Programmeren en Correctheid - Arrays

IntroductionArrays

Axiomatic Semantics of ArraysExamples / Conclusion

Programmeren en CorrectheidArrays

Michiel Helvensteijn ([email protected])

LIACS, Leiden University

CWI, Amsterdam

7 Mei 2010

Programmeren en Correctheid

[email protected]

IntroductionArrays


OverviewLast TimeAnd Now

Overview

Syntax Operational Semantics Axiomatic Semantics

March 26

Syntax Rules,Operational Semantics Rules,Proof Trees

April 9

Axiomatic Semantics Rules

April 16

Weakest Preconditions,Proof Outlines

May 7

Arrays

May 21

Total Correctness Rules


IntroductionArrays



Last Time

Last time, on P&C

Definitions and rules for the weakest precondition.

Proof outlines!

Finding the loop invariant.


IntroductionArrays



Last Time

Last time, on P&C


Proof outlines!



IntroductionArrays



Last Time

Last time, on P&C


Proof outlines!



IntroductionArrays



And Now

To Do

Syntax for arrays.

Axiomatic Semantics for arrays.

Arrays in proof outlines.

Examples, examples, examples.


IntroductionArrays



And Now

To Do

Syntax for arrays.





IntroductionArrays



And Now

To Do

Syntax for arrays.





IntroductionArrays



And Now

To Do

Syntax for arrays.





IntroductionArrays


IntroductionImportant SetsSyntax ExtensionAssignments

Introduction

We’re skipping Operational Semantics for arrays!

So how do these ‘arrays’ work?

An array a stores a list of integers.

a has size |a|, which is a natural number.

a[1] is its first element. a[|a|] is its last.

In general, a[A] denotes the element in position z ifJAKIσ = z and 1 ≤ z ≤ |a|.

No associative arrays right now.

No multi-dimensional arrays either.


IntroductionArrays



Introduction










IntroductionArrays



Introduction










IntroductionArrays



Introduction










IntroductionArrays



Introduction










IntroductionArrays



Introduction










IntroductionArrays



Introduction










IntroductionArrays



Introduction










IntroductionArrays



ArraysImportant Sets

z ∈ Z {. . . ,−2,−1, 0, 1, 2, . . .} Integersb ∈ B {true, false} Truth valuesx ∈ V {x, y, z, . . .} Program variablesa {a, b, c, . . .} Array variablesv ∈ L {i , j , k , . . .} Logical variablesl {l ,m, n, . . .} Log. Array variablesA Arithmetic expressionsA Extended Arithmetic expressionsB Boolean expressionsB , φ, ψ Extended Boolean expressionsC Commands


IntroductionArrays



ArraysSyntax Extension

A ::= z | x | A +A | A *A | |a| | a[A]

B ::= true | false | A <A | B ∧B | ¬B | a = a

C ::= skip| x := A| a := a| a[A] := A| C; C| if B then C else C fi| while B do C od

no operationassignmentarray assignmentarray indexed assignmentsequential compositionconditionalwhile loop


IntroductionArrays




A ::= z | x | A +A | A *A | |a| | a[A]





IntroductionArrays




A ::= z | x | A +A | A *A | |a| | a[A]





IntroductionArrays



ArrayAssignments

a := b assigns the entire content (and size) of the array b tothe array a.

a[A] := A′ assigns the value of A′ to the position expressedby A in array a.

a[A] := A′ fails if 〈A, σ〉 → z and (z < 1 or |a| < z).

But when we’re working with partial correctness, we don’tcare. e.g. �par L true M a[|a| + 1] := 1 L true M is valid.


IntroductionArrays



ArrayAssignments






IntroductionArrays



ArrayAssignments






IntroductionArrays



ArrayAssignments






IntroductionArrays


Simple AssignmentsThe Aliasing ProblemArrays as FunctionsIndexed Assignment

Axiomatic Semantics of ArraysSimple Assignments

The rule for simple assignment of arrays is unsurprising:

Lφ[b/a] M a := b Lφ Mass


IntroductionArrays



Axiomatic Semantics of ArraysIndexed Assignments

Indexed assignments (a[A] := A′) are more problematic.

How can we substitute a[A] by A′?

Our substitution function for formulas φ[y/x ] can onlytake a variable name for x .

More importantly, a[A] may have aliases in the formula.For example, a[3], a[1 + 2] and a[5 - 2] all denote thesame location. a[x] too, depending on the state.


IntroductionArrays









IntroductionArrays









IntroductionArrays









IntroductionArrays



Axiomatic Semantics of ArraysArrays as Functions

The solution

An array a can be seen as a function a : {1, . . . , |a|} → Z.

a[A] would be the same as a(A).

a[A] := A′ would be the same as a := a[A′/A].

Substitution in functions

Recall that f [z/v1](v2) =

{z if v1 = v2f (v2) if v1 6= v2


IntroductionArrays




The solution






{z if v1 = v2f (v2) if v1 6= v2


IntroductionArrays




The solution






{z if v1 = v2f (v2) if v1 6= v2


IntroductionArrays




The solution






{z if v1 = v2f (v2) if v1 6= v2


IntroductionArrays



Axiomatic Semantics of ArraysIndexed Assignment

So for our indexed assignment rule, apply the simpleassignment rule to the ‘rewritten indexed assignment’:

Lφ[a[A′/A]/a] M a := a[A′/A] Lφ Mass

In summary: The Indexed Assignment rule

Lφ[a[A′/A]/a] M a[A] := A′ Lφ M iass

Note that φ[a[A′/A]/a] is not the weakest precondition! It isthe weakest liberal precondition. Partial correctness, for now.


IntroductionArrays










IntroductionArrays










IntroductionArrays


ExamplesConclusion

Examples

Example 1

L true M

L a[5/3][3] = 5 M implied

a[3] := 5L a[3] = 5 M

indexed assignment


IntroductionArrays


ExamplesConclusion

Examples

Example 1

L true ML a[5/3][3] = 5 M

implied

a[3] := 5L a[3] = 5 M

indexed assignment


IntroductionArrays


ExamplesConclusion

Examples

Example 1

L true ML a[5/3][3] = 5 M implieda[3] := 5L a[3] = 5 M indexed assignment


IntroductionArrays


ExamplesConclusion

Examples

Example 2

L |b| > 2 M

L b[3/1][b[3/1][1] + 1/1][1] = 4 M implied

a := b;

L a[3/1][a[3/1][1] + 1/1][1] = 4 M assignment

a[1] := 3;

L a[a[1] + 1/1][1] = 4 M indexed assignment

a[1] := a[1] + 1;

L a[1] = 4 M indexed assignment

b := a

L b[1] = 4 M

assignment


IntroductionArrays


ExamplesConclusion

Examples

Example 2

L |b| > 2 M

L b[3/1][b[3/1][1] + 1/1][1] = 4 M implied

a := b;

L a[3/1][a[3/1][1] + 1/1][1] = 4 M assignment

a[1] := 3;

L a[a[1] + 1/1][1] = 4 M indexed assignment

a[1] := a[1] + 1;L a[1] = 4 M

indexed assignment

b := a

L b[1] = 4 M

assignment


IntroductionArrays


ExamplesConclusion

Examples

Example 2

L |b| > 2 M

L b[3/1][b[3/1][1] + 1/1][1] = 4 M implied

a := b;

L a[3/1][a[3/1][1] + 1/1][1] = 4 M assignment

a[1] := 3;L a[a[1] + 1/1][1] = 4 M

indexed assignment

a[1] := a[1] + 1;L a[1] = 4 M

indexed assignment

b := a

L b[1] = 4 M

assignment


IntroductionArrays


ExamplesConclusion

Examples

Example 2

L |b| > 2 M

L b[3/1][b[3/1][1] + 1/1][1] = 4 M implied

a := b;

L a[3/1][a[3/1][1] + 1/1][1] = 4 M

assignment

a[1] := 3;L a[a[1] + 1/1][1] = 4 M

indexed assignment

a[1] := a[1] + 1;L a[1] = 4 M

indexed assignment

b := a

L b[1] = 4 M

assignment


IntroductionArrays


ExamplesConclusion

Examples

Example 2

L |b| > 2 ML b[3/1][b[3/1][1] + 1/1][1] = 4 M

implied

a := b;

L a[3/1][a[3/1][1] + 1/1][1] = 4 M

assignment

a[1] := 3;L a[a[1] + 1/1][1] = 4 M

indexed assignment

a[1] := a[1] + 1;L a[1] = 4 M

indexed assignment

b := a

L b[1] = 4 M

assignment


IntroductionArrays


ExamplesConclusion

Examples

Example 2

L |b| > 2 ML b[3/1][b[3/1][1] + 1/1][1] = 4 M implieda := b;

L a[3/1][a[3/1][1] + 1/1][1] = 4 M assignmenta[1] := 3;L a[a[1] + 1/1][1] = 4 M indexed assignmenta[1] := a[1] + 1;L a[1] = 4 M indexed assignmentb := a

L b[1] = 4 M assignment


IntroductionArrays


ExamplesConclusion

Examples

Example 3

L a[x] = x M

L a[x/a[x]][x] = x M indexed assignment

a[a[x]] := x

L a[x] = x M

assignment

a[x/a[x]][x] = x ⇔(a[x] = x ∧ x = x) ∨ (a[x] 6= x ∧ a[x] = x) ⇔

(a[x] = x ∧ x = x) ⇔a[x] = x


IntroductionArrays


ExamplesConclusion

Examples

Example 3

L a[x] = x ML a[x/a[x]][x] = x M

indexed assignment

a[a[x]] := x

L a[x] = x M

assignment


(a[x] = x ∧ x = x) ⇔a[x] = x


IntroductionArrays


ExamplesConclusion

Examples

Example 3

L a[x] = x ML a[x/a[x]][x] = x M indexed assignmenta[a[x]] := x

L a[x] = x M assignment


(a[x] = x ∧ x = x) ⇔a[x] = x


IntroductionArrays


ExamplesConclusion

Examples

Example 3



a[x/a[x]][x] = x

⇔(a[x] = x ∧ x = x) ∨ (a[x] 6= x ∧ a[x] = x) ⇔

(a[x] = x ∧ x = x) ⇔a[x] = x


IntroductionArrays


ExamplesConclusion

Examples

Example 3



a[x/a[x]][x] = x ⇔(a[x] = x ∧ x = x) ∨ (a[x] 6= x ∧ a[x] = x)

⇔(a[x] = x ∧ x = x) ⇔

a[x] = x


IntroductionArrays


ExamplesConclusion

Examples

Example 3




(a[x] = x ∧ x = x)

⇔a[x] = x


IntroductionArrays


ExamplesConclusion

Examples

Example 3




(a[x] = x ∧ x = x) ⇔a[x] = x


IntroductionArrays


ExamplesConclusion

Conclusion

Summary

We introduced simple arrays into our programminglanguage and described their meaning.

Arrays are functions! This helps us reason about them.

We came up with an axiomatic semantics rule for indexedassignment.

Likely exam assignment

You will likely be asked to prove a Hoare triple for a programthat uses arrays.


IntroductionArrays


ExamplesConclusion

Conclusion

Summary







IntroductionArrays


ExamplesConclusion

Conclusion

Summary







IntroductionArrays


ExamplesConclusion

Conclusion

Summary







Documents

Programmeren en Correctheid - Arrays