Hoare logic

From Wikipedia, the free encyclopedia

(Redirected from Hoare triple)

The introduction to this article provides insufficient context for those unfamiliar with the subject.
Please help improve the article with a good introductory style.

Hoare logic (also known as Floyd–Hoare logic) is a formal system developed by the British computer scientist C. A. R. Hoare, and subsequently refined by Hoare and other researchers. It was published in Hoare's 1969 paper "An axiomatic basis for computer programming". The purpose of the system is to provide a set of logical rules in order to reason about the correctness of computer programs with the rigour of mathematical logic.

Hoare acknowledges earlier contributions from Robert Floyd, who had published a similar system for flowcharts.

The central feature of Hoare logic is the Hoare triple. A triple describes how the execution of a piece of code changes the state of the computation. A Hoare triple is of the form

$\{P\}\;C\;\{Q\}$

where P and Q are assertions and C is a command. P is called the precondition and Q the postcondition. Assertions are formulas in predicate logic.

Hoare logic has axioms and inference rules for all the constructs of a simple imperative programming language. In addition to the rules for the simple language in Hoare's original paper, rules for other language constructs have been developed since then by Hoare and many other researchers. There are rules for concurrency, procedures, jumps, and pointers.

1 Partial and total correctness
2 Rules
3 Examples
4 See also
5 References

Standard Hoare logic proves only partial correctness, while termination would have to be proved separately. Thus the intuitive reading of a Hoare triple is: Whenever P holds of the state before the execution of C, then Q will hold afterwards, or C does not terminate. Note that if C does not terminate, then there is no "after", so Q can be any statement at all. Indeed, one can choose Q to be false to express that C does not terminate.

Total correctness can also be proven with an extended version of the While rule.

$\frac{}{\{P\}\ \textbf{skip}\ \{P\}} \!$

The assignment axiom states that after the assignment any predicate holds for the variable that was previously true for the right-hand side of the assignment:

$\frac{}{\{P[x/E]\}\ x:=E \ \{P\} } \!$

Here $P [x / E]$ denotes the expression P in which all free occurrences of the variable x have been replaced with the expression E.

The meaning of the assignment axiom is that the truth of ${P [x / E]}$ is equivalent to the after-assignment truth of ${P}$ . Thus if ${P [x / E]}$ were true prior to the assignment, by the assignment axiom then ${P}$ will be true subsequent to that assignment. Conversely, if ${P [x / E]}$ were false prior to the assignment statement, ${P}$ must then be false following the assignment.

Examples of valid triples include:

$\{x+1 = 43\}\ y:=x + 1\ \{ y = 43 \}\!$
$\{x + 1 \leq N \}\ x := x + 1\ \{x \leq N\}\ \!$

The assignment axiom proposed by Hoare does not apply when more than one name can refer to the same stored value. For example,

$\{ y = 3\} \ x := 2\ \{y = 3 \}$

is not a true statement if x and y refer to the same variable, because no precondition can cause y to be 3 after x is set to 2.

Hoare's rule of composition applies to sequentially-executed programs S and T, where S executes prior to T and is written S;T.

$\frac {\{P\}\ S\ \{Q\}\ , \ \{Q\}\ T\ \{R\} } {\{P\}\ S;T\ \{R\}} \!$

For example, consider the following two instances of the assignment axiom:

$\{ x + 1 = 43\} \ y:=x + 1\ \{y =43 \}$

and

$\{ y = 43\} \ z:=y\ \{z =43 \}$

By the sequencing rule, one concludes:

$\{ x + 1 = 43\} \ y:=x + 1; z:= y\ \{z =43 \}$

$\frac { \{B \wedge P\}\ S\ \{Q\}\ ,\ \{\neg B \wedge P \}\ T\ \{Q\} } { \{P\}\ \textbf{if}\ B\ \textbf{then}\ S\ \textbf{else}\ T\ \textbf{endif}\ \{Q\} } \!$

$\frac { \{P \wedge B \}\ S\ \{P\} } { \{P \}\ \textbf{while}\ B\ \textbf{do}\ S\ \textbf{done}\ \{\neg B \wedge P\} } \!$

Here P is the loop invariant.

$\frac { P^\prime \rightarrow\ P\ ,\ \lbrace P \rbrace\ S\ \lbrace Q \rbrace\ ,\ Q \rightarrow\ Q^\prime } { \lbrace P^\prime\ \rbrace\ S\ \lbrace Q^\prime\rbrace } \!$

$\frac { \{P \wedge B \wedge t = z \}\ S\ \{P \wedge t < z \} \ ,\ P \rightarrow t \geq 0} { \{P \}\ \textbf{while}\ B\ \textbf{do}\ S\ \textbf{done}\ \{\neg B \wedge P\} } \!$

In this rule, in addition to maintaining the loop invariant, one also proves termination by way of a term whose value decreases during each iteration, here t. Note that t must take values from a well-founded set, so that each step of the loop is counted by decreasing members of a finite chain.

Example 1
$\{x+1 = 43\}\!$	$\ y:=x + 1\ \!$	$\{ y = 43 \}\!$	(Assignment Axiom)
			$( x + 1 = 43 \implies x = 42 )$
$\{x=42\}\!$	$\ y:=x + 1\ \!$	$\{y=43 \land x=42\}\!$	(Consequence Rule)
Example 2
$\{x + 1 \leq N \}\!$	$\ x := x + 1\ \!$	$\{x \leq N\}\ \!$	(Assignment Axiom)
			( $x < N \implies x + 1 \leq N$ for x, N with integer types.)
$\{x < N \}\!$	$\ x := x + 1\ \!$	$\{x \leq N\}\ \!$	(Consequence Rule)

C. A. R. Hoare. "An axiomatic basis for computer programming". Communications of the ACM, 12(10):576–585, October 1969. doi:10.1145/363235.363259 | Download PDF
Robert D. Tennent: "Specifying Software" (a recent textbook that includes an introduction to Hoare logic) ISBN 0-521-00401-2 [1]
Project Bali has defined Hoare logic-style rules for a subset of the Java programming language, for use with the Isabelle theorem prover
KeY-Hoare is a semi-automatic verification system built on top of the KeY theorem prover. It features a Hoare calculus for a simple while language.
j-Algo-modul Hoare calculus A visualisation of the Hoare calculus in the in the algorithm visualisation program j-Algo

Retrieved from "http://en.wikipedia.org/wiki/Hoare_logic"

Categories: Wikipedia articles needing context | Wikipedia introduction cleanup | Logic in computer science | Formal methods

Searching reference...

Reference

Sources

Hoare logic

From Wikipedia, the free encyclopedia

Contents

Top Matching Results

Sponsored Links
This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Searching reference...

Reference

Sources

Hoare logic

From Wikipedia, the free encyclopedia

Contents

Top Matching Results

Sponsored Links This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Sponsored Links
This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.