Lecture 5 - Axiomatic semantics
|
|
- Penelope Dixon
- 5 years ago
- Views:
Transcription
1 Program Verification March 2014 Lecture 5 - Axiomatic semantics Lecturer: Noam Rinetzky Scribes by: Nir Hemed 1.1 Axiomatic semantics The development of the theory is contributed to Robert Floyd, C.A.R Hoare, and Edsger W. Dijkstra. Proving program correctness Why proving correctness? we discussed this on previous classes What is correctness? we have a formal definition of correctness w.r.t a formal specification How should this be done? Reasoning at the operational semantics level tedious and cumbersome there is a good chance of making mistakes A better option might be formal reasoning using axiomatic semantics we will formulate a syntactic proof such proofs can be verified by a computer program (i.e. machine checkable) Program correctness concepts Property - a relationship between an initial state and a final state. Partial correctness - properties that hold if a program terminates. Termination - the program always terminates. Total correctness = partial correctness + termination. other correctness conditions exists: on memory, on concurrency (e.g. linearizabilty), etc. Example Factorial S fac y:=1; while (x!=1) do (y:=y*x; x:=x-1) We define a correctness condition: if the statement S fac terminates then the final value of y will be the factorial of the initial value of x. 1
2 2 Using Natural Semantics we would formally write S fac, s s implies that s y = (s x)! A detailed staged proof for this case is given in the slides 1. As the proof shows, in order to prove the correctness condition of the program, in every stage we would have to examine the derivation tree of the statement. We link between pre and post states using the derivation trees. The key point is that such proof is by definition a semantic proof. The problems arising from such proofs may include: 1. proof is very laborious we need to connect all the transitions and argues about relationships between states this is originated from the fact that we are too closely connected to the semantics of the programming language 2. there is no clear methodology to find this proof 3. can we tell if this proof is correct? other than manually examining it? Axiomatic verification approach We ask again: what do we need in order to prove that a program does what it is supposed to do? We need to : Specify the required behaviour Compare the behaviour with the one obtained by the (already familiar) operational semantics Develop a proof system for showing that the program satisfies a requirement Mechanically use the proof system to show correctness The meaning of the program will now be a set of verification rules Assertion based verification (Floyed, 67) The technique was first applied on (annotated) Flow Programs. The basis for the axiomatic approach is being able to deduce out of the syntax of the program and into the domain of, for example, arithmetic. This system handled two problems that exist in computer programs and do not exist in logic sentences: 1. assignments to variables 2. handling of loops this was done by examining paths in the program and identifying cut-points which are points in the program in which a certain inductive assertion is true. 1 The staged proof of S fac using NS is given in Wiley s textbook (Pages )
3 3 a simple path that ends in a cut point allows to formulate inductive, loop-free proofs. Hoare logic C.A.R. Hoare first defined axiomatic semantics (1969). We will now define the semantics of the programming language as a proof system. We aim for a structural programming language. Assertions, a.k.a Hoare triples, are: where: {P } C {Q} P - a pre-condition, is a state predicate (e.g. x > 0). Q - a post-condition, is a state predicate (e.g. x > 1). C - a statement. to be read if P holds in the initial state, and if the execution of C terminates on that state, then Q will hold in the state in which C halts. C is not required to always terminate (e.g. {true} while true do skip {true}) Total correctness is expressed via [P ] C [Q] to be read if P holds in the initial state, the execution of C must terminate on that state, and Q will hold in the state in which C halts.
4 4 Example Factorial - continued. We ask: {?} y:=1; while (x!=1) do (y:=y*x; x:=x-1) {?} Can we say the following? {x > 0} y:=1; while (x!=1) do (y:=y*x; x:=x-1) {y = x!} The answer is no. the value of x in the final assertion is already different from the one in the initial state. A possible solution - using logical variables: {x = n} y:=1; while (x!=1) do (y:=y*x; x:=x-1) {y = n!} Note: a logical variable is not used by the program and is always immutable. Now, using logical variables, we can provide annotations to the program. Here is the factorial example partial correctness proof outline: {x=n} y:=1; {x > 0 = y*x!=n! n x} while (x!=1) do {x - 1> 0 = (y*x)*(x-1)!=n! n (x-1)} y:=y*x; {x - 1> 0 = y*(x-1)!=n! n (x-1)} x:=x-1 {y*x!=n! n 0 x = 1} This proof stands in comparison to the laborious semantic proof. There, we had to break the proof into different views: one for the body of the loop, one for the loop itself and another one for the entire program. In each stage we found a link between an initial and a final state and used that to unroll the loop. We would like to formalise such a relation between properties of initial and final states when using the axiomatic semantics. We do so by introducing the concept of partial correctness. Formalizing partial correctness s = P - assertion P holds in state s Σ - the set of program states - a special undefined state Let us remind how we defined the effect of a statement in natural semantics: { s, if C, s s S ns C s =, otherwise We will use this definition to define partial correctness: {P } C {Q} s, s Σ.(s = P C, s s ) = s = Q
5 5 alternatively: s Σ.(s = P S ns C s ) = S ns C s = Q conventions: P. = P s Σ.s = P = S ns C s = Q Notes: we chose natural semantics since the structure of the derivation trees is similar to what we use in the axiomatic approach. We could have alternatively use structural operational semantics, with a slightly different definition: {P } C {Q} s, s Σ.(s = P C, s = s ) = s = Q alternatively: s Σ.(s = P S sos C s ) = S sos C s = Q conventions: P. = P s Σ.s = P = S sos C s = Q A point to consider: could we have used natural semantics to define total correctness? How can we express predicates? We can choose between two alternatives: 1. Existential approach: Abstract mathematical functions P : State {tt, ff} 2. Intentional approach: Via language of formulae (a language that describes assertions) We choose the second option: An assertion language We will use an assertion language based on first-order-logic language with arithmetic. We do so because propositional logic is not expressive enough to express predicates needed for many proofs. Intuitively, we obtain the language by augmenting Bexp in the following way: Allow quantifiers ( z., z., e.g. z.z = k n) Import well known mathematical concepts (e.g. n! n (n 1) ) We include both program variables and logical variables
6 6 First order logic (reminder) Free/bound variables a variable is said to be bound in a formula when it occurs in the scope of a quantifier. Otherwise it is said to be free. i.k = i m - here i is bound. (i ) ( i.j + i = i + 3) - here i is free only on the first occurrence. We denote the set of free variables of the expression A as F V (A). inductively on the abstract syntax tree of A: F V (A) is defined Substitutions An expression is pure if it does not contain quantifiers (such expression is sometimes called term). A[t/z] denotes the assertion A which is the same as A, except that all instances of the free variable z are replaced by t. Example A i.k = i m A[5/k] = i.5 = i m A[5/i] = A Figure 1.1 shows how to calculate substitutions
7 7 Figure 1.1: calculating substitutions We now return to our formulation of axiomatic semantics; 1.2 Proof rules Proof rules will be used to define the abstract meaning of the program, or, how to prove properties of programs. 1. Assignment rule (backward-style) [ass p ] Note that it is a backward rule. x := a always terminates {P [a/x]} x:=a {P } why is this true? recall that in operational semantics x := a, s s[x A a s]. Here, {P [a/x]} means replacing every occurrence of x in P with a. (Note that a might include x.) For example, if P = 2x < y + 1 and a = x + 3 then P [a/x] = 2(x + 3) < y + 1. Note that for any state s, s = P [a/x] s[x A a s] = P for example {y*z<9} x:=y*z {x<9} 2. Assignment rule (forward-style) Note that it is a forward rule. {P } x:=a { y.p [y/x] x = a[y/x]} In the final state, y will have the value that x had in the initial state. It is considered less elegant from the backwards version as it introduces quantifiers. Backward style proofs have an advantage in the sense that they are outcomedriven - the developer knows what she wants to prove and she is interested in understanding under what circumstances the execution will be correct.
8 8 3. Skip rule [skip p ] {P } skip {P } 4. Composition rule [comp p ] {P } S 1 {Q} {Q} S 2 {R} {P } S 1 ; S 2 {R} Holds when S 1 terminates in every state where P holds and then Q holds and S 2 terminates in every state where Q holds and then R holds. 5. Condition rule [cond p ] {b P } S 1 {Q} { b P } S 2 {Q} {P } if b then S 1 else S 2 {Q} 6. Loop rule [while p ] {b P } S {P } {P } while b do S { b P } Here P is called an invariant of the loop. (a) holds before and after each loop iteration (b) finding loop invariants is the most challenging part of proofs. When the loop finishes, b is false. 7. Rule of Consequence [cons p ] {P } S {Q } {P } S {Q} if P P and Q Q Allows strengthening the precondition and weakening the postcondition. The only rule that is not sensitive to the form of the statement (only the assertions) See the following example: Interference trees {y*z<9}x:=y*z{x<9} {y*z<9 w=5}x:=y*z{x<10} Proofs are written (formally) using inference trees which are similar to the derivation trees that we have seen in natural semantics. 1. The root of the tree is the judgement that we wish to prove. 2. Leaves are instances of axioms 3. Internal nodes correspond to conclusions of instantiated rules and they have corresponding premises as their immediate sons. 4. A tree is called simple if the tree is only an axiom, composite otherwise.
9 9 1.3 Provability We say that an assertion {P } C {Q} is provable if there exists an interference tree, denoted by p {P } C {Q}. Note: interference trees need not be unique; for example, there is always an option to push in consequences. Example Factorial - interference tree proof: Annotated programs inline interference trees into programs a kind of proof carrying code is a streamlined version of interference trees. going from annotated program into proof is a linear time translation Annotating Composition: when handling compositions of the form S 1 ; S 2 ;...; S n 1 instead of writing deep trees we can simply annotate: {P 1 } S 1 {P 2 } S 2... {P n 1 } S n 1 {P n } annotated programs are not considered formal proofs, but they enable building interference trees. annotations can be used on conditions as well as loops (see fig. 1.3) 1.4 Properties of the semantics We are interested in several properties of the axiomatic semantics. 1. Equivalence - What is the analogue of program equivalence in axiomatic verification? 2. Soundness - Can we prove incorrect properties? 3. Completeness - Is there something we can t prove? In general, proofs of properties of the axiomatic semantics use induction on the shape of the interference tree.
10 Provable equivalence Figure 1.2: Using annotations We say that C 1 and C 2 are provably equivalent if for all P and Q p {P } C 2 {Q} p {P } C 2 {Q} for example, S; skip and S or S 1 ; (S 2 ; S 3 ) and (S 1 ; S 2 ); S 3 provable equivalence implies semantic equivalence Valid assertions also called semantically correct. We say that {P } C {Q} is valid if s Σ.(s = P C, s s ) = s = Q Denoted = p {P } C {Q}
11 11 Logical implication and equivalence There is a connection between logical operators and and equivalence. For predicates A, B we write A = B if for all states s Σ if s = A then s = B. {s s = A} {s s = B} for every predicate A: A : false = A = true We write A B if A = B and B = A for example, false 5 = 7 In writing Hoare style proofs, we will often replace a predicate A with A such that A A and A is simpler Soundness and Completeness The interference system is sound The interference system is complete p {P } C {Q} = = p {P } C {Q} = p {P } C {Q} = p {P } C {Q}
Harvard School of Engineering and Applied Sciences CS 152: Programming Languages
Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Lecture 19 Tuesday, April 3, 2018 1 Introduction to axiomatic semantics The idea in axiomatic semantics is to give specifications
More informationAn Annotated Language
Hoare Logic An Annotated Language State and Semantics Expressions are interpreted as functions from states to the corresponding domain of interpretation Operators have the obvious interpretation Free of
More information6. Hoare Logic and Weakest Preconditions
6. Hoare Logic and Weakest Preconditions Program Verification ETH Zurich, Spring Semester 07 Alexander J. Summers 30 Program Correctness There are many notions of correctness properties for a given program
More informationHoare Logic. COMP2600 Formal Methods for Software Engineering. Rajeev Goré
Hoare Logic COMP2600 Formal Methods for Software Engineering Rajeev Goré Australian National University Semester 2, 2016 (Slides courtesy of Ranald Clouston) COMP 2600 Hoare Logic 1 Australian Capital
More informationLectures 20, 21: Axiomatic Semantics
Lectures 20, 21: Axiomatic Semantics Polyvios Pratikakis Computer Science Department, University of Crete Type Systems and Static Analysis Based on slides by George Necula Pratikakis (CSD) Axiomatic Semantics
More informationIntroduction to Axiomatic Semantics
Introduction to Axiomatic Semantics Meeting 10, CSCI 5535, Spring 2009 Announcements Homework 3 due tonight Homework 2 is graded 13 (mean), 14 (median), out of 21 total, but Graduate class: final project
More informationFormal Semantics of Programming Languages
Formal Semantics of Programming Languages Mooly Sagiv Reference: Semantics with Applications Chapter 2 H. Nielson and F. Nielson http://www.daimi.au.dk/~bra8130/wiley_book/wiley.html Benefits of formal
More informationFormal Semantics of Programming Languages
Formal Semantics of Programming Languages Mooly Sagiv Reference: Semantics with Applications Chapter 2 H. Nielson and F. Nielson http://www.daimi.au.dk/~bra8130/wiley_book/wiley.html Benefits of formal
More informationHoare Logic: Proving Programs Correct
Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich Reading: C.A.R. Hoare, An Axiomatic Basis for Computer Programming Some presentation ideas from a lecture
More informationWarm-Up Problem. 1. What is the definition of a Hoare triple satisfying partial correctness? 2. Recall the rule for assignment: x (assignment)
Warm-Up Problem 1 What is the definition of a Hoare triple satisfying partial correctness? 2 Recall the rule for assignment: x (assignment) Why is this the correct rule and not the following rule? x (assignment)
More informationA CRASH COURSE IN SEMANTICS
LAST TIME Recdef More induction NICTA Advanced Course Well founded orders Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 Well founded recursion Calculations: also/finally {P}... {Q}
More informationProgramming Languages Third Edition
Programming Languages Third Edition Chapter 12 Formal Semantics Objectives Become familiar with a sample small language for the purpose of semantic specification Understand operational semantics Understand
More informationIntroduction to Axiomatic Semantics (1/2)
#1 Introduction to Axiomatic Semantics (1/2) How s The Homework Going? Remember that you can t just define a meaning function in terms of itself you must use some fixed point machinery. #2 #3 Observations
More informationIntroduction to Axiomatic Semantics (1/2)
#1 Introduction to Axiomatic Semantics (1/2) How s The Homework Going? Remember: just do the counterexample guided abstraction refinement part of DPLL(T). If you notice any other errors, those are good
More informationThe semantics of a programming language is concerned with the meaning of programs, that is, how programs behave when executed on computers.
Semantics The semantics of a programming language is concerned with the meaning of programs, that is, how programs behave when executed on computers. The semantics of a programming language assigns a precise
More informationProgram Verification. Program Verification 307/434
Program Verification Program Verification 307/434 Outline Introduction: What and Why? Pre- and Postconditions Conditionals while-loops and Total Correctness Arrays Program Verification Introduction 308/434
More informationHoare logic. A proof system for separation logic. Introduction. Separation logic
Introduction Hoare logic Lecture 6: Examples in separation logic In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing separation logic.
More informationPart II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?
Part II. Hoare Logic and Program Verification Part II. Hoare Logic and Program Verification Dilian Gurov Props: Models: Specs: Method: Tool: safety of data manipulation source code logic assertions Hoare
More informationExercises on Semantics of Programming Languages
Technische Universität Wien SS 2014 Fakultät für Informatik Repetition sheet Assist. Prof. Florian Zuleger Tuesday, 8 April 2014 Assist. Prof. Georg Weissenbacher Univ. Prof. Agata Ciabattoni Moritz Sinn,
More informationHoare triples. Floyd-Hoare Logic, Separation Logic
Hoare triples Floyd-Hoare Logic, Separation Logic 1. Floyd-Hoare Logic 1969 Reasoning about control Hoare triples {A} p {B} a Hoare triple partial correctness: if the initial state satisfies assertion
More informationAXIOMS OF AN IMPERATIVE LANGUAGE PARTIAL CORRECTNESS WEAK AND STRONG CONDITIONS. THE AXIOM FOR nop
AXIOMS OF AN IMPERATIVE LANGUAGE We will use the same language, with the same abstract syntax that we used for operational semantics. However, we will only be concerned with the commands, since the language
More informationWarm-Up Problem. Let be a set of well-formed Predicate logic formulas. Let be well-formed Predicate logic formulas. Prove or disprove the following.
Warm-Up Problem Let be a set of well-formed Predicate logic formulas Let be well-formed Predicate logic formulas Prove or disprove the following If then 1/35 Program Verification Carmen Bruni Lecture 18
More informationHoare Logic and Model Checking
Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Introduction In the
More informationChapter 3 (part 3) Describing Syntax and Semantics
Chapter 3 (part 3) Describing Syntax and Semantics Chapter 3 Topics Introduction The General Problem of Describing Syntax Formal Methods of Describing Syntax Attribute Grammars Describing the Meanings
More informationSpecification and Verification I
Title: Lecturer: Class: Specification and Verification I Mike Gordon Computer Science Tripos, Part II Duration: Twelve lectures Specification and Verification I Mike Gordon Overview These lecture notes
More informationHoare Logic and Model Checking. A proof system for Separation logic. Introduction. Separation Logic
Introduction Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that Separation Logic is based on. Kasper Svendsen University of Cambridge CST Part II 2016/17 This lecture
More informationThe Rule of Constancy(Derived Frame Rule)
The Rule of Constancy(Derived Frame Rule) The following derived rule is used on the next slide The rule of constancy {P } C {Q} {P R} C {Q R} where no variable assigned to in C occurs in R Outline of derivation
More informationaxiomatic semantics involving logical rules for deriving relations between preconditions and postconditions.
CS 6110 S18 Lecture 18 Denotational Semantics 1 What is Denotational Semantics? So far we have looked at operational semantics involving rules for state transitions, definitional semantics involving translations
More informationThe exercises and answer for programming language class
The exercises and answer for programming language class Neversay: g9403@cherry.cs.nccu.edu.tw March 14, 2006 Abstract There are exercises and its answer in detail. Please read it carefully. This exercise
More informationChapter 3. Describing Syntax and Semantics ISBN
Chapter 3 Describing Syntax and Semantics ISBN 0-321-49362-1 Chapter 3 Topics Describing the Meanings of Programs: Dynamic Semantics Copyright 2015 Pearson. All rights reserved. 2 Semantics There is no
More informationVerification Condition Generation
Verification Condition Generation Jorge Sousa Pinto Departamento de Informática / Universidade do Minho jsp@di.uminho.pt www.di.uminho.pt/~jsp Outline (1) - From Hoare Logic to VCGen algorithms: an architecture
More informationFrom Hoare Logic to Matching Logic Reachability. Grigore Rosu and Andrei Stefanescu University of Illinois, USA
From Hoare Logic to Matching Logic Reachability Grigore Rosu and Andrei Stefanescu University of Illinois, USA Matching Logic Reachability - Goal - Language independent program verification framework Derives
More informationApplication: Programming Language Semantics
Chapter 8 Application: Programming Language Semantics Prof. Dr. K. Madlener: Specification and Verification in Higher Order Logic 527 Introduction to Programming Language Semantics Programming Language
More informationSemantics. There is no single widely acceptable notation or formalism for describing semantics Operational Semantics
There is no single widely acceptable notation or formalism for describing semantics Operational Describe the meaning of a program by executing its statements on a machine, either simulated or actual. The
More information2 Introduction to operational semantics
2 Introduction to operational semantics This chapter presents the syntax of a programming language, IMP, a small language of while programs. IMP is called an "imperative" language because program execution
More informationInduction and Semantics in Dafny
15-414 Lecture 11 1 Instructor: Matt Fredrikson Induction and Semantics in Dafny TA: Ryan Wagner Encoding the syntax of Imp Recall the abstract syntax of Imp: a AExp ::= n Z x Var a 1 + a 2 b BExp ::=
More informationStatic semantics. Lecture 3-6: Semantics. Attribute grammars (2) Attribute grammars. Attribute grammars example. Dynamic semantics
Lecture 3-6: Semantics Static semantics Attribute grammars Dynamic semantics Denotational semantics: semantic equations Axiomatic semantics: inference rules and correctness proofs Static semantics Semantics
More information1.3. Conditional expressions To express case distinctions like
Introduction Much of the theory developed in the underlying course Logic II can be implemented in a proof assistant. In the present setting this is interesting, since we can then machine extract from a
More informationFormal Semantics of Programming Languages
Formal Semantics of Programming Languages Mooly Sagiv Reference: Semantics with Applications Chapter 2 H. Nielson and F. Nielson http://www.daimi.au.dk/~bra8130/wiley_book/wiley.html Benefits of formal
More informationProgram Analysis: Lecture 02 Page 1 of 32
Program Analysis: Lecture 02 Page 1 of 32 Program Analysis/ Mooly Sagiv Lecture 1, 31/10/2012 Operational Semantics Notes by: Kalev Alpernas As background to the subject of Program Analysis, we will first
More informationSoftwaretechnik. Program verification. Albert-Ludwigs-Universität Freiburg. June 28, Softwaretechnik June 28, / 24
Softwaretechnik Program verification Albert-Ludwigs-Universität Freiburg June 28, 2012 Softwaretechnik June 28, 2012 1 / 24 Road Map Program verification Automatic program verification Programs with loops
More informationFormal Methods. CITS5501 Software Testing and Quality Assurance
Formal Methods CITS5501 Software Testing and Quality Assurance Pressman, R. Software Engineering: A Practitioner s Approach. Chapter 28. McGraw-Hill, 2005 The Science of Programming, David Gries, 1981
More informationChapter 3. Describing Syntax and Semantics
Chapter 3 Describing Syntax and Semantics Chapter 3 Topics Introduction The General Problem of Describing Syntax Formal Methods of Describing Syntax Attribute Grammars Describing the Meanings of Programs:
More informationSoftware Engineering Lecture Notes
Software Engineering Lecture Notes Paul C. Attie August 30, 2013 c Paul C. Attie. All rights reserved. 2 Contents I Hoare Logic 11 1 Propositional Logic 13 1.1 Introduction and Overview..............................
More informationFormal Syntax and Semantics of Programming Languages
Formal Syntax and Semantics of Programming Languages Mooly Sagiv Reference: Semantics with Applications Chapter 2 H. Nielson and F. Nielson http://www.daimi.au.dk/~bra8130/wiley_book/wiley.html The While
More informationProgram Verification. Aarti Gupta
Program Verification Aarti Gupta 1 Agenda Famous bugs Common bugs Testing (from lecture 6) Reasoning about programs Techniques for program verification 2 Famous Bugs The first bug: A moth in a relay (1945)
More informationIntroduction to Denotational Semantics. Class Likes/Dislikes Survey. Dueling Semantics. Denotational Semantics Learning Goals. You re On Jeopardy!
Introduction to Denotational Semantics Class Likes/Dislikes Survey would change [the bijection question] to be one that still tested students' recollection of set theory but that didn't take as much time
More informationCMSC 330: Organization of Programming Languages. Formal Semantics of a Prog. Lang. Specifying Syntax, Semantics
Recall Architecture of Compilers, Interpreters CMSC 330: Organization of Programming Languages Source Scanner Parser Static Analyzer Operational Semantics Intermediate Representation Front End Back End
More informationArguing for program correctness and writing correct programs
Arguing for program correctness and writing correct programs Saying things about states, programs Program state s1: x=4, y=-1.5, A={ me, you, he Assertions about program states x=3 False in s1 (y=x) x>=0
More informationSoftware Quality Assurance
Software Quality Assurance Every week we see new examples of: computer systems error/failure Here are some examples, taken from different industries Airport chaos after computer crash By Vanessa Allen,
More information! Use of formal notations. ! in software system descriptions. ! for a broad range of effects. ! and varying levels of use. !
What Are Formal Methods? David S. Rosenblum ICS 221 Winter 2001! Use of formal notations! first-order logic, state machines, etc.! in software system descriptions! system models, constraints, specifications,
More informationCOMP 507: Computer-Aided Program Design
Fall 2014 April 7, 2015 Goal: Correctness proofs Prove that an algorithm written in an imperative language is correct Induction for algorithmic correctness Induction for functional programs: The program
More informationChapter 2 & 3: Representations & Reasoning Systems (2.2)
Chapter 2 & 3: A Representation & Reasoning System & Using Definite Knowledge Representations & Reasoning Systems (RRS) (2.2) Simplifying Assumptions of the Initial RRS (2.3) Datalog (2.4) Semantics (2.5)
More informationVS 3 : SMT Solvers for Program Verification
VS 3 : SMT Solvers for Program Verification Saurabh Srivastava 1,, Sumit Gulwani 2, and Jeffrey S. Foster 1 1 University of Maryland, College Park, {saurabhs,jfoster}@cs.umd.edu 2 Microsoft Research, Redmond,
More informationOutline. Introduction. 2 Proof of Correctness. 3 Final Notes. Precondition P 1 : Inputs include
Outline Computer Science 331 Correctness of Algorithms Mike Jacobson Department of Computer Science University of Calgary Lectures #2-4 1 What is a? Applications 2 Recursive Algorithms 3 Final Notes Additional
More informationCMSC 330: Organization of Programming Languages
CMSC 330: Organization of Programming Languages Operational Semantics CMSC 330 Summer 2018 1 Formal Semantics of a Prog. Lang. Mathematical description of the meaning of programs written in that language
More informationIntroduction to Denotational Semantics. Brutus Is An Honorable Man. Class Likes/Dislikes Survey. Dueling Semantics
Brutus Is An Honorable Man HW2 will not be due today. Homework X+1 will never be due until after I have returned Homework X to you. Normally this is never an issue, but I was sick yesterday and was hosting
More informationFormal Syntax and Semantics of Programming Languages
Formal Syntax and Semantics of Programming Languages Mooly Sagiv Reference: Semantics with Applications Chapter 2 H. Nielson and F. Nielson http://www.daimi.au.dk/~bra8130/wiley_book/wiley.html axioms
More informationCOSC252: Programming Languages: Semantic Specification. Jeremy Bolton, PhD Adjunct Professor
COSC252: Programming Languages: Semantic Specification Jeremy Bolton, PhD Adjunct Professor Outline I. What happens after syntactic analysis (parsing)? II. Attribute Grammars: bridging the gap III. Semantic
More informationAxiomatic Specification. Al-Said, Apcar, Jerejian
Axiomatic Specification Al-Said, Apcar, Jerejian 1 Axioms: Wffs that can be written down without any reference to any other Wffs. Wffs that are stipulated as unproved premises for the proof of other wffs
More informationAbstract Interpretation
Abstract Interpretation Ranjit Jhala, UC San Diego April 22, 2013 Fundamental Challenge of Program Analysis How to infer (loop) invariants? Fundamental Challenge of Program Analysis Key issue for any analysis
More informationHardware versus software
Logic 1 Hardware versus software 2 In hardware such as chip design or architecture, designs are usually proven to be correct using proof tools In software, a program is very rarely proved correct Why?
More informationChapter 1. Introduction
1 Chapter 1 Introduction An exciting development of the 21st century is that the 20th-century vision of mechanized program verification is finally becoming practical, thanks to 30 years of advances in
More informationOperational Semantics 1 / 13
Operational Semantics 1 / 13 Outline What is semantics? Operational Semantics What is semantics? 2 / 13 What is the meaning of a program? Recall: aspects of a language syntax: the structure of its programs
More informationCITS5501 Software Testing and Quality Assurance Formal methods
CITS5501 Software Testing and Quality Assurance Formal methods Unit coordinator: Arran Stewart May 1, 2018 1 / 49 Sources Pressman, R., Software Engineering: A Practitioner s Approach, McGraw-Hill, 2005
More informationOverview. Probabilistic Programming. Dijkstra s guarded command language: Syntax. Elementary pgcl ingredients. Lecture #4: Probabilistic GCL
Overview Lecture #4: Probabilistic GCL 1 Joost-Pieter Katoen 2 3 Recursion RWTH Lecture Series on 2018 Joost-Pieter Katoen 1/31 Joost-Pieter Katoen 2/31 Dijkstra s guarded command language: Syntax Elementary
More informationGoals: Define the syntax of a simple imperative language Define a semantics using natural deduction 1
Natural Semantics Goals: Define the syntax of a simple imperative language Define a semantics using natural deduction 1 1 Natural deduction is an instance of first-order logic; that is, it is the formal
More informationChapter 3. Describing Syntax and Semantics ISBN
Chapter 3 Describing Syntax and Semantics ISBN 0-321-49362-1 Chapter 3 Topics Introduction The General Problem of Describing Syntax Formal Methods of Describing Syntax Attribute Grammars Describing the
More informationChapter 3. Describing Syntax and Semantics
Chapter 3 Describing Syntax and Semantics Chapter 3 Topics Introduction The General Problem of Describing Syntax Formal Methods of Describing Syntax Attribute Grammars Describing the Meanings of Programs:
More informationOverview. CS389L: Automated Logical Reasoning. Lecture 6: First Order Logic Syntax and Semantics. Constants in First-Order Logic.
Overview CS389L: Automated Logical Reasoning Lecture 6: First Order Logic Syntax and Semantics Işıl Dillig So far: Automated reasoning in propositional logic. Propositional logic is simple and easy to
More informationModule 6. Knowledge Representation and Logic (First Order Logic) Version 2 CSE IIT, Kharagpur
Module 6 Knowledge Representation and Logic (First Order Logic) 6.1 Instructional Objective Students should understand the advantages of first order logic as a knowledge representation language Students
More informationSymbolic Execution and Proof of Properties
Chapter 7 Symbolic Execution and Proof of Properties Symbolic execution builds predicates that characterize the conditions under which execution paths can be taken and the effect of the execution on program
More informationCS2104 Prog. Lang. Concepts
CS2104 Prog. Lang. Concepts Operational Semantics Abhik Roychoudhury Department of Computer Science National University of Singapore Organization An imperative language IMP Formalizing the syntax of IMP
More informationSemantics with Applications 3. More on Operational Semantics
Semantics with Applications 3. More on Operational Semantics Hanne Riis Nielson, Flemming Nielson (thanks to Henrik Pilegaard) [SwA] Hanne Riis Nielson, Flemming Nielson Semantics with Applications: An
More informationBackward Reasoning: Rule for Assignment. Backward Reasoning: Rule for Sequence. Simple Example. Hoare Logic, continued Reasoning About Loops
Backward Reasoning: Rule for Assignment Hoare Logic, continued Reasoning About Loops { wp( x=expression,q) x = expression; { Q Rule: the weakest precondition wp( x=expression,q) is Q with all occurrences
More informationDenotational semantics
1 Denotational semantics 2 What we're doing today We're looking at how to reason about the effect of a program by mapping it into mathematical objects Specifically, answering the question which function
More informationProving Properties on Programs From the Coq Tutorial at ITP 2015
Proving Properties on Programs From the Coq Tutorial at ITP 2015 Reynald Affeldt August 29, 2015 Hoare logic is a proof system to verify imperative programs. It consists of a language of Hoare triples
More information3.4 Deduction and Evaluation: Tools Conditional-Equational Logic
3.4 Deduction and Evaluation: Tools 3.4.1 Conditional-Equational Logic The general definition of a formal specification from above was based on the existence of a precisely defined semantics for the syntax
More informationVerification Conditions. Juan Pablo Galeotti, Alessandra Gorla, Andreas Rau Saarland University, Germany
Verification Conditions Juan Pablo Galeotti, Alessandra Gorla, Andreas Rau Saarland University, Germany 30% projects (10% each) At least 50% threshold for exam admittance Groups of 2 70% final exam (see
More informationAn Evolution of Mathematical Tools
An Evolution of Mathematical Tools From Conceptualization to Formalization Here's what we do when we build a formal model (or do a computation): 0. Identify a collection of objects/events in the real world.
More informationFormal Systems II: Applications
Formal Systems II: Applications Functional Verification of Java Programs: Java Dynamic Logic Bernhard Beckert Mattias Ulbrich SS 2017 KIT INSTITUT FÜR THEORETISCHE INFORMATIK KIT University of the State
More informationComputation Club: Gödel s theorem
Computation Club: Gödel s theorem The big picture mathematicians do a lot of reasoning and write a lot of proofs formal systems try to capture the ideas of reasoning and proof in a purely mechanical set
More informationCS 161 Computer Security
Wagner Spring 2014 CS 161 Computer Security 1/27 Reasoning About Code Often functions make certain assumptions about their arguments, and it is the caller s responsibility to make sure those assumptions
More informationIntroduction to dependent types in Coq
October 24, 2008 basic use of the Coq system In Coq, you can play with simple values and functions. The basic command is called Check, to verify if an expression is well-formed and learn what is its type.
More informationComp 411 Principles of Programming Languages Lecture 7 Meta-interpreters. Corky Cartwright January 26, 2018
Comp 411 Principles of Programming Languages Lecture 7 Meta-interpreters Corky Cartwright January 26, 2018 Denotational Semantics The primary alternative to syntactic semantics is denotational semantics.
More informationCSC313 High Integrity Systems/CSCM13 Critical Systems. CSC313/CSCM13 Chapter 2 1/ 221
CSC313 High Integrity Systems/CSCM13 Critical Systems CSC313/CSCM13 Chapter 2 1/ 221 CSC313 High Integrity Systems/ CSCM13 Critical Systems Course Notes Chapter 2: SPARK Ada Sect. 2 (f) Anton Setzer Dept.
More informationLambda Calculus. Type Systems, Lectures 3. Jevgeni Kabanov Tartu,
Lambda Calculus Type Systems, Lectures 3 Jevgeni Kabanov Tartu, 13.02.2006 PREVIOUSLY ON TYPE SYSTEMS Arithmetical expressions and Booleans Evaluation semantics Normal forms & Values Getting stuck Safety
More informationTheorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214
Theorem proving PVS theorem prover Abhik Roychoudhury National University of Singapore Both specification and implementation can be formalized in a suitable logic. Proof rules for proving statements in
More informationForward Assignment; Strongest Postconditions
3/1 new version Forward Assignment; Strongest Postconditions CS 536: Science of Programming, Spring 2018 A. Why? At times, a forward version of the assignment rule is more appropriate than the backward
More informationCompilation and Program Analysis (#11) : Hoare triples and shape analysis
Compilation and Program Analysis (#11) : Hoare triples and shape analysis Laure Gonnord http://laure.gonnord.org/pro/teaching/capm1.html Laure.Gonnord@ens-lyon.fr Master 1, ENS de Lyon dec 2017 Inspiration
More informationBasic Verification Strategy
ormal Verification Basic Verification Strategy compare behavior to intent System Model of system behavior intent Verifier results Intent Usually, originates with requirements, refined through design and
More informationWarm-Up Problem. Let L be the language consisting of as constant symbols, as a function symbol and as a predicate symbol. Give an interpretation where
Warm-Up Problem Let L be the language consisting of as constant symbols, as a function symbol and as a predicate symbol Give an interpretation where is false Use a finite domain in your interpretation
More informationREQUIREMENTS ANALYSIS. What versus how
REQUIREMENTS ANALYSIS Typical life stages of development: Requirements Specifications Top level design (often called architecture) Detailed design Code and unit test Integration testing Goal now is first
More informationPROGRAM ANALYSIS & SYNTHESIS
Lecture 02 Structural Operational Semantics (SOS) PROGRAM ANALYSIS & SYNTHESIS EranYahav 1 Previously static analysis over-approximation of program behavior abstract interpretation abstraction, transformers,
More informationCIS 500 Software Foundations. Final Exam. May 3, Answer key
CIS 500 Software Foundations Final Exam May 3, 2012 Answer key This exam includes material on the Imp language and the simply-typed lambda calculus. Some of the key definitions are repeated, for easy reference,
More informationSoftwaretechnik. Program verification. Software Engineering Albert-Ludwigs-University Freiburg. June 30, 2011
Softwaretechnik Program verification Software Engineering Albert-Ludwigs-University Freiburg June 30, 2011 (Software Engineering) Softwaretechnik June 30, 2011 1 / 28 Road Map Program verification Automatic
More informationVerifying JML specifications with model fields
Verifying JML specifications with model fields Cees-Bart Breunesse and Erik Poll Department of Computer Science, University of Nijmegen Abstract. The specification language JML (Java Modeling Language)
More informationProof Carrying Code(PCC)
Discussion p./6 Proof Carrying Code(PCC Languaged based security policy instead of OS-based A mechanism to determine with certainity that it is safe execute a program or not Generic architecture for providing
More informationProving the Correctness of Distributed Algorithms using TLA
Proving the Correctness of Distributed Algorithms using TLA Khushboo Kanjani, khush@cs.tamu.edu, Texas A & M University 11 May 2007 Abstract This work is a summary of the Temporal Logic of Actions(TLA)
More informationA short manual for the tool Accumulator
A short manual for the tool Accumulator ZHAO Jianhua State Key Laboratory of Novel Software Technology Dept. of Computer Sci. and Tech. Nanjing University Nanjing, Jiangsu, P.R.China 210093 zhaojh@nju.edu.cn
More information