Axiomatic Semantics - PowerPoint PPT Presentation

About This Presentation
Title:

Axiomatic Semantics

Description:

Other approaches: Denotational Semantics: Real meaning in terms of functions on N. Equivalence: f(x) = f(x) + 1 f(x) = if f(x) ==1 then 0 else 1 ... – PowerPoint PPT presentation

Number of Views:199
Avg rating:3.0/5.0
Slides: 30
Provided by: wrightEdu
Learn more at: http://cecs.wright.edu
Category:

less

Transcript and Presenter's Notes

Title: Axiomatic Semantics


1
Axiomatic Semantics
  • Predicate Transformers

2
Motivation
Input
Output
  • Problem Specification
  • Properties satisfied by the input and expected of
    the output (usually described using
    assertions).
  • E.g., Sorting problem
  • Input Sequence of numbers
  • Output Permutation of input that is ordered.
  • Program
  • Transform input to output.

3
  • Sorting algorithms
  • Bubble sort Shell sort
  • Insertion sort Selection sort
  • Merge sort Quick sort
  • Heap sort
  • Axiomatic Semantics
  • To show that a program satisfies its
    specification, it is convenient to have a
    description of the language constructs in terms
    of assertions characterizing the input and the
    corresponding output states.

4
(No Transcript)
5
q
p
6
Axiomatic Approaches
  • Hoares Proof System (partial correctness)
  • Dijkstras Predicate Transformer (total
    correctness)
  • Assertion Logic formula involving program
    variables, arithmetic/boolean operations, etc.
  • Hoare Triples P S Q
  • pre-condition statements
    post-condition
  • (assertion) (program)
    (assertion)

7
Swap Example
  • x n and y m
  • t x
  • x y
  • y t
  • x m and y n
  • program variables vs ghost/logic variables
  • States Variables -gt Values
  • Assertions States -gt Boolean
  • ( Powerset of States)

8
Partial vs Total Correctness
  • P S Q
  • S is partially correct for P and Q if and
    only if whenever S is executed in a state
    satisfying P and the execution terminates,
    then the resulting state satisfies Q.
  • S is totally correct for P and Q if and only
    if whenever S is executed in a state satisfying
    P , then the execution terminates, and the
    resulting state satisfies Q.

9
Examples
  • Totally correct (hence, partially correct)
  • x 11 x 0 x 0
  • x 0 x x 1 x 1
  • false x 0 x 111
  • false while true do x 0
  • y 0 if x ltgt y then x y x 0
  • Not totally correct, but partially correct
  • true while true do x 0
  • Not partially correct
  • true if x lt 0 then x -x x gt 0

10
Axioms and Inference Rules
  • Assignment axiom
  • Qe x e Qx
  • Inference Rule for statement composition
  • P S1 R
  • R S2 Q
  • P S1 S2 Q
  • Example
  • x y x x1 x y1
  • x y1 y y1 x y
  • x y xx1 yy1 x y

11
Generating additional valid triples P S Q
from P S Q
P
States
States
P
Q
P
Q
12
Rule of Consequence
  • P S Q and PgtP and QgtQ
  • P S Q
  • Strengthening the antecedent
  • Weakening the consequent
  • Example
  • x0 and y0 xx1yy1 x y
  • xy xx1 yy1 xlty or x5
  • ( Facts from elementary mathematics
    boolean algebra arithmetic )

13
Predicate Transformers
  • Assignment
  • wp( x e , Q ) Qxlt-e
  • Composition
  • wp( S1 S2 , Q)
  • wp( S1 , wp( S2 , Q ))
  • Correctness
  • P S Q (P gt wp( S , Q))

14
Correctness Illustrated
P gt wp( S , Q)
States
States
Q
wp(S,Q)
P
15
Correctness Proof
  • x0 and y0 xx1yy1 x y
  • wp(yy1 , x y)
  • x y1
  • wp(xx1 , x y1)
  • x1 y1
  • wp(xx1yy1 , x y)
  • x1 y1
  • x y
  • x 0 and y 0 gt x y

16
Conditionals
  • P and B S1 Q
  • P and not B S2 Q
  • P if B then S1 else S2 Q
  • wp(if B then S1 else S2 , Q)
  • (B gt wp(S1,Q)) and
  • (not B gt wp(S2,Q))
  • (B and wp(S1,Q)) or
  • (not B and wp(S2,Q))

17
Debugging Program
  • true if x lt 0 then x -x x gt 0
  • x lt 0 x -x x gt 0
  • x gt 0 x gt 0
  • (x lt 0) gt (-x gt 0)
  • Because (x lt 0) ? (0 lt -x)
  • (x gt 0) gt (x gt 0)
  • (x 0) gt (x gt 0)

18
Invariant Summation Program
  • s i (i 1) / 2
  • i i 1
  • s s i
  • s i (i 1) / 2
  • Intermediate Assertion ( s and i different)
  • s i i (i 1) / 2
  • Weakest Precondition
  • si1 (i1) (i11) / 2

19
while-loop Hoares Approach
  • Inv and B S Inv
  • Inv while B do S Inv and not B
  • Proof of Correctness
  • P while B do S Q
  • P gt Inv and Inv B Inv
  • and Inv and B S Inv
  • and Inv and not B gt Q
  • Loop Termination argument

20
I while B do S I and not B
  • I and B S I
  • 0 iterations I I and not B
  • not B holds
  • 1 iteration I S I and not B
  • B holds not B holds
  • 2 iterations I S S I and not B
  • B holds B holds not B
    holds
  • Infinite loop if B never becomes false.

21
Example1 while-loop correctness
  • ngt0 and x1 and y1
  • while (y lt n) y x xy
  • x n!
  • Choice of Invariant
  • I and not B gt Q
  • I and (y gt n) gt (x n!)
  • I (x y!) and (n gt y)
  • Precondition implies invariant
  • ngt0 and x1 and y1 gt
  • 11! and ngt1

22
  • Verify Invariant
  • I and B gt wp(S,I)
  • wp( y xxy , xy! and ngty)
  • xy! and ngty1
  • I and B
  • xy! and ngty and yltn
  • xy! and ngty
  • Termination
  • Variant ( n - y )
  • y 1 -gt 2 -gt -gt n
  • (n-y) (n-1) -gt (n-2) -gt -gt 0

23
Detailed Working
  • wp( y xxy , xy! and ngty)
  • wp(y,xyy! and ngty)
  • wp(y,xy-1! and ngty)
  • xy1-1! and ngty1
  • xy! and ngty

24
GCD/HCF code
  • PRE (x n) and (y m)
  • while (x ltgt y) do
  • ASSERT ( INVARIANT )
  • begin
  • if x gt y then x x - y
  • else y y - x
  • end
  • POST (x gcd(n,m))

25
GCD-LCM code
  • PRE (x n) and (y m)
  • u x v y
  • while (x ltgt y) do
  • ASSERT ( INVARIANT )
  • begin
  • if x gt y then x x - y u u v
  • else y y - x v v u
  • end
  • POST (x gcd(n,m))
  • and (lcm (n,m) (uv) div 2)

26
while-loop Dijkstras Approach
  • wp( while B do S , Q)
  • P0 or P1 or or Pn or
  • there exists k gt 0 such that Pk
  • Pi Set of states causing i-iterations of
    while-loop before halting in a state in Q.
  • P0 not B and Q
  • P1 B and wp(S, P0)
  • Pk1 B and wp(S, Pk)

27
States
States
...
wp
Q
P2
P0
P1
P0
P0 gt wp(skip, Q) P0 subset Q P1
gt wp(S, P0)
28
Example2 while-loop correctness
  • P0 y gt n and x n!
  • Pk B and wp(S,Pk-1)
  • P1 yltn and y1gtn and x(y1) n!
  • Pk yn-k and x(n-k)!
  • Weakest Precondition Assertion
  • Wp there exists k gt 0 such that
  • P0 or y n-k and x (n-k)!
  • Verification
  • P ngt0 and x1 and y1
  • For i n-1 P gt Wp

29
Induction Proof
  • Hypothesis Pk yn-k and x(n-k)!
  • Pk1 B and wp(S,Pk)
  • yltn and (y1 n-k) and (x(y1)(n-k)!)
  • yltn and (y n-k-1) and (x (n-k-1)!)
  • yltn and (y n- k1) and (x (n- k1)!)
  • (y n - k1) and (x (n - k1)!)
  • Valid preconditions
  • n 4 and y 2 and x 2 (k 2)
  • n 5 and x 5! and y 6 (no iteration)
Write a Comment
User Comments (0)
About PowerShow.com