Tute 10. Liam O'Connor. May 23, 2017
|
|
- Leon Mitchell
- 5 years ago
- Views:
Transcription
1 Tute 10 Liam O'Connor May 23, 2017 proc Search(value g : G, value s : V g, value k : K, result v : T, result f : B) Where a graph g : G is dened as a 4-tuple (V, Γ, κ, λ) containing a set of vertices V, a successor function Γ : V P(V), a key function κ : V K and a payload function λ : V T, all much the same as the assignment. Like the assignment, we will use subscripts (e.g. Γ g ) to refer to a particular component of a graph. As we plan to do DFS using an unbounded stack on a graph, we do not need either of the preconditions from the assignment. Our postconditions, however, look quite similar, with the added assertion that a ne will be found i it is reachable from the start ne { a trivial assertion for a tree, but not for a graph. f, v : True, (1) For our purposes, we will extend the toy language with sets and set operations, and operations on abstract stacks, which we will later eliminate via data renement. S(τ) ::= (empty stack) x, t where x τ and t S(τ) Each of the stack operations is given a renement rule below: initialise t : True, t = t := pop t, x : t = h, r, x = h t = r x := pop(t) push t : True, t = x, t 0 push(t, x) We will also allow comparisons to the empty stack (t = ) in guards with the obvious semantics. 1
2 To begin deriving the implementation, let us rst intruce our stack and our visited set, which will contain all nes that we have already seen. This set is needed in a graph search, but not in a tree search as trees are guaranteed to be acyclic. (1) i-loc,... var t : S(V g ) := var S : P(V g ) := f, v, t, S : t = S =, (2) Now, we know we need a loop, and we have a pretty go idea of what the guard should be: We will exit the loop when we either nd what we're looking for (i.e. f is true), or when we have nowhere else to look (the stack t is empty). (2) sc,... f, v, t, S : t = S =, ϕ (3) f, v, t, S : ϕ, ϕ (f t = ) (4) (f n V f, v, t, S : ϕ (f t = ), g. κ g (n) = k λ g (n) = v n Γg(s)) (5) Here ϕ stands for our loop invariant, which, like the postcondition, is made of two components. ( f ( x S. x Γ ϕ = g(s) κ g (x) k Γ g (x) S t ) ( x t. x Γg(s)) s S t ) In the successful case, when f is true, we have found the ne we are looking for. Note that, because the loop guard tells us that f starts false, this case in the loop invariant only becomes true in the nal iteration of the loop. If we have found the ne we're looking for, then we no longer care about the state of the stack or the visited set, and we can just include the successful postcondition directly in the invariant. If f is false, however, we must describe in the invariant all the relevant properties of our stack t and visited set S. We use the notation t to refer to the set of all elements of a stack t: = x, s = {x} s At the end of the loop, if f is still false, then we know the stack is empty at the end of our loop from our guard. In such a situation, our invariant can be simplied to: ϕ f t = ( x S. x Γ g(s) κ g (x) k Γ g (x) S) s S We must ensure two main conditions: 2
3 1. Everything we have visited is not the ne we're looking for ( n S.κ g (n) k) 2. We have visited every reachable ne from the start ne (Γ g(s) S) With those two facts, we can conclude that no reachable ne from the start ne is the one we're looking for, which is what the postcondition requires ( n V g. n Γ g(s) κ g (n) k). The rst condition trivially follows from the invariant here, because we explicitly state that the visited set does not contain the key. The second condition can be rephrased as x Γ g(s). x S. We can show this from our invariant above using induction on the length of the path from s to x. In the base case, where x = s, we know from the nal conjunct in the invariant that s S. In the inductive case, where x Γ g (k), we have the inductive hypothesis that k S. Because our simplied invariant says that every successor of every ne in S must also be in S, we can conclude that x S as required, as x is a successor of k S. Thus, because in the case where f is true our invariant includes our postcondition directly, and in the case where f is false it directly implies the postcondition, we can just rene the third statement directly to skip: (5)..., skip skip We must also derive ce to establish our invariant initially. We'll do that by setting f to False, and pushing the start ne s onto the stack: Now we can intruce the while loop: (4) while (3) sc,... f := False; push(t, s) while (f t = ) do f, v, t, S : ϕ f t, ϕ (6) Rening the loop by is mostly tedious, but we begin by rst popping a ne o the stack. We know this is safe as our guard guarantees the stack is non-empty: (6) sc, pop, c-frame,... var n := pop(t); f, v, t, S : ϕ n,t / t f, ϕ (7) 3
4 Then, we check to see of the ne we just popped is the one we're looking for, in which case we can set f to true, thus making it very easy to re-establish the invariant by simply setting v to be the payload. (7) if, sc, assign,... if κ g (n) = k then else fi f := True; v := λ g (n); f, v, t, S : ϕ n,t / t f κ g (n) k, ϕ (8) In the else case, because we know the key is not the one we're looking for, we may be inclined to add n to the set S, however to do that we must ensure that n satises all the other conditions imposed on elements of S by the invariant. Firstly, there must be a path from the start ne s to n, which we know is true from our precondition, which states that all elements of the stack n, t (which clearly includes n) are reachable from s. Secondly, we must ensure that all successors of the ne n are in either the stack or the set S. To accomplish this we will simply loop through the set of unvisited successors and push each one to the stack. (8)... var m := Γ g (n) \ S while m do var c : m push(t, c) m := m \ {c} S := S {n} 4
5 Now, gathering all the ce together, we get: proc Search(value g : G, value s : V g, value k : K, result v : T, result f : B) var t : S(V g ) := ; var S : P(V g ) := ; f := False; push(t, s); while (f t = ) do var n := pop(t); if κ g (n) = k then f := True; v := λ g (n); else var m := Γ g (n) \ S while m do var c : m push(t, c) m := m \ {c} S := S {n} fi 5
Dynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics
Dynamic Semantics Operational Semantics Denotational Semantic Dynamic Semantics Operational Semantics Operational Semantics Describe meaning by executing program on machine Machine can be actual or simulated
More informationProving Inter-Program Properties
Unité Mixte de Recherche 5104 CNRS - INPG - UJF Centre Equation 2, avenue de VIGNATE F-38610 GIERES tel : +33 456 52 03 40 fax : +33 456 52 03 50 http://www-verimag.imag.fr Proving Inter-Program Properties
More informationCOP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen
COP4020 Programming Languages Introduction to Axiomatic Semantics Prof. Robert van Engelen Assertions and Preconditions Assertions are used by programmers to verify run-time execution An assertion is a
More informationHoare Logic: Part II
Hoare Logic: Part II COMP2600 Formal Methods for Software Engineering Jinbo Huang Australian National University COMP 2600 Hoare Logic II 1 Factorial {n 0} fact := 1; i := n; while (i >0) do fact := fact
More informationCOMP2111 Glossary. Kai Engelhardt. Contents. 1 Symbols. 1 Symbols 1. 2 Hoare Logic 3. 3 Refinement Calculus 5. rational numbers Q, real numbers R.
COMP2111 Glossary Kai Engelhardt Revision: 1.3, May 18, 2018 Contents 1 Symbols 1 2 Hoare Logic 3 3 Refinement Calculus 5 1 Symbols Booleans B = {false, true}, natural numbers N = {0, 1, 2,...}, integers
More informationHoare Logic and Model Checking
Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Introduction In the
More informationProof Rules for Correctness Triples
Proof Rules for Correctness Triples CS 536: Science of Programming, Fall 2018 A. Why? We can t generally prove that correctness triples are valid using truth tables. We need proof axioms for atomic statements
More informationAxiomatic Semantics: Verification Conditions. Review of Soundness and Completeness of Axiomatic Semantics. Announcements
Axiomatic Semantics: Verification Conditions Meeting 12, CSCI 5535, Spring 2009 Announcements Homework 4 is due tonight Wed forum: papers on automated testing using symbolic execution 2 Questions? Review
More informationMIT Loop Optimizations. Martin Rinard
MIT 6.035 Loop Optimizations Martin Rinard Loop Optimizations Important because lots of computation occurs in loops We will study two optimizations Loop-invariant code motion Induction variable elimination
More informationWhat is SSA? each assignment to a variable is given a unique name all of the uses reached by that assignment are renamed
Another Form of Data-Flow Analysis Propagation of values for a variable reference, where is the value produced? for a variable definition, where is the value consumed? Possible answers reaching definitions,
More informationAxiomatic Semantics. Semantics of Programming Languages course. Joosep Rõõmusaare
Axiomatic Semantics Semantics of Programming Languages course Joosep Rõõmusaare 2014 Direct Proofs of Program Correctness Partial correctness properties are properties expressing that if a given program
More informationLecture Notes on Software Model Checking
15-414: Bug Catching: Automated Program Verification Lecture Notes on Software Model Checking Matt Fredrikson André Platzer Carnegie Mellon University Lecture 19 1 Introduction So far we ve focused on
More informationModeling and Analysis of Hybrid Systems
Modeling and Analysis of Hybrid Systems 5. Linear hybrid automata I Prof. Dr. Erika Ábrahám Informatik 2 - LuFG Theory of Hybrid Systems RWTH Aachen University Szeged, Hungary, 27 September - 06 October
More informationModeling and Analysis of Hybrid Systems Linear hybrid automata I Prof. Dr. Erika Ábrahám Informatik 2 - LuFG Theory of Hybrid Systems RWTH Aachen University Szeged, Hungary, 27 September - 06 October 2017
More informationThe L Machines are very high-level, in two senses:
What is a Computer? State of the machine. CMPSCI 630: Programming Languages An Abstract Machine for Control Spring 2009 (with thanks to Robert Harper) Internal registers, memory, etc. Initial and final
More informationReasoning About Imperative Programs. COS 441 Slides 10b
Reasoning About Imperative Programs COS 441 Slides 10b Last time Hoare Logic: { P } C { Q } Agenda If P is true in the initial state s. And C in state s evaluates to s. Then Q must be true in s. Program
More informationAxiomatic Semantics: Verification Conditions. Review of Soundness of Axiomatic Semantics. Questions? Announcements
Axiomatic Semantics: Verification Conditions Meeting 18, CSCI 5535, Spring 2010 Announcements Homework 6 is due tonight Today s forum: papers on automated testing using symbolic execution Anyone looking
More informationChapter 3 Deterministic planning
Chapter 3 Deterministic planning In this chapter we describe a number of algorithms for solving the historically most important and most basic type of planning problem. Two rather strong simplifying assumptions
More informationHoare Examples & Proof Theory. COS 441 Slides 11
Hoare Examples & Proof Theory COS 441 Slides 11 The last several lectures: Agenda Denotational semantics of formulae in Haskell Reasoning using Hoare Logic This lecture: Exercises A further introduction
More informationAssignment 4. CSci 3110: Introduction to Algorithms. Sample Solutions
Assignment 4 CSci 3110: Introduction to Algorithms Sample Solutions Question 1 Denote the points by p 1, p 2,..., p n, ordered by increasing x-coordinates. We start with a few observations about the structure
More informationVerification of Recursive Programs. Andreas Podelski February 8, 2012
Verification of Recursive Programs Andreas Podelski February 8, 2012 1 m(x) = x 10 if x > 100 m(m(x + 11)) if x 100 2 procedure m(x) returns (res) `0: if x>100 `1: res:=x-10 else `2: x m := x+11 `3: res
More informationWhat happens to the value of the expression x + y every time we execute this loop? while x>0 do ( y := y+z ; x := x:= x z )
Starter Questions Feel free to discuss these with your neighbour: Consider two states s 1 and s 2 such that s 1, x := x + 1 s 2 If predicate P (x = y + 1) is true for s 2 then what does that tell us about
More informationCSC D70: Compiler Optimization Static Single Assignment (SSA)
CSC D70: Compiler Optimization Static Single Assignment (SSA) Prof. Gennady Pekhimenko University of Toronto Winter 08 The content of this lecture is adapted from the lectures of Todd Mowry and Phillip
More informationLoop Invariants and Binary Search. Chapter 4.4, 5.1
Loop Invariants and Binary Search Chapter 4.4, 5.1 Outline Iterative Algorithms, Assertions and Proofs of Correctness Binary Search: A Case Study Outline Iterative Algorithms, Assertions and Proofs of
More information2 Ralph J. R. Back, Qiwen. Xu systems with respect to total correctness. Reactive renement of action systems was investigated by Back [4] basing on th
Acta Informatica Manuscript-Nr. (will be inserted by hand later) Renement of fair action systems Ralph J. R. Back?, Qiwen. Xu?? Department of Computer Science, Abo Akademi, Lemminkainenkatu 14, SF-20520
More informationProgramming Languages and Compilers (CS 421)
Programming Languages and Compilers (CS 421) Sasa Misailovic 4110 SC, UIUC https://courses.engr.illinois.edu/cs421/fa2017/cs421a Based in part on slides by Mattox Beckman, as updated by Vikram Adve, Gul
More informationLecture Notes: Axiomatic Semantics and Hoare-style Verification
Lecture Notes: Axiomatic Semantics and Hoare-style Verification 17-355/17-665/17-819O: Program Analysis (Spring 2018) Claire Le Goues and Jonathan Aldrich clegoues@cs.cmu.edu, aldrich@cs.cmu.edu It has
More informationDesign of Distributed Systems Melinda Tóth, Zoltán Horváth
Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/1-2011-0052
More informationIn this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and
In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows how a program can sometimes be systematically constructed
More informationConstraint Solving for Program Verification: Theory and Practice by Example
Constraint Solving for Program Verification: Theory and Practice by Example Andrey Rybalchenko Technische Universität München Abstract. Program verification relies on the construction of auxiliary assertions
More informationLogic: Bottom-up & Top-down proof procedures
Logic: Bottom-up & Top-down proof procedures Alan Mackworth UBC CS 322 Logic 3 March 4, 2013 P & M Textbook 5.2 Lecture Overview Recap: Soundness, Completeness, Bottom-up proof procedure Bottom-up Proof
More informationCompleteness for FOL
Completeness for FOL Overview Adding Witnessing Constants The Henkin Theory The Elimination Theorem The Henkin Construction Lemma 12 This lemma assures us that our construction of M h works for the atomic
More informationDecentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication
Decentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication Stavros Tripakis Abstract We introduce problems of decentralized control with communication, where we explicitly
More informationTIMED automata, introduced by Alur and Dill in [3], have
1 Language Inclusion Checking of Timed Automata with Non-Zenoness Xinyu Wang, Jun Sun, Ting Wang, and Shengchao Qin Abstract Given a timed automaton P modeling an implementation and a timed automaton S
More informationSoundness and Completeness of Axiomatic Semantics
#1 Soundness and Completeness of Axiomatic Semantics #2 One-Slide Summary A system of axiomatic semantics is sound if everything we can prove is also true: if ` { A } c { B } then ² { A } c { B } We prove
More informationComputing Static Single Assignment (SSA) Form
Computing Static Single Assignment (SSA) Form Overview What is SSA? Advantages of SSA over use-def chains Flavors of SSA Dominance frontiers revisited Inserting φ-nodes Renaming the variables Translating
More informationCS558 Programming Languages
CS558 Programming Languages Winter 2017 Lecture 2b Andrew Tolmach Portland State University 1994-2017 Semantics Informal vs. Formal Informal semantics Descriptions in English (or other natural language)
More informationTHE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600/COMP6260 (Formal Methods for Software Engineering)
THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester 2016 COMP2600/COMP6260 (Formal Methods for Software Engineering) Writing Period: 3 hours duration Study Period: 15 minutes duration Permitted Materials:
More informationA Short Introduction to Hoare Logic
A Short Introduction to Hoare Logic Supratik Chakraborty I.I.T. Bombay June 23, 2008 Supratik Chakraborty (I.I.T. Bombay) A Short Introduction to Hoare Logic June 23, 2008 1 / 34 Motivation Assertion checking
More informationAxiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE
Axiomatic Semantics Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE 6341 1 Outline Introduction What are axiomatic semantics? First-order logic & assertions about states Results (triples)
More informationAutomatic Verification of Parameterized Data Structures
Automatic Verification of Parameterized Data Structures Jyotirmoy V. Deshmukh, E. Allen Emerson and Prateek Gupta The University of Texas at Austin The University of Texas at Austin 1 Outline Motivation
More informationConstraint Solving for Program Verification: Theory and Practice by Example
Constraint Solving for Program Verification: Theory and Practice by Example Andrey Rybalchenko Technische Universität München Abstract. Program verification relies on the construction of auxiliary assertions
More informationNotes. Corneliu Popeea. May 3, 2013
Notes Corneliu Popeea May 3, 2013 1 Propositional logic Syntax We rely on a set of atomic propositions, AP, containing atoms like p, q. A propositional logic formula φ Formula is then defined by the following
More informationCS357: CTL Model Checking (two lectures worth) David Dill
CS357: CTL Model Checking (two lectures worth) David Dill 1 CTL CTL = Computation Tree Logic It is a propositional temporal logic temporal logic extended to properties of events over time. CTL is a branching
More informationProgram verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program
Program verification Assertional semantics of a program Meaning of a program: relation between its inputs and outputs; specified by input assertions (pre-conditions) and output assertions (post-conditions)
More informationCoinductive big-step semantics and Hoare logics for nontermination
Coinductive big-step semantics and Hoare logics for nontermination Tarmo Uustalu, Inst of Cybernetics, Tallinn joint work with Keiko Nakata COST Rich Models Toolkit meeting, Madrid, 17 18 October 2013
More informationSpace-aware data flow analysis
Space-aware data flow analysis C. Bernardeschi, G. Lettieri, L. Martini, P. Masci Dip. di Ingegneria dell Informazione, Università di Pisa, Via Diotisalvi 2, 56126 Pisa, Italy {cinzia,g.lettieri,luca.martini,paolo.masci}@iet.unipi.it
More informationContext Free Grammars: Introduction. Context Free Grammars: Simplifying CFGs
Context Free Grammars: Introduction CFGs are more powerful than RGs because of the following 2 properties: 1. Recursion Rule is recursive if it is of the form X w 1 Y w 2, where Y w 3 Xw 4 and w 1, w 2,
More informationDecision Procedures. Jochen Hoenicke. Software Engineering Albert-Ludwigs-University Freiburg. Winter Term 2016/17
Decision Procedures Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg Winter Term 2016/17 Jochen Hoenicke (Software Engineering) Decision Procedures Winter Term 2016/17 1 / 436 Program
More informationProgram Analysis Part I : Sequential Programs
Program Analysis Part I : Sequential Programs IN5170/IN9170 Models of concurrency Program Analysis, lecture 5 Fall 2018 26. 9. 2018 2 / 44 Program correctness Is my program correct? Central question for
More informationEDA045F: Program Analysis LECTURE 10: TYPES 1. Christoph Reichenbach
EDA045F: Program Analysis LECTURE 10: TYPES 1 Christoph Reichenbach In the last lecture... Performance Counters Challenges in Dynamic Performance Analysis Taint Analysis Binary Instrumentation 2 / 44 Types
More informationClasses and conversions
Classes and conversions Regular expressions Syntax: r = ε a r r r + r r Semantics: The language L r of a regular expression r is inductively defined as follows: L =, L ε = {ε}, L a = a L r r = L r L r
More informationAverage Case Analysis of Marking Algorithms
Average Case Analysis of Marking Algorithms D.S. Hirschberg and L.L. Larmore University of California, Irvine California State University, Dominguez Hills Abstract. The Lindstrom marking algorithm uses
More informationDenotational Semantics
5 Denotational Semantics In the operational approach, we were interested in how a program is executed. This is contrary to the denotational approach, where we are merely interested in the effect of executing
More informationAn Alternative To The Iteration Operator Of. Propositional Dynamic Logic. Marcos Alexandre Castilho 1. IRIT - Universite Paul Sabatier and
An Alternative To The Iteration Operator Of Propositional Dynamic Logic Marcos Alexandre Castilho 1 IRIT - Universite Paul abatier and UFPR - Universidade Federal do Parana (Brazil) Andreas Herzig IRIT
More informationArtificial Intelligence. Non-deterministic state model. Model for non-deterministic problems. Solutions. Blai Bonet
Artificial Intelligence Blai Bonet Non-deterministic state model Universidad Simón Boĺıvar, Caracas, Venezuela Model for non-deterministic problems Solutions State models with non-deterministic actions
More informationFormal Specification and Verification. Specifications
Formal Specification and Verification Specifications Imprecise specifications can cause serious problems downstream Lots of interpretations even with technicaloriented natural language The value returned
More information1 First-order logic. 1 Syntax of first-order logic. 2 Semantics of first-order logic. 3 First-order logic queries. 2 First-order query evaluation
Knowledge Bases and Databases Part 1: First-Order Queries Diego Calvanese Faculty of Computer Science Master of Science in Computer Science A.Y. 2007/2008 Overview of Part 1: First-order queries 1 First-order
More informationCentral Algorithmic Techniques. Iterative Algorithms
Central Algorithmic Techniques Iterative Algorithms Code Representation of an Algorithm class InsertionSortAlgorithm extends SortAlgorithm { void sort(int a[]) throws Exception { for (int i = 1; i < a.length;
More informationModels of Computation. by Costas Busch, LSU
Models of Computation by Costas Busch, LSU 1 Computation CPU memory 2 temporary memory input memory CPU output memory Program memory 3 Example: f ( x) x 3 temporary memory input memory Program memory compute
More informationTopics on Compilers
Assignment 2 4541.775 Topics on Compilers Sample Solution 1. Test for dependences on S. Write down the subscripts. Which positions are separable, which are coupled? Which dependence test would you apply
More informationFormal Methods in Software Engineering
Formal Methods in Software Engineering An Introduction to Model-Based Analyis and Testing Vesal Vojdani Department of Computer Science University of Tartu Fall 2014 Vesal Vojdani (University of Tartu)
More informationAxiomatic Semantics. Lecture 9 CS 565 2/12/08
Axiomatic Semantics Lecture 9 CS 565 2/12/08 Axiomatic Semantics Operational semantics describes the meaning of programs in terms of the execution steps taken by an abstract machine Denotational semantics
More informationDeductive Verification
Deductive Verification Mooly Sagiv Slides from Zvonimir Rakamaric First-Order Logic A formal notation for mathematics, with expressions involving Propositional symbols Predicates Functions and constant
More informationHoare Logic: Reasoning About Imperative Programs
Hoare Logic: Reasoning About Imperative Programs COMP1600 / COMP6260 Dirk Pattinson Australian National University Semester 2, 2017 Catch Up / Drop in Lab When Fridays, 15.00-17.00 Where N335, CSIT Building
More informationPredicative Semantics of Loops Theodore S. Norvell Faculty of Engineering Memorial University of Newfoundland St. John's NF A1B 3X5 Canada
Predicative Semantics of Loops Theodore S. Norvell Faculty of Engineering Memorial University of Newfoundland St. John's NF A1B 3X5 Canada theo@engr.mun.ca www.engr.mun.ca/theo/ Abstract A predicative
More informationNote: In any grammar here, the meaning and usage of P (productions) is equivalent to R (rules).
Note: In any grammar here, the meaning and usage of P (productions) is equivalent to R (rules). 1a) G = ({R, S, T}, {0,1}, P, S) where P is: S R0R R R0R1R R1R0R T T 0T ε (S generates the first 0. R generates
More informationOverview. I Review of natural deduction. I Soundness and completeness. I Semantics of propositional formulas. I Soundness proof. I Completeness proof.
Overview I Review of natural deduction. I Soundness and completeness. I Semantics of propositional formulas. I Soundness proof. I Completeness proof. Propositional formulas Grammar: ::= p j (:) j ( ^ )
More informationCS156: The Calculus of Computation
Page 1 of 61 CS156: The Calculus of Computation Zohar Manna Winter 2010 Chapter 5: Program Correctness: Mechanics Page 2 of 61 Program A: LinearSearch with function specification @pre 0 l u < a @post rv
More informationTemporal logics and explicit-state model checking. Pierre Wolper Université de Liège
Temporal logics and explicit-state model checking Pierre Wolper Université de Liège 1 Topics to be covered Introducing explicit-state model checking Finite automata on infinite words Temporal Logics and
More informationIntroduction to Metalogic
Philosophy 135 Spring 2008 Tony Martin Introduction to Metalogic 1 The semantics of sentential logic. The language L of sentential logic. Symbols of L: Remarks: (i) sentence letters p 0, p 1, p 2,... (ii)
More informationMechanics of Static Analysis
Escuela 03 III / 1 Mechanics of Static Analysis David Schmidt Kansas State University www.cis.ksu.edu/~schmidt Escuela 03 III / 2 Outline 1. Small-step semantics: trace generation 2. State generation and
More informationLecture Notes on Inductive Definitions
Lecture Notes on Inductive Definitions 15-312: Foundations of Programming Languages Frank Pfenning Lecture 2 August 28, 2003 These supplementary notes review the notion of an inductive definition and give
More informationINDEPENDENCE OF THE CONTINUUM HYPOTHESIS
INDEPENDENCE OF THE CONTINUUM HYPOTHESIS CAPSTONE MATT LUTHER 1 INDEPENDENCE OF THE CONTINUUM HYPOTHESIS 2 1. Introduction This paper will summarize many of the ideas from logic and set theory that are
More informationPrinciples of AI Planning
Principles of 5. Planning as search: progression and regression Malte Helmert and Bernhard Nebel Albert-Ludwigs-Universität Freiburg May 4th, 2010 Planning as (classical) search Introduction Classification
More informationNested Interpolants. Matthias Heizmann Jochen Hoenicke Andreas Podelski. Abstract. 1. Introduction. University of Freiburg, Germany
c ACM 2010. This is the author s version of the work. t is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Principles of Programming
More informationDiscrete Wiskunde II. Lecture 5: Shortest Paths & Spanning Trees
, 2009 Lecture 5: Shortest Paths & Spanning Trees University of Twente m.uetz@utwente.nl wwwhome.math.utwente.nl/~uetzm/dw/ Shortest Path Problem "#$%&'%()*%"()$#+,&- Given directed "#$%&'()*+,%+('-*.#/'01234564'.*,'7+"-%/8',&'5"4'84%#3
More informationProgram Verification Using Separation Logic
Program Verification Using Separation Logic Cristiano Calcagno Adapted from material by Dino Distefano Lecture 1 Goal of the course Study Separation Logic having automatic verification in mind Learn how
More informationThe algorithmic analysis of hybrid system
The algorithmic analysis of hybrid system Authors: R.Alur, C. Courcoubetis etc. Course teacher: Prof. Ugo Buy Xin Li, Huiyong Xiao Nov. 13, 2002 Summary What s a hybrid system? Definition of Hybrid Automaton
More informationLecture Notes on Invariants for Arbitrary Loops
15-414: Bug Catching: Automated Program Verification Lecture Notes on Invariants for Arbitrary Loops Matt Fredrikson Ruben Martins Carnegie Mellon University Lecture 5 1 Introduction The previous lecture
More informationModels of Computation,
Models of Computation, 2010 1 Induction We use a lot of inductive techniques in this course, both to give definitions and to prove facts about our semantics So, it s worth taking a little while to set
More informationMODEL-CHECKING IN DENSE REAL-TIME SHANT HARUTUNIAN
MODEL-CHECKING IN DENSE REAL-TIME SHANT HARUTUNIAN 1. Introduction These slides are for a talk based on the paper Model-Checking in Dense Real- Time, by Rajeev Alur, Costas Courcoubetis, and David Dill.
More informationSpring 2015 Program Analysis and Verification. Lecture 4: Axiomatic Semantics I. Roman Manevich Ben-Gurion University
Spring 2015 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University Agenda Basic concepts of correctness Axiomatic semantics (pages 175-183) Hoare Logic
More informationHoare Logic (I): Axiomatic Semantics and Program Correctness
Hoare Logic (I): Axiomatic Semantics and Program Correctness (Based on [Apt and Olderog 1991; Gries 1981; Hoare 1969; Kleymann 1999; Sethi 199]) Yih-Kuen Tsay Dept. of Information Management National Taiwan
More information7 RC Simulates RA. Lemma: For every RA expression E(A 1... A k ) there exists a DRC formula F with F V (F ) = {A 1,..., A k } and
7 RC Simulates RA. We now show that DRC (and hence TRC) is at least as expressive as RA. That is, given an RA expression E that mentions at most C, there is an equivalent DRC expression E that mentions
More informationSpring 2016 Program Analysis and Verification. Lecture 3: Axiomatic Semantics I. Roman Manevich Ben-Gurion University
Spring 2016 Program Analysis and Verification Lecture 3: Axiomatic Semantics I Roman Manevich Ben-Gurion University Warm-up exercises 1. Define program state: 2. Define structural semantics configurations:
More informationDecidable Subsets of CCS
Decidable Subsets of CCS based on the paper with the same title by Christensen, Hirshfeld and Moller from 1994 Sven Dziadek Abstract Process algebra is a very interesting framework for describing and analyzing
More informationPetri nets. s 1 s 2. s 3 s 4. directed arcs.
Petri nets Petri nets Petri nets are a basic model of parallel and distributed systems (named after Carl Adam Petri). The basic idea is to describe state changes in a system with transitions. @ @R s 1
More informationProgramming Languages
CSE 230: Winter 2008 Principles of Programming Languages Lecture 6: Axiomatic Semantics Deriv. Rules for Hoare Logic `{A} c {B} Rules for each language construct ` {A} c 1 {B} ` {B} c 2 {C} ` {A} skip
More informationPredicates and Predicate Transformers for. Systems 1. Ratnesh Kumar. Department of Electrical Engineering. University of Kentucky
Predicates and Predicate Transformers for Supervisory Control of Discrete Event Dynamical Systems 1 Ratnesh Kumar Department of Electrical Engineering University of Kentucy Lexington, KY 40506-0046 Vijay
More informationFrom Liveness to Promptness
From Liveness to Promptness Orna Kupferman Hebrew University Nir Piterman EPFL Moshe Y. Vardi Rice University Abstract Liveness temporal properties state that something good eventually happens, e.g., every
More informationVerifying Java-KE Programs
Verifying Java-KE Programs A Small Case Study Arnd Poetzsch-Heffter July 22, 2014 Abstract This report investigates the specification and verification of a simple list class. The example was designed such
More informationAutomata-based Verification - III
COMP30172: Advanced Algorithms Automata-based Verification - III Howard Barringer Room KB2.20: email: howard.barringer@manchester.ac.uk March 2009 Third Topic Infinite Word Automata Motivation Büchi Automata
More informationRoy L. Crole. Operational Semantics Abstract Machines and Correctness. University of Leicester, UK
Midlands Graduate School, University of Birmingham, April 2008 1 Operational Semantics Abstract Machines and Correctness Roy L. Crole University of Leicester, UK Midlands Graduate School, University of
More informationFinite Universes. L is a fixed-length language if it has length n for some
Finite Universes Finite Universes When the universe is finite (e.g., the interval 0, 2 1 ), all objects can be encoded by words of the same length. A language L has length n 0 if L =, or every word of
More informationComputational Models - Lecture 5 1
Computational Models - Lecture 5 1 Handout Mode Iftach Haitner and Yishay Mansour. Tel Aviv University. April 10/22, 2013 1 Based on frames by Benny Chor, Tel Aviv University, modifying frames by Maurice
More informationFoundations of Computation
The Australian National University Semester 2, 2018 Research School of Computer Science Tutorial 6 Dirk Pattinson Foundations of Computation The tutorial contains a number of exercises designed for the
More informationTrees. A tree is a graph which is. (a) Connected and. (b) has no cycles (acyclic).
Trees A tree is a graph which is (a) Connected and (b) has no cycles (acyclic). 1 Lemma 1 Let the components of G be C 1, C 2,..., C r, Suppose e = (u, v) / E, u C i, v C j. (a) i = j ω(g + e) = ω(g).
More informationSpring 2015 Program Analysis and Verification. Lecture 6: Axiomatic Semantics III. Roman Manevich Ben-Gurion University
Spring 2015 Program Analysis and Verification Lecture 6: Axiomatic Semantics III Roman Manevich Ben-Gurion University Tentative syllabus Semantics Static Analysis Abstract Interpretation fundamentals Analysis
More informationTop Down Design. Gunnar Gotshalks 03-1
Top Down Design 03-1 Top Down Description Top down is also known as step wise refinement and functional decomposition Given an operation, there are only the following three choices for refinement» Sequence
More information