123 Views

Download Presentation
##### Software Verification 1 Deductive Verification

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Software Verification 1Deductive Verification**Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik**Structured Operational Semantics**• Denotational semantics can be made mathematically sound, but is not “intuitive” • Operations of a “real” machine? • transitions from valuation to valuation • program counter is increased with the program • Abstract representation: • state=(program, valuation) • program means the part which is still to be executed • transition=(state1, state2) • “Meaning” of a program is a (possibly infinite) set of such transitions**SOS-Rules**• (v=t, V)(skip, V[v:=t]); • ({skip; },V) (,V) • if (1, V1) (2,V2), then ({1; }, V1) ({2; },V2) • if (U,I,V) ⊨ b, then (if (b) 1 else 2, V) (1,V) • if (U,I,V) ⊭ b, then (if (b) 1 else 2, V) (2,V) • (while (b) , V) (if (b) {; while (b) }}, V) • these are so-called “small-step rules”; “big-step rule”: if (1, V1) (2,V2), and (2, V2) (3,V3), then ({1; 2}, V1) (3, V3) • derivable?**SOS-Example**• (while (a!=0) {c = a; a = b%a; b = c},(a=20, b=12, c=0)) ...**About operational semantics**• For every (1, V1), there is exactly one sequence(1, V1)(2, V2)(3, V3) ... • allows to “symbolically execute” a program • does not allow to show properties • e.g. “program calculates gcd” • e.g. “program terminates” • Hoare-Tripel: {} {}meaning: if holds before the execution of , then holds afterwards • and are first-order formulas (possibly with quantification; logical variables vs. program variables)**Hoare calculus**• ⊢ {[v:=t]} v=t {} (ass) • ⊢ {} skip {} (usually omitted) • if ⊢ {}1{}and ⊢ {} 2{}, then {} {1; 2}{} (seq) • if ⊢ { b} 1{} and ⊢ { ¬b} 2{}, then ⊢ {}if (b) 1 else 2 {} (ite) • if ⊢ { b} {}, then ⊢ {}while (b) { ¬b} (whi) • If ⊢ (’ ) and ⊢ {} {}, then ⊢ {’} {} (imp1) • If ⊢ {} {} and ⊢ ( ’), then ⊢ {} {’} (imp2) • the semantics (meaning) of a program is the set of all derivable Hoare-tripels {} {}**Examples**• {x==17} x++ {x==18} • {x==17} y=x+1 {y==18} • {x==17} {x++; y=x+1} {y==19} • {a==m b==n}if (a<=b) c = a else c = b{c==min(m,n)} • {a==m>0 b==n>0} while (a!=0) {c = a; a = b%a; b = c} {b==gcd(m,n)}