Given a state that satis es preconditions p, executing a program c and assuming it terminates results in a state that satis es postconditions q \ hoare triple. Experiences and new alternatives for teaching formal. Hoare logic i program spec deductive verier fol formula theorem prover valid t i example specs. Proving programs correct 1765417765 analysis of software artifacts jonathan aldrich reading. Correctness of hoare logic proof by induction on the derivation of. We begin with foylds version of the assignment axiom. Hoare logic we have already seen that the weakest precondition operator can be used to prove hoare triples. Also need to show that following sideconditions hold. Termination is usually straightforward to show, but there are examples where it is not.
Reasoning about code hoare logic, cse 331 spring 2012 4 guaranteed to be correct. Determine the truth value of the following hoare triples and give your reasoning. We return to the summation program from section 12. Exercise prove the validity of the following hoare triple. Itsprinciplesare,ingeneral,poorly understood, and the whole concept is believed by many to be no more than a. Some exam questions from that course might be good exercises but note that. Bombay a short introduction to hoare logic june 23, 2008 2 34. Describes a deductive system for proving program correctness. These rules turn out to be useful, as illustrated by a series of examples including grovers search algorithm and shors factorisation algorithm. Hoare logic also known as floyd hoare logic or hoare rules is a formal system with a set of logical rules for reasoning rigorously about the correctness of computer programs. Floyd hoare logic and partial correctness speci cation by charles antony \tony richard hoare with original ideas from robert floyd 1969 speci cation.
Tutorials for program veri cation exercise sheet 4 exercise 1. You are not required to use hoare logic to prove these. Exercises for hoare logic jean pichonpharabod 20182019 this exercise sheet is based on previous exercise sheets by kasper svendsen and by mike gordon. I separation logic reasoning about pointers i concurrent program logics 7197. We can do this by giving an inductive definition of valid derivations in this new logic. A handson introduction to alloy, by michael sperbergmcqueen lecture notes on first order logic exercises in lecture notes sep 15 sep 17. In this paper we revisit the original problem studied by reus and streicher, presenting new progress in three areas.
Hoare logic i introduction to deductive program veri. The examinable material in the course hoare logic consists of what is actually presented. Hoare logic an axiomatic basis for computer programming 1969, c. Formalize your definition of mirror in isabelle and give a structured isar proof that. The domaintheoretic model used by reus and streicher is rather compli.
Semantics determine the truth value of the following hoare triples and give your reasoning. If s executes from a state satisfying p, and if its execution terminates, then the resulting state satis. Program verification with hoare logic 3 hoare logic hoare, 1969. Explain what it means for a hoare triple to be valid or true, and what it means for a hoare triple to be provable. It was proposed in 1969 by the british computer scientist and logician tony hoare, and subsequently refined by hoare and other researchers. Pdf we present a novel hoare style logic, called reverse hoare logic, which can be used to reason about state reachability of imperative programs find, read and cite all the research you.
Your friend suggests the following proof rule for assignment. I but to understand proof rule for while, we rst need concept of aloop invariant i a loop invariant i has following properties. For the while case we also proceed by induction on the. Background reading on hoare logic mike gordon learning guide for the cst part ii course. Exercises a further introduction to the mathematical notation used in programming languages research.
Programs as state transformers hoare logic weakest preconditions relative completeness of hoare rules does fagpfbgmean there exists a proof tree for the same. Hoare logic for higher order store with simple foundations. Hoares logic is a formalism allowing us to reason about program correctness. Floyd hoare logic this class is concerned with floyd hoare logic i also known just as hoare logic hoare logic is a method of reasoning mathematically about imperative programs it is the basis of mechanized program veri.
An introduction to relational program verification the imdea. Introduction the equivalence problem for pushdown automata pdas is a standard undecidable problem. Hoare logic a hoare tripleis two assertions and one piece of code. Probabilistic relational hoare logics for computeraided.
We are interested in termination, so that means we need to. Computer programming is an exact science in that all the properties of a program and all the consequences of executing it in any given en. In fact, it is 0 1complete and therefore not even recursively enumerable. Introduction to deductive program verification hoare logic i hoare. We will instead use the loop invariant as an approximate. Since hoare logic is relatively complete 5, any semantically valid program property expressed as a hoare triple can also be derived using the hoare logic proof system provided an oracle that knows all the properties of the state model is available. Hoare triples to formalize all this talk about assertions, we introduce something called a hoare triple, named for tony hoare. We give a proof system for the logic and use this to give simple formal proofs for a number of illustrative examples. Hoare logic has a long history, dating back to the 1960s, and it has been the subject of intensive research right up to the present day.
It was developed during the late sixties and allows to formulate properties for the partial correctness of while programs. Hoare logic i introduction to deductive program veri cation. Much of the rest of the course and majority of research in verification deals with how to handle the verification problem for loopslooplike constructs. A hoare triple, written p s q, consists of a precondition p, a statement s, and a postcondition q.
A rough guide to hoare logic hoare logic will allow us to make claims such as. We give a more powerful logic and a simpler semantic model. Hoare logic, part ii is l dillig is l dillig, hoare logic, part ii 5 proof rule for while and loop invariants i last proof rule of hoare logic is that for while loops. We say a program is partially correct if it gives the right answer whenever it terminates. Hoare logic testing, quality assurance, and maintenance winter 2018 prof. Tutorials for program veri cation exercise sheet 4. Tony hoare the inventor of this weeks logic is also famous for inventing the quicksort algorithm in 1960 when he was just 26. Critical pairs past exam question find a nontrivial critical pair of the following pair of rewrite rules, where x. Stated differently, we want the weakest precondition. Hoare logic the warmup exercises determine the truth value of the following hoare triples and give your reasoning. Only questions marked as ma miniassignment via wattle at the end of this tutorial, you will be able to prove that an imperative program is partially and totally correct using hoare logic.
Hoare, an axiomatic basis for computer programming some presentation ideas from a lecture by k. Exercise 5 p c t is true when c is guaranteed to halt when starting in a state satisfying p. In a valid hoare triple, if s is executed in a state. A hoare triple is of the form fpgs fqg, where p is the precondition, qis the 1. Quantum hoare logic with classical variables arxiv. Part i is a selfcontained introduction to the proof assistant isabelle. If s executes from a state satisfying p, then its execution terminates and the resulting state satis. It never gives a wrong answer, but it may give no answer at all. Con uence past exam question consider the following set of rewrite rules, where x.
Simpler examples of such assertion languages were provided in bt82a. Proof rule for while and loop invariants hoare logic, part. Part ii is an introduction to semantics and its applications and is based on a simple imperative programming language. We usually want to use the precondition that guarantees correctness for the broadest set of inputs. Well develop a reasoning system called floyd hoare logic often shortened to just hoare logic, in which each of the syntactic constructs of imp is equipped with a single, generic proof rule that can be used to reason about programs involving this construct. Probabilistic relational hoare logic prhl considers similar judgments c1. Rewrite rules, reasoning about hoare logic, induction. Programs as state transformers hoare logic weakest preconditions hoare logic a way of asserting properties of programs. This system consists of the group of axioms and rules 16. At the end of this tutorial, you will be able to prove that an loopless imperative program is partially correct using hoare logic. Hoare 1969, we now introduce a proof system, called pw, allowing us to prove partial correctness of while programs in a syntaxdirected manner, by induction on the program syntax.
Exercise 4 structural induction we presented a proof in class that hoare logic is complete under certain assumptions. Exercise prove using hoare logic fx 1 x n a 1gp fa n. In particular, reasoning about recursion through the store is supported. Sometimes the preconditions and postconditions we get from the hoare rules wont quite be the ones we want in the particular situation at hand they may be logically equivalent but have a different syntactic form that fails to unify with the goal we are trying to prove, or they actually may be logically weaker for preconditions or stronger for postconditions than what we need. The total correctness meaning of a triple fpgs fqgis that if we start in a state. Ps q pthe precondition sthe code qthe postcondition a hoare triple ps qis called validif.
The book concrete semantics introduces semantics of programming languages through the medium of a proof assistant. Hoare logic is a formal system with a set of logical rules for reasoning rigorously about the correctness of computer programs. I hongseok yang will show how separation logic allows hoare style reasoning on heapmanipulating programs i can also be used to reason about concurrent programs sharing resources supratik chakraborty i. Week 7 tutorial solution hoare logic the warmup exercises. Hoare logic since finding the exact or for whileloops is difficult, we will use an overapproximation in the form of an inductive invariant which preserves soundness.
Hoare triples as assertions of partial correctness. Chapter 7 is an introduction to the ideas of separation logic, an extension of hoare logic for specifying and verifying programs that manipulate pointers. In hoare logic, we specify partial correctness of programs using hoare. Hoare logic uses hoare triples to reason about program correctness. Leino analysis of software artifacts spring 2006 3 testing and proofs testing observable properties verify. A set of axioms and inference rules about asserted programs. These properties can then be veri ed using the hoare. Introduction to hoare logic in isabelle in the following exercise, you will formally verify the correctness of some simple programs using isabelles hoare logic library. Exercise show that a triple is provable in this system iff it is provable in the original system of hoare logic.
Hoare logic i hoare logic forms the basis of all deductive veri cation techniques i named after tony hoare. Proof rule for while and loop invariants hoare logic, part ii. This time we prove it correct by means of hoare logic rather than operational semantics. Separation logic builds on early ideas of burstall, but its modern form is due to ohearn and reynolds. W e then present a new v ariation of hoare logic for stream circuits, obtained through our abstraction. Floyd hoare logic a way of asserting properties of programs. Cook, 1978 expressive enough is for example peano arithmetic nonlinear integer arithmetic. Hoare logic for mutual recursion and local variables.
599 325 1585 115 353 952 419 214 1011 31 581 1136 47 227 1116 837 1556 554 775 1621 1420 1177 14 1330