Lecture Notes on Invariants for While Loops and Arbitrary Loops
نویسندگان
چکیده
The previous lecture provided axioms for compositional reasoning about deterministic sequential programs. All the axioms compositionally reduce the truth of a postcondition of a more complex program to a logical combination of postconditions of simpler programs. All axioms? Well, all the axioms but one: those about loops. But putting loops aside for the moment, these axioms completely tell us what we need to do to understand a program. All we need to do is to identify the top-level operator of the program and apply the corresponding axiom from its left hand side to its structurally simpler right hand side, which will eventually reduce the property of a program to first-order logic with arithmetic but without programs. This process is completely systematic. So except for the (nontrivial) fact that we will have to hope that an SMT solver will be able to handle the remaining arithmetic, our “only” problem is what we could possibly to with a loop. The unwinding axioms from the previous lecture were only partially helpful, which is why this lecture investigates more comprehensive reasoning techniques for loops. We follow an entirely systematic approach [Pla17, Chapter 7] to understanding loop invariants, an induction technique for loops, which is of central significance for program verification. We will also experience our share of the important phenomenon of loop invariant search.
منابع مشابه
Lecture Notes on Loop Variants and Convergence
Since not all loops have a fixed finite number of rounds, this axiom isn’t quite sufficient. But that’s similar to the case of box modalities, where we also first understood the elementary axioms reducing programs and later went for a study of loop invariants for while loops with unbounded repetitions. Our key to understanding what to do with [while(Q)α]P formulas is to first understand inducti...
متن کاملLecture Notes on Differential Invariants & Proof Theory
Lecture 10 on Differential Equations & Differential Invariants and Lecture 11 on Differential Equations & Proofs equipped us with powerful tools for proving properties of differential equations without having to solve them. Differential invariants (DI) [Pla10a] prove properties of differential equations by induction based on the right-hand side of the differential equation, rather than its much...
متن کاملLecture Notes on Control Loops & Invariants
Lecture 5 on Dynamical Systems & Dynamic Axioms introduced rigorous reasoning for hybrid program models of cyber-physical systems, which Lecture 6 on Truth & Proof extended to a systematic and coherent reasoning approach for cyber-physical systems. Our understanding of the language exceeds our understanding of the reasoning principles, though, because we have not seen any credible ways of analy...
متن کاملLecture Notes on Programs with Arrays
The previous lecture focused on loops, starting with axioms and leading to a derived rule that allows us to simplify reasoning about loops to reasoning about the behavior of a single iteration of their bodies. We worked an example involving a program that uses loops to compute the square of a number, and found that much of the difficulty in reasoning about loops lies in finding a suitable invar...
متن کاملLecture Notes on Loop Optimizations
Optimizing loops is particularly important in compilation, since loops (and in particular the inner loops) account for much of the executions times of many programs. Since tail-recursive functions are usually also turned into loops, the importance of loop optimizations is further magnified. In this lecture we will discuss two main ones: hoisting loop-invariant computation out of a loop, and opt...
متن کامل