This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: Click to edit Master subtitle style cs784(tk/pm) Hoares Correctness Triplets Dijkstras Predicate Transformer s Axiomatic Semantics cs784(tk/pm) Goal of a program = IO Relation Problem Specification Properties satisfied by the input and expected of the output (usually described using assertions). E.g., Sorting problem Input : Sequence of numbers Output: Permutation of input that is ordered. View Point All other properties are ignored. cs784(tk/pm) 22 cs784(tk/pm) axiom n. 1. A selfevident or universally recognized truth; a maxim 2. An established rule, principle, or law. 3. A selfevident principle or one that is accepted as true without proof as the basis for argument; a postulate. From a dictionary cs784(tk/pm) 33 cs784(tk/pm) Axiomatic Semantics Capture the semantics of the elements of the PL as axioms Capture the semantics of composition as a rule of inference. Apply the standard rules/logic of inference. Consider termination separately. cs784(tk/pm) 44 cs784(tk/pm) States and Assertions States: Variables mapped to Values Includes all variables Files etc. are considered global variables. No notion of valueundefined variables At a given moment in execution An assertion is a logic formula involving program variables, arithmetic/boolean operations, etc. All assertions are attached to a control point. Assertions: States mapped to Boolean cs784(tk/pm) 55 cs784(tk/pm) Hoares Logic Hoare Triplets: {P} S {Q} P, precondition assertion; S, statements of a PL; Q, postcondition assertion If S begins executing in a state satisfying P, upon completion of S, the resulting state satisfies Q. {P} S {Q} has no relevance if S is begun otherwise. A Hoare triplet is either true or false. cs784(tk/pm) 66 cs784(tk/pm) Hoare Triplet Examples true triplets {x = 11 } x := 0 { x = 0 } we can give a weaker precondition {x = 0 } x := x + 1 { x = 1 } {y = 0} if x &lt;&gt; y then x:= y fi { x = 0 } {false } x := 0 { x = 111 } correct because we cannot begin no state satisfies false post condition can be any thing you dream {true} while true do od {x = 0} true is the weakest of all predicates correct because control never reaches post cs784(tk/pm) 77 cs784(tk/pm) Weaker/Stronger An assertion R is said to be weaker than assertion P if the truth of P implies the truth of R written: PR equivalently not P or R. For arbitrary A, B we have: A and B B This general idea is from Propositional Calculus cs784(tk/pm) 88 cs784(tk/pm) cs784(tk/pm) 99 Weaker/Stronger P States P P States Q Q P weaker P P Q stronger Q Q cs784(tk/pm) Partial vs Total Correctness Are P and S such that termination is guaranteed?...
View
Full Document
 Spring '11
 tkprasad
 formal methods, Hoare logic, tk/pm

Click to edit the document details