SlideShare a Scribd company logo

Correct sorting with Frama-C

Ulisses Costa
Ulisses Costa

A view over bubble sort algorithm and his correctness proof in Frama-C.

TechnologyEducation
1 of 34
Download to read offline
Correct sorting with Frama-C Pedro Pereira Ulisses Costa Formal Methods in Software Engineering July 2, 2009 Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Algorithm implementation Implementation void bubbleSort ( int * vector , int tam ) { int j , i ; j = i = 0; for ( i =0; i < tam ; i ++) { for ( j =0; j < tam -i -1; j ++) { if ( vector [ j ] > vector [ j +1]) { swap (& vector [ j ] ,& vector [ j +1]) ; } } } } Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Contract pre-conditions tam > 0 valid range(vector , 0, tam − 1) post-conditions sorted(vector , 0, tam − 1) ∀a : 0 ≤ a < tam : (∃b : 0 ≤ b < tam : old(vector (b)) ≡ vector (a)) Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Annotations requires tam > 0; requires valid_range ( vector ,0 , tam -1) ; ensures ( forall integer a ; 0 <= a < tam == > ( exists integer b ; 0 <= b < tam == > at ( vector [ b ] , Old ) == at ( vector [ a ] , Here ) ) ) ; ensures Sorted { Here }( vector , 0 , tam -1) ; Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop (cont.) Loop invariants 0 ≤ j < tam − i 0 < j < tam − i ⇒ (∀a : 0 ≤ a ≤ j : vector (a) ≤ vector (j + 1)) Loop variants tam − i − j − 1 Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Inner-loop invariants & variant loop invariant 0 <= j < tam - i ; loop invariant 0 < j < tam - i == > forall int a ; 0 <= a <= j == > vector [ a ] <= vector [ j +1]; loop variant tam -i -j -1; Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop (cont.) Loop invariants 0 ≤ i < tam sorted(vector , tam − i − 1, tam − 1) 0 < i < tam ⇒ (∀{a,b} : 0 ≤ b ≤ tam − i − 1 ≤ a < tam : vector (a) ≥ vector (b)) Loop variants tam − i Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Outer-loop invariants & variant loop invariant 0 <= i < tam ; loop invariant Sorted { Here }( vector , tam -i -1 , tam -1) ; loop invariant 0 < i < tam == > forall int a , b ; 0 <= b <= tam -i -1 <= a < tam == > vector [ a ] >= vector [ b ]; loop variant tam - i ; Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Conclusions Fast and powerful Possible to prove bubble-sort’s correctness with just 16 annotations Constantly updated Although extensive, the documentation lacks detail x Complex programs may require advanced knowledge in Logic x Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Questions ? Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Resources - rest of the code /* @ predicate Sorted { L }( int a [] , integer l , integer h ) = @ forall integer i ; l <= i < h @ == > at ( a [ i ] , L ) <= at ( a [ i +1] , L ) ; @ */ /* @ requires valid ( i ) && valid ( j ) ; @ // BUG 0000080: Assertion failed in jc_int erp_misc . ml @ // assigns *i , * j ; @ ensures at (* i , Old ) @ == at (* j , Here ) && at (* j , Old ) @ == at (* i , Here ) ; @ */ void swap ( int *i , int * j ) { int tmp = * i ; *i = *j; * j = tmp ; } Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Resources - images Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
Resources - images (cont.) Pedro Pereira, Ulisses Costa Correct sorting with Frama-C

Recommended

Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricksQuery Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricksJaime Crespo
 
Dos 16
Dos 16Dos 16
Dos 16Muhammad Ramzan
 
SQL Tuning, takes 3 to tango
SQL Tuning, takes 3 to tangoSQL Tuning, takes 3 to tango
SQL Tuning, takes 3 to tangoMauro Pagano
 
Fun with click house window functions webinar slides 2021-08-19
Fun with click house window functions webinar slides 2021-08-19Fun with click house window functions webinar slides 2021-08-19
Fun with click house window functions webinar slides 2021-08-19Altinity Ltd
 
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptxFive_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptxMaria Colgan
 
Glass fish performance tuning tips from the field
Glass fish performance tuning tips from the fieldGlass fish performance tuning tips from the field
Glass fish performance tuning tips from the fieldPayara
 
DBMS 12 | Design theory 2 [Normalization 2]
DBMS 12 | Design theory 2 [Normalization 2]DBMS 12 | Design theory 2 [Normalization 2]
DBMS 12 | Design theory 2 [Normalization 2]Mohammad Imam Hossain
 
asyncio internals
asyncio internalsasyncio internals
asyncio internalsSaúl Ibarra Corretgé
 

Recommended

Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricksQuery Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricksJaime Crespo
 
Dos 16
Dos 16Dos 16
Dos 16Muhammad Ramzan
 
SQL Tuning, takes 3 to tango
SQL Tuning, takes 3 to tangoSQL Tuning, takes 3 to tango
SQL Tuning, takes 3 to tangoMauro Pagano
 
Fun with click house window functions webinar slides 2021-08-19
Fun with click house window functions webinar slides 2021-08-19Fun with click house window functions webinar slides 2021-08-19
Fun with click house window functions webinar slides 2021-08-19Altinity Ltd
 
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptxFive_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptxMaria Colgan
 
Glass fish performance tuning tips from the field
Glass fish performance tuning tips from the fieldGlass fish performance tuning tips from the field
Glass fish performance tuning tips from the fieldPayara
 
DBMS 12 | Design theory 2 [Normalization 2]
DBMS 12 | Design theory 2 [Normalization 2]DBMS 12 | Design theory 2 [Normalization 2]
DBMS 12 | Design theory 2 [Normalization 2]Mohammad Imam Hossain
 
asyncio internals
asyncio internalsasyncio internals
asyncio internalsSaúl Ibarra Corretgé
 
Microsoft SQL Server - Benefits of Enterprise Edition Presentation
Microsoft SQL Server - Benefits of Enterprise Edition PresentationMicrosoft SQL Server - Benefits of Enterprise Edition Presentation
Microsoft SQL Server - Benefits of Enterprise Edition PresentationMicrosoft Private Cloud
 
Convert single instance to RAC
Convert single instance to RACConvert single instance to RAC
Convert single instance to RACSatishbabu Gunukula
 
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021Altinity Ltd
 
Oracle Latch and Mutex Contention Troubleshooting
Oracle Latch and Mutex Contention TroubleshootingOracle Latch and Mutex Contention Troubleshooting
Oracle Latch and Mutex Contention TroubleshootingTanel Poder
 
Shipping Data from Postgres to Clickhouse, by Murat Kabilov, Adjust
Shipping Data from Postgres to Clickhouse, by Murat Kabilov, AdjustShipping Data from Postgres to Clickhouse, by Murat Kabilov, Adjust
Shipping Data from Postgres to Clickhouse, by Murat Kabilov, AdjustAltinity Ltd
 
SQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore PlanSQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore PlanHamid J. Fard
 
Always on in sql server 2017
Always on in sql server 2017Always on in sql server 2017
Always on in sql server 2017Gianluca Hotz
 
Lugar raizes
Lugar raizesLugar raizes
Lugar raizesCarlos Afonso Mendes Junior
 
Problems with PostgreSQL on Multi-core Systems with MultiTerabyte Data
Problems with PostgreSQL on Multi-core Systems with MultiTerabyte DataProblems with PostgreSQL on Multi-core Systems with MultiTerabyte Data
Problems with PostgreSQL on Multi-core Systems with MultiTerabyte DataJignesh Shah
 
Federated Engine 실무적용사례
Federated Engine 실무적용사례Federated Engine 실무적용사례
Federated Engine 실무적용사례I Goo Lee
 
Hash joins and bloom filters at AMIS25
Hash joins and bloom filters at AMIS25Hash joins and bloom filters at AMIS25
Hash joins and bloom filters at AMIS25Getting value from IoT, Integration and Data Analytics
 
DBMS 11 | Design Theory [Normalization 1]
DBMS 11 | Design Theory [Normalization 1]DBMS 11 | Design Theory [Normalization 1]
DBMS 11 | Design Theory [Normalization 1]Mohammad Imam Hossain
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentestDan H
 
19012011102_Nayan Oza_Practical-7_AI.pdf
19012011102_Nayan Oza_Practical-7_AI.pdf19012011102_Nayan Oza_Practical-7_AI.pdf
19012011102_Nayan Oza_Practical-7_AI.pdfNayanOza
 
Improve PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateImprove PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateBobby Curtis
 
Label based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQLLabel based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQLKohei KaiGai
 
Clickhouse Capacity Planning for OLAP Workloads, Mik Kocikowski of CloudFlare
Clickhouse Capacity Planning for OLAP Workloads, Mik Kocikowski of CloudFlareClickhouse Capacity Planning for OLAP Workloads, Mik Kocikowski of CloudFlare
Clickhouse Capacity Planning for OLAP Workloads, Mik Kocikowski of CloudFlareAltinity Ltd
 
DBMS 4 | MySQL - DDL & DML Commands
DBMS 4 | MySQL - DDL & DML CommandsDBMS 4 | MySQL - DDL & DML Commands
DBMS 4 | MySQL - DDL & DML CommandsMohammad Imam Hossain
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Glen Hawkins
 
PostgreSQL Performance Tuning
PostgreSQL Performance TuningPostgreSQL Performance Tuning
PostgreSQL Performance Tuningelliando dias
 
Lec38
Lec38Lec38
Lec38Nikhil Chilwant
 
SRS presentation - Stanley Depth
SRS presentation - Stanley DepthSRS presentation - Stanley Depth
SRS presentation - Stanley DepthAJ Joshi
 

More Related Content

What's hot

Microsoft SQL Server - Benefits of Enterprise Edition Presentation
Microsoft SQL Server - Benefits of Enterprise Edition PresentationMicrosoft SQL Server - Benefits of Enterprise Edition Presentation
Microsoft SQL Server - Benefits of Enterprise Edition PresentationMicrosoft Private Cloud
 
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021Altinity Ltd
 
Oracle Latch and Mutex Contention Troubleshooting
Oracle Latch and Mutex Contention TroubleshootingOracle Latch and Mutex Contention Troubleshooting
Oracle Latch and Mutex Contention TroubleshootingTanel Poder
 
Shipping Data from Postgres to Clickhouse, by Murat Kabilov, Adjust
Shipping Data from Postgres to Clickhouse, by Murat Kabilov, AdjustShipping Data from Postgres to Clickhouse, by Murat Kabilov, Adjust
Shipping Data from Postgres to Clickhouse, by Murat Kabilov, AdjustAltinity Ltd
 
SQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore PlanSQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore PlanHamid J. Fard
 
Always on in sql server 2017
Always on in sql server 2017Always on in sql server 2017
Always on in sql server 2017Gianluca Hotz
 
Problems with PostgreSQL on Multi-core Systems with MultiTerabyte Data
Problems with PostgreSQL on Multi-core Systems with MultiTerabyte DataProblems with PostgreSQL on Multi-core Systems with MultiTerabyte Data
Problems with PostgreSQL on Multi-core Systems with MultiTerabyte DataJignesh Shah
 
Federated Engine 실무적용사례
Federated Engine 실무적용사례Federated Engine 실무적용사례
Federated Engine 실무적용사례I Goo Lee
 
DBMS 11 | Design Theory [Normalization 1]
DBMS 11 | Design Theory [Normalization 1]DBMS 11 | Design Theory [Normalization 1]
DBMS 11 | Design Theory [Normalization 1]Mohammad Imam Hossain
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentestDan H
 
19012011102_Nayan Oza_Practical-7_AI.pdf
19012011102_Nayan Oza_Practical-7_AI.pdf19012011102_Nayan Oza_Practical-7_AI.pdf
19012011102_Nayan Oza_Practical-7_AI.pdfNayanOza
 
Improve PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateImprove PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateBobby Curtis
 
Label based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQLLabel based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQLKohei KaiGai
 
Clickhouse Capacity Planning for OLAP Workloads, Mik Kocikowski of CloudFlare
Clickhouse Capacity Planning for OLAP Workloads, Mik Kocikowski of CloudFlareClickhouse Capacity Planning for OLAP Workloads, Mik Kocikowski of CloudFlare
Clickhouse Capacity Planning for OLAP Workloads, Mik Kocikowski of CloudFlareAltinity Ltd
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Glen Hawkins
 
PostgreSQL Performance Tuning
PostgreSQL Performance TuningPostgreSQL Performance Tuning
PostgreSQL Performance Tuningelliando dias
 

What's hot (20)

Microsoft SQL Server - Benefits of Enterprise Edition Presentation
Microsoft SQL Server - Benefits of Enterprise Edition PresentationMicrosoft SQL Server - Benefits of Enterprise Edition Presentation
Microsoft SQL Server - Benefits of Enterprise Edition Presentation
 
Convert single instance to RAC
Convert single instance to RACConvert single instance to RAC
Convert single instance to RAC
 
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021
 
Oracle Latch and Mutex Contention Troubleshooting
Oracle Latch and Mutex Contention TroubleshootingOracle Latch and Mutex Contention Troubleshooting
Oracle Latch and Mutex Contention Troubleshooting
 
Shipping Data from Postgres to Clickhouse, by Murat Kabilov, Adjust
Shipping Data from Postgres to Clickhouse, by Murat Kabilov, AdjustShipping Data from Postgres to Clickhouse, by Murat Kabilov, Adjust
Shipping Data from Postgres to Clickhouse, by Murat Kabilov, Adjust
 
SQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore PlanSQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore Plan
 
Always on in sql server 2017
Always on in sql server 2017Always on in sql server 2017
Always on in sql server 2017
 
Lugar raizes
Lugar raizesLugar raizes
Lugar raizes
 
Problems with PostgreSQL on Multi-core Systems with MultiTerabyte Data
Problems with PostgreSQL on Multi-core Systems with MultiTerabyte DataProblems with PostgreSQL on Multi-core Systems with MultiTerabyte Data
Problems with PostgreSQL on Multi-core Systems with MultiTerabyte Data
 
Federated Engine 실무적용사례
Federated Engine 실무적용사례Federated Engine 실무적용사례
Federated Engine 실무적용사례
 
Hash joins and bloom filters at AMIS25
Hash joins and bloom filters at AMIS25Hash joins and bloom filters at AMIS25
Hash joins and bloom filters at AMIS25
 
DBMS 11 | Design Theory [Normalization 1]
DBMS 11 | Design Theory [Normalization 1]DBMS 11 | Design Theory [Normalization 1]
DBMS 11 | Design Theory [Normalization 1]
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentest
 
19012011102_Nayan Oza_Practical-7_AI.pdf
19012011102_Nayan Oza_Practical-7_AI.pdf19012011102_Nayan Oza_Practical-7_AI.pdf
19012011102_Nayan Oza_Practical-7_AI.pdf
 
Improve PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateImprove PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGate
 
Label based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQLLabel based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQL
 
Clickhouse Capacity Planning for OLAP Workloads, Mik Kocikowski of CloudFlare
Clickhouse Capacity Planning for OLAP Workloads, Mik Kocikowski of CloudFlareClickhouse Capacity Planning for OLAP Workloads, Mik Kocikowski of CloudFlare
Clickhouse Capacity Planning for OLAP Workloads, Mik Kocikowski of CloudFlare
 
DBMS 4 | MySQL - DDL & DML Commands
DBMS 4 | MySQL - DDL & DML CommandsDBMS 4 | MySQL - DDL & DML Commands
DBMS 4 | MySQL - DDL & DML Commands
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive
 
PostgreSQL Performance Tuning
PostgreSQL Performance TuningPostgreSQL Performance Tuning
PostgreSQL Performance Tuning
 

Similar to Correct sorting with Frama-C

SRS presentation - Stanley Depth
SRS presentation - Stanley DepthSRS presentation - Stanley Depth
SRS presentation - Stanley DepthAJ Joshi
 
Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2
Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2
Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2Kanahaiya Gupta
 
Wu Mamber (String Algorithms 2007)
Wu Mamber (String Algorithms 2007)Wu Mamber (String Algorithms 2007)
Wu Mamber (String Algorithms 2007)mailund
 
Knapsack problem dynamicprogramming
Knapsack problem dynamicprogrammingKnapsack problem dynamicprogramming
Knapsack problem dynamicprogrammingrowntu
 
Numeros reales, inecuaciones y desigualdades
Numeros reales, inecuaciones y desigualdadesNumeros reales, inecuaciones y desigualdades
Numeros reales, inecuaciones y desigualdadesDanielaAngulo25
 
Part 1 sequence and arithmetic progression
Part 1 sequence and arithmetic progressionPart 1 sequence and arithmetic progression
Part 1 sequence and arithmetic progressionSatish Pandit
 
Take & Drop (MOTM 2010.04)
Take & Drop (MOTM 2010.04)Take & Drop (MOTM 2010.04)
Take & Drop (MOTM 2010.04)Kevin Munc
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
 
Definite Integral 1.pptx
Definite Integral 1.pptxDefinite Integral 1.pptx
Definite Integral 1.pptxRajiveGamer
 
Intoduction to numpy
Intoduction to numpyIntoduction to numpy
Intoduction to numpyFaraz Ahmed
 
Useful javascript
Useful javascriptUseful javascript
Useful javascriptLei Kang
 
Application of subQuan to Algebra: 3rd-8th grade and beyond...
Application of subQuan to Algebra: 3rd-8th grade and beyond...Application of subQuan to Algebra: 3rd-8th grade and beyond...
Application of subQuan to Algebra: 3rd-8th grade and beyond...Dream Realizations
 

Similar to Correct sorting with Frama-C (20)

Lec38
Lec38Lec38
Lec38
 
SRS presentation - Stanley Depth
SRS presentation - Stanley DepthSRS presentation - Stanley Depth
SRS presentation - Stanley Depth
 
Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2
Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2
Prefix Sum Algorithm | Prefix Sum Array Implementation | EP2
 
Wu Mamber (String Algorithms 2007)
Wu Mamber (String Algorithms 2007)Wu Mamber (String Algorithms 2007)
Wu Mamber (String Algorithms 2007)
 
Data types
Data typesData types
Data types
 
Data Types
Data TypesData Types
Data Types
 
Estructura Discreta I
Estructura Discreta IEstructura Discreta I
Estructura Discreta I
 
presentation about set theorem
presentation about set theorempresentation about set theorem
presentation about set theorem
 
Multiplication The Complement Method
Multiplication The Complement MethodMultiplication The Complement Method
Multiplication The Complement Method
 
Knapsack problem dynamicprogramming
Knapsack problem dynamicprogrammingKnapsack problem dynamicprogramming
Knapsack problem dynamicprogramming
 
Numeros reales, inecuaciones y desigualdades
Numeros reales, inecuaciones y desigualdadesNumeros reales, inecuaciones y desigualdades
Numeros reales, inecuaciones y desigualdades
 
Dmxchart
DmxchartDmxchart
Dmxchart
 
Part 1 sequence and arithmetic progression
Part 1 sequence and arithmetic progressionPart 1 sequence and arithmetic progression
Part 1 sequence and arithmetic progression
 
Take & Drop (MOTM 2010.04)
Take & Drop (MOTM 2010.04)Take & Drop (MOTM 2010.04)
Take & Drop (MOTM 2010.04)
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
 
Definite Integral 1.pptx
Definite Integral 1.pptxDefinite Integral 1.pptx
Definite Integral 1.pptx
 
Intoduction to numpy
Intoduction to numpyIntoduction to numpy
Intoduction to numpy
 
Useful javascript
Useful javascriptUseful javascript
Useful javascript
 
Application of subQuan to Algebra: 3rd-8th grade and beyond...
Application of subQuan to Algebra: 3rd-8th grade and beyond...Application of subQuan to Algebra: 3rd-8th grade and beyond...
Application of subQuan to Algebra: 3rd-8th grade and beyond...
 

More from Ulisses Costa

Automatic Test Generation for Space
Automatic Test Generation for SpaceAutomatic Test Generation for Space
Automatic Test Generation for SpaceUlisses Costa
 
Automatic Test Generation for Space
Automatic Test Generation for SpaceAutomatic Test Generation for Space
Automatic Test Generation for SpaceUlisses Costa
 
Static Code Analyzer - Part IV
Static Code Analyzer - Part IVStatic Code Analyzer - Part IV
Static Code Analyzer - Part IVUlisses Costa
 
Specifying and Implementing SNOW3G with Cryptol
Specifying and Implementing SNOW3G with CryptolSpecifying and Implementing SNOW3G with Cryptol
Specifying and Implementing SNOW3G with CryptolUlisses Costa
 
Static Code Analyzer - Part III
Static Code Analyzer - Part IIIStatic Code Analyzer - Part III
Static Code Analyzer - Part IIIUlisses Costa
 
Static Code Analyzer - Part II
Static Code Analyzer - Part IIStatic Code Analyzer - Part II
Static Code Analyzer - Part IIUlisses Costa
 
Static Code Analyzer - Part I
Static Code Analyzer - Part IStatic Code Analyzer - Part I
Static Code Analyzer - Part IUlisses Costa
 
GD::Graph - Graph Plotting Module
GD::Graph - Graph Plotting ModuleGD::Graph - Graph Plotting Module
GD::Graph - Graph Plotting ModuleUlisses Costa
 
Captura de Informação em Rede
Captura de Informação em RedeCaptura de Informação em Rede
Captura de Informação em RedeUlisses Costa
 
The Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLThe Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLUlisses Costa
 
Splint the C code static checker
Splint the C code static checkerSplint the C code static checker
Splint the C code static checkerUlisses Costa
 
Exploring the Cryptol Toolset
Exploring the Cryptol ToolsetExploring the Cryptol Toolset
Exploring the Cryptol ToolsetUlisses Costa
 
Specification of SNOW 3G in Cryptol
Specification of SNOW 3G in CryptolSpecification of SNOW 3G in Cryptol
Specification of SNOW 3G in CryptolUlisses Costa
 
Snort - capturar e dissecar o tráfego da rede
Snort - capturar e dissecar o tráfego da redeSnort - capturar e dissecar o tráfego da rede
Snort - capturar e dissecar o tráfego da redeUlisses Costa
 
Uso de Honeypots com Honeyd
Uso de Honeypots com HoneydUso de Honeypots com Honeyd
Uso de Honeypots com HoneydUlisses Costa
 

More from Ulisses Costa (20)

Automatic Test Generation for Space
Automatic Test Generation for SpaceAutomatic Test Generation for Space
Automatic Test Generation for Space
 
Automatic Test Generation for Space
Automatic Test Generation for SpaceAutomatic Test Generation for Space
Automatic Test Generation for Space
 
Static Code Analyzer - Part IV
Static Code Analyzer - Part IVStatic Code Analyzer - Part IV
Static Code Analyzer - Part IV
 
Specifying and Implementing SNOW3G with Cryptol
Specifying and Implementing SNOW3G with CryptolSpecifying and Implementing SNOW3G with Cryptol
Specifying and Implementing SNOW3G with Cryptol
 
Static Code Analyzer - Part III
Static Code Analyzer - Part IIIStatic Code Analyzer - Part III
Static Code Analyzer - Part III
 
Static Code Analyzer - Part II
Static Code Analyzer - Part IIStatic Code Analyzer - Part II
Static Code Analyzer - Part II
 
Static Code Analyzer - Part I
Static Code Analyzer - Part IStatic Code Analyzer - Part I
Static Code Analyzer - Part I
 
logCesium01
logCesium01logCesium01
logCesium01
 
Cesium Log ed2
Cesium Log ed2Cesium Log ed2
Cesium Log ed2
 
GD::Graph - Graph Plotting Module
GD::Graph - Graph Plotting ModuleGD::Graph - Graph Plotting Module
GD::Graph - Graph Plotting Module
 
Captura de Informação em Rede
Captura de Informação em RedeCaptura de Informação em Rede
Captura de Informação em Rede
 
Cryptol experience
Cryptol experienceCryptol experience
Cryptol experience
 
The Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLThe Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDL
 
Splint the C code static checker
Splint the C code static checkerSplint the C code static checker
Splint the C code static checker
 
Exploring the Cryptol Toolset
Exploring the Cryptol ToolsetExploring the Cryptol Toolset
Exploring the Cryptol Toolset
 
Specification of SNOW 3G in Cryptol
Specification of SNOW 3G in CryptolSpecification of SNOW 3G in Cryptol
Specification of SNOW 3G in Cryptol
 
Snort - capturar e dissecar o tráfego da rede
Snort - capturar e dissecar o tráfego da redeSnort - capturar e dissecar o tráfego da rede
Snort - capturar e dissecar o tráfego da rede
 
LDAP em VDM++
LDAP em VDM++LDAP em VDM++
LDAP em VDM++
 
Uso de Honeypots com Honeyd
Uso de Honeypots com HoneydUso de Honeypots com Honeyd
Uso de Honeypots com Honeyd
 
Apresentacao JML
Apresentacao JMLApresentacao JML
Apresentacao JML
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Correct sorting with Frama-C

  • 1. Correct sorting with Frama-C Pedro Pereira Ulisses Costa Formal Methods in Software Engineering July 2, 2009 Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 2. Algorithm implementation Implementation void bubbleSort ( int * vector , int tam ) { int j , i ; j = i = 0; for ( i =0; i < tam ; i ++) { for ( j =0; j < tam -i -1; j ++) { if ( vector [ j ] > vector [ j +1]) { swap (& vector [ j ] ,& vector [ j +1]) ; } } } } Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 3. Contract pre-conditions tam > 0 valid range(vector , 0, tam − 1) post-conditions sorted(vector , 0, tam − 1) ∀a : 0 ≤ a < tam : (∃b : 0 ≤ b < tam : old(vector (b)) ≡ vector (a)) Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 4. Annotations requires tam > 0; requires valid_range ( vector ,0 , tam -1) ; ensures ( forall integer a ; 0 <= a < tam == > ( exists integer b ; 0 <= b < tam == > at ( vector [ b ] , Old ) == at ( vector [ a ] , Here ) ) ) ; ensures Sorted { Here }( vector , 0 , tam -1) ; Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 5. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 6. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 7. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 8. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 9. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 10. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 11. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 12. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 13. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 14. Inner-loop Example i = 0, [8, 5, 2, 6, 9, 3, 0, 4, 1] j = 0, [5, 8, 2, 6, 9, 3, 0, 4, 1] j = 1, [5, 2, 8, 6, 9, 3, 0, 4, 1] j = 2, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 3, [5, 2, 6, 8, 9, 3, 0, 4, 1] j = 4, [5, 2, 6, 8, 3, 9, 0, 4, 1] j = 5, [5, 2, 6, 8, 3, 0, 9, 4, 1] j = 6, [5, 2, 6, 8, 3, 0, 4, 9, 1] j = 7, [5, 2, 6, 8, 3, 0, 4, 1, 9] The j th + 1 element of sequence is greater or equal to the first j + 1 elements of sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 15. Inner-loop (cont.) Loop invariants 0 ≤ j < tam − i 0 < j < tam − i ⇒ (∀a : 0 ≤ a ≤ j : vector (a) ≤ vector (j + 1)) Loop variants tam − i − j − 1 Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 16. Inner-loop invariants & variant loop invariant 0 <= j < tam - i ; loop invariant 0 < j < tam - i == > forall int a ; 0 <= a <= j == > vector [ a ] <= vector [ j +1]; loop variant tam -i -j -1; Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 17. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 18. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 19. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 20. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 21. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 22. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 23. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 24. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 25. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 26. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 27. Outer-loop Example antes, [8, 5, 2, 6, 9, 3, 0, 4, 1] i = 0, [5, 2, 6, 8, 3, 0, 4, 1, 9] i = 1, [2, 5, 6, 3, 0, 4, 1, 8, 9] i = 2, [2, 5, 3, 0, 4, 1, 6, 8, 9] i = 3, [2, 3, 0, 4, 1, 5, 6, 8, 9] i = 4, [2, 0, 3, 1, 4, 5, 6, 8, 9] i = 5, [0, 2, 1, 3, 4, 5, 6, 8, 9] i = 6, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 7, [0, 1, 2, 3, 4, 5, 6, 8, 9] i = 8, [0, 1, 2, 3, 4, 5, 6, 8, 9] Last i + 1 elements of sequence are sorted Last i + 1 are all greater or equal to the other elements of the sequence. Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 28. Outer-loop (cont.) Loop invariants 0 ≤ i < tam sorted(vector , tam − i − 1, tam − 1) 0 < i < tam ⇒ (∀{a,b} : 0 ≤ b ≤ tam − i − 1 ≤ a < tam : vector (a) ≥ vector (b)) Loop variants tam − i Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 29. Outer-loop invariants & variant loop invariant 0 <= i < tam ; loop invariant Sorted { Here }( vector , tam -i -1 , tam -1) ; loop invariant 0 < i < tam == > forall int a , b ; 0 <= b <= tam -i -1 <= a < tam == > vector [ a ] >= vector [ b ]; loop variant tam - i ; Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 30. Conclusions Fast and powerful Possible to prove bubble-sort’s correctness with just 16 annotations Constantly updated Although extensive, the documentation lacks detail x Complex programs may require advanced knowledge in Logic x Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 31. Questions ? Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 32. Resources - rest of the code /* @ predicate Sorted { L }( int a [] , integer l , integer h ) = @ forall integer i ; l <= i < h @ == > at ( a [ i ] , L ) <= at ( a [ i +1] , L ) ; @ */ /* @ requires valid ( i ) && valid ( j ) ; @ // BUG 0000080: Assertion failed in jc_int erp_misc . ml @ // assigns *i , * j ; @ ensures at (* i , Old ) @ == at (* j , Here ) && at (* j , Old ) @ == at (* i , Here ) ; @ */ void swap ( int *i , int * j ) { int tmp = * i ; *i = *j; * j = tmp ; } Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 33. Resources - images Pedro Pereira, Ulisses Costa Correct sorting with Frama-C
  • 34. Resources - images (cont.) Pedro Pereira, Ulisses Costa Correct sorting with Frama-C