COP 4020 Lecture 6,7 Overview Semantics 1/28,30/02 Operational Semantics is to describe the meaning of a program by executing its statements on a machine or a virtual machine. In order to use these to verify program correctness, a translator and simulator are needed. We don't have either so we will spend all of our time on axiomatic semantics. The basic idea behind axiomatic semantics is given a set of statements and a desired post-condition, can we figure out a corresponding pre-condition that will guarantee the post-condition...Then we can verify that a program produces certain results under certain pre-conditions. We will learn how to come up with pre-conditions for these statements: 1) assignment 2) if-then-else 3) while Assignment ---------- Here's an example: a = b/2 - 1 {a < 10} Take the value a is assigned to in the piece of code and plug that into a in the post-condition: a < 10 b/2 - 1 < 10 b/2 < 11 b < 22 This simplified expression is your weakest precondition. Thus we have: {b < 22} a = b/2 - 1 {a < 10} This says that if b < 22 before running the given statement, then a will be less than 10 afterwards. For a sequence of statements, you use the precondition you determined for a statement to be the post-condition of the statement before it. For an if statement we have the following: if B then S1 else S2{Q} The condition P is a precondition for this statement if you can verify the following two things: 1) {B and P}S1{Q} 2) {notB and P}S2{Q} Verify these separately. If you've done that, then whatever P you have chosen is a valid precondition for the if statement. Finally we will talk about verifying a while loop of this form: while (B) do S {Q} Of the steps in the book, the most important are 3) {I and B}S{I} 4) (I and notB) -> Q The most difficult part here is picking I, the loop invariant. This is something that stays true throughout each iteration of the while loop. (Note that it does not have to be true in the middle of the loop, just at the beginning and end.) We worked on some exercises in class to help picking invariants. Once we have those, we use the other techniques to prove 3 and 4.