comp2111 week 8 term 1 2020 hoare logic
play

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare - PowerPoint PPT Presentation

Mar 26, 2024 •417 likes •2k views

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification Invented: Quicksort, the null reference (called it his billion dollar mistake) CSP (formal specification language), and Hoare Logic 2 Summary L

  1. Consequence There is one more rule, called the rule of consequence , that we need to insert ordinary logical reasoning into our Hoare logic proofs: ϕ ′ → ϕ ψ → ψ ′ { ϕ } P { ψ } (cons) { ϕ ′ } P { ψ ′ } This is the only rule that is not directed entirely by syntax. This means a Hoare logic proof need not look like a derivation tree. Instead we can sprinkle assertions through our program and specially note uses of the consequence rule. Intuition: Adding assertions to the precondition makes it more likely the postcondition will be reached Removing assertions to the postcondition makes it more likely the postcondition will be reached If you can reach the postcondition initially, then you can reach it in the more likely scenario 39

  2. Consequence There is one more rule, called the rule of consequence , that we need to insert ordinary logical reasoning into our Hoare logic proofs: ϕ ′ → ϕ ψ → ψ ′ { ϕ } P { ψ } (cons) { ϕ ′ } P { ψ ′ } This is the only rule that is not directed entirely by syntax. This means a Hoare logic proof need not look like a derivation tree. Instead we can sprinkle assertions through our program and specially note uses of the consequence rule. Intuition: Adding assertions to the precondition makes it more likely the postcondition will be reached Removing assertions to the postcondition makes it more likely the postcondition will be reached If you can reach the postcondition initially, then you can reach it in the more likely scenario 40

  3. Back to Assignment Example Example { ( y = 3) } x := y { ( x > 2) } Problem ! 41

  4. Back to Assignment Example Example { ( y = 3) } x := y { ( x > 2) } Problem ! { ( y > 2) } x := y { ( x > 2) } ( assign ) 42

  5. Back to Assignment Example Example { ( y = 3) } x := y { ( x > 2) } Problem ! { ( y = 3) } x := y { ( x > 2) } ( assign , cons ) { ( y > 2) } x := y { ( x > 2) } ( assign ) 43

  6. Factorial Example Let’s verify the Factorial program using our Hoare rules: { ϕ ∧ g } P { ψ } { ϕ ∧ ¬ g } Q { ψ } { N ≥ 0 } { ϕ } if g then P else Q fi { ψ } i := 0; m := 1; { ϕ [ x := e ] } x := e { ϕ } while i < N do { ϕ ∧ g } P { ϕ } { ϕ } while g do P od { ϕ ∧ ¬ g } i := i + 1; { ϕ } P { α } { α } Q { ψ } m := m × i { ϕ } P ; Q { ψ } od ϕ ′ ⇒ ϕ { m = N ! } { ϕ } P { ψ } ψ ⇒ ψ ′ { ϕ ′ } P { ψ ′ } 44

  7. Factorial Example Let’s verify the Factorial program using our Hoare rules: { ϕ ∧ g } P { ψ } { ϕ ∧ ¬ g } Q { ψ } { N ≥ 0 } { ϕ } if g then P else Q fi { ψ } i := 0; m := 1; { ϕ [ x := e ] } x := e { ϕ } while i < N do { ϕ ∧ g } P { ϕ } { ϕ } while g do P od { ϕ ∧ ¬ g } i := i + 1; { ϕ } P { α } { α } Q { ψ } m := m × i { ϕ } P ; Q { ψ } od { m = i ! ∧ N ≥ 0 ∧ i = N } ϕ ′ ⇒ ϕ { m = N ! } { ϕ } P { ψ } ψ ⇒ ψ ′ { ϕ ′ } P { ψ ′ } 45

  8. Factorial Example Let’s verify the Factorial program using our Hoare rules: { ϕ ∧ g } P { ψ } { ϕ ∧ ¬ g } Q { ψ } { N ≥ 0 } { ϕ } if g then P else Q fi { ψ } i := 0; m := 1; { ϕ [ x := e ] } x := e { ϕ } { m = i ! ∧ N ≥ 0 } while i < N do { ϕ ∧ g } P { ϕ } { ϕ } while g do P od { ϕ ∧ ¬ g } i := i + 1; { ϕ } P { α } { α } Q { ψ } m := m × i { ϕ } P ; Q { ψ } od { m = i ! ∧ N ≥ 0 ∧ i = N } ϕ ′ ⇒ ϕ { m = N ! } { ϕ } P { ψ } ψ ⇒ ψ ′ { ϕ ′ } P { ψ ′ } 46

  9. Factorial Example Let’s verify the Factorial program using our Hoare rules: { ϕ ∧ g } P { ψ } { ϕ ∧ ¬ g } Q { ψ } { N ≥ 0 } { ϕ } if g then P else Q fi { ψ } i := 0; m := 1; { ϕ [ x := e ] } x := e { ϕ } { m = i ! ∧ N ≥ 0 } while i < N do { ϕ ∧ g } P { ϕ } { ϕ } while g do P od { ϕ ∧ ¬ g } i := i + 1; { ϕ } P { α } { α } Q { ψ } m := m × i { m = i ! ∧ N ≥ 0 } { ϕ } P ; Q { ψ } od { m = i ! ∧ N ≥ 0 ∧ i = N } ϕ ′ ⇒ ϕ { m = N ! } { ϕ } P { ψ } ψ ⇒ ψ ′ { ϕ ′ } P { ψ ′ } 47

  10. Factorial Example Let’s verify the Factorial program using our Hoare rules: { ϕ ∧ g } P { ψ } { ϕ ∧ ¬ g } Q { ψ } { N ≥ 0 } { ϕ } if g then P else Q fi { ψ } i := 0; m := 1; { ϕ [ x := e ] } x := e { ϕ } { m = i ! ∧ N ≥ 0 } while i < N do { m = i ! ∧ N ≥ 0 ∧ i < N } { ϕ ∧ g } P { ϕ } { ϕ } while g do P od { ϕ ∧ ¬ g } i := i + 1; { ϕ } P { α } { α } Q { ψ } m := m × i { m = i ! ∧ N ≥ 0 } { ϕ } P ; Q { ψ } od { m = i ! ∧ N ≥ 0 ∧ i = N } ϕ ′ ⇒ ϕ { m = N ! } { ϕ } P { ψ } ψ ⇒ ψ ′ { ϕ ′ } P { ψ ′ } 48

  11. Factorial Example Let’s verify the Factorial program using our Hoare rules: { ϕ ∧ g } P { ψ } { ϕ ∧ ¬ g } Q { ψ } { N ≥ 0 } { ϕ } if g then P else Q fi { ψ } i := 0; m := 1; { ϕ [ x := e ] } x := e { ϕ } { m = i ! ∧ N ≥ 0 } while i < N do { m = i ! ∧ N ≥ 0 ∧ i < N } { ϕ ∧ g } P { ϕ } { ϕ } while g do P od { ϕ ∧ ¬ g } i := i + 1; { m × i = i ! ∧ N ≥ 0 } { ϕ } P { α } { α } Q { ψ } m := m × i { m = i ! ∧ N ≥ 0 } { ϕ } P ; Q { ψ } od { m = i ! ∧ N ≥ 0 ∧ i = N } ϕ ′ ⇒ ϕ { m = N ! } { ϕ } P { ψ } ψ ⇒ ψ ′ { ϕ ′ } P { ψ ′ } 49

  12. Factorial Example Let’s verify the Factorial program using our Hoare rules: { ϕ ∧ g } P { ψ } { ϕ ∧ ¬ g } Q { ψ } { N ≥ 0 } { ϕ } if g then P else Q fi { ψ } i := 0; m := 1; { ϕ [ x := e ] } x := e { ϕ } { m = i ! ∧ N ≥ 0 } while i < N do { m = i ! ∧ N ≥ 0 ∧ i < N } { ϕ ∧ g } P { ϕ } { m × ( i + 1) = ( i + 1)! ∧ N ≥ 0 } { ϕ } while g do P od { ϕ ∧ ¬ g } i := i + 1; { m × i = i ! ∧ N ≥ 0 } { ϕ } P { α } { α } Q { ψ } m := m × i { m = i ! ∧ N ≥ 0 } { ϕ } P ; Q { ψ } od { m = i ! ∧ N ≥ 0 ∧ i = N } ϕ ′ ⇒ ϕ { m = N ! } { ϕ } P { ψ } ψ ⇒ ψ ′ { ϕ ′ } P { ψ ′ } 50

  13. Factorial Example Let’s verify the Factorial program using our Hoare rules: { ϕ ∧ g } P { ψ } { ϕ ∧ ¬ g } Q { ψ } { N ≥ 0 } { ϕ } if g then P else Q fi { ψ } i := 0; m := 1; { ϕ [ x := e ] } x := e { ϕ } { m = i ! ∧ N ≥ 0 } while i < N do { m = i ! ∧ N ≥ 0 ∧ i < N } { ϕ ∧ g } P { ϕ } { m × ( i + 1) = ( i + 1)! ∧ N ≥ 0 } { ϕ } while g do P od { ϕ ∧ ¬ g } i := i + 1; { m × i = i ! ∧ N ≥ 0 } { ϕ } P { α } { α } Q { ψ } m := m × i { m = i ! ∧ N ≥ 0 } { ϕ } P ; Q { ψ } od { m = i ! ∧ N ≥ 0 ∧ i = N } ϕ ′ ⇒ ϕ { m = N ! } { ϕ } P { ψ } ψ ⇒ ψ ′ { ϕ ′ } P { ψ ′ } note: ( i + 1)! = i ! × ( i + 1) 51

  14. Factorial Example Let’s verify the Factorial program using our Hoare rules: { ϕ ∧ g } P { ψ } { ϕ ∧ ¬ g } Q { ψ } { N ≥ 0 } { ϕ } if g then P else Q fi { ψ } i := 0; m := 1; { m = i ! ∧ N ≥ 0 } { ϕ [ x := e ] } x := e { ϕ } { m = i ! ∧ N ≥ 0 } while i < N do { m = i ! ∧ N ≥ 0 ∧ i < N } { ϕ ∧ g } P { ϕ } { m × ( i + 1) = ( i + 1)! ∧ N ≥ 0 } { ϕ } while g do P od { ϕ ∧ ¬ g } i := i + 1; { m × i = i ! ∧ N ≥ 0 } { ϕ } P { α } { α } Q { ψ } m := m × i { m = i ! ∧ N ≥ 0 } { ϕ } P ; Q { ψ } od { m = i ! ∧ N ≥ 0 ∧ i = N } ϕ ′ ⇒ ϕ { m = N ! } { ϕ } P { ψ } ψ ⇒ ψ ′ { ϕ ′ } P { ψ ′ } note: ( i + 1)! = i ! × ( i + 1) 52

  15. Factorial Example Let’s verify the Factorial program using our Hoare rules: { ϕ ∧ g } P { ψ } { ϕ ∧ ¬ g } Q { ψ } { N ≥ 0 } { ϕ } if g then P else Q fi { ψ } i := 0; { 1 = i ! ∧ N ≥ 0 } m := 1; { m = i ! ∧ N ≥ 0 } { ϕ [ x := e ] } x := e { ϕ } { m = i ! ∧ N ≥ 0 } while i < N do { m = i ! ∧ N ≥ 0 ∧ i < N } { ϕ ∧ g } P { ϕ } { m × ( i + 1) = ( i + 1)! ∧ N ≥ 0 } { ϕ } while g do P od { ϕ ∧ ¬ g } i := i + 1; { m × i = i ! ∧ N ≥ 0 } { ϕ } P { α } { α } Q { ψ } m := m × i { m = i ! ∧ N ≥ 0 } { ϕ } P ; Q { ψ } od { m = i ! ∧ N ≥ 0 ∧ i = N } ϕ ′ ⇒ ϕ { m = N ! } { ϕ } P { ψ } ψ ⇒ ψ ′ { ϕ ′ } P { ψ ′ } note: ( i + 1)! = i ! × ( i + 1) 53

  16. Factorial Example Let’s verify the Factorial program using our Hoare rules: { ϕ ∧ g } P { ψ } { ϕ ∧ ¬ g } Q { ψ } { N ≥ 0 } { ϕ } if g then P else Q fi { ψ } i := 0; { 1 = i ! ∧ N ≥ 0 } { 1 = i ! ∧ N ≥ 0 } m := 1; { m = i ! ∧ N ≥ 0 } { ϕ [ x := e ] } x := e { ϕ } { m = i ! ∧ N ≥ 0 } while i < N do { m = i ! ∧ N ≥ 0 ∧ i < N } { ϕ ∧ g } P { ϕ } { m × ( i + 1) = ( i + 1)! ∧ N ≥ 0 } { ϕ } while g do P od { ϕ ∧ ¬ g } i := i + 1; { m × i = i ! ∧ N ≥ 0 } { ϕ } P { α } { α } Q { ψ } m := m × i { m = i ! ∧ N ≥ 0 } { ϕ } P ; Q { ψ } od { m = i ! ∧ N ≥ 0 ∧ i = N } ϕ ′ ⇒ ϕ { m = N ! } { ϕ } P { ψ } ψ ⇒ ψ ′ { ϕ ′ } P { ψ ′ } note: ( i + 1)! = i ! × ( i + 1) 54

  17. Factorial Example Let’s verify the Factorial program using our Hoare rules: { ϕ ∧ g } P { ψ } { ϕ ∧ ¬ g } Q { ψ } { N ≥ 0 } { ϕ } if g then P else Q fi { ψ } { 1 = 0! ∧ N ≥ 0 } i := 0; { 1 = i ! ∧ N ≥ 0 } { 1 = i ! ∧ N ≥ 0 } m := 1; { m = i ! ∧ N ≥ 0 } { ϕ [ x := e ] } x := e { ϕ } { m = i ! ∧ N ≥ 0 } while i < N do { m = i ! ∧ N ≥ 0 ∧ i < N } { ϕ ∧ g } P { ϕ } { m × ( i + 1) = ( i + 1)! ∧ N ≥ 0 } { ϕ } while g do P od { ϕ ∧ ¬ g } i := i + 1; { m × i = i ! ∧ N ≥ 0 } { ϕ } P { α } { α } Q { ψ } m := m × i { m = i ! ∧ N ≥ 0 } { ϕ } P ; Q { ψ } od { m = i ! ∧ N ≥ 0 ∧ i = N } ϕ ′ ⇒ ϕ { m = N ! } { ϕ } P { ψ } ψ ⇒ ψ ′ { ϕ ′ } P { ψ ′ } note: ( i + 1)! = i ! × ( i + 1) 55

  18. Practice Exercise Example m := 1; n := 1; i := 1; while i < N do t := m ; m := n ; n := m + t ; i := i + 1 od What does this L program P compute? What is a valid Hoare triple { ϕ } P { ψ } of this program? Prove using the inference rules and consequence axiom that this Hoare triple is valid. 56

  19. Practice Exercise Example m := 1; n := 1; i := 1; while i < N do t := m ; m := n ; n := m + t ; i := i + 1 od What does this L program P compute? What is a valid Hoare triple { ϕ } P { ψ } of this program? Prove using the inference rules and consequence axiom that this Hoare triple is valid. 57

  20. Summary L : A simple imperative programming language Hoare triples (SYNTAX) Hoare logic (PROOF) Semantics for Hoare logic 58

  21. Recall If R and S are binary relations, then the relational composition of R and S , R ; S is the relation: R ; S := { ( a , c ) : ∃ b such that ( a , b ) ∈ R and ( b , c ) ∈ S } If R ⊆ A × B is a relation, and X ⊆ A , then the image of X under R , R ( X ) is the subset of B defined as: R ( X ) := { b ∈ B : ∃ a inX such that ( a , b ) ∈ R } . 59

  22. Informal semantics Hoare logic gives a proof of { ϕ } P { ψ } , that is: ⊢ { ϕ } P { ψ } (axiomatic semantics) How do we determine when { ϕ } P { ψ } is valid , that is: | = { ϕ } P { ψ } ? If ϕ holds in a state of some computational model then ψ holds in the state reached after a successful execution of P . 60

  23. Informal semantics Hoare logic gives a proof of { ϕ } P { ψ } , that is: ⊢ { ϕ } P { ψ } (axiomatic semantics) How do we determine when { ϕ } P { ψ } is valid , that is: | = { ϕ } P { ψ } ? If ϕ holds in a state of some computational model then ψ holds in the state reached after a successful execution of P . 61

  24. Informal semantics: Programs What is a program? A partial function mapping system states to system states 62

  25. Informal semantics: Programs What is a program? A partial function mapping system states to system states 63

  26. Informal semantics: Programs What is a program? A partial function mapping system states to system states 64

  27. Informal semantics: Programs What is a program? A relation between system states 65

  28. Informal semantics: States What is a state of a computational model? Two approaches: Concrete: from a physical perspective States are memory configurations, register contents, etc. Store of variables and the values associated with them Abstract: from a mathematical perspective The pre-/postcondition predicates hold in a state ⇒ States are logical interpretations (Model + Environment) There is only one model of interest: standard interpretations of arithmetical symbols ⇒ States are fully determined by environments ⇒ States are functions that map variables to values 66

  29. Informal semantics: States What is a state of a computational model? Two approaches: Concrete: from a physical perspective States are memory configurations, register contents, etc. Store of variables and the values associated with them Abstract: from a mathematical perspective The pre-/postcondition predicates hold in a state ⇒ States are logical interpretations (Model + Environment) There is only one model of interest: standard interpretations of arithmetical symbols ⇒ States are fully determined by environments ⇒ States are functions that map variables to values 67

  30. Informal semantics: States What is a state of a computational model? Two approaches: Concrete: from a physical perspective States are memory configurations, register contents, etc. Store of variables and the values associated with them Abstract: from a mathematical perspective The pre-/postcondition predicates hold in a state ⇒ States are logical interpretations (Model + Environment) There is only one model of interest: standard interpretations of arithmetical symbols ⇒ States are fully determined by environments ⇒ States are functions that map variables to values 68

  31. Informal semantics: States What is a state of a computational model? Two approaches: Concrete: from a physical perspective States are memory configurations, register contents, etc. Store of variables and the values associated with them Abstract: from a mathematical perspective The pre-/postcondition predicates hold in a state ⇒ States are logical interpretations (Model + Environment) There is only one model of interest: standard interpretations of arithmetical symbols ⇒ States are fully determined by environments ⇒ States are functions that map variables to values 69

  32. Informal semantics: States What is a state of a computational model? Two approaches: Concrete: from a physical perspective States are memory configurations, register contents, etc. Store of variables and the values associated with them Abstract: from a mathematical perspective The pre-/postcondition predicates hold in a state ⇒ States are logical interpretations (Model + Environment) There is only one model of interest: standard interpretations of arithmetical symbols ⇒ States are fully determined by environments ⇒ States are functions that map variables to values 70

  33. Informal semantics: States What is a state of a computational model? Two approaches: Concrete: from a physical perspective States are memory configurations, register contents, etc. Store of variables and the values associated with them Abstract: from a mathematical perspective The pre-/postcondition predicates hold in a state ⇒ States are logical interpretations (Model + Environment) There is only one model of interest: standard interpretations of arithmetical symbols ⇒ States are fully determined by environments ⇒ States are functions that map variables to values 71

  34. Informal semantics: States and Programs State space ( Env ) x ← 0 y ← 0 x ← 3 z ← 0 y ← 2 z ← 1 x ← 1 x ← 1 y ← 1 y ← 1 x ← 2 z ← 1 z ← 2 y ← 2 z ← 2 x ← 0 y ← 1 x ← 0 z ← 2 y ← 1 z ← 0 72

  35. Informal semantics: States and Programs State space ( Env ) x ← 0 y ← 0 x ← 3 z ← 0 y ← 2 z ← 1 x ← 1 x ← 1 y ← 1 y ← 1 x ← 2 z ← 1 z ← 2 y ← 2 z ← 2 x ← 0 y ← 1 x ← 0 z ← 2 y ← 1 z ← 0 73

  36. Informal semantics: States and Programs 74

  37. Semantics for L An environment or state is a function from variables to numeric values. We denote by Env the set of all environments. NB ] η to all expressions An environment, η , assigns a numeric value [ [ e ] ] η to all boolean expressions b. e, and a boolean value [ [ b ] Given a program P of L , we define [ [ P ] ] to be a binary relation on Env in the following manner... 75

  38. Semantics for L An environment or state is a function from variables to numeric values. We denote by Env the set of all environments. NB ] η to all expressions An environment, η , assigns a numeric value [ [ e ] ] η to all boolean expressions b. e, and a boolean value [ [ b ] Given a program P of L , we define [ [ P ] ] to be a binary relation on Env in the following manner... 76

  39. Assignment η ′ = η [ x �→ [ ( η, η ′ ) ∈ [ ] η ] [ x := e ] ] if, and only if [ e ] 77

  40. Assignment: [ [ z := 2] ] State space ( Env ) x ← 0 y ← 0 x ← 3 z ← 0 y ← 2 z ← 1 x ← 1 x ← 1 y ← 1 y ← 1 x ← 2 z ← 1 z ← 2 y ← 2 z ← 2 x ← 0 y ← 1 x ← 0 z ← 2 y ← 1 z ← 0 78

  41. Sequencing [ [ P ; Q ] ] = [ [ P ] ]; [ [ Q ] ] where, on the RHS, ; is relational composition. 79

  42. Conditional, first attempt � [ ] η = true [ P ] ] if [ [ b ] [ [if b then P else Q fi] ] = [ [ Q ] ] otherwise. 80

  43. Detour: Predicates as programs A boolean expression b defines a subset (or unary relation) of Env : ] η = true } � b � = { η : [ [ b ] This can be extended to a binary relation (i.e. a program): [ [ b ] ] = { ( η, η ) : η ∈ � b �} Intuitively, b corresponds to the program if b then skip else ⊥ fi 81

  44. Detour: Predicates as programs A boolean expression b defines a subset (or unary relation) of Env : ] η = true } � b � = { η : [ [ b ] This can be extended to a binary relation (i.e. a program): [ [ b ] ] = { ( η, η ) : η ∈ � b �} Intuitively, b corresponds to the program if b then skip else ⊥ fi 82

  45. Conditional, better attempt [ [if b then P else Q fi] ] = [ [ b ; P ] ] ∪ [ [ ¬ b ; Q ] ] 83

  46. While while b do P od Do 0 or more executions of P while b holds Terminate when b does not hold How to do “0 or more” executions of ( b ; P )? 84

  47. While while b do P od Do 0 or more executions of ( b ; P ) Terminate with an execution of ¬ b How to do “0 or more” executions of ( b ; P )? 85

  48. While while b do P od Do 0 or more executions of ( b ; P ) Terminate with an execution of ¬ b How to do “0 or more” executions of ( b ; P )? 86

  49. Transitive closure Given a binary relation R ⊆ E × E , the transitive closure of R , R ∗ is defined to be the limit of the sequence R 0 ∪ R 1 ∪ R 2 · · · where R 0 = ∆, the diagonal relation R n +1 = R n ; R NB R ∗ is the smallest transitive relation which contains R Related to the Kleene star operation seen in languages: Σ ∗ Technically, R ∗ is the least-fixed point of f ( X ) = X ∪ X ; R 87

  50. Transitive closure Given a binary relation R ⊆ E × E , the transitive closure of R , R ∗ is defined to be the limit of the sequence R 0 ∪ R 1 ∪ R 2 · · · where R 0 = ∆, the diagonal relation R n +1 = R n ; R NB R ∗ is the smallest transitive relation which contains R Related to the Kleene star operation seen in languages: Σ ∗ Technically, R ∗ is the least-fixed point of f ( X ) = X ∪ X ; R 88

  51. While ] ∗ ; [ [ [while b do P od] ] = [ [ b ; P ] [ ¬ b ] ] Do 0 or more executions of ( b ; P ) Conclude with an execution of ¬ b 89

  52. Validity A Hoare triple is valid , written | = { ϕ } P { ψ } if [ [ P ] ]( � ϕ � ) ⊆ � ψ � . That is, the relational image under [ [ P ] ] of the set of states where ϕ holds is contained in the set of states where ψ holds. 90

  53. Validity 91

  54. Validity � ϕ � 92

  55. Validity � ψ � � ϕ � 93

  56. Validity [ [ P ] ] � ψ � � ϕ � 94

  57. Validity [ [ P ] ] � ψ � � ϕ � [ [ P ] ]( � ϕ � ) 95

  58. Soundness of Hoare Logic Hoare Logic is sound with respect to the semantics given. That is, Theorem If ⊢ { ϕ } P { ψ } then | = { ϕ } P { ψ } 96

  59. Summary Set theory revisited Soundness of Hoare Logic Completeness of Hoare Logic 97

  60. Summary Set theory revisited Soundness of Hoare Logic Completeness of Hoare Logic 98

  61. Some results on relational images Lemma For any binary relations R , S ⊆ X × Y and subsets A , B ⊆ X: If A ⊆ B then R ( A ) ⊆ R ( B ) (a) R ( A ) ∪ S ( A ) = ( R ∪ S )( A ) (b) R ( S ( A )) = ( S ; R )( A ) (c) Proof (a): 99

  62. Some results on relational images Lemma For any binary relations R , S ⊆ X × Y and subsets A , B ⊆ X: If A ⊆ B then R ( A ) ⊆ R ( B ) (a) R ( A ) ∪ S ( A ) = ( R ∪ S )( A ) (b) R ( S ( A )) = ( S ; R )( A ) (c) Proof (a): 100

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification Invented: Quicksort, the null reference (called it his billion dollar mistake) CSP (formal specification language), and Hoare Logic 2 Summary L

770 views • 59 slides
COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling termination Operational semantics Adding non-determinism Refinement calculus 2 Finding a proof Consider the following code: Pow r := 1; i := 0;

538 views • 37 slides
COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling termination Operational semantics Adding non-determinism Refinement calculus 2 Summary Weakest precondition reasoning Handling termination

1.22k views • 85 slides
Summary of topics Sets COMP2111 Week 2 Formal languages Term 1, 2020 Discrete Mathematics

Summary of topics Sets COMP2111 Week 2 Formal languages Term 1, 2020 Discrete Mathematics

Summary of topics Sets COMP2111 Week 2 Formal languages Term 1, 2020 Discrete Mathematics Recap Relations Functions Propositional Logic 1 2 Summary of topics Sets A set is defined by the collection of its elements. Sets are typically

464 views • 31 slides
Summary Motivation COMP2111 Week 10 Definitions Term 1, 2020 The invariant principle State

Summary Motivation COMP2111 Week 10 Definitions Term 1, 2020 The invariant principle State

Summary Motivation COMP2111 Week 10 Definitions Term 1, 2020 The invariant principle State machines Partial correctness and termination Input and output Finite automata 1 2 Summary Motivation: Models of computation State machines model

627 views • 19 slides
COMP2111 Week 2 Term 1, 2020 Discrete Mathematics Recap 1 Summary of topics Sets Formal

COMP2111 Week 2 Term 1, 2020 Discrete Mathematics Recap 1 Summary of topics Sets Formal

COMP2111 Week 2 Term 1, 2020 Discrete Mathematics Recap 1 Summary of topics Sets Formal languages Relations Functions Propositional Logic 2 Summary of topics Sets Formal languages Relations Functions Propositional Logic 3 Sets A

1.52k views • 124 slides
COMP2111 Week 5 Term 1, 2020 Lambda Calculus 1 -calculus Alonzo Church lived 19031995

COMP2111 Week 5 Term 1, 2020 Lambda Calculus 1 -calculus Alonzo Church lived 19031995

COMP2111 Week 5 Term 1, 2020 Lambda Calculus 1 -calculus Alonzo Church lived 19031995 supervised people like Alan Turing, Stephen Kleene famous for Church-Turing thesis, lambda calculus, first undecidability results invented

2.04k views • 168 slides
COMP2111 Week 10 Term 1, 2020 State machines 1 Summary Motivation Definitions The invariant

COMP2111 Week 10 Term 1, 2020 State machines 1 Summary Motivation Definitions The invariant

COMP2111 Week 10 Term 1, 2020 State machines 1 Summary Motivation Definitions The invariant principle Partial correctness and termination Input and output Finite automata 2 Summary Motivation Definitions The invariant principle

1.19k views • 75 slides
Summary of topics COMP2111 Week 3 Recursion Term 1, 2020 Recursive Data Types Recursion and

Summary of topics COMP2111 Week 3 Recursion Term 1, 2020 Recursive Data Types Recursion and

Summary of topics COMP2111 Week 3 Recursion Term 1, 2020 Recursive Data Types Recursion and induction Induction Structural Induction 1 2 Summary of topics Recursion Fundamental concept in Computer Science Recursion in algorithms:

789 views • 21 slides
Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge CST Part II 2017/18 Introduction Last time, we saw that that proofs in Hoare logic can involve large amounts of very error-prone bookkeeping

690 views • 48 slides
Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge

Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge

Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Semantics of Hoare Logic

663 views • 10 slides
Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we

Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we

Recap Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we specified and verified some example programs using the syntactic rules of Hoare logic that we introduced in the first lecture. Jean

477 views • 13 slides
Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it

Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it

Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it reduces a program and its specification to a set of verifications conditions. Slides by Wishnu Prasetya URL : www.cs.uu.nl/~wishnu Course URL :

1.4k views • 124 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969

Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969

Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969 builds on first-order logic Hoare logic introduced by Hoare in 1969 builds on first-order logic correctness specification = pre- and

401 views • 37 slides
Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre

Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre

Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre ==&gt; post] Probabilistic Hoare Logic [ c : = ] = (see Lecture 6): bd_hoare [ c : pre ==&gt; post ] = r Probabilistic Relational Hoare

377 views • 23 slides
A puzzle about G odels numbering James Avery 1 Jean-Yves Moyen 1 Jakob Grue Simonsen 1

A puzzle about G odels numbering James Avery 1 Jean-Yves Moyen 1 Jakob Grue Simonsen 1

G odels numberings Operators on programs The puzzle A puzzle about G odels numbering James Avery 1 Jean-Yves Moyen 1 Jakob Grue Simonsen 1 Jean-Yves.Moyen@lipn.univ-paris13.fr 1 Datalogisk Institut University of Copenhagen

133 views • 12 slides
Multiverse conceptions reconsidered Carolin Antos ICLA2019, Delhi Department of Philosophy,

Multiverse conceptions reconsidered Carolin Antos ICLA2019, Delhi Department of Philosophy,

Multiverse conceptions reconsidered Carolin Antos ICLA2019, Delhi Department of Philosophy, University of Konstanz 1 Structure of the talk 1. Introduction Set theory and forcing Philosophy of set theory and forcing 2. Forcing technique in

1.05k views • 92 slides
Apache Jena Part II Jan Pettersen Nytun, UiA 1 S O P This presentation is based on: Jena

Apache Jena Part II Jan Pettersen Nytun, UiA 1 S O P This presentation is based on: Jena

Knowledge Representation Apache Jena Part II Jan Pettersen Nytun, UiA 1 S O P This presentation is based on: Jena Ontology API http://jena.apache.org/documentation/ontology/ Jan Pettersen Nytun, UIA, page 2 Jena is fundamentally an

631 views • 33 slides
Cut-elimination for Intuitionistic Provability Logic Iris van der Giessen Utrecht University

Cut-elimination for Intuitionistic Provability Logic Iris van der Giessen Utrecht University

Introduction to provability logic Cut-elimination Cut-elimination for Intuitionistic Provability Logic Iris van der Giessen Utrecht University i.vandergiessen@uu.nl April 26, 2019 Iris van der Giessen Cut-elimination for Intuitionistic

521 views • 36 slides
Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert

Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert

Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert Oliveras Enric Rodr guez-Carbonell May 31, 2019 Satisfiability Modulo Theories Some problems are more naturally expressed in other logics than

752 views • 33 slides
Modeling Reasoning with Making it uncertainty uncertainty practical Learning queries on

Modeling Reasoning with Making it uncertainty uncertainty practical Learning queries on

Handling Incomplete, Uncertain, Inconsistent Data Important subject: such data is everywhere Key research challenges Tools/techniques we need Neighbors Some more general thoughts Modeling Reasoning with Making it uncertainty

174 views • 5 slides
Rent Devision among Groups Mohammad Ghodsi, Mohamad Latifian, Arman Mohammadi, Sadra Moradian,

Rent Devision among Groups Mohammad Ghodsi, Mohamad Latifian, Arman Mohammadi, Sadra Moradian,

Rent Devision among Groups Mohammad Ghodsi, Mohamad Latifian, Arman Mohammadi, Sadra Moradian, Masoud Seddighin Rent Division Problem A house with n rooms, n agents, is the value of agent i for room j v i , j Utility of agent i if

748 views • 39 slides
Department of Computer Science CSCI 5622: Machine Learning Chenhao Tan Lecture 14: PAC

Department of Computer Science CSCI 5622: Machine Learning Chenhao Tan Lecture 14: PAC

Department of Computer Science CSCI 5622: Machine Learning Chenhao Tan Lecture 14: PAC learnability Slides adapted from Jordan Boyd-Graber, Chris Ketelsen 1 Announcements Proposal due tomorrow night HW2 regrade requests Peer

847 views • 53 slides

More recommend