CS 536 Homework 9: Program Verification

Due: December 6 in class (handwritten is fine)

Slides corresponding to class material have been posted to myWPI. They are not linked to the course page to prevent Google from picking them up. The posted notes use a different temporal logic (CTL) than we covered in class. You may use either for this assignment, just tell me which one you used.

  1. For each of the following statements, either write an equivalent statement in LTL or argue why there is no such formula. These examples are phrased in terms of web pages. Assume that states correspond to following/clicking links and that there is a proposition for each page name (like "login", "billing", etc).

    1. There is no way to get to the checkout page without first visiting the billing page.
    2. No sequence of clicks leads to the error page.
    3. There is always some chain of links back to the login page.
    4. Every even-numbered page (assuming pages were numbered in order) is an advertisement (odd-numbered pages can be anything).
    5. Whenever you are on the registration page, you cannot get there again without visiting both the choose-hotel and choose-flight pages.

  2. Imagine that the proposition halt labels the final state of a program (or labels the last statement in a program's main block). The temporal logic formula Fhalt holds of a program that always reaches this last state. We know from class that this formula can be checked automatically. Does this or does this not contradict the halting problem? Justify your answer.

  3. (part 1) Program verification generally requires a set of properties to check about a program. Produce a set of properties for a stop-and-copy garbage collector. Your properties will likely talk about the heap, reachable variables, and data maintained during garbage collection. Write your properties in precise English. To get started, think in terms of invariants that should hold at various stages of the collection process.

    (part 2) Pick two of the verification approaches covered in lecture (model checking, Bandera, SLAM, ESC) and discuss for each one whether you'd expect it to be useful for verifying your properties of a garbage collector. Describe what would you'd expect to work well or poorly for each choice. If the approach is tied to a particular language, assume your collector were written in that language. A few sentences for each will suffice.

Back to the Assignments page