generation of verification conditions
play

Generation of Verification Conditions Andreas Podelski November 15, - PowerPoint PPT Presentation

Feb 20, 2024 •201 likes •818 views

Generation of Verification Conditions Andreas Podelski November 15, 2011 mechanization of correctness proof given a Hoare triple { } C { } , a derivation is a sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or

  1. Generation of Verification Conditions Andreas Podelski November 15, 2011

  2. mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } , a derivation is a sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or it is inferred by one of the inference rules (seq, cond, while)

  3. mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } , a derivation is a sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or it is inferred by one of the inference rules (seq, cond, while) ◮ mechanization:

  4. mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } , a derivation is a sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or it is inferred by one of the inference rules (seq, cond, while) ◮ mechanization: ◮ construct a derivation assuming that side conditions hold, ◮ and then check side conditions “discharge the verification condition”

  5. mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } , a derivation is a sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or it is inferred by one of the inference rules (seq, cond, while) ◮ mechanization: ◮ construct a derivation assuming that side conditions hold, ◮ and then check side conditions “discharge the verification condition” ◮ if check does not succeed: try another derivation

  6. mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } , a derivation is a sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or it is inferred by one of the inference rules (seq, cond, while) ◮ mechanization: ◮ construct a derivation assuming that side conditions hold, ◮ and then check side conditions “discharge the verification condition” ◮ if check does not succeed: try another derivation ◮ next: deterministic strategy to construct unique derivation

  7. System H (1) ◮ Hoare triple { φ } C { ψ } derivable in H if exists a derivation using the axioms and inference rules of H

  8. System H (1) ◮ Hoare triple { φ } C { ψ } derivable in H if exists a derivation using the axioms and inference rules of H ◮ skip { φ } skip { φ }

  9. System H (1) ◮ Hoare triple { φ } C { ψ } derivable in H if exists a derivation using the axioms and inference rules of H ◮ skip { φ } skip { φ } ◮ assignment { ψ [ e / x ] } x := e { ψ }

  10. System H (2) ◮ sequential command C ≡ C 1 ; C 2 { φ } C 1 { φ ′ } { φ ′ } C { ψ } { φ } C { ψ }

  11. System H (2) ◮ sequential command C ≡ C 1 ; C 2 { φ } C 1 { φ ′ } { φ ′ } C { ψ } { φ } C { ψ } ◮ conditional command C ≡ if b then C 1 else C 2 { φ ∧ b } C 1 { ψ } { φ ∧ ¬ b } C { ψ } { φ } C { ψ }

  12. System H (3) ◮ while command C ≡ while b do { θ } C 0 { θ ∧ b } C 0 { θ } { θ } C { θ ∧ ¬ b }

  13. System H (3) ◮ while command C ≡ while b do { θ } C 0 { θ ∧ b } C 0 { θ } { θ } C { θ ∧ ¬ b } ◮ strengthen precondition, weaken postcondition { φ } C { ψ } { φ ′ } C { ψ ′ } if φ ′ → φ and ψ → ψ ′

  14. System H (3) ◮ while command C ≡ while b do { θ } C 0 { θ ∧ b } C 0 { θ } { θ } C { θ ∧ ¬ b } ◮ strengthen precondition, weaken postcondition { φ } C { ψ } { φ ′ } C { ψ ′ } if φ ′ → φ and ψ → ψ ′

  15. System H (3) ◮ while command C ≡ while b do { θ } C 0 { θ ∧ b } C 0 { θ } { θ } C { θ ∧ ¬ b } ◮ strengthen precondition, weaken postcondition { φ } C { ψ } { φ ′ } C { ψ ′ } if φ ′ → φ and ψ → ψ ′ ◮ Hoare triple derivable in all logicals models in which implications in side condition are valid

  16. backward construction of derivation ◮ given Hoare triple { φ } C { ψ } , “guess inference rule and guess assumptions” generate Hoare triples from which we could infer { φ } C { ψ } . . . and collect side conditions of inference rule (if any)

  17. backward construction of derivation ◮ given Hoare triple { φ } C { ψ } , “guess inference rule and guess assumptions” generate Hoare triples from which we could infer { φ } C { ψ } . . . and collect side conditions of inference rule (if any) ◮ repeat on generated Hoare triples to generate new Hoare triples until every Hoare triple is an axiom

  18. mechanize backward inference ◮ given Hoare triple { φ } C { ψ } , from what Hoare triples could we have inferred it? . . . using what inference rule?

  19. mechanize backward inference ◮ given Hoare triple { φ } C { ψ } , from what Hoare triples could we have inferred it? . . . using what inference rule? ◮ next: go through each form of command C (skip, update, seq, cond, while)

  20. backward inference ◮ ??? { φ } skip { ψ }

  21. backward inference ◮ ??? { φ } skip { ψ } ◮ derivation can use what axiom and what inference rule?

  22. backward inference ◮ ??? { φ } skip { ψ } ◮ derivation can use what axiom and what inference rule? ◮ axiom for skip { φ } skip { φ }

  23. backward inference ◮ ??? { φ } skip { ψ } ◮ derivation can use what axiom and what inference rule? ◮ axiom for skip { φ } skip { φ } ◮ ‘strengthen precondition, weaken postcondition’ inference rule { φ } C { ψ } { φ ′ } C { ψ ′ } if φ ′ → φ and ψ → ψ ′

  24. backward inference ◮ ??? { φ } skip { ψ }

  25. backward inference ◮ ??? { φ } skip { ψ } ◮ possible derivation sequence: axiom for (skip), followed by weaking of postcondition { φ } skip { φ } { φ } skip { ψ }

  26. backward inference ◮ ??? { φ } skip { ψ } ◮ possible derivation sequence: axiom for (skip), followed by weaking of postcondition { φ } skip { φ } { φ } skip { ψ } ◮ side condition: φ → ψ

  27. backward inference ◮ ??? { φ } skip { ψ } ◮ possible derivation sequence: axiom for (skip), followed by weaking of postcondition { φ } skip { φ } { φ } skip { ψ } ◮ side condition: φ → ψ ◮ possible derivation sequence: axiom for (skip), followed by strengthening of precondition { ψ } skip { ψ } { φ } skip { ψ }

  28. backward inference ◮ ??? { φ } skip { ψ } ◮ possible derivation sequence: axiom for (skip), followed by weaking of postcondition { φ } skip { φ } { φ } skip { ψ } ◮ side condition: φ → ψ ◮ possible derivation sequence: axiom for (skip), followed by strengthening of precondition { ψ } skip { ψ } { φ } skip { ψ } ◮ same side condition: φ → ψ

  29. new axiom for skip ◮ { φ } skip { ψ } if φ → ψ

  30. new axiom for skip ◮ { φ } skip { ψ } if φ → ψ ◮ old axiom & strengthening of precondition

  31. new axiom for skip ◮ { φ } skip { ψ } if φ → ψ ◮ old axiom & strengthening of precondition ◮ φ is a precondition for ψ under skip if and only if φ → ψ is valid

  32. new axiom for skip ◮ { φ } skip { ψ } if φ → ψ ◮ old axiom & strengthening of precondition ◮ φ is a precondition for ψ under skip if and only if φ → ψ is valid ◮ ψ is the weakest precondition for ψ under skip

  33. new axiom for update ◮ { φ } x := e { ψ } if φ → ψ [ e / x ]

  34. new axiom for update ◮ { φ } x := e { ψ } if φ → ψ [ e / x ] ◮ old axiom & strengthening of precondition

  35. new axiom for update ◮ { φ } x := e { ψ } if φ → ψ [ e / x ] ◮ old axiom & strengthening of precondition ◮ φ is a precondition for ψ under x := e if and only if φ → ψ [ e / x ] is valid

  36. new axiom for update ◮ { φ } x := e { ψ } if φ → ψ [ e / x ] ◮ old axiom & strengthening of precondition ◮ φ is a precondition for ψ under x := e if and only if φ → ψ [ e / x ] is valid ◮ ψ [ e / x ] is the weakest precondition for ψ under x := e

  37. new rule for seq ◮ old rule: { φ } C 1 { θ } { θ } C 2 { ψ } { φ } C 1 ; C 2 { ψ }

  38. new rule for seq ◮ old rule: { φ } C 1 { θ } { θ } C 2 { ψ } { φ } C 1 ; C 2 { ψ } ◮ new rule: { φ 1 } C 1 { φ 2 } { φ 2 } C 2 { ψ } φ → φ 1 { φ } C 1 ; C 2 { ψ }

  39. new rule for seq ◮ old rule: { φ } C 1 { θ } { θ } C 2 { ψ } { φ } C 1 ; C 2 { ψ } ◮ new rule: { φ 1 } C 1 { φ 2 } { φ 2 } C 2 { ψ } φ → φ 1 { φ } C 1 ; C 2 { ψ } ◮ let φ 2 be the weakest precondition of ψ under C 2 and let φ 1 be the weakest precondition of φ 2 under C 1

  40. new rule for seq ◮ old rule: { φ } C 1 { θ } { θ } C 2 { ψ } { φ } C 1 ; C 2 { ψ } ◮ new rule: { φ 1 } C 1 { φ 2 } { φ 2 } C 2 { ψ } φ → φ 1 { φ } C 1 ; C 2 { ψ } ◮ let φ 2 be the weakest precondition of ψ under C 2 and let φ 1 be the weakest precondition of φ 2 under C 1 ◮ φ is a precondition for ψ under C 1 ; C 2 if and only if φ → φ 1 is valid

  41. new rule for seq ◮ old rule: { φ } C 1 { θ } { θ } C 2 { ψ } { φ } C 1 ; C 2 { ψ } ◮ new rule: { φ 1 } C 1 { φ 2 } { φ 2 } C 2 { ψ } φ → φ 1 { φ } C 1 ; C 2 { ψ } ◮ let φ 2 be the weakest precondition of ψ under C 2 and let φ 1 be the weakest precondition of φ 2 under C 1 ◮ φ is a precondition for ψ under C 1 ; C 2 if and only if φ → φ 1 is valid ◮ the weakest precondition of ψ under C 1 ; C 2 is the weakest precondition of (the weakest precondition of ψ under C 2 ) under C 1

  42. new rule for cond ◮ old rule: { φ ∧ b } C 1 { ψ } { φ ∧ ¬ b } C 2 { ψ } { φ } if b then C 1 else C 2 { ψ }

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Generation of Verification Conditions (contd) Andreas Podelski November 21, 2011

Generation of Verification Conditions (contd) Andreas Podelski November 21, 2011

Generation of Verification Conditions (contd) Andreas Podelski November 21, 2011 mechanization of correctness proof given a Hoare triple { } C { } , mechanization of correctness proof given a Hoare triple { } C { } ,

633 views • 18 slides
7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester

7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester

7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester 2018 Alexander J. Summers 158 Weakest Preconditions So Far Weakest preconditions provide a means of reducing the question: does a program have

339 views • 16 slides
Non-linear Interpolant Generation and Its Application to Program Verification Naijun Zhan State

Non-linear Interpolant Generation and Its Application to Program Verification Naijun Zhan State

Problem Description Synthesizing Non-linear Interpolants Archimedean Condition To invariant generation To machine-lea Non-linear Interpolant Generation and Its Application to Program Verification Naijun Zhan State Key Laboratory of Computer

426 views • 40 slides
Verification Conditions Juan Pablo Galeotti, Alessandra Gorla,

Verification Conditions Juan Pablo Galeotti, Alessandra Gorla,

Verification Conditions Juan Pablo Galeotti, Alessandra Gorla, Andreas Rau Saarland University, Germany 30% projects (10% each) At least 50% threshold

653 views • 31 slides
Executable Models and Verification from MARTE and SysML: a Comparative Study of Code Generation

Executable Models and Verification from MARTE and SysML: a Comparative Study of Code Generation

Introduction SysML MARTE Code Generation Conclusions and Remarks Executable Models and Verification from MARTE and SysML: a Comparative Study of Code Generation Capabilities Marcello Mura Amrit Panda Mauro Prevostini

721 views • 56 slides
Verification of temperature and humidity conditions of mineral soils in the active layer model

Verification of temperature and humidity conditions of mineral soils in the active layer model

Verification of temperature and humidity conditions of mineral soils in the active layer model 1,2 Bogomolov V., 1,3 Dyukarev E., 2,4 Stepanenko V., 5 Volodin E. 1 IMCES SB RAS, 2 MSU Research Computing Center, 3 Yugra State University, 4 MSU, 5

478 views • 19 slides
Removing Unnecessary Variables from Horn Clause Verification Conditions E. De Angelis (1), F.

Removing Unnecessary Variables from Horn Clause Verification Conditions E. De Angelis (1), F.

Removing Unnecessary Variables from Horn Clause Verification Conditions E. De Angelis (1), F. Fioravanti (1) A. Pettorossi (2), M. Proietti (3) (1) DEC, University G. dAnnunzio of Chieti-Pescara, Italy (2) DICII, University of Rome

591 views • 21 slides
Lecture 11 (11.01.2016) Verification Condition Generation Christoph Lth Jan Peleska Dieter

Lecture 11 (11.01.2016) Verification Condition Generation Christoph Lth Jan Peleska Dieter

Systeme Hoher Sicherheit und Qualitt Universitt Bremen WS 2015/2016 Lecture 11 (11.01.2016) Verification Condition Generation Christoph Lth Jan Peleska Dieter Hutter Frohes Neues Jahr! SSQ, WS 15/16 2 [19] Where are we? 01:

638 views • 24 slides
threshold conditions for runaway electron generation and suppression R. Granetz, A. DuBois, B.

threshold conditions for runaway electron generation and suppression R. Granetz, A. DuBois, B.

An ITPA joint experiment to study threshold conditions for runaway electron generation and suppression R. Granetz, A. DuBois, B. Esposito, J. Kim, R. Koslowski, M. Lehnen, J. Martin-Solis ,C. Paz-Soldan, T.-N. Rhee, P. de Vries, J. Wesley, and L.

507 views • 28 slides
AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018

AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018

AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018 Workshop on SecSoN Heedo Kang, Seungwon Shin, Vinod Yegneswaran*, Shalini Ghosh*, Phillip Porras* KAIST, SRI International* Contents 1. B Background

585 views • 29 slides
Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation

Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation

Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation Assurance Dimitra Giannakopoulou Marko Dimjaevi University of Utah NASA Ames Research Center ISSTA 2015, Baltimore, Maryland July 17, 2015 1 /

614 views • 46 slides
Hybrid session verification through Endpoint API generation Raymond Hu and Nobuko Yoshida

Hybrid session verification through Endpoint API generation Raymond Hu and Nobuko Yoshida

Hybrid session verification through Endpoint API generation Raymond Hu and Nobuko Yoshida Imperial College London 1 / 1 Outline Background: multiparty session types (MPST) Implementations and applications of MPST Hybrid session

1.01k views • 65 slides
PVS Linear Algebra Libraries for Verification of Control Software Algorithms in C/ACSL Heber

PVS Linear Algebra Libraries for Verification of Control Software Algorithms in C/ACSL Heber

Introduction Stability and correctness Defining quadratic invariants as code annotations Verification conditions Mapping PVS Linear Algebra Libraries for Verification of Control Software Algorithms in C/ACSL Heber Herencia-Zapana, Romain

990 views • 75 slides
An Open-Source Python-Based Hardware Generation, Simulation, and Verification Framework Shunning

An Open-Source Python-Based Hardware Generation, Simulation, and Verification Framework Shunning

An Open-Source Python-Based Hardware Generation, Simulation, and Verification Framework Shunning Jiang, Christopher Torng, Christopher Batten Computer Systems Laboratory School of Electrical and Computer Engineering Cornell University 1

465 views • 19 slides
AUTOMATED GENERATION OF EQUATION-BASED BOUNDARY CONDITIONS FOR MULTISCALE MODELLING OF UNIT CELLS

AUTOMATED GENERATION OF EQUATION-BASED BOUNDARY CONDITIONS FOR MULTISCALE MODELLING OF UNIT CELLS

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS AUTOMATED GENERATION OF EQUATION-BASED BOUNDARY CONDITIONS FOR MULTISCALE MODELLING OF UNIT CELLS L.F.C. Jeanmeure 1 *, S. Li. 1 1 Department of Mechanical, Materials and Manufacturing

315 views • 5 slides
Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records OVERVIEW 01 04 Scope of Verification Peggys Picks Types of verification, Verifying exam results or parameters, privacy graduation using databases

1.25k views • 81 slides
Derivation of 1d and 2d GrossPitaevskii equations for strongly confined 3d bosons Lea Bomann

Derivation of 1d and 2d GrossPitaevskii equations for strongly confined 3d bosons Lea Bomann

Derivation of 1d and 2d GrossPitaevskii equations for strongly confined 3d bosons Lea Bomann University of T ubingen Venice, 20 August 2019 Problem Results Limiting sequences Strategy of Proof In a nutshell Consider N interacting

449 views • 23 slides
Models and Algorithms Image Parsing Pedro Felzenszwalb and David McAllester Lightest Derivation

Models and Algorithms Image Parsing Pedro Felzenszwalb and David McAllester Lightest Derivation

Models and Algorithms Image Parsing Pedro Felzenszwalb and David McAllester Lightest Derivation Problem Let be a set of statements and R be a set of weighted rules A 1 = w 1 . . . ! " ! # A n = w n ! $ % C = g ( w 1 , . . . , w n )

519 views • 16 slides
Sequence Labeling II CMSC 470 Marine Carpuat Recap: We know how to perform POS tagging with

Sequence Labeling II CMSC 470 Marine Carpuat Recap: We know how to perform POS tagging with

Sequence Labeling II CMSC 470 Marine Carpuat Recap: We know how to perform POS tagging with structured perceptron An example of sequence labeling tasks Requires a predefined set of POS tags Penn Treebank commonly used for English

407 views • 22 slides
Constituency Parsing Spring 2020 2020-03-24 Adapted from slides from Danqi Chen and Karthik

Constituency Parsing Spring 2020 2020-03-24 Adapted from slides from Danqi Chen and Karthik

SFU NatLangLab CMPT 825: Natural Language Processing Constituency Parsing Spring 2020 2020-03-24 Adapted from slides from Danqi Chen and Karthik Narasimhan (with some content from David Bamman, Chris Manning, Mike Collins, and Graham Neubig)

712 views • 52 slides
Context-Free Grammars Z. Sawa (TU Ostrava) Introd. to Theoretical Computer Science April 20,

Context-Free Grammars Z. Sawa (TU Ostrava) Introd. to Theoretical Computer Science April 20,

Context-Free Grammars Z. Sawa (TU Ostrava) Introd. to Theoretical Computer Science April 20, 2020 1 / 63 Context-Free Grammars Example: We would like to describe a language of arithmetic expressions, containing expressions such as: 175

1.27k views • 125 slides
Coalgebraic Semantics for Parallel Derivation Strategies in Logic Programming. Ekaterina

Coalgebraic Semantics for Parallel Derivation Strategies in Logic Programming. Ekaterina

Coalgebraic Semantics for Parallel Derivation Strategies in Logic Programming. Ekaterina Komendantskaya, joint work with John Power and Guy McCusker 13th International Conference on Algebraic Methodology and Software Technology AMAST10, 24

549 views • 38 slides
Compiling T echniques Lecture 5: Introduction to Parsing Christophe Dubach Overview Context

Compiling T echniques Lecture 5: Introduction to Parsing Christophe Dubach Overview Context

Compiling T echniques Lecture 5: Introduction to Parsing Christophe Dubach Overview Context Free Grammars Derivations and Parse T rees Ambiguity T op-Down Parsing Left Recursion Front End: Parser IR tokens Source Parser Scanner

654 views • 32 slides
Context Free Languages and 1 constant memory computation. Grammars NFA + stack 2 context

Context Free Languages and 1 constant memory computation. Grammars NFA + stack 2 context

Algorithms & Models of Computation What stack got to do with it? CS/ECE 374, Fall 2017 Whats a stack but a second hand memory? DFA / NFA /Regular expressions. Context Free Languages and 1 constant memory computation. Grammars NFA +

435 views • 9 slides

More recommend