> 10M LoC i := n while i 1 do k := f (k, n - i) i := i - 1 if n - PowerPoint PPT Presentation

> 10M LoC

i := n while i ≥ 1 do k := f (k, n - i) i := i - 1 if n ≤ 0 then i := 0 else i := n

f (k, i)

assume i = i ∧ k = k ∧ n = n i := 0 while i < n do k := a·k + b · i + c i := i + 1 R i (j) = R i (j-1) + 1 (…) R i (0) = 0 R k (j) = a × R k (j-1) + b × R i (j-1) + c assert i = i ∧ k = k ∧ n = n R k (0) = k 0 𝑆 𝑗 𝑘 = 𝑘 𝑆 𝑙 𝑘 = 𝑐 𝑏 𝑘 − 𝑏𝑘 + 𝑘 − 1 + 𝑏 − 1 𝑏 𝑘 𝑏 − 1 𝑙 0 + 𝑑 − 𝑑 𝑏 − 1 2

𝑜 𝑒 j , 𝑈 𝑓 = ෍ ෍ f ij × T e i if 𝑓 = f 𝑓 1 , … , 𝑓 𝑜 𝑗=1 𝑘=0

u(f) = 2 if i < n then k := f(x) else k := f(y) if f(z) < 0 ∧ k < 0 then …

12 10 8 6 4 f(c) f(d) 2 f(a) 0 -2 -1 0 1 2 3 4 5 6 7 8 f(b) -2 -4

if b then assume σ n-1 (b) ∧ σ n (¬b) while b do → v i := σ n (v i ) c else assume n = 0

if B then while I < N do while I < N do if B then S 1 S 1 I := I + 1 → else else S 2 while I < N do I := I + 1 S 2 I := I + 1 S 1 , S 2 are template statements B is a template Boolean expression

… if N > 5 then while I < N do while I < N do while I < N do if B then if N > 5 then A := A + N A := A + N S 1 I := I + 1 → else else else A := A + 1 S 2 while I < N do I := I + 1 I := I + 1 A := A + 1 … I := I + 1 Instantiation: 𝐶 ⟼ 𝑂 > 5 𝑇 1 ⟼ 𝐵 ≔ 𝐵 + 𝑂 𝑇 2 ⟼ 𝐵 ≔ 𝐵 + 1

if B then while I < N do while I < N do if B then S 1 S 1 I := I + 1 → else else S 2 while I < N do I := I + 1 S 2 I := I + 1 Precondition: 𝐽 ∉ 𝑆 𝐶 ∧ 𝑋 𝑇 1 ∩ 𝑆 𝐶 = ∅ ∧ 𝑋 𝑇 2 ∩ 𝑆 𝐶 = ∅

→ S x,y := S x (y, z), S y (y, z) Precondition: R(S) = {y, z} W(S) = {x, y}

28

x * 2 c / d x / (d / 2 c ) = x / d * 2 c = x * 2 c / d

ERROR: Domain of definedness of Target is smaller than Source's for i4 %b Example: %X i4 = 0x0 (0) c i4 = 0x3 (3) d i4 = 0x7 (7) %a i4 = 0x0 (0) (1 << c) i4 = 0x8 (8, -8) %t i4 = 0x0 (0) Source value: 0x0 (0) Target value: undef