next_inactive up previous







Recalling Our Intro to the Course

The Program Correctness Problem

\psfig{figure=/home/logalg/public_html/slides/Figs/logic_use_1.eps,width=0.40\basewidth}

A Simple Imperative Program

Natural Language

``Compute the squares of the natural numbers which are less or equal than 5.''

Ideal at first sight, but:

Philosophers and Mathematicians already pointed this out a long time ago...

Logic

Using Logic

\psfig{figure=/home/logalg/public_html/slides/Figs/logic_use_2.eps,width=0.38\basewidth}

Generating Squares: A Specification (I)

Numbers --we will use ``Peano'' representation for simplicity:
0 $\rightarrow$ 0 1 $\rightarrow$ s(0) 2 $\rightarrow$ s(s(0)) 3 $\rightarrow$ s(s(s(0))) ...

Generating Squares: A Specification (II)


We can now write a specification of the (imperative) program, i.e., conditions that we want the program to meet:

Use of Logic

\psfig{figure=/home/logalg/public_html/slides/Figs/logic_use_2a.eps,width=0.38\basewidth}

Semantic Tasks

\psfig{figure=/home/logalg/public_html/slides/Figs/logic_use_2a.eps,width=0.30\basewidth}


Styles of Semantics


Operational Semantics

Traditional Operational Semantics

A Simple Imperative Language

Program    ::= Statement
Statement  ::= Statement ; Statement
           |   noop
           |   Id := Expression
           |   if Expression then Statement else Statement
           |   while Expression do Statement
Expression ::= Numeral
           |   Id
           |   Expression + Expression

Operational Semantics

Operational Semantics

Operational Semantics

Example


Axiomatic Semantics

Axiomatic Semantics

History and References

Assertions and Correctness


Hoare Calculus: The Assignment Axiom

Hoare Calculus: Read and Write Commands

Hoare Calculus: Rules of Inference

Hoare Calculus: Rules of Inference (Contd.)

Example (I)

$\{ IN = [4,9,16] \wedge OUT = [0,1,2] \}$
read m; read n;  
if m $\geq$ n then  
    a := 2*m
  else  
    a := 2*n
endif;    
write a    

$\{ IN = [16] \wedge OUT = [0,1,2,18] \}$



$\{ IN = [4,9,16] \wedge OUT = [0,1,2] \}$ $\rightarrow$ $\{ IN = [4 \vert [9,16] ] \wedge OUT = [0,1,2] \wedge 4=4 \}$
read m;
$\{ IN = [9,16] \wedge OUT = [0,1,2] \wedge m=4 \}$ $\rightarrow$ $\{ IN = [9 \vert [16]] \wedge OUT = [0,1,2] \wedge m=4 \wedge 9=9 \}$
read n;
$\{ IN = [16] \wedge OUT = [0,1,2] \wedge m=4 \wedge n=9\}$
minipage0.3 Recall:
tex2html_wrap_inline${ IN = [K|L] P[V K] }$
read tex2html_wrap_inline$V$
tex2html_wrap_inline${ IN = L P }$

Example (II)


We have $P = \{ IN = [16] \wedge OUT = [0,1,2] \wedge m=4 \wedge n=9
\}$


  {P b} C_1 {Q}tex2html_wrap_inline$, ${P b} C_2 {Q} { P } if b then C_1 else C_2 endif { Q }



\begin{Smallsize}
\begin{tabular}{lll}
\textbf{read} m; & \textbf{read} n; \\
\...
...=} 2*n \\
\textbf{endif}; \\
\textbf{write} a \\
\end{tabular}\end{Smallsize}

So, $b \equiv m \geq n = false$ and $\neg b = true$; thus $\{ P \wedge b \} = false$ and $\{ P \wedge
\neg b \} = P$.

So, for $C_2$ we have:
$\{ P \wedge \neg b \} = \{ P \} = $
$\{ IN = [16] \wedge OUT =
[0,1,2] \wedge m=4 \wedge n=9 \} \rightarrow $
$\{ IN = [16] \wedge OUT =
[0,1,2] \wedge m=4 \wedge n=9 \wedge 2*n=18 \}$
a := 2*n tex2html_wrap_inline${ P [V E] }$ tex2html_wrap_inline$V :=> E$ tex2html_wrap_inline${ P }$
$\{ IN = [16] \wedge OUT = [0,1,2] \wedge m=4 \wedge n=9 \wedge
a=18 \}$
and for $C_1$ we can have anything since the premise is false:
$\{ P \wedge b \} = false$
a := 2*m
$\{ IN = [16] \wedge OUT = [0,1,2] \wedge m=4 \wedge n=9 \wedge
a=18 \}$

Example (III)

$\{ IN = [16] \wedge OUT = [0,1,2] \wedge m=4 \wedge n=9\}$
if m $\geq$ n then  
    a := 2*m
  else  
    a := 2*n
endif;    

$\{ IN = [16] \wedge OUT = [0,1,2] \wedge m=4 \wedge n=9 \wedge
a=18 \}$

and

$\{ IN = [16] \wedge OUT = [0,1,2] \wedge m=4 \wedge n=9 \wedge
a=18 \}$
write a
$\{ IN = [16] \wedge OUT = [0,1,2] :: [18] \wedge m=4 \wedge n=9
\wedge a=18 \}$

which implies

$\{ IN = [16] \wedge OUT = [0,1,2,18] \}$

While Command

$
\{P \wedge b\} C \{P\}
$
$ \{ P \} \textbf{ while } b \textbf{ do } C \textbf{ endwhile }
\{ P \wedge \neg b \}
$

Loop Invariant

Study carefully many examples!

Example (exponent)

$\{ N\geq0 \wedge A\geq0 \}$
k := N; s := 1;
while k$>$0 do
  s := A*s;
  k := k-1
endwhile  

$\{ s = A^N
\}$

We follow the ``tips:''

Example (Exponent)

minipage0.45 tex2html_wrap_inline${ N 0 A 0 }$
tabularll k := N; & s := 1;
while & ktex2html_wrap_inline$>$0 do
& s := A*s;
& k := k-1
endwhile

tex2html_wrap_inline${ s = A^N }$
tabular[h]rrrr k & s & 2$^k$ & s*2$^k$
5 & 1 & 32 & 32
4 & 2 & 16 & 32
3 & 4 & 8 & 32
2 & 8 & 4 & 32
1 & 16 & 2 & 32
0 & 32 & 1 & 32

Loop Invariant: $\{ k\geq0 \wedge s*A^k = A^N \}$.

Verification of the Program

Initialization:

$\{ N\geq0 \wedge A\geq0 \}$ $\rightarrow$ $\{ N=N \wedge N\geq0 \wedge A\geq0 \wedge 1=1 \}$
k := N; s := 1;
$\{ k=N \wedge N\geq0 \wedge A\geq0 \wedge s=1 \}$ $\rightarrow$ $\{ k\geq0 \wedge s*A^k = A^N \}$

Preservation:

$\{ k\geq0 \wedge s*A^k = A^N \wedge k>0 \}$ $\rightarrow$ $\{ k>0 \wedge s*A^k = A^N \}$ $\rightarrow$
$\{ k>0 \wedge s*A*A^{k-1} = A^N \}$ $\rightarrow$ $\{ k>0 \wedge A*s*A^{k-1} = A^N \}$
s := A*s;
$\{ k>0 \wedge s*A^{k-1} = A^N \}$ $\rightarrow$ $\{ k-1\geq0 \wedge s*A^{k-1} = A^N \}$
k := k-1
$\{ k\geq0 \wedge s*A^k = A^N \}$

Completion:

$\{ k\geq0 \wedge s*2^k = A^N \wedge k\leq0 \}$ $\rightarrow$ $\{ k=0 \wedge s*2^k = A^N \}$ $\rightarrow$ $\{ s = A^N
\}$

Further Topics

Acknowledgments


next_inactive up previous
Last modification: Tue Nov 28 21:52:52 CET 2006 <webmaster@clip.dia.fi.upm.es>[CLIP] [FIM] [UNM]