- Aristotle's Hypotheses and The
- Go Del Last
- Monadology by Leibniz
- Great Mathematican
- A bomba do além THE-LOGICAL-LIMITS-OF-SCIENTIFIC-KNOWLEDGE.pdf
- Notes
- Tugas English for Math 02
- PROFICIÊNCIA Modelo Prova
- Sībuawaith's ‘Parts of Speech’ According to Zajjājī
- MCS01
- Freudenthal M's Phil. Program Copy
- The place of logic among the sciences
- Cfg Examples 1
- tarski T
- Copy of Mth 1110 Logic and Set Theory Abrd Basic Mathematics Bist Yr1 Sem1
- Logic, Metalogic and Neutrality
- Software Testir
- Python Programming 101
- L02 Dis. Math,
- Java Chap6 Decision Making Statements ( Prof. Ananda M Ghosh.)
- Art. WF Assad - A Flexible Software Tool for Temporally-precise Behavioral Control in Matlab
- chapter 2 control structures
- Deciding
- Ifti Zaidi - PhD Thesis - The Conduct of War and the Notion of Victory
- 0521599938_Combinatorics
- Testing Seminar
- 288516478-HP-Prime-Programming-Tutorial.docx
- Numbers, sets and axioms - Hamilton (1).pdf
- week2
- Four Techniques for Better LabVIEW Code
- Sapiens: A Brief History of Humankind
- Yes Please
- The Unwinding: An Inner History of the New America
- The Innovators: How a Group of Hackers, Geniuses, and Geeks Created the Digital Revolution
- Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future
- Dispatches from Pluto: Lost and Found in the Mississippi Delta
- John Adams
- Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America
- The Prize: The Epic Quest for Oil, Money & Power
- This Changes Everything: Capitalism vs. The Climate
- Grand Pursuit: The Story of Economic Genius
- A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story
- The Emperor of All Maladies: A Biography of Cancer
- Team of Rivals: The Political Genius of Abraham Lincoln
- The New Confessions of an Economic Hit Man
- Rise of ISIS: A Threat We Can't Ignore
- The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers
- Smart People Should Build Things: How to Restore Our Culture of Achievement, Build a Path for Entrepreneurs, and Create New Jobs in America
- The World Is Flat 3.0: A Brief History of the Twenty-first Century
- Bad Feminist: Essays
- How To Win Friends and Influence People
- Steve Jobs
- Angela's Ashes: A Memoir
- The Silver Linings Playbook: A Novel
- Leaving Berlin: A Novel
- Extremely Loud and Incredibly Close: A Novel
- The Sympathizer: A Novel (Pulitzer Prize for Fiction)
- The Light Between Oceans: A Novel
- The Incarnations: A Novel
- You Too Can Have a Body Like Mine: A Novel
- Life of Pi
- The Love Affairs of Nathaniel P.: A Novel
- The Blazing World: A Novel
- The Rosie Project: A Novel
- The First Bad Man: A Novel
- We Are Not Ourselves: A Novel
- The Flamethrowers: A Novel
- Brooklyn: A Novel
- A Man Called Ove: A Novel
- The Master
- Bel Canto
- Interpreter of Maladies
- The Kitchen House: A Novel
- Beautiful Ruins: A Novel
- The Art of Racing in the Rain: A Novel
- Wolf Hall: A Novel
- The Wallcreeper
- A Prayer for Owen Meany: A Novel
- The Cider House Rules
- Lovers at the Chameleon Club, Paris 1932: A Novel
- The Bonfire of the Vanities: A Novel
- The Perks of Being a Wallflower
- The Constant Gardener: A Novel

**Programming Languages and Compilers (CS 421)
**

Elsa L Gunter 2112 SC, UIUC http://www.cs.uiuc.edu/class/cs421/

Based in part on slides by Mattox Beckman, as updated by Vikram Adve and Gul Agha

12/2/08 1 12/2/08 2

Also called Floyd-Hoare Logic Based on formal logic (first order predicate calculus) Axiomatic Semantics is a logical system built from axioms and inference rules Mainly suited to simple imperative programming languages

Axiomatic Semantics

Axiomatic Semantics

Used to formally prove a property (postcondition) of the state (the values of the program variables) after the execution of program, assuming another property (pre-condition) of the state before execution

**Goal: Derive statements of form {P} C {Q}
**

P , Q logical statements about state, P precondition, Q postcondition, C program

Example: {x = 1} x := x + 1 {x = 2}

4

12/2/08

3

12/2/08

Axiomatic Semantics

Axiomatic Semantics

Approach: For each type of language statement, give an axiom or inference rule stating how to derive assertions of form {P} C {Q} where C is a statement of that type Compose axioms and inference rules to build proofs for complex programs

An expression {P} C {Q} is a partial correctness statement For total correctness must also prove that C terminates (i.e. doesn’t run forever) Written: [P] C [Q]

12/2/08

5

12/2/08

6

like for-loops 7 12/2/08 8 12/2/08 The Assignment Rule The Assignment Rule {P [e/x] } x := e {P} Example: { ? } x := y {x = 2} Example: {P [e/x] } x := e {P} { _ = 2 } x := y { x = 2} 12/2/08 9 12/2/08 10 The Assignment Rule The Assignment Rule {P [e/x] } x := e {P} Examples: {P [e/x] } x := e {P} Example: { y = 2 } x := y { x = 2} {y = 2} x := y {x = 2} {y = 2} x := 2 {y = x} {x + 1 = n + 1} x := x + 1 {x = n + 1} {2 = 2} x := 2 {x = 2} 12/2/08 11 12/2/08 12 .e]) Meaning: Replace every v in P by e Example: (x + 2) [y-1/x] = ((y – 1) + 2) <command> ::= <variable> := <term> | <command>.Language Substitution We will give rules for simple imperative language Notation: P[e/v] (sometimes P[v <.<command> | if <statement> then <command> else <command> | while <statement> do <command> Could add more features. … .

The Assignment Rule – Your Turn The Assignment Rule – Your Turn What is the weakest precondition of x := x + y {x + y = w – x}? {(x + y) + y ? w – (x + y)} = x := x + y {x + y = w – x} What is the weakest precondition of x := x + y {x + y = w – x}? {(x + y) + y = w – (x + y)} x := x + y {x + y = w – x} 12/2/08 13 12/2/08 14 Precondition Strengthening P P’ {P’} C {Q} {P} C {Q} Meaning: If we can show that P implies P’ (P P’) and we can show that {P’} C {Q}. then we know that {P} C {Q} P is stronger than P’ means P P’ 12/2/08 15 Precondition Strengthening Examples: x = 3 x < 7 {x < 7} x := x + 3 {x < 10} {x = 3} x := x + 3 {x < 10} True 2 = 2 {2 = 2} x:= 2 {x = 2} {True} x:= 2 {x = 2} x=n x+1=n+1 {x+1=n+1} x:=x+1 {x=n+1} {x=n} x:=x+1 {x=n+1} 12/2/08 16 Which Inferences Are Correct? {x > 0 & x < 5} x := x * x {x < 25} {x = 3} x := x * x {x < 25} {x = 3} x := x * x {x < 25} {x > 0 & x < 5} x := x * x {x < 25} {x * x < 25 } x := x * x {x < 25} {x > 0 & x < 5} x := x * x {x < 25} 12/2/08 17 12/2/08 Which Inferences Are Correct? {x > 0 & x < 5} x := x * x {x < 25} {x = 3} x := x * x {x < 25} {x = 3} x := x * x {x < 25} {x > 0 & x < 5} x := x * x {x < 25} {x * x < 25 } x := x * x {x < 25} {x > 0 & x < 5} x := x * x {x < 25} 18 .

y := z {x = z & y = z} (x = z & y = z) (x = y) {z = z & z = z} x := z. y := z {x = z & y = z} 12/2/08 19 12/2/08 20 Postcondition Weakening Rule of Consequence {P} C {Q} Q Q’ {P} C {Q’} Example: {z = z & z = z} x := z. y := z {x = y} P P’ {P} C {Q} {P} C {Q} Q’ Q Logically equivalent to the combination of Precondition Strengthening and Postcondition Weakening Uses P P and Q Q 12/2/08 21 12/2/08 22 If Then Else {P and B} C1 {Q} {P and (not B)} C2 {Q} {P} if B then C1 else C2 {Q} Example: Want {y=a&x<0} y:=y-x {y=a+|x|} (3) (2) (1) (y=a&x<0) y-x=a+|x| {y-x=a+|x|} y:=y-x {y=a+|x|} {y=a&x<0} y:=y-x {y=a+|x|} {y=a} if x < 0 then y:= y-x else y:= y+x {y=a+|x|} Have to show: (1) {y=a&x<0} y:=y-x {y=a+|x|} and (4) {y=a¬(x<0)} y:=y+x {y=a+|x|} 12/2/08 23 (1) Reduces to (2) and (3) by Precondition Strengthening (2) Follows from assignment axiom (3) Because x<0 |x| = -x 12/2/08 24 . y := z {x = z & y = z} Example: {z = z & z = z} x := z {x = z & z = z} {x = z & z = z} y := z {x = z & y = z} {z = z & z = z} x := z.Sequencing Sequencing {P} C1 {Q} {Q} C2 {R} {P} C1. C2 {R} Example: {z = z & z = z} x := z {x = z & z = z} {x = z & z = z} y := z {x = z & y = z} {z = z & z = z} x := z. C2 {R} {P} C1 {Q} {Q} C2 {R} {P} C1.

. then we all we know when we enter the body is (P and B) If we need to know P when we finish the while loop. so if we want P to hold after. so let’s try: { ? } C { ? } { P } while B do C { P } 12/2/08 27 12/2/08 28 While While If all we know is P when we enter the while loop.{y=a¬(x<0)} y:=y+x {y=a+|x|} (6) (y=a¬(x<0))(y+x=a+|x|) (5) {y+x=a+|x|} y:=y+x {y=a+|x}} (4) {y=a¬(x<0)} y:=y+x {y=a+|x|} (4) Reduces to (5) and (6) by Precondition Strengthening (5) Follows from assignment axiom (6) Because not(x<0) |x| = x 12/2/08 25 If then else (1) (4) {y=a&x<0}y:=y-x{y=a+|x|} {y=a¬(x<0)}y:=y+x{y=a+|x|} {y=a} if x < 0 then y:= y-x else y:= y+x {y=a+|x|} . we had better know it when we finish the loop body: { P and B} C { P } { P } while B do C { P } We can strengthen the previous rule because we also know that when the loop is finished. it had better hold before. not B also holds Final while rule: { P and B } C { P } { P } while B do C { P and not B } 12/2/08 29 12/2/08 30 . By the if_then_else rule 12/2/08 26 While While We need a rule to be able to make assertions about while loops. Inference rule because we can only draw conclusions if we know something about the body Let’s start with: { ? } C { ? } { ? } while B do C { P } The loop may never be executed.

x := x –1) {fact = a!} We need to find a condition P that is true both before and after the loop is executed. x := x –1) {a! = fact * (x!) and not (x > 0)} and 2.While { P and B } C { P } { P } while B do C { P and not B } While While rule generally needs to be used together with precondition strengthening and postcondition weakening There is NO algorithm for computing the correct P. while x > 0 do (fact := fact * x. {x>=0 and x = a} fact := 1. while x > 0 do (fact := fact * x. {a! = fact * (x!) and not (x > 0) } {fact = a!} 35 12/2/08 36 First attempt: {a! = fact * (x!)} Motivation: What we want to compute: a! What we have computed: fact which is the sequential product of a down through (x + 1) What we still need to compute: x! 12/2/08 . and such that (P and not x > 0) (fact = a!) 12/2/08 33 12/2/08 34 Example Example By post-condition strengthening suffices to show 1. it requires intuition and an understanding of why the program works 32 P satisfying this rule is called a loop invariant because it must hold before and after the each iteration of the loop 31 12/2/08 12/2/08 Example Example Let us prove {x>= 0 and x = a} fact := 1.

it suffices to show (x>= 0 and x = a) (a! = 1 * (x!) and x >= 0) 41 12/2/08 42 Suffices to show that {a! = fact * (x!) and x >= 0} holds before the while loop is entered and that if {(a! = fact * (x!)) and x >= 0 and x > 0} holds before we execute the body of the loop. we have {a! = 1 * (x!) and x >= 0} fact := 1 {a! = fact * (x!) and x >= 0} Therefore. {x>=0 and x = a} fact := 1. combine the two: P = {a! = fact * (x!) and x >=0} Again. we need {a! = fact * (x!) and x >=0 and not (x > 0)} {fact = a!} But {x >=0 and not (x > 0)} {x = 0} so fact * (x!) = fact * (0!) = fact Therefore {a! = fact * (x!) and x >=0 and not (x > 0)} {fact = a!} 39 12/2/08 Example Example By the assignment rule. x := x –1) {P and not x > 0} and 2. to show (3). then {(a! = fact * (x!)) and x >= 0} holds after we execute the body 12/2/08 .Problem 2. suffices to show 1. {a! = fact * (x!) and x >=0} while x > 0 do (fact := fact * x. {x>=0 and x = a} fact := 1 {a! = fact * (x!) and x >=0 } And 4. {P and not x > 0} {fact = a!} 12/2/08 38 12/2/08 37 Example Example For 1. x := x –1) {a! = fact * (x!) and x >=0 and not (x > 0)} 12/2/08 40 For 2. {a! = fact * (x!) and not (x > 0)} {fact = a!} Don’t know this if x < 0 Need to know that x = 0 when loop terminates Need a new loop invariant Try adding x >= 0 Then will have x = 0 when loop is done Example Second try. by the sequencing rule it suffices to show 3. while x > 0 do (fact := fact * x. by precondition strengthening.

we have {(a! = fact * ((x-1)!)) and x – 1 >= 0} x := x – 1 {(a! = fact * (x!)) and x >= 0} By the sequencing rule. it suffices to show {(a! = fact * (x!)) and x >= 0 and x > 0} fact = fact * x {(a! = fact * ((x-1)!)) and x – 1 >= 0} 12/2/08 46 Example By the assignment rule. we have that {(a! = (fact * x) * ((x-1)!)) and x – 1 >= 0} fact = fact * x {(a! = fact * ((x-1)!)) and x – 1 >= 0} By Precondition strengthening. it suffices to show that ((a! = fact * (x!)) and x >= 0 and x > 0) ((a! = (fact * x) * ((x-1)!)) and x – 1 >= 0) 12/2/08 47 Example However fact * x * (x – 1)! = fact * x and (x > 0) x – 1 >= 0 since x is an integer. x := x – 1 ) {(a! = fact * (x!)) and x >= 0} We will use assignment rule. x := x –1) {a! = fact * (x!) and x >=0 and not (x > 0)} we need to show that {(a! = fact * (x!)) and x >= 0} is a loop invariant 43 12/2/08 44 12/2/08 Example We need to show: {(a! = fact * (x!)) and x >= 0 and x > 0} ( fact = fact * x.so {(a! = fact * (x!)) and x >= 0 and x > 0} {(a! = (fact * x) * ((x-1)!)) and x – 1 >= 0} 12/2/08 48 . sequencing rule and precondition strengthening 12/2/08 45 Example By the assignment rule.Example (x>= 0 and x = a) (a! = 1 * (x!) and x >= 0) holds because x = a x! = a! Have that {a! = fact * (x!) and x >= 0} holds at the start of the while loop Example To show (4): {a! = fact * (x!) and x >=0} while x > 0 do (fact := fact * x.

Example Therefore. by precondition strengthening {(a! = fact * (x!)) and x >= 0 and x > 0} fact = fact * x {(a! = fact * ((x-1)!)) and x – 1 >= 0} This finishes the proof 12/2/08 49 .

- Aristotle's Hypotheses and TheUploaded bythomas122
- Go Del LastUploaded byillmrpinheiro
- Monadology by LeibnizUploaded byChris Walker
- Great MathematicanUploaded byJacob Chakola
- A bomba do além THE-LOGICAL-LIMITS-OF-SCIENTIFIC-KNOWLEDGE.pdfUploaded byLuiz de Carvalho
- NotesUploaded byMicheal Hassel
- Tugas English for Math 02Uploaded byDanny Kusuma
- PROFICIÊNCIA Modelo ProvaUploaded byVALERIA
- Sībuawaith's ‘Parts of Speech’ According to ZajjājīUploaded byJaffer Abbas
- MCS01Uploaded bySam
- Freudenthal M's Phil. Program CopyUploaded byEsteban Nicolas
- The place of logic among the sciencesUploaded byvimipa
- Cfg Examples 1Uploaded byAslıhan Bener
- tarski TUploaded bymalik jozsef zoltan
- Copy of Mth 1110 Logic and Set Theory Abrd Basic Mathematics Bist Yr1 Sem1Uploaded byntuyo elvis
- Logic, Metalogic and NeutralityUploaded byLam Sin Wing
- Software TestirUploaded byravikumar4it
- Python Programming 101Uploaded byEA Faisal
- L02 Dis. Math,Uploaded byOsama Hassan
- Java Chap6 Decision Making Statements ( Prof. Ananda M Ghosh.)Uploaded byProf. (Dr) Ananda M Ghosh.
- Art. WF Assad - A Flexible Software Tool for Temporally-precise Behavioral Control in MatlabUploaded byPaul Rodrigo
- chapter 2 control structuresUploaded byapi-394738731
- DecidingUploaded byLe Minh Huy
- Ifti Zaidi - PhD Thesis - The Conduct of War and the Notion of VictoryUploaded byJF
- 0521599938_CombinatoricsUploaded byeroui331
- Testing SeminarUploaded byintex002
- 288516478-HP-Prime-Programming-Tutorial.docxUploaded byFranklin Vega Gonzales
- Numbers, sets and axioms - Hamilton (1).pdfUploaded bymanuel
- week2Uploaded bySteven Yoon
- Four Techniques for Better LabVIEW CodeUploaded byapi-3774223