Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
sav08:proving_correctness_of_some_small_examples [2008/02/17 19:18] vkuncak |
sav08:proving_correctness_of_some_small_examples [2015/04/21 17:30] (current) |
||
---|---|---|---|
Line 27: | Line 27: | ||
* [[Proof of first lecture01 example]] | * [[Proof of first lecture01 example]] | ||
- | === An Iterative Example | + | === An Iterative Example === |
<code> | <code> | ||
Line 46: | Line 46: | ||
* [[Notion of inductive loop invariant]] | * [[Notion of inductive loop invariant]] | ||
* What is and is not inductive loop invariant in this example | * What is and is not inductive loop invariant in this example | ||
+ | |||
+ | A verification condition formula for preserving an invariant: | ||
+ | |||
+ | ++++| | ||
+ | \begin{equation*} | ||
+ | r = i * x \land i=i+1 \land r' = r + x \rightarrow r' = i' * x | ||
+ | \end{equation*} | ||
+ | ++++ | ||
+ | * we will see methods to prove such invariants | ||
=== Transforming iterative version === | === Transforming iterative version === | ||
- | === Summary === | + | * changing initial condition |
+ | |||
+ | === Summary of these Small Examples === | ||
{{sav08:integerdemo.java.txt|Examples of Functions with Specifications}} | {{sav08:integerdemo.java.txt|Examples of Functions with Specifications}} | ||
- | As part of homework, you will have another such example. | + | === Some other Examples done in Jahob === |
+ | |||
+ | * http://javaverification.org/ | ||
+ | |||
+ | === Another System === | ||
+ | |||
+ | * [[http://research.microsoft.com/en-us/projects/vcc|VCC: A Verifier for Concurrent C]] |