Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proving Program Correctness The Axiomatic Approach.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Proving Program Correctness The Axiomatic Approach."— Presentation transcript:

1 Proving Program Correctness The Axiomatic Approach

2 What is Correctness? Correctness: –partial correctness + termination Partial correctness: –Program implements its specification

3 Proving Partial Correctness Goal: prove that program is partially correct Approach: model computation with predicates –Predicates are boolean functions over program state Simple example –{odd(x)} a = x {odd(a)} Generally: {P} S {Q}, where –P  precondition –Q  postcondition –S  Programming language statement

4 Proof System Two elements of proof system –Axioms: capture the effect of prog. lang. stmts. –Inference rules: compose axioms to build up proofs of entire program behavior Let’s start by discussing inference rules and then we’ll return to discussing axioms

5 Composition Rule: Consider two predicates –{odd(x+1)} x = x+1 {odd(x)} –{odd(x)} a = x {odd(a)} What is the effect of executing both stmts? –{odd(x+1)} x = x+1 ; a = x {odd(a)}

6 Consequence 1 Rule Ex: –{odd(x)} a = x {odd(a)} and –Postcondition  {a  4} What can we say about this program?

7 Consequence 2 Rule: Ex: –Precondition  {x=1} and –{odd(x)} a = x {odd(a)} What can we say about this program?

8 Axioms Axioms explain the effect of executing a single statement Axioms will be derived “backwards.” –Start with postcondition and determine what conditions must be true on entry to stmt.

9 Assignment Axiom Rule: Replace all free occurences of x with y –e.g., {odd(x)} a = x {odd(a)}

10 Conditional Stmt 1 Axiom Rule: B if S {P} {P   B if }{P  B if } {Q}

11 Conditional Stmt 1 Example: 1.if even(x) then { 2. x = x +1 3.} {odd(x)  x > 3} else part (??   even(x)  (odd(x)  x>3) then part: {odd(x+1)  x>2} x = x+1 {odd(x)  x > 3} (??  even(x))  (odd(x+1)  x>2) P  ((odd(x+1)  x>2)  x >3) –x > 3 works as well.

12 Conditional Stmt 2 Axiom Rule {P} {P   B if } {Q} S2S2 S1S1 {P  B if } B if

13 Conditional Stmt 2 Axiom Example: 1.if x < 0 then { 2. x = -x; y = x 3.else 4.y = x 5.} {y = |x|} Then part: {x = |x|} y = x {y = |x|} {-x = |x|} x = -x {x = |x|} ( ??  x <0)  -x = |x| Else part: {x =|x|} y=x{y=|x|} ( ??  ¬(x < 0))  x = |x| P  (-x = |x|)  (x=|x|)

14 While Loop Axiom Rule Infinite number of paths, so we need one predicate for that captures the effect of S P is called an invariant B if S {P} {P   B}

15 While Loop Axiom Example IN  {B  0} –a = A –b = B –y = 0 –while b > 0 do { –y = y + a –b = b - 1 –}–} OUT  {y = AB} INV  y + ab = AB  b  0 B w  b > 0 Show INV  ¬ B w  OUT y + ab = AB  b  0  ¬(b > 0) y + ab = AB  b = 0 y = AB So {INV  ¬ B w }  OUT Establish IN  INV {ab = AB  b  0} y=0 { INV} {aB = AB  B  0} b = B {….} {AB = AB  B  0} a = A {….} So {IN } a=A;b=B;y=0 {INV}

16 While Loop Axiom Need to show {INV  B w } loop body {INV} {y+a(b-1) = AB  b-1  0} b = b - 1 {INV} {y+a+a(b-1) = AB  b-1  0} y = y+a {….} {y +ab = AB  b-1  0} loop body {INV} y + ab = AB  b  0  b > 0  {y +ab = AB  b-1  0}, So –{IN} lines 1-3} {INV}, –{INV} while loop {INV  ¬ B w }, and –{INV  ¬ B w }  OUT Therefore –{IN} program {OUT}

17 Total correctness After you have shown partial correctness –Need to prove that program terminates Usually a progress argument. Last program –Loop terminates if b  0 –b starts positive and is decremented by 1 every iteration –So loop must eventually terminate

Download ppt "Proving Program Correctness The Axiomatic Approach."

Similar presentations

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 1 Summer school on Formal Models.

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 1 Summer school on Formal Models.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 1 PZ03D - Program verification Programming Language Design.

PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, PZ03D - Program verification Programming Language Design.
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.

David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.
Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.

Axiomatic Verification I Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 17.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Dynamic semantics Precisely specify the meanings of programs. Why? –programmers need to understand the meanings of programs they read –programmers need.

Dynamic semantics Precisely specify the meanings of programs. Why? –programmers need to understand the meanings of programs they read –programmers need.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
Predicate Transformers

Predicate Transformers
Program Proving Notes Ellen L. Walker.

Program Proving Notes Ellen L. Walker.
Announcements We are done with homeworks Second coding exam this week, in recitation –Times will be posted later today –If in doubt, show up for your regular.

Announcements We are done with homeworks Second coding exam this week, in recitation –Times will be posted later today –If in doubt, show up for your regular.
1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.
CS 355 – Programming Languages

CS 355 – Programming Languages
Axiomatic Semantics Dr. M Al-Mulhem ICS535-091.

Axiomatic Semantics Dr. M Al-Mulhem ICS

Similar presentations

Ads by Google