CSE3341

User Tools

Site Tools

You are here: W12-CSE3341M - Introduction to Program Verification » Course Outline
Trace:
course_outline

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
course_outline [2012/03/06 04:19] jonathancourse_outline [2012/04/03 20:06] (current) jonathan
Line 44: Line 44:
  
 In the previous example, the program was **reactive** (i.e. it had to control an external situation such as cars on a bridge). This chapter deals with a protocol used on a computer network to transfer data from a sender to a receiver. The example will also allow us to extend our mathematical language with sets, functions and relations. As usual we will start with a requirements document. The initial model tells us what the protocol is supposed to achieve without telling us how to achieve it; how to achieve it will be dealt with in succesive refinements. Note that the model presented in the slides (using the notion of an **anticipated** event) is different than that of the textbook. In the previous example, the program was **reactive** (i.e. it had to control an external situation such as cars on a bridge). This chapter deals with a protocol used on a computer network to transfer data from a sender to a receiver. The example will also allow us to extend our mathematical language with sets, functions and relations. As usual we will start with a requirements document. The initial model tells us what the protocol is supposed to achieve without telling us how to achieve it; how to achieve it will be dealt with in succesive refinements. Note that the model presented in the slides (using the notion of an **anticipated** event) is different than that of the textbook.
- 
  
 In the second refinement in the [[http://deploy-eprints.ecs.soton.ac.uk/114/1/sld.ch4.file.pdf|ftp protocol]] we did separate the sending and receiving agent. We had a lab session with Rodin, proving cross-products, powersets, relations and functions. In the second refinement in the [[http://deploy-eprints.ecs.soton.ac.uk/114/1/sld.ch4.file.pdf|ftp protocol]] we did separate the sending and receiving agent. We had a lab session with Rodin, proving cross-products, powersets, relations and functions.
Line 52: Line 51:
 Try a manual proof of the theorem needed for the theory of parity (in the ftp protocol). This theorem might be hard to prove. The suggestion is to first do the proof manually, which then makes it easier to do in Rodin. Using this approach, we were able to derive a Lemma that was helpful in the Rodin proof.  Try a manual proof of the theorem needed for the theory of parity (in the ftp protocol). This theorem might be hard to prove. The suggestion is to first do the proof manually, which then makes it easier to do in Rodin. Using this approach, we were able to derive a Lemma that was helpful in the Rodin proof. 
  
-Exercise for this week: Do the initial model of the celebrity example (from the Exercises). Formalize the problem in Event-B using a "knows" relation. Recall the indentity and inverse relations and show how the Celebrity axioms could be written in predicate logic or set theory. The celebrity example is one of the exercises that you must do in advance of Labtest2.    
  
 +**Exercises 11 and 12 in preparation for Labtest2**: Ex 11: ftp protocol. Ex12: Do the initial model of the celebrity example (from the Exercises). Formalize the problem in Event-B using a "knows" relation. Recall the indentity and inverse relations and show how the Celebrity axioms could be written in predicate logic or set theory. The celebrity example is one of the exercises that you must do in advance of Labtest2.   
  
  
-Review on your own: Relations, functions, identity relation, inverse. Feasibility proof obligations for non-deterministic assignment, witness (WITH) for local variable refinements, convergence and proof obligations.+**Required reading**: all of chapter IV and chapter V (Event-B proof obligation rules). Injections, surjections and bijections in Event-B. Review: Relations, functions, identity relation, inverse. Feasibility proof obligations for non-deterministic assignment, witness (WITH) for local variable refinements, convergence and proof obligations.
  
-**Required reading**: all of chapter IV and chapter V (Event-B proof obligation rules). 
  
  
 + 
  
-Injections, surjections and bijections in Event-B. +===== Sequential Programs =====
  
 Requirements for the sorting algorithm. Initial specification using an anticipated event. First and second refinements leading to the use of merge rules for a loop within a loop. For the slides see [[http://deploy-eprints.ecs.soton.ac.uk/122/1/sld.ch15%2Cseq.pdf|Sequential Programs]]. Requirements for the sorting algorithm. Initial specification using an anticipated event. First and second refinements leading to the use of merge rules for a loop within a loop. For the slides see [[http://deploy-eprints.ecs.soton.ac.uk/122/1/sld.ch15%2Cseq.pdf|Sequential Programs]].
  
  
-Tuesday: Data refinement and Procedural Refinement. Illustration of these concepts using the Birthday Book example in which we write an initial specification, do a data refinement, followed by a procedural refinement; finally a merge produces code.+Discussion. (a) Data refinement and Procedural Refinement. Illustration of these concepts using the Birthday Book example in which we write an initial specification, do a data refinement, followed by a procedural refinement; finally a merge produces code. (b) BAG abstract datatype. 
 + 
 +In class we provided the following requirement: 
 + 
 +REQ: Find an integer approximation to the square root of n. 
 + 
 +**Specification** 
 + 
 +  n,d: INT 
 + 
 +  sqrt 
 +    require n >= 0 
 +    ensure (d^2 <= n < (d+1)^2) & (n = old n)  
 + 
 +Problem: Convert the above specification ito Rodin and use Rodin refinement rules to develop the code for the method //sqrt//. 
 + 
 +We did the celebrity problem ind detail including the addition of a variant for the new event and witnesses for disappearing parameters. We also studied injections, surjection and bijections of functions and relations. See Rodin folder. 
 + 
 +Review of arithmetic, set theory, predicate logic and Event-B invariant and refinement proof obligations. Translation between set theoretic statements and predicate logic. Re-write rules. 
 + 
 +===== Weakest Preconditions=====
  
-BAG abstract datatype.+We did not cover weakest preconditions.
  
-===== Week 12=====+Dijkstra weakest precondition calculus and loop variants and invariants.Proving loop termination. Relationship of Dijkstra weakest precondition calculus to Event-B. Slides on the SVN.
  
-Tuesday: Dijkstra weakest precondition calculus and loop variants and invariants.Proving loop termination. Relationship of Dijkstra weakest precondition calculus to Event-B. Slides on the SVN. 
  
-Thursday: Review of arithmetic, set theory, predicate logic and Event-B invariant and refinement proof obligations. Translation between set theoretic statements and predicate logic. Re-write rules. 
  
-===== Week 13===== 
  
-Work through a complete example: requirements document, initial specification, refinements etc. 
  
  
course_outline.1331007568.txt.gz · Last modified: 2012/03/06 04:19 by jonathan
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki