queens on a chessboard
play

Queens on a Chessboard an exercise in program verification - PowerPoint PPT Presentation

Dec 29, 2023 •205 likes •569 views

Queens on a Chessboard an exercise in program verification Jean-Christophe Filli atre Krakatoa/Caduceus working group December 15th, 2006 Jean-Christophe Filli atre Queens on a Chessboard Krakatoa/Caduceus WG Introduction challenge for

  1. Queens on a Chessboard an exercise in program verification Jean-Christophe Filliˆ atre Krakatoa/Caduceus working group December 15th, 2006 Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  2. Introduction challenge for the verified program of the month : t(a,b,c){int d=0,e=a&~b&~c,f=1;if(a)for(f=0;d=(e-=d)&-e;f+=t(a-d,(b+d)*2,( c+d)/2));return f;}main(q){scanf("%d",&q);printf("%d\n",t(~(~0<<q),0,0));} appears on a web page collecting C signature programs due to Marcel van Kervinck, author of MSCP (Marcel’s Simple Chess Program) Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  3. Introduction challenge for the verified program of the month : t(a,b,c){int d=0,e=a&~b&~c,f=1;if(a)for(f=0;d=(e-=d)&-e;f+=t(a-d,(b+d)*2,( c+d)/2));return f;}main(q){scanf("%d",&q);printf("%d\n",t(~(~0<<q),0,0));} appears on a web page collecting C signature programs due to Marcel van Kervinck, author of MSCP (Marcel’s Simple Chess Program) Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  4. Unobfuscating... int t(int a, int b, int c) { int d=0, e=a&~b&~c, f=1; if (a) for (f=0; d=(e-=d)&-e;) f+=t(a-d,(b+d)*2,(c+d)/2); return f; } int main(int q) { scanf("%d",&q); printf("%d \ n",t(~(~0 << q),0,0)); } Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  5. Unobfuscating... int t(int a, int b, int c) { int d=0, e=a&~b&~c, f=1; if (a) for (f=0; d=(e-=d)&-e;) f+=t(a-d,(b+d)*2,(c+d)/2); return f; } int f(int n) { return t(~(~0 << n), 0, 0); } we end up with a mysterious function f : N → N Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  6. Queens on a chessboard given a number n smaller than 32, f ( n ) is the number of ways to put n queens on n × n chessboard so that they cannot beat each other let us prove that this program is correct , that is: it does not crash it terminates it computes the right number Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  7. Queens on a chessboard given a number n smaller than 32, f ( n ) is the number of ways to put n queens on n × n chessboard so that they cannot beat each other let us prove that this program is correct , that is: it does not crash it terminates it computes the right number Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  8. Why is it challenging? in two lines of code we have C idiomatic bitwise operations loops & recursion, involved in a backtracking algorithm highly efficient code Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  9. How does it work? backtracking algorithm (no better way to solve the N queens) integers used as sets (bit vectors) integers sets ∅ 0 a ∩ b a&b a+b a ∪ b , when a ∩ b = ∅ a \ b , when b ⊆ a a-b ∁ a ~a min elt ( a ), when a � = ∅ a&-a { 0 , 1 , . . . , n − 1 } ~(~0<<n) { i + 1 | i ∈ a } , written S ( a ) a*2 { i − 1 | i ∈ a ∧ i � = 0 } , written P ( a ) a/2 Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  10. How does it work? backtracking algorithm (no better way to solve the N queens) integers used as sets (bit vectors) integers sets ∅ 0 a ∩ b a&b a+b a ∪ b , when a ∩ b = ∅ a \ b , when b ⊆ a a-b ∁ a ~a min elt ( a ), when a � = ∅ a&-a { 0 , 1 , . . . , n − 1 } ~(~0<<n) { i + 1 | i ∈ a } , written S ( a ) a*2 { i − 1 | i ∈ a ∧ i � = 0 } , written P ( a ) a/2 Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  11. Code rephrased on sets int t( a , b , c ) if a � = ∅ e ← ( a \ b ) \ c f ← 0 while e � = ∅ d ← min elt ( e ) f ← f + t( a \{ d } , S ( b ∪ { d } ) , P ( c ∪ { d } ) ) e ← e \{ d } return f else return 1 int f( n ) return t( { 0 , 1 , . . . , n − 1 } , ∅ , ∅ ) Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  12. What a , b and c mean q q q ? ? ? ? ? ? ? ? Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  13. What a , b and c mean q ◗ q q ◗ ◗ q q q ◗ ◗ q ◗ q a = columns to be filled = 11100101 2 Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  14. What a , b and c mean q ◗ q ◗ q ◗ q q q b = positions to avoid because of left diagonals = 01101000 2 Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  15. What a , b and c mean q ◗ q q ◗ ◗ q q c = positions to avoid because of right diagonals = 00001001 2 Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  16. What a , b and c mean q ◗ ◗ ◗ q ◗ q ◗ ◗ ◗ ◗ q ◗ ◗ ◗ ◗ q ◗ ◗ a &˜ b &˜ c = positions to try = 10000100 2 Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  17. Now it is clear int t(int a, int b, int c) { int d=0, e=a&~b&~c, f=1; if (a) for (f=0; d=(e-=d)&-e;) f += t(a-d,(b+d)*2,(c+d)/2); return f; } int f(int n) { return t(~(~0 << n), 0, 0); } Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  18. Abstract finite sets //@ type iset //@ predicate in (int x, iset s) /*@ predicate included(iset a, iset b) @ { \ forall int i; in (i,a) ⇒ in (i,b) } */ //@ logic iset empty() //@ axiom empty def : \ forall int i; !in (i,empty()) ... total: 66 lines of functions, predicates and axioms Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  19. C ints as abstract sets //@ logic iset iset(int x) /*@ axiom iset c zero : \ forall int x; @ iset(x)==empty() ⇔ x==0 */ /*@ axiom iset c min elt : \ forall int x; x != 0 ⇒ @ @ iset(x&-x) == singleton(min elt(iset(x))) */ /*@ axiom iset c diff : \ forall int a, int b; @ iset(a&~b) == diff(iset(a), iset(b)) */ ... total: 27 lines / should be proved independently Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  20. Warmup: termination of the for loop int t(int a, int b, int c) { int d=0, e=a&~b&~c, f=1; if (a) //@ variant card(iset(e-d)) for (f=0; d=(e-=d)&-e; ) { f += t(a-d,(b+d)*2,(c+d)/2); } return f; } 3 verification conditions, all proved automatically Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  21. Warmup: termination of the recursive function int t(int a, int b, int c) { int d=0, e=a&~b&~c, f=1; //@ label L if (a) /*@ invariant @ included(iset(e-d), iset(e)) && included(iset(e), \ at(iset(e),L)) @ @*/ for (f=0; d=(e-=d)&-e; ) { /*@ assert \ exists int x; @ iset(d) == singleton(x) && in (x,iset(e)) */ //@ assert card(iset(a-d)) < card(iset(a)) f += t(a-d,(b+d)*2,(c+d)/2); } return f; } 7 verification conditions, all proved automatically Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  22. Soundness how to express that we compute the right number, since the program is not storing anything, not even the current solution? answer: by introducing ghost code to perform the missing operations Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  23. Soundness how to express that we compute the right number, since the program is not storing anything, not even the current solution? answer: by introducing ghost code to perform the missing operations Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  24. Ghost code ghost code can be regarded as regular code, as soon as ghost code does not modify program data program code does not access ghost data ghost data is purely logical ⇒ ne need to check the validity of pointers ghost code is currently restricted in Caduceus, but should not be Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  25. Program instrumented with ghost code //@ int** sol; //@ int s; //@ int* col; //@ int k; int t(int a, int b, int c) { int d=0, e=a&~b&~c, f=1; if (a) for (f=0; d=(e-=d)&-e; ) { //@ col[k] = min elt(d); //@ k++; f += t3(a-d, (b+d)*2, (c+d)/2); //@ k--; } //@ else //@ store solution(); return f; } Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  26. Annotations (1/4) /*@ requires solution(col) @ assigns s, sol[s][0..N()-1] s== \ old(s)+1 && eq sol(sol[ \ old(s)], col) @ ensures @*/ void store solution(); /*@ requires @ n == N() && s == 0 && k == 0 @ ensures \ result == s && @ @ \ forall int* t; solution(t) ⇔ ( \ exists int i; 0 ≤ i < \ result && eq sol(t,sol[i])) @ @*/ int queens(int n) { return t(~(~0 << n),0,0); } Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

  27. Annotations (2/4) //@ logic int N() /*@ predicate partial solution(int k, int* s) { \ forall int i; 0 ≤ i < k ⇒ @ 0 ≤ s[i] < N() && @ ( \ forall int j; 0 ≤ j < i ⇒ s[i] != s[j] && @ @ s[i]-s[j] != i-j && @ s[i]-s[j] != j-i) @ } @*/ //@ predicate solution(int* s) { partial solution(N(), s) } Jean-Christophe Filliˆ atre Queens on a Chessboard Krakatoa/Caduceus WG

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Local Search 1/30/17 Consider the following problems N-Queens: place n queens on an K-Coloring:

Local Search 1/30/17 Consider the following problems N-Queens: place n queens on an K-Coloring:

Local Search 1/30/17 Consider the following problems N-Queens: place n queens on an K-Coloring: find an assignment n x n chessboard so that none of k colors to graph nodes (map share a row, column, or regions) so that no adjacent diagonal.

348 views • 19 slides
A q -Queens Problem Christopher R. H. Hanusa Queens College, CUNY Joint work with Thomas

A q -Queens Problem Christopher R. H. Hanusa Queens College, CUNY Joint work with Thomas

A q -Queens Problem Christopher R. H. Hanusa Queens College, CUNY Joint work with Thomas Zaslavsky, Binghamton University (SUNY) and Seth Chaiken, University at Albany (SUNY) qc.edu/chanusa &gt; Research &gt; Talks n -Queens q -Queens Formulas

1.03k views • 90 slides
January 10, 2018 Staff: Kim Painter, Laura London Queens Court Apartments 2 Queens Court

January 10, 2018 Staff: Kim Painter, Laura London Queens Court Apartments 2 Queens Court

Queens Court Relocation Plan Tenant Landlord Commission January 10, 2018 Staff: Kim Painter, Laura London Queens Court Apartments 2 Queens Court Apartments Built 1941 Acquired by APAH in 1995 3 garden apt. buildings 39 units

142 views • 12 slides
The eight queens problem Let us now use Prolog to solve a more difficult kind of problem. One of

The eight queens problem Let us now use Prolog to solve a more difficult kind of problem. One of

The eight queens problem Let us now use Prolog to solve a more difficult kind of problem. One of these famous problems is the eight queens problem . It consists in placing on a (European) chess board eight queens such that they do not attack each

215 views • 8 slides
In SVN: explain the concept of backtracking solve the n-queens problem using backtracking Qu

In SVN: explain the concept of backtracking solve the n-queens problem using backtracking Qu

Exhaustive search, backtracking, object-oriented Queens After today, you should be able to In SVN: explain the concept of backtracking solve the n-queens problem using backtracking Qu Queens ens A taste of artificial intelligence

637 views • 19 slides
disk galaxies Joe Joel C. . Roed oedig iger (Queens) Stphane Courteau (Queens)

disk galaxies Joe Joel C. . Roed oedig iger (Queens) Stphane Courteau (Queens)

Roediger et al. 2012, ApJ (in print) arXiv:1201.6361 Stellar migrations and more in cluster disk galaxies Joe Joel C. . Roed oedig iger (Queens) Stphane Courteau (Queens) Patricia Snchez-Blzquez (UNAM) Michael McDonald (MIT)

125 views • 11 slides
Ch Check out f from S SVN VN: Queens eens Exhaustive search, backtracking, and

Ch Check out f from S SVN VN: Queens eens Exhaustive search, backtracking, and

Exhaustive search, backtracking, object-oriented Queens Ch Check out f from S SVN VN: Queens eens Exhaustive search, backtracking, and object-oriented queens A taste of artificial intelligence Check out Queens from SVN Given: a

942 views • 26 slides
N -Queens Problem Latin Squares Duncan Prince, Tamara Gomez February 19 2015 Author: Duncan

N -Queens Problem Latin Squares Duncan Prince, Tamara Gomez February 19 2015 Author: Duncan

N -Queens Problem Latin Squares Duncan Prince, Tamara Gomez February 19 2015 Author: Duncan Prince The N -Queens Problem The N -Queens problem originates from a question relating to chess, The 8-Queens problem. Chess is played on an 8 8 grid,

364 views • 9 slides
Marshall presented with Queens Award for Enterprise 2016 Marshall recognised in 2016

Marshall presented with Queens Award for Enterprise 2016 Marshall recognised in 2016

Media Release Date: 13 th September 2016 Marshall presented with Queens Award for Enterprise 2016 Marshall recognised in 2016 Queens Award for International Trade Second Award in three years - in 2013 Marshall won Queens Award for

759 views • 8 slides
Rearing Queens using the Miller Method Mark Sweatman Overview of the queen rearing process

Rearing Queens using the Miller Method Mark Sweatman Overview of the queen rearing process

Rearing Queens using the Miller Method Mark Sweatman Overview of the queen rearing process Steps using the Miller Method to rear queens Please Hold all Questions What is Required? Desire to rear queens and practice! Planning

568 views • 45 slides
Finding the Balance! Queens Gerry Morris BSc,

Finding the Balance! Queens Gerry Morris BSc,

15-03-31 Introduc/on to GI and my first experiment! Finding the Balance! Queens Gerry Morris BSc, PhD 1980-87 Queens

456 views • 10 slides
Queens Policy Engagement Brexit Clinic 17 October 2018 Queens Policy Engagement Brexit

Queens Policy Engagement Brexit Clinic 17 October 2018 Queens Policy Engagement Brexit

Queens Policy Engagement Brexit Clinic 17 October 2018 Queens Policy Engagement Brexit Clinic Prof. David Phinnemore (HAPP, @DPhinnemore) Brexit a timeline Withdrawal Withdrawal New and (Article 50) UK-EU Transition

429 views • 21 slides
Measurement, Mathematics and Information Technology M. Ram Murty, FRSC Queens Research Chair,

Measurement, Mathematics and Information Technology M. Ram Murty, FRSC Queens Research Chair,

Measurement, Mathematics and Information Technology M. Ram Murty, FRSC Queens Research Chair, Queens University, Kingston, Ontario, Canada Can we measure everything? Not everything that can be counted counts, and not everything

941 views • 75 slides
Mathematical Art Christopher Hanusa Queens College, City University of New York qc.edu/~chanusa

Mathematical Art Christopher Hanusa Queens College, City University of New York qc.edu/~chanusa

Guiding and Grading Mathematical Art Christopher Hanusa Queens College, City University of New York qc.edu/~chanusa @mathzorro @hanusadesign Course Details Queens College Urban Commuter Campus Diverse Student Population Christopher

620 views • 33 slides
Lattice Points and Kindly Chess Queens Thomas Zaslavsky Binghamton University of SUNY Jointly

Lattice Points and Kindly Chess Queens Thomas Zaslavsky Binghamton University of SUNY Jointly

CombinaTexas 10: 26 April 2009 Lattice Points and Kindly Chess Queens Thomas Zaslavsky Binghamton University of SUNY Jointly with Matthias Beck, Seth Chaiken, and Christopher R.H. Hanusa Q Q Q Q Q Q Q Q Board size: n = 10. Queens: q =

324 views • 10 slides
A sandwich theorem and a capacity bound for non-commutative graphs Gareth Boreland (Queens

A sandwich theorem and a capacity bound for non-commutative graphs Gareth Boreland (Queens

A sandwich theorem and a capacity bound for non-commutative graphs Gareth Boreland (Queens University Belfast) Joint work with Ivan Todorov (Queens University Belfast) and Andreas Winter (Universitat Autonoma de Barcelona). (arXiv:

304 views • 29 slides
The Why/Krakatoa/Caduceus Platform for Deductive Program Verification Jean-Christophe Filli

The Why/Krakatoa/Caduceus Platform for Deductive Program Verification Jean-Christophe Filli

The Why/Krakatoa/Caduceus Platform for Deductive Program Verification Jean-Christophe Filli atre CNRS Universit e Paris Sud TYPES Summer School August 30th, 2007 TYPES Summer School August 30th, 2007 Jean-Christophe Filli

2.04k views • 181 slides
Formal Verification of Floating-Point programs Sylvie Boldo and Jean-Christophe Filli atre

Formal Verification of Floating-Point programs Sylvie Boldo and Jean-Christophe Filli atre

Formal Verification of Floating-Point programs Sylvie Boldo and Jean-Christophe Filli atre Montpellier June, 26th 2007 INRIA Futurs CNRS, LRI Existing tools Model and specification of FP numbers Examples Conclusion Motivations

410 views • 39 slides
t r ts t

t r ts t

trt ts tss ss s t r ts t

805 views • 59 slides
CSE 527 Computational Biology http://www.cs.washington.edu/527 Lecture 1: Overview &amp; Bio

CSE 527 Computational Biology http://www.cs.washington.edu/527 Lecture 1: Overview &amp; Bio

CSE 527 Computational Biology http://www.cs.washington.edu/527 Lecture 1: Overview &amp; Bio Review Autumn 2004 Larry Ruzzo He who asks is a fool for five minutes, but he who does not ask remains a fool forever. -- Chinese Proverb Related

525 views • 25 slides
Proof Technology for High-Assurance Runtime Systems Andrew Tolmach, Andrew McCreight, and the

Proof Technology for High-Assurance Runtime Systems Andrew Tolmach, Andrew McCreight, and the

Proof Technology for High-Assurance Runtime Systems Andrew Tolmach, Andrew McCreight, and the Programatica team WG2.8 08 1 Functional Languages for High- Assurance Applications Goal: rely on properties of functional languages to

774 views • 59 slides
Towards Secure Things, or How to Verify IoT Software with Frama-C Tutorial at ZINC 2018 Allan

Towards Secure Things, or How to Verify IoT Software with Frama-C Tutorial at ZINC 2018 Allan

Towards Secure Things, or How to Verify IoT Software with Frama-C Tutorial at ZINC 2018 Allan Blanchard, Nikolai Kosmatov, Fr ed eric Loulergue some slides authored by Julien Signoles Email: allan.blanchard@inria.fr,

1.79k views • 151 slides
Deductive Verification of Java programs Introduction with Algebraic Modeling and Multi-Prover

Deductive Verification of Java programs Introduction with Algebraic Modeling and Multi-Prover

Krakatoa Deductive Verification of Java programs Introduction with Algebraic Modeling and Multi-Prover Overview of Krakatoa Algebraic models Backend: the Why/Krakatoa platform Conclusions Claude March e Christine Paulin Jean-Christophe

636 views • 31 slides
Ownership, Pointer Arithmetic and Memory Separation Romain Bardou INRIA Saclay, France

Ownership, Pointer Arithmetic and Memory Separation Romain Bardou INRIA Saclay, France

Ownership, Pointer Arithmetic and Memory Separation Romain Bardou INRIA Saclay, France FTfJP2008 Ownership, Pointer Arithmetic, and Memory Separation 1 / 32 Introduction Jessie Ownership and Invariants Problems Our Approach Core Language

497 views • 32 slides

More recommend