Design of Distributed Systems Melinda Tóth, Zoltán Horváth
|
|
|
- Peter Baker
- 5 years ago
- Views:
Transcription
1 Design of Distributed Systems Melinda Tóth, Zoltán Horváth
2 Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/
3 Table of Contents 1 Lecture Syllabus 1 11 Syllabus 1 2 Motivation 1 21 Motivation 1 3 Literature 1 31 Literature Introduction 2 41 Properties of the formal model Properties of the formal model Dining philosophers 2 44 Problem specification (requirements) 3 45 Execution model 4 46 Program, Solution 4 47 Example Lecture Example 5 11 An Example: sorting 5 12 An Implementation: Sorting 5 13 An Implementation: Sorting 5 2 Basic Concepts of the Relational Model 5 21 Concepts 5 22 Relations 6 23 State Space 6 24 Statements and Effect Relation 6 25 Example 6 26 Partial Function and Logical Relation 6 27 Truth Set 7 28 Transitive Disjunctive Closure 7 29 Example TDC Relation 8 3 Lecture Problem 9 11 Problem 9 12 Specification Relations 9 13 Example 9 14 Problem Definition Notation Notation Example Value of a Function 11 2 Abstract Parallel Program Abstract parallel program General Assignment Example Extension Conditional Assignment Example Abstract Program 12 4 Lecture Reminder Problem Abstract Parallel Program Example 14 2 Semantics of the Abstract Program State Transition Trees State Transition Trees Abstract Parallel Program Definition 15 iii
4 Design of Distributed Systems 24 Abstract Parallel Program Notation Execution Reachable States Unconditionally Fair Scheduling 16 3 Program Properties of the Abstract Program Weakest Precondition Weakest Precondition Strongest Postcondition 17 5 Lecture Reminder Abstract Parallel Program and Scheduling Weakest Precondition and Strongest Postcondition 18 2 Program Properties of the Abstract Program Invariant Properties, Definition Strongest Invariant Always True Properties, Definition 19 6 Lecture Reminder Invariant Properties 21 2 Program Properties of the Abstract Program Unless Properties, Definition Unless and Invariant Property Ensures Property, Definition Leads-to Property, Definition 22 7 Lecture Reminder Program Properties 24 2 Program Properties of the Abstract Program Inevitability Fixed Point Properties Definitions Example Weakening of fixed point property Termination properties Behaviour relation of abstract program 25 8 Lecture Reminder Program Properties 26 2 Solution Solution Reachable states Satisfies a specification property Satisfies a specification property Satisfies a specification property Satisfies a specification property Satisfies a specification property Satisfies a specification property Solved by a program Set of solutions 28 9 Lecture Reminder Solution Solved by a Program 29 2 Derivation Rules Refinement of a Problem Refinement of Invariant Specification Property Refinement of Inevitable Specification Property in Finite Steps Variant Function Application of a Variant Function and Variant Function 30 iv
5 Design of Distributed Systems 27 Termination Refinement of fixed point requirement Lecture Reminder Reminder 31 2 Program Constructions Union Behaviour Relation of Union Behaviour Relation of Union Derivation Rule of Union Union and Subset of the State Spaces (1) Union and Subset of the State Spaces (2) General Locality Theorem Lecture Reminder Union 34 2 Program Constructions Superposition Behaviour Relation of Superposition Weak Extension of a Problem Derivation Rule of Superposition Sequence of Programs Sequence of Programs (cont) Sequence of Programs (cont) Behaviour Relation of Sequence Behaviour Relation of Sequence (cont) Derivation Rule of Program Sequencing Derivation Rule of Program Sequencing (cont) Lecture Reminder Program Constructions 39 2 Computation of the Value of an Associative Function Notations Notations Notations The Problem The Formal Specification of the Problem The Formal Specification of the Problem Properties of Associative Operators Auxiliary Function Auxiliary Function Substitution of a Function by a Variable Substitution of a Function by a Variable Variant Function Refining the Specification of the Problem Refining the Specification of the Problem Refining the Specification of the Problem Refining the Specification of the Problem Lecture Reminder Computation of the Value of an Associative Function The Formal Specification of the Problem Refined Specification of the Problem Refined Specification of the Problem 43 2 Solution of the Problem Solution of the Problem Solution of the Problem The Program Solves the Problem The Program Solves the Problem The Program Solves the Problem The Program Solves the Problem 45 v
6 Design of Distributed Systems 27 The Program Solves the Problem The Program Solves the Problem The Program Solves the Problem The Program Solves the Problem The Program Solves the Problem Lecture Reminder Computation of the Value of an Associative Function 47 2 Channels Channels Semantics of Operations 47 3 Natural Number Generator Example Natural Number Generator (NNG) NNG Refinement of the Problem NNG Solution The Program Solves the Problem The Program Solves the Problem The Program Solves the Problem 49 4 Pipeline Pipeline Specification of Pipeline Refinement of the Problem Refinement of the Problem Solution Practice Definitions Relations State Space Statements and Effect Relation Partial Function and Logical Relation Truth Set General Assignment Conditional Assignment Abstract Parallel Program Weakest precondition Strongest Postcondition WP of the Abstract Parallel Program Properties of WP Properties of WP Calculating the WP 53 2 Calculating the WP Exercise Exercise 1(cont) Exercise Exercise Exercises Practice Reminder Effect Relation Weakest precondition WP of the Abstract Parallel Program Properties of WP Properties of WP Calculating the WP 56 2 Calculating WP(S, R) Exercise Exercise Exercises 56 3 Unless Program Property Definition 57 vi
7 Design of Distributed Systems 32 Properties Proof Proof Stable Properties 57 4 Calculating Unless Exercise Exercise 1 (solution) Exercise 1 (solution) Simplified Solution Simplified Solution Simplified Solution Exercise 1 (simplified solution) Exercise 1 (simplified solution) Exercise Practice Reminder Program Properties 61 2 Properties of Unless Unless and Stable Property Unless and Stable Property Unless Is Disjunctive and Conjunctive Unless Is NOT Transitive Consequence Weakening Condition Narrowing Cancellation 63 3 Exercises Exercise Exercise Practice Reminder Program Properties 64 2 Ensures Ensures Property, Definition Properties Proof Properties Properties Properties 65 3 Calculating Ensures Exercise Exercise 1 (solution) 66 4 Properties Ensures and Stable Property Ensures and Stable Property Ensures Is NOT Transitive Ensures Is NOT Disjunctive Consequence Weakening Corollario Impossibility Practice Reminder Program Properties 69 2 Ensures Exercise 69 3 Leads-to Leads-to Property, Definition Exercise 70 4 Properties Basic Properties Implication Property 70 vii
8 Design of Distributed Systems 43 Consequence Weakening Condition Narrowing 70 5 Proof Strategy Structural Induction Impossibility Impossibility Impossibility Practice Reminder Program Properties Program Properties Structural Induction 73 2 Leads-to Properties Leads-to and Stable Property PSP Theorem 74 3 Exercises Exercise Exercise Exercise Exercise Inevitability Inevitability Inevitability 75 5 Exercises Exercise 3 (cont) Exercise Exercise Exercise Exercise Exercise Practice Reminder Program Properties Program Properties 78 2 Fixed Point Properties Fixed Point Properties Definitions Exercise Exercise Invariant Invariant Properties, Definition Exercise Exercises Calculate the Properties of the Program Calculate the Properties of the Program Calculate the Properties of the Program Calculate the Properties of the Program Practice Reminder Program Properties 82 2 Problem Problem Specification Relations Problem Definition Notation Example: Greatest Common Divisor GCD 83 3 Solution Solution Solved by a Program Solution 84 viii
9 Design of Distributed Systems 34 Refinement of fixed point requirement 84 4 Exercise Greatest Common Divisor GCD Refinement of fixed point requirement Solution Refinement of fixed point requirement S Solves the Problem Step Step Step Step Step Sorting Refinement of fixed point requirement Solution Practice Reminder Test Scope 90 2 Test Examples Does it hold? Check the Properties! Check the Properties! Does S Satisfy the Properties? Does S Satisfy the Properties? Practice Reminder Where we are now? 93 2 Channels Channels Semantics of Operations 93 3 FORK FORK The function split Specification Solution The Program Solves the Problem The Program Solves the Problem The Program Solves the Problem The Program Solves the Problem The Program Solves the Problem The Program Solves the Problem Practice Reminder Channels The function split 97 2 Multiplexer MUX Specification Solution The Program Solves the Problem The Program Solves the Problem The Program Solves the Problem The Program Solves the Problem The Program Solves the Problem Exercise Specification Solution Check the properties of the program! Check the properties of the program! Practice ix
10 Design of Distributed Systems 1 Reminder Channels Pipeline Pipeline Specification of Pipeline Refinement of the Problem Solution Exercise Reduction to Pipeline Theorem Example: Approximation of Square Root Specification of the Problem Refinement of the Problem Refinement of the Problem Solution Exercise Exercise Practice Reminder Reminder Union Union Behaviour Relation of Union Properties Based on the Definition Counterexample of Counterexample of Exercises Check the property! (1) Check the property!(1) Check the property! (2) Check the property! (2) Check the property! (3) Check the property! (3) Check the property! (4) Check the property! (4) Check the property! (5) Check the property! (5) Check the property! (6) Check the property! (7) Practice Reminder Test Scope Test Examples Does it hold? Check the Properties! Check the Properties! Check the Properties! Check the Properties! Reduction Reduction 112 x
11 Chapter 1 Lecture 1 1 Syllabus 11 Syllabus Dining/drinking philosophers Distributed problems Formal specification and properties of distributed systems Safety and progress properties of distributed programs Verification of safety critical properties Program compositions from components with proved properties Computing the value of an associative function Computing the value of an associative function 2 Motivation 21 Motivation Motivation for using formal methods: safety critical applications safe application of software components primary goal: sound concepts about distributed and parallel programs 3 Literature 31 Literature 1 Chandy, KM, Misra, J: Parallel Program Design - A Foundation Addison-Wesley, 1989 Misra, J: A Discipline of Multiprogramming - Programming Theory for Distributed Applications Springer, 2001 Horváth Z: Parallel asynchronous computation of the values of an associative function Acta Cybernetica, Vol12, No 1, Szeged (1995) Horváth Z: The Formal Specification of a Problem Solved by a Parallel Program a Relational Model Fóthi Á- Horváth Z- Kozsik T: Parallel Elementwise Processing A Novel Version Annales Uni Sci Budapest de R Eötvös Nom Sectio Computatorica (1996) Horváth Z- Kozsik T- Venczel T: On Composing Problems and Parallel Programs In: Paakki J, ed, Proceedings of the Fifth Symposium on Programming Languages and Software Tools, Jyväskylä, Finland, June 7-8, 1997 (1997) Report C , University of Helsinki, 1-12 Horváth Z- Kozsik T- Venczel T: Parallel Programs Implementing Abstract Data Type Operations Pure Mathematics and Applications (PUMA), Volume 11 (2000), Number 2 pp
12 Lecture 1 4 Introduction 41 Properties of the formal model 1 We need a formal model, which is appropriate for specification of problems and developing the solutions of problems in case of parallel and distributed systems 42 Properties of the formal model 2 The introduced model is an extension of a relational model of nondeterministic sequential programs, provides tools for stepwise refinement of problems, in a functional approach, uses the concept of iterative abstract program of UNITY, the concept of solution is based on the comparison of the problem as a relation and the behaviour relation of the program 43 Dining philosophers States: thinking: t 2
13 Lecture 1 forks in hands: f eating: e at home: h 44 Problem specification (requirements) : unless: unless: ensures: inevitable leads-to: invariant: fixed point: termination: 3
14 Lecture 1 Help: thinking: t, forks in hands: f, eating: e, at home: h 45 Execution model Abstract execution model, if No control flow, free processors select assignments asynchronously 46 Program, Solution Program, if scheduling, processes, location, communication infrastructure, language Solution Specification requirements are satisfied by program properties 47 Example Example C/PVM PC-cluster (Parallel Virtual Machine) Erlang VM cluster 48, if The notion of the state space makes it possible to define the semantical meaning of a problem independently of any program The generalized concept of a problem is applicable for cases in which termination is not required but the behaviour of the specified system is restricted by safety and progress properties The solution of a problem may be a sequential program, a parallel one, or even a program built up from both sequential and parallel components 4
15 Chapter 2 Lecture 2 1 Example 11 An Example: sorting 12 An Implementation: Sorting A valid implementation: the code for the i-th processor: loop < lock a(i) and a(i+1) > x := a(i); y := a(i+1); if x > y then a(i+1):=x; a(i):= y; end if; < unlock a(i) and a(i+1) > end loop; processes 13 An Implementation: Sorting A sequential program: loop for i=1 to n-1 do x := a(i); y := a(i+1); if x > y then a(i+1):=x; a(i):= y; end if; end for end loop 2 Basic Concepts of the Relational Model 21 Concepts A programming model defines the semantics of problems and programs operations for problem and program constructions when a program solves a program Relational model: the elements of the semantic domain are relations 5
16 Lecture 2 22 Relations An arbitrary subset of a direct product of sets is called a relation Let where and are arbitrary sets The domain of the relation is defined by 23 State Space Let is a finite or numerable set The set is called state space, the sets are called type value sets The projections are called variables is the set of the finite sequences of the points of the state space and the set of the infinite sequences Let A statement is a subset of the direct product 24 Statements and Effect Relation A statement is a subset of the direct product The effect relation of a statement is denoted by The effect relation expresses the functionality of the statement 25 Example var i,j : integer; j:=2; while i <> 5 loop i:=i+j end loop State space:, variables:, seq program:,, etc effect relation: 26 Partial Function and Logical Relation 6
17 Lecture 2 A relation is called a partial function, if for all the set has at most one element If then is a function If is a relation, where is an arbitrary set and is the set of the logical values, then is called a logical relation 27 Truth Set The truth set of the logical function is defined as The logical functions are defined by their truth sets 28 Transitive Disjunctive Closure The power-set (set of subsets) of set is denoted by relation is the transitive disjunctive closure of relation, if is the smallest relation, for which holds: 7
18 Lecture 2 if and, then for any numerable set : 29 Example TDC Relation,,, 8
19 Chapter 3 Lecture 3 1 Problem 11 Problem The problem is defined as a set of specification relations Every specification relation is defined over the powerset of the state space Let be logical functions We define and 12 Specification Relations - ( stable unless ), - ( ensures -t), - ( is inevitable from ),, - (fixed point is inevitable from ), - ( holds in any fixed point), - ( is invariant), ( initially) 13 Example, According to specification requirement the program is enabled to change state to state only According to the specification relation the variable is non-decreasing and can be increased one by one 9
20 Lecture 3 14 Problem Definition Let be a state space and let be a finite or numerable set The relation, where is called a problem defined over the state space is called the parameter space of the problem Two relations expressing boundary properties and five relations expressing transition properties are associated to every point of set 15 Notation Let denote an arbitrary element of the domain of the problem Let denote an element of The components of are denoted by and by respectively If then we use instead of in the indices for the sake of simplicity 16 Notation 10
21 Lecture 3 17 Example Value of a Function, 2 Abstract Parallel Program 21 Abstract parallel program The abstract program is a relation generated by a set of conditional assignments; assignments are selected nondeterministically, executions of different processors are fairly interleaved a fixed point is said to be reached in a state, if any statement in that state leaves the state unchanged 22 General Assignment A statement over the state space is called empty and termed, if Let,, where The statement is a general assignment defined by, if 11
22 Lecture 3 23 Example x,y : N, x,y := x+y, x-y,,, F(2,3)=?, F(3,2)=? 24 Extension We extend the domain of a relation for the whole state space in the following way:,,, where Let The relation is the extension of for the truth set of condition, ie,, if and, otherwise 25 Conditional Assignment Let be an assignment, for which This kind of (simultaneous, nondeterministic) assignment is called a conditional assignment, if We denote the conditional assignment the following way:, if Simultaneous, nondeterministic, conditional assignment:, if, if Abbreviation: 26 Example Abstract Program 12
23 Lecture 3, if Atomicity: if no atomicity: there is no state, when is 6 13
24 Chapter 4 Lecture 4 1 Reminder 11 Problem The problem is defined as a set of specification relations Every specification relation is defined over the powerset of the state space Let be logical functions We define and 12 Abstract Parallel Program The abstract program is a relation generated by a set of conditional assignments; assignments are selected nondeterministically, executions of different processors are fairly interleaved a fixed point is said to be reached in a state, if any statement in that state leaves the state unchanged 13 Example, if 2 Semantics of the Abstract Program 21 State Transition Trees Let be an ordered pair of a conditional assignment and of a nonempty, finite set of conditional assignments, such that, where, The semantics of the abstract program is defined as a binary relation which associates equivalence classes of correctly labeled state transition trees to the points of the state space 22 State Transition Trees The labeled state transition trees are generated by the ordered pair 14
25 Lecture 4 of the effect relation of the initial assignment and of the UP(S) disjoint union of the effect relations of the elements of the abstract program 23 Abstract Parallel Program Definition The relation is called an abstract parallel program, if it associates equivalence classes of labelled transition trees to the element, which trees are generated at by the ordered pairs of relations and have a correct labelling 24 Abstract Parallel Program Notation The abstract parallel program generated by is abbreviated by in the following The conditional assignment is called the initialization in and is said to be an element of the program 25 Execution 15
26 Lecture 4 Any path of a representative of the equivalence class parallel program starting in the state is called an execution path of the abstract Any concurrent execution of conditional assignments should satisfy the requirement of serializibility Every execution path of the abstract parallel program represents a possible sequential execution sequence of the assignments The introduced semantics is an interleaving semantics of parallel programs 26 Reachable States The labels (states) along the execution paths of set is denoted by is the set of reachable states from state 27 Unconditionally Fair Scheduling An execution path corresponds to the requirement of unconditionally fair scheduling, if every statement is selected infinitely times along the path, ie every label from index set is associated infinitely often to the vertices of the path 3 Program Properties of the Abstract Program 31 Weakest Precondition The program properties are defined in terms of the weakest precondition of the element statements of the abstract program The logical function is called the weakest precondition of the postcondition in respect to the statement We define 32 Weakest Precondition 16
27 Lecture 4 33 Strongest Postcondition The logical function is called the strongest postcondition of in respect to 17
28 Chapter 5 Lecture 5 1 Reminder 11 Abstract Parallel Program and Scheduling The abstract parallel program generated by is abbreviated by in the following The conditional assignment is called the initialization in and is said to be an element of the program An execution path corresponds to the requirement of unconditionally fair scheduling, if every statement is selected infinitely times along the path, ie every label from index set is associated infinitely often to the vertices of the path 12 Weakest Precondition and Strongest Postcondition 2 Program Properties of the Abstract Program 21 Invariant Properties, Definition is the set of logical functions of which truth are preserved by the elements of if the program is started from a state satisfying and 18
29 Lecture 5 22 Strongest Invariant Lemma 1 (Conjunction of invariants) is closed for the conjunction operation is the conjunction of the elements of the set is the strongest invariant Theorem 1 The truth set of is the set of reachable states from 23 Always True Properties, Definition Always true is not invariant 19
30 Lecture 5 20
31 Chapter 6 Lecture 6 1 Reminder 11 Invariant Properties is the set of logical functions of which truth are preserved by the elements of if the program is started from a state satisfying is the conjunction of the elements of the set is the strongest invariant 2 Program Properties of the Abstract Program 21 Unless Properties, Definition is stable while Unless 22 Unless and Invariant Property Theorem 2 If and, then Theorem 3 If and, then 21
32 Lecture 6 23 Ensures Property, Definition is stable while in and there is a conditional assignment which ensures the transition from to Ensures Theorem 4 If and, then 24 Leads-to Property, Definition is the transitive disjunctive closure of relation 22
33 Lecture 6 is the smallest binary relation satisfying the conditions: if and, then Let denote a countable set If, then Theorem 5 If and, then 23
34 Chapter 7 Lecture 7 1 Reminder 11 Program Properties is the smallest binary relation satisfying the conditions: if and, then Let denote an countable set If, then 2 Program Properties of the Abstract Program 21 Inevitability Inevitability, if and only if when on all execution paths leading from and satisfying the axiom of the unconditionally fair scheduling there is a node at a finite unbounded distance from of which label is an element of the truth set of, ie, the program inevitable reaches the truth set of started from Theorem 6 ( sound and complete) = 22 Fixed Point Properties A fixed point is said to be reached in a state of the state space, if none of the statements changes the state and is a simultaneous, non deterministic conditional assignment, ie :, if denotes the logical function, which characterizes the set of states over which the relation is deterministic, ie, 23 Definitions Set of fixed point Set of fixed point with deterministic assignments 24
35 Lecture 7 Fixed point properties Let us denote by the set 24 Example, ha 25 Weakening of fixed point property Theorem 7 If and, then 26 Termination properties Termination properties denotes the set 27 Behaviour relation of abstract program Behaviour relation Let be a program over the state space The system of relations is called the behaviour relation of the parallel program 25
36 Chapter 8 Lecture 8 1 Reminder 11 Program Properties Invariant Unless Ensures Leads-to Fixed point Termination 2 Solution 21 Solution Definition The abstract parallel program is a solution of the problem, if, such that the program satisfies all the specification properties given in the,,,,, components of assuming that the program starts from a state satisfying all the elements of 22 Reachable states The truth set of an invariant property may be regarded as a characterization of a subset of reachable states It is sufficient for us, if the program satisfies all properties over the truth set of an invariant property 23 Satisfies a specification property Definition The program satisfies the specification property, if and only if there exists an invariant property such that the program satisfies with respect to, ie, and 26
37 Lecture 8 Theorem 8 The program satisfies the specification property, if it satisfies with respect to the strongest invariant, ie is an always true program property: ( 24 Satisfies a specification property Definition ) The program satisfies the specification property, if and only if there exists an invariant property such that the program satisfies with respect to, ie, and Theorem 9 The program satisfies the specification property, if it satisfies with respect to the strongest invariant, ie 25 Satisfies a specification property Definition The program satisfies the specification property, if and only if there exists an invariant such that the program satisfies with respect to, ie, and Theorem 10 The program satisfies the specification property, if it satisfies with respect to the strongest invariant, ie 26 Satisfies a specification property Definition The program satisfies the specification property, if and only if there exists an invariant such that the program satisfies with respect to, ie, and Theorem 11 The program satisfies the specification property, if it satisfies with respect to the strongest invariant, ie 27
38 Lecture 8 27 Satisfies a specification property Definition The program satisfies the specification property, if and only if there exists an invariant such that the program satisfies with respect to, ie, and Theorem 12 The program satisfies the specification property, if it satisfies with respect to the strongest invariant, ie 28 Satisfies a specification property Definition The program satisfies the specification property, if and only if there exists an invariant such that the program satisfies ( ) with respect to, ie, and Theorem 13 The program satisfies the specification property, if it satisfies with respect to the strongest invariant, ie 29 Solved by a program Definition The problem is said to be solved by the program with respect to an invariant property, if such that and satisfies all the specification properties given in with respect to and the initial conditions 210 Set of solutions Definition We define as the set of all abstract parallel programs that solve the problem 28
39 Chapter 9 Lecture 9 1 Reminder 11 Solution Definition The abstract parallel program is a solution of the problem, if, such that the program satisfies all the specification properties given in the,,,,, components of assuming that the program starts from a state satisfying all the elements of 12 Solved by a Program Definition The problem is said to be solved by the program with respect to an invariant property, if such that and satisfies all the specification properties given in with respect to and the initial conditions 2 Derivation Rules 21 Refinement of a Problem Definition Let be problems defined over the state space If : solves solves, then the problem is a refinement of the problem 22 Refinement of Invariant Specification Property Theorem 14 If the abstract program satisfies the specification properties and, then satisfies the specification property too 23 Refinement of Inevitable Specification Property in Finite Steps Theorem 15 satisfies to the specification property, if it can be derived by finite number of application of the following rules: 1 29
40 Lecture 9 if satisfies, then satisfies too 2 Transitivity: if satisfies and satisfies, then satisfies too 3 Disjunctivity: for all W numerable set: if satisfies 24 Variant Function Definition is a variant function, then satisfies too are logical functions:, 25 Application of a Variant Function Theorem 16 logical functions, is a variant function, for which If satisfies, then satisfies too 26 and Variant Function Theorem 17 logical functions, is a variant function, for which If satisfies, then satisfies 27 Termination too Theorem 18 and is a variant function, for which 28 Refinement of fixed point requirement If satisfies for all, then satisfies Theorem 19 If satisfies and, and, then satisfies 30
41 Chapter 10 Lecture 10 1 Reminder 11 Reminder Problem Parallel Abstract Program Properties of the Programs Solution Derivation Rules 2 Program Constructions 21 Union Definition Let and be two subspaces of the state space Let denote the largest common subspace of and Let and be the extensions to of two programs on and respectively If all variables belonging to get the same value in the assignments and (ie ), then the program called the union of and 22 Behaviour Relation of Union that is defined on, is Theorem 20 Let Then: for which : 31
42 Lecture Behaviour Relation of Union Theorem 21 Let and be two problems over a common state space and parameter space 1 2 3, 4,, 5, 6, 7 24 Derivation Rule of Union Theorem 22 1 Let and be two problems over a common state space and parameter space 2 32
43 Lecture 10 Let and be two programs extended to state space, and let the union of this programs exist 3 If is a solution of with respect to and is a solution of with respect to and 4, 5 then is a solution of 25 Union and Subset of the State Spaces (1) Theorem 23 Let, a logical function on state space in such a way, that and In this case: if, then, if, then, if, then 26 Union and Subset of the State Spaces (2) Theorem 24 Let, a logical function on state space in such a way that if, then, if, then,, In this case if and, then 27 General Locality Theorem Theorem 25 and are programs on the same state space denotes the variables in abstract program If 1, then, és 1 33
44 Chapter 11 Lecture 11 1 Reminder 11 Union Definition Let and be two subspaces of the state space Let denote the largest common subspace of and Let and be the extensions to of two programs on and respectively If all variables belonging to get the same value in the assignments and (ie ), then the program called the union of and 2 Program Constructions 21 Superposition Definition that is defined on, is Let be a subspace of and let be a program over Let be a conditional assignment defined over in such a way, that none of the variables of appear on the left hand side in Let denote the superposition of and Let be the extension of to The a) and the b), where programs are called superpositions of the program and the assignment 22 Behaviour Relation of Superposition Theorem 26 Let the program over state space be a superposition of the program and the statement, if, where is a program over the subspace of Let and be two logical functions over and let and denote the extension of and to is the extension of the logical function and 34
45 Lecture 11 1, 2, 3, 4, 5, 6 23 Weak Extension of a Problem Definition, is the weak extension of the problem if it is derived from the extension of, from, by leaving out the " " type specification conditions 24 Derivation Rule of Superposition Theorem 27 Let be a problem over the subspace of state space and over the parameter space If is a solution of then any superposition of the program and the statement is a solution of the weak extension of 25 Sequence of Programs Definition Let, be two subspaces of state space Let be a program over, be a program over Let denote the extension of to Let be a logical variable, where the state space component of neither belongs to nor to 26 Sequence of Programs (cont) Definition (cont) 35
46 Lecture 11 Let denote the program defined on state space, where,, if ) Let denote the program defined on state space, where, if ), if 27 Sequence of Programs (cont) Definition (cont) The and is denoted as program is called the sequence of 28 Behaviour Relation of Sequence Theorem 28 In the following we suppose that the predicates,, etc are independent of the variable and are the extensions of the logical functions of and respectively Let Then: 1 2 if, then, 3 if, then, if, then, 4 if, then, 5 if, then, 6 if, then, 36
47 Lecture 11 7, 8 if then, 29 Behaviour Relation of Sequence (cont) Theorem 29 In the following we suppose that the predicates,, etc are independent of the variable and are the extensions of the logical functions of and respectively Let Then: 1 2 iff, iff, 3 and iff, 4 if then, if and then 210 Derivation Rule of Program Sequencing Theorem 30 Let and subspaces of state space Let and deterministic problems over and resp and over parameter space Let ; be the sequence of (defined over ) and (defined over ) For any we mark the components of with, the components of with 211 Derivation Rule of Program Sequencing (cont) Theorem 31 If satisfies and conditions under precondition, satisfies and conditions under precondition, and 37
48 Lecture 11, then satisfies and conditions under precondition 38
49 Chapter 12 Lecture 12 1 Reminder 11 Program Constructions Union Superposition Sequence 2 Computation of the Value of an Associative Function 21 Notations Let be a set Let denote an arbitrary associative binary operator over is a function describing the single or multiple application of the operator 22 Notations Since is associative, for any arbitrary sequence of length at least three: We write instead of the infix notation in the following We extend for sequences of length one: 23 Notations The Problem Let a finite sequence of the elements of be given Let us compute the value of the function for all, where and 24 The Formal Specification of the Problem We represent the sequences and the values of function by arrays We specify that the program inevitably reaches a fixed point and the array contains the values of in any fixed point 39
50 Lecture The Formal Specification of the Problem 26 Properties of Associative Operators The computation of the values of at place is made easier with the knowledge of the value of for subsequences indexed by the elements of an arbitrary interval The result computed for a subsequence is useful in the computation of the value of includes the subsequence for any sequence which 27 Auxiliary Function Let us introduce the auxiliary function Let denote the value of for the sequence of which the first element is and its length is or the last element is, if Definition The precise definition of the partial function is: 28 Auxiliary Function Lemma 2 If, then 29 Substitution of a Function by a Variable The two-dimensional array is introduced to store the known values of This method is called the substitution of a function by a variable The lines on the next Figure illustrate the connections among the elements of the matrix In fixed points and, 40
51 Lecture 12 ie is the value of for an at most length prefix 210 Substitution of a Function by a Variable 211 Variant Function Let us choose the variant function in the following way: The variant function depends on the number of elements of the matrix which elements are different from the value of function at the corresponding place and on the number of places where the value of the array is different from the value of function 212 Refining the Specification of the Problem We extend the state space and refine the specification of the problem 213 Refining the Specification of the Problem 41
52 Lecture Refining the Specification of the Problem The connection between the variables and the function is given by the invariants (6)-(8) 215 Refining the Specification of the Problem Lemma 3 The given specification ((4)-(9)) is a refinement of the original specification ((1)- (3)) Proof and in fixed point according to (6) Using (7) it follows that the equation fixed point holds in Since, after the application of the definition of we get, which is the same as property (3) 42
53 Chapter 13 Lecture 13 1 Reminder 11 Computation of the Value of an Associative Function 12 The Formal Specification of the Problem 13 Refined Specification of the Problem 14 Refined Specification of the Problem 43
54 Lecture 13 2 Solution of the Problem 21 Solution of the Problem 22 Solution of the Problem Theorem 32 The abstract program below is a solution for the problem specified by (4)-(9), ie, a solution for the problem of the computation of the values of an associative function 23 The Program Solves the Problem Proof (6): using the definition of : We use invariant properties and apply mathematical induction on satisfies in fixed points to prove that the program 24 The Program Solves the Problem 44
55 Lecture 13 Base Case From (7) and follows Inductive hypothesis 25 The Program Solves the Problem Proof Since, contradicts the hypothesis This means (12) can be simplified to If, then, else (11) does not hold Using the inductive hypothesis and we get, ie, 26 The Program Solves the Problem Proof The last statement contradicts the initial condition: This means, else (12) does not hold Using the invariant (7) we get Based on (10) 27 The Program Solves the Problem Proof (5): Every statement of the program decreases the variant function by 1 or does not cause state transition If the program is not in one of its fixed points, then there exists an corresponding conditional assignment, which assignment increases the value of and a there exists an for which and the value of is different from the value of 28 The Program Solves the Problem Proof (8):, or Since implies and, the equality holds initially All the assignments change the value of and simultaneously 45
56 Lecture The Program Solves the Problem Proof (7): Since, Since is initially, After calculating the weakest preconditions of the assignments it is sufficient to show that 210 The Program Solves the Problem Proof After calculating the weakest preconditions of the assignments it is sufficient to show that and, implies the equality for, ie, and 211 The Program Solves the Problem Proof implies the equality for and, ie, and n the first case implies and implies In the second case implies and implies We use the Lemma: If, then In both of the cases the application of the Lemma leads to the statement 46
57 Chapter 14 Lecture 14 1 Reminder 11 Computation of the Value of an Associative Function 2 Channels 21 Channels queue, buffer for one directional communication Error-free, unbounded or bounded the history of the channel Operations: (P1) (P2) 22 Semantics of Operations 47
58 Lecture 14 Locality: any property P of P1 is stable in the other process(es), if outgoing channels variables of P1 only contains local variables and For any property, if and, then is stable in the system 3 Natural Number Generator 31 Example Natural Number Generator (NNG) 32 NNG Refinement of the Problem 33 NNG Solution 48
59 Lecture The Program Solves the Problem Proof (5): We show 35 The Program Solves the Problem Proof (6): 36 The Program Solves the Problem Proof (7): and 4 Pipeline 41 Pipeline 42 Specification of Pipeline 49
60 Lecture Refinement of the Problem 44 Refinement of the Problem Proof By fixed point refinement it is sufficient: Proof by using the lemma: The lemma is proved by induction 45 Solution 50
61 Chapter 15 Practice 1 1 Definitions 11 Relations An arbitrary subset of a direct product of sets is called a relation Let where and are arbitrary sets The domain of the relation is defined by 12 State Space Let is a finite or numerable set The set is called state space, the sets are called type value sets The projections are called variables is the set of the finite sequences of the points of the state space and the set of the infinite sequences Let A statement is a subset of the direct product 13 Statements and Effect Relation A statement is a subset of the direct product The effect relation of a statement is denoted by The effect relation expresses the functionality of the statement 14 Partial Function and Logical Relation A relation is called a partial function, if for all the set has at most one element If then is a function If is a relation, where is an arbitrary set and is the set of the logical values, then is called a logical relation 15 Truth Set The truth set of the logical function is defined as The logical functions are defined by their truth sets 16 General Assignment 51
62 Practice 1 A statement over the state space is called empty and termed, if Let,, where The statement is a general assignment defined by, if 17 Conditional Assignment Let be an assignment, for which This kind of (simultaneous, nondeterministic) assignment is called a conditional assignment, if We denote the conditional assignment the following way:, if Simultaneous, nondeterministic, conditional assignment:, if, if Abbreviation: 18 Abstract Parallel Program The conditional assignment is called the initialization in and is said to be an element of the program 19 Weakest precondition The logical function is called the weakest precondition of the postcondition in respect to the statement 110 Strongest Postcondition The logical function is called the strongest postcondition of in respect to 111 WP of the Abstract Parallel Program 52
63 Practice 1, where 112 Properties of WP, if 113 Properties of WP,, If, then,, 114 Calculating the WP, is a function and is a logical relation then 2 Calculating the WP 21 Exercise 1 53
64 Practice 1 22 Exercise 1(cont) 23 Exercise 2 24 Exercise 3 25 Exercises,,,,,, 54
65 Chapter 16 Practice 2 1 Reminder 11 Effect Relation A statement is a subset of the direct product The effect relation of a statement is denoted by The effect relation expresses the functionality of the statement 12 Weakest precondition The logical function is called the weakest precondition of the postcondition in respect to the statement 13 WP of the Abstract Parallel Program, where 14 Properties of WP, if 15 Properties of WP, 55
66 Practice 2, If, then,, 16 Calculating the WP, is a function and is a logical relation then 2 Calculating WP(S, R) 21 Exercise 1 22 Exercise 1 23 Exercises,, 56
67 Practice 2, ; 3 Unless Program Property 31 Definition is stable while 32 Properties 33 Proof 1 Theorem 33 Proof 34 Proof 2 Theorem 34 Proof 35 Stable Properties does not always hold: If, then P is stable Counterexample 57
68 Practice 2 4 Calculating Unless 41 Exercise 1 ;? 42 Exercise 1 (solution) : : 43 Exercise 1 (solution) 58
69 Practice 2 44 Simplified Solution 45 Simplified Solution SKIP execution paths can be omitted 46 Simplified Solution Condition reordering 47 Exercise 1 (simplified solution) ;? 48 Exercise 1 (simplified solution) Omitting SKIP branches and reordering conditions : 59
70 Practice 2 : 49 Exercise 2 ;? 60
71 Chapter 17 Practice 3 1 Reminder 11 Program Properties Weakest Postcondition, where Unless is stable while 2 Properties of Unless 21 Unless and Stable Property Theorem 35 If and, then Proof What s needed? (wp property) 22 Unless and Stable Property Lemma 4 (lemma) 61
72 Practice 3 Proof 23 Unless Is Disjunctive and Conjunctive Theorem Unless Is NOT Transitive Counterexample does not always hold! 25 Consequence Weakening Theorem Condition Narrowing Counterexample does not always hold! 62
73 Practice 3 27 Cancellation Theorem 38 3 Exercises 31 Exercise 1 32 Exercise 2 63
74 Chapter 18 Practice 4 1 Reminder 11 Program Properties Weakest Postcondition, where Unless is stable while 2 Ensures 21 Ensures Property, Definition is stable while in and there is a conditional assignment which ensures the transition from to Ensures 22 Properties 23 Proof 1 Theorem 39 Proof and 64
75 Practice 4 is true (see Lecture 2) and 24 Properties does not always hold Counterexample and 25 Properties does not always hold Counterexample 26 Properties does not always hold Counterexample 3 Calculating Ensures 31 Exercise 1 ; 65
76 Practice 4? 32 Exercise 1 (solution) (see Lecture 2) : 4 Properties 41 Ensures and Stable Property Theorem 40 If and, then Proof What s needed? Needed:, therefore is true (Unless and Stable property) 42 Ensures and Stable Property Proof and, then (wp property), therefore 66
77 Practice 4 43 Ensures Is NOT Transitive Counterexample does not always hold! 44 Ensures Is NOT Disjunctive Counterexample does not always hold! 45 Consequence Weakening Theorem Corollario Theorem Impossibility Theorem 43 67
78 Practice 4 68
79 Chapter 19 Practice 5 1 Reminder 11 Program Properties Weakest Postcondition, Unless where Ensures 2 Ensures 21 Exercise? 3 Leads-to 31 Leads-to Property, Definition is the transitive disjunctive closure of relation is the smallest binary relation satisfying the conditions: if and, then 69
80 Practice 5 Let denote a countable set If, then 32 Exercise 4 Properties 41 Basic Properties does not always hold does not always hold does not always hold 42 Implication Property Theorem Consequence Weakening Theorem Condition Narrowing 5 Proof Strategy 51 Structural Induction Induction on the structure of the proof Applied when appears in the premise of the theorem 70
81 Practice 5 Strategy: Base case: prove the theorem for Inductive step 1 (transitivity): prove the theorem for, where and for a given Inductive step 2 (disjunction): prove the theorem for, where and and 52 Impossibility Theorem 46 Proof Structural induction: 1 Base case: (Impossibility of ) 53 Impossibility Proof Structural induction: 2 Induction on transitivity:, where and Inductive hypothesis: the theorem holds for and (Inductive hyp) (Inductive hyp) 54 Impossibility Proof Structural induction: 3 Induction on disjunction:, where and Inductive hypothesis: the theorem holds for and (Inductive hyp) 71
82 Practice 5 (Inductive hyp) 72
83 Chapter 20 Practice 6 1 Reminder 11 Program Properties Weakest Postcondition, Unless where Ensures 12 Program Properties is the transitive disjunctive closure of relation is the smallest binary relation satisfying the conditions: if and, then Let denote a countable set If, then 13 Structural Induction Induction on the structure of the proof Applied when appears in the premise of the theorem Strategy: Base case: prove the theorem for Inductive step 1 (transitivity): prove the theorem for, where and for a given 73
84 Practice 6 Inductive step 2 (disjunction): prove the theorem for, where and and 2 Leads-to Properties 21 Leads-to and Stable Property Theorem 47 If and, then Proof Structural induction 1 Base case 2 Induction on transitivity 3 Induction on disjunction 22 PSP Theorem Theorem 48 Progress-Safety-Progress Theorem: Proof Structural induction 1 Base case 2 Induction on transitivity 3 Induction on disjunction 3 Exercises 31 Exercise 1 32 Exercise 2 33 Exercise 3 74
85 Practice 6 34 Exercise 3 Counterexample How can we prove that? 4 Inevitability 41 Inevitability Inevitability, if and only if when on all execution paths leading from and satisfying the axiom of the unconditionally fair scheduling there is a node at a finite unbounded distance from of which label is an element of the truth set of, ie, the program inevitable reaches the truth set of started from Theorem 49 ( sound and complete) = 42 Inevitability = Confuting is the same as confuting Give an unconditionally fair scheduling starting from 5 Exercises 51 Exercise 3 (cont) that does not reach the truth set of Counterexample 75
86 Practice 6 52 Exercise 4 53 Exercise 4 Counterexample 54 Exercise 5 55 Exercise 6 56 Exercise 6 Counterexample 76
87 Practice 6 77
88 Chapter 21 Practice 7 1 Reminder 11 Program Properties, where is the smallest binary relation satisfying the conditions: if and, then Let denote a countable set If, then 12 Program Properties Inevitability:, if and only if when on all execution paths leading from and satisfying the axiom of the unconditionally fair scheduling there is a node at a finite unbounded distance from of which label is an element of the truth set of, ie, the program inevitable reaches the truth set of started from 2 Fixed Point Properties 21 Fixed Point Properties A fixed point is said to be reached in a state of the state space, if none of the statements changes the state and is a simultaneous, non deterministic conditional assignment, ie :, if denotes the logical function, which characterizes the set of states over which the relation is deterministic, ie, 22 Definitions Set of fixed point 78
89 Practice 7 Set of fixed point with deterministic assignments Fixed point properties Let us denote by the set 23 Exercise 1 24 Exercise 1 3 Invariant 31 Invariant Properties, Definition is the set of logical functions of which truth are preserved by the elements of if the program is started from a state satisfying and and 32 Exercise 2 79
90 Practice 7 1) 2) 4 Exercises 41 Calculate the Properties of the Program 1 42 Calculate the Properties of the Program
91 Practice 7 43 Calculate the Properties of the Program 2 44 Calculate the Properties of the Program
92 Chapter 22 Practice 8 1 Reminder 11 Program Properties 2 Problem 21 Problem The problem is defined as a set of specification relations Every specification relation is defined over the powerset of the state space Let be logical functions We define and 22 Specification Relations - ( stable unless ), - ( ensures -t), - ( is inevitable from ),, - (fixed point is inevitable from ), - ( holds in any fixed point), - ( is invariant), ( initially) 23 Problem Definition 82
93 Practice 8 Let be a state space and let be a finite or numerable set The relation, where is called a problem defined over the state space is called the parameter space of the problem Two relations expressing boundary properties and five relations expressing transition properties are associated to every point of set 24 Notation Let denote an arbitrary element of the domain of the problem Let denote an element of The components of are denoted by and by respectively If then we use instead of in the indices for the sake of simplicity 25 Example: Greatest Common Divisor GCD Solution 31 Solution Definition 83
94 Practice 8 The abstract parallel program is a solution of the problem, if, such that the program satisfies all the specification properties given in the,,,,, components of assuming that the program starts from a state satisfying all the elements of 32 Solved by a Program Definition The problem is said to be solved by the program with respect to an invariant property, if such that and satisfies all the specification properties given in with respect to and the initial conditions 33 Solution The program satisfies the specification property, if and only if there exists an invariant property such that the program satisfies with respect to, ie, and 34 Refinement of fixed point requirement 84
95 Practice 8 Theorem 50 If satisfies and, and, then satisfies 4 Exercise 41 Greatest Common Divisor GCD Refinement of fixed point requirement
96 Practice Solution 44 Refinement of fixed point requirement If satisfies and, and, then satisfies 45 S Solves the Problem We have to check: Step 1 Check: and 86
97 Practice 8 47 Step 2 Check: and 48 Step 3 49 Step 4 Use the Theorem of Variant Function Theorem 51 logical functions, is a variant function, for which If 410 Step 4 Check: too satisfies, then satisfies and Then: Use the variant function: 411 Sorting 87
98 Practice Refinement of fixed point requirement Solution 88
99 Practice 8 89
100 Chapter 23 Practice 9 1 Reminder 11 Test Scope Program Properties Checking Program Properties Problem Solution 2 Test Examples 21 Does it hold? A B 22 Check the Properties! A, where Check the Properties! B, where 90
101 Practice 9 1, 2 24 Does S Satisfy the Properties? A (1) (2) (3) (4) If the program terminate, give a variant function which can be used to proof that S satisfies the property 25 Does S Satisfy the Properties? B (1) (2) (3) (4) If the program terminate, give a variant function which can be used to proof that S satisfies the property 91
102 Practice 9 92
103 Chapter 24 Practice 10 1 Reminder 11 Where we are now? Problem Parallel Program Solution 2 Channels 21 Channels queue, buffer for one directional communication Error-free, unbounded or bounded the history of the channel Operations: (P1) (P2) 22 Semantics of Operations 3 FORK 93
104 Practice FORK Requirements: Data must not be lost New data must not be produced The scheduling must be fair FORK must do something ( is not a good solution) 32 The function split A helper function: Take the smallest from these functions 33 Specification 34 Solution 94
105 Practice The Program Solves the Problem Proof (2): Lets see: ( is similar) 36 The Program Solves the Problem Proof (2): We have to proof that: Lets see the following figure: 95
106 Practice The Program Solves the Problem Proof (2): (2) holds based on the definition of the function 38 The Program Solves the Problem Proof (3):, (*) There are two cases: a) b) and and In case of a): we are ready In case of b): we can assume that (based on ) 39 The Program Solves the Problem Proof (3) b): We have to proof that: Then go back to step (*) That results: we can use instead of is transitive: 310 The Program Solves the Problem Proof (3):, we can use the variant function theorem to proof (3) 96
107 Chapter 25 Practice 11 1 Reminder 11 Channels queue, buffer for one directional communication Error-free, unbounded or bounded the history of the channel Operations: (P1) (P2) 12 The function split Take the smallest from these functions 2 Multiplexer 21 MUX 97
108 Practice 11 Requirements: Data must not be lost New data must not be produced The scheduling must be fair MUX must do something ( is not a good solution) 22 Specification 23 Solution 24 The Program Solves the Problem Proof (2): 98
109 Practice 11 Lets see: ( is similar) 25 The Program Solves the Problem Proof (2): We can use the lemma from the previous lecture: (2) holds based on the definition of the function 26 The Program Solves the Problem Proof (3):, and (*) There are two cases:, a) b) and and In case of a): we are ready In case of b): we can assume that 27 The Program Solves the Problem Proof (3) b): We have to proof that: Then go back to step (*) That results: we can use instead of is transitive: 99
110 Practice The Program Solves the Problem Proof (3), is similar 3 Exercise 31 Specification 32 Solution Does this program solve the specified problem? 33 Check the properties of the program! 100
111 Practice Check the properties of the program!
112 Chapter 26 Practice 12 1 Reminder 11 Channels queue, buffer for one directional communication Error-free, unbounded or bounded the history of the channel Special problems: FORK, MUX 2 Pipeline 21 Pipeline 22 Specification of Pipeline 102
113 Practice Refinement of the Problem 24 Solution 3 Exercise 31 Reduction to Pipeline Theorem Given the Pipeline Theorem and a similar problem to solve The specification of the problem corresponds to the specification of pipeline Use the solution of pipeline (S) and transform it according to the correspondence (S ) If S solves pipeline, than S solves the similar problem 32 Example: Approximation of Square Root Given numbers: Calculate the square root of the numbers: Use the following iteration: 33 Specification of the Problem 103
114 Practice Refinement of the Problem, 35 Refinement of the Problem 36 Solution 37 Exercise 1 Given thousands of s:, and ten different spam filters: Calculate the average of the spam filters for every s:! 38 Exercise 2 104
Hoare Logic (I): Axiomatic Semantics and Program Correctness
Hoare Logic (I): Axiomatic Semantics and Program Correctness (Based on [Apt and Olderog 1991; Gries 1981; Hoare 1969; Kleymann 1999; Sethi 199]) Yih-Kuen Tsay Dept. of Information Management National Taiwan
Dynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics
Dynamic Semantics Operational Semantics Denotational Semantic Dynamic Semantics Operational Semantics Operational Semantics Describe meaning by executing program on machine Machine can be actual or simulated
Propositional and Predicate Logic - V
Propositional and Predicate Logic - V Petr Gregor KTIML MFF UK WS 2016/2017 Petr Gregor (KTIML MFF UK) Propositional and Predicate Logic - V WS 2016/2017 1 / 21 Formal proof systems Hilbert s calculus
Mid-Semester Quiz Second Semester, 2012
THE AUSTRALIAN NATIONAL UNIVERSITY Mid-Semester Quiz Second Semester, 2012 COMP2600 (Formal Methods for Software Engineering) Writing Period: 1 hour duration Study Period: 10 minutes duration Permitted
Hoare Logic I. Introduction to Deductive Program Verification. Simple Imperative Programming Language. Hoare Logic. Meaning of Hoare Triples
Hoare Logic I Introduction to Deductive Program Verification Işıl Dillig Program Spec Deductive verifier FOL formula Theorem prover valid contingent Example specs: safety (no crashes), absence of arithmetic
Axiomatic Semantics. Lecture 9 CS 565 2/12/08
Axiomatic Semantics Lecture 9 CS 565 2/12/08 Axiomatic Semantics Operational semantics describes the meaning of programs in terms of the execution steps taken by an abstract machine Denotational semantics
Axiomatic Semantics. Semantics of Programming Languages course. Joosep Rõõmusaare
Axiomatic Semantics Semantics of Programming Languages course Joosep Rõõmusaare 2014 Direct Proofs of Program Correctness Partial correctness properties are properties expressing that if a given program
The Underlying Semantics of Transition Systems
The Underlying Semantics of Transition Systems J. M. Crawford D. M. Goldschlag Technical Report 17 December 1987 Computational Logic Inc. 1717 W. 6th St. Suite 290 Austin, Texas 78703 (512) 322-9951 1
The State Explosion Problem
The State Explosion Problem Martin Kot August 16, 2003 1 Introduction One from main approaches to checking correctness of a concurrent system are state space methods. They are suitable for automatic analysis
Program Analysis Part I : Sequential Programs
Program Analysis Part I : Sequential Programs IN5170/IN9170 Models of concurrency Program Analysis, lecture 5 Fall 2018 26. 9. 2018 2 / 44 Program correctness Is my program correct? Central question for
Proof Rules for Correctness Triples
Proof Rules for Correctness Triples CS 536: Science of Programming, Fall 2018 A. Why? We can t generally prove that correctness triples are valid using truth tables. We need proof axioms for atomic statements
Petri nets. s 1 s 2. s 3 s 4. directed arcs.
Petri nets Petri nets Petri nets are a basic model of parallel and distributed systems (named after Carl Adam Petri). The basic idea is to describe state changes in a system with transitions. @ @R s 1
Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions
Chapter 1 Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions 1.1 The IMP Language IMP is a programming language with an extensible syntax that was developed in the late 1960s. We will
Hoare Logic: Part II
Hoare Logic: Part II COMP2600 Formal Methods for Software Engineering Jinbo Huang Australian National University COMP 2600 Hoare Logic II 1 Factorial {n 0} fact := 1; i := n; while (i >0) do fact := fact
Program verification using Hoare Logic¹
Program verification using Hoare Logic¹ Automated Reasoning - Guest Lecture Petros Papapanagiotou Part 2 of 2 ¹Contains material from Mike Gordon s slides: Previously on Hoare Logic A simple while language
How to reason with Strong-fairness and No-fairness
How to reason with Strong-fairness and No-fairness Notes on UNITY: 31 92 Jayadev Misra Department of Computer Sciences The University of Texas at Austin Austin, Texas 78712 (512) 471-9547 misra@cs.utexas.edu
Exercises 1 - Solutions
Exercises 1 - Solutions SAV 2013 1 PL validity For each of the following propositional logic formulae determine whether it is valid or not. If it is valid prove it, otherwise give a counterexample. Note
Properties of the Integers
Properties of the Integers The set of all integers is the set and the subset of Z given by Z = {, 5, 4, 3, 2, 1, 0, 1, 2, 3, 4, 5, }, N = {0, 1, 2, 3, 4, }, is the set of nonnegative integers (also called
a + b = b + a and a b = b a. (a + b) + c = a + (b + c) and (a b) c = a (b c). a (b + c) = a b + a c and (a + b) c = a c + b c.
Properties of the Integers The set of all integers is the set and the subset of Z given by Z = {, 5, 4, 3, 2, 1, 0, 1, 2, 3, 4, 5, }, N = {0, 1, 2, 3, 4, }, is the set of nonnegative integers (also called
The Assignment Axiom (Hoare)
The Assignment Axiom (Hoare) Syntax: V := E Semantics: value of V in final state is value of E in initial state Example: X:=X+ (adds one to the value of the variable X) The Assignment Axiom {Q[E/V ]} V
Notes. Corneliu Popeea. May 3, 2013
Notes Corneliu Popeea May 3, 2013 1 Propositional logic Syntax We rely on a set of atomic propositions, AP, containing atoms like p, q. A propositional logic formula φ Formula is then defined by the following
Propositional and Predicate Logic - IV
Propositional and Predicate Logic - IV Petr Gregor KTIML MFF UK ZS 2015/2016 Petr Gregor (KTIML MFF UK) Propositional and Predicate Logic - IV ZS 2015/2016 1 / 19 Tableau method (from the previous lecture)
Static Program Analysis
Static Program Analysis Lecture 16: Abstract Interpretation VI (Counterexample-Guided Abstraction Refinement) Thomas Noll Lehrstuhl für Informatik 2 (Software Modeling and Verification) noll@cs.rwth-aachen.de
AN INTRODUCTION TO SEPARATION LOGIC. 2. Assertions
AN INTRODUCTION TO SEPARATION LOGIC 2. Assertions John C. Reynolds Carnegie Mellon University January 7, 2011 c 2011 John C. Reynolds Pure Assertions An assertion p is pure iff, for all stores s and all
A Theory for Composing Distributed Components, Based on Temporary Interference
A Theory for Composing Distributed Components, Based on Temporary Interference I.S.W.B. Prasetya T.E.J. Vos S.D. Swierstra B. Widjaja Abstract Compositionality provides the foundation of software modularity,
5 Set Operations, Functions, and Counting
5 Set Operations, Functions, and Counting Let N denote the positive integers, N 0 := N {0} be the non-negative integers and Z = N 0 ( N) the positive and negative integers including 0, Q the rational numbers,
Lecture Notes 1 Basic Concepts of Mathematics MATH 352
Lecture Notes 1 Basic Concepts of Mathematics MATH 352 Ivan Avramidi New Mexico Institute of Mining and Technology Socorro, NM 87801 June 3, 2004 Author: Ivan Avramidi; File: absmath.tex; Date: June 11,
Lecture Notes: Axiomatic Semantics and Hoare-style Verification
Lecture Notes: Axiomatic Semantics and Hoare-style Verification 17-355/17-665/17-819O: Program Analysis (Spring 2018) Claire Le Goues and Jonathan Aldrich clegoues@cs.cmu.edu, aldrich@cs.cmu.edu It has
Bilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft)
Bilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft) Jayadev Misra December 18, 2015 Contents 1 Introduction 3 2 Program and Execution Model 4 2.1 Program Structure..........................
CHAPTER 10. Gentzen Style Proof Systems for Classical Logic
CHAPTER 10 Gentzen Style Proof Systems for Classical Logic Hilbert style systems are easy to define and admit a simple proof of the Completeness Theorem but they are difficult to use. By humans, not mentioning
Mathematical Logic Propositional Logic - Tableaux*
Mathematical Logic Propositional Logic - Tableaux* Fausto Giunchiglia and Mattia Fumagalli University of Trento *Originally by Luciano Serafini and Chiara Ghidini Modified by Fausto Giunchiglia and Mattia
THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600/COMP6260 (Formal Methods for Software Engineering)
THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester 2016 COMP2600/COMP6260 (Formal Methods for Software Engineering) Writing Period: 3 hours duration Study Period: 15 minutes duration Permitted Materials:
Chapter 2. Assertions. An Introduction to Separation Logic c 2011 John C. Reynolds February 3, 2011
Chapter 2 An Introduction to Separation Logic c 2011 John C. Reynolds February 3, 2011 Assertions In this chapter, we give a more detailed exposition of the assertions of separation logic: their meaning,
Equational Logic. Chapter Syntax Terms and Term Algebras
Chapter 2 Equational Logic 2.1 Syntax 2.1.1 Terms and Term Algebras The natural logic of algebra is equational logic, whose propositions are universally quantified identities between terms built up from
3 Propositional Logic
3 Propositional Logic 3.1 Syntax 3.2 Semantics 3.3 Equivalence and Normal Forms 3.4 Proof Procedures 3.5 Properties Propositional Logic (25th October 2007) 1 3.1 Syntax Definition 3.0 An alphabet Σ consists
Spring 2016 Program Analysis and Verification. Lecture 3: Axiomatic Semantics I. Roman Manevich Ben-Gurion University
Spring 2016 Program Analysis and Verification Lecture 3: Axiomatic Semantics I Roman Manevich Ben-Gurion University Warm-up exercises 1. Define program state: 2. Define structural semantics configurations:
Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège
Temporal logics and explicit-state model checking Pierre Wolper Université de Liège 1 Topics to be covered Introducing explicit-state model checking Finite automata on infinite words Temporal Logics and
Floyd-Hoare Style Program Verification
Floyd-Hoare Style Program Verification Deepak D Souza Department of Computer Science and Automation Indian Institute of Science, Bangalore. 9 Feb 2017 Outline of this talk 1 Overview 2 Hoare Triples 3
1 Introduction. 2 First Order Logic. 3 SPL Syntax. 4 Hoare Logic. 5 Exercises
Contents 1 Introduction INF5140: Lecture 2 Espen H. Lian Institutt for informatikk, Universitetet i Oslo January 28, 2009 2 Proof System 3 SPL 4 GCD 5 Exercises Institutt for informatikk (UiO) INF5140:
Lecture Notes on Inductive Definitions
Lecture Notes on Inductive Definitions 15-312: Foundations of Programming Languages Frank Pfenning Lecture 2 September 2, 2004 These supplementary notes review the notion of an inductive definition and
ESE601: Hybrid Systems. Introduction to verification
ESE601: Hybrid Systems Introduction to verification Spring 2006 Suggested reading material Papers (R14) - (R16) on the website. The book Model checking by Clarke, Grumberg and Peled. What is verification?
Automata Theory and Formal Grammars: Lecture 1
Automata Theory and Formal Grammars: Lecture 1 Sets, Languages, Logic Automata Theory and Formal Grammars: Lecture 1 p.1/72 Sets, Languages, Logic Today Course Overview Administrivia Sets Theory (Review?)
CS156: The Calculus of Computation
CS156: The Calculus of Computation Zohar Manna Winter 2010 It is reasonable to hope that the relationship between computation and mathematical logic will be as fruitful in the next century as that between
Foundations of Mathematics MATH 220 FALL 2017 Lecture Notes
Foundations of Mathematics MATH 220 FALL 2017 Lecture Notes These notes form a brief summary of what has been covered during the lectures. All the definitions must be memorized and understood. Statements
Abstractions and Decision Procedures for Effective Software Model Checking
Abstractions and Decision Procedures for Effective Software Model Checking Prof. Natasha Sharygina The University of Lugano, Carnegie Mellon University Microsoft Summer School, Moscow, July 2011 Lecture
THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600 (Formal Methods for Software Engineering)
THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester 2012 COMP2600 (Formal Methods for Software Engineering) Writing Period: 3 hours duration Study Period: 15 minutes duration Permitted Materials: One A4
Hoare Calculus and Predicate Transformers
Hoare Calculus and Predicate Transformers Wolfgang Schreiner Wolfgang.Schreiner@risc.uni-linz.ac.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.uni-linz.ac.at
CS156: The Calculus of Computation Zohar Manna Autumn 2008
Page 3 of 52 Page 4 of 52 CS156: The Calculus of Computation Zohar Manna Autumn 2008 Lecturer: Zohar Manna (manna@cs.stanford.edu) Office Hours: MW 12:30-1:00 at Gates 481 TAs: Boyu Wang (wangboyu@stanford.edu)
A Humble Introduction to DIJKSTRA S A A DISCIPLINE OF PROGRAMMING
A Humble Introduction to DIJKSTRA S A A DISCIPLINE OF PROGRAMMING Do-Hyung Kim School of Computer Science and Engineering Sungshin Women s s University CONTENTS Bibliographic Information and Organization
Deductive Verification
Deductive Verification Mooly Sagiv Slides from Zvonimir Rakamaric First-Order Logic A formal notation for mathematics, with expressions involving Propositional symbols Predicates Functions and constant
Deterministic Program The While Program
Deterministic Program The While Program Shangping Ren Department of Computer Science Illinois Institute of Technology February 24, 2014 Shangping Ren Deterministic Program The While Program February 24,
Combining Propositional Dynamic Logic with Formal Concept Analysis
Proc. CS&P '06 Combining Propositional Dynamic Logic with Formal Concept Analysis (extended abstract) N.V. Shilov, N.O. Garanina, and I.S. Anureev A.P. Ershov Institute of Informatics Systems, Lavren ev
Spring 2015 Program Analysis and Verification. Lecture 4: Axiomatic Semantics I. Roman Manevich Ben-Gurion University
Spring 2015 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University Agenda Basic concepts of correctness Axiomatic semantics (pages 175-183) Hoare Logic
Unifying Theories of Programming
1&2 Unifying Theories of Programming Unifying Theories of Programming 3&4 Theories Unifying Theories of Programming designs predicates relations reactive CSP processes Jim Woodcock University of York May
Hoare Logic and Model Checking
Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Introduction In the
Decision Procedures for Satisfiability and Validity in Propositional Logic
Decision Procedures for Satisfiability and Validity in Propositional Logic Meghdad Ghari Institute for Research in Fundamental Sciences (IPM) School of Mathematics-Isfahan Branch Logic Group http://math.ipm.ac.ir/isfahan/logic-group.htm
Asynchronous Communication 2
Asynchronous Communication 2 INF4140 22.11.12 Lecture 11 INF4140 (22.11.12) Asynchronous Communication 2 Lecture 11 1 / 37 Overview: Last time semantics: histories and trace sets specification: invariants
Lecture Notes on Inductive Definitions
Lecture Notes on Inductive Definitions 15-312: Foundations of Programming Languages Frank Pfenning Lecture 2 August 28, 2003 These supplementary notes review the notion of an inductive definition and give
Mathematical Preliminaries. Sipser pages 1-28
Mathematical Preliminaries Sipser pages 1-28 Mathematical Preliminaries This course is about the fundamental capabilities and limitations of computers. It has 3 parts 1. Automata Models of computation
Dynamic Noninterference Analysis Using Context Sensitive Static Analyses. Gurvan Le Guernic July 14, 2007
Dynamic Noninterference Analysis Using Context Sensitive Static Analyses Gurvan Le Guernic July 14, 2007 1 Abstract This report proposes a dynamic noninterference analysis for sequential programs. This
Complete Induction and the Well- Ordering Principle
Complete Induction and the Well- Ordering Principle Complete Induction as a Rule of Inference In mathematical proofs, complete induction (PCI) is a rule of inference of the form P (a) P (a + 1) P (b) k
A Short Introduction to Hoare Logic
A Short Introduction to Hoare Logic Supratik Chakraborty I.I.T. Bombay June 23, 2008 Supratik Chakraborty (I.I.T. Bombay) A Short Introduction to Hoare Logic June 23, 2008 1 / 34 Motivation Assertion checking
Propositional Logic Language
Propositional Logic Language A logic consists of: an alphabet A, a language L, i.e., a set of formulas, and a binary relation = between a set of formulas and a formula. An alphabet A consists of a finite
Introduction to Kleene Algebras
Introduction to Kleene Algebras Riccardo Pucella Basic Notions Seminar December 1, 2005 Introduction to Kleene Algebras p.1 Idempotent Semirings An idempotent semiring is a structure S = (S, +,, 1, 0)
Sequential programs. Uri Abraham. March 9, 2014
Sequential programs Uri Abraham March 9, 2014 Abstract In this lecture we deal with executions by a single processor, and explain some basic notions which are important for concurrent systems as well.
arxiv: v2 [cs.dc] 18 Feb 2015
![arxiv: v2 [cs.dc] 18 Feb 2015](/thumbs/77/76517087.jpg "arxiv: v2 [cs.dc] 18 Feb 2015")
Consensus using Asynchronous Failure Detectors Nancy Lynch CSAIL, MIT Srikanth Sastry CSAIL, MIT arxiv:1502.02538v2 [cs.dc] 18 Feb 2015 Abstract The FLP result shows that crash-tolerant consensus is impossible
Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either
Introduction to Temporal Logic The purpose of temporal logics is to specify properties of dynamic systems. These can be either Desired properites. Often liveness properties like In every infinite run action
Chapter 2. Reductions and NP. 2.1 Reductions Continued The Satisfiability Problem (SAT) SAT 3SAT. CS 573: Algorithms, Fall 2013 August 29, 2013
Chapter 2 Reductions and NP CS 573: Algorithms, Fall 2013 August 29, 2013 2.1 Reductions Continued 2.1.1 The Satisfiability Problem SAT 2.1.1.1 Propositional Formulas Definition 2.1.1. Consider a set of
Complexity Theory VU , SS The Polynomial Hierarchy. Reinhard Pichler
Complexity Theory Complexity Theory VU 181.142, SS 2018 6. The Polynomial Hierarchy Reinhard Pichler Institut für Informationssysteme Arbeitsbereich DBAI Technische Universität Wien 15 May, 2018 Reinhard
Outline. Complexity Theory EXACT TSP. The Class DP. Definition. Problem EXACT TSP. Complexity of EXACT TSP. Proposition VU 181.
Complexity Theory Complexity Theory Outline Complexity Theory VU 181.142, SS 2018 6. The Polynomial Hierarchy Reinhard Pichler Institut für Informationssysteme Arbeitsbereich DBAI Technische Universität
Program Composition in Isabelle/UNITY
Program Composition in Isabelle/UNITY Sidi O. Ehmety and Lawrence C. Paulson Cambridge University Computer Laboratory J J Thomson Avenue Cambridge CB3 0FD England Tel. (44) 1223 763584 Fax. (44) 1223 334678
Part III. 10 Topological Space Basics. Topological Spaces
Part III 10 Topological Space Basics Topological Spaces Using the metric space results above as motivation we will axiomatize the notion of being an open set to more general settings. Definition 10.1.
Löwenheim-Skolem Theorems, Countable Approximations, and L ω. David W. Kueker (Lecture Notes, Fall 2007)
Löwenheim-Skolem Theorems, Countable Approximations, and L ω 0. Introduction David W. Kueker (Lecture Notes, Fall 2007) In its simplest form the Löwenheim-Skolem Theorem for L ω1 ω states that if σ L ω1
Syntax. Notation Throughout, and when not otherwise said, we assume a vocabulary V = C F P.
First-Order Logic Syntax The alphabet of a first-order language is organised into the following categories. Logical connectives:,,,,, and. Auxiliary symbols:.,,, ( and ). Variables: we assume a countable
Decision Procedures. Jochen Hoenicke. Software Engineering Albert-Ludwigs-University Freiburg. Winter Term 2016/17
Decision Procedures Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg Winter Term 2016/17 Jochen Hoenicke (Software Engineering) Decision Procedures Winter Term 2016/17 1 / 436 Program
Learning Goals of CS245 Logic and Computation
Learning Goals of CS245 Logic and Computation Alice Gao April 27, 2018 Contents 1 Propositional Logic 2 2 Predicate Logic 4 3 Program Verification 6 4 Undecidability 7 1 1 Propositional Logic Introduction
Decomposing Specifications of Concurrent Systems
327 Decomposing Specifications of Concurrent Systems Martín Abadi and Leslie Lamport Systems Research Center, Digital Equipment Corporation 130 Lytton Avenue, Palo Alto, CA 94301, U.S.A. We introduce a
Weakest Precondition Calculus
Weakest Precondition Calculus COMP2600 Formal Methods for Software Engineering Rajeev Goré Australian National University Semester 2, 2016 (Most lecture slides due to Ranald Clouston) COMP 2600 Weakest
Applied Logic for Computer Scientists. Answers to Some Exercises
Applied Logic for Computer Scientists Computational Deduction and Formal Proofs Springer, 2017 doi: http://link.springer.com/book/10.1007%2f978-3-319-51653-0 Answers to Some Exercises Mauricio Ayala-Rincón
Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations
Page 1 Definitions Tuesday, May 8, 2018 12:23 AM Notations " " means "equals, by definition" the set of all real numbers the set of integers Denote a function from a set to a set by Denote the image of
On the Complexity of the Reflected Logic of Proofs
On the Complexity of the Reflected Logic of Proofs Nikolai V. Krupski Department of Math. Logic and the Theory of Algorithms, Faculty of Mechanics and Mathematics, Moscow State University, Moscow 119899,
First-order resolution for CTL
First-order resolution for Lan Zhang, Ullrich Hustadt and Clare Dixon Department of Computer Science, University of Liverpool Liverpool, L69 3BX, UK {Lan.Zhang, U.Hustadt, CLDixon}@liverpool.ac.uk Abstract
Hoare Logic: Reasoning About Imperative Programs
Hoare Logic: Reasoning About Imperative Programs COMP1600 / COMP6260 Dirk Pattinson Australian National University Semester 2, 2018 Programming Paradigms Functional. (Haskell, SML, OCaml,... ) main paradigm:
Axiomatic Semantics. Hoare s Correctness Triplets Dijkstra s Predicate Transformers
Axiomatic Semantics Hoare s Correctness Triplets Dijkstra s Predicate Transformers Goal of a program = IO Relation Problem Specification Properties satisfied by the input and expected of the output (usually
The Decent Philosophers: An exercise in concurrent behaviour
Fundamenta Informaticae 80 (2007) 1 9 1 IOS Press The Decent Philosophers: An exercise in concurrent behaviour Wolfgang Reisig Humboldt-Universität zu Berlin Institute of Informatics Unter den Linden 6,
Chapter 11: Automated Proof Systems
Chapter 11: Automated Proof Systems SYSTEM RS OVERVIEW Hilbert style systems are easy to define and admit a simple proof of the Completeness Theorem but they are difficult to use. Automated systems are
A Tableau Calculus for Minimal Modal Model Generation
M4M 2011 A Tableau Calculus for Minimal Modal Model Generation Fabio Papacchini 1 and Renate A. Schmidt 2 School of Computer Science, University of Manchester Abstract Model generation and minimal model
Introduction to Permission-Based Program Logics Part II Concurrent Programs
Introduction to Permission-Based Program Logics Part II Concurrent Programs Thomas Wies New York University Example: Lock-Coupling List 2 3 5 7 8 9 There is one lock per node; threads acquire locks in
Space-aware data flow analysis
Space-aware data flow analysis C. Bernardeschi, G. Lettieri, L. Martini, P. Masci Dip. di Ingegneria dell Informazione, Università di Pisa, Via Diotisalvi 2, 56126 Pisa, Italy {cinzia,g.lettieri,luca.martini,paolo.masci}@iet.unipi.it
Proving Inter-Program Properties
Unité Mixte de Recherche 5104 CNRS - INPG - UJF Centre Equation 2, avenue de VIGNATE F-38610 GIERES tel : +33 456 52 03 40 fax : +33 456 52 03 50 http://www-verimag.imag.fr Proving Inter-Program Properties
What happens to the value of the expression x + y every time we execute this loop? while x>0 do ( y := y+z ; x := x:= x z )
Starter Questions Feel free to discuss these with your neighbour: Consider two states s 1 and s 2 such that s 1, x := x + 1 s 2 If predicate P (x = y + 1) is true for s 2 then what does that tell us about
Foundations of Computation
The Australian National University Semester 2, 2018 Research School of Computer Science Tutorial 6 Dirk Pattinson Foundations of Computation The tutorial contains a number of exercises designed for the
Chapter 4: Computation tree logic
INFOF412 Formal verification of computer systems Chapter 4: Computation tree logic Mickael Randour Formal Methods and Verification group Computer Science Department, ULB March 2017 1 CTL: a specification
However another possibility is
19. Special Domains Let R be an integral domain. Recall that an element a 0, of R is said to be prime, if the corresponding principal ideal p is prime and a is not a unit. Definition 19.1. Let a and b
Verification, Refinement and Scheduling of Real-time Programs
Verification, Refinement and Scheduling of Real-time Programs Zhiming Liu Department of Maths & Computer Science Universisty of Leicester Leicester LE1 7RH, UK. E-mail: Z.Liu@mcs.le.ac.uk Mathai Joseph
Equivalence of Regular Expressions and FSMs
Equivalence of Regular Expressions and FSMs Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Regular Language Recall that a language
cse303 ELEMENTS OF THE THEORY OF COMPUTATION Professor Anita Wasilewska
cse303 ELEMENTS OF THE THEORY OF COMPUTATION Professor Anita Wasilewska LECTURE 6 CHAPTER 2 FINITE AUTOMATA 2. Nondeterministic Finite Automata NFA 3. Finite Automata and Regular Expressions 4. Languages
Axiomatic Semantics. Operational semantics. Good for. Not good for automatic reasoning about programs
Review Operational semantics relatively l simple many flavors (small vs. big) not compositional (rule for while) Good for describing language implementation reasoning about properties of the language eg.
Supplementary Notes on Inductive Definitions
Supplementary Notes on Inductive Definitions 15-312: Foundations of Programming Languages Frank Pfenning Lecture 2 August 29, 2002 These supplementary notes review the notion of an inductive definition
Marie Farrell Supervisors: Dr Rosemary Monahan & Dr James Power Principles of Programming Research Group
EXAMINING REFINEMENT: THEORY, TOOLS AND MATHEMATICS Marie Farrell Supervisors: Dr Rosemary Monahan & Dr James Power Principles of Programming Research Group PROBLEM Different formalisms do not integrate