Loading in 5 sec....

Hoare ’ s method for proving correctness of programsPowerPoint Presentation

Hoare ’ s method for proving correctness of programs

- 311 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about '' - ishmael

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### Hoare’s method for proving correctness of programs

Hoare’s logic

- Hoare suggested in 1969 an inference system with which we can prove properties of programs.
- A unique form of proof rules, called Hoare triples:P {Q} Rwhere
- P is a precondition
- Q is a program or a program statement
- R postcondition.

The simple language we consider

- Hoare’s logic includes rules for inference on program constructs:
- Assignments y = t
- Composition S1; S2
- If-then-else if e then S1 else S2 fi
- While while e do S od
- ...

The simple language we consider

- A proof typically needs additional inference rules for the elementary operations (+,-,*,mod...)
- e.g., axioms for arithmetic such as
- x + 0 = 0
- x £ y = y £ x
- ...

- e.g., axioms for arithmetic such as

Assignments

- D0 Axiom of assignments
P {x = f} R

where

- P is derived from R by replacing all occurrences of x with f.

- Example: y + 1 < 10 {y = y+1} y < 10

Consequence

- D1 Inference rules for consequence
P {Q} R R → S (make a postcondition weaker)

P {Q} S

P {Q} R S → P (make a precondition stronger)

S {Q} R

- Example
y + 1 < 10 {y = y+1} y < 10 y < 10 → x = 1

y + 1 < 10 {y = y+1} x = 1

Composition

- D2 Inference rule for composition
P {Q1} R1 R1 {Q2} R

P {Q1; Q2} R

- Example:
x=1 {y = x} y=1 y=1 {z=y} z=1

x=1{y=x; z=y} z=1

Iteration

- Consider the statement: while B do S
- D3 Inference rule for iteration
P B {S} P

P {while B do S}:B Æ P

- Example
x < 10 x < 5 {x = x+1} x < 10x<10 {while (x < 5) x = x + 1} x ¸ 5 Æ x < 10

if-then-else

- D4 if-then-else inference rule
P Æ e {Q1} R P Æ ¬e {Q2} R

P {if e then Q1 else Q2 fi} R

- Example
z = 0 Æ x < 0 {y := -x + z} y ¸ 0 z = 0 Æ x ¸ 0 {y := x + z} y ¸ 0

z = 0 {if (x<0) y := -x + z else y := x + z} y ¸ 0

Example

- Consider the following program for finding the quotient and remainder of x / y.
r := x;

q := 0;

while (y <= r) {

r := r – y;

q := 1 + q;}

- We will try to prove that in the end: x = r + y£ q and y > r.

x = 16, y = 6

Example

- Strategy: find a loop invariant.
r := x;

q := 0;

while (y <= r) {

r := r – y;

q := 1 + q;}

x = x + y £ 0

x = r + y £ 0

x = r + y £ q

Proof

- So we first need to prove Lemma 1: x = x + y £ 0
- For this we will use the following axioms from arithmetic:
- A0 x = x
- A1 x + 0 = x
- A2 x £ 0 = 0

- Proof
- x = x A0
- y £ 0 = 0 A2
- x = x + y £ 0 1,2,A1

Proof

- true → x = x + y £ 0 Lemma1
- x = x + y £ 0{r := x}x = r + y £ 0D0
- x = r + y £ 0{q := 0}x = r + y £ qD0
- true{r := x}x = r + y £ 0D1, 1,2
- true{r := x; q :=0}x = r + y £ qD2, 4,3

Proof (cont’d)

Line Formal proof Justification

Notes on Hoare-style rules

- Proves partial correctness
- i.e., meaningless when the program does not terminate.

- If in addition we prove termination, then we have total correctness.
- Q: suppose that y < 0 in our program. Does it change the proof ?

Notes on Hoare-style rules

- Hoare logic is sound in the sense that everything that can be proved is correct
- There exists extensions to all popular constructs:
- recursion
- arrays, pointers,...
- concurrency...

Download Presentation

Connecting to Server..