1 / 19

Understanding Axiomatic Semantics in Programming Languages

Axiomatic semantics, based on formal logic, ensures program correctness. Explore assertions, preconditions, postconditions, and correctness proofs using weakest precondition. Learn about applying axiomatic semantics to assignment statements and sequences. Discover the process of computing weakest preconditions and using axioms or inference rules for correctness proofs in programming languages.

keele
Download Presentation

Understanding Axiomatic Semantics in Programming Languages

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 4Fundamentals(Axiomatic Semantics) Axiomatic Semantics

  2. Outline • Compilers: A review • Syntax specification • BNF (EBNF) • Semantics specification • Static semantics • Attribute grammar • Dynamic semantics • Operational semantics • Denotational semantics • Axiomatic semantics • Lambda Calculus Axiomatic Semantics

  3. References • “Concepts in Programming Languages” by J. Mitchel [textbook] Chapter 4 • “Programming Languages: Principles and Paradigms” by Allan Tucker and R. Noonan, Chapter 3 [Handout] • “Concepts of Programming Languages” by R. Sebesta, 6th Edition, Chapter 3. Axiomatic Semantics

  4. Axiomatic Semantics • Based on formal logic (predicate calculus) • Original purpose: proof correctness of programs. • The logical expressions are called assertions. • An assertion before a statement (a precondition) describes the constraints on the program variables at that point in the program. • An assertion following a statement (a postcondition) describes the new constraints on those variables after execution of the statement. Axiomatic Semantics

  5. Example • We examine assertions from the point of view that preconditions are computed from given postconditions. • Assume all variables are integer. • Postconditions and preconditions are presented in braces. • A simple example: • sum = 2 * x + 1 {sum > 1} • The postcondition is {sum > 1} • One possible precondition is {x > 10} Axiomatic Semantics

  6. Weakest precondition • A weakest precondition is the least restrictive precondition that will guarantee the postcondition. • For example, in the above statement and postcondition, { x > 10 } { x > 50 } { x > 100 } • Are all valid precondition. • The weakest precondition of all preconditions in this case is { x > 10 } Axiomatic Semantics

  7. Correctness proofs • If the Weakest precondition can be computed from the given postconditions for each statement of a language, then correctness proofs can be constructed for programs in that language as follows: • The proof is begun by using the desired result of the program’s execution as the postcondition of the last statement of the program. • This postcondition, along with the last statement, is used to compute the weakest precondition for the last statement. • This precondition is then used as the postcondition for the second last statement. • This process continues until the beginning of the program is reached. Axiomatic Semantics

  8. Correctness proofs • At that point, the precondition of the first statement states the condition under which the program will compute the desired results. • If this condition is implied by the input specification of the program, the program has been verified to be correct. • To use axiomatic semantics for correctness proofs or for formal semantic specifications, either an axiom or an inference rule must be available for each kind of statement in the language. • An axiom is a true logical statement. • An inference rule is a method of inferring the truth of an assertion based on other assertions. Axiomatic Semantics

  9. Axiomatic Semantics: Assignment statement • Let x = E be a general assignment statement and Q be the postcondition. • Then its weakest precondition P, is defined by the axiom P = Qx→E • P is computed as Q with all instances of x replaced by E. Axiomatic Semantics

  10. Example • For example, consider the following statement and postcondition. a = b / 2 - 1 { a < 10} • The weakest precondition is computed by subsituting b/2-1 in the postcondition b / 2 - 1 < 10 b < 22 Axiomatic Semantics

  11. Notations for axiomatic semantics • The usual notations are: {P} S {Q} • Where P is the precondition, Q is the postcondition and S is the statement. • For the assignment statement, the notation is {Qx→E} x = E {Q} Axiomatic Semantics

  12. Example • Compute the precondition for the assignment statement x = 2 * y - 3 { x > 25 } • The weakest precondition is computed as 2 * y -3 > 25 y > 14 Axiomatic Semantics

  13. Example • What about if the left side of the assignment appears in the right side of the assignment? x = x + y - 3 {x > 10} • The weakest precondition is x + y - 3 > 10 y > 13 – x • Has no effect on the process of computing the precondition. Axiomatic Semantics

  14. Axiomatic Semantics: Sequences • The precondition for a sequence of statements cannot be described by an axiom, because the precondition depends on the particular kind of statements in the sequence. • The precondition can only be described with an inference rule. • Let S1 and S2 be adjacent statements. • Assume that S1 and S2 have the following pre/postconditions: {P1} S1 {P2} {P2} S2 {P3} • The inference rule for such two-statement sequence is • The axiomatic semantics of the sequence S1; S2 is Axiomatic Semantics

  15. Axiomatic Semantics: Sequences • The above inference rule states that to get the sequence precondition, the precondition of the second statement is computed. • This new assertion is used as the postcondition of the first statement , which can then be used to compute the precondition of the first statement. • This precondition can be used as the precondition for the whole sequence. Axiomatic Semantics

  16. Example • Assume we have the following sequence of statements: x1 = E1 x2 = E2 • Then we have {P3x2→E2} x2 = E2 {P3} {P3x2→E2}x1→E1 x1 = E1 {P3x2→E2 } • Therefore, the precondition for the sequence x1=E1; x2=E2 with postcondition P3 is {P3x2→E2}x1→E1 Axiomatic Semantics

  17. Example • Consider the following sequence and postcondition: y = 3 * x + 1; x = y + 3; {x < 10} • The precondition for the last assignment statement is y < 7 • Which is used as the postcondition for the first statement. • The precondition for the first statement and the sequence can be now computed. 3 * x + 1 < 7 x < 2 Axiomatic Semantics

  18. Axiomatic Semantics: Selection • The general form of the selection statement is If B then S1 elese S2 • The inference rule is • This rule indicates that selection statements must be proven for both when the condition expression is true and when it is false. • The first logical statement above the line represents the then clause; the second represents the else clause. • We need a precondition P that can be used in the precondition of both the then and else clauses. Axiomatic Semantics

  19. Example • Consider the following selection statement: if ( x > 0 ) y = y - 1 else y = y + 1 • Suppose the postcondition, Q for the selection statement is {y>0} • We can then use the axiom for assignment on the then clause. y = y - 1 { y > 0} This produces {y -1 > 0} or {y > 1}. • It can be used as the P part of the precondition of the then clause • Now, Apply the same axiom for the else clause y = y + 1 { y > 0} which produces y = y + 1 { y > 0} or { y > -1} • Because {y > 1} → {y > -1} • The rule uses {y > 1} for the precondition of the whole selection statement. Axiomatic Semantics

More Related