Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
sav08:lecture04 [2008/03/02 22:14] vkuncak |
sav08:lecture04 [2008/03/04 19:18] (current) vkuncak |
||
---|---|---|---|
Line 15: | Line 15: | ||
[[Backward VCG]] | [[Backward VCG]] | ||
- | [[Assert and Error Conditions]] | + | We continue with verification-condition generation in [[lecture05]]. |
- | [[Hoare Logic Rule for Loops]] | ||
- | |||
- | [[ESC/Java Loop Desugaring]] | ||
- | |||
- | [[Practical Aspects of VCG]] | ||
- | |||
- | ===== Programs with Loops ===== | ||
- | |||
- | ==== While Rule ==== | ||
- | |||
- | \[ | ||
- | \frac{(\models P \rightarrow I);\ \{I\}c\{I\};\ (\models I \rightarrow Q)} | ||
- | {\{P\}\ {\it l{}o{}o{}p}\{I\}(c)\ \{Q\}} | ||
- | \] | ||
- | |||
- | What is the rule for | ||
- | |||
- | \[ | ||
- | \frac{(\models P \rightarrow I?);\ \{I? \}c\{I\};\ (\models I? \rightarrow Q)} | ||
- | {\{P\}\ {\it while}\{I\}(F)(c)\ \{Q\}} | ||
- | \] | ||
- | |||
- | === Further reading === | ||
- | |||
- | * [[Calculus of Computation Textbook]], Chapter 5 (Program Correctness: Mechanics) | ||
- | |||
- | ==== Annotations in Control-Flow Graphs ==== | ||
- | |||
- | * [[http://research.microsoft.com/~leino/papers/krml157.pdf|Weakest preconditions for unstructured programs]] | ||
- | |||
- | ==== Loop Unrolling ==== | ||
- | |||
- | |||
- | ===== Size of verification conditions ===== | ||
- | * one-point rule for equality | ||
- | * introducing fresh names for branches | ||
- | * general-purpose simplifications | ||
- | * concolic testing idea | ||
- | |||
- | * [[http://doi.acm.org/10.1145/360204.360220|Avoiding exponential explosion: generating compact verification conditions]] | ||
- | * [[http://www.cs.utexas.edu/users/sandip/publications/symbolic-lpar/main.html|Verification Condition Generation via Theorem Proving]] | ||
- | * [[http://osl.cs.uiuc.edu/~ksen/cute/|CUTE Tool]] | ||
- | |||
- | ===== Asserts and errors for nice wp definition ===== | ||
- | |||
- | assert(F) = irrecoverable error if $F$ is false, terminates execution. | ||
- | |||
- | wp computes conditions sufficient for errors not to happen. | ||
- | |||
- | Postconditions are just asserts at the end of the program. | ||
- | |||
- | How to build a system with relations where at the same time | ||
- | wp(assert(F),Q) = (F & Q) | ||
- | wp(assume(F),Q) = (F --> Q) | ||
- | |||
- | Then | ||
- | wp(assert(false); assume(false),Q) = false | ||
- | wp(assume(false); assume(false),Q) = true | ||
- | so cannot have $\mbox{assume(false)} = \emptyset$ any more. | ||
- | |||
- | Sketch of how this can be done is in [[:sav07_homework 4|a homework from last year]]. | ||
- | |||
- | ===== Havoc and ESC/Java Loop Transformation ===== | ||
- | |||
- | [[:sav07_lecture_4#more_on_wp|Notes on wp from last year]] |