Presentation is loading. Please wait.

Presentation is loading. Please wait.

Announcements We are done with homeworks Second coding exam this week, in recitation –Times will be posted later today –If in doubt, show up for your regular.

Published byFelicity Randall Modified over 9 years ago

Similar presentations

Presentation on theme: "Announcements We are done with homeworks Second coding exam this week, in recitation –Times will be posted later today –If in doubt, show up for your regular."— Presentation transcript:

1 Announcements We are done with homeworks Second coding exam this week, in recitation –Times will be posted later today –If in doubt, show up for your regular recitation time

2 Invariants Invariants: properties which must always hold –Class invariants hold between (but not necessarily during) method invocations –Loop invariants hold before, during and after execution of a loop Pre/post conditions –Post-conditions of a method spell out what must be true after a method execution completes, if preconditions are satisfied –Pre-conditions of a method spell out what must be true at method invocation in order for method to perform as promised

3 Class invariant Recall our Bag implementation: public class Bag implements Collection { private E [] _values; /* CLASS INVARIANTS * _size denotes the number of elements in the bag, and also * the first available position within the array _values */ private int _size; public Bag() { _values = (E[]) (new Object[10]); _size = 0; } // POST: _values is initialized, _size is zero public boolean add(E item) { … } // POST: item is in Bag public void clear() { … } // POST: _size is zero public boolean remove(Object item) { … } // POST: one fewer item is in Bag … }

4 Axiomatic semantics Basic idea: you make assertions about statements in a program. A precondition is an assertion about what is true prior to execution of a statement. A postcondition is an assertion about what is true after execution of a statement. For example: sum = 2*sum + 1 {sum > 1} Quotes on upcoming slides are from Concepts of Programming Languages, by Robert Sebesta.

5 Weakest precondition “The weakest precondition is the least restrictive precondition that will guarantee the validity of the associated postcondition.” [p. 151] In example above {sum>10} is a valid precondition but {sum>0} is the weakest precondition: {sum > 0} sum = 2*sum + 1 {sum > 1}

6 Correctness proofs “If the weakest precondition can be computed from the given postconditions for each statement of a language, then correctness proofs can be constructed for programs in that language.” [p. 151] To do this, start with output specifications for the program as the postcondition for the program as a whole.

7 Next, work backwards, computing weakest preconditions one statement at a time, to derive the weakest precondition for the program as a whole: stmt1{c0} stmt1 {c1} stmt2{c1} stmt2 {c2}.. .. stmtN {cN}{cN-1} stmtN {cN}

8 If the input specification for the program satisfies the program’s weakest precondition, then the program will (provably) produce the correct result.

9 Assignment statements The axiomatic semantics of an assignment statement x=E is written as P=Q x  E This means that the precondition is the postcondition with all instances of x replaced by E. Example: a = b/2-1 {a<10} To compute precondition, replace all instances of a in postcondition a<10 by b/2–1 : b/2-1 < 10, or b < 22 Semantics: {b<22} a = b/2-1 {a<10} In general: {Q x  E } x=E {Q}

10 Inference Suppose we wanted to prove the following: {sum > 5} sum = 2*sum + 1 {sum > 3} Starting with the postcondition, we derive as the weakest precondition something different: 2*sum + 1 > 3 2*sum > 2 sum > 1 (weakest precondition) Clearly this is OK, because the actual precondition {sum>5} implies the weakest precondition {sum>1}: sum>5 => sum>1 We use an inference rule, the rule of consequence, to prove this.

11 Rule of consequence General form: S1, S2, …, Sn S Precondition strengthening: P=>P’, {P’} C {Q} {P} C {Q} Postcondition weakening: Q’=>Q, {P} C {Q’} {P} C {Q}

12 Precondition strengthening applied Recall our example. We want to prove the following: {sum > 5} sum = 2*sum + 1 {sum > 3} The weakest precondition we derive is: sum > 1 Apply precondition strengthening to finish proof: P=>P’, {P’} C {Q} {P} C {Q} sum>5 => sum>1, {sum>1} sum=2*sum+1 {sum>3} {sum>5} sum=2*sum+1 {sum>3}

13 Hang on! Why get so formal? Because this way correctness proofs can be (partially) automated.

14 Sequences: S1 S2 Start with a sequence of statements: y = 3*x+1; x = y+3; {x<10} Compute weakest precondition for 2 nd stmt: {y+3<10} or {y<7}, use as postcondition for 1 st stmt: y = 3*x+1; {y<7} {y<7} x = y+3; {x<10} Compute weakest precondition for 1 st stmt: {3x+1<7} or {x<2} {x<2} y = 3*x+1; {y<7} {y<7} x = y+3; {x<10} Conclude, applying sequence rule: {x<2} y = 3*x+1; x = y+3; {x<10} {P} S1 {Q}, {Q} S2 {R} {P} S1 S2 {R}

15 Selection: if B then S1 else S2 Start with a conditional statement: if (x>0) then y=y-1 else y=y+1 {y>0} Deal with arms of the conditional one at a time, first the then-arm: y = y-1 {y>0}  {y>1} y = y-1; {y>0} Now the else-arm: y = y+1 {y>0}  {y>-1} y = y+1; {y>0} Use rule of precondition strengthening on the else-arm result (to make both arms uniform): {y>1} y = y+1; {y>0} Now strengthen both arms’ preconditions by imposing a constraint on x: { x>0 & y>1} y = y-1; {y>0} {!(x>0) & y>1} y = y+1; {y>0} Conclude, applying selection rule: {y>1} if (x>0) then y=y-1 else y=y+1 {y>0} {B & P} S1 {Q}, {!B & P} S2 {Q} {P} if B then S1 else S2 {Q}

16 While: while B do S end Let’s prove the following: {true} r=x; q=0; while y<=r do r=r-y; q=q+1; end {y>r & x=r+y*q} Start by proving loop body: {y<=r & x=r+y*q} r=r-y; q=q+1;{x=r+y*q} Start with last statement: q=q+1 {x=r+y*q}  {x=r+y*(q+1)} q=q+1 {x=r+y*q} {x=r+y+y*q} q=q+1 {x=r+y*q} Continue with second-to-last statement: r=r-y {x=r+y+y*q}  {x=r-y+y+y*q} r=r-y {x=r+y+y*q} {x=r+y*q} r=r-y {x=r+y+y*q} Use rule for sequence to get: {x=r+y*q} r=r-y; q=q+1; {x=r+y*q} Now strengthen precondition to conclude proof of loop body: {y<=r & x=r+y*q} r=r-y; q=q+1; {x=r+y*q} This lets us derive a weakest precondition for the while loop: {x=r+y*q} while y<=r do r=r-y; q=q+1; end {x=r+y*q & !(y<=r)} {B & I} S {I} _ {I} while B do S end {I and !B}

17 While: while B do S end The next step is to prove the sequence {true} r=x; q=0; while y r)} Start by moving backwards from the while loop (since we derived a weakest precondition from its postcondition already): {true} r=x; q=0; {x=r+y*q} Start with last statement: q=0; {x=r+y*q}  {x=r+y*0} q=0 {x=r+y*q} {x=r} q=0 {x=r+y*q} Continue with second-to-last statement: r=x {x=r}  {x=x} r=x {x=r} Precondition strengthening: {true} r=x {x=r} Sequence rule (applied in general form): {true} r=x; q=0; while y<=r do r=r-y; q=q+1; end {x=r+y*q & !(y<=r)} Finally, postcondition weakening because !(y y>r : {true} r=x; q=0; while y r} We're done! {B & I} S {I} _ {I} while B do S end {I and !B}

18 Loop invariant Recall the While rule: {B & I} S {I} _ {I} while B do S end {I and !B} I is called the loop invariant: –"…if executing [the body] once preserves the truth of [the invariant], then executing [the body] any number of times also preserves the truth of [the invariant]." [Gordon, Programming Language Theory and its Implementation, paraphrased from page 24]

19 Importance of loop invariants Developing loop invariants are a powerful way to design and understand algorithms. Consider selection sort: selectionSort(int[] array) { int min, temp, bar=0; while (bar < array.length - 1) { min = indexOfSmallest(array, bar); // find min temp = array[bar]; // swap array[bar] = array[min]; array[min] = temp; bar = bar + 1; // Loop invariant: region before bar is sorted: // for all i,j<=bar, i<j  array[i] <= array[j] } }

20 Example [ 7 4 6 8 3 2 ] [ 2 4 6 8 3 7 ] [ 2 3 6 8 4 7 ] [ 2 3 4 8 6 7 ] [ 2 3 4 6 8 7 ] [ 2 3 4 6 7 8 ] region not known to be sorted region known to be sorted

21 Priority queues Queue –Ordered by some priority –Regular queue – ordered by time of arrival –Think of ER queue Implementation –List –Heap (a heap-ordered tree)

Download ppt "Announcements We are done with homeworks Second coding exam this week, in recitation –Times will be posted later today –If in doubt, show up for your regular."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.

Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.
Axiomatic Semantics The meaning of a program is defined by a formal system that allows one to deduce true properties of that program. No specific meaning.

Axiomatic Semantics The meaning of a program is defined by a formal system that allows one to deduce true properties of that program. No specific meaning.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Dynamic semantics Precisely specify the meanings of programs. Why? –programmers need to understand the meanings of programs they read –programmers need.

Dynamic semantics Precisely specify the meanings of programs. Why? –programmers need to understand the meanings of programs they read –programmers need.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
1 Discrete Structures Lecture 29 Predicates and Programming Read Ch. 10.1 - 10.2.

1 Discrete Structures Lecture 29 Predicates and Programming Read Ch
Predicate Transformers

Predicate Transformers
Fall 20021 Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.

Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.
CS 330 Programming Languages 09 / 19 / 2006 Instructor: Michael Eckmann.

CS 330 Programming Languages 09 / 19 / 2006 Instructor: Michael Eckmann.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CSE 331 Software Design & Implementation Dan Grossman Winter 2014 Lecture 2 – Reasoning About Code With Logic 1CSE 331 Winter 2014.

CSE 331 Software Design & Implementation Dan Grossman Winter 2014 Lecture 2 – Reasoning About Code With Logic 1CSE 331 Winter 2014.
1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.
CS 355 – Programming Languages

CS 355 – Programming Languages
CSE 331 SOFTWARE DESIGN & IMPLEMENTATION WORKSHEET A Autumn 2011 Today’s Process If you haven’t completed the solution sheet for Worksheet A, please leave.

CSE 331 SOFTWARE DESIGN & IMPLEMENTATION WORKSHEET A Autumn 2011 Today’s Process If you haven’t completed the solution sheet for Worksheet A, please leave.

Similar presentations

Ads by Google