SlideShare a Scribd company logo

Correct sorting with Frama-C

Ulisses Costa
Ulisses Costa

A view over bubble sort algorithm and his correctness proof in Frama-C.

TechnologyEducation
1 of 34
Download to read offline
Correct sorting with Frama-C Pedro Pereira Ulisses Costa Formal Methods in Software Engineering July 2, 2009 Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Algorithm implementation Implementation void bubbleSort ( int * vector , int tam ) { int j , i ; j = i = 0; for ( i =0; i < tam ; i ++) { for ( j =0; j < tam -i -1; j ++) { if ( vector [ j ] > vector [ j +1]) { swap (& vector [ j ] ,& vector [ j +1]) ; } } } } Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Contract pre-conditions tam > 0 valid range(vector , 0, tam − 1) post-conditions sorted(vector , 0, tam − 1) ∀a : 0 ≤ a < tam : (∃b : 0 ≤ b < tam : old(vector (b)) ≡ vector (a)) Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Annotations requires tam > 0; requires valid_range ( vector ,0 , tam -1) ; ensures ( forall integer a ; 0 <= a < tam == > ( exists integer b ; 0 <= b < tam == > at ( vector [ b ] , Old ) == at ( vector [ a ] , Here ) ) ) ; ensures Sorted { Here }( vector , 0 , tam -1) ; Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop (cont.) Loop invariants 0 ≤ j < tam − i 0 < j < tam − i ⇒ (∀a : 0 ≤ a ≤ j : vector (a) ≤ vector (j + 1)) Loop variants tam − i − j − 1 Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop invariants & variant loop invariant 0 <= j < tam - i ; loop invariant 0 < j < tam - i == > forall int a ; 0 <= a <= j == > vector [ a ] <= vector [ j +1]; loop variant tam -i -j -1; Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop (cont.) Loop invariants 0 ≤ i < tam sorted(vector , tam − i − 1, tam − 1) 0 < i < tam ⇒ (∀{a,b} : 0 ≤ b ≤ tam − i − 1 ≤ a < tam : vector (a) ≥ vector (b)) Loop variants tam − i Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop invariants & variant loop invariant 0 <= i < tam ; loop invariant Sorted { Here }( vector , tam -i -1 , tam -1) ; loop invariant 0 < i < tam == > forall int a , b ; 0 <= b <= tam -i -1 <= a < tam == > vector [ a ] >= vector [ b ]; loop variant tam - i ; Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Conclusions Fast and powerful Possible to prove bubble-sort’s correctness with just 16 annotations Constantly updated Although extensive, the documentation lacks detail x Complex programs may require advanced knowledge in Logic x Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Questions ? Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Resources - rest of the code /* @ predicate Sorted { L }( int a [] , integer l , integer h ) = @ forall integer i ; l <= i < h @ == > at ( a [ i ] , L ) <= at ( a [ i +1] , L ) ; @ */ /* @ requires valid ( i ) && valid ( j ) ; @ // BUG 0000080: Assertion failed in jc_int erp_misc . ml @ // assigns *i , * j ; @ ensures at (* i , Old ) @ == at (* j , Here ) && at (* j , Old ) @ == at (* i , Here ) ; @ */ void swap ( int *i , int * j ) { int tmp = * i ; *i = *j; * j = tmp ; } Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Resources - images Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Resources - images (cont.) Pedro Pereira, Ulisses Costa Correct sorting with Frama-C

Recommended

Regular expressions
Regular expressionsRegular expressions
Regular expressions
Shiraz316
 
Full Text Search In PostgreSQL
Full Text Search In PostgreSQLFull Text Search In PostgreSQL
Full Text Search In PostgreSQL
Karwin Software Solutions LLC
 
Regular Languages
Regular LanguagesRegular Languages
Regular Languages
parmeet834
 
Python Pandas for Data Science cheatsheet
Python Pandas for Data Science cheatsheet Python Pandas for Data Science cheatsheet
Python Pandas for Data Science cheatsheet
Dr. Volkan OBAN
 
Normalization
NormalizationNormalization
Normalization
Jigisha Pandya
 
Regex Presentation
Regex PresentationRegex Presentation
Regex Presentation
arnolambert
 
Normalization
NormalizationNormalization
Normalization
momo2187
 
Lecture 3,4
Lecture 3,4Lecture 3,4
Lecture 3,4
shah zeb
 

Recommended

Regular expressions
Regular expressionsRegular expressions
Regular expressions
Shiraz316
 
Full Text Search In PostgreSQL
Full Text Search In PostgreSQLFull Text Search In PostgreSQL
Full Text Search In PostgreSQL
Karwin Software Solutions LLC
 
Regular Languages
Regular LanguagesRegular Languages
Regular Languages
parmeet834
 
Python Pandas for Data Science cheatsheet
Python Pandas for Data Science cheatsheet Python Pandas for Data Science cheatsheet
Python Pandas for Data Science cheatsheet
Dr. Volkan OBAN
 
Normalization
NormalizationNormalization
Normalization
Jigisha Pandya
 
Regex Presentation
Regex PresentationRegex Presentation
Regex Presentation
arnolambert
 
Normalization
NormalizationNormalization
Normalization
momo2187
 
Lecture 3,4
Lecture 3,4Lecture 3,4
Lecture 3,4
shah zeb
 
Heap_Sort1.pptx
Heap_Sort1.pptxHeap_Sort1.pptx
Heap_Sort1.pptx
sandeep54552
 
Pandas Cheat Sheet
Pandas Cheat SheetPandas Cheat Sheet
Pandas Cheat Sheet
ACASH1011
 
Regular expressions
Regular expressionsRegular expressions
Regular expressions
Eran Zimbler
 
Regular language and Regular expression
Regular language and Regular expressionRegular language and Regular expression
Regular language and Regular expression
Animesh Chaturvedi
 
Regular expression
Regular expressionRegular expression
Regular expression
Larry Nung
 
DBMS 3 | ER Diagram to Relational Schema
DBMS 3 | ER Diagram to Relational SchemaDBMS 3 | ER Diagram to Relational Schema
DBMS 3 | ER Diagram to Relational Schema
Mohammad Imam Hossain
 
Bsc cs ii-dbms-u-iv-normalization
Bsc cs ii-dbms-u-iv-normalizationBsc cs ii-dbms-u-iv-normalization
Bsc cs ii-dbms-u-iv-normalization
Rai University
 
Regular expressions-Theory of computation
Regular expressions-Theory of computationRegular expressions-Theory of computation
Regular expressions-Theory of computation
Bipul Roy Bpl
 
Flat notes iii i (1)(7-9-20)
Flat notes iii i (1)(7-9-20)Flat notes iii i (1)(7-9-20)
Flat notes iii i (1)(7-9-20)
saithirumalg
 
Regular Expressions 101
Regular Expressions 101Regular Expressions 101
Regular Expressions 101
Raj Rajandran
 
Enhanced E-R diagram
Enhanced E-R diagramEnhanced E-R diagram
Enhanced E-R diagram
Mayank Jain
 
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
PROIDEA
 
Lecture: Regular Expressions and Regular Languages
Lecture: Regular Expressions and Regular LanguagesLecture: Regular Expressions and Regular Languages
Lecture: Regular Expressions and Regular Languages
Marina Santini
 
Formal Languages and Automata Theory unit 3
Formal Languages and Automata Theory unit 3Formal Languages and Automata Theory unit 3
Formal Languages and Automata Theory unit 3
Srimatre K
 
simple problem to convert NFA with epsilon to without epsilon
simple problem to convert NFA with epsilon to without epsilonsimple problem to convert NFA with epsilon to without epsilon
simple problem to convert NFA with epsilon to without epsilon
kanikkk
 
Database Programming using SQL
Database Programming using SQLDatabase Programming using SQL
Database Programming using SQL
Ajit Nayak
 
Pipeline oriented programming
Pipeline oriented programmingPipeline oriented programming
Pipeline oriented programming
Scott Wlaschin
 
Normalization by Ashwin and Tanmay
Normalization by Ashwin and TanmayNormalization by Ashwin and Tanmay
Normalization by Ashwin and Tanmay
Ashwin Dinoriya
 
Theory of Computation Regular Expressions, Minimisation & Pumping Lemma
Theory of Computation Regular Expressions, Minimisation & Pumping LemmaTheory of Computation Regular Expressions, Minimisation & Pumping Lemma
Theory of Computation Regular Expressions, Minimisation & Pumping Lemma
Rushabh2428
 
Pseudo code
Pseudo codePseudo code
Pseudo code
Arindam Ghosh
 
Lec38
Lec38Lec38
Lec38
Nikhil Chilwant
 
SRS presentation - Stanley Depth
SRS presentation - Stanley DepthSRS presentation - Stanley Depth
SRS presentation - Stanley Depth
AJ Joshi
 

More Related Content

What's hot

Flat notes iii i (1)(7-9-20)
Flat notes iii i (1)(7-9-20)Flat notes iii i (1)(7-9-20)
Flat notes iii i (1)(7-9-20)
saithirumalg
 
Regular Expressions 101
Regular Expressions 101Regular Expressions 101
Regular Expressions 101
Raj Rajandran
 
Enhanced E-R diagram
Enhanced E-R diagramEnhanced E-R diagram
Enhanced E-R diagram
Mayank Jain
 
Normalization by Ashwin and Tanmay
Normalization by Ashwin and TanmayNormalization by Ashwin and Tanmay
Normalization by Ashwin and Tanmay
Ashwin Dinoriya
 

What's hot (20)

Heap_Sort1.pptx
Heap_Sort1.pptxHeap_Sort1.pptx
Heap_Sort1.pptx
 
Pandas Cheat Sheet
Pandas Cheat SheetPandas Cheat Sheet
Pandas Cheat Sheet
 
Regular expressions
Regular expressionsRegular expressions
Regular expressions
 
Regular language and Regular expression
Regular language and Regular expressionRegular language and Regular expression
Regular language and Regular expression
 
Regular expression
Regular expressionRegular expression
Regular expression
 
DBMS 3 | ER Diagram to Relational Schema
DBMS 3 | ER Diagram to Relational SchemaDBMS 3 | ER Diagram to Relational Schema
DBMS 3 | ER Diagram to Relational Schema
 
Bsc cs ii-dbms-u-iv-normalization
Bsc cs ii-dbms-u-iv-normalizationBsc cs ii-dbms-u-iv-normalization
Bsc cs ii-dbms-u-iv-normalization
 
Regular expressions-Theory of computation
Regular expressions-Theory of computationRegular expressions-Theory of computation
Regular expressions-Theory of computation
 
Flat notes iii i (1)(7-9-20)
Flat notes iii i (1)(7-9-20)Flat notes iii i (1)(7-9-20)
Flat notes iii i (1)(7-9-20)
 
Regular Expressions 101
Regular Expressions 101Regular Expressions 101
Regular Expressions 101
 
Enhanced E-R diagram
Enhanced E-R diagramEnhanced E-R diagram
Enhanced E-R diagram
 
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
 
Lecture: Regular Expressions and Regular Languages
Lecture: Regular Expressions and Regular LanguagesLecture: Regular Expressions and Regular Languages
Lecture: Regular Expressions and Regular Languages
 
Formal Languages and Automata Theory unit 3
Formal Languages and Automata Theory unit 3Formal Languages and Automata Theory unit 3
Formal Languages and Automata Theory unit 3
 
simple problem to convert NFA with epsilon to without epsilon
simple problem to convert NFA with epsilon to without epsilonsimple problem to convert NFA with epsilon to without epsilon
simple problem to convert NFA with epsilon to without epsilon
 
Database Programming using SQL
Database Programming using SQLDatabase Programming using SQL
Database Programming using SQL
 
Pipeline oriented programming
Pipeline oriented programmingPipeline oriented programming
Pipeline oriented programming
 
Normalization by Ashwin and Tanmay
Normalization by Ashwin and TanmayNormalization by Ashwin and Tanmay
Normalization by Ashwin and Tanmay
 
Theory of Computation Regular Expressions, Minimisation & Pumping Lemma
Theory of Computation Regular Expressions, Minimisation & Pumping LemmaTheory of Computation Regular Expressions, Minimisation & Pumping Lemma
Theory of Computation Regular Expressions, Minimisation & Pumping Lemma
 
Pseudo code
Pseudo codePseudo code
Pseudo code
 

Similar to Correct sorting with Frama-C

SRS presentation - Stanley Depth
SRS presentation - Stanley DepthSRS presentation - Stanley Depth
SRS presentation - Stanley Depth
AJ Joshi
 
Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2
Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2
Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2
Kanahaiya Gupta
 
Knapsack problem dynamicprogramming
Knapsack problem dynamicprogrammingKnapsack problem dynamicprogramming
Knapsack problem dynamicprogramming
rowntu
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
ijceronline
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
ijceronline
 
Useful javascript
Useful javascriptUseful javascript
Useful javascript
Lei Kang
 

Similar to Correct sorting with Frama-C (20)

Lec38
Lec38Lec38
Lec38
 
SRS presentation - Stanley Depth
SRS presentation - Stanley DepthSRS presentation - Stanley Depth
SRS presentation - Stanley Depth
 
Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2
Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2
Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2
 
Wu Mamber (String Algorithms 2007)
Wu Mamber (String Algorithms 2007)Wu Mamber (String Algorithms 2007)
Wu Mamber (String Algorithms 2007)
 
Data types
Data typesData types
Data types
 
Data Types
Data TypesData Types
Data Types
 
Estructura Discreta I
Estructura Discreta IEstructura Discreta I
Estructura Discreta I
 
presentation about set theorem
presentation about set theorempresentation about set theorem
presentation about set theorem
 
Multiplication The Complement Method
Multiplication The Complement MethodMultiplication The Complement Method
Multiplication The Complement Method
 
Knapsack problem dynamicprogramming
Knapsack problem dynamicprogrammingKnapsack problem dynamicprogramming
Knapsack problem dynamicprogramming
 
Numeros reales, inecuaciones y desigualdades
Numeros reales, inecuaciones y desigualdadesNumeros reales, inecuaciones y desigualdades
Numeros reales, inecuaciones y desigualdades
 
Dmxchart
DmxchartDmxchart
Dmxchart
 
Part 1 sequence and arithmetic progression
Part 1 sequence and arithmetic progressionPart 1 sequence and arithmetic progression
Part 1 sequence and arithmetic progression
 
Take & Drop (MOTM 2010.04)
Take & Drop (MOTM 2010.04)Take & Drop (MOTM 2010.04)
Take & Drop (MOTM 2010.04)
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
 
Definite Integral 1.pptx
Definite Integral 1.pptxDefinite Integral 1.pptx
Definite Integral 1.pptx
 
Intoduction to numpy
Intoduction to numpyIntoduction to numpy
Intoduction to numpy
 
Useful javascript
Useful javascriptUseful javascript
Useful javascript
 
Application of subQuan to Algebra: 3rd-8th grade and beyond...
Application of subQuan to Algebra: 3rd-8th grade and beyond...Application of subQuan to Algebra: 3rd-8th grade and beyond...
Application of subQuan to Algebra: 3rd-8th grade and beyond...
 

More from Ulisses Costa

Automatic Test Generation for Space
Automatic Test Generation for SpaceAutomatic Test Generation for Space
Automatic Test Generation for Space
Ulisses Costa
 
Static Code Analyzer - Part IV
Static Code Analyzer - Part IVStatic Code Analyzer - Part IV
Static Code Analyzer - Part IV
Ulisses Costa
 
Specifying and Implementing SNOW3G with Cryptol
Specifying and Implementing SNOW3G with CryptolSpecifying and Implementing SNOW3G with Cryptol
Specifying and Implementing SNOW3G with Cryptol
Ulisses Costa
 
Static Code Analyzer - Part III
Static Code Analyzer - Part IIIStatic Code Analyzer - Part III
Static Code Analyzer - Part III
Ulisses Costa
 
Static Code Analyzer - Part II
Static Code Analyzer - Part IIStatic Code Analyzer - Part II
Static Code Analyzer - Part II
Ulisses Costa
 
Static Code Analyzer - Part I
Static Code Analyzer - Part IStatic Code Analyzer - Part I
Static Code Analyzer - Part I
Ulisses Costa
 
GD::Graph - Graph Plotting Module
GD::Graph - Graph Plotting ModuleGD::Graph - Graph Plotting Module
GD::Graph - Graph Plotting Module
Ulisses Costa
 
Captura de Informação em Rede
Captura de Informação em RedeCaptura de Informação em Rede
Captura de Informação em Rede
Ulisses Costa
 
Specification of SNOW 3G in Cryptol
Specification of SNOW 3G in CryptolSpecification of SNOW 3G in Cryptol
Specification of SNOW 3G in Cryptol
Ulisses Costa
 
Snort - capturar e dissecar o tráfego da rede
Snort - capturar e dissecar o tráfego da redeSnort - capturar e dissecar o tráfego da rede
Snort - capturar e dissecar o tráfego da rede
Ulisses Costa
 

More from Ulisses Costa (20)

Automatic Test Generation for Space
Automatic Test Generation for SpaceAutomatic Test Generation for Space
Automatic Test Generation for Space
 
Automatic Test Generation for Space
Automatic Test Generation for SpaceAutomatic Test Generation for Space
Automatic Test Generation for Space
 
Static Code Analyzer - Part IV
Static Code Analyzer - Part IVStatic Code Analyzer - Part IV
Static Code Analyzer - Part IV
 
Specifying and Implementing SNOW3G with Cryptol
Specifying and Implementing SNOW3G with CryptolSpecifying and Implementing SNOW3G with Cryptol
Specifying and Implementing SNOW3G with Cryptol
 
Static Code Analyzer - Part III
Static Code Analyzer - Part IIIStatic Code Analyzer - Part III
Static Code Analyzer - Part III
 
Static Code Analyzer - Part II
Static Code Analyzer - Part IIStatic Code Analyzer - Part II
Static Code Analyzer - Part II
 
Static Code Analyzer - Part I
Static Code Analyzer - Part IStatic Code Analyzer - Part I
Static Code Analyzer - Part I
 
logCesium01
logCesium01logCesium01
logCesium01
 
Cesium Log ed2
Cesium Log ed2Cesium Log ed2
Cesium Log ed2
 
GD::Graph - Graph Plotting Module
GD::Graph - Graph Plotting ModuleGD::Graph - Graph Plotting Module
GD::Graph - Graph Plotting Module
 
Captura de Informação em Rede
Captura de Informação em RedeCaptura de Informação em Rede
Captura de Informação em Rede
 
Cryptol experience
Cryptol experienceCryptol experience
Cryptol experience
 
The Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLThe Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDL
 
Splint the C code static checker
Splint the C code static checkerSplint the C code static checker
Splint the C code static checker
 
Exploring the Cryptol Toolset
Exploring the Cryptol ToolsetExploring the Cryptol Toolset
Exploring the Cryptol Toolset
 
Specification of SNOW 3G in Cryptol
Specification of SNOW 3G in CryptolSpecification of SNOW 3G in Cryptol
Specification of SNOW 3G in Cryptol
 
Snort - capturar e dissecar o tráfego da rede
Snort - capturar e dissecar o tráfego da redeSnort - capturar e dissecar o tráfego da rede
Snort - capturar e dissecar o tráfego da rede
 
LDAP em VDM++
LDAP em VDM++LDAP em VDM++
LDAP em VDM++
 
Uso de Honeypots com Honeyd
Uso de Honeypots com HoneydUso de Honeypots com Honeyd
Uso de Honeypots com Honeyd
 
Apresentacao JML
Apresentacao JMLApresentacao JML
Apresentacao JML
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Recently uploaded (20)

Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

Correct sorting with Frama-C

  • 1. Correct sorting with Frama-C Pedro Pereira Ulisses Costa Formal Methods in Software Engineering July 2, 2009 Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 2. Algorithm implementation Implementation void bubbleSort ( int * vector , int tam ) { int j , i ; j = i = 0; for ( i =0; i < tam ; i ++) { for ( j =0; j < tam -i -1; j ++) { if ( vector [ j ] > vector [ j +1]) { swap (& vector [ j ] ,& vector [ j +1]) ; } } } } Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 3. Contract pre-conditions tam > 0 valid range(vector , 0, tam − 1) post-conditions sorted(vector , 0, tam − 1) ∀a : 0 ≤ a < tam : (∃b : 0 ≤ b < tam : old(vector (b)) ≡ vector (a)) Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 4. Annotations requires tam > 0; requires valid_range ( vector ,0 , tam -1) ; ensures ( forall integer a ; 0 <= a < tam == > ( exists integer b ; 0 <= b < tam == > at ( vector [ b ] , Old ) == at ( vector [ a ] , Here ) ) ) ; ensures Sorted { Here }( vector , 0 , tam -1) ; Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 5. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 6. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 7. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 8. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 9. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 10. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 11. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 12. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 13. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 14. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 15. Inner-loop (cont.) Loop invariants 0 ≤ j < tam − i 0 < j < tam − i ⇒ (∀a : 0 ≤ a ≤ j : vector (a) ≤ vector (j + 1)) Loop variants tam − i − j − 1 Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 16. Inner-loop invariants & variant loop invariant 0 <= j < tam - i ; loop invariant 0 < j < tam - i == > forall int a ; 0 <= a <= j == > vector [ a ] <= vector [ j +1]; loop variant tam -i -j -1; Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 17. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 18. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 19. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 20. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 21. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 22. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 23. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 24. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 25. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 26. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 27. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 28. Outer-loop (cont.) Loop invariants 0 ≤ i < tam sorted(vector , tam − i − 1, tam − 1) 0 < i < tam ⇒ (∀{a,b} : 0 ≤ b ≤ tam − i − 1 ≤ a < tam : vector (a) ≥ vector (b)) Loop variants tam − i Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 29. Outer-loop invariants & variant loop invariant 0 <= i < tam ; loop invariant Sorted { Here }( vector , tam -i -1 , tam -1) ; loop invariant 0 < i < tam == > forall int a , b ; 0 <= b <= tam -i -1 <= a < tam == > vector [ a ] >= vector [ b ]; loop variant tam - i ; Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 30. Conclusions Fast and powerful Possible to prove bubble-sort’s correctness with just 16 annotations Constantly updated Although extensive, the documentation lacks detail x Complex programs may require advanced knowledge in Logic x Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 31. Questions ? Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 32. Resources - rest of the code /* @ predicate Sorted { L }( int a [] , integer l , integer h ) = @ forall integer i ; l <= i < h @ == > at ( a [ i ] , L ) <= at ( a [ i +1] , L ) ; @ */ /* @ requires valid ( i ) && valid ( j ) ; @ // BUG 0000080: Assertion failed in jc_int erp_misc . ml @ // assigns *i , * j ; @ ensures at (* i , Old ) @ == at (* j , Here ) && at (* j , Old ) @ == at (* i , Here ) ; @ */ void swap ( int *i , int * j ) { int tmp = * i ; *i = *j; * j = tmp ; } Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 33. Resources - images Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 34. Resources - images (cont.) Pedro Pereira, Ulisses Costa Correct sorting with Frama-C