Lecture 4Correctness and Fairness

Verification and Assurance

Concurrent programs can have errors that cannot be discovered by testing.

We review specification or correctness properties.

We use inductive proofs of invariants to ensure correctness of concurrent programs.

As we have seen construction of state diagrams can be impractical for real programs.

We can use a computer program to construct and check a state diagram. Such a program is called a model checker.

Introduction of Specification and Verification

Logical Specification of Correctness Properties

The formula is called an invariant because it must always be true.

Invariants are proved using induction, not over the natural numbers, but over all possible states of computation.

(a) Prove A holds in the initial (base) case.

(b) Assume that A is true is all states up the the current state

(c) Prove that A is true in the next state (inductive step).

If (a) and (c) can be proved we can conclude that A is true for all states of all computations.

Is Mutual Exclusion Enforced?

(p34p5↔wantp " " )

¬ (𝑝 4∧𝑞 4 )

𝑝 3∨𝑝 4∨𝑝5→𝑤𝑎𝑛𝑡𝑝

By induction we can show that and

By symmetric we can argue that what is true for p is true for qso

Mutual Exclusion is enforced if is an invariant.

Basic Concepts of Temporal Logic

The truth value of any logical statement about a computer program may change during its execution. First-order logic does not provide for this circumstance.

Always

Eventually

Duality

Sequences of Operatorseventually will be always true

Order of Operators affects Meaning

Until and Weak-Until

K-Bounded Overtaking

Lamport’s Bakery Algorithm is an example of k-bounded overtaking for what value of k?

Deductive Proof of Dekker's Algorithm

Reasoning about Progress