Pre and Post Condition Rules Definition : If R and S are two assertions, then R is said to be stronger than S if R -> S (R implies S). –Example : the assertion.

Slides:



Advertisements
Similar presentations
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Advertisements

Program Verification Using Hoares Logic Book: Chapter 7.
Design by Contract.
Formal Methods in Software Engineering
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
Specification Calculus 1. Contents Abstract data types Subtype relation Type specification Type reduct Most common reduct Type refinement Type meet Type.
The Substitution Principle SWE 332 – Fall Liskov Substitution Principle In any client code, if subtype object is substituted for supertype object,
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Design by Contract. Design by contract is the process of developing software based on the notion of contracts between objects, which are expressed as.
Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.
(c) 2007 Mauro Pezzè & Michal Young Ch 7, slide 1 Symbolic Execution and Proof of Properties.
Partial correctness © Marcelo d’Amorim 2010.
Axiomatic Semantics The meaning of a program is defined by a formal system that allows one to deduce true properties of that program. No specific meaning.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN Chapter 3 Describing Syntax and Semantics.
Dynamic semantics Precisely specify the meanings of programs. Why? –programmers need to understand the meanings of programs they read –programmers need.
Simple Example {i = 0} j := i * i {j < 100} Can we ‘verify’ this triple? Only if we know the semantics of assignment.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
1 Discrete Structures Lecture 29 Predicates and Programming Read Ch
1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.
Predicate Transformers
CSE 331 Software Design & Implementation Dan Grossman Winter 2014 Lecture 2 – Reasoning About Code With Logic 1CSE 331 Winter 2014.
1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.
CS 355 – Programming Languages
CSE Winter 2008 Introduction to Program Verification symbolic execution continued.
Program Verification as Probabilistic Inference Sumit Gulwani Nebojsa Jojic Microsoft Research, Redmond.
CSE 331 SOFTWARE DESIGN & IMPLEMENTATION WORKSHEET A Autumn 2011 Today’s Process If you haven’t completed the solution sheet for Worksheet A, please leave.
ESC Java. Static Analysis Spectrum Power Cost Type checking Data-flow analysis Model checking Program verification AutomatedManual ESC.
Discrete Structures Chapter 2 Part B Mathematical Induction
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Dr. Muhammed Al-Mulhem 1ICS ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.
CS 330 Programming Languages 09 / 16 / 2008 Instructor: Michael Eckmann.
Describing Syntax and Semantics
Discrete Structures Lecture 11 Implication II 1.
Floyd Hoare Logic. Semantics A programming language specification consists of a syntactic description and a semantic description. Syntactic description:symbols.
Reading and Writing Mathematical Proofs
1 Inference Rules and Proofs (Z); Program Specification and Verification Inference Rules and Proofs (Z); Program Specification and Verification.
Proofs of Correctness: An Introduction to Axiomatic Verification Prepared by Stephen M. Thebaut, Ph.D. University of Florida CEN 5035 Software Engineering.
A compound statement is made up of more than one equation or inequality. A disjunction is a compound statement that uses the word or. Disjunction: x ≤
Reading and Writing Mathematical Proofs Spring 2015 Lecture 4: Beyond Basic Induction.
Program Analysis and Verification Spring 2014 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University.
Warm Up Solve |x – 5| = 4 x – 5 = 4 or x – 5 =
13 Aug 2013 Program Verification. Proofs about Programs Why make you study logic? Why make you do proofs? Because we want to prove properties of programs.
Module Code MA1032N: Logic Lecture for Week Autumn.
Principle of Programming Lanugages 3: Compilation of statements Statements in C Assertion Hoare logic Department of Information Science and Engineering.
Cs7100(Prasad)L18-9WP1 Axiomatic Semantics Predicate Transformers.
CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University
Zach Tatlock / Winter 2016 CSE 331 Software Design and Implementation Lecture 2 Formal Reasoning.
CORRECTNESS ISSUES AND LOOP INVARIANTS Lecture 8 CS2110 – Fall 2014.
Hoare Logic LN chapter 5, 6 but without 6.8, 6.12, 6.13 (to be discussed later) Hoare Logic is used to reason about the correctness of programs. In the.
11/22/2016IT 3271 A formal system:Axioms and Rules, for inferring valid specification x := m; y := n; while ¬(x=y) do if x>y then x := x-y else y := y-x.
Reasoning About Code.
CSE 331 Software Design & Implementation
Formal Methods in Software Engineering 1
Hoare Logic LN chapter 5, 6 but without 6. 8, 6. 12, 6
CSE 331 Software Design and Implementation
Mathematical Structures for Computer Science Chapter 1
Reasoning About Code; Hoare Logic
Lecture 5 Floyd-Hoare Style Verification
Programming Languages and Compilers (CS 421)
Programming Languages 2nd edition Tucker and Noonan
Lecture 2: Distributed Programs and their Correctness
Section 1: Code Reasoning
Axiomatic Verification I
Formal Methods in software development
Predicate Transformers
Formal Methods in software development
Axiomatic Verification I
Programming Languages and Compilers (CS 421)
Programming Languages 2nd edition Tucker and Noonan
Presentation transcript:

Pre and Post Condition Rules Definition : If R and S are two assertions, then R is said to be stronger than S if R -> S (R implies S). –Example : the assertion i < 0 is stronger than the assertion i < 3 because i < 0 implies that i < 3 ( i < 0 is true implies that i < 3 is true) draw the set and subset diagram to get a better “feel,” if needed –Note that if R is stronger than S, then all states that satisfy R will satisfy S. But there is at least one state that satisfies S which will not satisfy R. So the number of states that satisfies S is larger than that of R. Thus one may view the notion of “stronger” as “more selective” because less states will satisfy the stronger condition. –Of course, if R is stronger than S, then S is weaker than R

Precondition Strengthening Rule 1: If P’ is stronger than P and if {P}C{Q} triple is correct, then with the strengthened precondition assertion, {P’}C{Q} triple is also correct –Example : if {P}C{Q} is correct, for P which is (x>0), then for P’, which asserts (x>2), the triple {P’}C{Q} will also be correct. Rule 1 - More formally : P’ -> P (strengthening p to p’) {P}C{Q} {P’}C{Q} –Example : if {x <5} x:= x+1 {x < 6} is correct, then strengthening {P} to {x < 3} should give us {x<3} x:=x+1 {x<6} as also correct because : {x {x<5} {x<5} x := x+1 {x<6} {x<3} x := x+1 {x<6}

Post Condition Weakening Rule 2: If Q -> Q’ and {P}C{Q} triple is correct then {P}C{Q’} triple is correct –Rule 2 : Formally we have: {P}C{Q} Q -> Q’ {P}C{Q’} –Example : if { } max := b {max=b} then show { } max:=b {max >= b} { } max := b {max =b} {max = b} -> {max >= b} { } max:=b {max >=b }

Conjunction (AND) and Disjunction (OR) Rules Rule 3: If C is a piece of code, {P}C{Q} AND {P’}C{Q’} are correct (note that both of the conditions have to be True simultaneously), then {P AND P’} C {Q AND Q’} is also correct –Formally : {P} C {Q} {P’} C {Q’} {P AND P’} C {Q AND Q’} Rule 4: If C is a piece of code, {P}C{Q} AND {P’}C{Q’}, then {P OR P’} C {Q OR Q’} is also correct –Formally : {P} C {Q} {P’} C {Q’} {P OR P’} C {Q OR Q’}

Example using Conjunction Rule & more Problem : given the following Hoare Triples: –{ } x:= x+1 { x = x+1 } AND [note that x:= x + 1 has multiple meanings here !] –{x>0} x:= x +1 {x > 0} –show that {x>0} x:=x+1 {x > -1} Proof : (a little more detailed than needed) –a) using conjunction rule, we get {x>0} x:= x+ 1{x=x+1 AND x>0} –b) using the weakening the post-condition rule, we have {x=x+1 and x>0} -> {x>0}; thus the conjunction triple {x>0} x:=x+1 {x=x+1 AND x>0} also imply {x>0} x:=x+1 {x>0} is correct by weakening the post condition Furthermore {x > 0 } -> { x > - 1} (or x > 0 is stronger than x > -1) –Therefore we have {x>0} x := x+1 {x>-1} (by weakening the post condition) –Alternatively : note that the weakening of post condition can be achieved through dropping x=x+1 and also directly weakening x > 0 to x > -1.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.