1.43k likes | 1.58k Views
Predicate Transforms II. Software Testing and Verification Lecture Notes 20. Prepared by Stephen M. Thebaut, Ph.D. University of Florida. Predicate Transforms II. Transform rules for while loops : Weakest pre-conditions (wp’s) Weakest liberal pre-conditions (wlp’s)
E N D
Predicate Transforms II Software Testing and Verification Lecture Notes 20 Prepared by Stephen M. Thebaut, Ph.D. University of Florida
Predicate Transforms II • Transform rules for while loops: • Weakest pre-conditions (wp’s) • Weakest liberal pre-conditions (wlp’s) • Relationships between wp’s and wlp’s with loop invariants • Strongest post-conditions (sp’s) • On the power of axiomatic verification and the relative usefulness of predicate transforms (when dealing with loops)
Predicate Transforms II • Transform rules for while loops: • Weakest pre-conditions (wp’s) • Weakest liberal pre-conditions (wlp’s) • Relationships between wp’s and wlp’s with loop invariants • Strongest post-conditions (sp’s) • On the power of axiomatic verification and the relative usefulness of predicate transforms (when dealing with loops)
wp Rule for while_do Statement • In order for the program while b do Sto terminate in state Q, it is necessary that:
wp Rule for while_do Statement • In order for the program while b do Sto terminate in state Q, it is necessary that: 0. b is initially false and Q holds, OR
wp Rule for while_do Statement • In order for the program while b do Sto terminate in state Q, it is necessary that: 0. b is initially false and Q holds, OR 1. b is initially true and after executing S, ¬b and Q hold, OR
wp Rule for while_do Statement • In order for the program while b do Sto terminate in state Q, it is necessary that: 0. b is initially false and Q holds, OR 1. b is initially true and after executing S, ¬b and Q hold, OR 2. b is initially true and after executing S, b is still true, and after executing S a second time, ¬b and Q hold, OR
wp Rule for while_do Statement • In order for the program while b do Sto terminate in state Q, it is necessary that: 0. b is initially false and Q holds, OR 1. b is initially true and after executing S, ¬b and Q hold, OR 2. b is initially true and after executing S, b is still true, and after executing S a second time, ¬b and Q hold, OR . . .
wp Rule for while_do Statement (cont’d) Thus, we can write wp(while b do S, Q) H0V H1 V H2 V… where H0 ¬b Л Q H1 b Л wp(S, ¬b Л Q) H2 b Л wp(S, b Л wp(S, ¬b Л Q)) . . .
wp Rule for while_do Statement (cont’d) Thus, we can write wp(while b do S, Q) H0 V H1 V H2 V… where H0¬b Л Q H1 b Л wp(S, ¬b Л Q) H2 b Л wp(S, b Л wp(S, ¬b Л Q)) . . .
wp Rule for while_do Statement (cont’d) Thus, we can write wp(while b do S, Q) H0 V H1 V H2 V… where H0 ¬b Л Q H1b Л wp(S, ¬b Л Q) H2 b Л wp(S, b Л wp(S, ¬b Л Q)) . . .
wp Rule for while_do Statement (cont’d) Equivalently, we can write wp(while b do S, Q) H0 V H1 V H2 V… where H0 ¬b Л Q H1 b Л wp(S, H0) H2 b Л wp(S, H1) Hi b Л wp(S, Hi-1) … …
wp Rule for while_do Statement (cont’d) Equivalently, we can write wp(while b do S, Q) H0 V H1 V H2 V… where H0 ¬b Л Q H1 b Л wp(S, H0) H2 b Л wp(S, H1) Hi b Л wp(S, Hi-1) … …
wp Rule for while_do Statement (cont’d) Equivalently, we can write wp(while b do S, Q) H0 V H1 V H2 V… where H0 ¬b Л Q H1 b Л wp(S, H0) H2 b Л wp(S, H1) Hi b Л wp(S, Hi-1) … …
Something to think about… • How do these terms compare to the (infinite) set of necessary conditions derived for the while_do ROI?
FLASHBACK to Lecture Notes #18… Something to think about… (cont'd) So, we know that{P} while b do S {Q}will hold if the following conditions hold: Case 0: (P Лb) Q Case 1: {P Л b} S {K1}, (K1 Лb) Q Case 2: {K1Л b} S {K2}, (K2 Лb) Q … Case N: {KN-1 Л b} S {KN}, (KN Лb) Q …
Something to think about… (cont'd) • What is the relationship between wp(while b do S, Q) and an invariant, I, for which initialization, preservation, and finalization hold?
Something to think about… (cont'd) • What is the relationship between wp(while b do S, Q) and an invariant, I, for which initialization, preservation, and finalization hold? We'll come back to this question later...
Example • For what initial values of i, n, and t will the following program terminate with t=xn? while i <= n do t := t*x i := i+1 end_while How about i=1, t=1, and n=2? Can you think of any others? For example... {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Лn=1}? {i=2 Л t=x Лn=5}?
Example (cont’d) • Find the wp of this program with respect to the post-condition {t=xn}. (Attempt to find a regularity in terms that allows a closed-form expression.)
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = H1 b Л wp(S, H0) = = = H2 b Л wp(S, H1) = = =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = = = H2 b Л wp(S, H1) = = =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = = H2 b Л wp(S, H1) = = =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = = H2 b Л wp(S, H1) = = =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = i≤n Л i+1>n Лtx=xn = H2 b Л wp(S, H1) = = =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = i≤n Л i+1>n Лtx=xn = i=n Лt=xn-1 H2 b Л wp(S, H1) = = =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = i≤n Л i+1>n Лtx=xn = i=n Лt=xn-1 H2 b Л wp(S, H1) = i≤n Л wp(S, i=n Лt=xn-1) = =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = i≤n Л i+1>n Лtx=xn = i=n Лt=xn-1 H2 b Л wp(S, H1) = i≤n Л wp(S, i=n Лt=xn-1) = =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = i≤n Л i+1>n Лtx=xn = i=n Лt=xn-1 H2 b Л wp(S, H1) = i≤n Л wp(S, i=n Лt=xn-1) = i≤n Л i+1=n Лtx=xn-1 =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H0 ¬b Л Q = i>n Лt=xn H1 b Л wp(S, H0) = i≤n Л wp(S, i>n Лt=xn) = i≤n Л i+1>n Лtx=xn = i=n Лt=xn-1 H2 b Л wp(S, H1) = i≤n Л wp(S, i=n Лt=xn-1) = i≤n Л i+1=n Лtx=xn-1 = i=n-1 Лt=xn-2
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H3 b Л wp(S, H2) = = = . . . Hk b Л wp(S, Hk-1) = =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H3 b Л wp(S, H2) = i≤n Л wp(S, i=n-1 Лt=xn-2) = = . . . Hk b Л wp(S, Hk-1) = =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H3 b Л wp(S, H2) = i≤n Л wp(S, i=n-1 Лt=xn-2) = = . . . Hk b Л wp(S, Hk-1) = =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H3 b Л wp(S, H2) = i≤n Л wp(S, i=n-1 Лt=xn-2) = i≤n Л i+1=n-1 Лtx=xn-2) = . . . Hk b Л wp(S, Hk-1) = =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H3 b Л wp(S, H2) = i≤n Л wp(S, i=n-1 Лt=xn-2) = i≤n Л i+1=n-1 Лtx=xn-2) = i=n-2 Лt=xn-3 . . . Hk b Л wp(S, Hk-1) = =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H3 b Л wp(S, H2) = i≤n Л wp(S, i=n-1 Лt=xn-2) = i≤n Л i+1=n-1 Лtx=xn-2) = i=n-2 Лt=xn-3 . . . Hk b Л wp(S, Hk-1) = i=n-(k-1) Лt=xn-k =
Example (cont’d) while i <= n do t := t*x i := i+1 end_while H3 b Л wp(S, H2) = i≤n Л wp(S, i=n-1 Лt=xn-2) = i≤n Л i+1=n-1 Лtx=xn-2) = i=n-2 Лt=xn-3 . . . Hk b Л wp(S, Hk-1) = i=n-(k-1) Лt=xn-k = i=n-k+1 Лt=xn-k
Example (cont’d) Thus, we have: H0 = i>n Лt=xn Hk= i=n-k+1 Лt=xn-k (for all k>0)
Example (cont’d) Thus, we have: H0 = i>n Лt=xn Hk= i=n-k+1 Лt=xn-k(for all k>0)
Example (cont’d) Thus, we have: H0 = i>n Лt=xn Hk=i=n-k+1 Лt=xn-k(for all k>0) and since i=n-k+1n-k=i-1
Example (cont’d) Thus, we have: H0 = i>n Лt=xn Hk=i=n-k+1 Лt=xn-k(for all k>0) and since i=n-k+1n-k=i-1 = i≤nЛt=xi-1 (where i≤n for all k>0)
Example (cont’d) Thus, we have: H0 = i>n Лt=xn Hk=i=n-k+1 Лt=xn-k(for all k>0) and since i=n-k+1n-k=i-1 = i≤nЛt=xi-1 (where i≤n for all k>0) Therefore, wp H0 V H1 V H2 V ... = (i>n Лt=xn) V (i≤n Лt=xi-1)
Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}?
Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}?
Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}? (1>(1,2,…) Л1=x(1,2,…)) V (1≤(1,2,…) Л1=x1-1)
Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}? (1>(1,2,…) Л1=x(1,2,…)) V (1≤(1,2,…) Л1=x1-1) √
Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}? √
Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}? √
Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}? (3>1 Лx=x1) V (3≤1 Лx=x3-1) √
Example (cont’d) • So, given that the wp is (i>n Лt=xn) V (i≤nЛt=xi-1) which of the following initial states will result in the program terminating with t=xn? {i=1 Л t=1 Л n≥1}? {i=3 Л t=x Л n=1}? {i=2 Л t=x Л n=5}? (3>1 Лx=x1) V (3≤1 Лx=x3-1) √ √