This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: CS256/Winter 2007 — Lecture #6 Zohar Manna Chapter 1 Invariance: Proof Methods For assertion q and SPL program P show P q 0 q (i.e., q is Pinvariant) 61 Proving Invariances Definitions Recall: • the variables of assertion : – free (flexible) system variables V = Y ∪ { π } where Y are the program variables and π is the control variable – quantified (rigid) specification variables • q is the primed version of q , obtained by replacing each free occurrence of a system variable y ∈ V by its primed version y . • ρ τ is the transition relation of τ , expressing the re lation holding between a state s and any of its τ successors s ∈ τ ( s ) . 62 Verification Conditions (proof obligations) standard verification condition For assertions ϕ, ψ and transition τ , { ϕ } τ { ψ } (“Hoare triple”) stands for the state formula ρ τ ∧ ϕ → ψ “Verification condition (VC) of ϕ and ψ relative to transition τ ” ϕ τ ψ p p j j + 1 63 Verification Conditions (Con’t) Example: ρ τ : x ≥ ∧ y = x + y ∧ x = x ϕ : y = 3 ψ : y = x + 3 Then { ϕ } τ { ψ } : x ≥ ∧ y = x + y ∧ x = x  {z } ρ τ ∧ y = 3  {z } ϕ → y = x + 3  {z } ψ 64 Verification Conditions (Con’t) • for τ ∈ T in P { ϕ } τ { ψ } : ρ τ ∧ ϕ → ψ “ τ leads from ϕ to ψ in P ” • for T in P { ϕ }T { ψ } : { ϕ } τ { ψ } for every τ ∈ T “ T leads from ϕ to ψ in P ” Claim (Verification Condition) If { ϕ } τ { ψ } is Pstate valid, then every τsuccessor of a ϕstate is a ψstate. 65 Verification Conditions (Con’t) Special Cases • while, conditional ρ τ : ρ t τ ∨ ρ f τ { ϕ } τ t { ψ } : ρ t τ ∧ ϕ → ψ { ϕ } τ f { ψ } : ρ f τ ∧ ϕ → ψ { ϕ } τ { ψ } : { ϕ } τ t { ψ } ∧ { ϕ } τ f { ψ } • idle { ϕ } τ I { ϕ } : ρ τ I ∧ ϕ → ϕ always valid, since ρ τ I → v = v for all v ∈ V , so ϕ = ϕ. 66 Verification Conditions (Con’t) Substituted Form of Verification Condition Transition relation can be written as ρ τ : C τ ∧ ( V = E ) where C τ : enabling condition V : primed variable list E : expression list • The substituted form of verification condition { ϕ } τ { ψ } : C τ ∧ ϕ → ψ [ E /V ] where ψ [ E /V ] : replace each variable v ∈ V in ψ by the corresponding e ∈ E Note : No primed variables! The substituted form of a verification condition is Pstate valid iff the standard form is 67 Verification Conditions (Con’t) Example: ρ τ : x ≥ ∧ y = x + y ∧ x = x ϕ : y = 3 ψ : y = x + 3 Standard x ≥ ∧ y = x + y ∧ x = x  {z } ρ τ ∧ y = 3  {z } ϕ → y = x + 3  {z } ψ Substituted x ≥  {z } C τ ∧ y = 3  {z } ϕ → x + y = x + 3  {z } ψ [ E /V ] 68 Verification Conditions (Con’t) Example: ϕ : x = y ψ : x = y + 1 ρ τ : x ≥  {z } C τ ∧ ( x , y )  {z } V = ( x + 1 , y )  {z } E The substituted form of { ϕ } τ { ψ } is x ≥  {z } C τ ∧ x = y  {z } ϕ → ( x = y + 1)[( x + 1...
View
Full Document
 formal methods, Proof theory, invariant, L1 family

Click to edit the document details