Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness 08—Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor March 11, 2010 Generated on Thursday 11 th March, 2010, 16:11 CS 5209: Foundation in Logic and AI 08—Program Verification II 1
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Review 1 Hoare Triples; Partial and Total Correctness 2 Practical Aspects of Correctness Proofs 3 Correctness of the Factorial Function 4 Proof Calculus for Total Correctness 5 CS 5209: Foundation in Logic and AI 08—Program Verification II 2
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Review 1 Hoare Triples; Partial and Total Correctness 2 Practical Aspects of Correctness Proofs 3 Correctness of the Factorial Function 4 Proof Calculus for Total Correctness 5 CS 5209: Foundation in Logic and AI 08—Program Verification II 3
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Expressions in Core Language Expressions come as arithmetic expressions E : E ::= n | x | ( − E ) | ( E + E ) | ( E − E ) | ( E ∗ E ) and boolean expressions B : B ::= true | false | (! B ) | ( B & B ) | ( B � B ) | ( E < E ) Where are the other comparisons, for example == ? CS 5209: Foundation in Logic and AI 08—Program Verification II 4
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Commands in Core Language Commands cover some common programming idioms. Expressions are components of commands. C ::= x = E | C ; C | if B { C } else { C } | while B { C } CS 5209: Foundation in Logic and AI 08—Program Verification II 5
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Example Consider the factorial function: def 0 ! = 1 def ( n + 1 )! = ( n + 1 ) · n ! We shall show that after the execution of the following Core program, we have y = x ! . y = 1; z = 0; while ( z != x ) { z = z + 1; y = y ∗ z ; } CS 5209: Foundation in Logic and AI 08—Program Verification II 6
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Review 1 Hoare Triples; Partial and Total Correctness 2 Practical Aspects of Correctness Proofs 3 Correctness of the Factorial Function 4 Proof Calculus for Total Correctness 5 CS 5209: Foundation in Logic and AI 08—Program Verification II 7
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Example y = 1; z = 0; while ( z != x ) { z = z + 1; y = y ∗ z ; } CS 5209: Foundation in Logic and AI 08—Program Verification II 8
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Example y = 1; z = 0; while ( z != x ) { z = z + 1; y = y ∗ z ; } We need to be able to say that at the end, y is x! , provided that at the beginning, we have x ≥ 0 . CS 5209: Foundation in Logic and AI 08—Program Verification II 9
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Assertions on Programs Shape of assertions ( | φ | ) P ( | ψ | ) Informal meaning If the program P is run in a state that satisfies φ , then the state resulting from P ’s execution will satisfy ψ . CS 5209: Foundation in Logic and AI 08—Program Verification II 10
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Partial Correctness Definition We say that the triple ( | φ | ) P ( | ψ | ) is satisfied under partial correctness if, for all states which satisfy φ , the state resulting from P ’s execution satisfies ψ , provided that P terminates. Notation We write | = par ( | φ | ) P ( | ψ | ) . CS 5209: Foundation in Logic and AI 08—Program Verification II 11
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Total Correctness Definition We say that the triple ( | φ | ) P ( | ψ | ) is satisfied under total correctness if, for all states which satisfy φ , P is guaranteed to terminate and the resulting state satisfies ψ . Notation We write | = tot ( | φ | ) P ( | ψ | ) . CS 5209: Foundation in Logic and AI 08—Program Verification II 12
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Back to Factorial Consider Fac1 : y = 1; z = 0; while ( z != x ) { z = z + 1; y = y ∗ z ; } ) Fac1 ( | = tot ( | x ≥ 0 | | y = x ! | ) ) Fac1 ( �| = tot ( |⊤| | y = x ! | ) CS 5209: Foundation in Logic and AI 08—Program Verification II 13
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Back to Factorial Consider Fac1 : y = 1; z = 0; while ( z != x ) { z = z + 1; y = y ∗ z ; } ) Fac1 ( | = tot ( | x ≥ 0 | | y = x ! | ) ) Fac1 ( | = par ( |⊤| | y = x ! | ) CS 5209: Foundation in Logic and AI 08—Program Verification II 14
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Rules for Partial Correctness ( | φ | ) C 1 ( | η | ) ( | η | ) C 2 ( | ψ | ) [ Composition ] ( | φ | ) C 1 ; C 2 ( | ψ | ) CS 5209: Foundation in Logic and AI 08—Program Verification II 15
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Rules for Partial Correctness (continued) [ Assignment ] ( | [ x → E ] ψ | ) x = E ( | ψ | ) CS 5209: Foundation in Logic and AI 08—Program Verification II 16
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Rules for Partial Correctness (continued) ( | φ ∧ B | ) C 1 ( | ψ | ) ( | φ ∧ ¬ B | ) C 2 ( | ψ | ) [ If-statement ] ) if B { C 1 } else { C 2 } ( ( | φ | | ψ | ) ( | ψ ∧ B | ) C ( | ψ | ) [ Partial-while ] ) while B { C } ( ( | ψ | | ψ ∧ ¬ B | ) CS 5209: Foundation in Logic and AI 08—Program Verification II 17
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Rules for Partial Correctness (continued) ⊢ AR φ ′ → φ ( | φ | ) C ( | ψ | ) ⊢ AR ψ → ψ ′ [ Implied ] ( | φ ′ | ) C ( | ψ ′ | ) CS 5209: Foundation in Logic and AI 08—Program Verification II 18
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Proof Tableaux Proofs have tree shape All rules have the structure something something else As a result, all proofs can be written as a tree. Practical concern These trees tend to be very wide when written out on paper. Thus we are using a linear format, called proof tableaux . CS 5209: Foundation in Logic and AI 08—Program Verification II 19
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Interleave Formulas with Code ( | φ | ) C 1 ( | η | ) ( | η | ) C 2 ( | ψ | ) [ Composition ] ( | φ | ) C 1 ; C 2 ( | ψ | ) Shape of rule suggests format for proof of C 1 ; C 2 ; . . . ; C n : ( | φ 0 | ) C 1 ; ( | φ 1 | ) justification C 2 ; . . . ( | φ n − 1 | ) justification C n ; ( | φ n | ) justification CS 5209: Foundation in Logic and AI 08—Program Verification II 20
Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness Working Backwards Overall goal Find a proof that at the end of executing a program P , some condition ψ holds. Common situation If P has the shape C 1 ; . . . ; C n , we need to find the weakest formula ψ ′ such that | ψ ′ | ( ) C n ( | ψ | ) Terminology The weakest formula ψ ′ is called weakest precondition . CS 5209: Foundation in Logic and AI 08—Program Verification II 21
Recommend
More recommend