Presentation is loading. Please wait.

Presentation is loading. Please wait.

11/22/2016IT 3271 A formal system:Axioms and Rules, for inferring valid specification x := m; y := n; while ¬(x=y) do if x>y then x := x-y else y := y-x.

Published byChristine Hart Modified over 8 years ago

Similar presentations

Presentation on theme: "11/22/2016IT 3271 A formal system:Axioms and Rules, for inferring valid specification x := m; y := n; while ¬(x=y) do if x>y then x := x-y else y := y-x."— Presentation transcript:

1 11/22/2016IT 3271 A formal system:Axioms and Rules, for inferring valid specification x := m; y := n; while ¬(x=y) do if x>y then x := x-y else y := y-x program { m≥1, n ≥1 } { x = gcd(m,n) } assertion pre-condition post-condition specification Ch 23:Formal Semantics

2 11/22/2016IT 3272 A formal system:Axioms and Rules, { P } skip { P } { true } diverge { false } { [P] (i  E) } i := E { P } assignment { P } C {Q}  { P } ( C ) { Q } grouping { P } C 0 {Q} & { Q } C 1 { R }  { P } C 0 ; C 1 { R } sequencing { P, B } C 0 {Q} & { P, ¬B } C 1 { Q }  { P } if B then C 0 else C 1 { Q } if-statement { P, B } C { P }  { P } while B do C { P, ¬B } while-loop this P is called the loop invariant map

3 11/22/2016IT 3273 A formal system:Axioms and Rules, { P  R} & { R } C { Q }  { P } C { Q } pre-condition strengthening (II) implies { R  Q} & { P } C { R }  { P } C { Q } post-condition weakening { P 1 } C { Q } & { P 2 } C { Q }  { P 1  P 2 } C { Q } pre-condition disjunction { P} C { Q 1 } & { P} C { Q 2 }  { P } C { Q 1, Q 2 } post-condition conjunction or and

4 11/22/2016IT 3274 A correct program n := n+1; { ( n+1) ≥0 } { n ≥0 } This is a correct specification { [P] (i  E) } i := E { P } assignment It is correct because we can apply the following axiom to obtain the specification: This (piece of) program is correct.. Is what sense?

5 11/22/2016IT 3275 Another proof of the program correctness s := a; i := 0; while ¬(i=b) do ( s := s+1; i := i+1 ) program {b ≥0 } { s = a+b } assertion pre-condition post-condition specification The most difficult part is to figure out a useful loop invariant { s = a+i }

6 11/22/2016IT 3276 s := a; i := 0; {b ≥0 } {b ≥0, s = a+i } {b ≥0  (b ≥0, a = a+0) } {b ≥0, a = a+0 } s := a; {b ≥0, s = a+0 } {(b ≥0, s = a+0)  (b ≥0, s = a+0, 0=0) } {b ≥0, s = a+0, 0=0 } i := 0; {b ≥0, s = a+0, i = 0 } { (b ≥0, s = a+0, i=0)  ( b ≥0, s = a+i) }

7 11/22/2016IT 3277 s := s+1; i := i+1; {b ≥0, s = a+i, ¬(i=b) } {b ≥0, s = a+i } { P, B } C { P }  { P } while B do C { P, ¬B } {b ≥0, s = a+i, ¬¬(i=b) } {b ≥0, s = a+i } while ¬(i=b) do ( s := s+1; i := i+1 ) {(b ≥0, s = a+i, ¬¬(i=b))  (b ≥0, s = a+i, i=b) } {(b ≥0, s = a+i, i=b)  s = a+b}

8 11/22/2016IT 3278 Examples of correctness proofs Easy introduction to loop invariants

Download ppt "11/22/2016IT 3271 A formal system:Axioms and Rules, for inferring valid specification x := m; y := n; while ¬(x=y) do if x>y then x := x-y else y := y-x."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Program Verification Using Hoares Logic Book: Chapter 7.

Program Verification Using Hoares Logic Book: Chapter 7.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 1 PZ03D - Program verification Programming Language Design.

PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, PZ03D - Program verification Programming Language Design.
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
Pre and Post Condition Rules Definition : If R and S are two assertions, then R is said to be stronger than S if R -> S (R implies S). –Example : the assertion.

Pre and Post Condition Rules Definition : If R and S are two assertions, then R is said to be stronger than S if R -> S (R implies S). –Example : the assertion.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.

David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.
Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.

Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.
Axiomatic Semantics The meaning of a program is defined by a formal system that allows one to deduce true properties of that program. No specific meaning.

Axiomatic Semantics The meaning of a program is defined by a formal system that allows one to deduce true properties of that program. No specific meaning.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Dynamic semantics Precisely specify the meanings of programs. Why? –programmers need to understand the meanings of programs they read –programmers need.

Dynamic semantics Precisely specify the meanings of programs. Why? –programmers need to understand the meanings of programs they read –programmers need.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
Predicate Transformers

Predicate Transformers
Program Proving Notes Ellen L. Walker.

Program Proving Notes Ellen L. Walker.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CSE 331 Software Design & Implementation Dan Grossman Winter 2014 Lecture 2 – Reasoning About Code With Logic 1CSE 331 Winter 2014.

CSE 331 Software Design & Implementation Dan Grossman Winter 2014 Lecture 2 – Reasoning About Code With Logic 1CSE 331 Winter 2014.
1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

Similar presentations

Ads by Google