1 Discrete Structures Lecture 29 Predicates and Programming Read Ch. 10.1 - 10.2.

Slides:



Advertisements
Similar presentations
Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 1 Summer school on Formal Models.
Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Reasoning About Code; Hoare Logic, continued
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.
Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.
Axiomatic Semantics The meaning of a program is defined by a formal system that allows one to deduce true properties of that program. No specific meaning.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN Chapter 3 Describing Syntax and Semantics.
Dynamic semantics Precisely specify the meanings of programs. Why? –programmers need to understand the meanings of programs they read –programmers need.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
Predicate Transformers
Program Proving Notes Ellen L. Walker.
Duminda WijesekeraSWSE Program Correctness1 SWSE 623 Program Correctness -Pre-condition, Post-conditions and Loop invariants.
1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.
CS 355 – Programming Languages
Lecture 2: Reasoning with Distributed Programs Anish Arora CSE 6333.
CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.
ESC Java. Static Analysis Spectrum Power Cost Type checking Data-flow analysis Model checking Program verification AutomatedManual ESC.
Hoare-style program verification K. Rustan M. Leino Guest lecturer Rob DeLine’s CSE 503, Software Engineering University of Washington 26 Apr 2004.
K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond, WA part 0 Summer School on Logic and Theorem-Proving in Programming.
Axiomatic Semantics Dr. M Al-Mulhem ICS
Discrete Structures Chapter 2 Part B Mathematical Induction
PSUCS322 HM 1 Languages and Compiler Design II Formal Semantics Material provided by Prof. Jingke Li Stolen with pride and modified by Herb Mayer PSU Spring.
ESC Java. Static Analysis Spectrum Power Cost Type checking Data-flow analysis Model checking Program verification AutomatedManual ESC.
Dr. Muhammed Al-Mulhem 1ICS ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.
Software Verification Bertrand Meyer Chair of Software Engineering Lecture 2: Axiomatic semantics.
Describing Syntax and Semantics
Floyd Hoare Logic. Semantics A programming language specification consists of a syntactic description and a semantic description. Syntactic description:symbols.
Proving Program Correctness The Axiomatic Approach.
Reading and Writing Mathematical Proofs
Exam 2 Help Session Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification.
1 Inference Rules and Proofs (Z); Program Specification and Verification Inference Rules and Proofs (Z); Program Specification and Verification.
CSI 3125, Axiomatic Semantics, page 1 Axiomatic semantics The assignment statement Statement composition The "if-then-else" statement The "while" statement.
1 Formal Semantics of Programming Languages “Program testing can be used to show the presence of bugs, but never to show their absence!” --Dijkstra.
Chapter 5: Sequences, Mathematical Induction, and Recursion 5.5 Application: Correctness of Algorithms 1 [P]rogramming reliability – must be an activity.
Reasoning about programs March CSE 403, Winter 2011, Brun.
Program Analysis and Verification Spring 2014 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University.
COP4020 Programming Languages Introduction to Axiomatic Semantics Prof. Robert van Engelen.
Defining Liveness by Bowen Alpern and Fred B. Schneider Presented by Joe Melnyk.
13 Aug 2013 Program Verification. Proofs about Programs Why make you study logic? Why make you do proofs? Because we want to prove properties of programs.
Principle of Programming Lanugages 3: Compilation of statements Statements in C Assertion Hoare logic Department of Information Science and Engineering.
Laws of Boolean Algebra Commutative Law Associative Law Distributive Law Identity Law De Morgan's Theorem.
Condition Testing. Condition testing is a test case design method that exercises the logical conditions contained in a program module. A simple condition.
Dr. Naveed Riaz Design and Analysis of Algorithms 1 1 Formal Methods in Software Engineering Lecture # 26.
Cs7100(Prasad)L18-9WP1 Axiomatic Semantics Predicate Transformers.
CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University
EQUATION IN TWO VARIABLES:
Condition Testing.
Proving Loops Testing debugging and verification
CSE 331 Software Design and Implementation
Hoare-style program verification
Mathematical Structures for Computer Science Chapter 1
Predicate Transforms I
Reasoning About Code; Hoare Logic
Axiomatic semantics Points to discuss: The assignment statement
Programming Languages and Compilers (CS 421)
Formal Methods in software development
Predicate Transformers
Formal Methods in software development
Predicate Transforms I
Predicate Transforms II
Program correctness Axiomatic semantics
Program Verification with Hoare Logic
Chapter 10.1 and 10.2: Boolean Algebra
Programming Languages and Compilers (CS 421)
COP4020 Programming Languages
Presentation transcript:

1 Discrete Structures Lecture 29 Predicates and Programming Read Ch

2 Edsger Dijkstra Edsger Dijkstra wrote: "Programs should be composed correctly, and not just debugged into correctness." This is an important concept we should strive for.

3 Predicates and Programming This chapter looks at some applications of predicate logic in computing: The formal specification of imperative (procedural) programs The proof and development of sequences of assignments. Practice formulating English specifications. Proof of the correctness of conditional statements. (Iterative statements are covered in chapter 12.)

4 Program Specifications A state is a set of identifier-value pairs. (x 1 = T, x 2 = F, x 3 = F, …) Recall the Hoare Triple: {Q} S {R} If Q is true before S executes, then the state R will be true after S executes.

5 Program Specifications {Q} x:=? {R} precondition Q : a Boolean expression that describes the initial states for which execution of the program is being defined. a list of variables, x, that may be assigned postcondition R : a Boolean expression that characterizes the final states, after execution of the program

6 Final States Are Not Always Unambiguously Determined {true}x := ?{x 2 = 4} Either x = 2 or x = -2 satisfies this specification.

7 Proofs of {Q} x:= E {R} (10.2) Assignment Introduction To show that x := E is an implementation of {Q} X:=? {R}, prove Q  R[x := E].

8 Weakest Precondition Definition: For any commands (or statements), S, and a predicate, R, we define a predicate wp(S, R), the weakest precondition of S with respect to R, to be the set of all states such that, if the execution of S begins in any one of the states, then the execution of S is guaranteed to terminate in a finite amount of time satisfying R. {?} x:=E {R} wp( x:=E, R) = R[x:=E]

9 (10.2) shows us if {Q} x:=E {R} To show that x:= E is an implementation of {Q} X:=? {R}, prove Q  wp([x := E], R). In other words, prove: Q  R[x := E] Almost all hints in the following are textual substitution, arithmetic and (3.84a)

10 Practice with wp {Q} x:= E {R} must prove Q  R[x := E] {i = 0} i := i + 1 {i <=1} (i = 0)  (i <= 1)[i := i + 1] (i = 0)  (i+1 <= 1) (i = 0)  (i <= 0) = (i = 0)  (i = 0 V i < 0) =< (3.76a) Weakening/Strengthening p, q := (i=0), (i true

11 Just weakest precondition {wp?} i := i + 1 {i > 0} (i > 0)[i := i + 1] i+1 > 0 {i >= 0} is the weakest precondition

12 Just wp {wp?} x := 5 {x = 5} {x = 5}[x := 5] {5 = 5} {true} -- the set of all states {wp?} x := 5 {x <> 5} {x <> 5}[x := 5] {5 <> 5} {false} -- the set of NO states

13 more assignment statement wp {wp?} x := x * x {x 4 = 10} {x 4 = 10}[x := x * x] {(x*x) 4 = 10} {x 8 = 10} {x = +/ }

14 wp {wp?} x :=(x-y)*(x+y) {x + y 2 <> 0} {x + y 2 <> 0}[x := (x-y) * (x+y)] { (x - y) * (x + y) + y 2 <> 0} {x 2 + xy -xy - y 2 + y 2 <> 0} {x 2 <> 0} {x <> 0}

15 wp with multiple assignment {wp?} x,y := x-y, x+y {x + y = C} {x + y = C}[x,y := x-y, x+y] replace x with x - y and y with x + y { x - y + x + y = C} {x + x = C} {2x = C}

16 Properties of WP Law of Excluded Miracle: wp(S,F) = F If execution begins in w, where w  wp(S, F), S is executed and the result is False, which is ø, i.e. no states, therefore there is no state in wp(S, F) (because such a state would make the postcondition true).

17 Properties of WP Distributivity of Conjunction: wp(S,Q)  wp(S,R) = wp(S, Q  R) Let w  wp(S, Q)  wp(S, R), thus w  wp(S, Q) and w  wp(S, R). If execution begins in w, S is executed and the result is Q is true and R is true, thus Q  R is true. Therefore w  wp(S, Q  R). Let w  wp(S, Q  R) If execution begins in w, S is executed and the result is Q  R is true, thus Q is true and R is true. Therefore Q is true, w  wp(S, Q) and R is true, w  wp(S, R) Therefore w  wp(S, Q)  wp(S, R).

18 Properties of WP Law of Monotonicity: if Q  R then wp(S,Q)  wp(S,R) Assume w  wp(S,Q) If execution begins in w, S is executed and the result is Q is true. Since Q  R is true, R is also true. Therefore w  wp(S,R).