SLIDE 1
Generation of Verification Conditions (contd) Andreas Podelski - - PowerPoint PPT Presentation
Generation of Verification Conditions (contd) Andreas Podelski - - PowerPoint PPT Presentation
Generation of Verification Conditions (contd) Andreas Podelski November 21, 2011 mechanization of correctness proof given a Hoare triple { } C { } , mechanization of correctness proof given a Hoare triple { } C { } ,
SLIDE 2
SLIDE 3
mechanization of correctness proof
◮ given a Hoare triple {φ} C {ψ}, ◮ construct a backwards derivation
SLIDE 4
mechanization of correctness proof
◮ given a Hoare triple {φ} C {ψ}, ◮ construct a backwards derivation ◮ derivation = sequence of Hoare triples,
each Hoare triple is an axiom (skip, update)
- r it is inferred by one of the inference rules (seq, cond, while)
SLIDE 5
mechanization of correctness proof
◮ given a Hoare triple {φ} C {ψ}, ◮ construct a backwards derivation ◮ derivation = sequence of Hoare triples,
each Hoare triple is an axiom (skip, update)
- r it is inferred by one of the inference rules (seq, cond, while)
◮ Hoare triple uses given postcondition and weakest precondition ◮ derivation unique
SLIDE 6
mechanization of correctness proof
◮ given a Hoare triple {φ} C {ψ}, ◮ construct a backwards derivation ◮ derivation = sequence of Hoare triples,
each Hoare triple is an axiom (skip, update)
- r it is inferred by one of the inference rules (seq, cond, while)
◮ Hoare triple uses given postcondition and weakest precondition ◮ derivation unique ◮ verification condition = set of side conditions
SLIDE 7
weakest precondition wp(C, ψ)
◮ wp(skip, ψ) = ψ
SLIDE 8
weakest precondition wp(C, ψ)
◮ wp(skip, ψ) = ψ ◮ wp(x := e, ψ) = ψ[e/x]
SLIDE 9
weakest precondition wp(C, ψ)
◮ wp(skip, ψ) = ψ ◮ wp(x := e, ψ) = ψ[e/x] ◮ wp(C1 ; C2, ψ) = wp(C1, wp(C2, ψ))
SLIDE 10
weakest precondition wp(C, ψ)
◮ wp(skip, ψ) = ψ ◮ wp(x := e, ψ) = ψ[e/x] ◮ wp(C1 ; C2, ψ) = wp(C1, wp(C2, ψ)) ◮ wp(if b then C1 else C2, ψ) = (¬b ∨ φ1) ∧ (b ∨ φ2)
where φ1 = wp(C1, ψ) φ2 = wp(C2, ψ)
SLIDE 11
weakest precondition wp(C, ψ)
◮ wp(skip, ψ) = ψ ◮ wp(x := e, ψ) = ψ[e/x] ◮ wp(C1 ; C2, ψ) = wp(C1, wp(C2, ψ)) ◮ wp(if b then C1 else C2, ψ) = (¬b ∨ φ1) ∧ (b ∨ φ2)
where φ1 = wp(C1, ψ) φ2 = wp(C2, ψ)
◮ wp(while b do {θ} C0, ψ) = θ
SLIDE 12
verification condition for {φ} C {ψ}
◮ for command C of form: skip, update, seq, cond,
SLIDE 13
verification condition for {φ} C {ψ}
◮ for command C of form: skip, update, seq, cond, ◮ add one implication:
φ → wp(C, ψ)
SLIDE 14
verification condition for {φ} C {ψ}
◮ for command C of form: skip, update, seq, cond, ◮ add one implication:
φ → wp(C, ψ)
◮ for command C of form: while b do {θ} C0 ,
SLIDE 15
verification condition for {φ} C {ψ}
◮ for command C of form: skip, update, seq, cond, ◮ add one implication:
φ → wp(C, ψ)
◮ for command C of form: while b do {θ} C0 , ◮ add two implications:
φ → θ θ ∧ ¬b → ψ and add verification condition for Hoare triple {θ ∧ b} C0 {θ}
SLIDE 16
Adequacy of Verification Condition
◮ let Φ be the verification condition for {φ} C {ψ}
SLIDE 17
Adequacy of Verification Condition
◮ let Φ be the verification condition for {φ} C {ψ} ◮ let Γ be a set of assertions
(e.g., axioms for bounded integer arithmetic, axioms for factorial function, . . . )
SLIDE 18