CS558 Programming Languages

Similar documents
What happens to the value of the expression x + y every time we execute this loop? while x>0 do ( y := y+z ; x := x:= x z )

Hoare Logic and Model Checking

Axiomatic Semantics. Lecture 9 CS 565 2/12/08

Dynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics

Programming Languages and Compilers (CS 421)

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

Program Analysis Part I : Sequential Programs

Axiomatic Semantics. Semantics of Programming Languages course. Joosep Rõõmusaare

Hoare Examples & Proof Theory. COS 441 Slides 11

A Short Introduction to Hoare Logic

Hoare Logic: Part II

Lecture 2: Axiomatic semantics

COP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen

Program verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program

Program verification. 18 October 2017

Hoare Logic: Reasoning About Imperative Programs

Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE

Spring 2015 Program Analysis and Verification. Lecture 4: Axiomatic Semantics I. Roman Manevich Ben-Gurion University

Axiomatic Semantics. Operational semantics. Good for. Not good for automatic reasoning about programs

Hoare Logic: Reasoning About Imperative Programs

Reasoning About Imperative Programs. COS 441 Slides 10b

Foundations of Computation

Spring 2016 Program Analysis and Verification. Lecture 3: Axiomatic Semantics I. Roman Manevich Ben-Gurion University

CSC 7101: Programming Language Structures 1. Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11.

Proofs of Correctness: Introduction to Axiomatic Verification

The Assignment Axiom (Hoare)

Solutions to exercises for the Hoare logic (based on material written by Mark Staples)

Axiomatic Semantics: Verification Conditions. Review of Soundness of Axiomatic Semantics. Questions? Announcements

Axiomatic Semantics: Verification Conditions. Review of Soundness and Completeness of Axiomatic Semantics. Announcements

EDA045F: Program Analysis LECTURE 10: TYPES 1. Christoph Reichenbach

Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions

Last Time. Inference Rules

Weakest Precondition Calculus

Axiomatic Semantics. Hoare s Correctness Triplets Dijkstra s Predicate Transformers

Deductive Verification

Program verification using Hoare Logic¹

Floyd-Hoare Style Program Verification

Proof Rules for Correctness Triples

First Order Logic vs Propositional Logic CS477 Formal Software Dev Methods

Introduction to Axiomatic Semantics

Soundness and Completeness of Axiomatic Semantics

Hoare Calculus and Predicate Transformers

Hoare Logic (I): Axiomatic Semantics and Program Correctness

Control Predicates Are Better Than Dummy Variables For Reasoning About Program Control

Learning Goals of CS245 Logic and Computation

First Order Logic: Syntax and Semantics

Programming Languages

In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and

Lecture 17: Floyd-Hoare Logic for Partial Correctness

Hoare Logic I. Introduction to Deductive Program Verification. Simple Imperative Programming Language. Hoare Logic. Meaning of Hoare Triples

SOME SMALL EXAMPLES OF FORMAL VERIFICATION

Spring 2014 Program Analysis and Verification. Lecture 6: Axiomatic Semantics III. Roman Manevich Ben-Gurion University

Formal Specification and Verification. Specifications

Formal Reasoning CSE 331. Lecture 2 Formal Reasoning. Announcements. Formalization and Reasoning. Software Design and Implementation

CSE 331 Winter 2018 Reasoning About Code I

Proof Calculus for Partial Correctness

Bilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft)

Logic. Propositional Logic: Syntax. Wffs

INDUCTIVE DEFINITION

Logic. Propositional Logic: Syntax

CSE 331 Winter 2018 Homework 1

Program Analysis and Verification

Spring 2015 Program Analysis and Verification. Lecture 6: Axiomatic Semantics III. Roman Manevich Ben-Gurion University

Propositional Logic: Syntax

Loop Convergence. CS 536: Science of Programming, Fall 2018

Verifying Properties of Parallel Programs: An Axiomatic Approach

Axiomatic semantics. Semantics and Application to Program Verification. Antoine Miné. École normale supérieure, Paris year

Dynamic Noninterference Analysis Using Context Sensitive Static Analyses. Gurvan Le Guernic July 14, 2007

Computer Science and State Machines

Verification Frameworks and Hoare Logic

Lecture Notes on Compositional Reasoning

COMP2111 Glossary. Kai Engelhardt. Contents. 1 Symbols. 1 Symbols 1. 2 Hoare Logic 3. 3 Refinement Calculus 5. rational numbers Q, real numbers R.

Unifying Theories of Programming

Marie Farrell Supervisors: Dr Rosemary Monahan & Dr James Power Principles of Programming Research Group

Decision Procedures. Jochen Hoenicke. Software Engineering Albert-Ludwigs-University Freiburg. Winter Term 2016/17

Axiomatic Verification II

Predicate Logic. Predicates. Math 173 February 9, 2010

COSE212: Programming Languages. Lecture 1 Inductive Definitions (1)

Software Engineering

COMP219: Artificial Intelligence. Lecture 19: Logic for KR

COMP219: Artificial Intelligence. Lecture 19: Logic for KR

Limits of Computability

23.1 Gödel Numberings and Diagonalization

Today s Lecture. Lecture 4: Formal SE. Some Important Points. Formal Software Engineering. Introduction to Formal Software Engineering

CS1021. Why logic? Logic about inference or argument. Start from assumptions or axioms. Make deductions according to rules of reasoning.

Probabilistic Guarded Commands Mechanized in HOL

Problem Sheet 1: Axiomatic Semantics

Chapter 11: Automated Proof Systems (1)

ASYMPTOTIC COMPLEXITY SEARCHING/SORTING

Softwaretechnik. Lecture 13: Design by Contract. Peter Thiemann University of Freiburg, Germany

Introduction to Metalogic

Truth-Functional Logic

(La méthode Event-B) Proof. Thanks to Jean-Raymond Abrial. Language of Predicates.

Lecture Notes on Invariants for Arbitrary Loops

CS 6110 Lecture 21 The Fixed-Point Theorem 8 March 2013 Lecturer: Andrew Myers. 1 Complete partial orders (CPOs) 2 Least fixed points of functions

CIS (More Propositional Calculus - 6 points)

THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600 (Formal Methods for Software Engineering)

Overview. Knowledge-Based Agents. Introduction. COMP219: Artificial Intelligence. Lecture 19: Logic for KR

Supplementary Notes on Inductive Definitions

What are the recursion theoretic properties of a set of axioms? Understanding a paper by William Craig Armando B. Matos

Transcription:

CS558 Programming Languages Winter 2017 Lecture 2b Andrew Tolmach Portland State University 1994-2017

Semantics Informal vs. Formal Informal semantics Descriptions in English (or other natural language) Usually structured around grammar Imprecise, incomplete, inconsistent!

Example: FORTRAN-II DO loops Consider DO 100 I = 10,9,1... 100 CONTINUE How many times is body executed? That depends! http://www.eah-jena.de/~kleine/history/languages/c28-6054-4_7090_fortranii.pdf

Experimental semantics (Does anyone write documentation anymore?) What does this language feature mean? Write a program, run it, and see! Implementation becomes standard of correctness Requires reasoning from particular cases to general specification Wholly non-portable, and subject to accidental change

Semantics from Interpreters In homework, we re building definitional interpreters for toy languages illustrating different PL constructs Our main goal is to study the interpreter code to understand implementation issues associated with each construct Interpreter also serves as semantic definition for each language Defines meaning of language in terms of meaning of Scala (Of course, requires knowing Scala s semantics too) Since interpreters are executable, can also use for experimental semantics

Axiomatic Semantics Interpreters give a kind of operational semantics for imperative statements (= commands) In axiomatic semantics, we give a logical interpretation to statements The state of an imperative program is defined by the values of all its variables We characterize a state by giving a logical predicate (or assertion) that is satisfied by the state s values We define the semantics of statements by saying how they affect arbitrary predicates Structured programming leads to simple axiomatic semantics!

Triples involving Assertions This Hoare triple claims that { P } S { Q } if precondition P is true before the execution of S then postcondition Q is true after the execution of S, if S terminates (triple doesn t say anything if S doesn t terminate) Example: {y 3} x := y + 1 {x 4 } precondition postcondition This triple s claim happens to be true!

Examples of triples Not all of these triples claim true things! {x + y = c} while x > 0 do y := y + 1; x := x - 1 end {x + y = c} { y = 2 } x := y + 1 { x = 4 } { y = 2 } x := y + z { x = 4 } { True } x := 10 { x = 10 } { False } x := 10 { x = 20 } X X

Axioms and Rules of Inference How do we distinguish true triples from false ones? Who s to say which ones are true? It all depends on semantics of statements! For a suitably structured language, we can give a fixed set of axioms and rules of inference, one for each kind of statement True triples are those that can be logically deduced from these axioms and rules Of course, axioms and rules should capture what we want the statements to mean, and they need to be as strong as possible

{ P [E/x] } x := E { P } ASSIGNMENT AXIOM where P [E/x] means P with all instances of x replaced by E. This axiom may seem backwards at first, but it makes sense if we start from the postcondition. For example, if we want to show x 4 after the execution of x := y + 1 then the necessary precondition is y +1 4, i.e.,y 3.

Conditional Rule MORE RULES FOR STATEMENTS { P E } S 1 { Q }, { P E } S 2 { Q } ------------------------------------------ { P } if E then S 1 else S 2 endif { Q } Composition Rule { P } S 1 { Q }, { Q } S 2 { R } ------------------------------- { P } S 1 ; S 2 { R } While Rule { P E } S { P } -------------------------------- { P } while E do S { P E }

BOOKKEEPING RULES Consequence Rule P P, { P } S { Q }, Q Q ------------------------------------ { P } S { Q } Here P Q means that P implies Q, i.e., Q is true whenever P is true, i.e. P is false or Q is true. Hence we always have False Q for any Q!

PROOF TREE EXAMPLE -----------------(ASSIGN) -----------------(ASSIGN) {x + y +1=c +1} {x 1+y = c} y := y+1 x := x-1 {x + y = c +1} {x + y = c} ---------------------(CONSEQ) ----------------(CONSEQ) {x + y = c x!= 0} {x + y = c +1} y := y+1 x := x-1 {x + y = c +1} {x + y = c} ---------------------------------------------------------(COMP) {x + y = c x!= 0} y := y+1; x := x-1 {x + y = c} ----------------------------------------------------------(WHILE) {x + y = c} while x!= 0 do y := y+1; x := x-1 end {x + y = c x!= 0} --------------------------------------------------------(CONSEQ) {x = c y =0 } while x!= 0 do y := y+1; x := x-1 end {y = c}

Annotated Program Example Proof trees can get unwieldy fast. Common alternative is to annotate programs with assertions/assumptions. {x = c y =0} {x + y = c} while x!= 0 do {x + y = c x!= 0} {x + y +1=c +1} y := y + 1; {x + y = c +1} {x 1+y = c} x := x - 1 {x + y = c} end {x + y = c x!= 0} {y = c} Can obtain proof tree from annotate program Must check that annotations are consistent with each other and with rules/axioms.

Pros and cons of axiomatic semantics Gives a very clean semantics for structured statements But things get more complicated if we add features like expressions with side-effects statements that break out of loops procedures non-trivial data structures and aliases [See remainder of Gordon notes for more details]

Applying Axiomatic semantics Axiomatic viewpoint is very useful basis for formal proofs about program behavior These are rarely done by hand But there are beginning to be genuinely useful tools that support automated proof e.g. Dafny (http://rise4fun.com/dafny/tutorial) Thinking in terms of assertions is good for informal reasoning too Other styles of semantics use similar forms of rules

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback