- CDS_Deck
- LabVIEW DAQ
- oops 1 2 3 units
- LESSON 3 - Branching and Looping
- lecture02-1.6.pdf
- Natural.pdf
- SYLLABUS_COP2250_SEM500
- Using HCI Techniques to Design a More Usable Programming System
- 2.1 Module 2 Basic Java Programming Language
- Slide 08b - Control Structure_Loop
- Cpter-7
- Java-i Lesson3 Op Foc1
- Different Flowchart Design
- Recursion
- 0008 - Programming Part 2
- Exit&Options
- VHDL by Pacific
- Java Script
- Faq
- kurac
- SAP CES
- Latex Presentation Sample
- 93 Overloded Qs
- sol8.pdf
- 3 Algebra
- [eBook]Brief
- Digital Signal Processing 3rd Edition by Proakis & Manolakis (Solution's Manual)
- Brief R Tutorial
- Elementary Programming With C - InTL
- Acsl Basic
- AC_SEDA_Max_IB_PT_DB98-33665A-06_140814-1.pdf
- Comprovante-de-Rendimentos-IRPF.pdf
- App
- Using Excel Macros to Analyse Moodle Logs.pdf
- 15. Text-Files.pptx
- Allow Students to Review Quizzes
- worksheet functions.xlsx
- Abcd
- IOM Split Space 42XQM_256.08.731-C-07-13 (view).pdf
- ABCD.docx
- Connect 2016 - AD1100
- Apresentacao Utility Full
- week1_quizz_feedback.pdf
- PCULog0
- 01261076
- README
- New Text Document
- Ibmsametime9complete Basicfeaturesinstallation Fromzerotohero Fordominoldap Version1 131109042036 Phpapp02 (1)
- Lorem Ipsum
- Lorem Ipsum Dolor Sit Amet
- 17608368-Nagios-3x
- webqualis
- Installing Lotus Domino 8.5 on CentOS 5 in Less Than Six Hours.
- Readme
- Lorem ipsum dolor sit amet.docx

**The Verification Corner,
**

Rustan Leino talks about

Loop Invariants. He gives

a brief summary of the

theoretical foundations

and shows how a

program can sometimes

be systematically

constructed from its

specifications.

or predicates. P and Q are conditions (also called assertions. again. { x*x = y } says that if the statement “if (x < 0) x := -x. An execution of S starts in some state and ends in some state. x*x = y. For example. S denotes a program statement. (We restrict our attention to program statements that are well behaved and terminate. which is used to reason about programs.” or “if (x < 0) x := -x. . { x*x = y } if (x < 0) x := -x. The Hoare triple on this slide says that any execution of S that starts in a state satisfying P ends in some state satisfying Q. like “x := x+y. like “x < 10” or “x is even”. or boolean expressions).”.This slide shows a Hoare triple.” is executed from a state where y equals the square of x.) A Hoare triple tells you something about executions of S. then it will end in a state where.

which can be simplified as “3*y + 2 ≤ 11”.This slide shows the general form of a valid Hoare triple for an assignment statement “x := E”. “y ≤ 3”. which is “2*(y+1) + y ≤ 11”. In other words. For example. it lets us conclude that if we execute statement “x := y + 1” from a state where x is 5 and y is 1. the following is a valid Hoare triple: { y ≤ 3 } x := y + 1 { 2*x + y ≤ 11 } Among other things. which stands for the expression Q in which any mention of variable x is replaced by the expression E. The second Hoare triple on the slide shows another example: if you want to execute “x := y” and be sure that it ends in a state satisfying “x = 10”. then it will end in a state where “2*x + y ≤ 11”. that is. then “Q[E/x]” is “(2*x + y ≤ 11)[ y+1 / x ]”. then you must start the execution in a state where “y = 10”. . It says that the statement “x := E” will end in a state satisfying Q if it is started in a state satisfying “Q[E/x]”. if Q is “2*x + y ≤ 11” and E is “y+1”.

Here are two more examples of valid Hoare triples for assignments. The first says that if you want the increment-by-1 statement to end in a state where the variable is at most 10. . Without any further (thinking or) simplification. then you must start the execution in a state where the variable is strictly less than 10. and then simplifying “x+1 ≤ 10” to “x < 10”. one can figure out the most general condition on the pre-state that makes the Hoare triple valid by replacing x in the post- state condition by the right-hand side of the assignment. The second. considers the statement “x := 3*x + 2*y” and the post-state condition “x*x = 81”. which is more complicated. Again. The pre-state of this Hoare triple is obtained by replacing x by “x + 1” in the condition on the post-state. that pre-state condition is “(3*x + 2*y)*(3*x + 2*y) = 81”.

If you want to be sure that every execution of the loop statement that starts in P ends in Q. if the loop body.This slide considers another statement. More precisely. then you must find a condition J that satisfies the three provisos at the bottom. S. then it ends in a state where the loop invariant holds again. The second proviso says that taking a loop iteration must maintain the loop invariant. This proviso is analogous to the induction case of a mathematical proof by induction. The condition J is called a loop invariant. is started in a state where the loop invariant holds and the loop guard evaluates to true. It is expressed by a logical implication: P ==> J (pronounced “P implies J”). The first proviso says that the loop invariant must hold before the loop statement is executed. This proviso is analogous to the base case of a mathematical proof by induction. namely a simple while loop with a loop guard B and a loop body S. Continued… .

The first proviso is: n = 0 ==> n is even and n ≤ 100 which holds. in mathematics. This proviso is analogous. it says that if the loop invariant holds and the loop guard evaluates to false. For example. to making sure the induction hypothesis is strong enough to conclude the theorem one is trying to prove. to be “n is even and n ≤ 100”. More precisely. suppose we are trying to establishing the following Hoare triple: { n = 0 } while n < 99 do n := n + 2 { x = 100 } Let’s pick the loop invariant. continued… . because 0 is even and no greater than 100. J.The third proviso says that one must pick a loop invariant that is strong enough to conclude the desired Q after the loop terminates. then Q holds.

which gives us: (n+2) is even and n+2 ≤ 100 which simplifies to: n+2 is even and n ≤ 98 We note that the pre-state condition in the triple also simplifies to the same expression. Continued… . so the proviso holds.The second proviso is: { n is even and n ≤ 100 and n < 99 } n := n + 2 { n is even and n ≤ 100 } We check this Hoare triple by replacing n by “n+2” in the post-state condition.

if n is even. To fully reason about loops. However. one also needs to consider termination. That proves the example Hoare triple to be valid. then n can only be 100.The third proviso is: n is even and n ≤ 100 and not n < 99 ==> x = 100 If n is at most 100 but not less than 99. come back for a different episode on termination. which is what we are trying to prove. we ignore that issue. in this episode of Verification Corner. then n is either 99 or 100. Furthermore. .

- CDS_DeckUploaded byLalith Rallabhandi
- LabVIEW DAQUploaded bygilmeanualexmihai
- oops 1 2 3 unitsUploaded byChakriChandu
- LESSON 3 - Branching and LoopingUploaded byapi-3709816
- lecture02-1.6.pdfUploaded byBenjamin Leung
- Natural.pdfUploaded byRakesh Muppa
- SYLLABUS_COP2250_SEM500Uploaded bySanjay Shelar
- Using HCI Techniques to Design a More Usable Programming SystemUploaded bydarkseiryoku
- 2.1 Module 2 Basic Java Programming LanguageUploaded byazphyo
- Slide 08b - Control Structure_LoopUploaded byEffendyFooad
- Cpter-7Uploaded byavinashavi93
- Java-i Lesson3 Op Foc1Uploaded bySufyan Sahoo
- Different Flowchart DesignUploaded byOfoetan Olusola Temitayo
- RecursionUploaded byKris Bra
- 0008 - Programming Part 2Uploaded byAnimesh Ghosh
- Exit&OptionsUploaded byFenil Desai
- VHDL by PacificUploaded byArpita Bhardwaj
- Java ScriptUploaded byNaqi Naqvi
- FaqUploaded byapi-3699165
- kuracUploaded bykurac
- SAP CESUploaded bysarglady
- Latex Presentation SampleUploaded byMarco André Argenta
- 93 Overloded QsUploaded byraju
- sol8.pdfUploaded byAashish D
- 3 AlgebraUploaded byshaannivas
- [eBook]BriefUploaded byLê Anh
- Digital Signal Processing 3rd Edition by Proakis & Manolakis (Solution's Manual)Uploaded byRaxyz Reas
- Brief R TutorialUploaded byPark Sinchaisri
- Elementary Programming With C - InTLUploaded byheomasy
- Acsl BasicUploaded byavoidreading

- AC_SEDA_Max_IB_PT_DB98-33665A-06_140814-1.pdfUploaded byjbl.jbl
- Comprovante-de-Rendimentos-IRPF.pdfUploaded byjbl.jbl
- AppUploaded byjbl.jbl
- Using Excel Macros to Analyse Moodle Logs.pdfUploaded byjbl.jbl
- 15. Text-Files.pptxUploaded byjbl.jbl
- Allow Students to Review QuizzesUploaded byjbl.jbl
- worksheet functions.xlsxUploaded byjbl.jbl
- AbcdUploaded byjbl.jbl
- IOM Split Space 42XQM_256.08.731-C-07-13 (view).pdfUploaded byjbl.jbl
- ABCD.docxUploaded byjbl.jbl
- Connect 2016 - AD1100Uploaded byjbl.jbl
- Apresentacao Utility FullUploaded byjbl.jbl
- week1_quizz_feedback.pdfUploaded byjbl.jbl
- PCULog0Uploaded byjbl.jbl
- 01261076Uploaded byjbl.jbl
- READMEUploaded byjbl.jbl
- New Text DocumentUploaded byjbl.jbl
- Ibmsametime9complete Basicfeaturesinstallation Fromzerotohero Fordominoldap Version1 131109042036 Phpapp02 (1)Uploaded byjbl.jbl
- Lorem IpsumUploaded byjbl.jbl
- Lorem Ipsum Dolor Sit AmetUploaded byjbl.jbl
- 17608368-Nagios-3xUploaded byjbl.jbl
- webqualisUploaded byjbl.jbl
- Installing Lotus Domino 8.5 on CentOS 5 in Less Than Six Hours.Uploaded byjbl.jbl
- ReadmeUploaded byjbl.jbl
- Lorem ipsum dolor sit amet.docxUploaded byjbl.jbl