comp2111 week 9 term 1 2020 hoare logic
play

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest - PowerPoint PPT Presentation

May 02, 2023 •357 likes •1.22k views

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling termination Operational semantics Adding non-determinism Refinement calculus 2 Summary Weakest precondition reasoning Handling termination

  1. COMP2111 Week 9 Term 1, 2020 Hoare Logic 1

  2. Summary Weakest precondition reasoning Handling termination Operational semantics Adding non-determinism Refinement calculus 2

  3. Summary Weakest precondition reasoning Handling termination Operational semantics Adding non-determinism Refinement calculus 3

  4. Finding a proof Consider the following code: Pow r := 1; i := 0; while i < m do r := r ∗ n ; i := i + 1 od We would like to show { ϕ } Pow { r = n m } . What should ϕ be? m ≥ 0 ∧ n > 0 What should the intermediate assertions be? 4

  5. Finding a proof Consider the following code: Pow r := 1; i := 0; while i < m do r := r ∗ n ; i := i + 1 od We would like to show { ϕ } Pow { r = n m } . What should ϕ be? m ≥ 0 ∧ n > 0 What should the intermediate assertions be? 5

  6. Finding a proof Consider the following code: Pow r := 1; i := 0; while i < m do r := r ∗ n ; i := i + 1 od We would like to show { ϕ } Pow { r = n m } . What should ϕ be? m ≥ 0 ∧ n > 0 What should the intermediate assertions be? 6

  7. Determining a precondition Here are some valid Hoare triples: { ( x = 5) ∧ ( y = 10) } z := x / y { z < 1 } { ( x < y ) ∧ ( y > 0) } z := x / y { z < 1 } { ( y � = 0) ∧ ( x / y < 1) } z := x / y { z < 1 } All are valid, but the third one is the most useful: it has the weakest precondition of the three it can be applied in the most scenarios (e.g. x = 2 ∧ y = − 1) 7

  8. Weakest precondition Given a program P and a postcondition ψ the weakest precondition of P with respect to ψ , wp ( P , ψ ), is a predicate ϕ such that P { ψ } then ϕ ′ → ϕ � ϕ ′ � { ϕ } P { ψ } and If We can compute wp based on the structure of P ... 8

  9. Weakest precondition Given a program P and a postcondition ψ the weakest precondition of P with respect to ψ , wp ( P , ψ ), is a predicate ϕ such that P { ψ } then ϕ ′ → ϕ � ϕ ′ � { ϕ } P { ψ } and If We can compute wp based on the structure of P ... 9

  10. Determining wp : Assignment wp ( x := e , ψ ) = ψ [ e / x ] Example { 2 + y > 0 } x := 2 { x + y > 0 } 10

  11. Determining wp : Assignment wp ( x := e , ψ ) = ψ [ e / x ] Example { 2 + y > 0 } x := 2 { x + y > 0 } 11

  12. Determining wp : Sequence wp ( P ; S , ψ ) = wp ( P , wp ( S , ψ )) Example Let ϕ be the weakest precondition of: { ϕ } x := x + 1; y := x + y { y > 4 } What should ϕ be? x + y > 3 wp ( y := x + y , y > 4) = ( x + y > 4) wp ( x := x + 1 , x + y > 4) = ( x +1+ y > 4) ≡ x + y > 3 12

  13. Determining wp : Sequence wp ( P ; S , ψ ) = wp ( P , wp ( S , ψ )) Example Let ϕ be the weakest precondition of: { ϕ } x := x + 1; y := x + y { y > 4 } What should ϕ be? x + y > 3 wp ( y := x + y , y > 4) = ( x + y > 4) wp ( x := x + 1 , x + y > 4) = ( x +1+ y > 4) ≡ x + y > 3 13

  14. Determining wp : Sequence wp ( P ; S , ψ ) = wp ( P , wp ( S , ψ )) Example Let ϕ be the weakest precondition of: { ϕ } x := x + 1; y := x + y { y > 4 } What should ϕ be? x + y > 3 wp ( y := x + y , y > 4) = ( x + y > 4) wp ( x := x + 1 , x + y > 4) = ( x +1+ y > 4) ≡ x + y > 3 14

  15. Determining wp : Sequence wp ( P ; S , ψ ) = wp ( P , wp ( S , ψ )) Example Let ϕ be the weakest precondition of: { ϕ } x := x + 1; y := x + y { y > 4 } What should ϕ be? x + y > 3 wp ( y := x + y , y > 4) = ( x + y > 4) wp ( x := x + 1 , x + y > 4) = ( x +1+ y > 4) ≡ x + y > 3 15

  16. Determining wp : Conditional wp (if b then P else Q fi , ψ ) = ( b → wp ( P , ψ )) ∧ ( ¬ b → wp ( Q , ψ )) ≡ ( b ∧ wp ( P , ψ )) ∨ ( ¬ b ∧ wp ( Q , ψ )) Example wp (if x > 0 then z := y else z := 0 − y fi , z > 5) = (( x > 0) → wp ( z := y , z > 5)) ∧ (( x ≤ 0) → wp ( z := 0 − y , z > 5)) = (( x > 0) → ( y > 5)) ∧ (( x ≤ 0) → ( y < − 5)) 16

  17. Determining wp : Conditional wp (if b then P else Q fi , ψ ) = ( b → wp ( P , ψ )) ∧ ( ¬ b → wp ( Q , ψ )) ≡ ( b ∧ wp ( P , ψ )) ∨ ( ¬ b ∧ wp ( Q , ψ )) Example wp (if x > 0 then z := y else z := 0 − y fi , z > 5) = (( x > 0) → wp ( z := y , z > 5)) ∧ (( x ≤ 0) → wp ( z := 0 − y , z > 5)) = (( x > 0) → ( y > 5)) ∧ (( x ≤ 0) → ( y < − 5)) 17

  18. Determining wp : Conditional wp (if b then P else Q fi , ψ ) = ( b → wp ( P , ψ )) ∧ ( ¬ b → wp ( Q , ψ )) ≡ ( b ∧ wp ( P , ψ )) ∨ ( ¬ b ∧ wp ( Q , ψ )) Example wp (if x > 0 then z := y else z := 0 − y fi , z > 5) = (( x > 0) → wp ( z := y , z > 5)) ∧ (( x ≤ 0) → wp ( z := 0 − y , z > 5)) = (( x > 0) → ( y > 5)) ∧ (( x ≤ 0) → ( y < − 5)) 18

  19. Determining wp : Conditional wp (if b then P else Q fi , ψ ) = ( b → wp ( P , ψ )) ∧ ( ¬ b → wp ( Q , ψ )) ≡ ( b ∧ wp ( P , ψ )) ∨ ( ¬ b ∧ wp ( Q , ψ )) Example wp (if x > 0 then z := y else z := 0 − y fi , z > 5) = (( x > 0) → wp ( z := y , z > 5)) ∧ (( x ≤ 0) → wp ( z := 0 − y , z > 5)) = (( x > 0) → ( y > 5)) ∧ (( x ≤ 0) → ( y < − 5)) 19

  20. Determining wp : Conditional wp (if b then P else Q fi , ψ ) = ( b → wp ( P , ψ )) ∧ ( ¬ b → wp ( Q , ψ )) ≡ ( b ∧ wp ( P , ψ )) ∨ ( ¬ b ∧ wp ( Q , ψ )) Example wp (if x > 0 then z := y else z := 0 − y fi , z > 5) = (( x > 0) → wp ( z := y , z > 5)) ∧ (( x ≤ 0) → wp ( z := 0 − y , z > 5)) = (( x > 0) → ( y > 5)) ∧ (( x ≤ 0) → ( y < − 5)) 20

  21. Determining wp : Loops wp (while b do P od , ψ ) =? Loops are problematic: wp calculates a triple for a single program statement block. Loops consist of a block executed repeatedly Weakest precondition for 1 loop may be different from weakest precondition for 100 loops... 21

  22. Handling loops { ϕ } while b do P od { ψ } Instead: Find a loop invariant I such that ϕ → I (establish) { I ∧ b } P { I } (maintain) I ∧ ¬ b → ψ (conclude) NB Finding (good) loop invariants is generally hard! ⇒ Active area of research 22

  23. Handling loops { ϕ } while b do P od { ψ } Instead: Find a loop invariant I such that ϕ → I (establish) { I ∧ b } P { I } (maintain) I ∧ ¬ b → ψ (conclude) NB Finding (good) loop invariants is generally hard! ⇒ Active area of research 23

  24. Handling loops { ϕ } while b do P od { ψ } Instead: Find a loop invariant I such that ϕ → I (establish) { I ∧ b } P { I } (maintain) I ∧ ¬ b → ψ (conclude) NB Finding (good) loop invariants is generally hard! ⇒ Active area of research 24

  25. Handling loops { ϕ } while b do P od { ψ } Instead: Find a loop invariant I such that ϕ → I (establish) { I ∧ b } P { I } (maintain) I ∧ ¬ b → ψ (conclude) NB Finding (good) loop invariants is generally hard! ⇒ Active area of research 25

  26. Handling loops { ϕ } while b do P od { ψ } Instead: Find a loop invariant I such that ϕ → I (establish) { I ∧ b } P { I } (maintain) I ∧ ¬ b → ψ (conclude) NB Finding (good) loop invariants is generally hard! ⇒ Active area of research 26

  27. Back to the example Pow { init: ( m ≥ 0) ∧ ( n > 0) } { (1 = n 0 ) ∧ (0 ≤ m ) ∧ init } { ( r = n 0 ) ∧ (0 ≤ m ) ∧ init } r := 1; i := 0; { Inv } while i < m do { Inv ∧ ( i < m ) } { ( r ∗ n = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } { ( r = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } r := r ∗ n ; i := i + 1 { Inv } od { Inv ∧ ( i ≥ m ) } { r = n m } What would be a good invariant? r = n i ∧ i ≤ m ∧ init Inv: 27

  28. Back to the example Pow { init: ( m ≥ 0) ∧ ( n > 0) } { (1 = n 0 ) ∧ (0 ≤ m ) ∧ init } { ( r = n 0 ) ∧ (0 ≤ m ) ∧ init } r := 1; i := 0; { Inv } while i < m do { Inv ∧ ( i < m ) } { ( r ∗ n = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } { ( r = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } r := r ∗ n ; i := i + 1 { Inv } od { Inv ∧ ( i ≥ m ) } { r = n m } What would be a good invariant? r = n i ∧ i ≤ m ∧ init Inv: 28

  29. Back to the example Pow { init: ( m ≥ 0) ∧ ( n > 0) } { (1 = n 0 ) ∧ (0 ≤ m ) ∧ init } { ( r = n 0 ) ∧ (0 ≤ m ) ∧ init } r := 1; i := 0; { Inv } while i < m do { Inv ∧ ( i < m ) } { ( r ∗ n = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } { ( r = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } r := r ∗ n ; i := i + 1 { Inv } od { Inv ∧ ( i ≥ m ) } { r = n m } What would be a good invariant? r = n i ∧ i ≤ m ∧ init Inv: 29

  30. Back to the example Pow { init: ( m ≥ 0) ∧ ( n > 0) } { (1 = n 0 ) ∧ (0 ≤ m ) ∧ init } { ( r = n 0 ) ∧ (0 ≤ m ) ∧ init } r := 1; i := 0; { Inv } while i < m do { Inv ∧ ( i < m ) } { ( r ∗ n = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } { ( r = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } r := r ∗ n ; i := i + 1 { Inv } od { Inv ∧ ( i ≥ m ) } { r = n m } What would be a good invariant? r = n i ∧ i ≤ m ∧ init Inv: 30

  31. Back to the example Pow { init: ( m ≥ 0) ∧ ( n > 0) } { (1 = n 0 ) ∧ (0 ≤ m ) ∧ init } { ( r = n 0 ) ∧ (0 ≤ m ) ∧ init } r := 1; i := 0; { Inv } while i < m do { Inv ∧ ( i < m ) } { ( r ∗ n = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } { ( r = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } r := r ∗ n ; i := i + 1 { Inv } od { Inv ∧ ( i ≥ m ) } { r = n m } What would be a good invariant? r = n i ∧ i ≤ m ∧ init Inv: 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification Invented: Quicksort, the null reference (called it his billion dollar mistake) CSP (formal specification language), and Hoare Logic 2 Summary L

770 views • 59 slides
COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification Invented: Quicksort, the null reference (called it his billion dollar mistake) CSP (formal specification language), and Hoare Logic 2 Summary L

2k views • 158 slides
COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling termination Operational semantics Adding non-determinism Refinement calculus 2 Finding a proof Consider the following code: Pow r := 1; i := 0;

538 views • 37 slides
Summary of topics Sets COMP2111 Week 2 Formal languages Term 1, 2020 Discrete Mathematics

Summary of topics Sets COMP2111 Week 2 Formal languages Term 1, 2020 Discrete Mathematics

Summary of topics Sets COMP2111 Week 2 Formal languages Term 1, 2020 Discrete Mathematics Recap Relations Functions Propositional Logic 1 2 Summary of topics Sets A set is defined by the collection of its elements. Sets are typically

464 views • 31 slides
Summary Motivation COMP2111 Week 10 Definitions Term 1, 2020 The invariant principle State

Summary Motivation COMP2111 Week 10 Definitions Term 1, 2020 The invariant principle State

Summary Motivation COMP2111 Week 10 Definitions Term 1, 2020 The invariant principle State machines Partial correctness and termination Input and output Finite automata 1 2 Summary Motivation: Models of computation State machines model

627 views • 19 slides
COMP2111 Week 2 Term 1, 2020 Discrete Mathematics Recap 1 Summary of topics Sets Formal

COMP2111 Week 2 Term 1, 2020 Discrete Mathematics Recap 1 Summary of topics Sets Formal

COMP2111 Week 2 Term 1, 2020 Discrete Mathematics Recap 1 Summary of topics Sets Formal languages Relations Functions Propositional Logic 2 Summary of topics Sets Formal languages Relations Functions Propositional Logic 3 Sets A

1.52k views • 124 slides
COMP2111 Week 5 Term 1, 2020 Lambda Calculus 1 -calculus Alonzo Church lived 19031995

COMP2111 Week 5 Term 1, 2020 Lambda Calculus 1 -calculus Alonzo Church lived 19031995

COMP2111 Week 5 Term 1, 2020 Lambda Calculus 1 -calculus Alonzo Church lived 19031995 supervised people like Alan Turing, Stephen Kleene famous for Church-Turing thesis, lambda calculus, first undecidability results invented

2.04k views • 168 slides
COMP2111 Week 10 Term 1, 2020 State machines 1 Summary Motivation Definitions The invariant

COMP2111 Week 10 Term 1, 2020 State machines 1 Summary Motivation Definitions The invariant

COMP2111 Week 10 Term 1, 2020 State machines 1 Summary Motivation Definitions The invariant principle Partial correctness and termination Input and output Finite automata 2 Summary Motivation Definitions The invariant principle

1.19k views • 75 slides
Summary of topics COMP2111 Week 3 Recursion Term 1, 2020 Recursive Data Types Recursion and

Summary of topics COMP2111 Week 3 Recursion Term 1, 2020 Recursive Data Types Recursion and

Summary of topics COMP2111 Week 3 Recursion Term 1, 2020 Recursive Data Types Recursion and induction Induction Structural Induction 1 2 Summary of topics Recursion Fundamental concept in Computer Science Recursion in algorithms:

789 views • 21 slides
Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge CST Part II 2017/18 Introduction Last time, we saw that that proofs in Hoare logic can involve large amounts of very error-prone bookkeeping

690 views • 48 slides
Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge

Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge

Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Semantics of Hoare Logic

663 views • 10 slides
Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we

Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we

Recap Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we specified and verified some example programs using the syntactic rules of Hoare logic that we introduced in the first lecture. Jean

477 views • 13 slides
Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it

Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it

Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it reduces a program and its specification to a set of verifications conditions. Slides by Wishnu Prasetya URL : www.cs.uu.nl/~wishnu Course URL :

1.4k views • 124 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969

Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969

Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969 builds on first-order logic Hoare logic introduced by Hoare in 1969 builds on first-order logic correctness specification = pre- and

401 views • 37 slides
Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre

Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre

Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre ==&gt; post] Probabilistic Hoare Logic [ c : = ] = (see Lecture 6): bd_hoare [ c : pre ==&gt; post ] = r Probabilistic Relational Hoare

377 views • 23 slides
Lecture 15: Software Quality Assurance 2015-07-09 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal

Lecture 15: Software Quality Assurance 2015-07-09 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal

Softwaretechnik / Software-Engineering Lecture 15: Software Quality Assurance 2015-07-09 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal 15 2015-07-09 main Albert-Ludwigs-Universit at Freiburg, Germany Contents of the Block

535 views • 30 slides
Specification as a development task Given precondition and postcondition develop a program S

Specification as a development task Given precondition and postcondition develop a program S

Specification as a development task Given precondition and postcondition develop a program S such that { } S { } Andrzej Tarlecki: Semantics &amp; Verification - 174 - For instance Find S such that { n 0 } S { rt 2 n n

585 views • 22 slides
UNIX Basics + shell commands Michael Tsai 2017/03/06 Where UNIX started Ken Thompson &amp;

UNIX Basics + shell commands Michael Tsai 2017/03/06 Where UNIX started Ken Thompson &amp;

UNIX Basics + shell commands Michael Tsai 2017/03/06 Where UNIX started Ken Thompson &amp; Dennis Ritchie Multics OS project (1960s) @ Bell Labs UNIX on scavenged PDP-7 (1969) Space Travel game Good environment to do

805 views • 24 slides
CE 221 Data Structures and Algorithms Chapter 9 : Graphs Part I (Topological Sort &amp; Shortest

CE 221 Data Structures and Algorithms Chapter 9 : Graphs Part I (Topological Sort &amp; Shortest

CE 221 Data Structures and Algorithms Chapter 9 : Graphs Part I (Topological Sort &amp; Shortest Path Algorithms) Text: Read Weiss, 9.1 9.3 Izmir University of Economics 1 Definitions - I A graph G=(V, E) consists of a set of

416 views • 27 slides
Compound Monads in Specification Languages Jeremy Dawson Logic and Computation Program, NICTA 1

Compound Monads in Specification Languages Jeremy Dawson Logic and Computation Program, NICTA 1

Introduction The Operational Models The Monads used in these Models Compound Monads in Specification Languages Jeremy Dawson Logic and Computation Program, NICTA 1 Automated Reasoning Group, Australian National University, Canberra, ACT 0200,

456 views • 30 slides
Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe,

Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe,

Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe, University of Kent, Canterbury James Brotherston, University College London CPP, Paris, France Monday 16 th January 2017 Automatically Proving

741 views • 70 slides
Minimum Spanning Trees: Prim-Jarnik &amp; Kruskal CS16: Introduction to Data Structures &amp;

Minimum Spanning Trees: Prim-Jarnik &amp; Kruskal CS16: Introduction to Data Structures &amp;

Minimum Spanning Trees: Prim-Jarnik &amp; Kruskal CS16: Introduction to Data Structures &amp; Algorithms Spring 2020 Outline Minimum Spanning Trees Prim-Jarnik Algorithm Analysis Proof of Correctness Kruskals Algorithm

1.07k views • 91 slides
Todays programme: Programming language PLN - syntax Limitations of Program Verification

Todays programme: Programming language PLN - syntax Limitations of Program Verification

Todays programme: Programming language PLN - syntax Limitations of Program Verification Constants: natural numbers: 0, 1, 2,.. To prove fundamental limitations of formalization boolean constants: true, false Program correctness

479 views • 14 slides

More recommend