HW4 Due Oct 31 23 59 1 Verify

HW#4: Due Oct 31 23: 59 1. Verify the max_heapify(int x[], int i, int h_size) by using CBMC • x[] is the array containing a max-heap • i is the index to the node that may violate the max-heap property • h_size is a total number of nodes in the max-heap: Assumptions 1. The right and left sub-trees of node i are max heaps, but that x[i] may be smaller than its children 2. The max heap has less than 8 elements To do list: • Describe your environment model in detail • Describe your assertion check routine in detail • Describe run-time parameters of CBMC • Report verification results (i. e. , time, memory, assert violation, size of generated SAT formula, etc)

• A max heap is a heap data structure created using a binary tree with two constraints: – The shape property : the tree is a complete binary tree; that is, all levels of the tree, except possibly the last one (deepest) are fully filled, and, if the last level of the tree is not complete, the nodes of that level are filled from left to right. – The max-heap property: each node is greater than or equal to each of its children according to a comparison predicate defined for the data structure. Max heap can be implemented using an array as follows (note that array index starts from 1): Index 1 2 3 4 5 6 7 8 9 value 100 19 36 17 3 25 1 2 7

/* Example code */ #include<stdio. h> #define MAX 16 #define H_SIZE 10 #define parent(i)(i/2) #define left(i) (2*i) #define right(i)(2*i+1) int main(){ int i; max_heapify(a, 2, H_SIZE); for (i=1; i<=H_SIZE; i++) printf("%d ", a[i]); return 0; } /* Output: 16 14 10 8 7 9 3 2 4 1 */ 1 /* Ignore the first 0, since max heap contents start at index 1 */ int a[MAX] = {0, 16, 4, 10, 14, 7, 9, 3, 2, 8, 1, }; 2 4 8 void max_heapify(int x[], int i, int h_size){ int largest, tmp; int l=left(i); int r=right(i); if (l<=h_size && x[l]>x[i]) largest=l; else largest=i; if(r<=h_size && x[r]>x[largest]) largest=r; if (largest!=i) { tmp=x[i]; x[i]=x[largest]; x[largest]=tmp; max_heapify(x, largest, h_size); } } 14 2 8 4 9 10 7 4 2 8 9 14 9 10 2 8 4 7 3 3 6 7 10 9 7 3 1 2 8 16 5 1 4 10 1 2 8 3 6 5 1 4 16 max_heapify(a, 2, 10) 14 9 10 1 5 7 16 3 6 9 10 7 3

2. Formal verification of a flash memory reading unit Show the correctness of the flash_read() – • By using randomized testing – • Randomly select the physical sectors to write four characters and set the corresponding SAMs By using exhaustive testing – Create 43680 (16*15*14*13) distinct test cases » • Do not print test cases in your hardcopy to save trees By using CBMC – Create environment model satisfying the invariant formula by using __CPROVER_assume() and nested loops Submit the answers to the above three questions – • • • The above three versions of code including the target program and your environment Describe your environment model in detail Compare three verification results (i. e. , time, memory usage, assert violation, etc. )

typedef struct _SAM_type{ unsigned char offset[SECT_PER_U]; }SAM_type; typedef struct _PU_type{ unsigned char sect[SECT_PER_U]; }PU_type; // Environment assumption // 0. Each unit contains 4 sectors. // 1. There is one logical unit containing "abcd" // 2. There are 4 physical units // 3. The value of SAM table is 255 if the corresponding // physical sector does not have a valid data void flash_read(char *buf, SAM_type *SAM, PU_type *pu ){ unsigned char n. Sam. Idx = 0; unsigned char pu_id = 0; unsigned char n_scts = 4; // number of sectors to read unsigned char offset = 0; //offset of the physical sector to read unsigned char p. Buf = 0; while(n_scts > 0){ pu_id=0; offset = 255; // read 1 character while(1) { if (SAM[pu_id]. offset[n. Sam. Idx] != 255){ offset = SAM[pu_id]. offset[n. Sam. Idx++]; buf[p. Buf] = PU[pu_id]. sect[offset]; break; } pu_id ++; } n_scts--; p. Buf ++; } }