Predicate Transforms I

1
Predicate Transforms I
Software Testing and Verification Lecture 19

• Prepared by
• Stephen M. Thebaut, Ph.D.
• University of Florida

2
Predicate Transforms I and II

• Introduction
• Proving strong correctness
• Assignment statements
• Sequencing
• Selection statements
• ---------------------------
• Iteration

3
Introduction

• What are Predicate Transforms?
• An extension of axiomatic verification. Rules
  are provided for transforming post-conditions
  into weakest pre-conditions with respect to
  various program constructs.

4
Introduction (contd)

• What is a weakest pre-condition?
• It is the necessary pre-condition for program S
  to terminate in state Q.
• It is denoted wp(S,Q) and read, the weakest
  pre-condition of S with respect to Q.

5
Proving Strong Correctness

• To prove P S Q and to prove that P implies
  that S will terminate, show that
• P ? wp(S,Q)
• We now consider rules for computing weakest
  pre-conditions for structured programs comprised
  of assignment statements, if-then (-else)
  statements, and while loops.

6
Rule for Assignment Statements

• Rule
• wp(xE, Q(x,y,z)) ? Q(E,y,z)

7
Rule for Assignment Statements

• Rule
• wp(xE, Q(x,y,z)) ? Q(E,y,z)
• Examples
• wp(xy3, xgt0)

8
Rule for Assignment Statements

• Rule
• wp(xE, Q(x,y,z)) ? Q(E,y,z)
• Examples
• wp(xy3, xgt0)
• wp(xx1, x?n1)

9
Rule for Assignment Statements

• Rule
• wp(xE, Q(x,y,z)) ? Q(E,y,z)
• Examples
• wp(xy3, xgt0)
• wp(xx1, x?n1)
• wp(x7, x7)

10
Rule for Assignment Statements

• Rule
• wp(xE, Q(x,y,z)) ? Q(E,y,z)
• Examples (contd)
• wp(x7, x6)

11
Rule for Assignment Statements

• Rule
• wp(xE, Q(x,y,z)) ? Q(E,y,z)
• Examples (contd)
• wp(x7, x6)
• wp(x7, y7)

12
Rule for Assignment Statements

• Rule
• wp(xE, Q(x,y,z)) ? Q(E,y,z)
• Examples (contd)
• wp(x7, x6)
• wp(x7, y7)
• wp(y-x, yx)

13
Rule for Sequencing

• Rule
• wp(S1S2...Sn-1Sn, Q) ?
• wp(S1, wp(S2,...wp(Sn-1, wp(Sn, Q))))

14
Rule for Sequencing (contd)

• Example
• wp(CD1 BC?2 AB??2, A36)

15
Rule for Sequencing (contd)

• Example
• wp(CD1 BC?2 AB??2, A36)

• CD1
• BC?2
• AB??2
• A36

16
Rule for Sequencing (contd)

• Example
• wp(CD1 BC?2 AB??2, A36)

• CD1
• BC?2
• AB??2
• A36

• CD1
• BC?2
• AB??2
• A36

17
Rule for if-then-else Statement

• Rule
• wp(if b then S1 else S2, Q) ?
• (b ? wp(S1, Q)) V (b ? wp(S2, Q))

18
Rule for if-then-else Statement

• Rule
• wp(if b then S1 else S2, Q) ?
• (b ? wp(S1, Q)) V (b ? wp(S2, Q))

T
F
b
S2
S1
Q
19
Rule for if-then-else Statement

• Rule
• wp(if b then S1 else S2, Q) ?
• (b ? wp(S1, Q)) V (b ? wp(S2, Q))

T
F
b
b ? wp(S1, Q))
S2
S1
Q
20
Rule for if-then-else Statement

• Rule
• wp(if b then S1 else S2, Q) ?
• (b ? wp(S1, Q)) V (b ? wp(S2, Q))

T
F
b
b ? wp(S1, Q))
b ? wp(S2, Q))
S2
S1
Q
21
Rule for if-then-else Statement (contd)

• Example
• wp(if xlt0 then y-x else yx, yx)

22
Rule for if-then Statement

• Rule
• wp(if b then S, Q) ?
• (b ? wp(S, Q)) V (b ? Q)

23
Rule for if-then Statement

• Rule
• wp(if b then S, Q) ?
• (b ? wp(S, Q)) V (b ? Q)

T
b
F
S
Q
24
Rule for if-then Statement

• Rule
• wp(if b then S, Q) ?
• (b ? wp(S, Q)) V (b ? Q)

T
b
b ? wp(S, Q))
F
S
Q
25
Rule for if-then Statement

• Rule
• wp(if b then S, Q) ?
• (b ? wp(S, Q)) V (b ? Q)

T
b
b ? wp(S, Q))
F
S
b ? Q
Q
26
Rule for if-then Statement (contd)

• Example
• wp(if xlt0 then y-x, yx)

27
Exercise

• Prove the assertion below using the predicate
  transform based approach.
• ZB if AgtB then Z A ZMax(A,B)

28
Exercise

• Prove the assertion below using the predicate
  transform based approach.
• ZB if AgtB then Z A ZMax(A,B)

P
S
Q
29
Exercise

• Prove the assertion below using the predicate
  transform based approach.
• ZB if AgtB then Z A ZMax(A,B)
• Hint
• Compute the wp(S,Q)
• Show that P ? wp(S,Q)

P
S
Q
30
Predicate Transforms I
Software Testing and Verification Lecture 19

• Prepared by
• Stephen M. Thebaut, Ph.D.
• University of Florida