This is an old revision of the document!
Generating Verification Conditions
Review: Hoare triples, wp, sp from previous lecture03.
We will first consider programs without loops.
Programs with Loops
While Rule
\[ \frac{(\models P \rightarrow I);\ \{I\}c\{I\};\ (\models I \rightarrow Q)}
{\{P\}\ {\it l{}o{}o{}p}\{I\}(c)\ \{Q\}}
\]
What is the rule for
\[ \frac{(\models P \rightarrow I?);\ \{I? \}c\{I\};\ (\models I? \rightarrow Q)}
{\{P\}\ {\it while}\{I\}(F)(c)\ \{Q\}}
\]
Further reading
- Calculus of Computation Textbook, Chapter 5 (Program Correctness: Mechanics)
Annotations in Control-Flow Graphs
Loop Unrolling
Size of verification conditions
- one-point rule for equality
- introducing fresh names for branches
- general-purpose simplifications
- concolic testing idea
Asserts and errors for nice wp definition
assert(F) = irrecoverable error if 
is false, terminates execution.
wp computes conditions sufficient for errors not to happen.
Postconditions are just asserts at the end of the program.
How to build a system with relations where at the same time
wp(assert(F),Q) = (F & Q) wp(assume(F),Q) = (F --> Q)
Then
wp(assert(false); assume(false),Q) = false wp(assume(false); assume(false),Q) = true
so cannot have 
any more.
Sketch of how this can be done is in a homework from last year.