1 / 141

Predicate Transforms II

Predicate Transforms II. Software Testing and Verification Lecture Notes 20. Prepared by Stephen M. Thebaut, Ph.D. University of Florida. Predicate Transforms II. Transform rules for while loops : Weakest pre-conditions (wp’s) Weakest liberal pre-conditions (wlp’s)

dagan
Download Presentation

Predicate Transforms II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Predicate Transforms II Software Testing and Verification Lecture Notes 20 Prepared by Stephen M. Thebaut, Ph.D. University of Florida

  2. Predicate Transforms II • Transform rules for while loops: • Weakest pre-conditions (wp’s) • Weakest liberal pre-conditions (wlp’s) • Relationships between wp’s and wlp’s with loop invariants • Strongest post-conditions (sp’s) • On the power of axiomatic verification and the relative usefulness of predicate transforms (when dealing with loops)

  3. Predicate Transforms II • Transform rules for while loops: • Weakest pre-conditions (wp’s) • Weakest liberal pre-conditions (wlp’s) • Relationships between wp’s and wlp’s with loop invariants • Strongest post-conditions (sp’s) • On the power of axiomatic verification and the relative usefulness of predicate transforms (when dealing with loops)

  4. wp Rule for while_do Statement • In order for the program while b do Sto terminate in state Q, it is necessary that:

  5. wp Rule for while_do Statement • In order for the program while b do Sto terminate in state Q, it is necessary that: 0. b is initially false and Q holds, OR

  6. wp Rule for while_do Statement • In order for the program while b do Sto terminate in state Q, it is necessary that: 0. b is initially false and Q holds, OR 1. b is initially true and after executing S, ¬b and Q hold, OR

  7. wp Rule for while_do Statement • In order for the program while b do Sto terminate in state Q, it is necessary that: 0. b is initially false and Q holds, OR 1. b is initially true and after executing S, ¬b and Q hold, OR 2. b is initially true and after executing S, b is still true, and after executing S a second time, ¬b and Q hold, OR

  8. wp Rule for while_do Statement • In order for the program while b do Sto terminate in state Q, it is necessary that: 0. b is initially false and Q holds, OR 1. b is initially true and after executing S, ¬b and Q hold, OR 2. b is initially true and after executing S, b is still true, and after executing S a second time, ¬b and Q hold, OR . . .

  9. wp Rule for while_do Statement (cont’d) Thus, we can write wp(while b do S, Q)  H0V H1 V H2 V… where H0 ¬b Л Q H1 b Л wp(S, ¬b Л Q) H2 b Л wp(S, b Л wp(S, ¬b Л Q)) . . .

  10. wp Rule for while_do Statement (cont’d) Thus, we can write wp(while b do S, Q)  H0 V H1 V H2 V… where H0¬b Л Q H1 b Л wp(S, ¬b Л Q) H2 b Л wp(S, b Л wp(S, ¬b Л Q)) . . .

  11. wp Rule for while_do Statement (cont’d) Thus, we can write wp(while b do S, Q)  H0 V H1 V H2 V… where H0 ¬b Л Q H1b Л wp(S, ¬b Л Q) H2 b Л wp(S, b Л wp(S, ¬b Л Q)) . . .

  12. wp Rule for while_do Statement (cont’d) Equivalently, we can write wp(while b do S, Q) H0 V H1 V H2 V… where H0 ¬b Л Q H1 b Л wp(S, H0) H2 b Л wp(S, H1) Hi b Л wp(S, Hi-1) … …

  13. wp Rule for while_do Statement (cont’d) Equivalently, we can write wp(while b do S, Q) H0 V H1 V H2 V… where H0 ¬b Л Q H1 b Л wp(S, H0) H2 b Л wp(S, H1) Hi b Л wp(S, Hi-1) … …

  14. wp Rule for while_do Statement (cont’d) Equivalently, we can write wp(while b do S, Q) H0 V H1 V H2 V… where H0 ¬b Л Q H1 b Л wp(S, H0) H2 b Л wp(S, H1) Hi b Л wp(S, Hi-1) … …

  15. Something to think about… • How do these terms compare to the (infinite) set of necessary conditions derived for the while_do ROI?

  16. FLASHBACK to Lecture Notes #18… Something to think about… (cont'd) So, we know that{P} while b do S {Q}will hold if the following conditions hold: Case 0: (P Лb) Q Case 1: {P Л b} S {K1}, (K1 Лb)  Q Case 2: {K1Л b} S {K2}, (K2 Лb)  Q … Case N: {KN-1 Л b} S {KN}, (KN Лb)  Q …

  17. Something to think about… (cont'd) • What is the relationship between wp(while b do S, Q) and an invariant, I, for which initialization, preservation, and finalization hold?

  18. Something to think about… (cont'd) • What is the relationship between wp(while b do S, Q) and an invariant, I, for which initialization, preservation, and finalization hold? We'll come back to this question later...

  19. Example • For what initial values of i, n, and t will the following program terminate with t=xn? while i <= n do t := t*x i := i+1 end_while How about i=1, t=1, and n=2? Can you think of any others? For example... {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Лn=1}? {i=2 Л t=x Лn=5}?

  20. Example (cont’d) • Find the wp of this program with respect to the post-condition {t=xn}. (Attempt to find a regularity in terms that allows a closed-form expression.)

  21. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = H1 b Л wp(S, H0) = = = H2 b Л wp(S, H1) = = =

  22. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = = = H2 b Л wp(S, H1) = = =

  23. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = = H2 b Л wp(S, H1) = = =

  24. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = = H2 b Л wp(S, H1) = = =

  25. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = i≤n Л i+1>n Лtx=xn = H2 b Л wp(S, H1) = = =

  26. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = i≤n Л i+1>n Лtx=xn = i=n Лt=xn-1 H2 b Л wp(S, H1) = = =

  27. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = i≤n Л i+1>n Лtx=xn = i=n Лt=xn-1 H2 b Л wp(S, H1) = i≤n Л wp(S, i=n Лt=xn-1) = =

  28. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = i≤n Л i+1>n Лtx=xn = i=n Лt=xn-1 H2 b Л wp(S, H1) = i≤n Л wp(S, i=n Лt=xn-1) = =

  29. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = i≤n Л i+1>n Лtx=xn = i=n Лt=xn-1 H2 b Л wp(S, H1) = i≤n Л wp(S, i=n Лt=xn-1) = i≤n Л i+1=n Лtx=xn-1 =

  30. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = i≤n Л i+1>n Лtx=xn = i=n Лt=xn-1 H2 b Л wp(S, H1) = i≤n Л wp(S, i=n Лt=xn-1) = i≤n Л i+1=n Лtx=xn-1 = i=n-1 Лt=xn-2

  31. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H3 b Л wp(S, H2) = = = . . . Hk b Л wp(S, Hk-1) = =

  32. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H3 b Л wp(S, H2) = i≤n Л wp(S, i=n-1 Лt=xn-2) = = . . . Hk b Л wp(S, Hk-1) = =

  33. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H3 b Л wp(S, H2) = i≤n Л wp(S, i=n-1 Лt=xn-2) = = . . . Hk b Л wp(S, Hk-1) = =

  34. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H3 b Л wp(S, H2) = i≤n Л wp(S, i=n-1 Лt=xn-2) = i≤n Л i+1=n-1 Лtx=xn-2) = . . . Hk b Л wp(S, Hk-1) = =

  35. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H3 b Л wp(S, H2) = i≤n Л wp(S, i=n-1 Лt=xn-2) = i≤n Л i+1=n-1 Лtx=xn-2) = i=n-2 Лt=xn-3 . . . Hk b Л wp(S, Hk-1) = =

  36. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H3 b Л wp(S, H2) = i≤n Л wp(S, i=n-1 Лt=xn-2) = i≤n Л i+1=n-1 Лtx=xn-2) = i=n-2 Лt=xn-3 . . . Hk b Л wp(S, Hk-1) = i=n-(k-1) Лt=xn-k =

  37. Example (cont’d) while i <= n do t := t*x i := i+1 end_while H3 b Л wp(S, H2) = i≤n Л wp(S, i=n-1 Лt=xn-2) = i≤n Л i+1=n-1 Лtx=xn-2) = i=n-2 Лt=xn-3 . . . Hk b Л wp(S, Hk-1) = i=n-(k-1) Лt=xn-k = i=n-k+1 Лt=xn-k

  38. Example (cont’d) Thus, we have: H0 = i>n Лt=xn Hk= i=n-k+1 Лt=xn-k (for all k>0)

  39. Example (cont’d) Thus, we have: H0 = i>n Лt=xn Hk= i=n-k+1 Лt=xn-k(for all k>0)

  40. Example (cont’d) Thus, we have: H0 = i>n Лt=xn Hk=i=n-k+1 Лt=xn-k(for all k>0) and since i=n-k+1n-k=i-1

  41. Example (cont’d) Thus, we have: H0 = i>n Лt=xn Hk=i=n-k+1 Лt=xn-k(for all k>0) and since i=n-k+1n-k=i-1 = i≤nЛt=xi-1 (where i≤n for all k>0)

  42. Example (cont’d) Thus, we have: H0 = i>n Лt=xn Hk=i=n-k+1 Лt=xn-k(for all k>0) and since i=n-k+1n-k=i-1 = i≤nЛt=xi-1 (where i≤n for all k>0) Therefore, wp H0 V H1 V H2 V ... = (i>n Лt=xn) V (i≤n Лt=xi-1)

  43. Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}?

  44. Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}?

  45. Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}? (1>(1,2,…) Л1=x(1,2,…)) V (1≤(1,2,…) Л1=x1-1)

  46. Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}? (1>(1,2,…) Л1=x(1,2,…)) V (1≤(1,2,…) Л1=x1-1) √

  47. Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}? √

  48. Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}? √

  49. Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}? (3>1 Лx=x1) V (3≤1 Лx=x3-1) √

  50. Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}? (3>1 Лx=x1) V (3≤1 Лx=x3-1) √ √

More Related