


Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Material Type: Assignment; Class: Program Verification; Subject: Computer Science; University: University of Illinois - Urbana-Champaign; Term: Unknown 1989;
Typology: Assignments
1 / 4
This page cannot be seen from the preview
Don't miss anything!



Note: Answers to the exercises listed below should be handed to the instructor in formatted form. Furthemore, the code for the examples should also be emailed to the instructor.
In the homework this command has already been spelled out for you in ”sumn.itp” whereas in ”div2.itp” the invariant is missing. Before loading ”div2.itp” you need to enter your own invariant in the marked place. Then you can interact with the ITP tool to discharge the created first-order goals. Note that you can write your solution (i.e. the commands you used to discharge a goal) directly below the javax-inv command and then in one shot load the module which will create the goal and discharge it. Here is the sumn.maude module, that you can download es explained above:
fmod SUMN-JAVAX is including JAVAX. op sum : Int -> Int. var N : Int. ceq sum(N) = 0 if N <= 0. ceq sum(N) = N + sum(N - 1) if 0 < N.
op sumn : -> BlockStatements.
op sumn-init : -> BlockStatements. eq sumn = ’C = #i(1) ; ’X = #i(0) ; while (’C <= ’N) { ’X = ’X + ’C ; ’C = ’C + #i(1) ; }. eq sumn-init = (int ’C ; int ’X ; int ’N ;). endfm
and here is the sumn.itp goal you have to prove (downloadable the same way):
select ITP-TOOL. loop init-itp.
(javax-inv SUMN-JAVAX : --- specification variables (N:Int) --- precondition ( ((int-val(S:WrappedState[’N])) = (N:Int) & (0 <= N:Int) = (true)) ) --- program sumn-init sumn --- postcondition ( (int-val(S:WrappedState[’X])) = (sum(N:Int)) ) --- invariant ( (int-val(S:WrappedState[’X])) = (sum(int-val(S:WrappedState[’C]) + -(1))) & (1 <= int-val(S:WrappedState[’C])) = (true) & ((int-val(S:WrappedState[’C]) + -(1)) <= int-val(S:WrappedState[’N])) = (true) & (int-val(S:WrappedState[’N])) = (N:Int)) .)
fmod DIV2-JAVAX is including JAVAX. op div2 : -> BlockStatements. op div2-init : -> BlockStatements. eq div2 = ’Y = #i(0) ; while (#i(1) < ’X)
fmod NAT-MSET is sorts Nat NatMSet. subsorts Nat < NatMSet. op 0 : -> Nat [ctor]. op s : Nat -> Nat [ctor]. op nil : -> NatMSet [ctor]. op __ : NatMSet NatMSet -> NatMSet [ctor assoc comm id: nil]. endfm