# Introduction to Axiomatic Semantics

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 Introduction to Axiomatic Semantics Meeting 10, CSCI 5535, Spring 2009 Announcements Homework 3 due tonight Homework 2 is graded 13 (mean), 14 (median), out of 21 total, but Graduate class: final project is what counts, homeworks are to check understanding Most dicult: comparing big-step and contextual for IMP with exceptions Many did not answer the question, rather echoed general comparisons made in class. Both your ideas and the clarity with which they are expressed matter. (like research papers) 2 Questions? Plan for Axiomatic Semantics History and Motivation (last time) Assertions (today) Validity (today) Derivation Rules (today) Soundness (next time) Completeness (next time) 3 4 Axiomatic Semantics A semantics that is appropriate for arguing program correctness One-Slide Summary An axiomatic semantics consists of: A language for stating assertions about programs, Rules for establishing the truth of assertions Some typical kinds of assertions: This program terminates If this program terminates, the variables x and y have the same value throughout the execution of the program The array accesses are within the array bounds Some typical languages of assertions First-order logic Other logics (temporal, linear, pointer-assertion) Special-purpose specification languages (SLIC, Z, Larch) 5 6 1

2 Another Tony Hoare Quote It has been found a serious problem to define these languages [ALGOL, FORTRAN, COBOL] with sufficient rigor to ensure compatibility among all implementations.... one way to achieve this would be to insist that all implementations of the language shall satisfy the axioms and rules of inference which underlie proofs of properties of programs expressed in the language. In effect, this is equivalent to accepting the axioms and rules of inference as the ultimately definitive specification of the meaning of the language. 7 Do you believe this? Would such language specifications be useful to you? 8 Other Applications of Axiomatic Semantics The project of defining and proving everything formally has not succeeded (at least not yet) Proving has not replaced testing and debugging Applications of axiomatic semantics: Proving the correctness of algorithms (or finding bugs) Proving the correctness of hardware descriptions (or finding bugs) extended static checking (e.g., checking array bounds) Proof-carrying code Documentation of programs and interfaces 9 Notation: Assertions Assertions for IMP {A} c {B} with the meaning that: if A holds in state σ and if <c, σ> σ then B holds in σ A is the precondition B is the postcondition For example: { y x } z := x; z := z +1 { y < z } is a valid assertion These are called Hoare triples or Hoare assertions 11 {A} c {B} is a partial correctness assertion. Doesn t imply termination (= it is valid if c diverges) [A] c [B] is a total correctness assertion meaning that If A holds in state σ Then there exists σ such that <c, σ> σ and B holds in state σ Now let us be more formal (you know you want it!) Formalize the language of assertions, A and B Say when an assertion holds in a state Give rules for deriving Hoare triples 12 2

3 The Assertion Language We use first-order predicate logic on top of IMP expressions A ::= true false e 1 = e 2 e 1 e 2 A 1 Æ A 2 A 1 Ç A 2 A 1 A 2 x.a x.a Note that we are somewhat sloppy in mixing logical variables and the program variables All IMP variables implicitly range over integers All IMP boolean expressions are also assertions 13 Semantics of Assertions: Need to assign meanings to our assertions Relation σ A to say that an assertion holds in a given state (= A is true in σ ) This is well-defined when σ is defined on all variables occurring in A The relation is defined inductively on the structure of assertions (surprise!) It relies on the denotational semantics of arithmetic expressions from IMP 14 Formal Definition of Formal Definition of σ true σ e 1 = e 2 σ e 1 e 2 σ A 1 Æ A 2 σ A 1 Ç A 2 σ A 1 A 2 σ x.a σ x.a always σ true always σ e 1 = e 2 e 1 σ = e 2 σ σ e 1 e 2 e 1 σ e 2 σ σ A 1 Æ A 2 σ A 1 and σ A 2 σ A 1 Ç A 2 σ A 1 or σ A 2 σ A 1 A 2 σ A 1 implies σ A 2 σ x.a n Z. σ[x:=n] A σ x.a n Z. σ[x:=n] A Hoare Triple Semantics Now we can define formally the meaning of a partial correctness assertion { A } c { B } σ Σ. σ Σ. (σ A Æ <c,σ> σ ) σ B Deriving Assertions Have a formal mechanism to decide { A } c { B } But it is not satisfactory. Why? and a total correctness assertion [A] c [B] σ Σ. σ A σ Σ. <c,σ> σ Æ σ B or even better yet: (explain this to me!) σ Σ. σ Σ. (σ A Æ <c,σ> σ ) σ B Æ σ Σ. σ A σ Σ. <c,σ> σ

4 Deriving Assertions Have a formal mechanism to decide { A } c { B } But it is not satisfactory Because {A} c {B} is defined in terms of the operational semantics, we practically have to run the program to verify an assertion It is impossible to effectively verify the truth of a x. A assertion (check every integer?) Plan: define a symbolic technique for deriving valid assertions from others that are known to be valid We start with validity of first-order formulas 19 Derivation Rules Propositional Rules Natural deduction style We write A when A can be derived from basic axioms ( A === we can prove A ) The derivation rules for the judgment A are the usual ones from first-order logic with arithmetic 21 A A Æ B ÆI ÆE A Æ B A 1 A ÇI A Ç B 1 A A B I ÇI A Ç B 2 A Æ B ÆE 2 A A Ç B C C C ÇE A B A E 22 First-Order Rules [a/x]a (a is fresh) x.a I x.a [e/x]a substitution: substitute a for x in A [e/x]a I x.a x.a [a/x]a E E Derivation Rules for Hoare Triples Similarly we write {A} c {B} when we can derive the triple using derivation rules There is one derivation rule for each command in the language Plus, the evil rule of consequence A A {A} c {B} B {A } c {B } Guess: Why evil?

5 Derivation Rules for Hoare Logic Derivation Rules for Hoare Logic One rule for each syntactic construct: One rule for each syntactic construct: {A} skip {A} {[e/x]a} x := e {A} {A} skip {A} {[e/x]a} x := e {A} { } c 1 { } { } c 2 { } {A} c 1 ; c 2 {C} {A} c 1 {B} {B} c 2 {C} {A} c 1 ; c 2 {C} { } c 1 { } { } c 2 { } {A} if b then c 1 else c 2 {B} {A Æ b} c 1 {B} {A Æ b} c 2 {B} {A} if b then c 1 else c 2 {B} { } c { } {A} while b do c { } 25 {A Æ b} c {A} {A} while b do c {A Æ b} 26 Alternate Hoare Rules Alternate Hoare Rules For some constructs multiple rules are possible: (Exercise: these rules can be derived from the previous ones using the consequence rules) For some constructs multiple rules are possible: (Exercise: these rules can be derived from the previous ones using the consequence rules) {A} x := e { } (This one is called the forward axiom for assignment) {C} c {A}. {A} while b do c {B} (C is the loop invariant) 27 {A} x := e { x 0.[x 0 /x]a Æ x = [x 0 /x]e} (This one is called the forward axiom for assignment) A Æ b C {C} c {A} A Æ b B {A} while b do c {B} (C is the loop invariant) 28 Example: Assignment Example Verifications (Assuming that x does not appear in e) Prove that {true} x := e { x = e } {true} x := e {x = e} 30 5

6 Example: Assignment (Assuming that x does not appear in e) Prove that {true} x := e { x = e } Assignment Rule: {e = e} x := e {x = e} because [e/x](x = e) e = e Use Assignment + Consequence: true e = e {e = e} x := e {x = e} {true} x := e {x = e} 31 The Assignment Axiom Assignment is undoubtedly the most characteristic feature of programming a digital computer, and one that most clearly distinguishes it from other branches of mathematics. It is surprising therefore that the axiom governing our reasoning about assignment is quite as simple as any to be found in elementary logic. - Tony Hoare Caveats are sometimes needed for languages with aliasing (the strong update problem): If x and y are aliased then { true } x := 5 { x + y = 10} is true 32 For Next Time Homework 4 out tonight due Mon Feb 23 Think about possible projects 33 6

### Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Lecture 19 Tuesday, April 3, 2018 1 Introduction to axiomatic semantics The idea in axiomatic semantics is to give specifications

### 6. Hoare Logic and Weakest Preconditions

6. Hoare Logic and Weakest Preconditions Program Verification ETH Zurich, Spring Semester 07 Alexander J. Summers 30 Program Correctness There are many notions of correctness properties for a given program

### Chapter 3 (part 3) Describing Syntax and Semantics

Chapter 3 (part 3) Describing Syntax and Semantics Chapter 3 Topics Introduction The General Problem of Describing Syntax Formal Methods of Describing Syntax Attribute Grammars Describing the Meanings

### Hoare Logic: Proving Programs Correct

Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich Reading: C.A.R. Hoare, An Axiomatic Basis for Computer Programming Some presentation ideas from a lecture

### Goals: Define the syntax of a simple imperative language Define a semantics using natural deduction 1

Natural Semantics Goals: Define the syntax of a simple imperative language Define a semantics using natural deduction 1 1 Natural deduction is an instance of first-order logic; that is, it is the formal

### The semantics of a programming language is concerned with the meaning of programs, that is, how programs behave when executed on computers.

Semantics The semantics of a programming language is concerned with the meaning of programs, that is, how programs behave when executed on computers. The semantics of a programming language assigns a precise

### Symbolic Execution and Verification Conditions. Review of Verification Conditions. Survey from Homework 4. Time spent: 7.1 hrs (mean), 6 hrs (median)

Symbolic Execution and Verification Conditions Survey from Homework 4 Time spent: 7.1 hrs (mean), 6 hrs (median) Meeting 13, CSCI 5535, Spring 2009 2 Survey from Homework 4 Fun facts about your classmates:

### Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?

Part II. Hoare Logic and Program Verification Part II. Hoare Logic and Program Verification Dilian Gurov Props: Models: Specs: Method: Tool: safety of data manipulation source code logic assertions Hoare

### Automated Theorem Proving and Proof Checking

Automated Theorem Proving and Proof Checking #1 #2 Cunning Theorem-Proving Plan There are full-semester courses on automated deduction; we will elide details. Logic Syntax Theories Satisfiability Procedures

### Operational Semantics. One-Slide Summary. Lecture Outline

Operational Semantics #1 One-Slide Summary Operational semantics are a precise way of specifying how to evaluate a program. A formal semantics tells you what each expression means. Meaning depends on context:

### Abstract Interpretation

Abstract Interpretation Ranjit Jhala, UC San Diego April 22, 2013 Fundamental Challenge of Program Analysis How to infer (loop) invariants? Fundamental Challenge of Program Analysis Key issue for any analysis

### Automated Reasoning. Natural Deduction in First-Order Logic

Automated Reasoning Natural Deduction in First-Order Logic Jacques Fleuriot Automated Reasoning Lecture 4, page 1 Problem Consider the following problem: Every person has a heart. George Bush is a person.

### Formal Verification. Lecture 10

Formal Verification Lecture 10 Formal Verification Formal verification relies on Descriptions of the properties or requirements of interest Descriptions of systems to be analyzed, and rely on underlying

### Software Engineering Lecture Notes

Software Engineering Lecture Notes Paul C. Attie August 30, 2013 c Paul C. Attie. All rights reserved. 2 Contents I Hoare Logic 11 1 Propositional Logic 13 1.1 Introduction and Overview..............................

### Verifying Safety Property of Lustre Programs: Temporal Induction

22c181: Formal Methods in Software Engineering The University of Iowa Spring 2008 Verifying Safety Property of Lustre Programs: Temporal Induction Copyright 2008 Cesare Tinelli. These notes are copyrighted

### Lecture Notes on Memory Layout

Lecture Notes on Memory Layout 15-122: Principles of Imperative Computation Frank Pfenning André Platzer Lecture 11 1 Introduction In order to understand how programs work, we can consider the functions,

### 2 Introduction to operational semantics

2 Introduction to operational semantics This chapter presents the syntax of a programming language, IMP, a small language of while programs. IMP is called an "imperative" language because program execution

### Specification and Verification I

Title: Lecturer: Class: Specification and Verification I Mike Gordon Computer Science Tripos, Part II Duration: Twelve lectures Specification and Verification I Mike Gordon Overview These lecture notes

### Software Security: Vulnerability Analysis

Computer Security Course. Software Security: Vulnerability Analysis Program Verification Program Verification How to prove a program free of buffer overflows? Precondition Postcondition Loop invariants

### Formal Systems II: Applications

Formal Systems II: Applications Functional Verification of Java Programs: Java Dynamic Logic Bernhard Beckert Mattias Ulbrich SS 2017 KIT INSTITUT FÜR THEORETISCHE INFORMATIK KIT University of the State

### How invariants help writing loops Author: Sander Kooijmans Document version: 1.0

How invariants help writing loops Author: Sander Kooijmans Document version: 1.0 Why this document? Did you ever feel frustrated because of a nasty bug in your code? Did you spend hours looking at the

### Section 2.4: Arguments with Quantified Statements

Section 2.4: Arguments with Quantified Statements In this section, we shall generalize the ideas we developed in Section 1.3 to arguments which involve quantified statements. Most of the concepts we shall

### Syntax vs. semantics. Detour: Natural deduction. Syntax vs. semantics (cont d) Syntax = grammatical structure Semantics = underlying meaning

Syntax vs. semantics CMSC 631 Program nalysis and Understanding Spring 2013 Operational Semantics Syntax = grammatical structure Semantics = underlying meaning Sentences in a language can be syntactically

### On Meaning Preservation of a Calculus of Records

On Meaning Preservation of a Calculus of Records Emily Christiansen and Elena Machkasova Computer Science Discipline University of Minnesota, Morris Morris, MN 56267 chri1101, elenam@morris.umn.edu Abstract

### ELEMENTARY NUMBER THEORY AND METHODS OF PROOF

CHAPTER 4 ELEMENTARY NUMBER THEORY AND METHODS OF PROOF Copyright Cengage Learning. All rights reserved. SECTION 4.6 Indirect Argument: Contradiction and Contraposition Copyright Cengage Learning. All

### Chapter 3: Propositional Languages

Chapter 3: Propositional Languages We define here a general notion of a propositional language. We show how to obtain, as specific cases, various languages for propositional classical logic and some non-classical

### Verification and Validation

Cycle Ingénieur 2 ème année Département Informatique Verification and Validation Part IV : Proof-based Verification (I) Burkhart Wolff Département Informatique Université Paris-Sud / Orsay 2013-2014 What

### Chapter 3. Syntax - the form or structure of the expressions, statements, and program units

Syntax - the form or structure of the expressions, statements, and program units Semantics - the meaning of the expressions, statements, and program units Who must use language definitions? 1. Other language

### Chapter 3. Semantics. Topics. Introduction. Introduction. Introduction. Introduction

Topics Chapter 3 Semantics Introduction Static Semantics Attribute Grammars Dynamic Semantics Operational Semantics Axiomatic Semantics Denotational Semantics 2 Introduction Introduction Language implementors

### Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Lecture 21 Tuesday, April 15, 2014 1 Static program analyses For the last few weeks, we have been considering type systems.

### 3.4 Deduction and Evaluation: Tools Conditional-Equational Logic

3.4 Deduction and Evaluation: Tools 3.4.1 Conditional-Equational Logic The general definition of a formal specification from above was based on the existence of a precisely defined semantics for the syntax

### Introduction to Structural Operational Semantics

Introduction to Structural Operational Semantics Patricia ILL School of Computing University of Leeds United Kingdom Roberto ANARA Department of Mathematics University of Parma Italy Copyright c 200 Patricia

### Intro to semantics; Small-step semantics Lecture 1 Tuesday, January 29, 2013

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Lecture 1 Tuesday, January 29, 2013 1 Intro to semantics What is the meaning of a program? When we write a program, we use

### Lecture Outline. COOL operational semantics. Operational Semantics of Cool. Motivation. Lecture 13. Notation. The rules. Evaluation Rules So Far

Lecture Outline Operational Semantics of Cool Lecture 13 COOL operational semantics Motivation Notation The rules Prof. Aiken CS 143 Lecture 13 1 Prof. Aiken CS 143 Lecture 13 2 Motivation We must specify

### Automatic Software Verification

Automatic Software Verification Instructor: Mooly Sagiv TA: Oded Padon Slides from Eran Yahav and the Noun Project, Wikipedia Course Requirements Summarize one lecture 10% one lecture notes 45% homework

### Verifying JML specifications with model fields

Verifying JML specifications with model fields Cees-Bart Breunesse and Erik Poll Department of Computer Science, University of Nijmegen Abstract. The specification language JML (Java Modeling Language)

### Static Analysis in Practice

in Practice 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich 1 Quick Poll Who is familiar and comfortable with design patterns? e.g. what is a Factory and why use it? 2 1 Outline: in Practice

### Having a BLAST with SLAM

Announcements Having a BLAST with SLAM Meetings -, CSCI 7, Fall 00 Moodle problems? Blog problems? Looked at the syllabus on the website? in program analysis Microsoft uses and distributes the Static Driver

### REQUIREMENTS ANALYSIS. What versus how

REQUIREMENTS ANALYSIS Typical life stages of development: Requirements Specifications Top level design (often called architecture) Detailed design Code and unit test Integration testing Goal now is first

### Notes on Principia Mathematica

Notes on Principia Mathematica M. Randall Holmes November 5, 2014 These are my notes toward an interpretation of the Principia Mathematica of Russell and Whitehead (hereinafter PM ). Manners forbid saying

### Hoare Logic and Model Checking

Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Pointers Pointers and

### Introductory logic and sets for Computer scientists

Introductory logic and sets for Computer scientists Nimal Nissanke University of Reading ADDISON WESLEY LONGMAN Harlow, England II Reading, Massachusetts Menlo Park, California New York Don Mills, Ontario

### Logik für Informatiker Logic for computer scientists

Logik für Informatiker for computer scientists WiSe 2011/12 Overview Motivation Why is logic needed in computer science? The LPL book and software Scheinkriterien Why is logic needed in computer science?

### Checking Program Properties with ESC/Java

Checking Program Properties with ESC/Java 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich 1 ESC/Java A checker for Java programs Finds null pointers, array dereferences Checks Hoare logic

### Types for References, Exceptions and Continuations. Review of Subtyping. Γ e:τ τ <:σ Γ e:σ. Annoucements. How s the midterm going?

Types for References, Exceptions and Continuations Annoucements How s the midterm going? Meeting 21, CSCI 5535, Spring 2009 2 One-Slide Summary Review of Subtyping If τ is a subtype of σ then any expression

### Shared Variables and Interference

Illinois Institute of Technology Lecture 24 Shared Variables and Interference CS 536: Science of Programming, Spring 2018 A. Why Parallel programs can coordinate their work using shared variables, but

### Lecture 5: The Halting Problem. Michael Beeson

Lecture 5: The Halting Problem Michael Beeson Historical situation in 1930 The diagonal method appears to offer a way to extend just about any definition of computable. It appeared in the 1920s that it

### Critical Analysis of Computer Science Methodology: Theory

Critical Analysis of Computer Science Methodology: Theory Björn Lisper Dept. of Computer Science and Engineering Mälardalen University bjorn.lisper@mdh.se http://www.idt.mdh.se/ blr/ March 3, 2004 Critical

### Lecture 4. First order logic is a formal notation for mathematics which involves:

0368.4435 Automatic Software Verification April 14, 2015 Lecture 4 Lecturer: Mooly Sagiv Scribe: Nimrod Busany, Yotam Frank Lesson Plan 1. First order logic recap. 2. The SMT decision problem. 3. Basic

### Lecture Notes on Arrays

Lecture Notes on Arrays 15-122: Principles of Imperative Computation July 2, 2013 1 Introduction So far we have seen how to process primitive data like integers in imperative programs. That is useful,

### A Theory of Parallel Computation The π-calculus

A Theory of Parallel Computation The π-calculus Background DFAs, NFAs, pushdown automata, Turing machines... All are mathematical entities that model computation. These abstract systems have concrete,

### Reasoning About Loops Using Vampire

EPiC Series in Computing Volume 38, 2016, Pages 52 62 Proceedings of the 1st and 2nd Vampire Workshops Reasoning About Loops Using Vampire Laura Kovács and Simon Robillard Chalmers University of Technology,

### Denotational Semantics

Denotational Semantics 8 12 lectures for Part II CST 2010/11 Marcelo Fiore Course web page: http://www.cl.cam.ac.uk/teaching/1011/denotsem/ 1 Lecture 1 Introduction 2 What is this course about? General

### Topics in Software Testing

Dependable Software Systems Topics in Software Testing Material drawn from [Beizer, Sommerville] Software Testing Software testing is a critical element of software quality assurance and represents the

### Hoare Logic and Model Checking

Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Introduction In the

### Announcements. Written Assignment 2 due today at 5:00PM. Programming Project 2 due Friday at 11:59PM. Please contact us with questions!

Type-Checking Announcements Written Assignment 2 due today at 5:00PM. Programming Project 2 due Friday at 11:59PM. Please contact us with questions! Stop by office hours! Email the staff list! Ask on Piazza!

### λ calculus is inconsistent

Content Rough timeline COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Toby Murray λ Intro & motivation, getting started [1] Foundations & Principles

### Fundamental Concepts. Chapter 1

Chapter 1 Fundamental Concepts This book is about the mathematical foundations of programming, with a special attention on computing with infinite objects. How can mathematics help in programming? There

### Exercises on Semantics of Programming Languages

Technische Universität Wien SS 2014 Fakultät für Informatik Repetition sheet Assist. Prof. Florian Zuleger Tuesday, 8 April 2014 Assist. Prof. Georg Weissenbacher Univ. Prof. Agata Ciabattoni Moritz Sinn,

### Lecture Notes on Linear Search

Lecture Notes on Linear Search 15-122: Principles of Imperative Computation Frank Pfenning Lecture 5 January 28, 2014 1 Introduction One of the fundamental and recurring problems in computer science is

### Security protocols. Correctness of protocols. Correctness of protocols. II. Logical representation and analysis of protocols.i

Security protocols Logical representation and analysis of protocols.i A security protocol is a set of rules, adhered to by the communication parties in order to ensure achieving various security or privacy

### Chapter 3: Syntax and Semantics. Syntax and Semantics. Syntax Definitions. Matt Evett Dept. Computer Science Eastern Michigan University 1999

Chapter 3: Syntax and Semantics Matt Evett Dept. Computer Science Eastern Michigan University 1999 Syntax and Semantics Syntax - the form or structure of the expressions, statements, and program units

### CS40-S13: Functional Completeness

CS40-S13: Functional Completeness Victor Amelkin victor@cs.ucsb.edu April 12, 2013 In class, we have briefly discussed what functional completeness means and how to prove that a certain system (a set)

### Program Verification (Rosen, Sections 5.5)

Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions & Postconditions Program Verification Assignments Composition Conditionals Loops Proofs about Programs Why study logic?

### CS 3512, Spring Instructor: Doug Dunham. Textbook: James L. Hein, Discrete Structures, Logic, and Computability, 3rd Ed. Jones and Barlett, 2010

CS 3512, Spring 2011 Instructor: Doug Dunham Textbook: James L. Hein, Discrete Structures, Logic, and Computability, 3rd Ed. Jones and Barlett, 2010 Prerequisites: Calc I, CS2511 Rough course outline:

### Propositional Logic Formal Syntax and Semantics. Computability and Logic

Propositional Logic Formal Syntax and Semantics Computability and Logic Syntax and Semantics Syntax: The study of how expressions are structured (think: grammar) Semantics: The study of the relationship

### CS 125 Section #4 RAMs and TMs 9/27/16

CS 125 Section #4 RAMs and TMs 9/27/16 1 RAM A word-ram consists of: A fixed set of instructions P 1,..., P q. Allowed instructions are: Modular arithmetic and integer division on registers; the standard

### Foundations, Reasoning About Algorithms, and Design By Contract CMPSC 122

Foundations, Reasoning About Algorithms, and Design By Contract CMPSC 122 I. Logic 101 In logic, a statement or proposition is a sentence that can either be true or false. A predicate is a sentence in

### Lecture 3: Constructing the Natural Numbers

Math/CS 120: Intro. to Math Professor: Padraic Bartlett Lecture 3: Constructing the Natural Numbers Weeks 3-4 UCSB 2014 When we defined what a proof was in our first set of lectures, we mentioned that

### BI as an Assertion Language for Mutable Data Structures

BI as an Assertion Language for Mutable Data Structures Samin Ishtiaq Peter W. O Hearn Queen Mary & Westfield College, London ABSTRACT Reynolds has developed a logic for reasoning about mutable data structures

### Introduction to CS 270 Math Foundations of CS

Introduction to CS 270 Math Foundations of CS Verification of Computer Systems Jeremy Johnson Drexel University Course Description Emphasizes analytic problem-solving and introduction of mathematical material

### Inferring Invariants in Separation Logic for Imperative List-processing Programs

Inferring Invariants in Separation Logic for Imperative List-processing Programs Stephen Magill Carnegie Mellon University smagill@cs.cmu.edu Aleksandar Nanevski Harvard University aleks@eecs.harvard.edu

### STRUCTURES AND STRATEGIES FOR STATE SPACE SEARCH

Slide 3.1 3 STRUCTURES AND STRATEGIES FOR STATE SPACE SEARCH 3.0 Introduction 3.1 Graph Theory 3.2 Strategies for State Space Search 3.3 Using the State Space to Represent Reasoning with the Predicate

### Having a BLAST with SLAM

Having a BLAST with SLAM Meeting, CSCI 555, Fall 20 Announcements Homework 0 due Sat Questions? Move Tue office hours to -5pm 2 Software Model Checking via Counterexample Guided Abstraction Refinement

### Lecture 4 Searching Arrays

Lecture 4 Searching Arrays 15-122: Principles of Imperative Computation (Spring 2018) Frank Pfenning One of the fundamental and recurring problems in computer science is to find elements in collections,

### Second-Order Type Systems

#1 Second-Order Type Systems Homework 5 Summary Student : 37.9704 Student : 44.4466 ORIGINAL : 50.2442 Student : 50.8275 Student : 50.8633 Student : 50.9181 Student : 52.1347 Student : 52.1633 Student

### Pointers. Chapter 8. Decision Procedures. An Algorithmic Point of View. Revision 1.0

Pointers Chapter 8 Decision Procedures An Algorithmic Point of View D.Kroening O.Strichman Revision 1.0 Outline 1 Introduction Pointers and Their Applications Dynamic Memory Allocation Analysis of Programs

### Context-free Grammars

1 contents of Context-free Grammars Phrase Structure Everyday Grammars for Programming Language Formal Definition of Context-free Grammars Definition of Language Left-to-right Application cfg ects Transforming

### The Typed λ Calculus and Type Inferencing in ML

Notes on Types S. Arun-Kumar Department of Computer Science and Engineering Indian Institute of Technology New Delhi, 110016 email: sak@cse.iitd.ernet.in April 14, 2002 2 Chapter 1 The Typed λ Calculus

### A Partial Correctness Proof for Programs with Decided Specifications

Applied Mathematics & Information Sciences 1(2)(2007), 195-202 An International Journal c 2007 Dixie W Publishing Corporation, U. S. A. A Partial Correctness Proof for Programs with Decided Specifications

### Reading Assignment. Symbolic Evaluation/Execution. Move from Dynamic Analysis to Static Analysis. Move from Dynamic Analysis to Static Analysis

Reading Assignment Symbolic Evaluation/Execution *R.W. Floyd, "Assigning Meaning to Programs, Symposium on Applied Mathematics, 1967, pp. 19-32 (Appeared as volume 19 of Mathematical Aspects of Computer

### THE FOUNDATIONS OF MATHEMATICS

THE FOUNDATIONS OF MATHEMATICS By: Sterling McKay APRIL 21, 2014 LONE STAR - MONTGOMERY Mentor: William R. Brown, MBA Mckay 1 In mathematics, truth is arguably the most essential of its components. Suppose

### Secure Programming I. Steven M. Bellovin September 28,

Secure Programming I Steven M. Bellovin September 28, 2014 1 If our software is buggy, what does that say about its security? Robert H. Morris Steven M. Bellovin September 28, 2014 2 The Heart of the Problem

### Deductive Verification in Frama-C and SPARK2014: Past, Present and Future

Deductive Verification in Frama-C and SPARK2014: Past, Present and Future Claude Marché (Inria & Université Paris-Saclay) OSIS, Frama-C & SPARK day, May 30th, 2017 1 / 31 Outline Why this joint Frama-C

### Knowledge Sharing Among Heterogeneous Agents

Knowledge Sharing Among Heterogeneous Agents John F. Sowa VivoMind Research, LLC 29 July 2013 Facts of Life: Diversity and Heterogeneity Open-ended variety of systems connected to the Internet: The great

### Semantics. A. Demers Jan This material is primarily from Ch. 2 of the text. We present an imperative

CS411 Notes 1: IMP and Large Step Operational Semantics A. Demers 23-25 Jan 2001 This material is primarily from Ch. 2 of the text. We present an imperative language called IMP; wegive a formal definition

### MergeSort, Recurrences, Asymptotic Analysis Scribe: Michael P. Kim Date: September 28, 2016 Edited by Ofir Geri

CS161, Lecture 2 MergeSort, Recurrences, Asymptotic Analysis Scribe: Michael P. Kim Date: September 28, 2016 Edited by Ofir Geri 1 Introduction Today, we will introduce a fundamental algorithm design paradigm,

### Advances in Programming Languages

T O Y H Advances in Programming Languages APL4: JML The Java Modeling Language David Aspinall (slides originally by Ian Stark) School of Informatics The University of Edinburgh Thursday 21 January 2010

### Analysis of Software Artifacts

Analysis of Software Artifacts Properties with ESC/Java Jonathan Aldrich 1 ESC/Java A checker for Java programs Finds null pointers, array dereferences Checks Hoare logic specifications Expressed in Java

### Chapter 27 Formal Specification

Chapter 27 Formal Specification Chapter 27 Formal Specification Slide 1 Objectives To explain why formal specification helps discover problems in system requirements. To describe the use of: Algebraic

### Having a BLAST with SLAM

Having a BLAST with SLAM # #2 Topic: Software Model Checking via Counter-Example Guided Abstraction Refinement There are easily two dozen SLAM/BLAST/MAGIC papers; I will skim. #3 SLAM Overview INPUT: Program

### III. Check if the divisors add up to the number. Now we may consider each of these tasks separately, assuming the others will be taken care of

Top-Down Design 1 Top-Down Design: A solution method where the problem is broken down into smaller sub-problems, which in turn are broken down into smaller subproblems, continuing until each sub-problem

### CS323 Lecture: Language Evaluation Criteria Last revised 1/6/09

CS323 Lecture: Language Evaluation Criteria Last revised 1/6/09 Objectives: 1. To consider criteria for evaluating programming languages. Introduction A. The design and evaluation of programming languages

### Scope and Introduction to Functional Languages. Review and Finish Scoping. Announcements. Assignment 3 due Thu at 11:55pm. Website has SML resources

Scope and Introduction to Functional Languages Prof. Evan Chang Meeting 7, CSCI 3155, Fall 2009 Announcements Assignment 3 due Thu at 11:55pm Submit in pairs Website has SML resources Text: Harper, Programming

### More Lambda Calculus and Intro to Type Systems

More Lambda Calculus and Intro to Type Systems Plan Heavy Class Participation Thus, wake up! Lambda Calculus How is it related to real life? Encodings Fixed points Type Systems Overview Static, Dyamic

### Programming with Math and Logic

.. Programming with Math and Logic an invitation to functional programming Ed Morehouse Wesleyan University The Plan why fp? terms types interfaces The What and Why of Functional Programming Computing

### Dynamic Programming Algorithms

CSC 364S Notes University of Toronto, Fall 2003 Dynamic Programming Algorithms The setting is as follows. We wish to find a solution to a given problem which optimizes some quantity Q of interest; for

### MergeSort, Recurrences, Asymptotic Analysis Scribe: Michael P. Kim Date: April 1, 2015

CS161, Lecture 2 MergeSort, Recurrences, Asymptotic Analysis Scribe: Michael P. Kim Date: April 1, 2015 1 Introduction Today, we will introduce a fundamental algorithm design paradigm, Divide-And-Conquer,