Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.

For the best experience please use the latest Chrome, Safari or Firefox browser.

Software Verification
Floyd's method

What to proof?

Code

// int i is set to 5 int x =0; while(i>0){ x++; i--; }

Flowchart

Flowchart

Flowchart

Flowchart

Flowchart

Flowchart

Flowchart

Flowchart

Flowchart

Flowchart

Axiom 1

If $ V_c(\textbf{P};\textbf{Q}) $ and $ V_c(\textbf{P'};\textbf{Q'}) $, then $ V_c(\textbf{P} \wedge \textbf{P'}; \textbf{Q} \wedge \textbf{Q'}) $


Axiom 2

If $ V_c(\textbf{P};\textbf{Q}) $ and $ V_c(\textbf{P'};\textbf{Q'}) $, then $ V_c(\textbf{P} \vee \textbf{P'}; \textbf{Q} \vee \textbf{Q'}) $


Axiom 3

If $ V_c(\textbf{P};\textbf{Q}) $ and $ V_c(\textbf{P'};\textbf{Q'}) $, then $ V_c( (\exists x) (\textbf{P}); ( \exists x) (\textbf{Q}) ) $


Axiom 4

If $ V_c(\textbf{P};\textbf{Q}) $ and $ \textbf{R} \vdash \textbf{P} $, $\textbf{Q} \vdash \textbf{S}$, then $ V_c(\textbf{R};\textbf{S}) $


Corollary

If $ V_c(\textbf{P};\textbf{Q}) $ and $ \vdash (\textbf{P} \equiv \textbf{R})$, $ \vdash (\textbf{Q} \equiv \textbf{S})$, then $ V_c(\textbf{R};\textbf{S}) $

Termination

Lazy Abstraction

Lazy Abstraction

Code

Control flow automation

Forward search

Backwards counterexample analysis

Search with new predicate

Making use of subtrees

Different abstractions

Problem: loops

Problem: loops

Advantages

Abstraction from Proofs

Parsimony

Relationships are only specified between current values of variables and those, which are required for proving correctness.


Precision

- No false errors
- No overlooking of errors


Scaleability

Works for large code samples.

Lazy Abstraction

Craig interpolation

Craig interpolant: $\psi=$Craig$(\varphi^{-}, \varphi^{+})$

$\varphi^{-}$ implies $\psi$

$\psi \wedge \phi^{+}$ is unsatisfiable

$\psi$ contains only symbols common to $\varphi^{-}$ and $\varphi^{+}$

Craig interpolation

Craig interpolation

assume( lock = 0 ) lock = 1 old = new assume (lock = 1) lock = 0 new = new +1 assume (new = old) assume (lock = 0 ) Error
$L_0 = 0$ $L_1 = 1$ $old_0 = new_0$ $L_1 = 1$ discard $L_2 = 0$ $new_1 = new_0 +1$ $new_1 = old_0$ $L_2 = 0$ discard

Craig interpolation

$\varphi_1^{-}$: $L_0$
$\varphi_1^{+}$: $L_1 \wedge old_0 = new_0 \wedge L_2=0 \wedge new_1= new_0+1 \wedge new_1 = old_0$
$\psi_1$: $true$

$\varphi_2^{-}$: $true \wedge L_1 =1$
$\varphi_2^{+}$: $old_0 = new_0 \wedge L_2 = 0 \wedge new_1 = new_0 +1 \wedge new_1 = old_0$
$\psi_1$: $true$

$\varphi_3^{-}$: $true \wedge old_0 = new_0$
$\varphi_3^{+}$: $L_2 = 0 \wedge new_1 = new_0 + 1 \wedge new_1 = old_0$
$\psi_3$: $old_0 = new_0$

Craig interpolation

$\varphi_3^{-}$: $true \wedge old_0 = new_0$
$\varphi_3^{+}$: $L_2 = 0 \wedge new_1 = new_0 + 1 \wedge new_1 = old_0$
$\psi_3$: $old_0 = new_0$

$\varphi_4^{-}$: $old_0 = new_0 \wedge L_2 = 0$
$\varphi_4^{+}$: $new_1 = new_0 +1 \wedge new_1 = old_0$
$\psi_4$: $old_0 = new_0$

$\varphi_5^{-}$: $old_0 = new_0 \wedge new_1 = new_0 + 1$
$\varphi_5^{+}$: $new_1 = old_0$
$\psi_5$: $old_0 = new_1 -1$

$\varphi_6^{-}$: $old_0 = new_1 -1 \wedge new_1 = old_0$ Empty

Sources

Questions?