Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
sav07_lecture_3_skeleton [2007/03/20 18:26] wikiadmin |
sav07_lecture_3_skeleton [2007/03/20 21:21] vkuncak |
||
---|---|---|---|
Line 2: | Line 2: | ||
===== Converting programs (with simple values) to formulas ===== | ===== Converting programs (with simple values) to formulas ===== | ||
+ | |||
==== Context ==== | ==== Context ==== | ||
Line 20: | Line 21: | ||
What exactly do we prove about the formula R( c ) ? | What exactly do we prove about the formula R( c ) ? | ||
- | We prove that this formula is **valid** | + | We prove that this formula is **valid**: |
R( c ) -> error=false | R( c ) -> error=false | ||
Line 89: | Line 90: | ||
We can apply these rules to reduce the size of formulas. | We can apply these rules to reduce the size of formulas. | ||
- | ==== Abstraction ==== | ||
- | * for proving properties | + | ==== Approximation ==== |
- | * for finding errors | + | |
+ | If (F -> G) is value, we say that F is stronger than F and we say G is weaker than F. | ||
+ | |||
+ | When a formula would be too complicated, we can instead create a simpler approximate formula. To be sound, if our goal is to prove a property, we need to generate a *larger* relation, which corresponds to a weaker formula describing a relation, and a stronger verification condition. (If we were trying to identify counterexamples, we would do the opposite). | ||
+ | |||
+ | We can replace "assume F" with "assume F1" where F1 is weaker. Consequences: | ||
+ | * omtiting complex if conditionals (assuming both branches can happen - as in most type systems) | ||
+ | * replacing complex assignments with arbitrary change to variable: because x=t is havoc(x);assume(x=t) and we drop the assume | ||
+ | |||
+ | This idea is important in static analysis. | ||
+ | |||
==== Symbolic execution ==== | ==== Symbolic execution ==== | ||
Line 117: | Line 128: | ||
- | Test : \\ | ||
- | \begin{eqnarray*} | ||
- | \Psi_0 &=& -C_{abcd} Y_0^a m^b Y_1^c m^d e^{-2i\gamma} \\ | ||
- | \Psi_4 &=& -C_{abcd} Y_1^a \bar{m}^b Y_1^c \bar{m}^d e^{2i\gamma} | ||
- | \end{eqnarray*} |