LARA

This is an old revision of the document!

Generating Verification Conditions

Review: Hoare triples, wp, sp from previous lecture03.

Big Picture of VCG

We will first consider programs without loops.

Normal Form of Loop-Free Programs

Compositional VCG

Forward VCG

Backward VCG

We next look at proof rules for loops, assuming loop invariants are given.

Hoare Logic Rule for Loops

We next look at a program semantics that has explicit error conditions, and that gives nice rules for weakest preconditions.

Assert and Error Conditions

We next discuss a particular approach for generating verification conditions that admits simpler loop invariants.

Java Loop Desugaring

Practical Aspects of VCG

Further reading

Annotations in Control-Flow Graphs

Loop Unrolling

Size of verification conditions

  • one-point rule for equality
  • introducing fresh names for branches
  • general-purpose simplifications
  • concolic testing idea

Asserts and errors for nice wp definition

assert(F) = irrecoverable error if $F$ is false, terminates execution.

wp computes conditions sufficient for errors not to happen.

Postconditions are just asserts at the end of the program.

How to build a system with relations where at the same time 

wp(assert(F),Q) = (F & Q)
wp(assume(F),Q) = (F --> Q)

Then 

wp(assert(false); assume(false),Q) = false
wp(assume(false); assume(false),Q) = true

so cannot have $\mbox{assume(false)} = \emptyset$ any more.

Sketch of how this can be done is in a homework from last year.

Havoc and ESC/Java Loop Transformation

Notes on wp from last year