Upload
erik-griffin
View
225
Download
0
Embed Size (px)
DESCRIPTION
Logical Specification of Correctness Properties The formula is called an invariant because it must always be true. Invariants are proved using induction, not over the natural numbers, but over all possible states of computation. (a)Prove A holds in the initial (base) case. (b)Assume that A is true is all states up the the current state (c) Prove that A is true in the next state (inductive step). If (a) and (c) can be proved we can conclude that A is true for all states of all computations.
Citation preview
Lecture 4Correctness and Fairness
Verification and Assurance
Concurrent programs can have errors that cannot be discovered by testing.
We review specification or correctness properties.
We use inductive proofs of invariants to ensure correctness of concurrent programs.
As we have seen construction of state diagrams can be impractical for real programs.
We can use a computer program to construct and check a state diagram. Such a program is called a model checker.
Introduction of Specification and Verification
Logical Specification of Correctness Properties
The formula is called an invariant because it must always be true.
Invariants are proved using induction, not over the natural numbers, but over all possible states of computation.
(a) Prove A holds in the initial (base) case.
(b) Assume that A is true is all states up the the current state
(c) Prove that A is true in the next state (inductive step).
If (a) and (c) can be proved we can conclude that A is true for all states of all computations.
Is Mutual Exclusion Enforced?
(p34p5↔wantp " " )
¬ (𝑝 4∧𝑞 4 )
𝑝 3∨𝑝 4∨𝑝5→𝑤𝑎𝑛𝑡𝑝
By induction we can show that and
By symmetric we can argue that what is true for p is true for qso
Mutual Exclusion is enforced if is an invariant.
Basic Concepts of Temporal Logic
The truth value of any logical statement about a computer program may change during its execution. First-order logic does not provide for this circumstance.
Always
Eventually
Duality
Sequences of Operatorseventually will be always true
Order of Operators affects Meaning
Until and Weak-Until
K-Bounded Overtaking
Lamport’s Bakery Algorithm is an example of k-bounded overtaking for what value of k?
Deductive Proof of Dekker's Algorithm
Reasoning about Progress