Download presentation
Presentation is loading. Please wait.
1
CIS 720 Lecture 3
2
Correctness of sequential programs
Program logic { P } S { Q } If S begins in a state satisfying P and S terminates, then the resulting state satisfies Q. Partial correctness P = precondition Q = postcondition
3
Axioms Skip statement Assignment statement { P } skip { P }
{ Pxe } x := e { P } Pxe = P with all occurrences of x replaced by e { true } x := 5 { x = 5} { y = 1 } x := 5 { x = 5 /\ y = 1} { y = 1 } x := 5 { x + y = 6 }
4
Rule of consequence P’ => P, {P } S {Q}, Q => Q’ {P’ } S {Q’}
5
Alternative statement
if B1 S1 [] …... [] Bn Sn fi Bi = boolean guard Its evaluation does not change the state All guards are evaluated One of the true guards is selected non-deterministically and its statement executed. If no guards evaluates to true then skip
6
If-statement axiom 1 ≤ i ≤ N, { P /\ Bi } Si { Q } /\ ( P /\ !(B1\/....\/Bn)) => Q {P} if B1 S1 [] …... [] Bn Sn fi {Q} {P} if B1 S1 [] B2 S2 : Bn Sn fi {P /\ B1} {P} {Q}
![If-statement axiom 1 ≤ i ≤ N, { P /\ Bi } Si { Q } /\ ( P /\ !(B1\/....\/Bn)) => Q. {P} if B1 S1 [] …... [] Bn Sn fi {Q}](http://slideplayer.com/slide/17016333/98/images/6/If-statement+axiom+1+%E2%89%A4+i+%E2%89%A4+N%2C+%7B+P+%2F%5C+Bi+%7D+Si+%7B+Q+%7D+%2F%5C+%28+P+%2F%5C+%21%28B1%5C%2F....%5C%2FBn%29%29+%3D%3E+Q.+%7BP%7D+if+B1+%EF%83%A0+S1+%5B%5D+%E2%80%A6...+%5B%5D+Bn+%EF%83%A0+Sn+fi+%7BQ%7D.jpg "{P} if. B1 S1. [] B2 S2. : Bn Sn. fi. {P /\ B1} {P} {Q}")
7
{true} m >=
8
Rule of Consequence
9
Iterative rule do B1 S1 [] …... [] Bn Sn od
Perform all of the following steps until all guards evaluate to false Evaluate all guards Select one of the true guards non-deterministically and execute the statement
![Iterative rule do B1 S1 [] …... [] Bn Sn od](http://slideplayer.com/slide/17016333/98/images/9/Iterative+rule+do+B1+%EF%83%A0+S1+%5B%5D+%E2%80%A6...+%5B%5D+Bn+%EF%83%A0+Sn+od.jpg "Perform all of the following steps until all guards evaluate to false. Evaluate all guards. Select one of the true guards non-deterministically and execute the statement.")
10
Iterative statement axiom
Loop invariant I is a predicate that holds before and after each iteration of the loop. 1 ≤ i ≤ N, { I /\ Bi } Si { I } {I} do B1 S1 [] …... [] Bn Sn od {I /\ ¬(B1 \/....\/ Bn)}
11
Proof Outline Proof outline consists of one assertion before and after each statement (or one assertion for each control point). Assertion is supposed to indicate what must be true at that point Each assertion must follow from the previous assertion using either an axiom or logical implication
12
Example i := 1 fact := 1 do i < n i = i + 1 fact =fact * i od
{A1} i := 1 {A2} – using AA {A2} fact := 1 {A3} – using AA {A1: n > 0} A3 I i := 1 fact := 1 do i < n i = i + 1 fact =fact * i od {A4 /\ i < n} i := i+1 {A5} – using AA {A2: n > 0 /\ i = 1} {A5} fact := fact *i {I} – using AA {I} do … od {I /\ I >= n} – using Do-loop axiom {A3: n > 0 /\ i = 1 /\ fact = 1} {I: n > 0 /\ fact = i! /\ i <= n} {A4: I /\ i < n} {A5: n > 0 /\ fact = (i – 1)! /\ i <= n} {I} {A6: I /\ i >= n} {fact = n!}
13
i { A4 /\ i < n }
14
i := 1 max := A[1] do i < n i = i + 1 if (max < A[i]) max = A[i] od
![i := 1 max := A[1] do i < n i = i + 1 if (max < A[i]) max = A[i] od](http://slideplayer.com/slide/17016333/98/images/14/i+%3A%3D+1+max+%3A%3D+A%5B1%5D+do+i+%3C+n+%EF%83%A0+i+%3D+i+%2B+1+if+%28max+%3C+A%5Bi%5D%29+max+%3D+A%5Bi%5D+od.jpg "i := 1 max := A[1] do i < n i = i + 1 if (max < A[i]) max = A[i] od")
16
Concurrency rule { Pi } Si { Qi } are interference free
{ P1 /\ …. /\ Pn } co S1 // …. // Sn { Q1 /\ …. /\ Qn}
17
Interference freedom Let a be a statement and C be an assertion.
NI(a, C) iff { pre(a) /\ C } a { C } Execution of a does not invalidates (or interferes with C).
18
{ Pi } Si { Qi }, for all I, are interference free if
for all assertions C in proof outline of Si, for all actions a in Sj, i != j NI(a, C) holds
Similar presentations
