Presentation is loading. Please wait.

Presentation is loading. Please wait.

1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

Published bySibyl McKenzie Modified over 9 years ago

Similar presentations

Presentation on theme: "1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer."— Presentation transcript:

1 1/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer Science TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAA A A

2 2/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Table of Contents  Introduction  Semantics of programming language  Weakest precondition  The deductive system HL  Program verification  Total correctness  Program synthesis  References

3 3/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Introduction  The syntax of programming language is specified using formal systems such as BNF, but the semantics is usually informally specified  Example :  The formal BNF syntax of an if-statement  if-statement ::= if expression then statement [else statement]  But its semantics is described informally  The boolean expression is evaluated. If true, the statement following then is executed, otherwise the statement following else is executed.  If the semantics is informally defined there is no formal way of determining the validity or correctness of a program.

4 4/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Semantics of programming language (1/8)  A statement in a programming language is considered to be a function that transforms the state of computation.  If the variables (x,y) = (8,7) in a state s, then the result of executing the statement x := 2*y+1 is the state s’ in which (x,y) = (15,7)  Definition 1.  Let U be the set of all n-tuples of values over some domain, and let U’ µ U. P U’ ( x 1, …, x n ), the characteristic predicate of U’, is defined so that U’ = { ( x 1,…, x n ) 2 U | P U’ ( x 1,…, x n ) }

5 5/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Semantics of programming language (2/8)  Example of def.1  Let U be the set of 2-tuples over Z and let U’ µ U be the 2- tuples described in the following table … …(-2,-3), (-2,-2), (-2, -1), (-2,0), (-2,1), (-2,2), (-2,3) …(-1,-3), (-1,-2), (-1, -1), (-1,0), (-1,1), (-1,2), (-1,3) … (0,-3), (0,-2), (0, -1), (0,0), (0,1), (0,2), (0,3) … (1,-3), (1,-2), (1, -1), (1,0), (1,1), (1,2), (1,3) …  The characteristic predicate of U’ is ( x 1 = x 1 ) Æ ( x 2 · 3)

6 6/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Semantics of programming language (3/8)  Definition. 2  An assertion is a triple {p} S {q}, where S is a program, and p and q are formulas in the predicate calculus called the precondition and postcondition, respectively.  An assertion is true, denoted ² {p} S {q}, iff: if S is started in a state satisfying p and if this computation of S terminates, then the computation terminates in a state satisfying q.  If ² {p} S {q}, then S is said to be partially correct with respect to p and q  Assertions are also called Hoare triples  Example  ² { y · 3} x:= 2*y+1 {(x · 7) Æ (y · 3)}

7 7/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Semantics of programming language (4/8)  Weakest preconditions  Definition 3.  A formula A is weaker than formula B if B ! A. Given a set of formulas { A 1, A 2,… A n }, A i is the weakest formula in the set if A j ! A i for all j.  Definition 4.  For program S and formula q, wp(S,q), the weakest precondition of S and q, is the weakest formula p such that ² {p} S {q}  Example  y · 3 is weaker than y = 1 Ç y = 3  wp(x:=2*y+1, (x · 7) Æ (y · 3)) = y · 3

8 8/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Semantics of programming language (5/8)  Lemma 5.  ² {p} S {q} if and only if ² p ! wp( S, q )  Definition 6.  wp( x := t, p(x) ) = p(x) { x à t }  Example  wp( y := y-1, y ¸ 0 ) = ( y-1 ¸ 0 ) = ( y ¸ 1)  Definition 7.  wp( S1; S2, q ) = wp( S1, wp(S2, q) )

9 9/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Semantics of programming language (6/8)  Examples of def. 7 1. wp(x := x+1; y := y+2, x < y) = wp(x := x+1, wp(y :=y+2, x < y )) = wp(x := x+1, x < y+2) = x +1 < y+2 ≡ x < y+1 2. wp( x := x+a; y := y-1, x = (b-y) · a ) = wp( x := x+a, wp(y := y-1, x = (b-y) · a)) = wp( x := x+a, x = (b–y+1) · a) = x + a = ( b – y + 1) · a ≡ x = (b-y) · a

10 10/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Semantics of programming language (7/8)  Definition 8.  A predicate I is an invariant of S iff wp( S, I ) = I  Definition 9.  if-statement  wp(if B then S1 else S2, q) = (B ! wp(S1, q)) Æ ( : B ! wp(S2, q))  Definition 10.  while-statement  wp(while B do S, q) = ( : B ! q) Æ (B ! wp(S; while B do S, q))

11 11/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Semantics of programming language (8/8)  If-statement  wp(if y=0 then x := 0 else x := y+1, x=y) = ( y=0 ! wp(x :=0, x=y)) Æ ( y  0 ! wp(x := y+1, x=y)) ≡ ((y=0) ! (y=0)) Æ ((y  0) ! (y+1 = y)) ≡ true Æ ((y  0) ! false) ≡ : ( y  0 ) ≡ y = 0  While-statement  You’ll see many of this examples later.

12 12/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB The deductive system HL (1/4)  A deductive system HL (Hoare Logic) whose formulas are assertions can be used to prove properties of programs  Definition 11.  Domain axioms  Every true formula over the domain(s) of the program variables  Assignment axiom  ` {p(x) {x à t }} x := t {p(x)}  Composition rule 

13 13/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB The deductive system HL (2/4)  Alternative rule  Loop rule  Consequence rule

14 14/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB The deductive system HL (3/4)  Loop rule  the formula p is called an invariant: it describes the behavior of an execution of the statement S in the while statement  To prove ` { p 0 } while B do S {q}  We need to find an invariant  We need to show that p 0 ! p is true  We need to show that (p Æ : B) ! q is true  The most difficult part in proving programs is to find appropriate invariants

15 15/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB The deductive system HL (4/4)  Example of loop rule  x = 5 is too strong to be an invariant of above while statement  x ¸ 0 is an invariant  x ¸ 0 Æ x > 0 implies x ¸ 0 after executing the loop body  loop terminates if x ¸ 0 Æ : (x>0) is true while x > 0 do x := x - 1

16 16/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB  Use HL to prove the partial correctness of the program  Let the formula x = (b-y) · a be the invariant  { p Æ y  0 } x : = x+a; y := y-1 {p}, where p is x = (b-y) · a  Postcondition of the loop can be written p Æ (y = 0) so we can deduce x = a · b Program verification (1/3) {true} x := 0; {x = 0} y := b; {x = 0 Æ y = b} while y <> 0 do { x = (b-y) · a } begin x := x + a; y := y-1 end; { x = a · b }

17 17/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Program verification (2/3)  Total correctness  We have proved only partial correctness  If the initial value of b is negative, the program will not terminate  We need to strengthen the precondition  b ¸ 0  Strengthening the precondition will obviously not invalidate the proof of partial correctness, since a stronger precondition simply selects a subset of the set of states for which the computation is correct  All we need to prove is that the program terminates

18 18/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Program verification (3/3)  To show termination, we search for a numeric function whose value decreases with every execution of the loop, and whose value has an invariant lower bound.  The loop must eventually terminate because there can not be an infinite decreasing sequence greater than the lower bound.  Since y is decreasing and yet bounded from below by y ¸ 0, the loop must terminate and the program is totally correct. { x = (b-y) · a Æ y ¸ 0 Æ y  0} begin x := x + a; y := y-1 end; {x = (b-y) · a Æ y ¸ 0}

19 19/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Program synthesis (1/3)  The most difficult part in proving program is to find invariants  How to find invariants?  Solution  delete part of postcondition  We demonstrate the method by developing two different programs for finding the integer square root of a non-negative integer:  { 0 · a } S { 0 · x 2 · a < ( x+1) 2 }

20 20/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Program synthesis (2/3)  Solution { 0 · a } x := ? ; while B(x, a) do { 0 · x 2 · a } x := ? ; {0 · x 2 · a < ( x+1) 2 } the postcondition of the while statement is p Æ : B(x,a), so B(x,a) is ( x+1) 2 · a the loop should be terminated, so x should be incremented in every iteration

21 21/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB Program synthesis (3/3)  Solution  We must check the loop invariant { p Æ B } S {p}  { 0 · x 2 · a Æ ( x +1) 2 · a } x := x+1 { 0 · x 2 · a } { 0 · a } x := ? ; while B(x, a) do { 0 · x 2 · a } x := ? ; {0 · x 2 · a < ( x+1) 2 } { 0 · a } x := 0 ; while ( x+1) 2 · a do { 0 · x 2 · a } x := x + 1 ; {0 · x 2 · a < ( x+1) 2 }

22 22/22 Programs : Semantics and Verification Charngki Hong @ PSWLAB References  Mathematical logic for computer science, Mordechai Ben- Ari  Logic in computer science, Michael Huth and Mark Ryan

Download ppt "1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Copyright 2003-04, Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.

Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.

David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.
Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.

Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.
Partial correctness © Marcelo d’Amorim 2010.

Partial correctness © Marcelo d’Amorim 2010.
Axiomatic Semantics The meaning of a program is defined by a formal system that allows one to deduce true properties of that program. No specific meaning.

Axiomatic Semantics The meaning of a program is defined by a formal system that allows one to deduce true properties of that program. No specific meaning.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
1 Discrete Structures Lecture 29 Predicates and Programming Read Ch. 10.1 - 10.2.

1 Discrete Structures Lecture 29 Predicates and Programming Read Ch
Predicate Transformers

Predicate Transformers
Program Proving Notes Ellen L. Walker.

Program Proving Notes Ellen L. Walker.
Duminda WijesekeraSWSE 623 - Program Correctness1 SWSE 623 Program Correctness -Pre-condition, Post-conditions and Loop invariants.

Duminda WijesekeraSWSE Program Correctness1 SWSE 623 Program Correctness -Pre-condition, Post-conditions and Loop invariants.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CS 355 – Programming Languages

CS 355 – Programming Languages
Discrete Mathematics Lecture 4 Harper Langston New York University.

Discrete Mathematics Lecture 4 Harper Langston New York University.

Similar presentations

Ads by Google