versionesc
esc 时间:2021-02-23 阅读:()
ESCJavaStaticAnalysisSpectrumPowerCostTypecheckingData-flowanalysisModelcheckingProgramverificationAutomatedManualESCIsThisProgramCorrectintsquare(intn)intk=0,r=0,s=1;while(k!
=n)r=r+s;s=s+2;k=k+1;returnr;}TypecheckingnotenoughtocheckthisNeitherisdata-flowanalysis,normodelcheckingProgramVerificationProgramverificationisthemostpowerfulstaticanalysismethodCanreasonaboutallpropertiesofprogramsCannotfullyautomateBut…Canautomatecertainparts(ESC/Java)TeacheshowtoreasonaboutprogramsinasystematicwaySpecifyingProgramsBeforewecheckaprogramwemustspecifywhatitdoesWeneedformalspecificationsEnglishcommentsarenotenoughWeuselogicnotationTheoryofpre-andpost-conditionsStatePredicatesApredicateisabooleanexpressionontheprogramstate(e.
g.
,variables,objectfields)Examples:x==8x=0)UsingPredicatestoSpecifyProgramsWefocusfirstonhowtospecifyastatementHoaretripleforstatementS{P}S{Q}SaysthatifSisstartedinastatethatsatisfiesP,andSterminates,thenitterminatesinQThisistheliberalversion,whichdoesn'tcareaboutterminationStrictversion:ifSisstartedinastatethatsatisfiesPthenSterminatesinQpreconditionpostconditionHoareTriples.
Examples.
{true}x=12{x==12}{y>=0}x=12{x==12}{true}x=12{x>=0}(Programssatisfymanypossiblespecifications){x=0}x=fact(n){x==n!
}{true}a=0;if(x!
=0){a=2*x;}{a==2*x}ComputingHoareTriplesWecomputethetriplesusingrulesOneruleforeachstatementkindRulesforcomposedstatementsAssignmentAssignmentisthesimplestoperationandthetrickiestonetoreasonabout!
{y>=2}x=5{}{x==y}x=x+1x=5{x==y}{}x=x+1{x==y}{}x=x+1{x2+y2==z2}{x2+y2==z2}x=x+1{}AssignmentRuleRuleforassignment{Q[x:=E]}x=E{Q}Examples:{12==12}x=12{x==12}{12>=0}x=12{x>=0x=x+1{x>=0}{x>=1}x=x+1{}QwithxreplacedbyEx==12withxreplacedby12RelaxingSpecificationsConsider{x>=1}x=x+1{x>=2}Itisverytightspecification.
WecanrelaxitExample:{x>=5}x=x+1{x>=2}(sincex>=5)x+1>=2)x=E{P}ifP)Q[x:=E]{Q}Assignments:forwardandbackwardTwowaystolookattherules:Backward:givenpost-condition,whatispre-conditionForward:givenpre-condition,whatispost-conditionx=E{}{Q}x=E{P}{}Assignments:forwardandbackwardTwowaystolookattherules:Backward:givenpost-condition,whatispre-conditionForward:givenpre-condition,whatispost-conditionx=E{Q[x:=E]}{Q}x=E{P}{}Assignments:forwardandbackwardTwowaystolookattherules:Backward:givenpost-condition,whatispre-conditionForward:givenpre-condition,whatispost-conditionx=E{Q[x:=E]}{Q}x=E{P}Exampleofrunningitforward{x==y}x=x+1{}Exampleofrunningitforward{x==y}x=x+1{}ForwardorBackwardForwardreasoningKnowthepreconditionWanttoknowwhatpostconditonthecodeestablishesBackwardreasoningKnowwhatwewanttocodetoestablishMustfindinwhatpreconditionthishappensBackwardisusedmostoftenStartwithwhatyouwanttoverifyInsteadofverifyingeverythingthecodedoesWeakestpreconditionwp(S,Q)istheweakestPsuchthat{P}S{Q}Orderonpredicates:Strong)Weakwpreturnsthe"best"possiblepredicatewp(x:=E,Q)=Q[x:=E]Ingeneral:S{P}ifP)wp(S,Q){Q}WeakestpreconditionThispointstoaverificationalgorithm:Givenfunctionbodyannotatedwithpre-conditionPandpost-conditionQ:ComputewpofQwithrespecttofunctonbodyAskatheoremprovertoshowthatPimpliesthewpThewpfunctionwewilluseisliberal(Pdoesnotguaranteetermination)Ifusingbothstrictandliberalinthesamecontext,theusualnotationiswlptheliberalversionandwpforthestrictoneStrongestpreconditionsp(S,P)isthestrongestQsuchthat{P}S{Q}Recall:Strong)Weakspreturnsthe"best"possiblepredicatesp(x:=E,P)=…Ingeneral:S{P}{Q}ifsp(S,P))QStrongestpostconditionStrongestpostconditionandweakestpreconditionsaresymmetricThispointstoanequivalentverificationalgorithm:Givenfunctionbodyannotatedwithpre-conditionPandpost-conditionQ:ComputespofPwithrespecttofunctonbodyAskatheoremprovertoshowthatthespimpliesQComposingSpecificationsIf{P}S1{R}and{R}S2{Q}then{P}S1;S2{Q}Example:x=x-1;y=y-1{x>=y}ComposingSpecificationsIf{P}S1{R}and{R}S2{Q}then{P}S1;S2{Q}Example:x=x-1;y=y-1{x>=y}Intermsofwpandspwp(S1;S2,Q)=wp(S1,wp(S2,Q))sp(S1;S2,P)=sp(S2,sp(S1,P))ConditionalsRulefortheconditional(flowgraph)Example:E{P}{P1}ifP&&E)P1TF{P2}ifP&&!
E)P2x==0{x>=0}TF{x==0}sincex>=0&&x==0)x==0{x>=1}sincex>=0&&x!
=0)x>=1Conditionals:ForwardandBackwardRecall:rulefortheconditionalForward:givenP,findP1andP2pickP1tobeP&&E,andP2tobeP&&!
EBackward:givenP1andP2,findPpickPtobe(P1&&E)||(P2&&!
E)OrpickPtobe(E)P1)&&(!
E)P2)E{P}{P1}providedP&&E)P1TF{P2}providedP&&!
E)P2JoinsRuleforthejoin:Forward:pickPtobeP1||P2Backward:pickP1,P2tobeP{P1}{P2}{P}providedP1)PandP2)PReviewE{P}{P1}ifP&&E)P1TF{P2}ifP&&!
E)P2{P1}{P2}{P}ifP1)PandP2)Px=E{P}{Q}ifP)Q[x:=E]ImplicationisalwaysinthedirectionofthecontrolflowReview:forwardE{P}{P&&E}TF{P&&!
E}{P1}{P2}{P1||P2}x=E{P}{\exists…}Review:backwardE{(E)P1)&&(!
E)P2)}{P1}TF{P2}{P}{P}{P}x=E{Q[x:=E]}{Q}Example:Absolutevaluestaticintabs(intx)//@ensures\result>=0{if(x0)c-returnx;}x0c--TFExample:Absolutevaluex0c--TFExample:Absolutevaluex0c--TFInSimplifyIMPLIESTRUE(AND(IMPLIES(c0)0x)0)IMPLIES(=x0)AND(IMPLIES(>c0)(>=x0)IMPLIES(=x0))))))1:Valid.
>Sofar…FrameworkforcheckingpreandpostconditionsofcomputationswithoutloopsSupposewewanttocheckthatsomeconditionholdsinsidethecomputation,ratherthanattheendstaticintabs(intx){if(x0)c-returnx;}Saywewanttocheckthatx>0hereAsserts{Q&&E}assert(E){Q}Backward:wp(assert(E),Q)=Q&&EForward:sp(assert(E),P)=assert(E)QQ&&Eassert(E)PExample:Absolutevaluewithassertstaticintabs(intx){if(x0)if(c>0)c-returnx;}x0)TFc>0c--TFExample:Absolutevaluewithassertx0)TFc>0c--TFExample:Absolutevaluewithassertx0)TFc>0c--TFAddingthepostconditionbackinx0)TFc>0c--TFAddingthepostconditionbackinx0)TFc>0c--TFAnotherExample:DoubleLocking"Anattempttore-acquireanacquiredlockorreleaseareleasedlockwillcauseadeadlock.
"Callstolockandunlockmustalternate.
locklockunlockunlockLockingRulesWeassumethatthebooleanpredicatelockedsaysifthelockisheldornot{!
locked&&P[locked:=true]}lock{P}lockbehavesasassert(!
locked);locked=true{locked&&P[locked:=false]}unlock{P}unlockbehavesasassert(locked);locked=falseLockingExample…lock…x==0…unlockx==0TT{!
L&&P[L:=true]}lock{P}{L&&P[L:=false]}unlock{P}{!
L}{!
L}LockingExample…lock…x==0…unlockx==0TT{!
L&&P[L:=true]}lock{P}{L&&P[L:=false]}unlock{P}{!
L}{!
L}LockingExample:forwarddirection…lock…x==0…unlock{!
locked}{!
locked&&x==0}{!
locked&&x0}x==0TT{!
locked&&x==0}{locked&&x==0}{locked=(x==0)}{locked&&x==0}{!
locked&&(x==0)}{!
locked&&x0}{!
locked}
=n)r=r+s;s=s+2;k=k+1;returnr;}TypecheckingnotenoughtocheckthisNeitherisdata-flowanalysis,normodelcheckingProgramVerificationProgramverificationisthemostpowerfulstaticanalysismethodCanreasonaboutallpropertiesofprogramsCannotfullyautomateBut…Canautomatecertainparts(ESC/Java)TeacheshowtoreasonaboutprogramsinasystematicwaySpecifyingProgramsBeforewecheckaprogramwemustspecifywhatitdoesWeneedformalspecificationsEnglishcommentsarenotenoughWeuselogicnotationTheoryofpre-andpost-conditionsStatePredicatesApredicateisabooleanexpressionontheprogramstate(e.
g.
,variables,objectfields)Examples:x==8x=0)UsingPredicatestoSpecifyProgramsWefocusfirstonhowtospecifyastatementHoaretripleforstatementS{P}S{Q}SaysthatifSisstartedinastatethatsatisfiesP,andSterminates,thenitterminatesinQThisistheliberalversion,whichdoesn'tcareaboutterminationStrictversion:ifSisstartedinastatethatsatisfiesPthenSterminatesinQpreconditionpostconditionHoareTriples.
Examples.
{true}x=12{x==12}{y>=0}x=12{x==12}{true}x=12{x>=0}(Programssatisfymanypossiblespecifications){x=0}x=fact(n){x==n!
}{true}a=0;if(x!
=0){a=2*x;}{a==2*x}ComputingHoareTriplesWecomputethetriplesusingrulesOneruleforeachstatementkindRulesforcomposedstatementsAssignmentAssignmentisthesimplestoperationandthetrickiestonetoreasonabout!
{y>=2}x=5{}{x==y}x=x+1x=5{x==y}{}x=x+1{x==y}{}x=x+1{x2+y2==z2}{x2+y2==z2}x=x+1{}AssignmentRuleRuleforassignment{Q[x:=E]}x=E{Q}Examples:{12==12}x=12{x==12}{12>=0}x=12{x>=0x=x+1{x>=0}{x>=1}x=x+1{}QwithxreplacedbyEx==12withxreplacedby12RelaxingSpecificationsConsider{x>=1}x=x+1{x>=2}Itisverytightspecification.
WecanrelaxitExample:{x>=5}x=x+1{x>=2}(sincex>=5)x+1>=2)x=E{P}ifP)Q[x:=E]{Q}Assignments:forwardandbackwardTwowaystolookattherules:Backward:givenpost-condition,whatispre-conditionForward:givenpre-condition,whatispost-conditionx=E{}{Q}x=E{P}{}Assignments:forwardandbackwardTwowaystolookattherules:Backward:givenpost-condition,whatispre-conditionForward:givenpre-condition,whatispost-conditionx=E{Q[x:=E]}{Q}x=E{P}{}Assignments:forwardandbackwardTwowaystolookattherules:Backward:givenpost-condition,whatispre-conditionForward:givenpre-condition,whatispost-conditionx=E{Q[x:=E]}{Q}x=E{P}Exampleofrunningitforward{x==y}x=x+1{}Exampleofrunningitforward{x==y}x=x+1{}ForwardorBackwardForwardreasoningKnowthepreconditionWanttoknowwhatpostconditonthecodeestablishesBackwardreasoningKnowwhatwewanttocodetoestablishMustfindinwhatpreconditionthishappensBackwardisusedmostoftenStartwithwhatyouwanttoverifyInsteadofverifyingeverythingthecodedoesWeakestpreconditionwp(S,Q)istheweakestPsuchthat{P}S{Q}Orderonpredicates:Strong)Weakwpreturnsthe"best"possiblepredicatewp(x:=E,Q)=Q[x:=E]Ingeneral:S{P}ifP)wp(S,Q){Q}WeakestpreconditionThispointstoaverificationalgorithm:Givenfunctionbodyannotatedwithpre-conditionPandpost-conditionQ:ComputewpofQwithrespecttofunctonbodyAskatheoremprovertoshowthatPimpliesthewpThewpfunctionwewilluseisliberal(Pdoesnotguaranteetermination)Ifusingbothstrictandliberalinthesamecontext,theusualnotationiswlptheliberalversionandwpforthestrictoneStrongestpreconditionsp(S,P)isthestrongestQsuchthat{P}S{Q}Recall:Strong)Weakspreturnsthe"best"possiblepredicatesp(x:=E,P)=…Ingeneral:S{P}{Q}ifsp(S,P))QStrongestpostconditionStrongestpostconditionandweakestpreconditionsaresymmetricThispointstoanequivalentverificationalgorithm:Givenfunctionbodyannotatedwithpre-conditionPandpost-conditionQ:ComputespofPwithrespecttofunctonbodyAskatheoremprovertoshowthatthespimpliesQComposingSpecificationsIf{P}S1{R}and{R}S2{Q}then{P}S1;S2{Q}Example:x=x-1;y=y-1{x>=y}ComposingSpecificationsIf{P}S1{R}and{R}S2{Q}then{P}S1;S2{Q}Example:x=x-1;y=y-1{x>=y}Intermsofwpandspwp(S1;S2,Q)=wp(S1,wp(S2,Q))sp(S1;S2,P)=sp(S2,sp(S1,P))ConditionalsRulefortheconditional(flowgraph)Example:E{P}{P1}ifP&&E)P1TF{P2}ifP&&!
E)P2x==0{x>=0}TF{x==0}sincex>=0&&x==0)x==0{x>=1}sincex>=0&&x!
=0)x>=1Conditionals:ForwardandBackwardRecall:rulefortheconditionalForward:givenP,findP1andP2pickP1tobeP&&E,andP2tobeP&&!
EBackward:givenP1andP2,findPpickPtobe(P1&&E)||(P2&&!
E)OrpickPtobe(E)P1)&&(!
E)P2)E{P}{P1}providedP&&E)P1TF{P2}providedP&&!
E)P2JoinsRuleforthejoin:Forward:pickPtobeP1||P2Backward:pickP1,P2tobeP{P1}{P2}{P}providedP1)PandP2)PReviewE{P}{P1}ifP&&E)P1TF{P2}ifP&&!
E)P2{P1}{P2}{P}ifP1)PandP2)Px=E{P}{Q}ifP)Q[x:=E]ImplicationisalwaysinthedirectionofthecontrolflowReview:forwardE{P}{P&&E}TF{P&&!
E}{P1}{P2}{P1||P2}x=E{P}{\exists…}Review:backwardE{(E)P1)&&(!
E)P2)}{P1}TF{P2}{P}{P}{P}x=E{Q[x:=E]}{Q}Example:Absolutevaluestaticintabs(intx)//@ensures\result>=0{if(x0)c-returnx;}x0c--TFExample:Absolutevaluex0c--TFExample:Absolutevaluex0c--TFInSimplifyIMPLIESTRUE(AND(IMPLIES(c0)0x)0)IMPLIES(=x0)AND(IMPLIES(>c0)(>=x0)IMPLIES(=x0))))))1:Valid.
>Sofar…FrameworkforcheckingpreandpostconditionsofcomputationswithoutloopsSupposewewanttocheckthatsomeconditionholdsinsidethecomputation,ratherthanattheendstaticintabs(intx){if(x0)c-returnx;}Saywewanttocheckthatx>0hereAsserts{Q&&E}assert(E){Q}Backward:wp(assert(E),Q)=Q&&EForward:sp(assert(E),P)=assert(E)QQ&&Eassert(E)PExample:Absolutevaluewithassertstaticintabs(intx){if(x0)if(c>0)c-returnx;}x0)TFc>0c--TFExample:Absolutevaluewithassertx0)TFc>0c--TFExample:Absolutevaluewithassertx0)TFc>0c--TFAddingthepostconditionbackinx0)TFc>0c--TFAddingthepostconditionbackinx0)TFc>0c--TFAnotherExample:DoubleLocking"Anattempttore-acquireanacquiredlockorreleaseareleasedlockwillcauseadeadlock.
"Callstolockandunlockmustalternate.
locklockunlockunlockLockingRulesWeassumethatthebooleanpredicatelockedsaysifthelockisheldornot{!
locked&&P[locked:=true]}lock{P}lockbehavesasassert(!
locked);locked=true{locked&&P[locked:=false]}unlock{P}unlockbehavesasassert(locked);locked=falseLockingExample…lock…x==0…unlockx==0TT{!
L&&P[L:=true]}lock{P}{L&&P[L:=false]}unlock{P}{!
L}{!
L}LockingExample…lock…x==0…unlockx==0TT{!
L&&P[L:=true]}lock{P}{L&&P[L:=false]}unlock{P}{!
L}{!
L}LockingExample:forwarddirection…lock…x==0…unlock{!
locked}{!
locked&&x==0}{!
locked&&x0}x==0TT{!
locked&&x==0}{locked&&x==0}{locked=(x==0)}{locked&&x==0}{!
locked&&(x==0)}{!
locked&&x0}{!
locked}
RAKsmart 2021新年新增韩国服务器及香港美国日本VPS半价
RAKsmart 商家我们肯定不算陌生,目前主要的营销客户群肯定是我们。于是在去年的时候有新增很多很多的机房,比如也有测试过的日本、香港、美国机房,这不今年有新增韩国机房(记得去年是不是也有增加过)。且如果没有记错的话,之前VPS主机也有一次磁盘故障的问题。 这不今天有看到商家新增韩国服务器产品,当然目前我还不清楚商家韩国服务器的线路和速度情况,后面我搞一台测试机进行...
Hosteons - 限时洛杉矶/达拉斯/纽约 免费升级至10G带宽 低至年$21
Hosteons,一家海外主机商成立于2018年,在之前还没有介绍和接触这个主机商,今天是有在LEB上看到有官方发送的活动主要是针对LEB的用户提供的洛杉矶、达拉斯和纽约三个机房的方案,最低年付21美元,其特点主要在于可以从1G带宽升级至10G,而且是免费的,是不是很吸引人?本来这次活动是仅仅在LEB留言提交账单ID才可以,这个感觉有点麻烦。不过看到老龚同学有拿到识别优惠码,于是就一并来分享给有需...
ProfitServer$34.56/年,西班牙vps、荷兰vps、德国vps/不限制流量/支持自定义ISO
profitserver怎么样?profitserver是一家成立于2003的主机商家,是ITC控股的一个部门,主要经营的产品域名、SSL证书、虚拟主机、VPS和独立服务器,机房有俄罗斯、新加坡、荷兰、美国、保加利亚,VPS采用的是KVM虚拟架构,硬盘采用纯SSD,而且最大的优势是不限制流量,大公司运营,机器比较稳定,数据中心众多。此次ProfitServer正在对德国VPS(法兰克福)、西班牙v...
esc为你推荐
-
郭吉军什么叫做广告联盟打开网页出现错误为什么打不开网页,出错唱吧电脑版官方下载电脑上可以安装唱吧吗?ejb开发EJB是啥玩意了商标注册查询官网商标注册查询官方网站?虚拟机软件下载求一个免费虚拟机软件!!!请发送下载网站给我微信怎么看聊天记录什么方法可以知道微信的聊天记录防钓鱼如何防钓鱼子线缠绕主线263企业邮箱设置ipad mini2怎么设置263企业邮箱office2007简体中文版office2007绿色下载 office2007下载安装