Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
sav07_lecture_3 [2007/03/22 16:21] yuanjianwz |
sav07_lecture_3 [2007/03/30 21:52] vkuncak |
||
---|---|---|---|
Line 96: | Line 96: | ||
We can apply these rules to reduce the size of formulas. | We can apply these rules to reduce the size of formulas. | ||
- | |||
- | |||
==== Approximation ==== | ==== Approximation ==== | ||
- | If (F -> G) is valid, we say that F is stronger than F and we say G is weaker than F. | + | If (F -> G) is valid, we say that F is stronger than G and we say G is weaker than F. |
When a formula would be too complicated, we can instead create a simpler approximate formula. To be sound, if our goal is to prove a property, we need to generate a *larger* relation, which corresponds to a weaker formula describing a relation, and a stronger verification condition. (If we were trying to identify counterexamples, we would do the opposite). | When a formula would be too complicated, we can instead create a simpler approximate formula. To be sound, if our goal is to prove a property, we need to generate a *larger* relation, which corresponds to a weaker formula describing a relation, and a stronger verification condition. (If we were trying to identify counterexamples, we would do the opposite). | ||
Line 138: | Line 136: | ||
Note: when proving our verification condition, instead of proving that semantics of relation implies error=false, it's same as proving that the formula for set sp(U,r) implies error=false, where U is the universal relation, or, in terms of formulas, computing the strongest postcondition of formula 'true'. | Note: when proving our verification condition, instead of proving that semantics of relation implies error=false, it's same as proving that the formula for set sp(U,r) implies error=false, where U is the universal relation, or, in terms of formulas, computing the strongest postcondition of formula 'true'. | ||
+ | ==== Weakest preconditions ==== | ||
+ | While symbolic execution computes formula by going forward along the program syntax tree, [[sav07_lecture_2#weakest_preconditions|weakest precondition]] computes formula by going backward. | ||
+ | \begin{equation*} | ||
+ | wp(r,P) = \{ s_1 \mid \forall s_2. (s_1,s_2) \in r \rightarrow s_2 \in P \} | ||
+ | \end{equation*} | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | ==== Weakest preconditions ==== | ||
- | |||
- | While symbolic execution computes formula by going forward along the program syntax tree, weakest precondition computes formula by going backward. | ||
We know that the weakest precondition holds following conditions for each relation r and sets Q1, Q2: | We know that the weakest precondition holds following conditions for each relation r and sets Q1, Q2: | ||
wp(r, Q1 ∧ Q2) = wp(r,Q1) ∧ wp(r,Q2) | wp(r, Q1 ∧ Q2) = wp(r,Q1) ∧ wp(r,Q2) | ||
Line 289: | Line 281: | ||
* Presburger Arithmetic (PA) bounds: {{papadimitriou81complexityintegerprogramming.pdf}} | * Presburger Arithmetic (PA) bounds: {{papadimitriou81complexityintegerprogramming.pdf}} | ||
* Specializing PA bounds: http://www.lmcs-online.org/ojs/viewarticle.php?id=43&layout=abstract | * Specializing PA bounds: http://www.lmcs-online.org/ojs/viewarticle.php?id=43&layout=abstract | ||
- |