· web viewdesign of distributed systems. lecture 1. lecture 2. lecture 3. lecture 4. lecture 5....

134
Design of Distributed Systems Melinda Tóth, Zoltán Horváth Created by XMLmind XSL-FO Converter.

Upload: others

Post on 20-Mar-2020

19 views

Category:

Documents


0 download

TRANSCRIPT

Design of Distributed SystemsMelinda Tóth, Zoltán Horváth

Created by XMLmind XSL-FO Converter.

Design of Distributed SystemsMelinda Tóth, Zoltán Horváth

Publication date 2014Copyright © 2014 Melinda Tóth, Zoltán Horváth

Supported by TÁMOP-4.1.2.A/1-11/1-2011-0052.

Created by XMLmind XSL-FO Converter.

Table of Contents1. Lecture 1 .......................................................................................................................................... 1

1. Syllabus .................................................................................................................................. 11.1. Syllabus ...................................................................................................................... 1

2. Motivation .............................................................................................................................. 12.1. Motivation .................................................................................................................. 1

3. Literature ................................................................................................................................ 13.1. Literature 1. ................................................................................................................ 1

4. Introduction ............................................................................................................................ 24.1. Properties of the formal model 1. .............................................................................. 24.2. Properties of the formal model 2. .............................................................................. 24.3. Dining philosophers ................................................................................................... 24.4. Problem specification (requirements) ........................................................................ 34.5. Execution model ........................................................................................................ 44.6. Program, Solution ...................................................................................................... 44.7. Example ..................................................................................................................... 44.8. ................................................................................................................................... 4

2. Lecture 2 .......................................................................................................................................... 51. Example .................................................................................................................................. 5

1.1. An Example: sorting .................................................................................................. 51.2. An Implementation: Sorting ....................................................................................... 51.3. An Implementation: Sorting ....................................................................................... 5

2. Basic Concepts of the Relational Model ................................................................................ 52.1. Concepts ..................................................................................................................... 52.2. Relations .................................................................................................................... 62.3. State Space ................................................................................................................. 62.4. Statements and Effect Relation .................................................................................. 62.5. Example ..................................................................................................................... 62.6. Partial Function and Logical Relation ....................................................................... 62.7. Truth Set ..................................................................................................................... 72.8. Transitive Disjunctive Closure ................................................................................... 72.9. Example TDC Relation .............................................................................................. 8

3. Lecture 3 .......................................................................................................................................... 91. Problem ................................................................................................................................... 9

1.1. Problem ...................................................................................................................... 91.2. Specification Relations .............................................................................................. 91.3. Example ..................................................................................................................... 91.4. Problem Definition .................................................................................................. 101.5. Notation ................................................................................................................... 101.6. Notation ................................................................................................................... 101.7. Example – Value of a Function ................................................................................ 11

2. Abstract Parallel Program ..................................................................................................... 112.1. Abstract parallel program ........................................................................................ 112.2. General Assignment ................................................................................................. 112.3. Example ................................................................................................................... 122.4. Extension ................................................................................................................. 122.5. Conditional Assignment .......................................................................................... 122.6. Example – Abstract Program ................................................................................... 13

Created by XMLmind XSL-FO Converter.

Design of Distributed Systems

4. Lecture 4 ........................................................................................................................................ 141. Reminder .............................................................................................................................. 14

1.1. Problem .................................................................................................................... 141.2. Abstract Parallel Program ........................................................................................ 141.3. Example ................................................................................................................... 14

2. Semantics of the Abstract Program ...................................................................................... 142.1. State Transition Trees .............................................................................................. 142.2. State Transition Trees .............................................................................................. 142.3. Abstract Parallel Program – Definition ................................................................... 152.4. Abstract Parallel Program – Notation ...................................................................... 152.5. Execution ................................................................................................................. 162.6. Reachable States ...................................................................................................... 162.7. Unconditionally Fair Scheduling ............................................................................. 16

3. Program Properties of the Abstract Program ........................................................................ 163.1. Weakest Precondition .............................................................................................. 163.2. Weakest Precondition .............................................................................................. 163.3. Strongest Postcondition ........................................................................................... 17

5. Lecture 5 ........................................................................................................................................ 181. Reminder .............................................................................................................................. 18

1.1. Abstract Parallel Program and Scheduling .............................................................. 181.2. Weakest Precondition and Strongest Postcondition ................................................. 18

2. Program Properties of the Abstract Program ........................................................................ 182.1. Invariant Properties, Definition ............................................................................... 182.2. Strongest Invariant ................................................................................................... 192.3. Always True Properties, Definition ......................................................................... 19

6. Lecture 6 ........................................................................................................................................ 211. Reminder .............................................................................................................................. 21

1.1. Invariant Properties .................................................................................................. 212. Program Properties of the Abstract Program ........................................................................ 21

2.1. Unless Properties, Definition ................................................................................... 212.2. Unless and Invariant Property ................................................................................. 212.3. Ensures Property, Definition .................................................................................... 222.4. Leads-to Property, Definition .................................................................................. 22

7. Lecture 7 ........................................................................................................................................ 241. Reminder .............................................................................................................................. 24

1.1. Program Properties .................................................................................................. 242. Program Properties of the Abstract Program ........................................................................ 24

2.1. Inevitability .............................................................................................................. 242.2. Fixed Point Properties ............................................................................................. 242.3. Definitions ............................................................................................................... 242.4. Example ................................................................................................................... 252.5. Weakening of fixed point property .......................................................................... 252.6. Termination properties ............................................................................................. 252.7. Behaviour relation of abstract program ................................................................... 25

8. Lecture 8 ........................................................................................................................................ 261. Reminder .............................................................................................................................. 26

1.1. Program Properties .................................................................................................. 262. Solution ................................................................................................................................ 26

2.1. Solution .................................................................................................................... 262.2. Reachable states ....................................................................................................... 262.3. Satisfies a specification property ............................................................................. 26

Created by XMLmind XSL-FO Converter.

Design of Distributed Systems

2.4. Satisfies a specification property ............................................................................. 272.5. Satisfies a specification property ............................................................................. 272.6. Satisfies a specification property ............................................................................. 272.7. Satisfies a specification property ............................................................................. 282.8. Satisfies a specification property ............................................................................. 282.9. Solved by a program ................................................................................................ 282.10. Set of solutions ...................................................................................................... 28

9. Lecture 9 ........................................................................................................................................ 291. Reminder .............................................................................................................................. 29

1.1. Solution .................................................................................................................... 291.2. Solved by a Program ................................................................................................ 29

2. Derivation Rules ................................................................................................................... 292.1. Refinement of a Problem ......................................................................................... 292.2. Refinement of Invariant Specification Property ...................................................... 292.3. Refinement of Inevitable Specification Property in Finite Steps ............................ 292.4. Variant Function ....................................................................................................... 302.5. Application of a Variant Function ............................................................................ 302.6. and Variant Function ............................................................................... 302.7. Termination .............................................................................................................. 302.8. Refinement of fixed point requirement ................................................................... 30

10. Lecture 10 .................................................................................................................................... 321. Reminder .............................................................................................................................. 32

1.1. Reminder ................................................................................................................. 322. Program Constructions ......................................................................................................... 32

2.1. Union ....................................................................................................................... 322.2. Behaviour Relation of Union ................................................................................... 322.3. Behaviour Relation of Union ................................................................................... 332.4. Derivation Rule of Union ........................................................................................ 332.5. Union and Subset of the State Spaces (1) ................................................................ 342.6. Union and Subset of the State Spaces (2) ................................................................ 342.7. General Locality Theorem ....................................................................................... 34

11. Lecture 11 ..................................................................................................................................... 361. Reminder .............................................................................................................................. 36

1.1. Union ....................................................................................................................... 362. Program Constructions ......................................................................................................... 36

2.1. Superposition ........................................................................................................... 362.2. Behaviour Relation of Superposition ...................................................................... 362.3. Weak Extension of a Problem .................................................................................. 372.4. Derivation Rule of Superposition ............................................................................ 372.5. Sequence of Programs ............................................................................................. 372.6. Sequence of Programs (cont.) .................................................................................. 382.7. Sequence of Programs (cont.) .................................................................................. 382.8. Behaviour Relation of Sequence ............................................................................. 382.9. Behaviour Relation of Sequence (cont.) .................................................................. 392.10. Derivation Rule of Program Sequencing ............................................................... 392.11. Derivation Rule of Program Sequencing (cont.) ................................................... 39

12. Lecture 12 .................................................................................................................................... 411. Reminder .............................................................................................................................. 41

1.1. Program Constructions ............................................................................................ 412. Computation of the Value of an Associative Function ......................................................... 41

2.1. Notations .................................................................................................................. 41

Created by XMLmind XSL-FO Converter.

Design of Distributed Systems

2.2. Notations .................................................................................................................. 412.3. Notations – The Problem ......................................................................................... 412.4. The Formal Specification of the Problem ................................................................ 412.5. The Formal Specification of the Problem ................................................................ 422.6. Properties of Associative Operators ........................................................................ 422.7. Auxiliary Function ................................................................................................... 422.8. Auxiliary Function ................................................................................................... 422.9. Substitution of a Function by a Variable .................................................................. 422.10. Substitution of a Function by a Variable ................................................................ 432.11. Variant Function ..................................................................................................... 432.12. Refining the Specification of the Problem ............................................................ 432.13. Refining the Specification of the Problem ............................................................ 432.14. Refining the Specification of the Problem ............................................................ 442.15. Refining the Specification of the Problem ............................................................ 44

13. Lecture 13 .................................................................................................................................... 451. Reminder .............................................................................................................................. 45

1.1. Computation of the Value of an Associative Function ............................................ 451.2. The Formal Specification of the Problem ................................................................ 451.3. Refined Specification of the Problem ...................................................................... 451.4. Refined Specification of the Problem ...................................................................... 45

2. Solution of the Problem ........................................................................................................ 462.1. Solution of the Problem ........................................................................................... 462.2. Solution of the Problem ........................................................................................... 462.3. The Program Solves the Problem ............................................................................ 462.4. The Program Solves the Problem ............................................................................ 462.5. The Program Solves the Problem ............................................................................ 472.6. The Program Solves the Problem ............................................................................ 472.7. The Program Solves the Problem ............................................................................ 472.8. The Program Solves the Problem ............................................................................ 472.9. The Program Solves the Problem ............................................................................ 482.10. The Program Solves the Problem .......................................................................... 482.11. The Program Solves the Problem .......................................................................... 48

14. Lecture 14 .................................................................................................................................... 491. Reminder .............................................................................................................................. 49

1.1. Computation of the Value of an Associative Function ............................................ 492. Channels ............................................................................................................................... 49

2.1. Channels .................................................................................................................. 492.2. Semantics of Operations .......................................................................................... 49

3. Natural Number Generator ................................................................................................... 503.1. Example – Natural Number Generator (NNG) ........................................................ 503.2. NNG –Refinement of the Problem .......................................................................... 503.3. NNG –Solution ........................................................................................................ 513.4. The Program Solves the Problem ............................................................................ 513.5. The Program Solves the Problem ............................................................................ 513.6. The Program Solves the Problem ............................................................................ 51

4. Pipeline ................................................................................................................................. 514.1. Pipeline .................................................................................................................... 514.2. Specification of Pipeline .......................................................................................... 524.3. Refinement of the Problem ...................................................................................... 524.4. Refinement of the Problem ...................................................................................... 524.5. Solution .................................................................................................................... 52

Created by XMLmind XSL-FO Converter.

Design of Distributed Systems

15. Practice 1 ...................................................................................................................................... 531. Definitions ............................................................................................................................ 53

1.1. Relations .................................................................................................................. 531.2. State Space ............................................................................................................... 531.3. Statements and Effect Relation ................................................................................ 531.4. Partial Function and Logical Relation ..................................................................... 531.5. Truth Set .................................................................................................................. 531.6. General Assignment ................................................................................................. 541.7. Conditional Assignment .......................................................................................... 541.8. Abstract Parallel Program ........................................................................................ 541.9. Weakest precondition ............................................................................................... 541.10. Strongest Postcondition ......................................................................................... 541.11. WP of the Abstract Parallel Program ..................................................................... 551.12. Properties of WP .................................................................................................... 551.13. Properties of WP .................................................................................................... 551.14. Calculating the WP ................................................................................................ 55

2. Calculating the WP ............................................................................................................... 552.1. Exercise 1. ............................................................................................................... 562.2. Exercise 1.(cont.) ..................................................................................................... 562.3. Exercise 2. ............................................................................................................... 562.4. Exercise 3. ............................................................................................................... 562.5. Exercises .................................................................................................................. 56

16. Practice 2 ...................................................................................................................................... 571. Reminder .............................................................................................................................. 57

1.1. Effect Relation ......................................................................................................... 571.2. Weakest precondition ............................................................................................... 571.3. WP of the Abstract Parallel Program ....................................................................... 571.4. Properties of WP ...................................................................................................... 571.5. Properties of WP ...................................................................................................... 571.6. Calculating the WP .................................................................................................. 58

2. Calculating WP(S, R) ........................................................................................................... 582.1. Exercise 1. ............................................................................................................... 582.2. Exercise 1. ............................................................................................................... 582.3. Exercises .................................................................................................................. 58

3. Unless Program Property ..................................................................................................... 593.1. Definition ................................................................................................................. 593.2. Properties ................................................................................................................. 593.3. Proof 1. .................................................................................................................... 593.4. Proof 2. .................................................................................................................... 593.5. Stable Properties ...................................................................................................... 59

4. Calculating Unless ................................................................................................................ 604.1. Exercise 1. ............................................................................................................... 604.2. Exercise 1. (solution) ............................................................................................... 604.3. Exercise 1. (solution) ............................................................................................... 604.4. Simplified Solution .................................................................................................. 614.5. Simplified Solution .................................................................................................. 614.6. Simplified Solution .................................................................................................. 614.7. Exercise 1. (simplified solution) .............................................................................. 614.8. Exercise 1. (simplified solution) .............................................................................. 624.9. Exercise 2. ............................................................................................................... 62

17. Practice 3 ...................................................................................................................................... 63

Created by XMLmind XSL-FO Converter.

Design of Distributed Systems

1. Reminder .............................................................................................................................. 631.1. Program Properties .................................................................................................. 63

2. Properties of Unless ............................................................................................................. 632.1. Unless and Stable Property ...................................................................................... 632.2. Unless and Stable Property ...................................................................................... 632.3. Unless Is Disjunctive and Conjunctive .................................................................... 642.4. Unless Is NOT Transitive ........................................................................................ 642.5. Consequence Weakening ......................................................................................... 642.6. Condition Narrowing ............................................................................................... 642.7. Cancellation ............................................................................................................. 65

3. Exercises ............................................................................................................................... 653.1. Exercise 1. ............................................................................................................... 653.2. Exercise 2. ............................................................................................................... 65

18. Practice 4 ...................................................................................................................................... 661. Reminder .............................................................................................................................. 66

1.1. Program Properties .................................................................................................. 662. Ensures ................................................................................................................................. 66

2.1. Ensures Property, Definition .................................................................................... 662.2. Properties ................................................................................................................. 662.3. Proof 1. .................................................................................................................... 662.4. Properties ................................................................................................................. 672.5. Properties ................................................................................................................. 672.6. Properties ................................................................................................................. 67

3. Calculating Ensures .............................................................................................................. 673.1. Exercise 1. ............................................................................................................... 673.2. Exercise 1. (solution) ............................................................................................... 68

4. Properties .............................................................................................................................. 684.1. Ensures and Stable Property .................................................................................... 684.2. Ensures and Stable Property .................................................................................... 684.3. Ensures Is NOT Transitive ....................................................................................... 694.4. Ensures Is NOT Disjunctive .................................................................................... 694.5. Consequence Weakening ......................................................................................... 694.6. Corollario ................................................................................................................. 694.7. Impossibility ............................................................................................................ 69

19. Practice 5 ...................................................................................................................................... 711. Reminder .............................................................................................................................. 71

1.1. Program Properties .................................................................................................. 712. Ensures ................................................................................................................................. 71

2.1. Exercise ................................................................................................................... 713. Leads-to ................................................................................................................................ 71

3.1. Leads-to Property, Definition .................................................................................. 713.2. Exercise ................................................................................................................... 72

4. Properties .............................................................................................................................. 724.1. Basic Properties ....................................................................................................... 724.2. Implication Property ................................................................................................ 724.3. Consequence Weakening ......................................................................................... 724.4. Condition Narrowing ............................................................................................... 72

5. Proof Strategy ....................................................................................................................... 725.1. Structural Induction ................................................................................................. 725.2. Impossibility ............................................................................................................ 735.3. Impossibility ............................................................................................................ 73

Created by XMLmind XSL-FO Converter.

Design of Distributed Systems

5.4. Impossibility ............................................................................................................ 7320. Practice 6 ...................................................................................................................................... 75

1. Reminder .............................................................................................................................. 751.1. Program Properties .................................................................................................. 751.2. Program Properties .................................................................................................. 751.3. Structural Induction ................................................................................................. 75

2. Leads-to Properties ............................................................................................................... 762.1. Leads-to and Stable Property ................................................................................... 762.2. PSP Theorem ........................................................................................................... 76

3. Exercises ............................................................................................................................... 763.1. Exercise 1. ............................................................................................................... 763.2. Exercise 2. ............................................................................................................... 763.3. Exercise 3. ............................................................................................................... 763.4. Exercise 3. ............................................................................................................... 77

4. Inevitability .......................................................................................................................... 774.1. Inevitability .............................................................................................................. 774.2. Inevitability .............................................................................................................. 77

5. Exercises ............................................................................................................................... 775.1. Exercise 3. (cont.) .................................................................................................... 775.2. Exercise 4. ............................................................................................................... 785.3. Exercise 4. ............................................................................................................... 785.4. Exercise 5. ............................................................................................................... 785.5. Exercise 6. ............................................................................................................... 785.6. Exercise 6. ............................................................................................................... 78

21. Practice 7 ...................................................................................................................................... 801. Reminder .............................................................................................................................. 80

1.1. Program Properties .................................................................................................. 801.2. Program Properties .................................................................................................. 80

2. Fixed Point Properties .......................................................................................................... 802.1. Fixed Point Properties ............................................................................................. 802.2. Definitions ............................................................................................................... 812.3. Exercise 1. ............................................................................................................... 812.4. Exercise 1. ............................................................................................................... 81

3. Invariant ............................................................................................................................... 813.1. Invariant Properties, Definition ............................................................................... 813.2. Exercise 2. ............................................................................................................... 82

4. Exercises .............................................................................................................................. 824.1. Calculate the Properties of the Program 1. .............................................................. 824.2. Calculate the Properties of the Program 1. .............................................................. 824.3. Calculate the Properties of the Program 2. .............................................................. 834.4. Calculate the Properties of the Program 2. .............................................................. 83

22. Practice 8 ...................................................................................................................................... 841. Reminder .............................................................................................................................. 84

1.1. Program Properties .................................................................................................. 842. Problem ................................................................................................................................ 84

2.1. Problem .................................................................................................................... 842.2. Specification Relations ............................................................................................ 842.3. Problem Definition .................................................................................................. 852.4. Notation ................................................................................................................... 852.5. Example: Greatest Common Divisor – GCD .......................................................... 85

3. Solution ................................................................................................................................ 85

Created by XMLmind XSL-FO Converter.

Design of Distributed Systems

3.1. Solution .................................................................................................................... 853.2. Solved by a Program ................................................................................................ 863.3. Solution .................................................................................................................... 863.4. Refinement of fixed point requirement ................................................................... 87

4. Exercise ................................................................................................................................ 874.1. Greatest Common Divisor – GCD ........................................................................... 874.2. Refinement of fixed point requirement ................................................................... 874.3. Solution .................................................................................................................... 884.4. Refinement of fixed point requirement ................................................................... 884.5. S Solves the Problem ............................................................................................... 884.6. Step 1. ...................................................................................................................... 884.7. Step 2. ...................................................................................................................... 894.8. Step 3. ...................................................................................................................... 894.9. Step 4. ...................................................................................................................... 894.10. Step 4. .................................................................................................................... 894.11. Sorting .................................................................................................................... 894.12. Refinement of fixed point requirement ................................................................. 904.13. Solution .................................................................................................................. 91

23. Practice 9 ...................................................................................................................................... 921. Reminder .............................................................................................................................. 92

1.1. Test Scope ................................................................................................................ 922. Test Examples ....................................................................................................................... 92

2.1. Does it hold? ............................................................................................................ 922.2. Check the Properties! ............................................................................................... 922.3. Check the Properties! ............................................................................................... 922.4. Does S Satisfy the Properties? ................................................................................. 932.5. Does S Satisfy the Properties? ................................................................................. 93

24. Practice 10 .................................................................................................................................... 951. Reminder .............................................................................................................................. 95

1.1. Where we are now? ................................................................................................. 952. Channels ............................................................................................................................... 95

2.1. Channels .................................................................................................................. 952.2. Semantics of Operations .......................................................................................... 95

3. FORK ................................................................................................................................... 963.1. FORK ....................................................................................................................... 963.2. The function “split” ................................................................................................. 963.3. Specification ............................................................................................................ 963.4. Solution .................................................................................................................... 963.5. The Program Solves the Problem ............................................................................ 973.6. The Program Solves the Problem ............................................................................ 973.7. The Program Solves the Problem ............................................................................ 983.8. The Program Solves the Problem ............................................................................ 983.9. The Program Solves the Problem ............................................................................ 983.10. The Program Solves the Problem .......................................................................... 99

25. Practice 11 ................................................................................................................................. 1001. Reminder ............................................................................................................................ 100

1.1. Channels ................................................................................................................ 1001.2. The function “split” ............................................................................................... 100

2. Multiplexer ......................................................................................................................... 1002.1. MUX ...................................................................................................................... 1002.2. Specification .......................................................................................................... 101

Created by XMLmind XSL-FO Converter.

Design of Distributed Systems

2.3. Solution ................................................................................................................. 1012.4. The Program Solves the Problem .......................................................................... 1012.5. The Program Solves the Problem .......................................................................... 1022.6. The Program Solves the Problem .......................................................................... 1022.7. The Program Solves the Problem .......................................................................... 1022.8. The Program Solves the Problem .......................................................................... 103

3. Exercise .............................................................................................................................. 1033.1. Specification .......................................................................................................... 1033.2. Solution ................................................................................................................. 1033.3. Check the properties of the program! .................................................................... 1033.4. Check the properties of the program! .................................................................... 104

26. Practice 12 ................................................................................................................................. 1051. Reminder ............................................................................................................................ 105

1.1. Channels ................................................................................................................ 1052. Pipeline ............................................................................................................................... 105

2.1. Pipeline .................................................................................................................. 1052.2. Specification of Pipeline ....................................................................................... 1052.3. Refinement of the Problem .................................................................................... 1062.4. Solution ................................................................................................................. 106

3. Exercise .............................................................................................................................. 1063.1. Reduction to Pipeline Theorem ............................................................................. 1063.2. Example: Approximation of Square Root ............................................................. 1063.3. Specification of the Problem ................................................................................. 1063.4. Refinement of the Problem .................................................................................... 1073.5. Refinement of the Problem .................................................................................... 1073.6. Solution ................................................................................................................. 1073.7. Exercise 1. ............................................................................................................. 1073.8. Exercise 2. ............................................................................................................. 107

27. Practice 13 ................................................................................................................................. 1091. Reminder ............................................................................................................................ 109

1.1. Reminder ............................................................................................................... 1092. Union .................................................................................................................................. 109

2.1. Union ..................................................................................................................... 1092.2. Behaviour Relation of Union ................................................................................ 1092.3. Properties Based on the Definition ........................................................................ 1102.4. Counterexample of ............................................................................... 1102.5. Counterexample of ............................................................................... 110

3. Exercises ............................................................................................................................ 1113.1. Check the property! (1) ......................................................................................... 1113.2. Check the property!(1) .......................................................................................... 1113.3. Check the property! (2) ......................................................................................... 1113.4. Check the property! (2) ......................................................................................... 1113.5. Check the property! (3) ......................................................................................... 1113.6. Check the property! (3) ......................................................................................... 1123.7. Check the property! (4) ......................................................................................... 1123.8. Check the property! (4) ......................................................................................... 1123.9. Check the property! (5) ......................................................................................... 1123.10. Check the property! (5) ....................................................................................... 1123.11. Check the property! (6) ....................................................................................... 1133.12. Check the property! (7) ....................................................................................... 113

28. Practice 14 ................................................................................................................................. 114

Created by XMLmind XSL-FO Converter.

Design of Distributed Systems

1. Reminder ............................................................................................................................ 1141.1. Test Scope .............................................................................................................. 114

2. Test Examples .................................................................................................................... 1142.1. Does it hold? .......................................................................................................... 1142.2. Check the Properties! ............................................................................................ 1142.3. Check the Properties! ............................................................................................ 1152.4. Check the Properties! ............................................................................................ 1152.5. Check the Properties! ............................................................................................ 1152.6. Reduction ............................................................................................................... 1152.7. Reduction ............................................................................................................... 116

Created by XMLmind XSL-FO Converter.

Chapter 1. Lecture 11. Syllabus1.1. Syllabus• Dining/drinking philosophers

• Distributed problems

• Formal specification and properties of distributed systems

• Safety and progress properties of distributed programs

• Verification of safety critical properties

• Program compositions from components with proved properties

• Computing the value of an associative function

• Computing the value of an associative function

2. Motivation2.1. MotivationMotivation for using formal methods:

• safety critical applications

• safe application of software components

• primary goal: sound concepts about distributed and parallel programs

3. Literature3.1. Literature 1.• Chandy, K.M., Misra, J.: Parallel Program Design - A Foundation. Addison-Wesley, 1989.

• Misra, J.: A Discipline of Multiprogramming - Programming Theory for Distributed Applications. Springer, 2001.

• Horváth Z.: Parallel asynchronous computation of the values of an associative function. Acta Cybernetica, Vol.12, No. 1, Szeged (1995) 83-94.

• Horváth Z.: The Formal Specification of a Problem Solved by a Parallel Program – a Relational Model.

• Fóthi Á.- Horváth Z.- Kozsik T.: Parallel Elementwise Processing – A Novel Version. Annales Uni. Sci. Budapest de R. Eötvös Nom. Sectio Computatorica (1996).

• Horváth Z.- Kozsik T.- Venczel T.: On Composing Problems and Parallel Programs. In: Paakki J., ed., Proceedings of the Fifth Symposium on Programming Languages and Software Tools, Jyväskylä, Finland, June 7-8, 1997 (1997) Report C-1997-37, University of Helsinki, 1-12.

• Horváth Z.- Kozsik T.- Venczel T.: Parallel Programs Implementing Abstract Data Type Operations. Pure Mathematics and Applications (PU.M.A.)., Volume 11 (2000), Number 2. pp. 293-308.

Created by XMLmind XSL-FO Converter.

Lecture 1

4. Introduction4.1. Properties of the formal model 1.We need a formal model, which is appropriate for specification of problems and developing the solutions of problems in case of parallel and distributed systems.

4.2. Properties of the formal model 2.The introduced model

• is an extension of a relational model of nondeterministic sequential programs,

• provides tools for stepwise refinement of problems, in a functional approach,

• uses the concept of iterative abstract program of UNITY,

• the concept of solution is based on the comparison of the problem as a relation and the behaviour relation of the program.

4.3. Dining philosophers

States:

• thinking: t

Created by XMLmind XSL-FO Converter.

Lecture 1

• forks in hands: f

• eating: e

• at home: h

4.4. Problem specification (requirements)

:

• unless:

• unless:

• ensures:

• inevitable leads-to:

• invariant:

• fixed point:

• termination:

Created by XMLmind XSL-FO Converter.

Lecture 1

Help: thinking: t, forks in hands: f, eating: e, at home: h

4.5. Execution model

, if .

Abstract execution model

• No control flow, free processors select assignments asynchronously

4.6. Program, Solution

, if .

Program

• scheduling, processes, location, communication infrastructure, language

Solution

• Specification requirements are satisfied by program properties

4.7. Example

, if .

Example

• C/PVM PC-cluster (Parallel Virtual Machine)

• Erlang VM cluster

4.8. • The notion of the state space makes it possible to define the semantical meaning of a problem independently

of any program.

• The generalized concept of a problem is applicable for cases in which termination is not required but the behaviour of the specified system is restricted by safety and progress properties.

• The solution of a problem may be a sequential program, a parallel one, or even a program built up from both sequential and parallel components.

Created by XMLmind XSL-FO Converter.

Chapter 2. Lecture 21. Example1.1. An Example: sorting

1.2. An Implementation: SortingA valid implementation: the code for the i-th processor:

 loop   < lock a(i) and a(i+1) >   x := a(i);   y := a(i+1);   if x > y then      a(i+1):=x;      a(i):= y;   end if;   < unlock a(i) and a(i+1) >  end loop;

processes.

1.3. An Implementation: SortingA sequential program:

 loop    for i=1 to n-1 do      x := a(i);      y := a(i+1);      if x > y then        a(i+1):=x;        a(i):= y;      end if;    end for  end loop

2. Basic Concepts of the Relational Model2.1. ConceptsA programming model defines

• the semantics of problems and programs

• operations for problem and program constructions

• when a program solves a program.

Relational model:

• the elements of the semantic domain are relations

Created by XMLmind XSL-FO Converter.

Lecture 2

2.2. Relations• An arbitrary subset of a direct product of sets is called a relation.

• Let where and are arbitrary sets. The domain of the relation is defined by

2.3. State Space• Let is a finite or numerable set.

• The set is called state space, the sets are called type value sets.

• The projections are called variables.

• is the set of the finite sequences of the points of the state space and the set of the infinite sequences.

• Let .

• A statement is a subset of the direct product .

2.4. Statements and Effect Relation• A statement is a subset of the direct product .

• The effect relation of a statement is denoted by .

• The effect relation expresses the functionality of the statement.

• .

2.5. Example

 var i,j : integer;  j:=2;  while i <> 5 loop    i:=i+j  end loop

• State space: ,

• variables: ,

• seq. program:

,

, etc.

• effect relation: .

2.6. Partial Function and Logical Relation

• A relation is called a partial function, if for all the set has at most one

Created by XMLmind XSL-FO Converter.

Lecture 2

element. If then is a function.

• If is a relation, where is an arbitrary set and is the set of the logical values, then is called a logical relation.

2.7. Truth Set• The truth set of the logical function is defined as

• The logical functions are defined by their truth sets.  .

2.8. Transitive Disjunctive Closure

• The power-set (set of subsets) of set is denoted by .

• relation is the transitive disjunctive closure of relation

, if is the smallest relation, for which holds:

Created by XMLmind XSL-FO Converter.

Lecture 2

• if and , then

• for any numerable set :

.

2.9. Example TDC Relation

,

,

,

Created by XMLmind XSL-FO Converter.

Chapter 3. Lecture 31. Problem1.1. Problem• The problem is defined as a set of specification relations.

• Every specification relation is defined over the powerset of the state space.

• Let be logical functions.

• We define

• and

1.2. Specification Relations• - ( stable unless ),

• - ( ensures -t),

• - ( is inevitable from ),

• , - (fixed point is inevitable from ),

• - ( holds in any fixed point),

• - ( is invariant),

• ( initially).

1.3. Example

• , .

• According to specification requirement the program is enabled to change state

to state only.

• According to the specification relation the variable is non-decreasing and can be increased one by one.

Created by XMLmind XSL-FO Converter.

Lecture 3

1.4. Problem Definition• Let be a state space and let be a finite or numerable set.

• The relation , where

is called a problem defined over the state space .

• is called the parameter space of the problem.

Two relations expressing boundary properties and five relations expressing transition properties are associated to every point of set .

1.5. Notation• Let denote an arbitrary element of the domain of the problem.

• Let denote an element of .

• The components of are denoted by and by respectively.

• If then we use instead of in the indices for the sake of simplicity.

1.6. Notation

Created by XMLmind XSL-FO Converter.

Lecture 3

1.7. Example – Value of a Function

,

.

2. Abstract Parallel Program2.1. Abstract parallel programThe abstract program is a relation

• generated by a set of conditional assignments;

• assignments are selected nondeterministically,

• executions of different processors are fairly interleaved.

• a fixed point is said to be reached in a state, if any statement in that state leaves the state unchanged.

2.2. General Assignment• A statement over the state space is called empty and termed , if

.

• Let , , where .

• The statement is a general assignment defined by , if

Created by XMLmind XSL-FO Converter.

Lecture 3

.

2.3. Example• x,y : N,

• x,y := x+y, x-y,

• ,

• ,

• F(2,3)=?, F(3,2)=?

2.4. Extension• We extend the domain of a relation for the whole state space in the following way:

• ,

• ,

• ,

• where .

• Let .

• The relation is the extension of for the truth set of condition , i.e.,

• , if and

• , otherwise.

• .

2.5. Conditional Assignment

• Let be an assignment, for which .

• This kind of (simultaneous, nondeterministic) assignment is called a conditional assignment, if

.

• We denote the conditional assignment the following way: , if

.

• Simultaneous, nondeterministic, conditional assignment: , if , if .

• Abbreviation:

Created by XMLmind XSL-FO Converter.

Lecture 3

2.6. Example – Abstract Program

, if

• Atomicity:

• if no atomicity:

• there is no state, when is 6.

Created by XMLmind XSL-FO Converter.

Chapter 4. Lecture 41. Reminder1.1. Problem• The problem is defined as a set of specification relations.

• Every specification relation is defined over the powerset of the state space.

• Let be logical functions.

• We define

• and

1.2. Abstract Parallel ProgramThe abstract program is a relation

• generated by a set of conditional assignments;

• assignments are selected nondeterministically,

• executions of different processors are fairly interleaved.

• a fixed point is said to be reached in a state, if any statement in that state leaves the state unchanged.

1.3. Example

, if

2. Semantics of the Abstract Program2.1. State Transition Trees• Let be an ordered pair of a conditional assignment and of a nonempty, finite set of conditional

assignments, such that

• ,

• where , .

• The semantics of the abstract program is defined as a binary relation which associates equivalence classes of correctly labeled state transition trees to the points of the state space.

2.2. State Transition Trees• The labeled state transition trees are generated by the ordered pair

Created by XMLmind XSL-FO Converter.

Lecture 4

• of the effect relation of the initial assignment and

• of the UP(S) disjoint union of the effect relations of the elements of the abstract program.

2.3. Abstract Parallel Program – Definition

• The relation is called an abstract parallel program, if

• it associates equivalence classes of labelled transition trees to the element ,

• which trees are generated at by the ordered pairs of relations and

• have a correct labelling.

2.4. Abstract Parallel Program – Notation

• The abstract parallel program generated by is abbreviated by in the following.

• The conditional assignment is called the initialization in and

• is said to be an element of the program .

Created by XMLmind XSL-FO Converter.

Lecture 4

2.5. Execution

• Any path of a representative of the equivalence class is called an execution path of the abstract parallel program starting in the state .

• Any concurrent execution of conditional assignments should satisfy the requirement of serializibility.

• Every execution path of the abstract parallel program represents a possible sequential execution sequence of the assignments.

• The introduced semantics is an interleaving semantics of parallel programs.

2.6. Reachable States

• The labels (states) along the execution paths of set is denoted by .

• is the set of reachable states from state .

2.7. Unconditionally Fair Scheduling• An execution path corresponds to the requirement of unconditionally fair scheduling,

• if every statement is selected infinitely times along the path, i.e.

• every label from index set is associated infinitely often to the vertices of the path.

3. Program Properties of the Abstract Program3.1. Weakest Precondition• The program properties are defined in terms of the weakest precondition of the element statements of the

abstract program.

• The logical function is called the weakest precondition of the postcondition in respect to the statement .

• We define .

3.2. Weakest Precondition

• .

• .

Created by XMLmind XSL-FO Converter.

Lecture 4

3.3. Strongest Postcondition

• The logical function is called the strongest postcondition of in respect to .

• .

Created by XMLmind XSL-FO Converter.

Chapter 5. Lecture 51. Reminder1.1. Abstract Parallel Program and Scheduling

• The abstract parallel program generated by is abbreviated by in the following.

• The conditional assignment is called the initialization in and

• is said to be an element of the program .

• An execution path corresponds to the requirement of unconditionally fair scheduling, if every statement is selected infinitely times along the path, i.e. every label from index set is associated infinitely often to the vertices of the path.

1.2. Weakest Precondition and Strongest Postcondition

• .

• .

• .

2. Program Properties of the Abstract Program2.1. Invariant Properties, Definition

• is the set of logical functions of which truth are preserved by the elements of if the program is started from a state satisfying .

• .

• .

• and .

Created by XMLmind XSL-FO Converter.

Lecture 5

2.2. Strongest Invariant

Lemma 1 (Conjunction of invariants). is closed for the conjunction operation.

• is the conjunction of the elements of the set

• is the strongest invariant.

Theorem 1. The truth set of is the set of reachable states from .

2.3. Always True Properties, Definition

• .

• .

Created by XMLmind XSL-FO Converter.

Lecture 5

• Always true is not invariant.

Created by XMLmind XSL-FO Converter.

Chapter 6. Lecture 61. Reminder1.1. Invariant Properties

• is the set of logical functions of which truth are preserved by the elements of if the program is started from a state satisfying .

• is the conjunction of the elements of the set

• is the strongest invariant.

2. Program Properties of the Abstract Program2.1. Unless Properties, Definition• is stable while .

• .

Unless.

2.2. Unless and Invariant Property

Theorem 2. If and , then .

Theorem 3. If and , then .

Created by XMLmind XSL-FO Converter.

Lecture 6

2.3. Ensures Property, Definition• is stable while in and there is a conditional assignment which ensures the

transition from to .

• .

Ensures.

Theorem 4. If and , then .

2.4. Leads-to Property, Definition

• is the transitive disjunctive closure of relation .

Created by XMLmind XSL-FO Converter.

Lecture 6

is the smallest binary relation satisfying the conditions:

• .

• if and , then .

• Let denote a countable set. If , then .

Theorem 5. If and , then .

Created by XMLmind XSL-FO Converter.

Chapter 7. Lecture 71. Reminder1.1. Program Properties

• is the smallest binary relation satisfying the conditions:

• .

• if and , then .

• Let denote an countable set. If , then

.

2. Program Properties of the Abstract Program2.1. Inevitability

Inevitability.

, if and only if when on all execution paths leading from and satisfying the axiom of the unconditionally fair scheduling there is a node at a finite unbounded distance from of which label is an element of the truth set of , i.e., the program inevitable reaches the truth set of started from .

Theorem 6 ( sound and complete). =

2.2. Fixed Point Properties• A fixed point is said to be reached in a state of the state space , if none of the statements changes the

state.

• and is a simultaneous, non deterministic conditional

assignment, i.e. : , if

• denotes the logical function, which characterizes the set of states over which the relation

is deterministic, i.e., .

2.3. DefinitionsSet of fixed point.

Created by XMLmind XSL-FO Converter.

Lecture 7

Set of fixed point with deterministic assignments.

Fixed point properties.

Let us denote by the set .

2.4. Example

• , ha .

• .

2.5. Weakening of fixed point property

Theorem 7. If and , then .

2.6. Termination propertiesTermination properties.

denotes the set

2.7. Behaviour relation of abstract programBehaviour relation.

Let be a program over the state space . The system of relations is called the behaviour relation of the

parallel program .

Created by XMLmind XSL-FO Converter.

Chapter 8. Lecture 81. Reminder1.1. Program Properties• Invariant

• Unless

• Ensures

• Leads-to

• Fixed point

• Termination

2. Solution2.1. Solution

Definition.

The abstract parallel program is a solution of the problem

,

• if , such that

• the program satisfies all the specification properties given in the , , , , , components

of

• assuming that the program starts from a state satisfying all the elements of .

2.2. Reachable states• The truth set of an invariant property may be regarded as a characterization of a subset of reachable states.

• It is sufficient for us, if the program satisfies all properties over the truth set of an invariant property.

2.3. Satisfies a specification propertyDefinition.

The program satisfies the specification property , if and only if

• there exists an invariant property such that the program satisfies with respect to , i.e.,

• and .

Created by XMLmind XSL-FO Converter.

Lecture 8

Theorem 8. The program satisfies the specification property , if it satisfies with respect to the strongest invariant, i.e. is an always true program

property: ( ).

2.4. Satisfies a specification propertyDefinition.

The program satisfies the specification property , if and only if

• there exists an invariant property such that the program satisfies with respect to , i.e.,

• and .

Theorem 9. The program satisfies the specification property , if it satisfies with respect to the strongest invariant, i.e.

.

2.5. Satisfies a specification propertyDefinition.

The program satisfies the specification property , if and only if

• there exists an invariant such that the program satisfies with respect to , i.e.,

• and

Theorem 10. The program satisfies the specification property , if it satisfies with respect to the strongest invariant, i.e.

.

2.6. Satisfies a specification propertyDefinition.

The program satisfies the specification property , if and only if

• there exists an invariant such that the program satisfies with respect to , i.e.,

• and

Theorem 11. The program satisfies the specification property , if it satisfies with respect to the strongest invariant, i.e.

.

Created by XMLmind XSL-FO Converter.

Lecture 8

2.7. Satisfies a specification propertyDefinition.

The program satisfies the specification property , if and only if

• there exists an invariant such that the program satisfies with respect to , i.e.,

• and .

Theorem 12. The program satisfies the specification property , if it satisfies with respect to the strongest invariant, i.e.

.

2.8. Satisfies a specification propertyDefinition.

The program satisfies the specification property , if and only if

• there exists an invariant such that the program satisfies ( ) with respect to , i.e.,

• and .

Theorem 13. The program satisfies the specification property , if it satisfies with respect to the strongest invariant, i.e.

.

2.9. Solved by a programDefinition.

The problem is said to be solved by the program with respect to an invariant

property , if such that and satisfies all the specification properties given in with respect to and the initial conditions .

2.10. Set of solutionsDefinition.

We define as the set of all abstract parallel programs that solve the problem .

Created by XMLmind XSL-FO Converter.

Chapter 9. Lecture 91. Reminder1.1. Solution

Definition.

The abstract parallel program is a solution of the problem

,

• if , such that

• the program satisfies all the specification properties given in the , , , , , components

of

• assuming that the program starts from a state satisfying all the elements of .

1.2. Solved by a ProgramDefinition.

The problem is said to be solved by the program with respect to an invariant

property , if such that and satisfies all the specification properties given in with respect to and the initial conditions .

2. Derivation Rules2.1. Refinement of a Problem

Definition.

Let be problems defined over the state space .

If : solves solves , then the problem is a refinement of the problem .

2.2. Refinement of Invariant Specification Property Theorem 14. If the abstract program satisfies the specification properties

and , then satisfies the specification property too.

2.3. Refinement of Inevitable Specification Property in Finite Steps

Theorem 15. satisfies to the specification property , if it can be derived by finite number of application of the following rules:

Created by XMLmind XSL-FO Converter.

Lecture 9

1.

if satisfies , then satisfies too.

2.

Transitivity: if satisfies and satisfies , then satisfies too.

3.

Disjunctivity: for all W numerable set: if satisfies , then satisfies

too.

2.4. Variant FunctionDefinition.

• is a variant function.

• are logical functions:

• ,

• .

2.5. Application of a Variant Function Theorem 16. logical functions, is a variant function, for which .

If satisfies , then satisfies

too.

2.6.  and Variant Function

Theorem 17. logical functions, is a variant function, for which .

If satisfies , then satisfies

too.

2.7. Termination

Theorem 18. and is a variant function, for which . If satisfies

for all , then satisfies .

2.8. Refinement of fixed point requirement

Created by XMLmind XSL-FO Converter.

Lecture 9

Theorem 19. If satisfies and , and , then satisfies .

Created by XMLmind XSL-FO Converter.

Chapter 10. Lecture 101. Reminder1.1. Reminder• Problem

• Parallel Abstract Program

• Properties of the Programs

• Solution

• Derivation Rules

2. Program Constructions2.1. Union

Definition.

• Let and be two subspaces of the state space .

• Let denote the largest common subspace of and .

• Let and be the extensions to of two programs on and respectively.

• If all variables belonging to get the same value in the assignments

and (i.e. ), then the program

that is defined on , is called the union of and .

2.2. Behaviour Relation of Union

Theorem 20. Let . Then:

1.

2.

3.

4.

Created by XMLmind XSL-FO Converter.

Lecture 10

for which :

5.

6.

7.

.

2.3. Behaviour Relation of Union Theorem 21. Let and be two problems over a common state space and parameter space

1.

2.

,

3.

,

4.

,

5.

,

6.

,

7.

.

2.4. Derivation Rule of Union Theorem 22.

Created by XMLmind XSL-FO Converter.

Lecture 10

1.

Let and be two problems over a common state space and parameter space .

2.

Let and be two programs extended to state space , and let the union of this programs exist.

3.

If is a solution of with respect to and is a solution of with respect to and

4.

,

5.

then is a solution of .

2.5. Union and Subset of the State Spaces (1) Theorem 23. Let , a logical function on state space in such a way, that and

.  In this case:

• if , then ,

• if , then ,

• if , then .

2.6. Union and Subset of the State Spaces (2) Theorem 24. Let , a logical function on state space in such a way that ,

. In this case

• if , then ,

• if , then ,

• if and , then .

2.7. General Locality Theorem

Theorem 25. and are programs on the same state space. denotes the variables in abstract program . . If

Created by XMLmind XSL-FO Converter.

Lecture 10

1, then

• ,

• és .

11

Created by XMLmind XSL-FO Converter.

Chapter 11. Lecture 111. Reminder1.1. Union

Definition.

• Let and be two subspaces of the state space .

• Let denote the largest common subspace of and .

• Let and be the extensions to of two programs on and respectively.

• If all variables belonging to get the same value in the assignments

and (i.e. ), then the program

that is defined on , is called the union of and .

2. Program Constructions2.1. Superposition

Definition.

• Let be a subspace of and let be a program over .

• Let be a conditional assignment defined over in such a way, that none of the variables of appear on the left hand side in .

• Let denote the superposition of and .

• Let be the extension of to .

The

a) and the

b) , where

programs are called superpositions of the program and the assignment.

2.2. Behaviour Relation of Superposition Theorem 26. Let the program over state space be a superposition of the

program and the statement , if , where is a program over the subspace of . Let and

be two logical functions over and let and denote the

Created by XMLmind XSL-FO Converter.

Lecture 11

extension of and to . is the extension of the logical function and

.

1.

,

2.

,

3.

,

4.

,

5.

,

6.

,

2.3. Weak Extension of a ProblemDefinition.

is the weak extension of the problem if it is derived from the extension of , from , by leaving out the " " type specification

conditions.

2.4. Derivation Rule of Superposition Theorem 27. Let be a problem over the subspace of state space and over the parameter space . If is a solution of then any superposition of the program and the statement is a solution of the weak extension of .

2.5. Sequence of ProgramsDefinition.

• Let , be two subspaces of state space .

• Let be a program over ,

be a program over .

• Let denote the extension of to .

• Let be a logical variable, where the state space component of neither belongs

Created by XMLmind XSL-FO Converter.

Lecture 11

to nor to .

2.6. Sequence of Programs (cont.)Definition (cont.)

• Let denote the program defined on state space

, where

• ,

• , if ).

• Let denote the program defined on state

space ,

where

• , if ).

• , if .

2.7. Sequence of Programs (cont.)Definition (cont.)

The program is called the sequence of and is denoted as .

2.8. Behaviour Relation of Sequence Theorem 28. In the following we suppose that the predicates , , etc. are independent of the variable . and are the extensions of the logical functions of and respectively. Let . Then:

1.

if , then ,

2.

if , then ,

3.

if , then ,

4.

if , then ,

5.

Created by XMLmind XSL-FO Converter.

Lecture 11

if , then ,

6.

if , then ,

7.

,

8.

if then ,

2.9. Behaviour Relation of Sequence (cont.) Theorem 29. In the following we suppose that the predicates , , etc. are independent of the variable . and are the extensions of the logical functions of and respectively. Let . Then:

1.

iff , iff ,

2.

and iff ,

3.

if then ,

4.

if and then .

2.10. Derivation Rule of Program Sequencing Theorem 30.

• Let and subspaces of state space .

• Let and deterministic problems over and resp. and over parameter space .

• Let ; be the sequence of (defined over ) and (defined over ).

• For any we mark the components of with , the components of with .

2.11. Derivation Rule of Program Sequencing (cont.)

Created by XMLmind XSL-FO Converter.

Lecture 11

Theorem 31.

• If satisfies and conditions under

precondition ,

• satisfies and conditions under

precondition , and

• , then

.

satisfies and conditions under precondition.

Created by XMLmind XSL-FO Converter.

Chapter 12. Lecture 121. Reminder1.1. Program Constructions• Union

• Superposition

• Sequence

2. Computation of the Value of an Associative Function2.1. Notations• Let be a set.

• Let denote an arbitrary associative binary operator over .

• is a function describing the single or multiple application of the operator .

2.2. Notations• Since is associative, for any arbitrary sequence of length at least three:

• We write instead of the infix notation in the following.

• We extend for sequences of length one: .

2.3. Notations – The Problem• Let a finite sequence of the elements of be given.

• .

• Let us compute the value of the function for all , where

and .

2.4. The Formal Specification of the Problem• We represent the sequences and the values of function by arrays.

• We specify that the program inevitably reaches a fixed point and the array contains the values of in any fixed point.

Created by XMLmind XSL-FO Converter.

Lecture 12

• .

2.5. The Formal Specification of the Problem

2.6. Properties of Associative Operators• The computation of the values of at place is made easier with the knowledge of the value of

for subsequences indexed by the elements of an arbitrary interval.

• The result computed for a subsequence is useful in the computation of the value of for any sequence which includes the subsequence.

2.7. Auxiliary Function• Let us introduce the auxiliary function .

• Let denote the value of for the sequence of which the first element is and its length is or the last element is , if .

Definition.

The precise definition of the partial function is:

2.8. Auxiliary Function

Lemma 2. If , then

.

2.9. Substitution of a Function by a Variable• The two-dimensional array is introduced to store the known values of .

• This method is called the substitution of a function by a variable.

• The lines on the next Figure illustrate the connections among the elements of the matrix .

Created by XMLmind XSL-FO Converter.

Lecture 12

• In fixed points and ,

i.e. is the value of for an at most length prefix.

2.10. Substitution of a Function by a Variable

2.11. Variant Function• Let us choose the variant function in the following way:

.

• The variant function depends on the number of elements of the matrix which elements are different from the value of function at the corresponding place and on the number of places where the value of the array is different from the value of function .

2.12. Refining the Specification of the Problem• We extend the state space and refine the specification of the problem.

2.13. Refining the Specification of the Problem

Created by XMLmind XSL-FO Converter.

Lecture 12

2.14. Refining the Specification of the Problem

• The connection between the variables and the function is given by the invariants (6)-(8).

2.15. Refining the Specification of the Problem Lemma 3. The given specification ((4)-(9)) is a refinement of the original specification ((1)-(3)).

Proof. and in fixed point according to (6).

Using (7) it follows that the equation holds in fixed point.

Since , after the application of the definition of we get , which is the same as property (3).

Created by XMLmind XSL-FO Converter.

Chapter 13. Lecture 131. Reminder1.1. Computation of the Value of an Associative Function

1.2. The Formal Specification of the Problem

1.3. Refined Specification of the Problem

1.4. Refined Specification of the Problem

Created by XMLmind XSL-FO Converter.

Lecture 13

2. Solution of the Problem2.1. Solution of the Problem

2.2. Solution of the Problem Theorem 32. The abstract program below is a solution for the problem specified by (4)-(9), i.e., a solution for the problem of the computation of the values of an associative function.

2.3. The Program Solves the ProblemProof. (6): using the definition of :

We use invariant properties and apply mathematical induction on to prove that the program satisfies in fixed points.

2.4. The Program Solves the Problem

Created by XMLmind XSL-FO Converter.

Lecture 13

Base Case. . From (7) and follows .

Inductive hypothesis. .

2.5. The Program Solves the ProblemProof.

• Since , contradicts the hypothesis.

• This means (12) can be simplified to .

• If , then , else (11) does not hold.

• Using the inductive hypothesis and we get

, i.e., .

2.6. The Program Solves the ProblemProof.

• The last statement contradicts the initial condition:

.

• This means .

• , else (12) does not hold.

• .

• Using the invariant (7) we get .

• Based on (10) .

2.7. The Program Solves the ProblemProof. (5):

• Every statement of the program decreases the variant function by 1 or does not cause state transition.

• If the program is not in one of its fixed points, then there exists an and a corresponding conditional assignment, which assignment increases the value of , or there exists an for which and the value of is different from the value of

2.8. The Program Solves the ProblemProof. (8):

• Since implies and , the equality holds initially.

Created by XMLmind XSL-FO Converter.

Lecture 13

• All the assignments change the value of and simultaneously.

2.9. The Program Solves the ProblemProof. (7):

• Since , .

• Since is initially , .

• After calculating the weakest preconditions of the assignments it is sufficient to show that ...

2.10. The Program Solves the ProblemProof.

• After calculating the weakest preconditions of the assignments it is sufficient to show that

• and

implies the equality for , i.e., and

,

• and

implies the equality for , i.e.,

and .

2.11. The Program Solves the ProblemProof.

.

• n the first case implies and

implies .

• In the second case implies and

implies .

• We use the Lemma: If , then

.

• In both of the cases the application of the Lemma leads to the statement.

Created by XMLmind XSL-FO Converter.

Chapter 14. Lecture 141. Reminder1.1. Computation of the Value of an Associative Function

2. Channels2.1. Channels

• – queue, buffer for one directional communication

• Error-free, unbounded or bounded

• – the history of the channel

• Operations:

• (P1)

• (P2)

2.2. Semantics of Operations

Created by XMLmind XSL-FO Converter.

Lecture 14

.

• .

• Locality: any property P of P1 is stable in the other process(es), if contains local variables and outgoing channels variables of P1 only.

• For any property , if and , then is stable in the system.

3. Natural Number Generator3.1. Example – Natural Number Generator (NNG)

3.2. NNG –Refinement of the Problem

Created by XMLmind XSL-FO Converter.

Lecture 14

3.3. NNG –Solution

3.4. The Program Solves the ProblemProof. (5):

• We show

3.5. The Program Solves the ProblemProof. (6):

3.6. The Program Solves the ProblemProof. (7):

and

4. Pipeline4.1. Pipeline

• .

• .

Created by XMLmind XSL-FO Converter.

Lecture 14

4.2. Specification of Pipeline

4.3. Refinement of the Problem

4.4. Refinement of the ProblemProof.

• By fixed point refinement it is sufficient: .

• Proof by using the lemma: .

• The lemma is proved by induction.

4.5. Solution

Created by XMLmind XSL-FO Converter.

Chapter 15. Practice 11. Definitions1.1. Relations• An arbitrary subset of a direct product of sets is called a relation.

• Let where and are arbitrary sets. The domain of the relation is defined by

1.2. State Space• Let is a finite or numerable set.

• The set is called state space, the sets are called type value sets.

• The projections are called variables.

• is the set of the finite sequences of the points of the state space and the set of the infinite sequences.

• Let .

• A statement is a subset of the direct product .

1.3. Statements and Effect Relation• A statement is a subset of the direct product .

• The effect relation of a statement is denoted by .

• The effect relation expresses the functionality of the statement.

• .

1.4. Partial Function and Logical Relation

• A relation is called a partial function, if for all the set has at most one element. If then is a function.

• If is a relation, where is an arbitrary set and is the set of the logical values, then is called a logical relation.

1.5. Truth Set• The truth set of the logical function is defined as

• The logical functions are defined by their truth sets.  .

Created by XMLmind XSL-FO Converter.

Practice 1

1.6. General Assignment• A statement over the state space is called empty and termed , if

.

• Let , , where .

• The statement is a general assignment defined by , if

.

1.7. Conditional Assignment

• Let be an assignment, for which .

• This kind of (simultaneous, nondeterministic) assignment is called a conditional assignment, if

.

• We denote the conditional assignment the following way: , if

.

• Simultaneous, nondeterministic, conditional assignment: , if , if .

• Abbreviation:

1.8. Abstract Parallel Program

• The conditional assignment is called the initialization in and

• is said to be an element of the program .

1.9. Weakest precondition

• The logical function is called the weakest precondition of the postcondition in respect to the statement .

• .

• .

1.10. Strongest Postcondition

• The logical function is called the strongest postcondition of in respect to .

Created by XMLmind XSL-FO Converter.

Practice 1

• .

1.11. WP of the Abstract Parallel Program

• .

• .

• ,

• where .

1.12. Properties of WP

• , if

1.13. Properties of WP

• ,

• ,

• If , then ,

• ,

• .

1.14. Calculating the WP

• , is a function and is a logical relation then

2. Calculating the WP

Created by XMLmind XSL-FO Converter.

Practice 1

2.1. Exercise 1.

2.2. Exercise 1.(cont.)

2.3. Exercise 2.

2.4. Exercise 3.

2.5. Exercises

• ,

• ,

• ,

• ,

• ,

• ,

Created by XMLmind XSL-FO Converter.

Chapter 16. Practice 21. Reminder1.1. Effect Relation• A statement is a subset of the direct product .

• The effect relation of a statement is denoted by .

• The effect relation expresses the functionality of the statement.

• .

1.2. Weakest precondition

• The logical function is called the weakest precondition of the postcondition in respect to the statement .

• .

• .

1.3. WP of the Abstract Parallel Program

• .

• .

• ,

• where .

1.4. Properties of WP

• , if

1.5. Properties of WP

Created by XMLmind XSL-FO Converter.

Practice 2

• ,

• ,

• If , then ,

• ,

• .

1.6. Calculating the WP

• , is a function and is a logical relation then

2. Calculating WP(S, R)2.1. Exercise 1.

2.2. Exercise 1.

2.3. Exercises

• ,

Created by XMLmind XSL-FO Converter.

Practice 2

• ,

• , ;

3. Unless Program Property3.1. Definition

• is stable while .

• .

3.2. Properties•

3.3. Proof 1. Theorem 33.

Proof.

3.4. Proof 2. Theorem 34.

Proof.

3.5. Stable Properties

• does not always hold:

Created by XMLmind XSL-FO Converter.

Practice 2

• If , then P is stable

Counterexample.

4. Calculating Unless4.1. Exercise 1.

• ;

• ?

4.2. Exercise 1. (solution)

• :

• :

4.3. Exercise 1. (solution)

Created by XMLmind XSL-FO Converter.

Practice 2

4.4. Simplified Solution•

4.5. Simplified Solution•

• SKIP execution paths can be omitted

4.6. Simplified Solution

• Condition reordering

4.7. Exercise 1. (simplified solution)

• ;

Created by XMLmind XSL-FO Converter.

Practice 2

• ?

4.8. Exercise 1. (simplified solution)

• Omitting SKIP branches and reordering conditions

• :

• :

4.9. Exercise 2.

• ;

• ?

Created by XMLmind XSL-FO Converter.

Chapter 17. Practice 31. Reminder1.1. Program Properties

• .

• Weakest Postcondition

• .

• ,

• where .

• Unless

• is stable while .

• .

2. Properties of Unless2.1. Unless and Stable Property

Theorem 35. If and , then .

Proof. What’s needed?

(wp property)

(lemma)

2.2. Unless and Stable Property

Lemma 4.

Created by XMLmind XSL-FO Converter.

Practice 3

Proof.

2.3. Unless Is Disjunctive and Conjunctive Theorem 36.

2.4. Unless Is NOT Transitive.

does not always hold!

Counterexample.

2.5. Consequence Weakening Theorem 37.

2.6. Condition Narrowing.

does not always hold!

Counterexample.

Created by XMLmind XSL-FO Converter.

Practice 3

2.7. Cancellation Theorem 38.

3. Exercises3.1. Exercise 1.

.

3.2. Exercise 2..

Created by XMLmind XSL-FO Converter.

Chapter 18. Practice 41. Reminder1.1. Program Properties

• .

• Weakest Postcondition

• .

• ,

• where .

• Unless

• is stable while .

• .

2. Ensures2.1. Ensures Property, Definition

• is stable while in and there is a conditional assignment which ensures the transition from to .

• .

Ensures.

2.2. Properties•

2.3. Proof 1. Theorem 39.

Created by XMLmind XSL-FO Converter.

Practice 4

Proof. and

is true (see Lecture 2) and

2.4. Properties• does not always hold

Counterexample.

and

2.5. Properties• does not always hold

Counterexample.

2.6. Properties

• does not always hold

Counterexample.

3. Calculating Ensures3.1. Exercise 1.

• ;

Created by XMLmind XSL-FO Converter.

Practice 4

• ?

3.2. Exercise 1. (solution)• (see Lecture 2)

• :

4. Properties4.1. Ensures and Stable Property

Theorem 40. If and , then .

Proof. What’s needed?

is true (Unless and Stable property)

, therefore

Needed:

4.2. Ensures and Stable PropertyProof.

and , then

(wp property)

Created by XMLmind XSL-FO Converter.

Practice 4

, therefore

4.3. Ensures Is NOT Transitive.

does not always hold!

Counterexample.

4.4. Ensures Is NOT Disjunctive.

does not always hold!

Counterexample.

4.5. Consequence Weakening Theorem 41.

4.6. Corollario Theorem 42.

4.7. Impossibility

Created by XMLmind XSL-FO Converter.

Practice 4

Theorem 43.

Created by XMLmind XSL-FO Converter.

Chapter 19. Practice 51. Reminder1.1. Program Properties

• .

• Weakest Postcondition

• ,

• where .

• Unless

• .

• Ensures

• .

2. Ensures2.1. Exercise

• ?

3. Leads-to3.1. Leads-to Property, Definition

• is the transitive disjunctive closure of relation .

is the smallest binary relation satisfying the conditions:

• .

Created by XMLmind XSL-FO Converter.

Practice 5

• if and , then .

• Let denote a countable set. If , then .

3.2. Exercise

4. Properties4.1. Basic Properties•

• does not always hold

• does not always hold

• does not always hold

4.2. Implication Property Theorem 44.

4.3. Consequence Weakening Theorem 45.

4.4. Condition Narrowing.

5. Proof Strategy5.1. Structural Induction

Created by XMLmind XSL-FO Converter.

Practice 5

• Induction on the structure of the proof

• Applied when appears in the premise of the theorem

• Strategy:

• Base case: prove the theorem for

• Inductive step 1 (transitivity): prove the theorem for , where and for a given

• Inductive step 2 (disjunction): prove the theorem for , where and and

5.2. Impossibility Theorem 46.

Proof. Structural induction:

1. Base case:

(Impossibility of )

5.3. ImpossibilityProof. Structural induction:

2. Induction on transitivity:

, where and

Inductive hypothesis: the theorem holds for and

(Inductive hyp.)

(Inductive hyp.)

5.4. ImpossibilityProof. Structural induction:

3. Induction on disjunction:

, where and

Created by XMLmind XSL-FO Converter.

Practice 5

Inductive hypothesis: the theorem holds for and

(Inductive hyp.)

(Inductive hyp.)

Created by XMLmind XSL-FO Converter.

Chapter 20. Practice 61. Reminder1.1. Program Properties

• .

• Weakest Postcondition

• ,

• where .

• Unless

• .

• Ensures

• .

1.2. Program Properties

• is the transitive disjunctive closure of relation .

is the smallest binary relation satisfying the conditions:

• .

• if and , then .

• Let denote a countable set. If , then .

1.3. Structural Induction• Induction on the structure of the proof

• Applied when appears in the premise of the theorem

• Strategy:

• Base case: prove the theorem for

• Inductive step 1 (transitivity): prove the theorem for , where and

Created by XMLmind XSL-FO Converter.

Practice 6

for a given

• Inductive step 2 (disjunction): prove the theorem for , where and

and

2. Leads-to Properties2.1. Leads-to and Stable Property

Theorem 47. If and , then .

Proof. Structural induction

1. Base case

2. Induction on transitivity

3. Induction on disjunction

2.2. PSP Theorem Theorem 48. Progress-Safety-Progress Theorem:

Proof. Structural induction

1. Base case

2. Induction on transitivity

3. Induction on disjunction

3. Exercises3.1. Exercise 1.

.

3.2. Exercise 2..

3.3. Exercise 3.

Created by XMLmind XSL-FO Converter.

Practice 6

.

3.4. Exercise 3..

Counterexample.

How can we prove that ?

4. Inevitability4.1. Inevitability

Inevitability.

, if and only if when on all execution paths leading from and satisfying the axiom of the unconditionally fair scheduling there is a node at a finite unbounded distance from of which label is an element of the truth set of , i.e., the program inevitable reaches the truth set of started from .

Theorem 49 ( sound and complete). =

4.2. Inevitability• =

• Confuting is the same as confuting

• Give an unconditionally fair scheduling starting from that does not reach the truth set of

5. Exercises5.1. Exercise 3. (cont.)

.

Counterexample.

Created by XMLmind XSL-FO Converter.

Practice 6

5.2. Exercise 4..

5.3. Exercise 4..

Counterexample.

5.4. Exercise 5..

5.5. Exercise 6..

5.6. Exercise 6..

Created by XMLmind XSL-FO Converter.

Practice 6

Counterexample.

Created by XMLmind XSL-FO Converter.

Chapter 21. Practice 71. Reminder1.1. Program Properties

• .

• ,

• where .

• is the smallest binary relation satisfying the conditions:

• .

• if and , then .

• Let denote a countable set. If , then

.

1.2. Program Properties• Inevitability:

• , if and only if when on all execution paths leading from and satisfying the axiom of the unconditionally fair scheduling there is a node at a finite unbounded distance from of which label is an element of the truth set of , i.e., the program inevitable reaches the truth set of

started from .

2. Fixed Point Properties2.1. Fixed Point Properties• A fixed point is said to be reached in a state of the state space , if none of the statements changes the

state.

• and is a simultaneous, non deterministic conditional

assignment, i.e. : , if

• denotes the logical function, which characterizes the set of states over which the relation

is deterministic, i.e., .

Created by XMLmind XSL-FO Converter.

Practice 7

2.2. DefinitionsSet of fixed point.

Set of fixed point with deterministic assignments.

Fixed point properties.

Let us denote by the set .

2.3. Exercise 1..

2.4. Exercise 1..

.

3. Invariant3.1. Invariant Properties, Definition

• is the set of logical functions of which truth are preserved by the elements of if the program is started from a state satisfying .

• .

• .

• and .

Created by XMLmind XSL-FO Converter.

Practice 7

• and .

3.2. Exercise 2..

.

1)

2)

4. Exercises4.1. Calculate the Properties of the Program 1.

.

4.2. Calculate the Properties of the Program 1.1.

2.

3.

Created by XMLmind XSL-FO Converter.

Practice 7

4.

4.3. Calculate the Properties of the Program 2..

4.4. Calculate the Properties of the Program 2.1.

2.

3.

Created by XMLmind XSL-FO Converter.

Chapter 22. Practice 81. Reminder1.1. Program Properties

• .

2. Problem2.1. Problem• The problem is defined as a set of specification relations.

• Every specification relation is defined over the powerset of the state space.

• Let be logical functions.

• We define

• and

2.2. Specification Relations• - ( stable unless ),

• - ( ensures -t),

• - ( is inevitable from ),

• , - (fixed point is inevitable from ),

• - ( holds in any fixed point),

• - ( is invariant),

• ( initially).

Created by XMLmind XSL-FO Converter.

Practice 8

2.3. Problem Definition• Let be a state space and let be a finite or numerable set.

• The relation , where

is called a problem defined over the state space .

• is called the parameter space of the problem.

Two relations expressing boundary properties and five relations expressing transition properties are associated to every point of set .

2.4. Notation• Let denote an arbitrary element of the domain of the problem.

• Let denote an element of .

• The components of are denoted by and by respectively.

• If then we use instead of in the indices for the sake of simplicity.

2.5. Example: Greatest Common Divisor – GCD.

1.

2.

3.

3. Solution3.1. Solution

Created by XMLmind XSL-FO Converter.

Practice 8

Definition.

The abstract parallel program is a solution of the problem

,

• if , such that

• the program satisfies all the specification properties given in the , , , , , components

of

• assuming that the program starts from a state satisfying all the elements of .

3.2. Solved by a ProgramDefinition.

The problem is said to be solved by the program with respect to an invariant

property , if such that and satisfies all the specification properties given in with respect to and the initial conditions .

3.3. Solution.

The program satisfies the specification property , if and only if there exists an invariant property such that the program satisfies with respect to , i.e.,

and

Created by XMLmind XSL-FO Converter.

Practice 8

3.4. Refinement of fixed point requirement Theorem 50. If satisfies and , and

, then

satisfies .

4. Exercise4.1. Greatest Common Divisor – GCD

.

1.

2.

3.

4.2. Refinement of fixed point requirement.

1.

Created by XMLmind XSL-FO Converter.

Practice 8

2.

3.

4.

4.3. Solution.

4.4. Refinement of fixed point requirement

• If satisfies and , and

• , then

• satisfies .

4.5. S Solves the ProblemWe have to check:

1.

2.

3.

4.

4.6. Step 1..

Created by XMLmind XSL-FO Converter.

Practice 8

Check:

and

4.7. Step 2..

Check: and

4.8. Step 3..

4.9. Step 4..

Use the Theorem of Variant Function

Theorem 51. logical functions, is a variant function, for which

.

If satisfies , then

satisfies too.

4.10. Step 4..

Check:

and

Then:

Use the variant function:

4.11. Sorting.

Created by XMLmind XSL-FO Converter.

Practice 8

1.

2.

3.

4.12. Refinement of fixed point requirement.

1.

2.

3.

4.

Created by XMLmind XSL-FO Converter.

Practice 8

4.13. Solution.

Created by XMLmind XSL-FO Converter.

Chapter 23. Practice 91. Reminder1.1. Test Scope• Program Properties

• Checking Program Properties

• Problem

• Solution

2. Test Examples2.1. Does it hold?

A.

B.

2.2. Check the Properties!A.

, where

1.

2.

2.3. Check the Properties!B.

, where

Created by XMLmind XSL-FO Converter.

Practice 9

1.

,

2.

2.4. Does S Satisfy the Properties?A.

(1)

(2)

(3)

(4) If the program terminate, give a variant function which

can be used to proof that S satisfies the

property.

2.5. Does S Satisfy the Properties?B.

(1)

(2)

(3)

(4) If the program terminate, give a variant function which

can be used to proof that S satisfies the

property.

Created by XMLmind XSL-FO Converter.

Practice 9

Created by XMLmind XSL-FO Converter.

Chapter 24. Practice 101. Reminder1.1. Where we are now?• Problem

• Parallel Program

• Solution

2. Channels2.1. Channels

• – queue, buffer for one directional communication

• Error-free, unbounded or bounded

• – the history of the channel

• Operations:

• (P1)

• (P2)

2.2. Semantics of Operations

.

• .

Created by XMLmind XSL-FO Converter.

Practice 10

3. FORK3.1. FORK

Requirements:

• Data must not be lost.

• New data must not be produced.

• The scheduling must be fair.

• FORK must do something ( is not a good solution).

3.2. The function “split”A helper function:

• Take the smallest from these functions.

3.3. Specification

3.4. Solution

Created by XMLmind XSL-FO Converter.

Practice 10

3.5. The Program Solves the Problem

Proof. (2):

• Lets see: ( is similar)

3.6. The Program Solves the ProblemProof. (2):

• We have to proof that:

• Lets see the following figure:

Created by XMLmind XSL-FO Converter.

Practice 10

3.7. The Program Solves the ProblemProof. (2):

• (2) holds based on the definition of the function .

3.8. The Program Solves the Problem

Proof. (3): ,

• (*) There are two cases:

• a.) and

• b.) and

• In case of a): we are ready

• In case of b): we can assume that (based on )

3.9. The Program Solves the ProblemProof. (3) b):

• We have to proof that:

• Then go back to step (*)

• That results:

Created by XMLmind XSL-FO Converter.

Practice 10

• we can use instead of

• is transitive:

3.10. The Program Solves the Problem

Proof. (3): ,

• we can use the variant function theorem to proof (3)

Created by XMLmind XSL-FO Converter.

Chapter 25. Practice 111. Reminder1.1. Channels

• – queue, buffer for one directional communication

• Error-free, unbounded or bounded

• – the history of the channel

• Operations:

• (P1)

• (P2)

1.2. The function “split”•

• Take the smallest from these functions.

2. Multiplexer2.1. MUX

Created by XMLmind XSL-FO Converter.

Practice 11

Requirements:

• Data must not be lost.

• New data must not be produced.

• The scheduling must be fair.

• MUX must do something ( is not a good solution).

2.2. Specification

2.3. Solution

2.4. The Program Solves the Problem

Proof. (2):

Created by XMLmind XSL-FO Converter.

Practice 11

• Lets see: ( is similar)

2.5. The Program Solves the ProblemProof. (2):

• We can use the lemma from the previous lecture:

• (2) holds based on the definition of the function .

2.6. The Program Solves the Problem

Proof. (3): , and ,

• (*) There are two cases:

• a.) and

• b.) and

• In case of a): we are ready

• In case of b): we can assume that

2.7. The Program Solves the ProblemProof. (3) b):

• We have to proof that:

• Then go back to step (*)

• That results:

Created by XMLmind XSL-FO Converter.

Practice 11

• we can use instead of

• is transitive:

2.8. The Program Solves the Problem

Proof. (3) , is similar

3. Exercise3.1. Specification

3.2. Solution

Does this program solve the specified problem?

3.3. Check the properties of the program!

    

Created by XMLmind XSL-FO Converter.

Practice 11

3.4. Check the properties of the program!1.

2.

3.

Created by XMLmind XSL-FO Converter.

Chapter 26. Practice 121. Reminder1.1. Channels

• – queue, buffer for one directional communication

• Error-free, unbounded or bounded

• – the history of the channel

• Special problems: FORK, MUX

2. Pipeline2.1. Pipeline

• .

• .

2.2. Specification of Pipeline

Created by XMLmind XSL-FO Converter.

Practice 12

2.3. Refinement of the Problem

2.4. Solution

3. Exercise3.1. Reduction to Pipeline Theorem• Given the Pipeline Theorem and a similar problem to solve

• The specification of the problem corresponds to the specification of pipeline

• Use the solution of pipeline (S) and transform it according to the correspondence (S’)

• If S solves pipeline, than S’ solves the similar problem

3.2. Example: Approximation of Square Root• Given numbers:

• Calculate the square root of the numbers:

• Use the following iteration:

3.3. Specification of the Problem

Created by XMLmind XSL-FO Converter.

Practice 12

3.4. Refinement of the Problem

• ,

3.5. Refinement of the Problem

3.6. Solution

3.7. Exercise 1.• Given thousands of e-mails: , and

• ten different spam filters: .

• Calculate the average of the spam filters for every e-mails:

!

3.8. Exercise 2.

Created by XMLmind XSL-FO Converter.

Practice 12

• Given values:

• Calculate the “cosine” of every value:

• Use the following rule:

Created by XMLmind XSL-FO Converter.

Chapter 27. Practice 131. Reminder1.1. Reminder• Program Properties:

• Program Construction

2. Union2.1. Union

Definition.

• Let and be two subspaces of the state space .

• Let denote the largest common subspace of and .

• Let and be the extensions to of two programs on and respectively.

• If all variables belonging to get the same value in the assignments

and (i.e. ), then the program

that is defined on , is called the union of and .

2.2. Behaviour Relation of Union

Theorem 52. Let . Then:

1.

2.

3.

4.

for which :

5.

Created by XMLmind XSL-FO Converter.

Practice 13

6.

7.

.

2.3. Properties Based on the Definition.

.

.

.

2.4. Counterexample of .

2.5. Counterexample of .

;

Created by XMLmind XSL-FO Converter.

Practice 13

3. Exercises3.1. Check the property! (1)

.

3.2. Check the property!(1).

Proof. holds for every program, so it holds for :

3.3. Check the property! (2).

3.4. Check the property! (2)Proof.

3.5. Check the property! (3)

Created by XMLmind XSL-FO Converter.

Practice 13

.

3.6. Check the property! (3)Proof.

3.7. Check the property! (4).

3.8. Check the property! (4)Counterexample.

3.9. Check the property! (5).

3.10. Check the property! (5)

Counterexample.

Created by XMLmind XSL-FO Converter.

Practice 13

3.11. Check the property! (6).

3.12. Check the property! (7).

Created by XMLmind XSL-FO Converter.

Chapter 28. Practice 141. Reminder1.1. Test Scope• Program Properties

• Program Constructions, Union

• Channels

• Checking Program Properties

• Solution

• Reduction to Pipeline Theorem

2. Test Examples2.1. Does it hold?

A.

B.

2.2. Check the Properties!A.

is a function defined by the following rules::

• , where

• has the smallest truth set from these functions

Created by XMLmind XSL-FO Converter.

Practice 14

2.3. Check the Properties!A.

• , if

2.4. Check the Properties!B.

is a function defined by the following rules::

• , where

• has the smallest truth set from these functions

2.5. Check the Properties!B.

• , if

2.6. ReductionA.

• Given values:

• Calculate the value of the function for every value:

Created by XMLmind XSL-FO Converter.

Practice 14

• Where is:

• The power of and the factorial must not be recalculated in every step!

2.7. ReductionB.

• Given values:

• Calculate the value of the function for every value:

• Where is:

• The power of and the factorial must not be recalculated in every step!

Created by XMLmind XSL-FO Converter.