemann SS University of Freiburg, Germany
Softwaretechnik Lecture 08: Testing and Debugging Overview Peter Thiemann University of Freiburg, Germany SS 2012 Literature Essential Reading Why Programs Fail: A Guide to Systematic Debugging, A Zeller
More informationFrom Z3 to Lean, Efficient Verification
From Z3 to Lean, Efficient Verification Turing Gateway to Mathematics, 19 July 2017 Leonardo de Moura, Microsoft Research Joint work with Nikolaj Bjorner and Christoph Wintersteiger Satisfiability Solution/Model
More informationINF121: Functional Algorithmic and Programming
INF121: Functional Algorithmic and Programming Lecture 7: Tree-based structures Academic Year 2011-2012 About Trees Some motivation and intuition Presidency of a University: President VP Admin VP Research
More informationRecursion. Chapter 17 CMPE13. Cyrus Bazeghi
Recursion Chapter 17 CMPE13 Cyrus Bazeghi What is Recursion? A recursive function is one that solves its task by calling itself on smaller pieces of data. Similar to recurrence function in mathematics.
More informationLecture 1 Contracts. 1 A Mysterious Program : Principles of Imperative Computation (Spring 2018) Frank Pfenning
Lecture 1 Contracts 15-122: Principles of Imperative Computation (Spring 2018) Frank Pfenning In these notes we review contracts, which we use to collectively denote function contracts, loop invariants,
More information! Determine if a number is odd or even. ! Determine if a number/character is in a range. - 1 to 10 (inclusive) - between a and z (inclusive)
Final Exam Exercises Chapters 1-7 + 11 Write C++ code to:! Determine if a number is odd or even CS 2308 Fall 2018 Jill Seaman! Determine if a number/character is in a range - 1 to 10 (inclusive) - between
More informationLists. Michael P. Fourman. February 2, 2010
Lists Michael P. Fourman February 2, 2010 1 Introduction The list is a fundamental datatype in most functional languages. ML is no exception; list is a built-in ML type constructor. However, to introduce
More informationESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen
ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry & Erik Poll - ESC/Java2 & JML Tutorial
More informationDeductive Program Verification with Why3, Past and Future
Deductive Program Verification with Why3, Past and Future Claude Marché ProofInUse Kick-Off Day February 2nd, 2015 A bit of history 1999: Jean-Christophe Filliâtre s PhD Thesis Proof of imperative programs,
More informationProf. Dr. A. Podelski, Sommersemester 2017 Dr. B. Westphal. Softwaretechnik/Software Engineering
Prof. Dr. A. Podelski, Sommersemester 2017 Dr. B. Westphal Softwaretechnik/Software Engineering http://swt.informatik.uni-freiburg.de/teaching/ss2017/swtvl Exercise Sheet 6 Early submission: Wednesday,
More informationOutline. Introduction. 2 Proof of Correctness. 3 Final Notes. Precondition P 1 : Inputs include
Outline Computer Science 331 Correctness of Algorithms Mike Jacobson Department of Computer Science University of Calgary Lectures #2-4 1 What is a? Applications 2 Recursive Algorithms 3 Final Notes Additional
More informationEECE.3170: Microprocessor Systems Design I Summer 2017 Homework 4 Solution
1. (40 points) Write the following subroutine in x86 assembly: Recall that: int f(int v1, int v2, int v3) { int x = v1 + v2; urn (x + v3) * (x v3); Subroutine arguments are passed on the stack, and can
More informationOverview. Verification with Functions and Pointers. IMP with assertions and assumptions. Proof rules for Assert and Assume. IMP+: IMP with functions
Overview Verification with Functions and Pointers Işıl Dillig The IMP language considered so far does not have many features of realistics PLs Our goal today: Enrich IMP with two features, namely functions
More informationComputer Science & Engineering 150A Problem Solving Using Computers. Chapter 5. Repetition in Programs. Notes. Notes. Notes. Lecture 05 - Loops
Computer Science & Engineering 150A Problem Solving Using Computers Lecture 05 - Loops Stephen Scott (Adapted from Christopher M. Bourke) 1 / 1 Fall 2009 cbourke@cse.unl.edu Chapter 5 5.1 Repetition in
More informationRecursion. Tjark Weber. Functional Programming 1. Based on notes by Sven-Olof Nyström. Tjark Weber (UU) Recursion 1 / 37
Tjark Weber Functional Programming 1 Based on notes by Sven-Olof Nyström Tjark Weber (UU) Recursion 1 / 37 Background FP I / Advanced FP FP I / Advanced FP This course (Functional Programming I) (5 hp,
More informationECE G205 Fundamentals of Computer Engineering Fall Exercises in Preparation to the Midterm
ECE G205 Fundamentals of Computer Engineering Fall 2003 Exercises in Preparation to the Midterm The following problems can be solved by either providing the pseudo-codes of the required algorithms or the
More informationCIS 194: Homework 3. Due Wednesday, February 11, Interpreters. Meet SImPL
CIS 194: Homework 3 Due Wednesday, February 11, 2015 Interpreters An interpreter is a program that takes another program as an input and evaluates it. Many modern languages such as Java 1, Javascript,
More informationProgramming Languages Lecture 15: Recursive Types & Subtyping
CSE 230: Winter 2008 Principles of Programming Languages Lecture 15: Recursive Types & Subtyping Ranjit Jhala UC San Diego News? Formalize first-order type systems Simple types (integers and booleans)
More informationPrinciples of Computer Science
Principles of Computer Science Lecture 4 Dr. Horia V. Corcalciuc Horia Hulubei National Institute for R&D in Physics and Nuclear Engineering (IFIN-HH) February 10, 2016 Pointers: Assignment Pointer Assignment
More informationAutomatic Software Verification
Automatic Software Verification Instructor: Mooly Sagiv TA: Oded Padon Slides from Eran Yahav and the Noun Project, Wikipedia Course Requirements Summarize one lecture 10% one lecture notes 45% homework
More information2.1 Greedy Algorithms. 2.2 Minimum Spanning Trees. CS125 Lecture 2 Fall 2016
CS125 Lecture 2 Fall 2016 2.1 Greedy Algorithms We will start talking about methods high-level plans for constructing algorithms. One of the simplest is just to have your algorithm be greedy. Being greedy,
More informationDeductive Methods, Bounded Model Checking
Deductive Methods, Bounded Model Checking http://d3s.mff.cuni.cz Pavel Parízek CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Deductive methods Pavel Parízek Deductive Methods, Bounded
More informationSymbolic Execution and Proof of Properties
Chapter 7 Symbolic Execution and Proof of Properties Symbolic execution builds predicates that characterize the conditions under which execution paths can be taken and the effect of the execution on program
More informationProgramming in Omega Part 1. Tim Sheard Portland State University
Programming in Omega Part 1 Tim Sheard Portland State University Tim Sheard Computer Science Department Portland State University Portland, Oregon PSU PL Research at Portland State University The Programming
More informationCS101 Introduction to computing Problem Solving (Computing)
CS101 Introduction to computing Problem Solving (Computing) A. Sahu and S. V.Rao Dept of Comp. Sc. & Engg. Indian Institute of Technology Guwahati 1 Outline Problem Solving : Process involves Definition,
More informationLecture 1 Contracts : Principles of Imperative Computation (Fall 2018) Frank Pfenning
Lecture 1 Contracts 15-122: Principles of Imperative Computation (Fall 2018) Frank Pfenning In these notes we review contracts, which we use to collectively denote function contracts, loop invariants,
More informationProgramming in C++ 5. Integral data types
Programming in C++ 5. Integral data types! Introduction! Type int! Integer multiplication & division! Increment & decrement operators! Associativity & precedence of operators! Some common operators! Long
More informationSpring 2002: Fundamental Structures of Computer Science
Spring 2002: 15-211 Fundamental Structures of Computer Science Midterm Name: Andrew ID: Section or TA name: Instructions Fill out the Name/Andrew ID/Section box above now. This exam is open book, plus
More informationMathematical Induction
Mathematical Induction Victor Adamchik Fall of 2005 Lecture 3 (out of three) Plan 1. Recursive Definitions 2. Recursively Defined Sets 3. Program Correctness Recursive Definitions Sometimes it is easier
More informationP1 Engineering Computation
1EC 2001 1 / 1 P1 Engineering Computation David Murray david.murray@eng.ox.ac.uk www.robots.ox.ac.uk/ dwm/courses/1ec Hilary 2001 1EC 2001 2 / 1 Algorithms: Design, Constructs and Correctness 1EC 2001
More informationn HW7 due in about ten days n HW8 will be optional n No CLASS or office hours on Tuesday n I will catch up on grading next week!
Announcements SMT Solvers, Symbolic Execution n HW7 due in about ten days n HW8 will be optional n No CLASS or office hours on Tuesday n I will catch up on grading next week! n Presentations n Some of
More informationintroduction to Programming in C Department of Computer Science and Engineering Lecture No. #40 Recursion Linear Recursion
introduction to Programming in C Department of Computer Science and Engineering Lecture No. #40 Recursion Linear Recursion Today s video will talk about an important concept in computer science which is
More informationSubtraction Understand Subtraction on a Number Line Using a number line let s demonstrate the subtraction process using the problem 7 5.
Objective 1 Subtraction Understand Subtraction on a Number Line Using a number line let s demonstrate the subtraction process using the problem 7 5. -7-6 -5-4 -3-2 -1 0 1 2 3 4 5 6 7 Using the number line
More information15-122: Principles of Imperative Computation, Spring 2013
15-122 Homework 6 Page 1 of 13 15-122: Principles of Imperative Computation, Spring 2013 Homework 6 Programming: Huffmanlab Due: Thursday, April 4, 2013 by 23:59 For the programming portion of this week
More information