Partial and Total Correctness Natural semantics Example: ( y:=1; while ¬ (x=1) do (y:=y ⋆ x; x:=x − 1) , s ) → s ′ y:=1; while ¬ (x=1) do ⇓ s ′ y = ( s x )! and s x > 0 (y:=y ⋆ x; x:=x − 1) Partial correctness: if initially x has the Stage 1: correctness of the body of the value n and if the program terminates then while loop the final value of y is n ! Stage 2: correctness of the while loop Total correctness: if initially x has the value Stage 3: overall correctness n then the program terminates and the fi- In all cases: reconstruct the derivation tree nal value of y is n ! XXVI.1 XXVI.2
Stage 1 Stage 2 ( while ¬ ( x = 1 ) do ( y := y ⋆ x ; x := x − 1 ), s ) → s ′ ( y := y ⋆ x ; x := x − 1 , s ) → s ′′ and s ′′ x > 0 ⇓ ⇓ ( s y ) ⋆ ( s x )! = s ′ y , s ′ x = 1, s x > 0 ( s y ) ⋆ ( s x )!=( s ′′ y ) ⋆ ( s ′′ x )! and s x > 0 Proof: Proof: If B [ ¬ ( x = 1 )] s = ff then s = s ′ so s ′ x = 1 ( y := y ⋆ x ; x := x − 1 , s ) → s ′′ and the result follows. ⇓ ( y := y ⋆ x , s ) → s ′ , ( x := x − 1 , s ′ ) → s ′′ If B [ ¬ ( x = 1 )] s = tt then ⇓ s ′ = s [ y �→A [ y ⋆ x ] s ] ( y := y ⋆ x ; x := x − 1 , s ) → s ′′ s ′′ = s ′ [ x �→A [ x − 1 ] s ′ ] ( while ¬ ( x = 1 ) do ( y := y ⋆ x ; x := x − 1 ), s ′′ ) → s ′ If s ′′ x > 0 then We have ( s ′′ y ) ⋆ ( s ′′ x )! ( s y ) ⋆ ( s x )! = ( s ′′ y ) ⋆ ( s ′′ x )!, s x > 0 = (( s y ) ⋆ ( s x )) ⋆ (( s x ) − 1 )! ( s ′′ y ) ⋆ ( s ′′ x )! = s ′ y , s ′ x = 1, s ′′ x > 0 = ( s y ) ⋆ ( s x )! so and s x = s ′′ x + 1 > 0 ( s y ) ⋆ ( s x )! = s ′ y , s ′ x = 1, s x > 0 XXVI.3 XXVI.4
Stage 3 Structural operational semantics ( y:=1; while ¬ (x=1) do (y:=y ⋆ x; x:=x − 1) , s ) → s ′ ⇓ s ′ y = ( s x )! and s x > 0 ( y:=1; while ¬ (x=1) do (y:=y ⋆ x; x:=x − 1) , s ) ⇒ ∗ s ′ Proof: ⇓ ( y:=1; while ¬ (x=1) do s ′ y = ( s x )! and s x > 0 (y:=y ⋆ x; x:=x − 1) , s ) → s ′ ⇓ Stage 1: correctness of the while loop ( y :=1, s ) → s ′′ Stage 2: overall correctness ( while ¬ (x=1) do (y:=y ⋆ x; x:=x − 1) , s ′′ ) → s ′ In both cases: reconstruct the derivation ⇓ sequence s ′′ = s [ y �→ 1] ( s ′′ y ) ⋆ ( s ′′ x )! = s ′ y , s ′ x = 1, s ′′ x > 0 ⇓ s ′ y = ( s x )! and s x > 0 XXVI.5 XXVI.6
Denotational semantics Fixed Point Induction Let ( D , ⊑ ) be a ccpo. Then ψ : D → T is an admissible predicate if and only if ψ d = tt for all d ∈ Y ⇓ ψ fac ( S [ y := 1 ; while ¬ ( x = 1 ) do ψ ( � Y ) = tt ( y := y ⋆ x ; x := x − 1 )]) = tt for every chain Y in D . → State) → T ψ fac : (State ֒ Theorem 6.5: ψ fac ( g ) = tt Let ( D , ⊑ ) be a ccpo and let f : D → D � be a continuous function and let ψ be an g s = s ′ implies s ′ y = ( s x )! and s x > 0 admissible predicate on D . If for all d ∈ D ψ d = tt implies ψ ( f d ) = tt then ψ (FIX f ) = tt. XXVI.7 XXVI.8
Example (1) Example (2) S [ y :=1; while ¬ ( x = 1 ) do Define ( y := y ⋆ x ; x := x − 1 )] s ψ ′ fac ( g ) = tt = (FIX F )( s [ y �→ 1]) � where g s = s ′ implies s ′ y = ( s y ) ⋆ ( s x )!, s x > 0 if s x = 1 s F g s = Then ψ ′ fac is an admissible predicate. g ( s [ y �→ ( s y ) ⋆ ( s x )][ x �→ ( s x ) − 1 ]) otherwise Proof: → State and Assume Y is a chain in State ֒ ψ fac ( S [ y := 1 ; while ¬ ( x = 1 ) do ψ ′ fac g = tt for all g ∈ Y . ( y := y ⋆ x ; x := x − 1 )]) = tt � We shall prove ψ ′ fac ( � Y ) = tt ψ ′ fac (FIX F ) = tt � Y ) s = s ′ ( ⇓ From Theorem 6.5 it is sufficient to prove g s = s ′ for some g ∈ Y • F is continuous ⇓ • ψ ′ fac is admissible s ′ y = ( s y ) ⋆ ( s x )! and s x > 0 • ψ ′ fac g = tt implies ψ ′ fac ( F g ) = tt XXVI.9 XXVI.10
Example (3) Proof of Theorem 6.5 We shall first note that Assume ψ ′ fac g = tt and ( F g ) s = s ′ . ψ ⊥ = tt We shall prove holds by admissibility of ψ applied to the s ′ y = ( s y ) ⋆ ( s x )! and s x > 0. chain If s x = 1 then s = s ′ , s y = ( s y ) ⋆ ( s x )! Y = ∅ and s x > 0. By induction on n we can then show that If s x � = 1 then ψ ( f n ⊥ ) = tt ( F g ) s = g ( s [ y �→ ( s y ) ⋆ ( s x )][ x �→ ( s x ) − 1]) using the assumptions of the theorem. By From the assumptions about g we have admissibility of ψ applied to the chain s ′ y = (( s y ) ⋆ ( s x )) ⋆ (( s x ) − 1)! Y = { f n ⊥ | n ≥ 0 } ( s x ) − 1 > 0 we then have and therefore ψ (FIX f ) = tt s ′ y = ( s y ) ⋆ ( s x )! and s x > 0 This completes the proof. XXVI.11 XXVI.12
Recommend
More recommend
![Semantic functions Natural Semantics ( x := a, s ) s [ x A [ a ] s ] Natural](https://c.sambuz.com/1044255/semantic-functions-natural-semantics-x-a-s-s-x-a-a-s-s.jpg)
