Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proving Program Correctness The Axiomatic Approach.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Proving Program Correctness The Axiomatic Approach."— Presentation transcript:

1 Proving Program Correctness The Axiomatic Approach

2 What is Correctness? Correctness: –partial correctness + termination Partial correctness: –Program implements its specification

3 Proving Partial Correctness Goal: prove that program is partially correct Approach: model computation with predicates –Predicates are boolean functions over program state Simple example –{odd(x)} a = x {odd(a)} Generally: {P} S {Q}, where –P  precondition –Q  postcondition –S  Programming language statement

4 Proof System Two elements of proof system –Axioms: capture the effect of prog. lang. stmts. –Inference rules: compose axioms to build up proofs of entire program behavior Let’s start by discussing inference rules and then we’ll return to discussing axioms

5 Composition Rule: Consider two predicates –{odd(x+1)} x = x+1 {odd(x)} –{odd(x)} a = x {odd(a)} What is the effect of executing both stmts? –{odd(x+1)} x = x+1 ; a = x {odd(a)}

6 Consequence 1 Rule Ex: –{odd(x)} a = x {odd(a)} and –Postcondition  {a  4} What can we say about this program?

7 Consequence 2 Rule: Ex: –Precondition  {x=1} and –{odd(x)} a = x {odd(a)} What can we say about this program?

8 Axioms Axioms explain the effect of executing a single statement –Assignment –If –If then else –While loop Typically applied in reverse during proof –Start with postcondition and work backwards to determine what must precondition must be

9 Assignment Axiom Rule: Application: Replace all free occurences of x with y –e.g., {odd(x)} a = x {odd(a)}

10 Conditional Stmt 1 Axiom Rule: B if S {P} {P   B if }{P  B if } {Q}

11 Application Example: 1.if even(x) then { 2. x = x +1 3.} {odd(x)  x > 3} else part: need to show {(P   even(x))  (odd(x)  x>3)} {P  (x>3)} then part: need to show {P ^ even(x)} x=x+1 {odd(x)  x>3} {odd(x+1)  x>2} x = x+1 {odd(x)  x > 3} {(P  even(x))  (odd(x+1)  x>2)} {P  (x>2)} Need to choose a predicate P consistent with implications above P  x>2 –x > 39 works as well

12 Conditional Stmt 2 Axiom Rule {P} {P   B if } {Q} S2S2 S1S1 {P  B if } B if

13 Conditional Stmt 2 Axiom Example: 1.if x < 0 then { 2. x = -x; 3. y = x 4.} else { 5. y = x 6.} {y = |x|} Then part: need to show {P  (x<0)} x=-x;y=x {y = |x|} {x = |x|} y = x {y = |x|} {-x = |x|} x = -x {x = |x|} ( P  x <0)  -x = |x| Else part: need to show {P   (x<0)} y=x {y = |x|} {x =|x|} y=x {y=|x|} ( P  ¬(x < 0))  x = |x| P  true

14 While Loop Axiom Rule Infinite number of paths, so we need one predicate for that captures the effect of 0 or more loop traversals P is called an Pariant B if S {P} {P   B}

15 Partial Correctness Proof Example IN  {B  0} –a = A –b = B –y = 0 –while b > 0 do { –y = y + a –b = b - 1 –} OUT  {y = AB} P  y + ab = AB  b  0 B w  b > 0 Show P  ¬ B w  OUT y + ab = AB  b  0  ¬(b > 0) y + ab = AB  b = 0 y = AB So {P  ¬ B w }  OUT Establish {IN} a=A;b=B;y=0 {P} {ab = AB  b  0} y=0 { P} {aB = AB  B  0} b = B {….} {AB = AB  B  0} a = A {….} So {IN } a=A;b=B;y=0 {P}

16 While Loop Axiom Need to show {P  B w } y=y+a; b=b-1 {P} {y+a(b-1) = AB  b-1  0} b = b - 1 {P} {y+a+a(b-1) = AB  b-1  0} y = y+a {….} {y +ab = AB  b-1  0} loop body {P} { y + ab = AB  b  0  b > 0}  {y +ab = AB  b-1  0}, So –{IN} lines 1-3} {P}, –{P} while loop {P  ¬ B w }, and –{P  ¬ B w }  OUT Therefore –{IN} program {OUT}

17 Total correctness After you have shown partial correctness –Need to prove that program terminates Usually a progress argument. For previous program –Loop terminates if b  0 –b starts positive and is decremented by 1 every iteration –So loop must eventually terminate

Download ppt "Proving Program Correctness The Axiomatic Approach."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Program Verification Using Hoares Logic Book: Chapter 7.

Program Verification Using Hoares Logic Book: Chapter 7.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 1 PZ03D - Program verification Programming Language Design.

PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, PZ03D - Program verification Programming Language Design.
Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.

Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.

Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Dynamic semantics Precisely specify the meanings of programs. Why? –programmers need to understand the meanings of programs they read –programmers need.

Dynamic semantics Precisely specify the meanings of programs. Why? –programmers need to understand the meanings of programs they read –programmers need.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
Predicate Transformers

Predicate Transformers
Program Proving Notes Ellen L. Walker.

Program Proving Notes Ellen L. Walker.
Announcements We are done with homeworks Second coding exam this week, in recitation –Times will be posted later today –If in doubt, show up for your regular.

Announcements We are done with homeworks Second coding exam this week, in recitation –Times will be posted later today –If in doubt, show up for your regular.
1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.
CS 355 – Programming Languages

CS 355 – Programming Languages
CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.

CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.

Similar presentations

Ads by Google