Generation of Verification Conditions (cont’d) Andreas Podelski November 21, 2011
mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } ,
mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } , ◮ construct a backwards derivation
mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } , ◮ construct a backwards derivation ◮ derivation = sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or it is inferred by one of the inference rules (seq, cond, while)
mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } , ◮ construct a backwards derivation ◮ derivation = sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or it is inferred by one of the inference rules (seq, cond, while) ◮ Hoare triple uses given postcondition and weakest precondition ◮ derivation unique
mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } , ◮ construct a backwards derivation ◮ derivation = sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or it is inferred by one of the inference rules (seq, cond, while) ◮ Hoare triple uses given postcondition and weakest precondition ◮ derivation unique ◮ verification condition = set of side conditions
weakest precondition wp( C , ψ ) ◮ wp( skip , ψ ) = ψ
weakest precondition wp( C , ψ ) ◮ wp( skip , ψ ) = ψ ◮ wp( x := e , ψ ) = ψ [ e / x ]
weakest precondition wp( C , ψ ) ◮ wp( skip , ψ ) = ψ ◮ wp( x := e , ψ ) = ψ [ e / x ] ◮ wp( C 1 ; C 2 , ψ ) = wp( C 1 , wp( C 2 , ψ ))
weakest precondition wp( C , ψ ) ◮ wp( skip , ψ ) = ψ ◮ wp( x := e , ψ ) = ψ [ e / x ] ◮ wp( C 1 ; C 2 , ψ ) = wp( C 1 , wp( C 2 , ψ )) ◮ wp( if b then C 1 else C 2 , ψ ) = ( ¬ b ∨ φ 1 ) ∧ ( b ∨ φ 2 ) where φ 1 = wp( C 1 , ψ ) φ 2 = wp( C 2 , ψ )
weakest precondition wp( C , ψ ) ◮ wp( skip , ψ ) = ψ ◮ wp( x := e , ψ ) = ψ [ e / x ] ◮ wp( C 1 ; C 2 , ψ ) = wp( C 1 , wp( C 2 , ψ )) ◮ wp( if b then C 1 else C 2 , ψ ) = ( ¬ b ∨ φ 1 ) ∧ ( b ∨ φ 2 ) where φ 1 = wp( C 1 , ψ ) φ 2 = wp( C 2 , ψ ) ◮ wp( while b do { θ } C 0 , ψ ) = θ
verification condition for { φ } C { ψ } ◮ for command C of form: skip, update, seq, cond,
verification condition for { φ } C { ψ } ◮ for command C of form: skip, update, seq, cond, ◮ add one implication: φ → wp( C , ψ )
verification condition for { φ } C { ψ } ◮ for command C of form: skip, update, seq, cond, ◮ add one implication: φ → wp( C , ψ ) ◮ for command C of form: while b do { θ } C 0 ,
verification condition for { φ } C { ψ } ◮ for command C of form: skip, update, seq, cond, ◮ add one implication: φ → wp( C , ψ ) ◮ for command C of form: while b do { θ } C 0 , ◮ add two implications: φ → θ θ ∧ ¬ b → ψ and add verification condition for Hoare triple { θ ∧ b } C 0 { θ }
Adequacy of Verification Condition ◮ let Φ be the verification condition for { φ } C { ψ }
Adequacy of Verification Condition ◮ let Φ be the verification condition for { φ } C { ψ } ◮ let Γ be a set of assertions (e.g., axioms for bounded integer arithmetic, axioms for factorial function, . . . )
Adequacy of Verification Condition ◮ let Φ be the verification condition for { φ } C { ψ } ◮ let Γ be a set of assertions (e.g., axioms for bounded integer arithmetic, axioms for factorial function, . . . ) ◮ Γ | = Φ iff Γ ⊢ { φ } C { ψ }
Recommend
More recommend
