Marie Farrell Supervisors: Dr Rosemary Monahan & Dr James Power Principles of Programming Research Group

Similar documents
Dynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics

Program verification. 18 October 2017

Program verification using Hoare Logic¹

Programming Languages and Compilers (CS 421)

Hoare Logic and Model Checking

Axiomatic Semantics. Lecture 9 CS 565 2/12/08

Hoare Logic (I): Axiomatic Semantics and Program Correctness

Spring 2015 Program Analysis and Verification. Lecture 4: Axiomatic Semantics I. Roman Manevich Ben-Gurion University

Program verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program

Unifying Theories of Programming

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

Spring 2016 Program Analysis and Verification. Lecture 3: Axiomatic Semantics I. Roman Manevich Ben-Gurion University

Axiomatic Semantics. Semantics of Programming Languages course. Joosep Rõõmusaare

Weakest Precondition Calculus

Deductive Verification

What happens to the value of the expression x + y every time we execute this loop? while x>0 do ( y := y+z ; x := x:= x z )

COP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen

The Assignment Axiom (Hoare)

Hoare Calculus and Predicate Transformers

Probabilistic Guarded Commands Mechanized in HOL

Hoare Logic: Part II

Algebraic Reasoning for Probabilistic Action Systems and While-Loops

Foundations of Computation

Verification Frameworks and Hoare Logic

Floyd-Hoare Style Program Verification

Bilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft)

Reasoning About Imperative Programs. COS 441 Slides 10b

Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

Hoare Logic: Reasoning About Imperative Programs

Lecture 2: Axiomatic semantics

A Humble Introduction to DIJKSTRA S A A DISCIPLINE OF PROGRAMMING

THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600/COMP6260 (Formal Methods for Software Engineering)

Axiomatic semantics. Semantics and Application to Program Verification. Antoine Miné. École normale supérieure, Paris year

CS558 Programming Languages

Softwaretechnik. Lecture 13: Design by Contract. Peter Thiemann University of Freiburg, Germany

Softwaretechnik. Lecture 13: Design by Contract. Peter Thiemann University of Freiburg, Germany

MODELING NONDETERMINISM IN PROGRAM SEMANTICS USING LIFTED BINARY MULTIRELATIONS

Hoare Logic: Reasoning About Imperative Programs

Software Engineering

Proof Rules for Correctness Triples

Proofs of Correctness: Introduction to Axiomatic Verification

Axiomatic Semantics. Operational semantics. Good for. Not good for automatic reasoning about programs

Program Analysis Part I : Sequential Programs

Ralph-Johan Back Michael Butler. Abstract. Product and summation operators for predicate transformers were introduced

Model Theory in the Univalent Foundations

Verification and Validation

Axiomatic Semantics. Hoare s Correctness Triplets Dijkstra s Predicate Transformers

In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and

Boolean Algebra and Propositional Logic

COMP2111 Glossary. Kai Engelhardt. Contents. 1 Symbols. 1 Symbols 1. 2 Hoare Logic 3. 3 Refinement Calculus 5. rational numbers Q, real numbers R.

Boolean Algebra and Propositional Logic

Last Time. Inference Rules

A Short Introduction to Hoare Logic

Lecture 17: Floyd-Hoare Logic for Partial Correctness

A Logic for Information Flow Analysis with an Application to Forward Slicing of Simple Imperative Programs

Axiomatic Semantics: Verification Conditions. Review of Soundness and Completeness of Axiomatic Semantics. Announcements

Axiomatic Semantics: Verification Conditions. Review of Soundness of Axiomatic Semantics. Questions? Announcements

Extending the theory of Owicki and Gries with a logic of progress

A Tutorial Introduction to CSP in Unifying Theories of Programming

Program Construction and Reasoning

Control Predicates Are Better Than Dummy Variables For Reasoning About Program Control

Denotational Semantics of Mobility in Unifying Theories of Programming (UTP)

First Order Logic vs Propositional Logic CS477 Formal Software Dev Methods

Verifying Java-KE Programs

Galois Connections. Roland Backhouse 3rd December, 2002

Decision Procedures. Jochen Hoenicke. Software Engineering Albert-Ludwigs-University Freiburg. Winter Term 2016/17

(La méthode Event-B) Proof. Thanks to Jean-Raymond Abrial. Language of Predicates.

Formal Methods for Java

Static Program Analysis

Chapter 3. Specifications. 3.1 Hoare Triples. An Introduction to Separation Logic c 2011 John C. Reynolds February 3, 2011

Hoare Logic I. Introduction to Deductive Program Verification. Simple Imperative Programming Language. Hoare Logic. Meaning of Hoare Triples

Solutions to exercises for the Hoare logic (based on material written by Mark Staples)

Reasoning by Regression: Pre- and Postdiction Procedures for Logics of Action and Change with Nondeterminism*

UTP by Example: Designs

Spring 2014 Program Analysis and Verification. Lecture 6: Axiomatic Semantics III. Roman Manevich Ben-Gurion University

Universität Augsburg. On Two Dually Nondeterministic Refinement Algebras. Institut für Informatik D Augsburg. Kim Solin

An Institution for Event-B

Introduction. Pedro Cabalar. Department of Computer Science University of Corunna, SPAIN 2013/2014

Mid-Semester Quiz Second Semester, 2012

Logik für Informatiker Logic for computer scientists. Induction

Modeling and Verifying a Temperature Control System using Continuous Action Systems

Spring 2015 Program Analysis and Verification. Lecture 6: Axiomatic Semantics III. Roman Manevich Ben-Gurion University

Modal Logics. Most applications of modal logic require a refined version of basic modal logic.

Deterministic Program The While Program

2 Ralph J. R. Back, Qiwen. Xu systems with respect to total correctness. Reactive renement of action systems was investigated by Back [4] basing on th

Universität Augsburg

Towards a Mechanised Denotational Semantics for Modelica

Formal Methods for Java

Soundness and Completeness of Axiomatic Semantics

On the specification and verification of model transformations

Propositional logic (revision) & semantic entailment. p. 1/34

Probabilistic Action System Trace Semantics

arxiv: v1 [cs.pl] 5 Apr 2017

Computational Logic Fundamentals (of Definite Programs): Syntax and Semantics

Introduction to Axiomatic Semantics

Formal Engineering Technologies for Dependable Software Development

Hoare Calculus for SIMT Programms

CS1021. Why logic? Logic about inference or argument. Start from assumptions or axioms. Make deductions according to rules of reasoning.

1 Introduction. 2 First Order Logic. 3 SPL Syntax. 4 Hoare Logic. 5 Exercises

Transcription:

EXAMINING REFINEMENT: THEORY, TOOLS AND MATHEMATICS Marie Farrell Supervisors: Dr Rosemary Monahan & Dr James Power Principles of Programming Research Group

PROBLEM Different formalisms do not integrate well e.g. Event B only models the specification and its proofs are not easily transferable to other formalisms

PROPOSED SOLUTION Establish a theoretical framework within which refinement steps, and their associated proof obligations, can be shared between different formalisms Hypothesis: the theory of institutions can provide this framework and, we will construct an institution based specification of the Event B formalism

REFINEMENT In software engineering it is common to model systems at different levels of abstraction We can map between these different levels of abstraction in a verifiable way through a process known as refinement

REDUCING NONDETERMINISM Classic example: Converting an NFA to a DFA

THEORIES OF REFINEMENT Main theories developed by Carroll Morgan, Ralph Johan Back and Joseph Morris All three are based on Dijkstra s language of guarded commands and weakest precondition calculus. Morgan takes a very program oriented view whereas Back appears to be much more theoretical with foundations in lattice and category theory. Morris extended Back s work with prescriptions.

MORGAN S REFINEMENT Weakening the precondition Strengthening the postcondition Introducing local variables Renaming local variables Introducing logical constants Eliminating logical constants Expanding the frame Introducing skip Introducing abort Introducing assignment Introducing sequential composition Introducing alternation Introducing iteration

MORGAN S REFINEMENT Introducing alternation

Relations Category BACK S REFINEMENT Predicate Transformer Category State Transformer Category Predicate Category Category of Truth Values

BACK S REFINEMENT Similar rules to Morgan s refinement calculus Example Introduce conditional :

MORRIS REFINEMENT Extended Back s calculus with prescriptions A prescription P Q specifies a mechanism that when executed in a state satisfying P will terminate in a state satisfying Q P and Q are predicates

MORRIS REFINEMENT Given P Q there are 6 ways of choosing s such that P Q s 1. Skip 2. Assignment 3. Prescription 4. If statement 5. Composition 6. Block

GENERAL REFINEMENT Liskov Substitution

GENERAL REFINEMENT 3 main components: 1. Set of entities specifications and implementations 2. Set of contexts the environment with which the entities interact 3. A user formalised by defining the set of observations that can be made when an entity is executed in a given context Example: an entity as a motor, a context as the car in which the motor runs and the user as the driver of the car

SPECIAL THEORIES We can view each special model of refinement as a layer in the grand scheme of things each encompassing a set of entities and a refinement relation This allows us to interpret high level entities as low level entities using a semantic mapping, however, these low level entities cannot interact with the high level ones so the contexts must also be refined

GALOIS CONNECTIONS Mathematically this vertical refinement is a Galois connection between the layers. Given two posets (A, A ) and (B, B ). A Galois connection between these posets consists of two maps f: A B and g: B A, such that for all a є A and b є B, we have a A f(g(a)) f(g(b)) B b

Π -INSTITUTIONS Alternative to institution replacing the notions of model and satisfaction by Tarski s consequence operator Definition: A π-institution is a triple (Sign, φ, {Cn Σ } Σ:Sign ) consisting of 1. A category Sign (of signatures) 2. A functor φ:sign -> Set (set of formulae over each signature) 3. For each object Σ of Sign, a consequence operator Cn Σ defined in the power set of φ(σ) satisfying for each A, B φ(σ) and μ: Σ -> Σ (RQ1) A Cn Σ (A) (Extensiveness) (RQ2) Cn Σ ( Cn Σ (A) ) = Cn Σ (A) (Idempotence) (RQ3) Cn Σ (A) = B A,B finite Cn Σ (B) (Compactness) (RQ4) φ(μ)(cn Σ (A)) Cn Σ (φ(μ)(a)) (Structurality)

TARSKI S CONSEQUENCE OPERATOR Axiom 1: S ℵ 0 Axiom 2: Axiom 3: Axiom 4: If X S, then X Cn X S If X S, then Cn Cn X = Cn(X) If X S, then Cn X = Cn(Y) Y X and Y <ℵ 0 Axiom 5: x S such that Cn x = S

f: A B f x = Cn(x) g: B A g x = Y Y S and X Cn(Y) Both posets are ordered by set theoretic inclusion

EVENT B The Event B formal specification language is used in the verification of safety critical systems Event B models are an instance of the specification

Gluing Invariant

JML JML = Java Modelling Language Specifications are annotations:

REFINEMENT IN JML JML supports refinement as specification inheritance

AIM Establish a theoretical framework within which refinement steps, and their associated proof obligations, can be shared between different formalisms

FUTURE WORK 1. Specify a π -institution for refinement in at least two formalisms 2. Complete refinement case studies in both formalisms 3. Use π-institutions to combine proofs in these formalisms

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback