文章目录
proof system
Assignment axiom
p
r
e
→
p
o
s
t
[
e
ˉ
/
x
ˉ
]
(
p
r
e
∧
⌈
x
ˉ
′
=
e
ˉ
⌉
)
→
g
u
a
r
p
r
e
s
t
a
b
l
e
w
h
e
n
‾
r
e
l
y
p
o
s
t
s
t
a
b
l
e
w
h
e
n
‾
r
e
l
y
x
ˉ
:
=
e
ˉ
s
a
t
‾
(
p
r
e
,
r
e
l
y
,
g
u
a
r
,
p
o
s
t
)
‾
pre \to post[ \bar e/ \bar x] \\ (pre \land \lceil \bar x'= \bar e \rceil ) \to guar \\ pre \ \underline {stable \ when} \ rely \\ { post \ \underline {stable \ when} \ rely }\\ \overline{ \bar x:= \bar e \ \underline{sat} \ (pre, rely ,guar ,post)}
pre→post[eˉ/xˉ](pre∧⌈xˉ′=eˉ⌉)→guarpre stable when relypost stable when relyxˉ:=eˉ sat (pre,rely,guar,post)
w
h
e
r
e
⌈
x
ˉ
=
e
ˉ
⌉
=
d
e
f
(
x
ˉ
′
=
e
ˉ
∨
x
′
=
x
)
∧
∀
z
∈
(
y
−
x
ˉ
)
.
z
′
=
z
where \lceil \bar x = \bar e \rceil \ \overset {def}{=} (\bar x' = \bar e \lor x'=x)\land \forall z \in (y- \bar x). z' =z
where⌈xˉ=eˉ⌉ =def(xˉ′=eˉ∨x′=x)∧∀z∈(y−xˉ).z′=z
An example :
x
:
=
10
s
a
t
‾
(
t
r
u
e
,
x
>
0
→
x
ˉ
≥
x
,
t
r
u
e
,
x
≥
10
)
x:=10 \ \underline {sat} \ (true ,x>0 \to \bar x \ge x ,true ,x \ge 10)
x:=10 sat (true,x>0→xˉ≥x,true,x≥10)
证:
1
、
p
r
e
→
p
o
s
t
[
e
ˉ
/
x
ˉ
]
⊨
t
r
u
e
→
x
≥
10
[
10
/
x
ˉ
]
=
t
r
u
e
成
立
2
、
p
r
e
∧
⌈
x
ˉ
′
=
e
ˉ
⌉
)
→
g
u
a
r
⊨
t
r
u
e
∧
x
′
=
10
→
t
r
u
e
成
立
3
、
p
r
e
s
t
a
b
l
e
w
h
e
n
‾
r
e
l
y
⊨
t
r
u
e
∧
x
>
0
→
t
r
u
e
成
立
4
、
p
o
s
t
s
t
a
b
l
e
w
h
e
n
‾
r
e
l
y
⊨
x
≥
10
∧
x
>
0
→
x
′
≥
x
⇒
x
′
≥
10
成
立
x
:
=
10
s
a
t
‾
(
t
r
u
e
,
x
>
0
→
x
ˉ
≥
x
,
t
r
u
e
,
x
≥
10
)
1、pre \to post[ \bar e/ \bar x] \vDash true \to x\ge 10[10/ \bar x] =true\ 成立 \\ 2、pre \land \lceil \bar x'= \bar e \rceil ) \to guar \vDash true \land x'=10 \to true 成立 \\ 3、 pre\ \underline {stable \ when} \ rely \vDash true \land x \gt 0 \to true\ 成立 \\ 4、 post \ \underline {stable \ when} \ rely \vDash x \ge 10 \land x \gt 0 \to x' \ge x \Rightarrow x' \ge 10 成立 \\ x:=10 \ \underline {sat} \ (true ,x>0 \to \bar x \ge x ,true ,x \ge 10) \\
1、pre→post[eˉ/xˉ]⊨true→x≥10[10/xˉ]=true 成立2、pre∧⌈xˉ′=eˉ⌉)→guar⊨true∧x′=10→true成立3、pre stable when rely⊨true∧x>0→true 成立4、post stable when rely⊨x≥10∧x>0→x′≥x⇒x′≥10成立x:=10 sat (true,x>0→xˉ≥x,true,x≥10)
Await axiom
p r e s t a b l e w h e n ‾ r e l y p o s t s t a b l e w h e n ‾ r e l y P s a t ‾ ( p r e ∧ b ∧ y = v 0 , y ′ = y , t r u e , g u a r [ v 0 / y , y / y ′ ] ∧ p o s t ) ‾ a w a i t b t h e n P e n d s a t ‾ ( p r e , r e l y , g u a r , p o s t ) pre\ \underline {stable\ when} \ rely \\ post\ \underline {stable\ when }\ rely \\ \underline{ P\ \underline {sat}\ (pre \land b \land y=v_0,y' =y,true,guar [ {v_0/y,y/y'}] \land post)} \\ { await\ b\ then\ P\ end\ \underline {sat} (pre,rely,guar ,post) } pre stable when relypost stable when relyP sat (pre∧b∧y=v0,y′=y,true,guar[v0/y,y/y′]∧post)await b then P end sat(pre,rely,guar,post)
An example :
a
w
a
i
t
x
>
0
t
h
e
n
x
:
=
x
−
1
e
n
d
await \ x\gt 0\ then\ x:=x-1\ \ end
await x>0 then x:=x−1 end
satisfies
(
x
≥
0
,
x
≥
0
→
x
′
≥
0
,
x
′
≤
x
,
x
≥
0
)
(x \ge 0,x \ge0 \to x' \ge 0,x' \le x,x \ge 0)
(x≥0,x≥0→x′≥0,x′≤x,x≥0)
Consequence rule
p r e → p r e 1 , r e l y → r e l y 1 , g u a r 1 → g u a r , p o s t 1 → p o s t P s a t ( p r e 1 , r e l y 1 , g u a r 1 , p o s t 1 ) ‾ P s a t ‾ ( p r e , r e l y , g u a r , p o s t ) pre \to pre_1,rely \to rely_1, \\guar_1\to guar, post_1 \to post \\ \underline {P{sat}\ (pre_1,rely_1,guar_1,post_1) } \\P\ \underline{sat}\ (pre,rely,guar,post) pre→pre1,rely→rely1,guar1→guar,post1→postPsat (pre1,rely1,guar1,post1)P sat (pre,rely,guar,post)
An example: x : = 10 s a t ‾ ( x = − 2 , x > 0 → x ′ ≥ x , , t r u e , x ≥ 10 ∨ x = − 6 ) x:=10\ \underline{sat}\ (x=-2,x \gt 0 \to x' \ge x,,true,x \ge10 \lor x=-6) x:=10 sat (x=−2,x>0→x′≥x,,true,x≥10∨x=−6)
Sequential composition rule
P s a t ‾ ( p r e , r e l y , g u a r , m i d ) Q s a t ‾ ( m i d , r e l y , g u a r , p o s t ) P ; Q s a t ‾ ( p r e , r e l y , g u a r , p o s t ) ‾ P\ \underline {sat}\ (pre,rely,guar,mid) \\ Q\ \underline{sat}\ (mid,rely,guar,post) \\ \overline{P;Q \underline {sat}\ (pre,rely,guar,post)} P sat (pre,rely,guar,mid)Q sat (mid,rely,guar,post)P;Qsat (pre,rely,guar,post)
An example:
x
:
=
x
+
1
s
a
t
‾
(
x
≥
x
0
,
x
0
≤
x
→
x
≤
x
′
,
x
′
≥
x
,
x
≥
x
0
+
1
)
x
:
=
x
+
1
s
a
t
‾
(
x
≥
x
0
+
1
,
x
0
≤
x
→
x
≤
x
′
,
x
′
≥
x
,
x
≥
x
0
+
2
)
x
:
=
x
+
1
;
x
:
=
x
+
1
s
a
t
‾
(
x
≥
x
0
,
x
0
≤
x
→
x
≤
x
′
,
x
′
≥
x
,
x
≥
x
0
+
2
)
x:=x+1\ \underline {sat}\ (x \ge x_0,x_0 \le x \to x \le x',x' \ge x,x \ge x_0+1) \\ x:=x+1\ \underline{sat}\ (x \ge x_0+1,x_0 \le x \to x \le x' ,x' \ge x,x \ge x_0+2 ) \\ x:=x+1;x:=x+1\ \underline{sat}\ (x \ge x_0,x_0 \le x \to x \le x',x' \ge x,x \ge x_0+2)
x:=x+1 sat (x≥x0,x0≤x→x≤x′,x′≥x,x≥x0+1)x:=x+1 sat (x≥x0+1,x0≤x→x≤x′,x′≥x,x≥x0+2)x:=x+1;x:=x+1 sat (x≥x0,x0≤x→x≤x′,x′≥x,x≥x0+2)
Conditional rule
p r e s t a b l e w h e n ‾ r e l y P i s a t ‾ ( p r e ∧ b i , r e l y , g u a r , p o s t ) s k i p s a t ‾ ( p r e ∧ ¬ ( b 1 ∨ ⋯ ∨ b n ) , r e l y , g u a r , p o s t ) i f b 1 → p 1 □ … □ b n → P n f i s a t ‾ ( p r e , r e l y , g u a r , p o s t ) ‾ pre\ \underline{stable\ when }\ rely \\ P_i\ \underline{sat}\ (pre \land b_i,rely,guar,post) \\ skip\ \underline{sat}\ (pre \land \lnot(b_1 \lor \dots \lor b_n),rely ,guar,post) \\ \overline{if\ b_1 \rightarrow p_1 \square \dots \square b_n \to P_n\ fi\ \underline {sat} \ (pre ,rely,guar,post)} pre stable when relyPi sat (pre∧bi,rely,guar,post)skip sat (pre∧¬(b1∨⋯∨bn),rely,guar,post)if b1→p1□…□bn→Pn fi sat (pre,rely,guar,post)
An example: i f x < 10 → x : = 10 f i s a t ‾ ( t r u e , x ≤ x ′ , x < x ′ , x ≥ 10 ) if\ x \lt10\ \to x:=10\ fi\ \underline{sat}\ (true,x \le x',x \lt x',x \ge10) if x<10 →x:=10 fi sat (true,x≤x′,x<x′,x≥10) `
x : = 10 s a t ‾ ( x < 10 , x ≤ x ′ , x ≤ x ′ , x ≥ 10 ) a n d s k i p s a t ‾ ( x ≥ 10 , x < x ′ , x < x ′ , x ≥ 10 ) x:=10\ \underline{sat}\ (x \lt 10,x \le x',x \le x',x \ge 10) \\ and\ skip\ \underline{sat}\ (x \ge 10 ,x \lt x',x \lt x',x \ge 10) x:=10 sat (x<10,x≤x′,x≤x′,x≥10)and skip sat (x≥10,x<x′,x<x′,x≥10)
Iteration rule
p r e s t a b l e w h e n ‾ r e l y p r e ∧ ¬ b → p o s t p o s t s t a b l e w h e n ‾ r e l y P s a t ‾ ( p r e ∧ b , r e l y , g u a r , p r e ) w h i l e b d o P o d s a t ‾ ( p r e , r e l y , g u a r , p o s t ) ‾ pre\ \underline {stable \ when}\ rely \\ pre \land \lnot b \to post \\ post\ \underline{ stable \ when}\ rely \\ \bm P\ \underline{sat} \ (pre \land b ,rely ,guar,pre) \\ \overline{ \bm {while}\ b\ \bm {do}\ P\ \bm {od}\ \underline{sat}\ (pre,rely,guar,post)} pre stable when relypre∧¬b→postpost stable when relyP sat (pre∧b,rely,guar,pre)while b do P od sat (pre,rely,guar,post)
An example:
w
h
i
l
e
b
d
o
P
o
d
s
a
t
‾
(
t
r
u
e
,
x
≤
x
′
,
x
≤
x
′
,
x
>
10
)
\bm {while}\ b\ \bm{do}\ P\ \bm {od}\ \underline{sat}\ (true,x \le x' ,x \le x' ,x \gt 10)
while b do P od sat (true,x≤x′,x≤x′,x>10)
## Parallel rule
(
r
e
l
y
∨
g
u
a
r
1
)
→
r
e
l
y
2
(
r
e
l
y
∨
g
u
a
r
2
)
→
r
e
l
y
1
(
g
u
a
r
1
∨
g
u
a
r
2
)
→
g
u
a
r
p
s
a
t
‾
(
p
r
e
,
r
e
l
y
1
,
g
u
a
r
1
,
p
o
s
t
1
)
Q
s
a
t
‾
(
p
r
e
,
r
e
l
y
2
,
g
u
a
r
2
,
p
o
s
t
2
)
P
∣
∣
Q
s
a
t
‾
(
p
r
e
,
r
e
l
y
,
g
u
a
r
,
p
o
s
t
1
∧
p
o
s
t
2
)
‾
(rely \lor guar_1) \to rely_2 \\ (rely \lor guar_2) \to rely_1 \\ (guar_1 \lor guar_2) \to guar \\ \bm p\ \underline{sat}\ (pre ,rely_1,guar_1,post_1) \\ \bm Q\ \underline{sat}\ (pre ,rely_2,guar_2,post_2) \\ \overline {P || Q \ \underline {sat}\ (pre,rely ,guar ,post_1 \land post_2)}
(rely∨guar1)→rely2(rely∨guar2)→rely1(guar1∨guar2)→guarp sat (pre,rely1,guar1,post1)Q sat (pre,rely2,guar2,post2)P∣∣Q sat (pre,rely,guar,post1∧post2)
Auxiliary variable rule
∃ z . p r e 1 ( y , z , y 0 ) ∃ z ′ . r e l y 1 ( ( y , z ) . ( y ′ , z ′ ) , y 0 ) P s a t ‾ ( p r e ∧ p r e 1 , r e l y ∧ r e l y 1 , g u a r , p o s t ) ‾ Q s a t ‾ ( p r e , r e l y , g u a r , p o s t ) \exists z. pre_1(y,z,y_0) \\ \exists z'.rely_1((y,z).(y',z'),y_0) \\ \underline{\bm P\ \underline {sat}\ (pre \land pre1,rely \land rely_1,guar,post)}\\ \bm Q \underline{sat}\ (pre,rely,guar,post) ∃z.pre1(y,z,y0)∃z′.rely1((y,z).(y′,z′),y0)P sat (pre∧pre1,rely∧rely1,guar,post)Qsat (pre,rely,guar,post)
An example: x : = x + 1 ∣ ∣ x : = x + 1 x:=x+1 || x:=x+1 x:=x+1∣∣x:=x+1
2197
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
