comp2111 week 9 term 1 2020 hoare logic
play

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest - PowerPoint PPT Presentation

May 02, 2023 •357 likes •1.22k views

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling termination Operational semantics Adding non-determinism Refinement calculus 2 Summary Weakest precondition reasoning Handling termination

  1. COMP2111 Week 9 Term 1, 2020 Hoare Logic 1

  2. Summary Weakest precondition reasoning Handling termination Operational semantics Adding non-determinism Refinement calculus 2

  3. Summary Weakest precondition reasoning Handling termination Operational semantics Adding non-determinism Refinement calculus 3

  4. Finding a proof Consider the following code: Pow r := 1; i := 0; while i < m do r := r ∗ n ; i := i + 1 od We would like to show { ϕ } Pow { r = n m } . What should ϕ be? m ≥ 0 ∧ n > 0 What should the intermediate assertions be? 4

  5. Finding a proof Consider the following code: Pow r := 1; i := 0; while i < m do r := r ∗ n ; i := i + 1 od We would like to show { ϕ } Pow { r = n m } . What should ϕ be? m ≥ 0 ∧ n > 0 What should the intermediate assertions be? 5

  6. Finding a proof Consider the following code: Pow r := 1; i := 0; while i < m do r := r ∗ n ; i := i + 1 od We would like to show { ϕ } Pow { r = n m } . What should ϕ be? m ≥ 0 ∧ n > 0 What should the intermediate assertions be? 6

  7. Determining a precondition Here are some valid Hoare triples: { ( x = 5) ∧ ( y = 10) } z := x / y { z < 1 } { ( x < y ) ∧ ( y > 0) } z := x / y { z < 1 } { ( y � = 0) ∧ ( x / y < 1) } z := x / y { z < 1 } All are valid, but the third one is the most useful: it has the weakest precondition of the three it can be applied in the most scenarios (e.g. x = 2 ∧ y = − 1) 7

  8. Weakest precondition Given a program P and a postcondition ψ the weakest precondition of P with respect to ψ , wp ( P , ψ ), is a predicate ϕ such that P { ψ } then ϕ ′ → ϕ � ϕ ′ � { ϕ } P { ψ } and If We can compute wp based on the structure of P ... 8

  9. Weakest precondition Given a program P and a postcondition ψ the weakest precondition of P with respect to ψ , wp ( P , ψ ), is a predicate ϕ such that P { ψ } then ϕ ′ → ϕ � ϕ ′ � { ϕ } P { ψ } and If We can compute wp based on the structure of P ... 9

  10. Determining wp : Assignment wp ( x := e , ψ ) = ψ [ e / x ] Example { 2 + y > 0 } x := 2 { x + y > 0 } 10

  11. Determining wp : Assignment wp ( x := e , ψ ) = ψ [ e / x ] Example { 2 + y > 0 } x := 2 { x + y > 0 } 11

  12. Determining wp : Sequence wp ( P ; S , ψ ) = wp ( P , wp ( S , ψ )) Example Let ϕ be the weakest precondition of: { ϕ } x := x + 1; y := x + y { y > 4 } What should ϕ be? x + y > 3 wp ( y := x + y , y > 4) = ( x + y > 4) wp ( x := x + 1 , x + y > 4) = ( x +1+ y > 4) ≡ x + y > 3 12

  13. Determining wp : Sequence wp ( P ; S , ψ ) = wp ( P , wp ( S , ψ )) Example Let ϕ be the weakest precondition of: { ϕ } x := x + 1; y := x + y { y > 4 } What should ϕ be? x + y > 3 wp ( y := x + y , y > 4) = ( x + y > 4) wp ( x := x + 1 , x + y > 4) = ( x +1+ y > 4) ≡ x + y > 3 13

  14. Determining wp : Sequence wp ( P ; S , ψ ) = wp ( P , wp ( S , ψ )) Example Let ϕ be the weakest precondition of: { ϕ } x := x + 1; y := x + y { y > 4 } What should ϕ be? x + y > 3 wp ( y := x + y , y > 4) = ( x + y > 4) wp ( x := x + 1 , x + y > 4) = ( x +1+ y > 4) ≡ x + y > 3 14

  15. Determining wp : Sequence wp ( P ; S , ψ ) = wp ( P , wp ( S , ψ )) Example Let ϕ be the weakest precondition of: { ϕ } x := x + 1; y := x + y { y > 4 } What should ϕ be? x + y > 3 wp ( y := x + y , y > 4) = ( x + y > 4) wp ( x := x + 1 , x + y > 4) = ( x +1+ y > 4) ≡ x + y > 3 15

  16. Determining wp : Conditional wp (if b then P else Q fi , ψ ) = ( b → wp ( P , ψ )) ∧ ( ¬ b → wp ( Q , ψ )) ≡ ( b ∧ wp ( P , ψ )) ∨ ( ¬ b ∧ wp ( Q , ψ )) Example wp (if x > 0 then z := y else z := 0 − y fi , z > 5) = (( x > 0) → wp ( z := y , z > 5)) ∧ (( x ≤ 0) → wp ( z := 0 − y , z > 5)) = (( x > 0) → ( y > 5)) ∧ (( x ≤ 0) → ( y < − 5)) 16

  17. Determining wp : Conditional wp (if b then P else Q fi , ψ ) = ( b → wp ( P , ψ )) ∧ ( ¬ b → wp ( Q , ψ )) ≡ ( b ∧ wp ( P , ψ )) ∨ ( ¬ b ∧ wp ( Q , ψ )) Example wp (if x > 0 then z := y else z := 0 − y fi , z > 5) = (( x > 0) → wp ( z := y , z > 5)) ∧ (( x ≤ 0) → wp ( z := 0 − y , z > 5)) = (( x > 0) → ( y > 5)) ∧ (( x ≤ 0) → ( y < − 5)) 17

  18. Determining wp : Conditional wp (if b then P else Q fi , ψ ) = ( b → wp ( P , ψ )) ∧ ( ¬ b → wp ( Q , ψ )) ≡ ( b ∧ wp ( P , ψ )) ∨ ( ¬ b ∧ wp ( Q , ψ )) Example wp (if x > 0 then z := y else z := 0 − y fi , z > 5) = (( x > 0) → wp ( z := y , z > 5)) ∧ (( x ≤ 0) → wp ( z := 0 − y , z > 5)) = (( x > 0) → ( y > 5)) ∧ (( x ≤ 0) → ( y < − 5)) 18

  19. Determining wp : Conditional wp (if b then P else Q fi , ψ ) = ( b → wp ( P , ψ )) ∧ ( ¬ b → wp ( Q , ψ )) ≡ ( b ∧ wp ( P , ψ )) ∨ ( ¬ b ∧ wp ( Q , ψ )) Example wp (if x > 0 then z := y else z := 0 − y fi , z > 5) = (( x > 0) → wp ( z := y , z > 5)) ∧ (( x ≤ 0) → wp ( z := 0 − y , z > 5)) = (( x > 0) → ( y > 5)) ∧ (( x ≤ 0) → ( y < − 5)) 19

  20. Determining wp : Conditional wp (if b then P else Q fi , ψ ) = ( b → wp ( P , ψ )) ∧ ( ¬ b → wp ( Q , ψ )) ≡ ( b ∧ wp ( P , ψ )) ∨ ( ¬ b ∧ wp ( Q , ψ )) Example wp (if x > 0 then z := y else z := 0 − y fi , z > 5) = (( x > 0) → wp ( z := y , z > 5)) ∧ (( x ≤ 0) → wp ( z := 0 − y , z > 5)) = (( x > 0) → ( y > 5)) ∧ (( x ≤ 0) → ( y < − 5)) 20

  21. Determining wp : Loops wp (while b do P od , ψ ) =? Loops are problematic: wp calculates a triple for a single program statement block. Loops consist of a block executed repeatedly Weakest precondition for 1 loop may be different from weakest precondition for 100 loops... 21

  22. Handling loops { ϕ } while b do P od { ψ } Instead: Find a loop invariant I such that ϕ → I (establish) { I ∧ b } P { I } (maintain) I ∧ ¬ b → ψ (conclude) NB Finding (good) loop invariants is generally hard! ⇒ Active area of research 22

  23. Handling loops { ϕ } while b do P od { ψ } Instead: Find a loop invariant I such that ϕ → I (establish) { I ∧ b } P { I } (maintain) I ∧ ¬ b → ψ (conclude) NB Finding (good) loop invariants is generally hard! ⇒ Active area of research 23

  24. Handling loops { ϕ } while b do P od { ψ } Instead: Find a loop invariant I such that ϕ → I (establish) { I ∧ b } P { I } (maintain) I ∧ ¬ b → ψ (conclude) NB Finding (good) loop invariants is generally hard! ⇒ Active area of research 24

  25. Handling loops { ϕ } while b do P od { ψ } Instead: Find a loop invariant I such that ϕ → I (establish) { I ∧ b } P { I } (maintain) I ∧ ¬ b → ψ (conclude) NB Finding (good) loop invariants is generally hard! ⇒ Active area of research 25

  26. Handling loops { ϕ } while b do P od { ψ } Instead: Find a loop invariant I such that ϕ → I (establish) { I ∧ b } P { I } (maintain) I ∧ ¬ b → ψ (conclude) NB Finding (good) loop invariants is generally hard! ⇒ Active area of research 26

  27. Back to the example Pow { init: ( m ≥ 0) ∧ ( n > 0) } { (1 = n 0 ) ∧ (0 ≤ m ) ∧ init } { ( r = n 0 ) ∧ (0 ≤ m ) ∧ init } r := 1; i := 0; { Inv } while i < m do { Inv ∧ ( i < m ) } { ( r ∗ n = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } { ( r = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } r := r ∗ n ; i := i + 1 { Inv } od { Inv ∧ ( i ≥ m ) } { r = n m } What would be a good invariant? r = n i ∧ i ≤ m ∧ init Inv: 27

  28. Back to the example Pow { init: ( m ≥ 0) ∧ ( n > 0) } { (1 = n 0 ) ∧ (0 ≤ m ) ∧ init } { ( r = n 0 ) ∧ (0 ≤ m ) ∧ init } r := 1; i := 0; { Inv } while i < m do { Inv ∧ ( i < m ) } { ( r ∗ n = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } { ( r = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } r := r ∗ n ; i := i + 1 { Inv } od { Inv ∧ ( i ≥ m ) } { r = n m } What would be a good invariant? r = n i ∧ i ≤ m ∧ init Inv: 28

  29. Back to the example Pow { init: ( m ≥ 0) ∧ ( n > 0) } { (1 = n 0 ) ∧ (0 ≤ m ) ∧ init } { ( r = n 0 ) ∧ (0 ≤ m ) ∧ init } r := 1; i := 0; { Inv } while i < m do { Inv ∧ ( i < m ) } { ( r ∗ n = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } { ( r = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } r := r ∗ n ; i := i + 1 { Inv } od { Inv ∧ ( i ≥ m ) } { r = n m } What would be a good invariant? r = n i ∧ i ≤ m ∧ init Inv: 29

  30. Back to the example Pow { init: ( m ≥ 0) ∧ ( n > 0) } { (1 = n 0 ) ∧ (0 ≤ m ) ∧ init } { ( r = n 0 ) ∧ (0 ≤ m ) ∧ init } r := 1; i := 0; { Inv } while i < m do { Inv ∧ ( i < m ) } { ( r ∗ n = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } { ( r = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } r := r ∗ n ; i := i + 1 { Inv } od { Inv ∧ ( i ≥ m ) } { r = n m } What would be a good invariant? r = n i ∧ i ≤ m ∧ init Inv: 30

  31. Back to the example Pow { init: ( m ≥ 0) ∧ ( n > 0) } { (1 = n 0 ) ∧ (0 ≤ m ) ∧ init } { ( r = n 0 ) ∧ (0 ≤ m ) ∧ init } r := 1; i := 0; { Inv } while i < m do { Inv ∧ ( i < m ) } { ( r ∗ n = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } { ( r = n i +1 ) ∧ ( i + 1 ≤ m ) ∧ init } r := r ∗ n ; i := i + 1 { Inv } od { Inv ∧ ( i ≥ m ) } { r = n m } What would be a good invariant? r = n i ∧ i ≤ m ∧ init Inv: 31

Recommend

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification Invented: Quicksort, the null reference (called it his billion dollar mistake) CSP (formal specification language), and Hoare Logic 2 Summary L

770 views • 59 slides
COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification Invented: Quicksort, the null reference (called it his billion dollar mistake) CSP (formal specification language), and Hoare Logic 2 Summary L

2k views • 158 slides
COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling termination Operational semantics Adding non-determinism Refinement calculus 2 Finding a proof Consider the following code: Pow r := 1; i := 0;

538 views • 37 slides
Summary of topics Sets COMP2111 Week 2 Formal languages Term 1, 2020 Discrete Mathematics

Summary of topics Sets COMP2111 Week 2 Formal languages Term 1, 2020 Discrete Mathematics

Summary of topics Sets COMP2111 Week 2 Formal languages Term 1, 2020 Discrete Mathematics Recap Relations Functions Propositional Logic 1 2 Summary of topics Sets A set is defined by the collection of its elements. Sets are typically

464 views • 31 slides
Summary Motivation COMP2111 Week 10 Definitions Term 1, 2020 The invariant principle State

Summary Motivation COMP2111 Week 10 Definitions Term 1, 2020 The invariant principle State

Summary Motivation COMP2111 Week 10 Definitions Term 1, 2020 The invariant principle State machines Partial correctness and termination Input and output Finite automata 1 2 Summary Motivation: Models of computation State machines model

627 views • 19 slides
COMP2111 Week 2 Term 1, 2020 Discrete Mathematics Recap 1 Summary of topics Sets Formal

COMP2111 Week 2 Term 1, 2020 Discrete Mathematics Recap 1 Summary of topics Sets Formal

COMP2111 Week 2 Term 1, 2020 Discrete Mathematics Recap 1 Summary of topics Sets Formal languages Relations Functions Propositional Logic 2 Summary of topics Sets Formal languages Relations Functions Propositional Logic 3 Sets A

1.52k views • 124 slides
COMP2111 Week 5 Term 1, 2020 Lambda Calculus 1 -calculus Alonzo Church lived 19031995

COMP2111 Week 5 Term 1, 2020 Lambda Calculus 1 -calculus Alonzo Church lived 19031995

COMP2111 Week 5 Term 1, 2020 Lambda Calculus 1 -calculus Alonzo Church lived 19031995 supervised people like Alan Turing, Stephen Kleene famous for Church-Turing thesis, lambda calculus, first undecidability results invented

2.04k views • 168 slides
COMP2111 Week 10 Term 1, 2020 State machines 1 Summary Motivation Definitions The invariant

COMP2111 Week 10 Term 1, 2020 State machines 1 Summary Motivation Definitions The invariant

COMP2111 Week 10 Term 1, 2020 State machines 1 Summary Motivation Definitions The invariant principle Partial correctness and termination Input and output Finite automata 2 Summary Motivation Definitions The invariant principle

1.19k views • 75 slides
Summary of topics COMP2111 Week 3 Recursion Term 1, 2020 Recursive Data Types Recursion and

Summary of topics COMP2111 Week 3 Recursion Term 1, 2020 Recursive Data Types Recursion and

Summary of topics COMP2111 Week 3 Recursion Term 1, 2020 Recursive Data Types Recursion and induction Induction Structural Induction 1 2 Summary of topics Recursion Fundamental concept in Computer Science Recursion in algorithms:

789 views • 21 slides
Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge CST Part II 2017/18 Introduction Last time, we saw that that proofs in Hoare logic can involve large amounts of very error-prone bookkeeping

690 views • 48 slides
Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge

Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge

Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Semantics of Hoare Logic

663 views • 10 slides
Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we

Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we

Recap Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we specified and verified some example programs using the syntactic rules of Hoare logic that we introduced in the first lecture. Jean

477 views • 13 slides
Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it

Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it

Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it reduces a program and its specification to a set of verifications conditions. Slides by Wishnu Prasetya URL : www.cs.uu.nl/~wishnu Course URL :

1.4k views • 124 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969

Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969

Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969 builds on first-order logic Hoare logic introduced by Hoare in 1969 builds on first-order logic correctness specification = pre- and

401 views • 37 slides
Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre

Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre

Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre ==&gt; post] Probabilistic Hoare Logic [ c : = ] = (see Lecture 6): bd_hoare [ c : pre ==&gt; post ] = r Probabilistic Relational Hoare

377 views • 23 slides
COMP2111 Week 3 Term 1, 2020 Recursion and induction 1 Summary of topics Recursion Recursive

COMP2111 Week 3 Term 1, 2020 Recursion and induction 1 Summary of topics Recursion Recursive

COMP2111 Week 3 Term 1, 2020 Recursion and induction 1 Summary of topics Recursion Recursive Data Types Induction Structural Induction 2 Summary of topics Recursion Recursive Data Types Induction Structural Induction 3 Recursion

970 views • 81 slides
Hoare Logic Jari Stenman February 10, 2012 Jari Stenman () Hoare Logic February 10, 2012 1 /

Hoare Logic Jari Stenman February 10, 2012 Jari Stenman () Hoare Logic February 10, 2012 1 /

Hoare Logic Jari Stenman February 10, 2012 Jari Stenman () Hoare Logic February 10, 2012 1 / 25 Outline Background 1 Axioms and Rules 2 A note on Weakest Preconditions 3 Jari Stenman () Hoare Logic February 10, 2012 2 / 25 Outline

463 views • 25 slides
Hoare Logic Part II Decorations and Hoare as Logic Thomas Churchman Radboud University Nijmegen

Hoare Logic Part II Decorations and Hoare as Logic Thomas Churchman Radboud University Nijmegen

Recap Decoration Preliminaries Radboud University Nijmegen Decorations Hoare as Logic Hoare Logic Part II Decorations and Hoare as Logic Thomas Churchman Radboud University Nijmegen Type Theory and Coq - 2016 Thomas Churchman Type Theory

289 views • 18 slides
Advances in Programming Languages APL13: Assertions and Hoare Logic David Aspinall (most slides

Advances in Programming Languages APL13: Assertions and Hoare Logic David Aspinall (most slides

Advances in Programming Languages APL13: Assertions and Hoare Logic David Aspinall (most slides by Ian Stark) School of Informatics The University of Edinburgh Tuesday 9 November 2010 Semester 1 Week 8 N I V E U R S E I H T T Y

682 views • 24 slides
Advances in Programming Languages APL3: Hoare logic David Aspinall (slides mostly by Ian Stark)

Advances in Programming Languages APL3: Hoare logic David Aspinall (slides mostly by Ian Stark)

Advances in Programming Languages APL3: Hoare logic David Aspinall (slides mostly by Ian Stark) School of Informatics The University of Edinburgh Monday 18 January 2010 Semester 2 Week 2 N I V E U R S E I H T T Y O H F G R

558 views • 21 slides
Logic for Computer Science 15 Hoare logic Wouter Swierstra University of Utrecht 1 Last

Logic for Computer Science 15 Hoare logic Wouter Swierstra University of Utrecht 1 Last

Logic for Computer Science 15 Hoare logic Wouter Swierstra University of Utrecht 1 Last time Natural deduction 2 This lecture Semantics of computer programs A logic for reasoning about them 3 Syntax of programming language The BNF

796 views • 78 slides
locales C ONTENT I SAR I S B ASED O N C ONTEXTS Intro &amp; motivation, getting started with

locales C ONTENT I SAR I S B ASED O N C ONTEXTS Intro &amp; motivation, getting started with

L AST T IME Syntax and semantics of IMP Hoare logic rules Soundness of Hoare logic NICTA Advanced Course Verification conditions Slide 1 Theorem Proving Slide 3 Principles, Techniques, Applications Example program proofs

322 views • 8 slides
Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

CS6202: Advanced Topics in Programming Hoare Logic Hoare Logic Languages and Systems Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview Notation : {P} code {Q} Assertion Logic {P}

557 views • 19 slides

More recommend