*This preview shows
pages
1–4. Sign up
to
view the full content.*

This
** preview**
has intentionally

**sections.**

*blurred***to view the full version.**

*Sign up*This
** preview**
has intentionally

**sections.**

*blurred***to view the full version.**

*Sign up*
**Unformatted text preview: **CS256/Winter 2007 — Lecture #6 Zohar Manna Chapter 1 Invariance: Proof Methods For assertion q and SPL program P show P q 0 q (i.e., q is P-invariant) 6-1 Proving Invariances Definitions Recall: • the variables of assertion : – free (flexible) system variables V = Y ∪ { π } where Y are the program variables and π is the control variable – quantified (rigid) specification variables • q is the primed version of q , obtained by replacing each free occurrence of a system variable y ∈ V by its primed version y . • ρ τ is the transition relation of τ , expressing the re- lation holding between a state s and any of its τ- successors s ∈ τ ( s ) . 6-2 Verification Conditions (proof obligations) standard verification condition For assertions ϕ, ψ and transition τ , { ϕ } τ { ψ } (“Hoare triple”) stands for the state formula ρ τ ∧ ϕ → ψ “Verification condition (VC) of ϕ and ψ relative to transition τ ” ϕ τ ψ p p j j + 1 6-3 Verification Conditions (Con’t) Example: ρ τ : x ≥ ∧ y = x + y ∧ x = x ϕ : y = 3 ψ : y = x + 3 Then { ϕ } τ { ψ } : x ≥ ∧ y = x + y ∧ x = x | {z } ρ τ ∧ y = 3 | {z } ϕ → y = x + 3 | {z } ψ 6-4 Verification Conditions (Con’t) • for τ ∈ T in P { ϕ } τ { ψ } : ρ τ ∧ ϕ → ψ “ τ leads from ϕ to ψ in P ” • for T in P { ϕ }T { ψ } : { ϕ } τ { ψ } for every τ ∈ T “ T leads from ϕ to ψ in P ” Claim (Verification Condition) If { ϕ } τ { ψ } is P-state valid, then every τ-successor of a ϕ-state is a ψ-state. 6-5 Verification Conditions (Con’t) Special Cases • while, conditional ρ τ : ρ t τ ∨ ρ f τ { ϕ } τ t { ψ } : ρ t τ ∧ ϕ → ψ { ϕ } τ f { ψ } : ρ f τ ∧ ϕ → ψ { ϕ } τ { ψ } : { ϕ } τ t { ψ } ∧ { ϕ } τ f { ψ } • idle { ϕ } τ I { ϕ } : ρ τ I ∧ ϕ → ϕ always valid, since ρ τ I → v = v for all v ∈ V , so ϕ = ϕ. 6-6 Verification Conditions (Con’t) Substituted Form of Verification Condition Transition relation can be written as ρ τ : C τ ∧ ( V = E ) where C τ : enabling condition V : primed variable list E : expression list • The substituted form of verification condition { ϕ } τ { ψ } : C τ ∧ ϕ → ψ [ E /V ] where ψ [ E /V ] : replace each variable v ∈ V in ψ by the corresponding e ∈ E Note : No primed variables! The substituted form of a verification condition is P-state valid iff the standard form is 6-7 Verification Conditions (Con’t) Example: ρ τ : x ≥ ∧ y = x + y ∧ x = x ϕ : y = 3 ψ : y = x + 3 Standard x ≥ ∧ y = x + y ∧ x = x | {z } ρ τ ∧ y = 3 | {z } ϕ → y = x + 3 | {z } ψ Substituted x ≥ | {z } C τ ∧ y = 3 | {z } ϕ → x + y = x + 3 | {z } ψ [ E /V ] 6-8 Verification Conditions (Con’t) Example: ϕ : x = y ψ : x = y + 1 ρ τ : x ≥ | {z } C τ ∧ ( x , y ) | {z } V = ( x + 1 , y ) | {z } E The substituted form of { ϕ } τ { ψ } is x ≥ | {z } C τ ∧ x = y | {z } ϕ → ( x = y + 1)[( x + 1...

View
Full
Document