SE547: Sequential noninterference [7/23] Previous pageContentsNext page

Model of commands (c1, μ1) -> (c2, μ2):

1. If (c1, μ1) -> μ2 then (c1d, μ1) -> (d, μ2)

2. If (c1, μ1) -> (c2, μ2) then (c1d, μ1) -> (c2d, μ2)

3. If μ(e) is nonzero then (if (e) {c} else {d}, μ) -> (c, μ)

4. If μ(e) is zero then (if (e) {c} else {d}, μ) -> (d, μ)

5. What about while?

Model of commands final step (c1, μ1) -> μ2:

6. (x=e, μ) -> μ[x:=μ(e)]

7. What about while?

Example:

x:=1; while(x) { x=x-1; }

Previous pageContentsNext page