1 / 11

Software Verification 1 Deductive Verification

Software Verification 1 Deductive Verification. Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik. Plan for today. While-Programs Syntax Semantics denotational: Scott Domains operational: SOS

terrel
Download Presentation

Software Verification 1 Deductive Verification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Software Verification 1Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik

  2. Plan for today • While-Programs • Syntax • Semantics • denotational: Scott Domains • operational: SOS • axiomatic: Hoare Logic

  3. Syntax of while-Programs • Given a (typed) signature =(D, F, R) and a (denumerable) set V of program variables. • (each program variable has a type) • (T is the set of terms in the signature) • for simplicity, assume always R contains equality == • A while-program is defined as follows whileProg ::= skip | V=T| {whileProg; whileProg} | if (FOL-) whileProg else whileProg | while (FOL-) whileProg whereFOL- is a quantifier-free first-order formula over (,V)

  4. Examples • =({int}, {0,%}, {==}), V=(a, b, c) • 1 = while (a==0) {{c = a; a = b%a}; b = c} • 2 = if (0==(a%0)%a) skip else {skip;skip} • =({int}, {0,1,48,+,-,**}, {<,isprim}), V=(n,k) • 3 = if (isprim(n)) n=k • Mersenne = {n=0; k=0; while (k<48) {n++; if (isprim((2**n)-1)) k++}} • Note: in C, “skip” and “else skip” is omitted, and n++ denotes n=n+1

  5. Semantics • What is the “meaning” of such a program? • e.g., 3 = if (isprim(n)) k=n • need a first-order model M: (U,I,V) for (,V) • e.g., U=({zero,one,two,three,...}), I(0)=zero, I(1)=one, ..., I(isprim)={two, three, five,...},V(n)=two, V(k)=zero • Program modifies states (valuations) • V’(n)=two, V’(k)=two • semantics = function from initial to final valuations? • [[3]] = {(two,zero)(two,two), (one,two)(one,two),..., (two,three)(two,two), (one,three)(one,three), ...}

  6. Nonterminating Programs • What is the meaning of the following? • e.g., 5 = if (isprim(n)) while(n==n) skip; • 5: zerozero, oneone, two? • Theory of Scott-Domains • extend every domain with an element # “undefined” • intuitively, # denotes nontermination • 1< 2 if 2 is “more defined” than 1 • 5 < if (n>9isprim(n)) while(n==n) skip;

  7. Denotational Semantics • Given a universe U#=U{#} and interpretation Ifor =(D, F, R), the semantics of a program is a function mapping a program variable valuation into a program variable valuation: • [[]]: VV • [[skip]]=Id, where x(Id(x)==x)) (identity function) • [[v=t]]=Upd(v,t), where Upd(v,t)(V)(v)=tM and Upd(v,t)(V)(w)=wM

  8. Denotational Semantics • [[{1; 2}]]=2(1) (function application) • [[if (b) 1 else 2]](V)=#, if b contains any v s.t. V(v)=#,[[if (b) 1 else 2]](V)= 1, if (U#,I,V)⊨ b[[if (b) 1 else 2]](V)= 2, if (U#,I,V)⊭ b • Define {while (b) }k as follows: • {while (b) }0=skip • {while (b) }k+1={if (b) ; {while(b) }k } • [[while(b) ]]=[[{while(b) }k]], where k is the smallest number for which (U#,I, [[{while(b) }k]](V))⊭ b(or else, [[while(b) ]](V)=#)

  9. Examples • [[if (isprim(n)) k=n]](n=x, k=y) = (x, y+(x-y)*|isprim(x)|) • [[(while (a!=0) {c = a; a = b%a; b = c}]](x,y,z) = (0, gcd(x,y), gcd(x,y))

  10. Structured Operational Semantics • Denotational semantics can be made mathematically sound, but is not “intuitive” • Operations of a “real” machine? • transitions from valuation to valuation • program counter is increased with the program • Abstract representation: • state=(program, valuation) • program means the part which is still to be executed • transition=(state1, state2) • “Meaning” of a program is a (possibly infinite) set of such transitions

  11. SOS-Rules • (v=t, V)(skip, V[v:=t]); • ({skip; },V) (,V) • if (1, V1) (2,V2), then ({1; }, V1) ({2; },V2) • if (U,I,V) ⊨ b, then (if (b) 1 else 2, V) (1,V) • if (U,I,V) ⊭ b, then (if (b) 1 else 2, V) (2,V) • (while (b) , V) ({if (b) {; while (b) }}, V)

More Related