1 / 45

Predicate Transforms in Weak Correctness Assertions

Understanding false assertions in weak correctness scenarios and deducing implications through wp and wlp evaluations. Exploring program conditions for desired results with wp determinations. Comparison of implications in wp(s, Q) and {P}.s.{Q}.

simone-randall
Télécharger la présentation

Predicate Transforms in Weak Correctness Assertions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Problem Set 6: Predicate Transforms Hints and Notes

  2. 1. Consider the assertion of weak correctness: {t=5 Λ z<0} s {y=z+1 Λ t=z}. Which of the following observations/facts would allow one to deduce that the assertion is FALSE and which would not? a. The wp(s, y=z) is z>-5. b. The wlp(s, y=z) is z>-5.

  3. 1. Consider the assertion of weak correctness: {t=5 Λ z<0} s {y=z+1 Λ t=z}. Which of the following observations/facts would allow one to deduce that the assertion is FALSE and which would not? a. The wp(s, y=z) is z>-5. b. The wlp(s, y=z) is z>-5.

  4. 1. Consider the assertion of weak correctness: {t=5 Λ z<0} s {y=z+1 Λ t=z}. Which of the following observations/facts would allow one to deduce that the assertion is FALSE and which would not? a. The wp(s, y=z) is z>-5. Would. [wp(s, y=z) = z>-5] => [{t=5 Λ -5<z<0} s {y=z} strongly] => [{t=5 Λ z<0} s {y=z+1 Λ t=z} is false] since we know s will halt for at least four initial (integer) values of z<0 with post condition (y=z+1 Λ t=z) being false. b. The wlp(s, y=z) is z>-5.

  5. 1. Consider the assertion of weak correctness: {t=5 Λ z<0} s {y=z+1 Λ t=z}. Which of the following observations/facts would allow one to deduce that the assertion is FALSE and which would not? a. The wp(s, y=z) is z>-5. Would. [wp(s, y=z) = z>-5] => [{t=5 Λ -5<z<0} s {y=z} strongly] => [{t=5 Λ z<0} s {y=z+1 Λ t=z} is false] since we know s will halt for at least four initial (integer) values of z<0 with post condition (y=z+1 Λ t=z) being false. b. The wlp(s, y=z) is z>-5.

  6. 1. Consider the assertion of weak correctness: {t=5 Λ z<0} s {y=z+1 Λ t=z}. Which of the following observations/facts would allow one to deduce that the assertion is FALSE and which would not? a. The wp(s, y=z) is z>-5. Would. [wp(s, y=z) = z>-5] => [{t=5 Λ -5<z<0} s {y=z} strongly] => [{t=5 Λ z<0} s {y=z+1 Λ t=z} is false] since we know s will halt for at least four initial (integer) values of z<0 with post condition (y=z+1 Λ t=z) being false. b. The wlp(s, y=z) is z>-5. Would not. [wlp(s, y=z) = z>-5] => [{t=5 Λ z>-5} s {y=z}] weakly. But this does not imply that {t=5 Λ z<0} s {y=z+1 Λ t=z} is FALSE since s may not terminate for -5<z<0.

  7. 2. Consider the program, P, below: temp := x x := y y := temp if temp>z then y := z z := temp if x>y then temp := x x := y y := temp end_if end_if Under what circumstances will the program result in {x≤y<z}? (Hint: determine the wp of the program w.r.t. the desired result.)

  8. S1 2. Consider the program, P, below: temp := x x := y y := temp if temp>z then y := z z := temp if x>y then temp := x x := y y := temp end_if end_if Under what circumstances will the program result in {x≤y<z}? (Hint: determine the wp of the program w.r.t. the desired result.) S2

  9. S1 2. Consider the program, P, below: temp := x x := y y := temp if temp>z then y := z z := temp if x>y then temp := x x := y y := temp end_if end_if Under what circumstances will the program result in {x≤y<z}? (Hint: determine the wp of the program w.r.t. the desired result.) S2,1 S2 S2,2

  10. S1 2. Consider the program, P, below: temp := x x := y y := temp if temp>z then y := z z := temp if x>y then temp := x x := y y := temp end_if end_if Under what circumstances will the program result in {x≤y<z}? (Hint: determine the wp of the program w.r.t. the desired result.) S2,1 S2 S2,2 S2,2,1

  11. S1 2. Consider the program, P, below: temp := x x := y y := temp if temp>z then y := z z := temp if x>y then temp := x x := y y := temp end_if end_if wp(P, x≤y<z) = wp(S1; S2, x≤y<z) S2,1 S2 S2,2 S2,2,1

  12. S1 2. Consider the program, P, below: temp := x x := y y := temp if temp>z then y := z z := temp if x>y then temp := x x := y y := temp end_if end_if wp(P, x≤y<z) = wp(S1; S2, x≤y<z) = wp(S1, wp(S2, x≤y<z)) S2,1 S2 S2,2 S2,2,1

  13. S1 2. Consider the program, P, below: temp := x x := y y := temp if temp>z then y := z z := temp if x>y then temp := x x := y y := temp end_if end_if wp(P, x≤y<z) = wp(S1; S2, x≤y<z) = wp(S1, wp(S2, x≤y<z)) = wp(S1, wp(if temp>z then S2.1;S2.2, x≤y<z)) S2,1 S2 S2,2 S2,2,1

  14. S1 2. Consider the program, P, below: temp := x x := y y := temp if temp>z then y := z z := temp if x>y then temp := x x := y y := temp end_if end_if wp(P, x≤y<z) = wp(S1; S2, x≤y<z) = wp(S1, wp(S2, x≤y<z)) = wp(S1, wp(if temp>z then S2.1;S2.2, x≤y<z)) etc. S2,1 S2 S2,2 S2,2,1

  15. 3. We have learned that P => wp(s,Q) implies {P} s {Q}. However, {P} s {Q} does NOT imply P => wp(s,Q). Why?

  16. 3. We have learned that P => wp(s,Q) implies {P} s {Q}. However, {P} s {Q} does NOT imply P => wp(s,Q). Why? Because: P => wp(s,Q)<=>“{P} s {Q} strongly”

  17. 3. We have learned that P => wp(s,Q) implies {P} s {Q}. However, {P} s {Q} does NOT imply P => wp(s,Q). Why? Because: P => wp(s,Q)<=>“{P} s {Q} strongly” and “{P} s {Q} strongly” =>{P} s {Q}

  18. 3. We have learned that P => wp(s,Q) implies {P} s {Q}. However, {P} s {Q} does NOT imply P => wp(s,Q). Why? Because: P => wp(s,Q)<=>“{P} s {Q} strongly” and “{P} s {Q} strongly” =>{P} s {Q} but {P} s {Q} ≠> “{P} s {Q} strongly”.

  19. 4. a. Use the wlp rule for while-do statements given in Lecture Notes 20 to find the weakest liberal pre- condition of the following program with respect to the post-condition Z=XY. while J<>Y do Z := Z+X; J := J+1 end_while b. Consider the invariant, I: Z=XJ, used with the while- loop ROI to prove the assertion given on slide 11 of Lecture Notes 18. How does it compare in "strength“ to the weakest liberal pre-condition from part (a) above? (In particular, is one STRONGER than the other?) Briefly explain your answer.

  20. a. wlp rule for while-do statements: wlp(while b do S, Q) ≡ wp(while b do S, Q) V ¬wp(while b do S, true)

  21. a. wlp rule for while-do statements: wlp(while b do S, Q) ≡ wp(while b do S, Q) V ¬wp(while b do S, true) i. determining wp(while b do S, Q): H0: J=Y Л Z=XY while J<>Y do Z := Z+X; J := J+1 end_while

  22. a. wlp rule for while-do statements: wlp(while b do S, Q) ≡ wp(while b do S, Q) V ¬wp(while b do S, true) i. determining wp(while b do S, Q): H0: J=Y Л Z=XY H1: J<>Y Л wp(s, J=Y Л Z=XY) = J=Y-1 Л Z=X(Y-1) while J<>Y do Z := Z+X; J := J+1 end_while

  23. a. wlp rule for while-do statements: wlp(while b do S, Q) ≡ wp(while b do S, Q) V ¬wp(while b do S, true) i. determining wp(while b do S, Q): H0: J=Y Л Z=XY H1: J<>Y Л wp(s, J=Y Л Z=XY) = J=Y-1 Л Z=X(Y-1) H2: J<>y Л wp(s, J=Y-1 Л Z=X(Y-1)) = J=Y-2 Л Z=X(Y-2) while J<>Y do Z := Z+X; J := J+1 end_while

  24. a. wlp rule for while-do statements: wlp(while b do S, Q) ≡ wp(while b do S, Q) V ¬wp(while b do S, true) i. determining wp(while b do S, Q): H0: J=Y Л Z=XY H1: J<>Y Л wp(s, J=Y Л Z=XY) = J=Y-1 Л Z=X(Y-1) H2: J<>y Л wp(s, J=Y-1 Л Z=X(Y-1)) = J=Y-2 Л Z=X(Y-2) Hk: J=Y-k Л Z=X(Y-k) while J<>Y do Z := Z+X; J := J+1 end_while

  25. a. wlp rule for while-do statements: wlp(while b do S, Q) ≡ wp(while b do S, Q) V ¬wp(while b do S, true) i. determining wp(while b do S, Q): H0: J=Y Л Z=XY H1: J<>Y Л wp(s, J=Y Л Z=XY) = J=Y-1 Л Z=X(Y-1) H2: J<>y Л wp(s, J=Y-1 Л Z=X(Y-1)) = J=Y-2 Л Z=X(Y-2) Hk: J=Y-k Л Z=X(Y-k) Therefore, H0 V H1 V H2 V ... V Hk V ... simplifies to: (J=Y Л Z=XY) V (J<Y Л Z=XJ) = (J≤Y Л Z=XJ) while J<>Y do Z := Z+X; J := J+1 end_while

  26. ii. determining wp(while b do S, true):

  27. ii. determining wp(while b do S, true): H0: J=Y Л true while J<>Y do Z := Z+X; J := J+1 end_while

  28. ii. determining wp(while b do S, true): H0: J=Y Л true H1: J<>Y Л wp(s, J=Y) = J=Y-1 while J<>Y do Z := Z+X; J := J+1 end_while

  29. ii. determining wp(while b do S, true): H0: J=Y Л true H1: J<>Y Л wp(s, J=Y) = J=Y-1 H2: J<>y Л wp(s, J=Y-1) = J=Y-2 while J<>Y do Z := Z+X; J := J+1 end_while

  30. ii. determining wp(while b do S, true): H0: J=Y Л true H1: J<>Y Л wp(s, J=Y) = J=Y-1 H2: J<>y Л wp(s, J=Y-1) = J=Y-2 Hk: J=Y-k while J<>Y do Z := Z+X; J := J+1 end_while

  31. ii. determining wp(while b do S, true): H0: J=Y Л true H1: J<>Y Л wp(s, J=Y) = J=Y-1 H2: J<>y Л wp(s, J=Y-1) = J=Y-2 Hk: J=Y-k Therefore, H0 V H1 V H2 V ... V Hk V ... simplifies to: J≤Y while J<>Y do Z := Z+X; J := J+1 end_while

  32. ii. determining wp(while b do S, true): H0: J=Y Л true H1: J<>Y Л wp(s, J=Y) = J=Y-1 H2: J<>y Л wp(s, J=Y-1) = J=Y-2 Hk: J=Y-k Therefore, H0 V H1 V H2 V ... V Hk V ... simplifies to: J≤Y Thus, wlp(while b do S, Q) = (J≤Y Л Z=XJ) V J>Y = Z=XJ V J>Y while J<>Y do Z := Z+X; J := J+1 end_while

  33. 6. a. Identify H1, H2, H3, and Hk such that wp(Repeat s Until c, Q) = H1 V H2 V H3 V...V Hk V... where Hi represents the necessary and sufficient condition that "Repeat s Until c“ terminates in state Q after i executions of s. For i>1, Hi should be expressed as a function of Hi-1.

  34. 6. a. Identify H1, H2, H3, and Hk such that wp(Repeat s Until c, Q) = H1 V H2 V H3 V...V Hk V... where Hi represents the necessary and sufficient condition that "Repeat s Until c“ terminates in state Q after i executions of s. For i>1, Hi should be expressed as a function of Hi-1. {wp} s T c F {Q}

  35. 6. a. Identify H1, H2, H3, and Hk such that wp(Repeat s Until c, Q) = H1 V H2 V H3 V...V Hk V... where Hi represents the necessary and sufficient condition that "Repeat s Until c“ terminates in state Q after i executions of s. For i>1, Hi should be expressed as a function of Hi-1. {wp} H1 = ? (s executes once only) s T c F {Q}

  36. 6. a. Identify H1, H2, H3, and Hk such that wp(Repeat s Until c, Q) = H1 V H2 V H3 V...V Hk V... where Hi represents the necessary and sufficient condition that "Repeat s Until c“ terminates in state Q after i executions of s. For i>1, Hi should be expressed as a function of Hi-1. {wp} H1 = wp(s, ?) s T c F {Q}

  37. 6. a. Identify H1, H2, H3, and Hk such that wp(Repeat s Until c, Q) = H1 V H2 V H3 V...V Hk V... where Hi represents the necessary and sufficient condition that "Repeat s Until c“ terminates in state Q after i executions of s. For i>1, Hi should be expressed as a function of Hi-1. {wp} H1 = wp(s, c ЛQ) s T c F {Q}

  38. 6. a. Identify H1, H2, H3, and Hk such that wp(Repeat s Until c, Q) = H1 V H2 V H3 V...V Hk V... where Hi represents the necessary and sufficient condition that "Repeat s Until c“ terminates in state Q after i executions of s. For i>1, Hi should be expressed as a function of Hi-1. {wp} H1 = wp(s, c ЛQ) H2 = ? (s executes twice only) s T c F {Q}

  39. 6. a. Identify H1, H2, H3, and Hk such that wp(Repeat s Until c, Q) = H1 V H2 V H3 V...V Hk V... where Hi represents the necessary and sufficient condition that "Repeat s Until c“ terminates in state Q after i executions of s. For i>1, Hi should be expressed as a function of Hi-1. {wp} H1 = wp(s, c ЛQ) H2 = wp(s, ¬c Л?) s T c F {Q}

  40. 6. a. Identify H1, H2, H3, and Hk such that wp(Repeat s Until c, Q) = H1 V H2 V H3 V...V Hk V... where Hi represents the necessary and sufficient condition that "Repeat s Until c“ terminates in state Q after i executions of s. For i>1, Hi should be expressed as a function of Hi-1. {wp} H1 = wp(s, c ЛQ) H2 = wp(s, ¬c Лwp(s, c ЛQ)) s T c F {Q}

  41. 6. a. Identify H1, H2, H3, and Hk such that wp(Repeat s Until c, Q) = H1 V H2 V H3 V...V Hk V... where Hi represents the necessary and sufficient condition that "Repeat s Until c“ terminates in state Q after i executions of s. For i>1, Hi should be expressed as a function of Hi-1. {wp} H1 = wp(s, c ЛQ) H2 = wp(s, ¬c Лwp(s, c ЛQ)) s T c F {Q}

  42. 6. a. Identify H1, H2, H3, and Hk such that wp(Repeat s Until c, Q) = H1 V H2 V H3 V...V Hk V... where Hi represents the necessary and sufficient condition that "Repeat s Until c“ terminates in state Q after i executions of s. For i>1, Hi should be expressed as a function of Hi-1. {wp} H1 = wp(s, c ЛQ) H2 = wp(s, ¬c Лwp(s, c ЛQ)) = wp(s, ¬c ЛH1) s T c F {Q}

  43. 6. a. Identify H1, H2, H3, and Hk such that wp(Repeat s Until c, Q) = H1 V H2 V H3 V...V Hk V... where Hi represents the necessary and sufficient condition that "Repeat s Until c“ terminates in state Q after i executions of s. For i>1, Hi should be expressed as a function of Hi-1. {wp} H1 = wp(s, c ЛQ) H2 = wp(s, ¬c Лwp(s, c ЛQ)) = wp(s, ¬c ЛH1) H3 = wp(s, ¬c ЛH2) s T c F {Q}

  44. 6. a. Identify H1, H2, H3, and Hk such that wp(Repeat s Until c, Q) = H1 V H2 V H3 V...V Hk V... where Hi represents the necessary and sufficient condition that "Repeat s Until c“ terminates in state Q after i executions of s. For i>1, Hi should be expressed as a function of Hi-1. {wp} H1 = wp(s, c ЛQ) H2 = wp(s, ¬c Лwp(s, c ЛQ)) = wp(s, ¬c ЛH1) H3 = wp(s, ¬c ЛH2) --------------------------- Hk = wp(s, ¬c Л Hk-1) s T c F {Q}

  45. Problem Set 6: Predicate Transforms Hints and Notes

More Related