Design of Distributed Systems
Melinda Tóth, Zoltán Horváth
Created by XMLmind XSL-FO Converter.
Design of Distributed Systems
Melinda Tóth, Zoltán Horváth
Publication date 2014
Copyright © 2014 Melinda Tóth, Zoltán Horváth
Supported by TÁMOP-4.1.2.A/1-11/1-2011-0052.
Created by XMLmind XSL-FO Converter.
Table of Contents
1. Lecture 1 ......................................................................................................................................... 1
1. Syllabus ................................................................................................................................. 1
1.1. Syllabus .................................................................................................................... 1
2. Motivation ............................................................................................................................. 1
2.1. Motivation ................................................................................................................ 1
3. Literature ............................................................................................................................... 1
3.1. Literature 1. .............................................................................................................. 1
4. Introduction ........................................................................................................................... 2
4.1. Properties of the formal model 1. ............................................................................. 2
4.2. Properties of the formal model 2. ............................................................................. 2
4.3. Dining philosophers .................................................................................................. 2
4.4. Problem specification (requirements) ....................................................................... 3
4.5. Execution model ....................................................................................................... 4
4.6. Program, Solution ..................................................................................................... 4
4.7. Example .................................................................................................................... 4
4.8. .................................................................................................................................. 4
2. Lecture 2 ......................................................................................................................................... 5
1. Example ................................................................................................................................ 5
1.1. An Example: sorting ................................................................................................. 5
1.2. An Implementation: Sorting ..................................................................................... 5
1.3. An Implementation: Sorting ..................................................................................... 5
2. Basic Concepts of the Relational Model ............................................................................... 5
2.1. Concepts ................................................................................................................... 5
2.2. Relations ................................................................................................................... 6
2.3. State Space ................................................................................................................ 6
2.4. Statements and Effect Relation ................................................................................. 6
2.5. Example .................................................................................................................... 6
2.6. Partial Function and Logical Relation ...................................................................... 6
2.7. Truth Set ................................................................................................................... 7
2.8. Transitive Disjunctive Closure ................................................................................. 7
2.9. Example TDC Relation ............................................................................................ 8
3. Lecture 3 ......................................................................................................................................... 9
1. Problem ................................................................................................................................. 9
1.1. Problem ..................................................................................................................... 9
1.2. Specification Relations ............................................................................................. 9
1.3. Example .................................................................................................................... 9
1.4. Problem Definition ................................................................................................. 10
1.5. Notation .................................................................................................................. 10
1.6. Notation .................................................................................................................. 10
1.7. Example – Value of a Function .............................................................................. 11
2. Abstract Parallel Program ................................................................................................... 11
2.1. Abstract parallel program ....................................................................................... 11
2.2. General Assignment ............................................................................................... 11
2.3. Example .................................................................................................................. 12
2.4. Extension ................................................................................................................ 12
2.5. Conditional Assignment ......................................................................................... 12
2.6. Example – Abstract Program .................................................................................. 12
4. Lecture 4 ....................................................................................................................................... 14
1. Reminder ............................................................................................................................. 14
1.1. Problem ................................................................................................................... 14
1.2. Abstract Parallel Program ....................................................................................... 14
1.3. Example .................................................................................................................. 14
2. Semantics of the Abstract Program ..................................................................................... 14
2.1. State Transition Trees ............................................................................................. 14
2.2. State Transition Trees ............................................................................................. 14
2.3. Abstract Parallel Program – Definition .................................................................. 15
iii
Created by XMLmind XSL-FO Converter.
Design of Distributed Systems
2.4. Abstract Parallel Program – Notation .....................................................................
2.5. Execution ................................................................................................................
2.6. Reachable States .....................................................................................................
2.7. Unconditionally Fair Scheduling ............................................................................
3. Program Properties of the Abstract Program ......................................................................
3.1. Weakest Precondition .............................................................................................
3.2. Weakest Precondition .............................................................................................
3.3. Strongest Postcondition ..........................................................................................
5. Lecture 5 .......................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Abstract Parallel Program and Scheduling .............................................................
1.2. Weakest Precondition and Strongest Postcondition ...............................................
2. Program Properties of the Abstract Program ......................................................................
2.1. Invariant Properties, Definition ..............................................................................
2.2. Strongest Invariant ..................................................................................................
2.3. Always True Properties, Definition ........................................................................
6. Lecture 6 .......................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Invariant Properties .................................................................................................
2. Program Properties of the Abstract Program ......................................................................
2.1. Unless Properties, Definition ..................................................................................
2.2. Unless and Invariant Property ................................................................................
2.3. Ensures Property, Definition ..................................................................................
2.4. Leads-to Property, Definition .................................................................................
7. Lecture 7 .......................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Program Properties .................................................................................................
2. Program Properties of the Abstract Program ......................................................................
2.1. Inevitability .............................................................................................................
2.2. Fixed Point Properties ............................................................................................
2.3. Definitions ..............................................................................................................
2.4. Example ..................................................................................................................
2.5. Weakening of fixed point property .........................................................................
2.6. Termination properties ...........................................................................................
2.7. Behaviour relation of abstract program ..................................................................
8. Lecture 8 .......................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Program Properties .................................................................................................
2. Solution ...............................................................................................................................
2.1. Solution ...................................................................................................................
2.2. Reachable states ......................................................................................................
2.3. Satisfies a specification property ............................................................................
2.4. Satisfies a specification property ............................................................................
2.5. Satisfies a specification property ............................................................................
2.6. Satisfies a specification property ............................................................................
2.7. Satisfies a specification property ............................................................................
2.8. Satisfies a specification property ............................................................................
2.9. Solved by a program ...............................................................................................
2.10. Set of solutions .....................................................................................................
9. Lecture 9 .......................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Solution ...................................................................................................................
1.2. Solved by a Program ...............................................................................................
2. Derivation Rules .................................................................................................................
2.1. Refinement of a Problem ........................................................................................
2.2. Refinement of Invariant Specification Property .....................................................
2.3. Refinement of Inevitable Specification Property in Finite Steps ............................
2.4. Variant Function .....................................................................................................
2.5. Application of a Variant Function ..........................................................................
2.6.
and Variant Function ....................................................................................
iv
Created by XMLmind XSL-FO Converter.
15
15
16
16
16
16
16
17
18
18
18
18
18
18
19
19
21
21
21
21
21
21
22
22
24
24
24
24
24
24
24
25
25
25
25
26
26
26
26
26
26
26
27
27
27
28
28
28
28
29
29
29
29
29
29
29
29
30
30
30
Design of Distributed Systems
2.7. Termination ............................................................................................................
2.8. Refinement of fixed point requirement ...................................................................
10. Lecture 10 ...................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Reminder ................................................................................................................
2. Program Constructions ........................................................................................................
2.1. Union ......................................................................................................................
2.2. Behaviour Relation of Union ..................................................................................
2.3. Behaviour Relation of Union ..................................................................................
2.4. Derivation Rule of Union .......................................................................................
2.5. Union and Subset of the State Spaces (1) ...............................................................
2.6. Union and Subset of the State Spaces (2) ...............................................................
2.7. General Locality Theorem ......................................................................................
11. Lecture 11 ...................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Union ......................................................................................................................
2. Program Constructions ........................................................................................................
2.1. Superposition ..........................................................................................................
2.2. Behaviour Relation of Superposition ......................................................................
2.3. Weak Extension of a Problem ................................................................................
2.4. Derivation Rule of Superposition ...........................................................................
2.5. Sequence of Programs ............................................................................................
2.6. Sequence of Programs (cont.) .................................................................................
2.7. Sequence of Programs (cont.) .................................................................................
2.8. Behaviour Relation of Sequence ............................................................................
2.9. Behaviour Relation of Sequence (cont.) .................................................................
2.10. Derivation Rule of Program Sequencing ..............................................................
2.11. Derivation Rule of Program Sequencing (cont.) ...................................................
12. Lecture 12 ...................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Program Constructions ...........................................................................................
2. Computation of the Value of an Associative Function .......................................................
2.1. Notations .................................................................................................................
2.2. Notations .................................................................................................................
2.3. Notations – The Problem ........................................................................................
2.4. The Formal Specification of the Problem ...............................................................
2.5. The Formal Specification of the Problem ...............................................................
2.6. Properties of Associative Operators .......................................................................
2.7. Auxiliary Function ..................................................................................................
2.8. Auxiliary Function ..................................................................................................
2.9. Substitution of a Function by a Variable ................................................................
2.10. Substitution of a Function by a Variable ..............................................................
2.11. Variant Function ...................................................................................................
2.12. Refining the Specification of the Problem ............................................................
2.13. Refining the Specification of the Problem ............................................................
2.14. Refining the Specification of the Problem ............................................................
2.15. Refining the Specification of the Problem ............................................................
13. Lecture 13 ...................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Computation of the Value of an Associative Function ...........................................
1.2. The Formal Specification of the Problem ...............................................................
1.3. Refined Specification of the Problem .....................................................................
1.4. Refined Specification of the Problem .....................................................................
2. Solution of the Problem ......................................................................................................
2.1. Solution of the Problem ..........................................................................................
2.2. Solution of the Problem ..........................................................................................
2.3. The Program Solves the Problem ...........................................................................
2.4. The Program Solves the Problem ...........................................................................
2.5. The Program Solves the Problem ...........................................................................
2.6. The Program Solves the Problem ...........................................................................
v
Created by XMLmind XSL-FO Converter.
30
30
31
31
31
31
31
31
32
32
33
33
33
35
35
35
35
35
35
36
36
36
36
37
37
38
38
38
40
40
40
40
40
40
40
40
41
41
41
41
41
42
42
42
42
43
43
44
44
44
44
44
44
45
45
45
45
45
46
46
Design of Distributed Systems
2.7. The Program Solves the Problem ...........................................................................
2.8. The Program Solves the Problem ...........................................................................
2.9. The Program Solves the Problem ...........................................................................
2.10. The Program Solves the Problem .........................................................................
2.11. The Program Solves the Problem .........................................................................
14. Lecture 14 ...................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Computation of the Value of an Associative Function ...........................................
2. Channels ..............................................................................................................................
2.1. Channels .................................................................................................................
2.2. Semantics of Operations .........................................................................................
3. Natural Number Generator ..................................................................................................
3.1. Example – Natural Number Generator (NNG) .......................................................
3.2. NNG –Refinement of the Problem .........................................................................
3.3. NNG –Solution .......................................................................................................
3.4. The Program Solves the Problem ...........................................................................
3.5. The Program Solves the Problem ...........................................................................
3.6. The Program Solves the Problem ...........................................................................
4. Pipeline ...............................................................................................................................
4.1. Pipeline ...................................................................................................................
4.2. Specification of Pipeline .........................................................................................
4.3. Refinement of the Problem .....................................................................................
4.4. Refinement of the Problem .....................................................................................
4.5. Solution ...................................................................................................................
15. Practice 1 ....................................................................................................................................
1. Definitions ...........................................................................................................................
1.1. Relations .................................................................................................................
1.2. State Space ..............................................................................................................
1.3. Statements and Effect Relation ...............................................................................
1.4. Partial Function and Logical Relation ....................................................................
1.5. Truth Set .................................................................................................................
1.6. General Assignment ...............................................................................................
1.7. Conditional Assignment .........................................................................................
1.8. Abstract Parallel Program .......................................................................................
1.9. Weakest precondition .............................................................................................
1.10. Strongest Postcondition ........................................................................................
1.11. WP of the Abstract Parallel Program ....................................................................
1.12. Properties of WP ...................................................................................................
1.13. Properties of WP ...................................................................................................
1.14. Calculating the WP ...............................................................................................
2. Calculating the WP .............................................................................................................
2.1. Exercise 1. ..............................................................................................................
2.2. Exercise 1.(cont.) ....................................................................................................
2.3. Exercise 2. ..............................................................................................................
2.4. Exercise 3. ..............................................................................................................
2.5. Exercises .................................................................................................................
16. Practice 2 ....................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Effect Relation ........................................................................................................
1.2. Weakest precondition .............................................................................................
1.3. WP of the Abstract Parallel Program ......................................................................
1.4. Properties of WP .....................................................................................................
1.5. Properties of WP .....................................................................................................
1.6. Calculating the WP .................................................................................................
2. Calculating WP(S, R) ..........................................................................................................
2.1. Exercise 1. ..............................................................................................................
2.2. Exercise 1. ..............................................................................................................
2.3. Exercises .................................................................................................................
3. Unless Program Property ....................................................................................................
3.1. Definition ................................................................................................................
vi
Created by XMLmind XSL-FO Converter.
46
46
47
47
47
48
48
48
48
48
48
49
49
49
49
50
50
50
50
50
50
51
51
51
52
52
52
52
52
52
52
52
53
53
53
53
53
54
54
54
54
54
55
55
55
55
56
56
56
56
56
56
56
57
57
57
57
57
58
58
Design of Distributed Systems
3.2. Properties ................................................................................................................
3.3. Proof 1. ...................................................................................................................
3.4. Proof 2. ...................................................................................................................
3.5. Stable Properties .....................................................................................................
4. Calculating Unless ..............................................................................................................
4.1. Exercise 1. ..............................................................................................................
4.2. Exercise 1. (solution) ..............................................................................................
4.3. Exercise 1. (solution) ..............................................................................................
4.4. Simplified Solution .................................................................................................
4.5. Simplified Solution .................................................................................................
4.6. Simplified Solution .................................................................................................
4.7. Exercise 1. (simplified solution) .............................................................................
4.8. Exercise 1. (simplified solution) .............................................................................
4.9. Exercise 2. ..............................................................................................................
17. Practice 3 ....................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Program Properties .................................................................................................
2. Properties of Unless ............................................................................................................
2.1. Unless and Stable Property .....................................................................................
2.2. Unless and Stable Property .....................................................................................
2.3. Unless Is Disjunctive and Conjunctive ...................................................................
2.4. Unless Is NOT Transitive .......................................................................................
2.5. Consequence Weakening ........................................................................................
2.6. Condition Narrowing ..............................................................................................
2.7. Cancellation ............................................................................................................
3. Exercises .............................................................................................................................
3.1. Exercise 1. ..............................................................................................................
3.2. Exercise 2. ..............................................................................................................
18. Practice 4 ....................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Program Properties .................................................................................................
2. Ensures ................................................................................................................................
2.1. Ensures Property, Definition ..................................................................................
2.2. Properties ................................................................................................................
2.3. Proof 1. ...................................................................................................................
2.4. Properties ................................................................................................................
2.5. Properties ................................................................................................................
2.6. Properties ................................................................................................................
3. Calculating Ensures .............................................................................................................
3.1. Exercise 1. ..............................................................................................................
3.2. Exercise 1. (solution) ..............................................................................................
4. Properties ............................................................................................................................
4.1. Ensures and Stable Property ...................................................................................
4.2. Ensures and Stable Property ...................................................................................
4.3. Ensures Is NOT Transitive .....................................................................................
4.4. Ensures Is NOT Disjunctive ...................................................................................
4.5. Consequence Weakening ........................................................................................
4.6. Corollario ................................................................................................................
4.7. Impossibility ...........................................................................................................
19. Practice 5 ....................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Program Properties .................................................................................................
2. Ensures ................................................................................................................................
2.1. Exercise ..................................................................................................................
3. Leads-to ...............................................................................................................................
3.1. Leads-to Property, Definition .................................................................................
3.2. Exercise ..................................................................................................................
4. Properties ............................................................................................................................
4.1. Basic Properties ......................................................................................................
4.2. Implication Property ...............................................................................................
vii
Created by XMLmind XSL-FO Converter.
58
58
58
58
59
59
59
59
60
60
60
60
60
61
62
62
62
62
62
62
63
63
63
63
64
64
64
64
65
65
65
65
65
65
65
66
66
66
66
66
67
67
67
67
68
68
68
68
68
70
70
70
70
70
70
70
71
71
71
71
Design of Distributed Systems
4.3. Consequence Weakening ........................................................................................
4.4. Condition Narrowing ..............................................................................................
5. Proof Strategy .....................................................................................................................
5.1. Structural Induction ................................................................................................
5.2. Impossibility ...........................................................................................................
5.3. Impossibility ...........................................................................................................
5.4. Impossibility ...........................................................................................................
20. Practice 6 ....................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Program Properties .................................................................................................
1.2. Program Properties .................................................................................................
1.3. Structural Induction ................................................................................................
2. Leads-to Properties ..............................................................................................................
2.1. Leads-to and Stable Property ..................................................................................
2.2. PSP Theorem ..........................................................................................................
3. Exercises .............................................................................................................................
3.1. Exercise 1. ..............................................................................................................
3.2. Exercise 2. ..............................................................................................................
3.3. Exercise 3. ..............................................................................................................
3.4. Exercise 3. ..............................................................................................................
4. Inevitability .........................................................................................................................
4.1. Inevitability .............................................................................................................
4.2. Inevitability .............................................................................................................
5. Exercises .............................................................................................................................
5.1. Exercise 3. (cont.) ...................................................................................................
5.2. Exercise 4. ..............................................................................................................
5.3. Exercise 4. ..............................................................................................................
5.4. Exercise 5. ..............................................................................................................
5.5. Exercise 6. ..............................................................................................................
5.6. Exercise 6. ..............................................................................................................
21. Practice 7 ....................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Program Properties .................................................................................................
1.2. Program Properties .................................................................................................
2. Fixed Point Properties .........................................................................................................
2.1. Fixed Point Properties ............................................................................................
2.2. Definitions ..............................................................................................................
2.3. Exercise 1. ..............................................................................................................
2.4. Exercise 1. ..............................................................................................................
3. Invariant ..............................................................................................................................
3.1. Invariant Properties, Definition ..............................................................................
3.2. Exercise 2. ..............................................................................................................
4. Exercises ............................................................................................................................
4.1. Calculate the Properties of the Program 1. .............................................................
4.2. Calculate the Properties of the Program 1. .............................................................
4.3. Calculate the Properties of the Program 2. .............................................................
4.4. Calculate the Properties of the Program 2. .............................................................
22. Practice 8 ....................................................................................................................................
1. Reminder .............................................................................................................................
1.1. Program Properties .................................................................................................
2. Problem ...............................................................................................................................
2.1. Problem ...................................................................................................................
2.2. Specification Relations ...........................................................................................
2.3. Problem Definition .................................................................................................
2.4. Notation ..................................................................................................................
2.5. Example: Greatest Common Divisor – GCD ..........................................................
3. Solution ...............................................................................................................................
3.1. Solution ...................................................................................................................
3.2. Solved by a Program ...............................................................................................
3.3. Solution ...................................................................................................................
viii
Created by XMLmind XSL-FO Converter.
71
71
71
71
72
72
72
74
74
74
74
74
75
75
75
75
75
75
75
76
76
76
76
76
76
77
77
77
77
77
79
79
79
79
79
79
79
80
80
80
80
80
81
81
81
82
82
83
83
83
83
83
83
83
84
84
84
84
85
85
Design of Distributed Systems
3.4. Refinement of fixed point requirement ................................................................... 85
4. Exercise ............................................................................................................................... 86
4.1. Greatest Common Divisor – GCD .......................................................................... 86
4.2. Refinement of fixed point requirement ................................................................... 86
4.3. Solution ................................................................................................................... 87
4.4. Refinement of fixed point requirement ................................................................... 87
4.5. S Solves the Problem .............................................................................................. 87
4.6. Step 1. ..................................................................................................................... 87
4.7. Step 2. ..................................................................................................................... 88
4.8. Step 3. ..................................................................................................................... 88
4.9. Step 4. ..................................................................................................................... 88
4.10. Step 4. ................................................................................................................... 88
4.11. Sorting .................................................................................................................. 88
4.12. Refinement of fixed point requirement ................................................................. 89
4.13. Solution ................................................................................................................. 89
23. Practice 9 .................................................................................................................................... 91
1. Reminder ............................................................................................................................. 91
1.1. Test Scope .............................................................................................................. 91
2. Test Examples ..................................................................................................................... 91
2.1. Does it hold? ........................................................................................................... 91
2.2. Check the Properties! .............................................................................................. 91
2.3. Check the Properties! .............................................................................................. 91
2.4. Does S Satisfy the Properties? ................................................................................ 92
2.5. Does S Satisfy the Properties? ................................................................................ 92
24. Practice 10 .................................................................................................................................. 94
1. Reminder ............................................................................................................................. 94
1.1. Where we are now? ................................................................................................ 94
2. Channels .............................................................................................................................. 94
2.1. Channels ................................................................................................................. 94
2.2. Semantics of Operations ......................................................................................... 94
3. FORK .................................................................................................................................. 94
3.1. FORK ..................................................................................................................... 95
3.2. The function “split” ................................................................................................ 95
3.3. Specification ........................................................................................................... 95
3.4. Solution ................................................................................................................... 95
3.5. The Program Solves the Problem ........................................................................... 96
3.6. The Program Solves the Problem ........................................................................... 96
3.7. The Program Solves the Problem ........................................................................... 97
3.8. The Program Solves the Problem ........................................................................... 97
3.9. The Program Solves the Problem ........................................................................... 97
3.10. The Program Solves the Problem ......................................................................... 97
25. Practice 11 .................................................................................................................................. 98
1. Reminder ............................................................................................................................. 98
1.1. Channels ................................................................................................................. 98
1.2. The function “split” ................................................................................................ 98
2. Multiplexer .......................................................................................................................... 98
2.1. MUX ....................................................................................................................... 98
2.2. Specification ........................................................................................................... 99
2.3. Solution ................................................................................................................... 99
2.4. The Program Solves the Problem ........................................................................... 99
2.5. The Program Solves the Problem ......................................................................... 100
2.6. The Program Solves the Problem ......................................................................... 100
2.7. The Program Solves the Problem ......................................................................... 100
2.8. The Program Solves the Problem ......................................................................... 101
3. Exercise ............................................................................................................................. 101
3.1. Specification ......................................................................................................... 101
3.2. Solution ................................................................................................................. 101
3.3. Check the properties of the program! ................................................................... 101
3.4. Check the properties of the program! ................................................................... 102
26. Practice 12 ................................................................................................................................ 103
ix
Created by XMLmind XSL-FO Converter.
Design of Distributed Systems
1. Reminder ...........................................................................................................................
1.1. Channels ...............................................................................................................
2. Pipeline .............................................................................................................................
2.1. Pipeline .................................................................................................................
2.2. Specification of Pipeline .......................................................................................
2.3. Refinement of the Problem ...................................................................................
2.4. Solution .................................................................................................................
3. Exercise .............................................................................................................................
3.1. Reduction to Pipeline Theorem ............................................................................
3.2. Example: Approximation of Square Root .............................................................
3.3. Specification of the Problem ................................................................................
3.4. Refinement of the Problem ...................................................................................
3.5. Refinement of the Problem ...................................................................................
3.6. Solution .................................................................................................................
3.7. Exercise 1. ............................................................................................................
3.8. Exercise 2. ............................................................................................................
27. Practice 13 ................................................................................................................................
1. Reminder ...........................................................................................................................
1.1. Reminder ..............................................................................................................
2. Union .................................................................................................................................
2.1. Union ....................................................................................................................
2.2. Behaviour Relation of Union ................................................................................
2.3. Properties Based on the Definition .......................................................................
2.4. Counterexample of
.....................................................................................
2.5. Counterexample of
.....................................................................................
3. Exercises ...........................................................................................................................
3.1. Check the property! (1) .........................................................................................
3.2. Check the property!(1) ..........................................................................................
3.3. Check the property! (2) .........................................................................................
3.4. Check the property! (2) .........................................................................................
3.5. Check the property! (3) .........................................................................................
3.6. Check the property! (3) .........................................................................................
3.7. Check the property! (4) .........................................................................................
3.8. Check the property! (4) .........................................................................................
3.9. Check the property! (5) .........................................................................................
3.10. Check the property! (5) .......................................................................................
3.11. Check the property! (6) .......................................................................................
3.12. Check the property! (7) .......................................................................................
28. Practice 14 ................................................................................................................................
1. Reminder ...........................................................................................................................
1.1. Test Scope ............................................................................................................
2. Test Examples ...................................................................................................................
2.1. Does it hold? .........................................................................................................
2.2. Check the Properties! ............................................................................................
2.3. Check the Properties! ............................................................................................
2.4. Check the Properties! ............................................................................................
2.5. Check the Properties! ............................................................................................
2.6. Reduction ..............................................................................................................
2.7. Reduction ..............................................................................................................
x
Created by XMLmind XSL-FO Converter.
103
103
103
103
103
104
104
104
104
104
104
105
105
105
105
105
107
107
107
107
107
107
108
108
108
109
109
109
109
109
109
110
110
110
110
110
111
111
112
112
112
112
112
112
112
113
113
113
113
Chapter 1. Lecture 1
1. Syllabus
1.1. Syllabus
• Dining/drinking philosophers
• Distributed problems
• Formal specification and properties of distributed systems
• Safety and progress properties of distributed programs
• Verification of safety critical properties
• Program compositions from components with proved properties
• Computing the value of an associative function
• Computing the value of an associative function
2. Motivation
2.1. Motivation
Motivation for using formal methods:
• safety critical applications
• safe application of software components
• primary goal: sound concepts about distributed and parallel programs
3. Literature
3.1. Literature 1.
• Chandy, K.M., Misra, J.: Parallel Program Design - A Foundation. Addison-Wesley, 1989.
• Misra, J.: A Discipline of Multiprogramming - Programming Theory for Distributed Applications. Springer,
2001.
• Horváth Z.: Parallel asynchronous computation of the values of an associative function. Acta Cybernetica,
Vol.12, No. 1, Szeged (1995) 83-94.
• Horváth Z.: The Formal Specification of a Problem Solved by a Parallel Program – a Relational Model.
• Fóthi Á.- Horváth Z.- Kozsik T.: Parallel Elementwise Processing – A Novel Version. Annales Uni. Sci.
Budapest de R. Eötvös Nom. Sectio Computatorica (1996).
• Horváth Z.- Kozsik T.- Venczel T.: On Composing Problems and Parallel Programs. In: Paakki J., ed.,
Proceedings of the Fifth Symposium on Programming Languages and Software Tools, Jyväskylä, Finland,
June 7-8, 1997 (1997) Report C-1997-37, University of Helsinki, 1-12.
• Horváth Z.- Kozsik T.- Venczel T.: Parallel Programs Implementing Abstract Data Type Operations. Pure
Mathematics and Applications (PU.M.A.)., Volume 11 (2000), Number 2. pp. 293-308.
1
Created by XMLmind XSL-FO Converter.
Lecture 1
4. Introduction
4.1. Properties of the formal model 1.
We need a formal model, which is appropriate for specification of problems and developing the solutions of
problems in case of parallel and distributed systems.
4.2. Properties of the formal model 2.
The introduced model
• is an extension of a relational model of nondeterministic sequential programs,
• provides tools for stepwise refinement of problems, in a functional approach,
• uses the concept of iterative abstract program of UNITY,
• the concept of solution is based on the comparison of the problem as a relation and the behaviour relation of
the program.
4.3. Dining philosophers
States:
• thinking: t
2
Created by XMLmind XSL-FO Converter.
Lecture 1
• forks in hands: f
• eating: e
• at home: h
4.4. Problem specification (requirements)
:
• unless:
• unless:
• ensures:
• inevitable leads-to:
• invariant:
• fixed point:
• termination:
3
Created by XMLmind XSL-FO Converter.
Lecture 1
Help: thinking: t, forks in hands: f, eating: e, at home: h
4.5. Execution model
, if
.
Abstract execution model
• No control flow, free processors select assignments asynchronously
4.6. Program, Solution
, if
.
Program
• scheduling, processes, location, communication infrastructure, language
Solution
• Specification requirements are satisfied by program properties
4.7. Example
, if
.
Example
• C/PVM PC-cluster (Parallel Virtual Machine)
• Erlang VM cluster
4.8.
• The notion of the state space makes it possible to define the semantical meaning of a problem independently
of any program.
• The generalized concept of a problem is applicable for cases in which termination is not required but the
behaviour of the specified system is restricted by safety and progress properties.
• The solution of a problem may be a sequential program, a parallel one, or even a program built up from both
sequential and parallel components.
4
Created by XMLmind XSL-FO Converter.
Chapter 2. Lecture 2
1. Example
1.1. An Example: sorting
1.2. An Implementation: Sorting
A valid implementation: the code for the i-th processor:
loop
< lock a(i) and a(i+1) >
x := a(i);
y := a(i+1);
if x > y then
a(i+1):=x;
a(i):= y;
end if;
< unlock a(i) and a(i+1) >
end loop;
processes.
1.3. An Implementation: Sorting
A sequential program:
loop
for i=1 to n-1 do
x := a(i);
y := a(i+1);
if x > y then
a(i+1):=x;
a(i):= y;
end if;
end for
end loop
2. Basic Concepts of the Relational Model
2.1. Concepts
A programming model defines
• the semantics of problems and programs
• operations for problem and program constructions
• when a program solves a program.
Relational model:
• the elements of the semantic domain are relations
5
Created by XMLmind XSL-FO Converter.
Lecture 2
2.2. Relations
• An arbitrary subset of a direct product of sets is called a relation.
• Let
where
and
are arbitrary sets. The domain of the relation
is defined by
2.3. State Space
• Let
• The set
is a finite or numerable set.
is called state space, the sets
• The projections
•
are called type value sets.
are called variables.
is the set of the finite sequences of the points of the state space and
sequences.
• Let
.
• A statement is a subset of the direct product
.
2.4. Statements and Effect Relation
• A statement is a subset of the direct product
.
• The effect relation of a statement
.
is denoted by
• The effect relation expresses the functionality of the statement.
•
.
2.5. Example
var i,j : integer;
j:=2;
while i <> 5 loop
i:=i+j
end loop
• State space:
,
• variables:
,
• seq. program:
,
, etc.
• effect relation:
.
2.6. Partial Function and Logical Relation
6
Created by XMLmind XSL-FO Converter.
the set of the infinite
Lecture 2
• A relation
is called a partial function, if for all
then
the set
has at most one element. If
is a function.
• If
is a relation, where
called a logical relation.
is an arbitrary set and
is the set of the logical values, then
is
2.7. Truth Set
• The truth set of the logical function
• The
logical
is defined as
functions
are
sets.
defined
by
their
truth
.
2.8. Transitive Disjunctive Closure
• The power-set (set of subsets) of set
•
is denoted by
.
relation is the transitive disjunctive closure of relation
is the smallest relation, for which holds:
7
Created by XMLmind XSL-FO Converter.
, if
Lecture 2
•
• if
and
• for any numerable set
, then
:
.
2.9. Example TDC Relation
,
,
,
8
Created by XMLmind XSL-FO Converter.
Chapter 3. Lecture 3
1. Problem
1.1. Problem
• The problem is defined as a set of specification relations.
• Every specification relation is defined over the powerset of the state space.
• Let
be logical functions.
• We define
•
and
•
1.2. Specification Relations
•
-(
stable unless
•
-(
•
-(
•
,
•
ensures
-(
•
-t),
is inevitable from
),
- (fixed point is inevitable from
-(
•
),
),
holds in any fixed point),
is invariant),
(
initially).
1.3. Example
•
,
.
• According to
state
specification requirement the program is enabled to change state
only.
• According to the specification relation the variable
is non-decreasing and can be increased one by one.
9
Created by XMLmind XSL-FO Converter.
to
Lecture 3
1.4. Problem Definition
• Let
be a state space and let
• The relation
be a finite or numerable set.
, where
is called a problem defined over the state space
.
•
is called the parameter space of the problem.
Two relations expressing boundary properties and five relations expressing transition properties are associated
to every point of set
.
1.5. Notation
• Let
• Let
denote an arbitrary element of the domain of the problem.
denote an element of
• The components of
respectively.
• If
.
are denoted by
then we use
instead of
and by
in the indices for the sake of simplicity.
1.6. Notation
•
10
Created by XMLmind XSL-FO Converter.
Lecture 3
1.7. Example – Value of a Function
,
.
2. Abstract Parallel Program
2.1. Abstract parallel program
The abstract program is a relation
• generated by a set of conditional assignments;
• assignments are selected nondeterministically,
• executions of different processors are fairly interleaved.
• a fixed point is said to be reached in a state, if any statement in that state leaves the state unchanged.
2.2. General Assignment
• A
statement
over
the
state
space
is
called
empty
and
.
• Let
• The statement
,
, where
is a general assignment defined by
.
, if
•
11
Created by XMLmind XSL-FO Converter.
termed
,
if
Lecture 3
.
2.3. Example
• x,y : N,
• x,y := x+y, x-y,
•
,
•
,
• F(2,3)=?, F(3,2)=?
2.4. Extension
• We extend the domain of a relation for the whole state space in the following way:
•
,
•
,
•
,
• where
.
• Let
.
• The relation
is the extension of
•
, if
•
, otherwise.
for the truth set of condition
, i.e.,
and
•
.
2.5. Conditional Assignment
• Let be
an assignment, for which
.
• This kind of (simultaneous, nondeterministic) assignment is called a conditional assignment, if
.
• We denote the conditional assignment
the following way:
• Simultaneous,
conditional
nondeterministic,
, if
assignment:
.
• Abbreviation:
2.6. Example – Abstract Program
12
Created by XMLmind XSL-FO Converter.
, if
.
,
if
Lecture 3
, if
• Atomicity:
• if no atomicity:
• there is no state, when
is 6.
13
Created by XMLmind XSL-FO Converter.
Chapter 4. Lecture 4
1. Reminder
1.1. Problem
• The problem is defined as a set of specification relations.
• Every specification relation is defined over the powerset of the state space.
• Let
be logical functions.
• We define
•
and
•
1.2. Abstract Parallel Program
The abstract program is a relation
• generated by a set of conditional assignments;
• assignments are selected nondeterministically,
• executions of different processors are fairly interleaved.
• a fixed point is said to be reached in a state, if any statement in that state leaves the state unchanged.
1.3. Example
, if
2. Semantics of the Abstract Program
2.1. State Transition Trees
• Let
be an ordered pair of a conditional assignment and of a nonempty, finite set of conditional
assignments, such that
•
• where
,
,
.
• The semantics of the abstract program is defined as a binary relation which associates equivalence classes of
correctly labeled state transition trees to the points of the state space.
2.2. State Transition Trees
• The labeled state transition trees are generated by the ordered pair
14
Created by XMLmind XSL-FO Converter.
Lecture 4
• of the effect relation of the initial assignment
and
• of the UP(S) disjoint union of the effect relations of the
elements of the abstract program.
2.3. Abstract Parallel Program – Definition
• The relation
is called an abstract parallel program, if
• it associates equivalence classes of labelled transition trees to the element
• which trees are generated at
by the ordered pairs of relations
,
and
• have a correct labelling.
2.4. Abstract Parallel Program – Notation
• The abstract parallel program
following.
• The conditional assignment
•
generated by
is abbreviated by
is called the initialization in
is said to be an element of the program
and
.
2.5. Execution
15
Created by XMLmind XSL-FO Converter.
in the
Lecture 4
• Any path of a representative of the equivalence class
parallel program starting in the state .
is called an execution path of the abstract
• Any concurrent execution of conditional assignments should satisfy the requirement of serializibility.
• Every execution path of the abstract parallel program represents a possible sequential execution sequence of
the assignments.
• The introduced semantics is an interleaving semantics of parallel programs.
2.6. Reachable States
• The labels (states) along the execution paths of set
•
is denoted by
is the set of reachable states from state
.
.
2.7. Unconditionally Fair Scheduling
• An execution path corresponds to the requirement of unconditionally fair scheduling,
• if every statement is selected infinitely times along the path, i.e.
• every label from index set
is associated infinitely often to the vertices of the path.
3. Program Properties of the Abstract Program
3.1. Weakest Precondition
• The program properties are defined in terms of the weakest precondition of the element statements of the
abstract program.
• The logical function
respect to the statement
is called the weakest precondition of the postcondition
.
• We define
.
3.2. Weakest Precondition
•
•
.
.
16
Created by XMLmind XSL-FO Converter.
in
Lecture 4
3.3. Strongest Postcondition
• The logical function
•
is called the strongest postcondition of
.
17
Created by XMLmind XSL-FO Converter.
in respect to
.
Chapter 5. Lecture 5
1. Reminder
1.1. Abstract Parallel Program and Scheduling
• The abstract parallel program
following.
generated by
• The conditional assignment
•
is abbreviated by
is called the initialization in
is said to be an element of the program
in the
and
.
• An execution path corresponds to the requirement of unconditionally fair scheduling, if every statement is
selected infinitely times along the path, i.e. every label from index set
is associated infinitely often to the
vertices of the path.
1.2. Weakest Precondition and Strongest Postcondition
•
.
•
.
•
.
2. Program Properties of the Abstract Program
2.1. Invariant Properties, Definition
•
is the set of logical functions of which truth are preserved by the elements of
started from a state satisfying
•
•
•
.
.
.
and
.
18
Created by XMLmind XSL-FO Converter.
if the program is
Lecture 5
2.2. Strongest Invariant
Lemma 1 (Conjunction of invariants).
is closed for the conjunction operation.
•
is the conjunction of the elements of the set
•
is the strongest invariant.
Theorem 1. The truth set of
is the set of reachable states from
2.3. Always True Properties, Definition
•
•
.
.
•
• Always true is not invariant.
19
Created by XMLmind XSL-FO Converter.
.
Lecture 5
20
Created by XMLmind XSL-FO Converter.
Chapter 6. Lecture 6
1. Reminder
1.1. Invariant Properties
•
is the set of logical functions of which truth are preserved by the elements of
started from a state satisfying
.
•
is the conjunction of the elements of the set
•
is the strongest invariant.
if the program is
2. Program Properties of the Abstract Program
2.1. Unless Properties, Definition
•
is stable while
.
•
.
Unless.
2.2. Unless and Invariant Property
Theorem 2. If
Theorem
3.
and
, then
If
.
and
.
21
Created by XMLmind XSL-FO Converter.
,
then
Lecture 6
2.3. Ensures Property, Definition
•
is stable while
to
in
and there is a conditional assignment
which ensures the transition from
.
•
.
Ensures.
Theorem
4.
If
and
,
.
2.4. Leads-to Property, Definition
•
is the transitive disjunctive closure of relation
22
Created by XMLmind XSL-FO Converter.
.
then
Lecture 6
is the smallest binary relation satisfying the conditions:
•
.
• if
• Let
and
, then
.
denote a countable set. If
, then
.
Theorem
5.
If
and
.
23
Created by XMLmind XSL-FO Converter.
,
then
Chapter 7. Lecture 7
1. Reminder
1.1. Program Properties
•
•
•
is the smallest binary relation satisfying the conditions:
•
.
• if
• Let
and
denote
, then
an
countable
.
set.
If
,
then
.
2. Program Properties of the Abstract Program
2.1. Inevitability
Inevitability.
, if and only if when on all execution paths leading from
and
satisfying the axiom of the unconditionally fair scheduling there is a node at a finite
unbounded distance from
of which label is an element of the truth set of
, i.e., the
program inevitable reaches the truth set of
started from .
Theorem 6 (
sound and complete).
=
2.2. Fixed Point Properties
• A fixed point is said to be reached in a state of the state space
•
and
:
•
, if none of the statements changes the state.
is a simultaneous, non deterministic conditional assignment, i.e.
, if
denotes the logical function, which characterizes the set of states over which the relation
deterministic, i.e.,
.
2.3. Definitions
Set of fixed point.
Set of fixed point with deterministic assignments.
24
Created by XMLmind XSL-FO Converter.
is
Lecture 7
Fixed point properties.
Let us denote by
the set
.
2.4. Example
•
, ha
.
•
.
2.5. Weakening of fixed point property
Theorem 7. If
and
, then
.
2.6. Termination properties
Termination properties.
denotes the set
2.7. Behaviour relation of abstract program
Behaviour relation.
Let
be
a
program
over
the
state
space
. The
system
of
relations
is called the behaviour relation of the parallel
program
.
25
Created by XMLmind XSL-FO Converter.
Chapter 8. Lecture 8
1. Reminder
1.1. Program Properties
• Invariant
• Unless
• Ensures
• Leads-to
• Fixed point
• Termination
2. Solution
2.1. Solution
Definition.
The
abstract
parallel
program
is
a
solution
of
the
problem
,
• if
, such that
• the program
satisfies all the specification properties given in the
,
,
components
,
,
,
of
• assuming that the program starts from a state satisfying all the elements of
.
2.2. Reachable states
• The truth set of an invariant property may be regarded as a characterization of a subset of reachable states.
• It is sufficient for us, if the program satisfies all properties over the truth set of an invariant property.
2.3. Satisfies a specification property
Definition.
The program
satisfies the specification property
• there exists an invariant property
respect to
, i.e.,
•
, if and only if
such that the program satisfies
and
.
26
Created by XMLmind XSL-FO Converter.
with
Lecture 8
Theorem 8. The program
satisfies the specification property
, if it satisfies
with respect to the strongest invariant, i.e.
is an always true program property: (
).
2.4. Satisfies a specification property
Definition.
The program
satisfies the specification property
• there exists an invariant property
respect to
, i.e.,
•
, if and only if
such that the program satisfies
and
with
.
Theorem 9. The program
satisfies the specification property
with respect to the strongest invariant, i.e.
, if it satisfies
.
2.5. Satisfies a specification property
Definition.
The program
satisfies the specification property
• there exists an invariant
i.e.,
•
, if and only if
such that the program satisfies
with respect to
,
and
Theorem 10. The program
satisfies the specification property
with respect to the strongest invariant, i.e.
, if it satisfies
.
2.6. Satisfies a specification property
Definition.
The program
satisfies the specification property
• there exists an invariant
i.e.,
•
, if and only if
such that the program satisfies
with respect to
,
and
Theorem 11. The program
satisfies the specification property
with respect to the strongest invariant, i.e.
, if it satisfies
.
27
Created by XMLmind XSL-FO Converter.
Lecture 8
2.7. Satisfies a specification property
Definition.
The program
satisfies the specification property
, if and only if
• there exists an invariant
, i.e.,
such that the program satisfies
•
and
with respect to
.
Theorem 12. The program
satisfies the specification property
satisfies with respect to the strongest invariant, i.e.
, if it
.
2.8. Satisfies a specification property
Definition.
The program
satisfies the specification property
• there exists an invariant
, i.e.,
•
, if and only if
such that the program satisfies (
and
) with respect to
.
Theorem 13. The program
satisfies the specification property
with respect to the strongest invariant, i.e.
, if it satisfies
.
2.9. Solved by a program
Definition.
The problem
is said to be solved by the program
with respect to an invariant property
, if
such that
the specification properties given in
with respect to
.
and
satisfies all
and the initial conditions
2.10. Set of solutions
Definition.
We define
as the set of all abstract parallel programs that solve the problem
28
Created by XMLmind XSL-FO Converter.
.
Chapter 9. Lecture 9
1. Reminder
1.1. Solution
Definition.
The
abstract
parallel
program
is
a
solution
of
the
problem
,
• if
, such that
• the program
satisfies all the specification properties given in the
,
,
components
,
,
,
of
• assuming that the program starts from a state satisfying all the elements of
.
1.2. Solved by a Program
Definition.
The problem
is said to be solved by the program
with respect to an invariant property
, if
such that
the specification properties given in
with respect to
and
satisfies all
and the initial conditions
.
2. Derivation Rules
2.1. Refinement of a Problem
Definition.
Let
be problems defined over the state space
If
problem
.
:
solves
solves
.
, then the problem
is a refinement of the
2.2. Refinement of Invariant Specification Property
Theorem 14. If the abstract program
satisfies the specification properties
, then satisfies the specification property
and
too.
2.3. Refinement of Inevitable Specification Property in Finite
Steps
Theorem 15.
satisfies to the specification property
finite number of application of the following rules:
1.
29
Created by XMLmind XSL-FO Converter.
, if it can be derived by
Lecture 9
if
satisfies
, then
satisfies
too.
2.
Transitivity: if
satisfies
and
satisfies
, then
satisfies
too.
3.
Disjunctivity:
for
all
W
, then
numerable
set:
if
satisfies
satisfies
too.
2.4. Variant Function
Definition.
•
is a variant function.
•
are logical functions:
•
,
•
.
2.5. Application of a Variant Function
Theorem 16.
which
logical functions,
.
If
satisfies
2.6.
is a variant function, for
satisfies
too.
, then
and Variant Function
Theorem 17.
logical functions,
which
is a variant function, for
.
If
satisfies
satisfies
too.
, then
2.7. Termination
Theorem 18.
and
.
is a variant function, for which
If
satisfies
for all
, then
satisfies
.
2.8. Refinement of fixed point requirement
Theorem 19.
satisfies
If
satisfies
and
, and
.
30
Created by XMLmind XSL-FO Converter.
, then
Chapter 10. Lecture 10
1. Reminder
1.1. Reminder
• Problem
• Parallel Abstract Program
• Properties of the Programs
• Solution
• Derivation Rules
2. Program Constructions
2.1. Union
Definition.
• Let
and
• Let
denote the largest common subspace of
• Let
extensions to
• If all
be two subspaces of the state space
of two programs on
variables belonging to
(i.e.
and
and
.
and
.
be the
respectively.
get the same value in the assignments
and
), then the program
that is defined on
called the union of
and
.
2.2. Behaviour Relation of Union
Theorem 20. Let
. Then:
1.
2.
3.
4.
31
Created by XMLmind XSL-FO Converter.
, is
Lecture 10
for
which
:
5.
6.
7.
.
2.3. Behaviour Relation of Union
Theorem 21. Let
and
be two problems over a common state space and parameter
space
1.
2.
,
3.
,
4.
,
5.
,
6.
,
7.
.
2.4. Derivation Rule of Union
Theorem 22.
1.
32
Created by XMLmind XSL-FO Converter.
Lecture 10
Let
and
be two problems over a common state space
and parameter space
.
2.
Let
and
be two programs extended to state space
programs exist.
, and let the union of this
3.
If
is a solution of
and
with respect to
and
is a solution of
with respect to
4.
,
5.
then
is a solution of
.
2.5. Union and Subset of the State Spaces (1)
Theorem 23. Let
,
a logical function on state space
that
case:
in such a way,
and
• if
, then
• if
, then
• if
, then
. In this
,
,
.
2.6. Union and Subset of the State Spaces (2)
Theorem 24. Let
,
a logical function on state space
,
• if
, then
• if
, then
• if
in such a way that
. In this case
,
,
and
, then
.
2.7. General Locality Theorem
Theorem 25.
and
variables in abstract program
are programs on the same state space.
.
. If
•
, then
1
,
•
1
33
Created by XMLmind XSL-FO Converter.
denotes the
Lecture 10
•
•
és
.
34
Created by XMLmind XSL-FO Converter.
Chapter 11. Lecture 11
1. Reminder
1.1. Union
Definition.
• Let
and
• Let
denote the largest common subspace of
• Let
extensions to
• If all
be two subspaces of the state space
variables belonging to
(i.e.
and
and
and
of two programs on
.
.
be the
respectively.
get the same value in the assignments
and
), then the program
that is defined on
called the union of
and
, is
.
2. Program Constructions
2.1. Superposition
Definition.
• Let
be a subspace of
and let
be a program over
• Let
be a conditional assignment defined over
variables of
appear on the left hand side in .
• Let
denote the superposition of
• Let
and
.
in such a way, that none of the
.
be the extension of
to
.
The
a)
and the
b)
, where
programs are called superpositions of the
program and the
assignment.
2.2. Behaviour Relation of Superposition
Theorem 26. Let the
program over state space
and the statement
the
subspace of
be a superposition of the program
, if
. Let
denote the extension of
and
and
to
, where
be two logical functions over
.
is a program over
and let
and
is the extension of the logical function
and
.
35
Created by XMLmind XSL-FO Converter.
Lecture 11
1.
,
2.
,
3.
,
4.
,
5.
,
6.
,
2.3. Weak Extension of a Problem
Definition.
is the weak extension of the problem
, by leaving out the "
if it is derived from the extension of
, from
" type specification conditions.
2.4. Derivation Rule of Superposition
Theorem 27. Let
be a problem over the
subspace of state space
parameter space
. If
is a solution of
then any superposition of the
the statement is a solution of the weak extension of .
and over the
program and
2.5. Sequence of Programs
Definition.
• Let
,
be two subspaces of state space
• Let
be
a
be a program over
• Let
denote the extension of
to
program
.
over
.
.
• Let be a logical variable, where the state space component of
nor to
.
2.6. Sequence of Programs (cont.)
Definition (cont.)
36
Created by XMLmind XSL-FO Converter.
neither belongs to
,
Lecture 11
• Let
denote the
where
program defined on state space
•
,
•
, if
• Let
,
).
denote the
program defined on state space
,
where
•
, if
•
, if
).
.
2.7. Sequence of Programs (cont.)
Definition (cont.)
The
and is denoted as
program is called the sequence of
.
2.8. Behaviour Relation of Sequence
Theorem 28. In the following we suppose that the predicates
the variable
.
and
respectively. Let
,
, etc. are independent of
are the extensions of the logical functions of
. Then:
1.
if
, then
,
2.
if
, then
if
, then
,
3.
,
4.
if
, then
if
, then
if
, then
,
5.
,
6.
,
37
Created by XMLmind XSL-FO Converter.
and
Lecture 11
7.
,
8.
if
then
,
2.9. Behaviour Relation of Sequence (cont.)
Theorem 29. In the following we suppose that the predicates
the variable
.
and
respectively. Let
,
, etc. are independent of
are the extensions of the logical functions of
and
. Then:
1.
iff
,
iff
,
2.
and
iff
,
3.
if
then
if
and
,
4.
then
.
2.10. Derivation Rule of Program Sequencing
Theorem 30.
• Let
and
subspaces of state space
• Let
.
and
deterministic problems over
• Let
;
be the sequence of
• For any
with .
.
(defined over
we mark the components of
and
resp. and over parameter space
) and
(defined over
with
).
, the components of
2.11. Derivation Rule of Program Sequencing (cont.)
Theorem 31.
• If
satisfies
and
conditions under precondition
,
•
satisfies
and
conditions under
, and
38
Created by XMLmind XSL-FO Converter.
precondition
Lecture 11
•
, then
.
satisfies
and
precondition.
39
Created by XMLmind XSL-FO Converter.
conditions under
Chapter 12. Lecture 12
1. Reminder
1.1. Program Constructions
• Union
• Superposition
• Sequence
2. Computation of the Value of an Associative
Function
2.1. Notations
• Let
be a set.
• Let
denote an arbitrary associative binary operator over
•
.
is a function describing the single or multiple application of the operator
.
2.2. Notations
• Since
is associative, for any arbitrary sequence
• We write
• We extend
of length at least three:
instead of the infix notation
for sequences of length one:
in the following.
.
2.3. Notations – The Problem
• Let a finite sequence
of the elements of
•
be given.
.
• Let us compute the value of the function
for all
, where
and
.
2.4. The Formal Specification of the Problem
• We represent the sequences
and the values of function
by arrays.
• We specify that the program inevitably reaches a fixed point and the array
fixed point.
40
Created by XMLmind XSL-FO Converter.
contains the values of
in any
Lecture 12
•
.
2.5. The Formal Specification of the Problem
2.6. Properties of Associative Operators
• The computation of the values of
at place
subsequences
is made easier with the knowledge of the value of
indexed by the elements of an arbitrary
for
interval.
• The result computed for a subsequence is useful in the computation of the value of
includes the subsequence.
for any sequence which
2.7. Auxiliary Function
• Let us introduce the auxiliary function
• Let
denote the value of
the last element is
, if
.
for the sequence of which the first element is
and its length is
.
Definition.
The precise definition of the partial function
is:
2.8. Auxiliary Function
Lemma
2.
If
,
then
.
2.9. Substitution of a Function by a Variable
• The two-dimensional array
is introduced to store the known values of
.
• This method is called the substitution of a function by a variable.
• The lines on the next Figure illustrate the connections among the elements of the matrix
• In fixed points
and
,
41
Created by XMLmind XSL-FO Converter.
.
or
Lecture 12
i.e.
is the value of
for an at most length
prefix.
2.10. Substitution of a Function by a Variable
2.11. Variant Function
• Let us choose the variant function
in the following way:
.
• The variant function depends on the number of elements of the matrix
which elements are different from
the value of function
at the corresponding place and on the number of places where the value of the array
is different from the value of function .
2.12. Refining the Specification of the Problem
• We extend the state space and refine the specification of the problem.
2.13. Refining the Specification of the Problem
42
Created by XMLmind XSL-FO Converter.
Lecture 12
2.14. Refining the Specification of the Problem
• The connection between the variables
and the function
is given by the invariants (6)-(8).
2.15. Refining the Specification of the Problem
Lemma 3. The given specification ((4)-(9)) is a refinement of the original specification ((1)(3)).
Proof.
and
in fixed point according to (6).
Using (7) it follows that the equation
fixed point.
Since
,
after
the
holds in
application
of
the
definition
of
, which is the same as property (3).
43
Created by XMLmind XSL-FO Converter.
we
get
Chapter 13. Lecture 13
1. Reminder
1.1. Computation of the Value of an Associative Function
1.2. The Formal Specification of the Problem
1.3. Refined Specification of the Problem
1.4. Refined Specification of the Problem
44
Created by XMLmind XSL-FO Converter.
Lecture 13
2. Solution of the Problem
2.1. Solution of the Problem
2.2. Solution of the Problem
Theorem 32. The abstract program below is a solution for the problem specified by (4)-(9),
i.e., a solution for the problem of the computation of the values of an associative function.
2.3. The Program Solves the Problem
Proof. (6): using the definition of
:
We use invariant properties and apply mathematical induction on
satisfies
in fixed points.
2.4. The Program Solves the Problem
45
Created by XMLmind XSL-FO Converter.
to prove that the program
Lecture 13
Base Case.
. From (7) and
follows
Inductive hypothesis.
.
.
2.5. The Program Solves the Problem
Proof.
• Since
,
contradicts the hypothesis.
• This means (12) can be simplified to
• If
.
, then
, else (11) does not hold.
• Using the inductive hypothesis and
i.e.,
we get
,
.
2.6. The Program Solves the Problem
Proof.
• The last statement contradicts the initial condition:
.
• This means
.
•
, else (12) does not hold.
•
.
• Using the invariant (7) we get
.
• Based on (10)
.
2.7. The Program Solves the Problem
Proof. (5):
• Every statement of the program decreases the variant function by 1 or does not cause state
transition.
• If the program is not in one of its fixed points, then there exists an
and a
corresponding conditional assignment, which assignment increases the value of
there exists an
for which
and the value of
, or
is different from the
value of
2.8. The Program Solves the Problem
Proof. (8):
• Since
initially.
implies
and
, the
• All the assignments change the value of
and
simultaneously.
46
Created by XMLmind XSL-FO Converter.
equality holds
Lecture 13
2.9. The Program Solves the Problem
Proof. (7):
• Since
• Since
,
is initially
.
,
.
• After calculating the weakest preconditions of the assignments it is sufficient to show that
...
2.10. The Program Solves the Problem
Proof.
• After calculating the weakest preconditions of the assignments it is sufficient to show that
•
and
implies the equality for
, i.e.,
and
,
•
and
implies the equality for
, i.e.,
and
.
2.11. The Program Solves the Problem
Proof.
•
.
• n
the
first
case
implies
and
implies
• In
the
second
.
case
implies
and
implies
.
• We
use
the
Lemma:
If
,
.
• In both of the cases the application of the Lemma leads to the statement.
47
Created by XMLmind XSL-FO Converter.
then
Chapter 14. Lecture 14
1. Reminder
1.1. Computation of the Value of an Associative Function
2. Channels
2.1. Channels
•
– queue, buffer for one directional communication
• Error-free, unbounded or bounded
•
– the history of the channel
• Operations:
•
•
(P1)
(P2)
•
•
•
2.2. Semantics of Operations
•
48
Created by XMLmind XSL-FO Converter.
Lecture 14
•
.
•
.
• Locality: any property P of P1 is stable in the other process(es), if
outgoing channels variables of P1 only.
• For any property
, if
and
, then
contains local variables and
is stable in the system.
3. Natural Number Generator
3.1. Example – Natural Number Generator (NNG)
3.2. NNG –Refinement of the Problem
3.3. NNG –Solution
49
Created by XMLmind XSL-FO Converter.
Lecture 14
3.4. The Program Solves the Problem
Proof. (5):
• We show
•
•
3.5. The Program Solves the Problem
Proof. (6):
•
•
3.6. The Program Solves the Problem
Proof. (7):
•
•
and
•
4. Pipeline
4.1. Pipeline
•
•
.
.
•
4.2. Specification of Pipeline
50
Created by XMLmind XSL-FO Converter.
Lecture 14
4.3. Refinement of the Problem
4.4. Refinement of the Problem
Proof.
• By fixed point refinement it is sufficient:
.
• Proof by using the lemma:
.
• The lemma is proved by induction.
4.5. Solution
51
Created by XMLmind XSL-FO Converter.
Chapter 15. Practice 1
1. Definitions
1.1. Relations
• An arbitrary subset of a direct product of sets is called a relation.
• Let
where
and
are arbitrary sets. The domain of the relation
is defined by
1.2. State Space
• Let
is a finite or numerable set.
• The set
is called state space, the sets
• The projections
•
are called type value sets.
are called variables.
is the set of the finite sequences of the points of the state space and
sequences.
• Let
the set of the infinite
.
• A statement is a subset of the direct product
.
1.3. Statements and Effect Relation
• A statement is a subset of the direct product
.
• The effect relation of a statement
.
is denoted by
• The effect relation expresses the functionality of the statement.
•
.
1.4. Partial Function and Logical Relation
• A relation
is called a partial function, if for all
then
the set
has at most one element. If
is a function.
• If
is a relation, where
called a logical relation.
is an arbitrary set and
is the set of the logical values, then
is
1.5. Truth Set
• The truth set of the logical function
• The
sets.
logical
is defined as
functions
are
.
1.6. General Assignment
52
Created by XMLmind XSL-FO Converter.
defined
by
their
truth
Practice 1
• A
statement
over
the
state
space
is
called
empty
and
termed
,
if
.
• Let
,
, where
• The statement
.
is a general assignment defined by
, if
•
.
1.7. Conditional Assignment
• Let be
an assignment, for which
.
• This kind of (simultaneous, nondeterministic) assignment is called a conditional assignment, if
.
• We denote the conditional assignment
the following way:
• Simultaneous,
conditional
nondeterministic,
, if
, if
assignment:
.
,
if
is called the weakest precondition of the postcondition
in
.
• Abbreviation:
1.8. Abstract Parallel Program
•
• The conditional assignment
•
is called the initialization in
is said to be an element of the program
and
.
1.9. Weakest precondition
• The logical function
respect to the statement
.
•
.
•
.
1.10. Strongest Postcondition
• The logical function
•
is called the strongest postcondition of
.
1.11. WP of the Abstract Parallel Program
53
Created by XMLmind XSL-FO Converter.
in respect to
.
Practice 1
•
.
•
.
•
,
• where
.
1.12. Properties of WP
•
•
, if
•
•
•
•
•
1.13. Properties of WP
•
,
•
,
• If
, then
,
•
,
•
.
1.14. Calculating the WP
•
,
is a function and
is a logical relation then
•
•
•
2. Calculating the WP
2.1. Exercise 1.
54
Created by XMLmind XSL-FO Converter.
Practice 1
2.2. Exercise 1.(cont.)
2.3. Exercise 2.
2.4. Exercise 3.
2.5. Exercises
•
,
•
,
•
,
•
,
•
•
,
,
55
Created by XMLmind XSL-FO Converter.
Chapter 16. Practice 2
1. Reminder
1.1. Effect Relation
• A statement is a subset of the direct product
.
• The effect relation of a statement
.
is denoted by
• The effect relation expresses the functionality of the statement.
•
.
1.2. Weakest precondition
• The logical function
respect to the statement
is called the weakest precondition of the postcondition
.
•
.
•
.
1.3. WP of the Abstract Parallel Program
•
.
•
.
•
,
• where
.
1.4. Properties of WP
•
•
, if
•
•
•
•
•
1.5. Properties of WP
•
,
56
Created by XMLmind XSL-FO Converter.
in
Practice 2
•
,
• If
, then
,
•
,
•
.
1.6. Calculating the WP
•
,
is a function and
is a logical relation then
•
•
•
2. Calculating WP(S, R)
2.1. Exercise 1.
2.2. Exercise 1.
2.3. Exercises
•
,
•
,
57
Created by XMLmind XSL-FO Converter.
Practice 2
•
,
;
3. Unless Program Property
3.1. Definition
•
is stable while
.
•
.
•
3.2. Properties
•
•
•
•
•
3.3. Proof 1.
Theorem 33.
Proof.
3.4. Proof 2.
Theorem 34.
Proof.
3.5. Stable Properties
•
• If
does not always hold:
, then P is stable
Counterexample.
58
Created by XMLmind XSL-FO Converter.
Practice 2
4. Calculating Unless
4.1. Exercise 1.
•
;
•
•
•
?
4.2. Exercise 1. (solution)
•
•
•
:
•
•
•
•
:
•
4.3. Exercise 1. (solution)
•
•
•
•
59
Created by XMLmind XSL-FO Converter.
Practice 2
4.4. Simplified Solution
•
•
•
•
•
4.5. Simplified Solution
•
•
•
SKIP execution paths can be omitted
•
4.6. Simplified Solution
•
•
• Condition reordering
•
4.7. Exercise 1. (simplified solution)
•
;
•
•
•
?
4.8. Exercise 1. (simplified solution)
•
• Omitting SKIP branches and reordering conditions
•
:
60
Created by XMLmind XSL-FO Converter.
Practice 2
•
•
•
•
:
•
•
4.9. Exercise 2.
•
;
•
•
•
?
61
Created by XMLmind XSL-FO Converter.
Chapter 17. Practice 3
1. Reminder
1.1. Program Properties
•
.
• Weakest Postcondition
•
.
•
,
• where
.
• Unless
•
is stable while
•
.
.
•
2. Properties of Unless
2.1. Unless and Stable Property
Theorem 35. If
and
, then
Proof. What’s needed?
(wp property)
(lemma)
2.2. Unless and Stable Property
Lemma 4.
62
Created by XMLmind XSL-FO Converter.
.
Practice 3
Proof.
2.3. Unless Is Disjunctive and Conjunctive
Theorem 36.
2.4. Unless Is NOT Transitive
.
does not always hold!
Counterexample.
2.5. Consequence Weakening
Theorem 37.
2.6. Condition Narrowing
.
does not always hold!
Counterexample.
63
Created by XMLmind XSL-FO Converter.
Practice 3
2.7. Cancellation
Theorem 38.
3. Exercises
3.1. Exercise 1.
.
3.2. Exercise 2.
.
64
Created by XMLmind XSL-FO Converter.
Chapter 18. Practice 4
1. Reminder
1.1. Program Properties
•
.
• Weakest Postcondition
•
.
•
,
• where
.
• Unless
•
is stable while
.
•
.
•
2. Ensures
2.1. Ensures Property, Definition
•
is stable while
to
in
and there is a conditional assignment
.
•
.
Ensures.
2.2. Properties
•
•
•
2.3. Proof 1.
Theorem 39.
Proof.
and
65
Created by XMLmind XSL-FO Converter.
which ensures the transition from
Practice 4
is true (see Lecture 2) and
2.4. Properties
•
does not always hold
Counterexample.
and
2.5. Properties
•
does not always hold
Counterexample.
2.6. Properties
•
does not always hold
Counterexample.
3. Calculating Ensures
3.1. Exercise 1.
•
;
•
66
Created by XMLmind XSL-FO Converter.
Practice 4
•
•
?
3.2. Exercise 1. (solution)
•
(see Lecture 2)
•
•
•
:
•
•
•
4. Properties
4.1. Ensures and Stable Property
Theorem 40. If
and
, then
.
Proof. What’s needed?
is true (Unless and Stable property)
, therefore
Needed:
4.2. Ensures and Stable Property
Proof.
and
, then
(wp property)
,
67
Created by XMLmind XSL-FO Converter.
therefore
Practice 4
4.3. Ensures Is NOT Transitive
.
does not always hold!
Counterexample.
4.4. Ensures Is NOT Disjunctive
.
does not always hold!
Counterexample.
4.5. Consequence Weakening
Theorem 41.
4.6. Corollario
Theorem 42.
4.7. Impossibility
Theorem 43.
68
Created by XMLmind XSL-FO Converter.
Practice 4
69
Created by XMLmind XSL-FO Converter.
Chapter 19. Practice 5
1. Reminder
1.1. Program Properties
•
.
• Weakest Postcondition
•
,
• where
.
• Unless
•
.
•
• Ensures
•
.
•
2. Ensures
2.1. Exercise
•
•
•
•
?
3. Leads-to
3.1. Leads-to Property, Definition
•
is the transitive disjunctive closure of relation
is the smallest binary relation satisfying the conditions:
•
• if
.
and
, then
.
70
Created by XMLmind XSL-FO Converter.
.
Practice 5
• Let
denote a countable set. If
, then
.
3.2. Exercise
•
•
4. Properties
4.1. Basic Properties
•
•
•
•
does not always hold
•
does not always hold
•
does not always hold
4.2. Implication Property
Theorem 44.
4.3. Consequence Weakening
Theorem 45.
4.4. Condition Narrowing
.
5. Proof Strategy
5.1. Structural Induction
• Induction on the structure of the proof
• Applied when
appears in the premise of the theorem
71
Created by XMLmind XSL-FO Converter.
Practice 5
• Strategy:
• Base case: prove the theorem for
• Inductive step 1 (transitivity): prove the theorem for
a given
, where
• Inductive step 2 (disjunction): prove the theorem for
and
, where
5.2. Impossibility
Theorem 46.
Proof. Structural induction:
1. Base case:
(Impossibility of
)
5.3. Impossibility
Proof. Structural induction:
2. Induction on transitivity:
, where
and
Inductive hypothesis: the theorem holds for
and
(Inductive hyp.)
(Inductive hyp.)
5.4. Impossibility
Proof. Structural induction:
3. Induction on disjunction:
, where
and
Inductive hypothesis: the theorem holds for
and
(Inductive hyp.)
72
Created by XMLmind XSL-FO Converter.
and
and
for
Practice 5
(Inductive hyp.)
73
Created by XMLmind XSL-FO Converter.
Chapter 20. Practice 6
1. Reminder
1.1. Program Properties
•
.
• Weakest Postcondition
•
,
• where
.
• Unless
•
.
•
• Ensures
•
.
•
1.2. Program Properties
•
is the transitive disjunctive closure of relation
.
is the smallest binary relation satisfying the conditions:
•
• if
• Let
.
and
, then
.
denote a countable set. If
, then
.
1.3. Structural Induction
• Induction on the structure of the proof
• Applied when
appears in the premise of the theorem
• Strategy:
• Base case: prove the theorem for
• Inductive step 1 (transitivity): prove the theorem for
a given
, where
74
Created by XMLmind XSL-FO Converter.
and
for
Practice 6
• Inductive step 2 (disjunction): prove the theorem for
and
, where
and
2. Leads-to Properties
2.1. Leads-to and Stable Property
Theorem 47. If
and
, then
Proof. Structural induction
1. Base case
2. Induction on transitivity
3. Induction on disjunction
2.2. PSP Theorem
Theorem 48. Progress-Safety-Progress Theorem:
Proof. Structural induction
1. Base case
2. Induction on transitivity
3. Induction on disjunction
3. Exercises
3.1. Exercise 1.
.
3.2. Exercise 2.
.
3.3. Exercise 3.
.
75
Created by XMLmind XSL-FO Converter.
.
Practice 6
3.4. Exercise 3.
.
Counterexample.
How can we prove that
?
4. Inevitability
4.1. Inevitability
Inevitability.
, if and only if when on all execution paths leading from
and
satisfying the axiom of the unconditionally fair scheduling there is a node at a finite
unbounded distance from
of which label is an element of the truth set of
, i.e., the
program inevitable reaches the truth set of
started from .
Theorem 49 (
sound and complete).
=
4.2. Inevitability
•
=
• Confuting
is the same as confuting
• Give an unconditionally fair scheduling starting from
that does not reach the truth set of
5. Exercises
5.1. Exercise 3. (cont.)
.
Counterexample.
76
Created by XMLmind XSL-FO Converter.
Practice 6
5.2. Exercise 4.
.
5.3. Exercise 4.
.
Counterexample.
5.4. Exercise 5.
.
5.5. Exercise 6.
.
5.6. Exercise 6.
.
Counterexample.
77
Created by XMLmind XSL-FO Converter.
Practice 6
78
Created by XMLmind XSL-FO Converter.
Chapter 21. Practice 7
1. Reminder
1.1. Program Properties
•
.
•
,
• where
.
•
•
•
is the smallest binary relation satisfying the conditions:
•
.
• if
and
• Let
denote
, then
a
countable
.
set.
If
,
then
.
1.2. Program Properties
• Inevitability:
•
, if and only if when on all execution paths leading from and satisfying the axiom
of the unconditionally fair scheduling there is a node at a finite unbounded distance from of which label
is an element of the truth set of , i.e., the program inevitable reaches the truth set of
started from .
2. Fixed Point Properties
2.1. Fixed Point Properties
• A fixed point is said to be reached in a state of the state space
•
and
:
•
, if none of the statements changes the state.
is a simultaneous, non deterministic conditional assignment, i.e.
, if
denotes the logical function, which characterizes the set of states over which the relation
deterministic, i.e.,
.
2.2. Definitions
Set of fixed point.
79
Created by XMLmind XSL-FO Converter.
is
Practice 7
Set of fixed point with deterministic assignments.
Fixed point properties.
Let us denote by
the set
.
2.3. Exercise 1.
.
2.4. Exercise 1.
.
.
3. Invariant
3.1. Invariant Properties, Definition
•
is the set of logical functions of which truth are preserved by the elements of
started from a state satisfying
•
.
.
•
.
•
and
•
.
and
.
3.2. Exercise 2.
.
80
Created by XMLmind XSL-FO Converter.
if the program is
Practice 7
.
1)
2)
4. Exercises
4.1. Calculate the Properties of the Program 1.
.
4.2. Calculate the Properties of the Program 1.
1.
2.
3.
4.
81
Created by XMLmind XSL-FO Converter.
Practice 7
4.3. Calculate the Properties of the Program 2.
.
4.4. Calculate the Properties of the Program 2.
1.
2.
3.
82
Created by XMLmind XSL-FO Converter.
Chapter 22. Practice 8
1. Reminder
1.1. Program Properties
•
.
•
•
•
•
•
•
•
2. Problem
2.1. Problem
• The problem is defined as a set of specification relations.
• Every specification relation is defined over the powerset of the state space.
• Let
be logical functions.
• We define
•
and
•
2.2. Specification Relations
•
-(
stable unless
•
-(
•
-(
•
,
•
•
•
ensures
-t),
is inevitable from
),
- (fixed point is inevitable from
-(
-(
),
),
holds in any fixed point),
is invariant),
(
initially).
2.3. Problem Definition
83
Created by XMLmind XSL-FO Converter.
Practice 8
• Let
be a state space and let
• The relation
be a finite or numerable set.
, where
is called a problem defined over the state space
.
•
is called the parameter space of the problem.
Two relations expressing boundary properties and five relations expressing transition properties are associated
to every point of set
.
2.4. Notation
• Let
denote an arbitrary element of the domain of the problem.
• Let
denote an element of
• The components of
respectively.
• If
.
are denoted by
then we use
instead of
and by
in the indices for the sake of simplicity.
2.5. Example: Greatest Common Divisor – GCD
.
1.
2.
3.
3. Solution
3.1. Solution
Definition.
84
Created by XMLmind XSL-FO Converter.
Practice 8
The
abstract
parallel
program
is
a
solution
of
the
problem
,
• if
, such that
• the program
satisfies all the specification properties given in the
,
,
components
,
,
,
of
• assuming that the program starts from a state satisfying all the elements of
.
3.2. Solved by a Program
Definition.
The problem
is said to be solved by the program
with respect to an invariant property
, if
such that
the specification properties given in
with respect to
.
and
satisfies all
and the initial conditions
3.3. Solution
.
The program
property
satisfies the specification property , if and only if there exists an invariant
such that the program satisfies
with respect to
, i.e.,
and
•
•
•
•
•
•
•
•
•
•
•
•
3.4. Refinement of fixed point requirement
85
Created by XMLmind XSL-FO Converter.
Practice 8
Theorem 50. If
satisfies
and
, and
, then
satisfies
.
4. Exercise
4.1. Greatest Common Divisor – GCD
.
1.
2.
3.
4.2. Refinement of fixed point requirement
.
1.
2.
86
Created by XMLmind XSL-FO Converter.
Practice 8
3.
4.
4.3. Solution
.
4.4. Refinement of fixed point requirement
• If
satisfies
•
•
and
, and
, then
satisfies
.
4.5. S Solves the Problem
We have to check:
1.
2.
3.
4.
4.6. Step 1.
.
Check:
and
87
Created by XMLmind XSL-FO Converter.
Practice 8
4.7. Step 2.
.
Check:
and
4.8. Step 3.
.
4.9. Step 4.
.
Use the Theorem of Variant Function
Theorem 51.
logical functions,
variant function, for which
is a
.
If
satisfies
, then
satisfies
too.
4.10. Step 4.
.
Check:
and
Then:
Use the variant function:
4.11. Sorting
.
88
Created by XMLmind XSL-FO Converter.
Practice 8
1.
2.
3.
4.12. Refinement of fixed point requirement
.
1.
2.
3.
4.
4.13. Solution
.
89
Created by XMLmind XSL-FO Converter.
Practice 8
90
Created by XMLmind XSL-FO Converter.
Chapter 23. Practice 9
1. Reminder
1.1. Test Scope
• Program Properties
• Checking Program Properties
• Problem
• Solution
2. Test Examples
2.1. Does it hold?
A.
B.
2.2. Check the Properties!
A.
, where
1.
2.
2.3. Check the Properties!
B.
, where
91
Created by XMLmind XSL-FO Converter.
Practice 9
1.
,
2.
2.4. Does S Satisfy the Properties?
A.
(1)
(2)
(3)
(4) If the program terminate, give a variant function which
can be used to proof that S satisfies the
property.
2.5. Does S Satisfy the Properties?
B.
(1)
(2)
(3)
(4) If the program terminate, give a variant function which
can be used to proof that S satisfies the
property.
92
Created by XMLmind XSL-FO Converter.
Practice 9
93
Created by XMLmind XSL-FO Converter.
Chapter 24. Practice 10
1. Reminder
1.1. Where we are now?
• Problem
• Parallel Program
• Solution
2. Channels
2.1. Channels
•
– queue, buffer for one directional communication
• Error-free, unbounded or bounded
•
– the history of the channel
• Operations:
•
•
(P1)
(P2)
•
•
•
2.2. Semantics of Operations
•
•
.
•
.
3. FORK
94
Created by XMLmind XSL-FO Converter.
Practice 10
3.1. FORK
Requirements:
• Data must not be lost.
• New data must not be produced.
• The scheduling must be fair.
• FORK must do something (
is not a good solution).
3.2. The function “split”
A helper function:
•
•
•
• Take the smallest from these functions.
3.3. Specification
3.4. Solution
95
Created by XMLmind XSL-FO Converter.
Practice 10
3.5. The Program Solves the Problem
Proof. (2):
•
•
•
• Lets see:
(
is similar)
•
3.6. The Program Solves the Problem
Proof. (2):
• We have to proof that:
• Lets see the following figure:
96
Created by XMLmind XSL-FO Converter.
Practice 10
3.7. The Program Solves the Problem
Proof. (2):
•
•
• (2) holds based on the definition of the function
.
3.8. The Program Solves the Problem
Proof. (3):
,
•
• (*) There are two cases:
• a.)
and
• b.)
and
• In case of a): we are ready
• In case of b): we can assume that
(based on
)
3.9. The Program Solves the Problem
Proof. (3) b):
• We have to proof that:
• Then go back to step (*)
• That results:
• we can use
•
instead of
is transitive:
3.10. The Program Solves the Problem
Proof. (3):
,
•
• we can use the variant function theorem to proof (3)
•
97
Created by XMLmind XSL-FO Converter.
Chapter 25. Practice 11
1. Reminder
1.1. Channels
•
– queue, buffer for one directional communication
• Error-free, unbounded or bounded
•
– the history of the channel
• Operations:
•
•
(P1)
(P2)
•
•
•
1.2. The function “split”
•
•
•
• Take the smallest from these functions.
2. Multiplexer
2.1. MUX
98
Created by XMLmind XSL-FO Converter.
Practice 11
Requirements:
• Data must not be lost.
• New data must not be produced.
• The scheduling must be fair.
• MUX must do something (
is not a good solution).
2.2. Specification
2.3. Solution
2.4. The Program Solves the Problem
Proof. (2):
•
•
99
Created by XMLmind XSL-FO Converter.
Practice 11
•
•
• Lets see:
(
is similar)
•
2.5. The Program Solves the Problem
Proof. (2):
• We can use the lemma from the previous lecture:
•
•
• (2) holds based on the definition of the function
.
2.6. The Program Solves the Problem
Proof.
(3):
,
,
•
• (*) There are two cases:
• a.)
and
• b.)
and
• In case of a): we are ready
• In case of b): we can assume that
2.7. The Program Solves the Problem
Proof. (3) b):
• We have to proof that:
• Then go back to step (*)
• That results:
• we can use
•
instead of
is transitive:
100
Created by XMLmind XSL-FO Converter.
and
Practice 11
2.8. The Program Solves the Problem
Proof. (3)
,
is similar
3. Exercise
3.1. Specification
3.2. Solution
Does this program solve the specified problem?
3.3. Check the properties of the program!
101
Created by XMLmind XSL-FO Converter.
Practice 11
3.4. Check the properties of the program!
1.
2.
3.
102
Created by XMLmind XSL-FO Converter.
Chapter 26. Practice 12
1. Reminder
1.1. Channels
•
– queue, buffer for one directional communication
• Error-free, unbounded or bounded
•
– the history of the channel
• Special problems: FORK, MUX
2. Pipeline
2.1. Pipeline
•
•
.
.
•
2.2. Specification of Pipeline
103
Created by XMLmind XSL-FO Converter.
Practice 12
2.3. Refinement of the Problem
2.4. Solution
3. Exercise
3.1. Reduction to Pipeline Theorem
• Given the Pipeline Theorem and a similar problem to solve
• The specification of the problem corresponds to the specification of pipeline
• Use the solution of pipeline (S) and transform it according to the correspondence (S’)
• If S solves pipeline, than S’ solves the similar problem
3.2. Example: Approximation of Square Root
• Given
numbers:
• Calculate the square root of the numbers:
• Use the following iteration:
•
•
3.3. Specification of the Problem
104
Created by XMLmind XSL-FO Converter.
Practice 12
3.4. Refinement of the Problem
•
•
,
•
•
3.5. Refinement of the Problem
3.6. Solution
3.7. Exercise 1.
• Given thousands of e-mails:
,
and
• ten different spam filters:
• Calculate
the
average
.
of
the
spam
filters
!
3.8. Exercise 2.
105
Created by XMLmind XSL-FO Converter.
for
every
e-mails:
Practice 12
• Given
values:
• Calculate the “cosine” of every value:
• Use the following rule:
106
Created by XMLmind XSL-FO Converter.
Chapter 27. Practice 13
1. Reminder
1.1. Reminder
• Program Properties:
• Program Construction
2. Union
2.1. Union
Definition.
• Let
and
• Let
denote the largest common subspace of
• Let
extensions to
• If all
be two subspaces of the state space
of two programs on
variables belonging to
(i.e.
and
and
.
and
.
be the
respectively.
get the same value in the assignments
and
), then the program
that is defined on
called the union of
and
, is
.
2.2. Behaviour Relation of Union
Theorem 52. Let
. Then:
1.
2.
3.
4.
for
which
:
5.
107
Created by XMLmind XSL-FO Converter.
Practice 13
6.
7.
.
2.3. Properties Based on the Definition
.
.
.
.
2.4. Counterexample of
.
2.5. Counterexample of
.
;
108
Created by XMLmind XSL-FO Converter.
Practice 13
3. Exercises
3.1. Check the property! (1)
.
3.2. Check the property!(1)
.
Proof.
holds for every program, so it holds for
:
3.3. Check the property! (2)
.
3.4. Check the property! (2)
Proof.
3.5. Check the property! (3)
.
109
Created by XMLmind XSL-FO Converter.
Practice 13
3.6. Check the property! (3)
Proof.
3.7. Check the property! (4)
.
3.8. Check the property! (4)
Counterexample.
3.9. Check the property! (5)
.
3.10. Check the property! (5)
Counterexample.
110
Created by XMLmind XSL-FO Converter.
Practice 13
3.11. Check the property! (6)
.
3.12. Check the property! (7)
.
111
Created by XMLmind XSL-FO Converter.
Chapter 28. Practice 14
1. Reminder
1.1. Test Scope
• Program Properties
• Program Constructions, Union
• Channels
• Checking Program Properties
• Solution
• Reduction to Pipeline Theorem
2. Test Examples
2.1. Does it hold?
A.
B.
2.2. Check the Properties!
A.
is a function defined by the following rules::
•
•
•
, where
has the smallest truth set from these functions
2.3. Check the Properties!
112
Created by XMLmind XSL-FO Converter.
Practice 14
A.
•
•
, if
•
2.4. Check the Properties!
B.
is a function defined by the following rules::
•
•
•
, where
has the smallest truth set from these functions
2.5. Check the Properties!
B.
•
•
, if
•
2.6. Reduction
A.
• Given
values:
• Calculate the value of the function
• Where
• The power of
for every value:
is:
and the factorial must not be recalculated in every step!
2.7. Reduction
113
Created by XMLmind XSL-FO Converter.
Practice 14
B.
• Given
values:
• Calculate the value of the function
• Where
• The power of
for every value:
is:
and the factorial must not be recalculated in every step!
114
Created by XMLmind XSL-FO Converter.