Download presentation

Presentation is loading. Please wait.

Published byAmya Jaggers Modified over 2 years ago

1
Formal Semantics of Programming Languages 虞慧群 yhq@ecust.edu.cn Topic 5: Axiomatic Semantics

2
Motivation What do we need in order to prove that the program does what it supposed to do? Specify the required behavior Compare the behavior with the one obtained by the denotational/operational semantics Develop a proof system for showing that the program satisfies a requirement Mechanically use the proof system to show correctness The meaning of a program is a set of verification rules

3
Plan The basic idea An assertion language Semantics of assertions Proof rules An example Soundness Completeness

4
Example Program S:=0 N := 1 while (N=101) do S := S + N ; N :=N+1 N=101 S=∑ 1 m 100 m

5
Example Program S:=0 {S=0} N := 1 {S=0 N=1} while (N=101) do S := S + N ; N :=N+1 {N=101 S=∑ 1 m 100 m}

6
Example Program S:=0 {S=0} N := 1 {S=0 N=1} while (N=101) do S := S + N ; N :=N+1 {N=101 S=∑ 1 m 100 m}

7
Example Program S:=0 {S=0} N := 1 {S=0 N=1} while {1 N 101 S=∑ 1 m N-1 m} (N=101) do S := S + N ; {1 N < 101 S=∑ 1 m N m} N :=N+1 {N=101 S=∑ 1 m 100 m}

8
Partial Correctness {P}c{Q} P and Q are assertions (extensions of Boolean expressions) c is a command For all states which satisfies P, if the execution of c from state terminates in state ’, then ’ satisfies Q {true}while true do skip{false}

9
Total Correctness [P]c[Q] P and Q are assertions (extensions of Boolean expressions) c is a command For all states which satisfies P, the execution of c from state must terminates in a state ’ ’ satisfies Q

10
Formalizing Partial Correctness |=A A is true in {P} c {Q} , ’ ∑. (|= P & ’ ) ’ |= Q ∑. ( |= P & C [c] is defined) C [c] |= Q Convention for all A |= A ∑. |= P C [c] |= Q

11
The Assertion Language Extend Bexp Allow quantifications i: … i: … i. k=i l Import well known mathematical concepts n! = n (n-1) … 2 1

12
The Assertion Language Aexpv a:= n | X | i | a0 + a1 | a0 - a1 | a0 a1 Assn A:= true | false | a0 = a1 | a0 a1 | A0 A1 | A0 A1 | A | A0 A1 | i. A | i. A

13
Example while (M=N) do if M N then N := N – M else M := M - N

14
Free and Bound Variables An integer variable is bound when it occurs in the scope of a quantifier Otherwise it is free Examples i. k=i L (i+100 77) i.j+1=i+3) FV(n) = FV(X) = FV(i) = {i} FV(a 0 + a 1 )=FV(a 0 -a 1 )=FV(a 0 a 1 ) = FV(a 0 ) FV(a 1 ) FV(true)=FV(false)= FV(a 0 = a 1 )=FV(a 0 a 1 )= FV(a 0 ) FV(a 1 ) FV(A 0 A 1 )=FV(A 0 A 1 ) =FV(A 0 A 1 )= FV(A 0 ) FV(A 1 ) FV( A)=FV(A) FV( i. A)=FV( i. A)= FV(A) {i}

15
Substitution Visualization of an assertion A ---i---i---- Consider a “pure” arithmetic expression A[a/i] ---a---a--- n[a/i] = n X[a/i]=X i[a/i] = a j[a/i] = j (a 0 + a 1 )[a/i] = a 0 [a/i] + a 1 /[a/i] (a 0 - a 1 )[a/i] = a 0 [a/i] – a 1 [a/i] (a 0 a 1 )[a/i]= a 0 [a/i] a 1 [a/i]

16
Substitution Visualization of an assertion A ---i---i---- Consider a “pure” arithmetic expression A[a/i] ---a---a--- true[a/i] = true false[a/i]=false (a 0 = a 1 )[a/i] = (a 0 /[a/i] = a 1 [a/i]) (a 0 a 1 )[a/i] = (a 0 /[a/i] a 1 [a/i]) (A 0 A 1 )[a/i] = (A 0 [a/i] A 1 [a/i]) (A 0 A 1 )[a/i]= (A 0 [a/i] A 1 [a/i]) (A 0 A 1 )[a/i] = (A 0 [a/i] A 1 [a/i])[a/i] ( A)[a/i] = (A[a/i]) ( i. A)[a/i] = i. A ( j. A)[a/i] = ( i. A[a/i]) ( i. A)[a/i] = i. A ( j. A)[a/i] =( i. A[a/j])

17
Location Substitution Visualization of an assertion A ---X---X---- Consider a “pure” arithmetic expression A[a/X] ---a---a---

18
Example Assertions i is a prime number i is the least common multiple of j and k

19
Semantics of Assertions An interpretation I:intvar N The meaning of Aexpv Av[n]I =n Av[X]I = (X) Av[i]I = I(i) Av[a0+a1] I = Av[a0]I +Av [a1] I … For all a Aexp states and Interpretations I A[a] =Av[a]I

20
Semantics of Assertions (II) I[n/i] change i in I to n For I and , define |= I A by structural induction |= I true |= I (a 0 = a 1 ) if Av[a 0 ] I = Av[a 1 ] I |= I (A B) if |= I A and |= I B |= I A if not |= I A |= I A B if (not |= I A) or |= I B) |= I iA |= I [n/i] A for all n N A

21
Proposition 6.4 For all b Bexp states and Interpretations I B[b] = true iff |=I b B[b] = false iff not |=I b

22
Partial Correctness Assertions {P}c{Q} P, Q Assn and c Com For a state and interpretation I |= I {P}c{Q} if ( |= I P C [c] |= I Q) Validity When , |= I {P}c{Q} we write |= I {P}c{Q} When , and I |= I {P}c{Q} we write |= {P}c{Q} {P}c{Q} is valid

23
The extension of an assertion A I = { | |= I A }

24
Hoare Proof Rules for Partial Correctness {A} skip {A} {B[a/X]} X:=a {B} {P} c 0 {C} {C} c 1 {Q} {P} c 0 ;c 1 {Q} {P b} c 0 {Q} {P b} c 1 {Q} {P} if b then c 0 else c 1 {Q} {I b} c {I} {I} while b do c{I b} |=P P’ {P’} c {Q’} |= Q’ Q {P} c {Q}

25
Example while X > 0 do Y := X Y; X := X – 1

26
Soundness Every theorem obtained by the rule system is valid |- {P} c {Q} |={P} c {Q} The system can be implemented (HOL, LCF) Requires user assistance Proof of soundness Every rule preserves validity (Theorem 6.1)

27
Completeness Every valid theorem can be derived by the rule system is valid |={P} c {Q} |-{P} c {Q} But what about Gödel’s incompleteness? Relative completeness Assume that every math theorem is valid

28
Summary Axiomatic semantics provides an abstract semantics Can be used to explain programming Can be automated More effort is required to make it practical

29
Exercise 5 (1)

Similar presentations

OK

Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 2: Operational Semantics I Roman Manevich Ben-Gurion University.

Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 2: Operational Semantics I Roman Manevich Ben-Gurion University.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google