Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
sav07_lecture_3 [2007/03/22 13:25] yuanjianwz |
sav07_lecture_3 [2007/04/18 09:39] (current) kremena.diatchka |
||
---|---|---|---|
Line 56: | Line 56: | ||
assume true = skip (does nothing) | assume true = skip (does nothing) | ||
+ | |||
==== Composing formulas using relation composition ==== | ==== Composing formulas using relation composition ==== | ||
Line 67: | Line 68: | ||
In sequential composition we follow the rule for composition of relations. We want to get again formula with free variables x_0,y_0,x,y. So we need to do renaming. Let x_1,y_1,error_1 be fresh variables. | In sequential composition we follow the rule for composition of relations. We want to get again formula with free variables x_0,y_0,x,y. So we need to do renaming. Let x_1,y_1,error_1 be fresh variables. | ||
- | CR(c1 ; c2) = exists x_1,y_1,error_1. CR(c1)[x:=x_1,y:=y_1,error:=error_1] & CR(c2)[x:=x_1,y:=y_1,error:=error_1] | + | CR(c1 ; c2) = exists x_1,y_1,error_1. CR(c1)[x:=x_1,y:=y_1,error:=error_1] & CR(c2)[x_0:=x_1,y_0:=y_1,error_0:=error_1] |
The base case is | The base case is | ||
Line 96: | Line 97: | ||
We can apply these rules to reduce the size of formulas. | We can apply these rules to reduce the size of formulas. | ||
- | |||
==== Approximation ==== | ==== Approximation ==== | ||
- | If (F -> G) is value, we say that F is stronger than F and we say G is weaker than F. | + | If (F -> G) is valid, we say that F is stronger than G and we say G is weaker than F. |
When a formula would be too complicated, we can instead create a simpler approximate formula. To be sound, if our goal is to prove a property, we need to generate a *larger* relation, which corresponds to a weaker formula describing a relation, and a stronger verification condition. (If we were trying to identify counterexamples, we would do the opposite). | When a formula would be too complicated, we can instead create a simpler approximate formula. To be sound, if our goal is to prove a property, we need to generate a *larger* relation, which corresponds to a weaker formula describing a relation, and a stronger verification condition. (If we were trying to identify counterexamples, we would do the opposite). | ||
Line 138: | Line 138: | ||
+ | ==== Weakest preconditions ==== | ||
+ | While symbolic execution computes formula by going forward along the program syntax tree, [[sav07_lecture_2#weakest_preconditions|weakest precondition]] computes formula by going backward. | ||
+ | \begin{equation*} | ||
+ | wp(r,P) = \{ s_1 \mid \forall s_2. (s_1,s_2) \in r \rightarrow s_2 \in P \} | ||
+ | \end{equation*} | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | ==== Weakest preconditions ==== | ||
- | |||
- | While symbolic execution computes formula by going forward along the program syntax tree, weakest precondition computes formula by going backward. | ||
We know that the weakest precondition holds following conditions for each relation r and sets Q1, Q2: | We know that the weakest precondition holds following conditions for each relation r and sets Q1, Q2: | ||
wp(r, Q1 ∧ Q2) = wp(r,Q1) ∧ wp(r,Q2) | wp(r, Q1 ∧ Q2) = wp(r,Q1) ∧ wp(r,Q2) | ||
Line 159: | Line 155: | ||
wp(Q, c1 ; c2) = wp(wp(Q,c2),c1) | wp(Q, c1 ; c2) = wp(wp(Q,c2),c1) | ||
wp(Q, havoc(x)) = ∀x.Q (or introduce a fresh variable) | wp(Q, havoc(x)) = ∀x.Q (or introduce a fresh variable) | ||
- | How to prove: wp(Q,c1 [] c2) = wp(Q,c1) ∧ wp(Q,c2)? | + | The idea to get : wp(Q,c1 [] c2) = wp(Q,c1) ∧ wp(Q,c2) |
CR(c1 [] c2) = CR(c1) ∨ CR(c2) | CR(c1 [] c2) = CR(c1) ∨ CR(c2) | ||
CR(c1 [] c2) -> error = false (it's valid) | CR(c1 [] c2) -> error = false (it's valid) | ||
Line 214: | Line 210: | ||
Proof: small model theorem. | Proof: small model theorem. | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
==== Small model theorem for Quantifier-Free Presburger Arithmetic (QFPA) ==== | ==== Small model theorem for Quantifier-Free Presburger Arithmetic (QFPA) ==== | ||
- | he idea is to reduce the case, for example: | + | The idea is to reduce the case, for example: |
- | ∃x,y,z.F | + | //∃x,y,z.F// |
reduce to | reduce to | ||
- | ∃x,y,z ≤ M(F).F | + | //∃x≤ M,y≤ M,z ≤ M.F// |
+ | Then we try to figure out the boundary M. | ||
+ | |||
+ | Another example: | ||
+ | //¬t1 < t2// | ||
+ | reduce to | ||
+ | //t2+1≤t1// | ||
+ | |||
+ | How about the not equal ? | ||
+ | |||
+ | //t1≠t2// | ||
+ | can be reduced to | ||
+ | //(t1 < t2 ) ∨ (t2 < t1) => (t1 ≤ t2-1) ∨ (t2 ≤ t1-1)// | ||
First step: transform to disjunctive normal form. | First step: transform to disjunctive normal form. | ||
Line 251: | Line 267: | ||
* [[http://www.cs.nyu.edu/acsys/cvc3/download.html|CVC3]] (successor of CVC Lite) | * [[http://www.cs.nyu.edu/acsys/cvc3/download.html|CVC3]] (successor of CVC Lite) | ||
* [[http://combination.cs.uiowa.edu/smtlib/|SMT-LIB]] Standard for formulas, competition | * [[http://combination.cs.uiowa.edu/smtlib/|SMT-LIB]] Standard for formulas, competition | ||
+ | * [[http://doi.acm.org/10.1145/135226.135233|Omega test]] for conjunctions of integer inequalities | ||
==== Full Presburger arithmetic ==== | ==== Full Presburger arithmetic ==== | ||
Line 269: | Line 285: | ||
* Presburger Arithmetic (PA) bounds: {{papadimitriou81complexityintegerprogramming.pdf}} | * Presburger Arithmetic (PA) bounds: {{papadimitriou81complexityintegerprogramming.pdf}} | ||
* Specializing PA bounds: http://www.lmcs-online.org/ojs/viewarticle.php?id=43&layout=abstract | * Specializing PA bounds: http://www.lmcs-online.org/ojs/viewarticle.php?id=43&layout=abstract | ||
- |