Axiomatic semantics Pre- and post conditions We use program - - PowerPoint PPT Presentation

axiomatic semantics pre and post conditions we use
SMART_READER_LITE
LIVE PREVIEW

Axiomatic semantics Pre- and post conditions We use program - - PowerPoint PPT Presentation

Nov 26, 2022 211 likes •287 views

Axiomatic semantics Pre- and post conditions We use program variables (e.g. x , y ), and Proofs based on semantics are too detailed logical variables (e.g. n ) Restriction to certain kinds of properties partial correctness Example:

slide-1
SLIDE 1

Axiomatic semantics Proofs based on semantics are too detailed Restriction to certain kinds of properties partial correctness total correctness Properties of programs are specified as as- sertions { P } S { Q } where

  • S is a statement
  • P is the precondition and
  • Q is the postcondition

XXVII.1

Pre- and post conditions We use

  • program variables (e.g. x, y), and
  • logical variables (e.g. n)

Example: { x=n } y:=1; while ¬(x=1) do (y:=x ⋆ y; x:=x−1) { y=n! ∧ n>0 } Language for preconditions and postcondi- tions

  • the intensional approach,

special language L

  • the extensional approach

use predicates of State → T

XXVII.2

slide-2
SLIDE 2

Notation P1 ∧P2 for P where P s = (P1 s) and (P2 s) P1 ∨P2 for P where P s = (P1 s) or (P2 s) ¬ P for P ′ where P ′ s = ¬ (P s) P[x→A[a]] for P ′ where P ′ s = P (s[x→A[a]s]) P1 ⇒P2 for ∀s ∈ State: P1 s implies P2 s

XXVII.3

Axioms and rules { P[x→A[a]] } x:=a { P } { P } skip { P } { P } S1 { Q }, { Q } S2 { R } { P } S1; S2 { R } { B[b] ∧ P } S1 { Q } { ¬B[b] ∧ P } S2 { Q } { P } if b then S1 else S2 { Q } { B[b] ∧ P } S { P } { P } while b do S { ¬B[b] ∧ P } { P ′ } S { Q′ } { P } S { Q } if P ⇒ P ′ and Q′ ⇒ Q

XXVII.4

slide-3
SLIDE 3

Example { true } skip { true } { true ∧ true } skip { true } { true } while true do skip { ¬true ∧ true { true } while true do skip { true }

XXVII.5

Properties of the inference system SOUNDNESS: if some partial correctness property can be proved using the inference system then it does indeed hold according to the semantics COMPLETENESS: if some partial correct- ness property does hold according to the semantics then we can also find a proof for it using the inference system. PROVABILITY: ⊢p { P } S { Q } there exists an inference tree for { P } S { Q } VALIDITY: | =p { P } S { Q } for all states s, if P s = tt and (S,s) → s′ for some s′ then Q s′ = tt

XXVII.6

slide-4
SLIDE 4

Soundness and completeness Theorem 6.16 For all partial correctness assertions { P } S { Q } we have | =p { P } S { Q }

  • ⊢p { P } S { Q }

Proof in two stages: Stage 1: ⊢p { P } S { Q } ⇓ | =p { P } S { Q } Stage 2: | =p { P } S { Q } ⇓ ⊢p { P } S { Q }

XXVII.7

Soundness Lemma 6.17 The partial correctness inference system for While is sound, that is ⊢p { P } S { Q } ⇓ | =p { P } S { Q } Proof: By induction on the shape of the inference tree used to infer ⊢p { P } S { Q }.

XXVII.8

slide-5
SLIDE 5

Proof (1) Case { P[x→A[a]] } x:=a { P } Assume (x:=a, s) → s′ (P[x→A[a]]) s = tt Then s′ = s[x→A[a]s] P (s[x→A[a]s]) = tt So P s′ = tt as was to be shown.

XXVII.9

Proof (2) Case { P } S1 { Q }, { Q } S2 { R } { P } S1; S2 { R } Assume | =p { P } S1 { Q } | =p { Q } S2 { R } We shall prove that | =p { P } S1; S2 { R } We have P s = tt (S1;S2, s) → s′′ ⇓ P s = tt (S1, s) → s′ (S2, s′) → s′′ ⇓ Q s′ = tt (S2, s′) → s′′ ⇓ R s′′ = tt

XXVII.10

slide-6
SLIDE 6

Proof (3) Case { B[b] ∧ P } S { P } { P } while b do S { ¬B[b] ∧ P } Assume | =p { B[b] ∧ P } S { P } and we shall prove | =p { P } while b do S { ¬B[b] ∧P } Assume P s = tt (while b do S, s) → s′′ If B[b]s = ff then s′′ = s (¬B[b] ∧ P) s′′ = tt If B[b]s = tt then (S, s) → s′ (while b do S, s′) → s′′ Thus P s′ = tt so the induction hypothesis gives (¬B[b] ∧ P) s′′ = tt

XXVII.11

Proof (4) Case { P ′ } S { Q′ } { P } S { Q } if P ⇒ P ′ and Q′ ⇒ Q Assume | =p { P ′ } S { Q′ } P ⇒ P ′ Q′ ⇒ Q We shall prove | =p { P } S { Q } We have P s = tt (S, s) → s′ ⇓ P ′ s = tt (S, s) → s′ ⇓ Q′ s′ = tt ⇓ Q s′ = tt

XXVII.12