Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
sav08:proving_correctness_of_some_small_examples [2008/02/17 19:26] vkuncak |
sav08:proving_correctness_of_some_small_examples [2010/02/23 12:31] vkuncak |
||
|---|---|---|---|
| Line 46: | Line 46: | ||
| * [[Notion of inductive loop invariant]] | * [[Notion of inductive loop invariant]] | ||
| * What is and is not inductive loop invariant in this example | * What is and is not inductive loop invariant in this example | ||
| + | |||
| + | A verification condition formula for preserving an invariant: | ||
| + | |||
| + | ++++| | ||
| + | \[ | ||
| + | r = i * x \land i=i+1 \land r' = r + x \rightarrow r' = i' * x | ||
| + | \] | ||
| + | ++++ | ||
| + | * we will see methods to prove such invariants | ||
| === Transforming iterative version === | === Transforming iterative version === | ||
| Line 54: | Line 63: | ||
| {{sav08:integerdemo.java.txt|Examples of Functions with Specifications}} | {{sav08:integerdemo.java.txt|Examples of Functions with Specifications}} | ||
| - | |||
| - | As part of [[Homework01]], you will do more such examples. | ||
| === Some other Examples done in Jahob === | === Some other Examples done in Jahob === | ||
| * http://javaverification.org/ | * http://javaverification.org/ | ||
| + | |||
| + | === Another System === | ||
| + | |||
| + | * [[http://research.microsoft.com/en-us/projects/vcc|VCC: A Verifier for Concurrent C]] | ||