programmeren en correctheid - arrays
TRANSCRIPT
![Page 1: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/1.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
Programmeren en CorrectheidArrays
Michiel Helvensteijn ([email protected])
LIACS, Leiden University
CWI, Amsterdam
7 Mei 2010
Programmeren en Correctheid
![Page 2: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/2.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
OverviewLast TimeAnd Now
Overview
Syntax Operational Semantics Axiomatic Semantics
March 26
Syntax Rules,Operational Semantics Rules,Proof Trees
April 9
Axiomatic Semantics Rules
April 16
Weakest Preconditions,Proof Outlines
May 7
Arrays
May 21
Total Correctness Rules
Programmeren en Correctheid
![Page 3: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/3.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
OverviewLast TimeAnd Now
Last Time
Last time, on P&C
Definitions and rules for the weakest precondition.
Proof outlines!
Finding the loop invariant.
Programmeren en Correctheid
![Page 4: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/4.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
OverviewLast TimeAnd Now
Last Time
Last time, on P&C
Definitions and rules for the weakest precondition.
Proof outlines!
Finding the loop invariant.
Programmeren en Correctheid
![Page 5: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/5.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
OverviewLast TimeAnd Now
Last Time
Last time, on P&C
Definitions and rules for the weakest precondition.
Proof outlines!
Finding the loop invariant.
Programmeren en Correctheid
![Page 6: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/6.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
OverviewLast TimeAnd Now
And Now
To Do
Syntax for arrays.
Axiomatic Semantics for arrays.
Arrays in proof outlines.
Examples, examples, examples.
Programmeren en Correctheid
![Page 7: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/7.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
OverviewLast TimeAnd Now
And Now
To Do
Syntax for arrays.
Axiomatic Semantics for arrays.
Arrays in proof outlines.
Examples, examples, examples.
Programmeren en Correctheid
![Page 8: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/8.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
OverviewLast TimeAnd Now
And Now
To Do
Syntax for arrays.
Axiomatic Semantics for arrays.
Arrays in proof outlines.
Examples, examples, examples.
Programmeren en Correctheid
![Page 9: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/9.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
OverviewLast TimeAnd Now
And Now
To Do
Syntax for arrays.
Axiomatic Semantics for arrays.
Arrays in proof outlines.
Examples, examples, examples.
Programmeren en Correctheid
![Page 10: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/10.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
Introduction
We’re skipping Operational Semantics for arrays!
So how do these ‘arrays’ work?
An array a stores a list of integers.
a has size |a|, which is a natural number.
a[1] is its first element. a[|a|] is its last.
In general, a[A] denotes the element in position z ifJAKIσ = z and 1 ≤ z ≤ |a|.
No associative arrays right now.
No multi-dimensional arrays either.
Programmeren en Correctheid
![Page 11: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/11.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
Introduction
We’re skipping Operational Semantics for arrays!
So how do these ‘arrays’ work?
An array a stores a list of integers.
a has size |a|, which is a natural number.
a[1] is its first element. a[|a|] is its last.
In general, a[A] denotes the element in position z ifJAKIσ = z and 1 ≤ z ≤ |a|.
No associative arrays right now.
No multi-dimensional arrays either.
Programmeren en Correctheid
![Page 12: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/12.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
Introduction
We’re skipping Operational Semantics for arrays!
So how do these ‘arrays’ work?
An array a stores a list of integers.
a has size |a|, which is a natural number.
a[1] is its first element. a[|a|] is its last.
In general, a[A] denotes the element in position z ifJAKIσ = z and 1 ≤ z ≤ |a|.
No associative arrays right now.
No multi-dimensional arrays either.
Programmeren en Correctheid
![Page 13: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/13.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
Introduction
We’re skipping Operational Semantics for arrays!
So how do these ‘arrays’ work?
An array a stores a list of integers.
a has size |a|, which is a natural number.
a[1] is its first element. a[|a|] is its last.
In general, a[A] denotes the element in position z ifJAKIσ = z and 1 ≤ z ≤ |a|.
No associative arrays right now.
No multi-dimensional arrays either.
Programmeren en Correctheid
![Page 14: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/14.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
Introduction
We’re skipping Operational Semantics for arrays!
So how do these ‘arrays’ work?
An array a stores a list of integers.
a has size |a|, which is a natural number.
a[1] is its first element. a[|a|] is its last.
In general, a[A] denotes the element in position z ifJAKIσ = z and 1 ≤ z ≤ |a|.
No associative arrays right now.
No multi-dimensional arrays either.
Programmeren en Correctheid
![Page 15: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/15.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
Introduction
We’re skipping Operational Semantics for arrays!
So how do these ‘arrays’ work?
An array a stores a list of integers.
a has size |a|, which is a natural number.
a[1] is its first element. a[|a|] is its last.
In general, a[A] denotes the element in position z ifJAKIσ = z and 1 ≤ z ≤ |a|.
No associative arrays right now.
No multi-dimensional arrays either.
Programmeren en Correctheid
![Page 16: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/16.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
Introduction
We’re skipping Operational Semantics for arrays!
So how do these ‘arrays’ work?
An array a stores a list of integers.
a has size |a|, which is a natural number.
a[1] is its first element. a[|a|] is its last.
In general, a[A] denotes the element in position z ifJAKIσ = z and 1 ≤ z ≤ |a|.
No associative arrays right now.
No multi-dimensional arrays either.
Programmeren en Correctheid
![Page 17: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/17.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
Introduction
We’re skipping Operational Semantics for arrays!
So how do these ‘arrays’ work?
An array a stores a list of integers.
a has size |a|, which is a natural number.
a[1] is its first element. a[|a|] is its last.
In general, a[A] denotes the element in position z ifJAKIσ = z and 1 ≤ z ≤ |a|.
No associative arrays right now.
No multi-dimensional arrays either.
Programmeren en Correctheid
![Page 18: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/18.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
ArraysImportant Sets
z ∈ Z {. . . ,−2,−1, 0, 1, 2, . . .} Integersb ∈ B {true, false} Truth valuesx ∈ V {x, y, z, . . .} Program variablesa {a, b, c, . . .} Array variablesv ∈ L {i , j , k , . . .} Logical variablesl {l ,m, n, . . .} Log. Array variablesA Arithmetic expressionsA Extended Arithmetic expressionsB Boolean expressionsB , φ, ψ Extended Boolean expressionsC Commands
Programmeren en Correctheid
![Page 19: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/19.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
ArraysSyntax Extension
A ::= z | x | A +A | A *A | |a| | a[A]
B ::= true | false | A <A | B ∧B | ¬B | a = a
C ::= skip| x := A| a := a| a[A] := A| C; C| if B then C else C fi| while B do C od
no operationassignmentarray assignmentarray indexed assignmentsequential compositionconditionalwhile loop
Programmeren en Correctheid
![Page 20: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/20.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
ArraysSyntax Extension
A ::= z | x | A +A | A *A | |a| | a[A]
B ::= true | false | A <A | B ∧B | ¬B | a = a
C ::= skip| x := A| a := a| a[A] := A| C; C| if B then C else C fi| while B do C od
no operationassignmentarray assignmentarray indexed assignmentsequential compositionconditionalwhile loop
Programmeren en Correctheid
![Page 21: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/21.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
ArraysSyntax Extension
A ::= z | x | A +A | A *A | |a| | a[A]
B ::= true | false | A <A | B ∧B | ¬B | a = a
C ::= skip| x := A| a := a| a[A] := A| C; C| if B then C else C fi| while B do C od
no operationassignmentarray assignmentarray indexed assignmentsequential compositionconditionalwhile loop
Programmeren en Correctheid
![Page 22: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/22.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
ArrayAssignments
a := b assigns the entire content (and size) of the array b tothe array a.
a[A] := A′ assigns the value of A′ to the position expressedby A in array a.
a[A] := A′ fails if 〈A, σ〉 → z and (z < 1 or |a| < z).
But when we’re working with partial correctness, we don’tcare. e.g. �par L true M a[|a| + 1] := 1 L true M is valid.
Programmeren en Correctheid
![Page 23: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/23.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
ArrayAssignments
a := b assigns the entire content (and size) of the array b tothe array a.
a[A] := A′ assigns the value of A′ to the position expressedby A in array a.
a[A] := A′ fails if 〈A, σ〉 → z and (z < 1 or |a| < z).
But when we’re working with partial correctness, we don’tcare. e.g. �par L true M a[|a| + 1] := 1 L true M is valid.
Programmeren en Correctheid
![Page 24: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/24.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
ArrayAssignments
a := b assigns the entire content (and size) of the array b tothe array a.
a[A] := A′ assigns the value of A′ to the position expressedby A in array a.
a[A] := A′ fails if 〈A, σ〉 → z and (z < 1 or |a| < z).
But when we’re working with partial correctness, we don’tcare. e.g. �par L true M a[|a| + 1] := 1 L true M is valid.
Programmeren en Correctheid
![Page 25: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/25.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
IntroductionImportant SetsSyntax ExtensionAssignments
ArrayAssignments
a := b assigns the entire content (and size) of the array b tothe array a.
a[A] := A′ assigns the value of A′ to the position expressedby A in array a.
a[A] := A′ fails if 〈A, σ〉 → z and (z < 1 or |a| < z).
But when we’re working with partial correctness, we don’tcare. e.g. �par L true M a[|a| + 1] := 1 L true M is valid.
Programmeren en Correctheid
![Page 26: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/26.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
Simple AssignmentsThe Aliasing ProblemArrays as FunctionsIndexed Assignment
Axiomatic Semantics of ArraysSimple Assignments
The rule for simple assignment of arrays is unsurprising:
Lφ[b/a] M a := b Lφ Mass
Programmeren en Correctheid
![Page 27: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/27.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
Simple AssignmentsThe Aliasing ProblemArrays as FunctionsIndexed Assignment
Axiomatic Semantics of ArraysIndexed Assignments
Indexed assignments (a[A] := A′) are more problematic.
How can we substitute a[A] by A′?
Our substitution function for formulas φ[y/x ] can onlytake a variable name for x .
More importantly, a[A] may have aliases in the formula.For example, a[3], a[1 + 2] and a[5 - 2] all denote thesame location. a[x] too, depending on the state.
Programmeren en Correctheid
![Page 28: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/28.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
Simple AssignmentsThe Aliasing ProblemArrays as FunctionsIndexed Assignment
Axiomatic Semantics of ArraysIndexed Assignments
Indexed assignments (a[A] := A′) are more problematic.
How can we substitute a[A] by A′?
Our substitution function for formulas φ[y/x ] can onlytake a variable name for x .
More importantly, a[A] may have aliases in the formula.For example, a[3], a[1 + 2] and a[5 - 2] all denote thesame location. a[x] too, depending on the state.
Programmeren en Correctheid
![Page 29: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/29.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
Simple AssignmentsThe Aliasing ProblemArrays as FunctionsIndexed Assignment
Axiomatic Semantics of ArraysIndexed Assignments
Indexed assignments (a[A] := A′) are more problematic.
How can we substitute a[A] by A′?
Our substitution function for formulas φ[y/x ] can onlytake a variable name for x .
More importantly, a[A] may have aliases in the formula.For example, a[3], a[1 + 2] and a[5 - 2] all denote thesame location. a[x] too, depending on the state.
Programmeren en Correctheid
![Page 30: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/30.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
Simple AssignmentsThe Aliasing ProblemArrays as FunctionsIndexed Assignment
Axiomatic Semantics of ArraysIndexed Assignments
Indexed assignments (a[A] := A′) are more problematic.
How can we substitute a[A] by A′?
Our substitution function for formulas φ[y/x ] can onlytake a variable name for x .
More importantly, a[A] may have aliases in the formula.For example, a[3], a[1 + 2] and a[5 - 2] all denote thesame location. a[x] too, depending on the state.
Programmeren en Correctheid
![Page 31: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/31.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
Simple AssignmentsThe Aliasing ProblemArrays as FunctionsIndexed Assignment
Axiomatic Semantics of ArraysArrays as Functions
The solution
An array a can be seen as a function a : {1, . . . , |a|} → Z.
a[A] would be the same as a(A).
a[A] := A′ would be the same as a := a[A′/A].
Substitution in functions
Recall that f [z/v1](v2) =
{z if v1 = v2f (v2) if v1 6= v2
Programmeren en Correctheid
![Page 32: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/32.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
Simple AssignmentsThe Aliasing ProblemArrays as FunctionsIndexed Assignment
Axiomatic Semantics of ArraysArrays as Functions
The solution
An array a can be seen as a function a : {1, . . . , |a|} → Z.
a[A] would be the same as a(A).
a[A] := A′ would be the same as a := a[A′/A].
Substitution in functions
Recall that f [z/v1](v2) =
{z if v1 = v2f (v2) if v1 6= v2
Programmeren en Correctheid
![Page 33: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/33.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
Simple AssignmentsThe Aliasing ProblemArrays as FunctionsIndexed Assignment
Axiomatic Semantics of ArraysArrays as Functions
The solution
An array a can be seen as a function a : {1, . . . , |a|} → Z.
a[A] would be the same as a(A).
a[A] := A′ would be the same as a := a[A′/A].
Substitution in functions
Recall that f [z/v1](v2) =
{z if v1 = v2f (v2) if v1 6= v2
Programmeren en Correctheid
![Page 34: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/34.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
Simple AssignmentsThe Aliasing ProblemArrays as FunctionsIndexed Assignment
Axiomatic Semantics of ArraysArrays as Functions
The solution
An array a can be seen as a function a : {1, . . . , |a|} → Z.
a[A] would be the same as a(A).
a[A] := A′ would be the same as a := a[A′/A].
Substitution in functions
Recall that f [z/v1](v2) =
{z if v1 = v2f (v2) if v1 6= v2
Programmeren en Correctheid
![Page 35: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/35.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
Simple AssignmentsThe Aliasing ProblemArrays as FunctionsIndexed Assignment
Axiomatic Semantics of ArraysIndexed Assignment
So for our indexed assignment rule, apply the simpleassignment rule to the ‘rewritten indexed assignment’:
Lφ[a[A′/A]/a] M a := a[A′/A] Lφ Mass
In summary: The Indexed Assignment rule
Lφ[a[A′/A]/a] M a[A] := A′ Lφ M iass
Note that φ[a[A′/A]/a] is not the weakest precondition! It isthe weakest liberal precondition. Partial correctness, for now.
Programmeren en Correctheid
![Page 36: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/36.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
Simple AssignmentsThe Aliasing ProblemArrays as FunctionsIndexed Assignment
Axiomatic Semantics of ArraysIndexed Assignment
So for our indexed assignment rule, apply the simpleassignment rule to the ‘rewritten indexed assignment’:
Lφ[a[A′/A]/a] M a := a[A′/A] Lφ Mass
In summary: The Indexed Assignment rule
Lφ[a[A′/A]/a] M a[A] := A′ Lφ M iass
Note that φ[a[A′/A]/a] is not the weakest precondition! It isthe weakest liberal precondition. Partial correctness, for now.
Programmeren en Correctheid
![Page 37: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/37.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
Simple AssignmentsThe Aliasing ProblemArrays as FunctionsIndexed Assignment
Axiomatic Semantics of ArraysIndexed Assignment
So for our indexed assignment rule, apply the simpleassignment rule to the ‘rewritten indexed assignment’:
Lφ[a[A′/A]/a] M a := a[A′/A] Lφ Mass
In summary: The Indexed Assignment rule
Lφ[a[A′/A]/a] M a[A] := A′ Lφ M iass
Note that φ[a[A′/A]/a] is not the weakest precondition! It isthe weakest liberal precondition. Partial correctness, for now.
Programmeren en Correctheid
![Page 38: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/38.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 1
L true M
L a[5/3][3] = 5 M implied
a[3] := 5L a[3] = 5 M
indexed assignment
Programmeren en Correctheid
![Page 39: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/39.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 1
L true ML a[5/3][3] = 5 M
implied
a[3] := 5L a[3] = 5 M
indexed assignment
Programmeren en Correctheid
![Page 40: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/40.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 1
L true ML a[5/3][3] = 5 M implieda[3] := 5L a[3] = 5 M indexed assignment
Programmeren en Correctheid
![Page 41: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/41.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 2
L |b| > 2 M
L b[3/1][b[3/1][1] + 1/1][1] = 4 M implied
a := b;
L a[3/1][a[3/1][1] + 1/1][1] = 4 M assignment
a[1] := 3;
L a[a[1] + 1/1][1] = 4 M indexed assignment
a[1] := a[1] + 1;
L a[1] = 4 M indexed assignment
b := a
L b[1] = 4 M
assignment
Programmeren en Correctheid
![Page 42: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/42.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 2
L |b| > 2 M
L b[3/1][b[3/1][1] + 1/1][1] = 4 M implied
a := b;
L a[3/1][a[3/1][1] + 1/1][1] = 4 M assignment
a[1] := 3;
L a[a[1] + 1/1][1] = 4 M indexed assignment
a[1] := a[1] + 1;L a[1] = 4 M
indexed assignment
b := a
L b[1] = 4 M
assignment
Programmeren en Correctheid
![Page 43: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/43.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 2
L |b| > 2 M
L b[3/1][b[3/1][1] + 1/1][1] = 4 M implied
a := b;
L a[3/1][a[3/1][1] + 1/1][1] = 4 M assignment
a[1] := 3;L a[a[1] + 1/1][1] = 4 M
indexed assignment
a[1] := a[1] + 1;L a[1] = 4 M
indexed assignment
b := a
L b[1] = 4 M
assignment
Programmeren en Correctheid
![Page 44: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/44.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 2
L |b| > 2 M
L b[3/1][b[3/1][1] + 1/1][1] = 4 M implied
a := b;
L a[3/1][a[3/1][1] + 1/1][1] = 4 M
assignment
a[1] := 3;L a[a[1] + 1/1][1] = 4 M
indexed assignment
a[1] := a[1] + 1;L a[1] = 4 M
indexed assignment
b := a
L b[1] = 4 M
assignment
Programmeren en Correctheid
![Page 45: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/45.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 2
L |b| > 2 ML b[3/1][b[3/1][1] + 1/1][1] = 4 M
implied
a := b;
L a[3/1][a[3/1][1] + 1/1][1] = 4 M
assignment
a[1] := 3;L a[a[1] + 1/1][1] = 4 M
indexed assignment
a[1] := a[1] + 1;L a[1] = 4 M
indexed assignment
b := a
L b[1] = 4 M
assignment
Programmeren en Correctheid
![Page 46: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/46.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 2
L |b| > 2 ML b[3/1][b[3/1][1] + 1/1][1] = 4 M implieda := b;
L a[3/1][a[3/1][1] + 1/1][1] = 4 M assignmenta[1] := 3;L a[a[1] + 1/1][1] = 4 M indexed assignmenta[1] := a[1] + 1;L a[1] = 4 M indexed assignmentb := a
L b[1] = 4 M assignment
Programmeren en Correctheid
![Page 47: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/47.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 3
L a[x] = x M
L a[x/a[x]][x] = x M indexed assignment
a[a[x]] := x
L a[x] = x M
assignment
a[x/a[x]][x] = x ⇔(a[x] = x ∧ x = x) ∨ (a[x] 6= x ∧ a[x] = x) ⇔
(a[x] = x ∧ x = x) ⇔a[x] = x
Programmeren en Correctheid
![Page 48: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/48.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 3
L a[x] = x ML a[x/a[x]][x] = x M
indexed assignment
a[a[x]] := x
L a[x] = x M
assignment
a[x/a[x]][x] = x ⇔(a[x] = x ∧ x = x) ∨ (a[x] 6= x ∧ a[x] = x) ⇔
(a[x] = x ∧ x = x) ⇔a[x] = x
Programmeren en Correctheid
![Page 49: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/49.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 3
L a[x] = x ML a[x/a[x]][x] = x M indexed assignmenta[a[x]] := x
L a[x] = x M assignment
a[x/a[x]][x] = x ⇔(a[x] = x ∧ x = x) ∨ (a[x] 6= x ∧ a[x] = x) ⇔
(a[x] = x ∧ x = x) ⇔a[x] = x
Programmeren en Correctheid
![Page 50: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/50.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 3
L a[x] = x ML a[x/a[x]][x] = x M indexed assignmenta[a[x]] := x
L a[x] = x M assignment
a[x/a[x]][x] = x
⇔(a[x] = x ∧ x = x) ∨ (a[x] 6= x ∧ a[x] = x) ⇔
(a[x] = x ∧ x = x) ⇔a[x] = x
Programmeren en Correctheid
![Page 51: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/51.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 3
L a[x] = x ML a[x/a[x]][x] = x M indexed assignmenta[a[x]] := x
L a[x] = x M assignment
a[x/a[x]][x] = x ⇔(a[x] = x ∧ x = x) ∨ (a[x] 6= x ∧ a[x] = x)
⇔(a[x] = x ∧ x = x) ⇔
a[x] = x
Programmeren en Correctheid
![Page 52: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/52.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 3
L a[x] = x ML a[x/a[x]][x] = x M indexed assignmenta[a[x]] := x
L a[x] = x M assignment
a[x/a[x]][x] = x ⇔(a[x] = x ∧ x = x) ∨ (a[x] 6= x ∧ a[x] = x) ⇔
(a[x] = x ∧ x = x)
⇔a[x] = x
Programmeren en Correctheid
![Page 53: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/53.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Examples
Example 3
L a[x] = x ML a[x/a[x]][x] = x M indexed assignmenta[a[x]] := x
L a[x] = x M assignment
a[x/a[x]][x] = x ⇔(a[x] = x ∧ x = x) ∨ (a[x] 6= x ∧ a[x] = x) ⇔
(a[x] = x ∧ x = x) ⇔a[x] = x
Programmeren en Correctheid
![Page 54: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/54.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Conclusion
Summary
We introduced simple arrays into our programminglanguage and described their meaning.
Arrays are functions! This helps us reason about them.
We came up with an axiomatic semantics rule for indexedassignment.
Likely exam assignment
You will likely be asked to prove a Hoare triple for a programthat uses arrays.
Programmeren en Correctheid
![Page 55: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/55.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Conclusion
Summary
We introduced simple arrays into our programminglanguage and described their meaning.
Arrays are functions! This helps us reason about them.
We came up with an axiomatic semantics rule for indexedassignment.
Likely exam assignment
You will likely be asked to prove a Hoare triple for a programthat uses arrays.
Programmeren en Correctheid
![Page 56: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/56.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Conclusion
Summary
We introduced simple arrays into our programminglanguage and described their meaning.
Arrays are functions! This helps us reason about them.
We came up with an axiomatic semantics rule for indexedassignment.
Likely exam assignment
You will likely be asked to prove a Hoare triple for a programthat uses arrays.
Programmeren en Correctheid
![Page 57: Programmeren en Correctheid - Arrays](https://reader031.vdocuments.site/reader031/viewer/2022020702/61fb23872e268c58cd5a9a7b/html5/thumbnails/57.jpg)
IntroductionArrays
Axiomatic Semantics of ArraysExamples / Conclusion
ExamplesConclusion
Conclusion
Summary
We introduced simple arrays into our programminglanguage and described their meaning.
Arrays are functions! This helps us reason about them.
We came up with an axiomatic semantics rule for indexedassignment.
Likely exam assignment
You will likely be asked to prove a Hoare triple for a programthat uses arrays.
Programmeren en Correctheid