Differences

This shows you the differences between two versions of the page.

--- sav08:lecture04 [2008/03/02 22:30]
vkuncak
+++ sav08:lecture04 [2008/03/02 22:55]
vkuncak
@@ Line 22: / Line 22: @@
 [[Assert and Error Conditions]]
-We next discuss a particular approach for generating verification conditions that admits simpler loop invariants.
-[[ESC/Java Loop Desugaring]]
 [[Practical Aspects of VCG]]
-=== Further reading ===
-  * [[Calculus of Computation Textbook]], Chapter 5 (Program Correctness: Mechanics)
-==== Annotations in Control-Flow Graphs ====
-  * [[http://research.microsoft.com/~leino/papers/krml157.pdf|Weakest preconditions for unstructured programs]]
-==== Loop Unrolling ====
-===== Size of verification conditions =====
-  * one-point rule for equality
-  * introducing fresh names for branches
-  * general-purpose simplifications
-  * concolic testing idea
-  * [[http://doi.acm.org/10.1145/360204.360220|Avoiding exponential explosion: generating compact verification conditions]]
-  * [[http://www.cs.utexas.edu/users/sandip/publications/symbolic-lpar/main.html|Verification Condition Generation via Theorem Proving]]
-  * [[http://osl.cs.uiuc.edu/~ksen/cute/|CUTE Tool]]
-===== Asserts and errors for nice wp definition =====
-assert(F) = irrecoverable error if $F$ is false, terminates execution.
-wp computes conditions sufficient for errors not to happen.
-Postconditions are just asserts at the end of the program.
-How to build a system with relations where at the same time
-  wp(assert(F),Q) = (F & Q)
-  wp(assume(F),Q) = (F --> Q)
-Then
-  wp(assert(false); assume(false),Q) = false
-  wp(assume(false); assume(false),Q) = true
-so cannot have $\mbox{assume(false)} = \emptyset$ any more.
-Sketch of how this can be done is in [[:sav07_homework 4|a homework from last year]].
-===== Havoc and ESC/Java Loop Transformation =====
-[[:sav07_lecture_4#more_on_wp|Notes on wp from last year]]