Proving Invariances

Temporal Verification of Reactive Systems: Safety

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CS256/Winter 2007 — Lecture #6 Zohar Manna Chapter 1 Invariance: Proof Methods For assertion q and SPL program P show P q 0 q (i.e., q is P-invariant) 6-1 Proving Invariances Definitions Recall: • the variables of assertion : – free (flexible) system variables V = Y ∪ { π } where Y are the program variables and π is the control variable – quantified (rigid) specification variables • q is the primed version of q , obtained by replacing each free occurrence of a system variable y ∈ V by its primed version y . • ρ τ is the transition relation of τ , expressing the re- lation holding between a state s and any of its τ- successors s ∈ τ ( s ) . 6-2 Verification Conditions (proof obligations) standard verification condition For assertions ϕ, ψ and transition τ , { ϕ } τ { ψ } (“Hoare triple”) stands for the state formula ρ τ ∧ ϕ → ψ “Verification condition (VC) of ϕ and ψ relative to transition τ ” ϕ τ ψ p p j j + 1 6-3 Verification Conditions (Con’t) Example: ρ τ : x ≥ ∧ y = x + y ∧ x = x ϕ : y = 3 ψ : y = x + 3 Then { ϕ } τ { ψ } : x ≥ ∧ y = x + y ∧ x = x | {z } ρ τ ∧ y = 3 | {z } ϕ → y = x + 3 | {z } ψ 6-4 Verification Conditions (Con’t) • for τ ∈ T in P { ϕ } τ { ψ } : ρ τ ∧ ϕ → ψ “ τ leads from ϕ to ψ in P ” • for T in P { ϕ }T { ψ } : { ϕ } τ { ψ } for every τ ∈ T “ T leads from ϕ to ψ in P ” Claim (Verification Condition) If { ϕ } τ { ψ } is P-state valid, then every τ-successor of a ϕ-state is a ψ-state. 6-5 Verification Conditions (Con’t) Special Cases • while, conditional ρ τ : ρ t τ ∨ ρ f τ { ϕ } τ t { ψ } : ρ t τ ∧ ϕ → ψ { ϕ } τ f { ψ } : ρ f τ ∧ ϕ → ψ { ϕ } τ { ψ } : { ϕ } τ t { ψ } ∧ { ϕ } τ f { ψ } • idle { ϕ } τ I { ϕ } : ρ τ I ∧ ϕ → ϕ always valid, since ρ τ I → v = v for all v ∈ V , so ϕ = ϕ. 6-6 Verification Conditions (Con’t) Substituted Form of Verification Condition Transition relation can be written as ρ τ : C τ ∧ ( V = E ) where C τ : enabling condition V : primed variable list E : expression list • The substituted form of verification condition { ϕ } τ { ψ } : C τ ∧ ϕ → ψ [ E /V ] where ψ [ E /V ] : replace each variable v ∈ V in ψ by the corresponding e ∈ E Note : No primed variables! The substituted form of a verification condition is P-state valid iff the standard form is 6-7 Verification Conditions (Con’t) Example: ρ τ : x ≥ ∧ y = x + y ∧ x = x ϕ : y = 3 ψ : y = x + 3 Standard x ≥ ∧ y = x + y ∧ x = x | {z } ρ τ ∧ y = 3 | {z } ϕ → y = x + 3 | {z } ψ Substituted x ≥ | {z } C τ ∧ y = 3 | {z } ϕ → x + y = x + 3 | {z } ψ [ E /V ] 6-8 Verification Conditions (Con’t) Example: ϕ : x = y ψ : x = y + 1 ρ τ : x ≥ | {z } C τ ∧ ( x , y ) | {z } V = ( x + 1 , y ) | {z } E The substituted form of { ϕ } τ { ψ } is x ≥ | {z } C τ ∧ x = y | {z } ϕ → ( x = y + 1)[( x + 1...
View Full Document

Page1 / 40

Proving Invariances - CS256/Winter 2007 — Lecture #6...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online