From hoare logic to matching logic reachability grigore rosu. Auxiliary variables are essential for specifying programs in hoare logic. An applied quantum hoare logic acm digital library. Program verification with hoare logic 19 using hoare logic in pale 1. Hoare logic is defined by a set of inference rules producing triples. Matching logic reachability has been recently proposed as an alter. Part i is a selfcontained introduction to the proof assistant isabelle.
Mar 23, 2018 an introduction to hoare logic presentation done at drexel university as final exam for cs550 winter 2018 quarter. Exercises of medium difficulty can give you another 20%30% and bring you in the range of a second class mark. However, program proving, certainly at present, will be difficulteven for programmers of high caliber. Tony hoare said thus the practice of proving programs would seem to lead to solution of three of the most pressing problems in software and programming, namely, reliability, documentation, and compatibility. In the logic aprhl, a parametric relational lifting. Correctness properties a total correctness property for a program c relative to speci.
A set of axioms and inference rules about asserted programs. Hoare s logic is incomplete when it does not have to be j. Proving programs correct 1765417765 analysis of software artifacts jonathan aldrich reading. But when we write a block of code, we usually have a clear idea of whats supposed to be true after it executes. In my exam preparation i stumbled across the follwoing exercise regarding pre and postconditions. Hoare logic, part ii is l dillig is l dillig, hoare logic, part ii 5 proof rule for while and loop invariants i last proof rule of hoare logic is that for while loops. Leino analysis of software artifacts spring 2006 3 testing and proofs testing observable properties verify. Hoare logic also known as floydhoare logic or hoare rules is a formal system with a set of logical rules for reasoning rigorously about the correctness of computer programs. Hoare rules that only talk about what happens when commands terminate without proving that they do are often said to describe a logic of partial correctness. Mike gordons exercise sheet also contains addi tional exercises.
It is also possible to give hoare rules for total correctness, which build in the fact that the commands terminate. The preconditionof odd is thus met, and we can therefore assume that upon return. In particular, we give a simple semantic justification of the usual procedure. Reasoning about code hoare logic, cse 331 spring 2012 5 ifelse statements so far, we have only looked at sequences of assignment statements executed one after another. A survey 435 in the example, we used this rule for ql q, but in general the above version is needed. Finds application in recent program analysis techniques like nding \path conditions in automated directed testing, and nulldeference analysis. Hoare logic i hoare logic forms the basis of all deductive veri cation techniques i named after tony hoare. Background reading on hoare logic mike gordon learning guide for the cst part ii course. Rather, logic is a nonempirical science like mathematics. Cs 6110 s11 handout b hoare logic examples 11 march 2011 1 hoare logic example as an example illustrating how we can use hoare logic to verify the correctness of a program, consider a. From an informal proof in the form of a decorated program, it is easy to read off a formal proof using the coq versions of the hoare rules. Week 7 tutorial solution hoare logic the warmup exercises determine the truth value of the following hoare triples and give your reasoning. Hoare logic originated in the 1960s, and it continues to be the subject of intensive research right up to the present day.
I am reading about hoare logic but i dont really understand the verification conditions part for proving partial correctness. We say a program is partially correct if it gives the right answer whenever it terminates. There is a lot of hidden treasure lying within university pages scattered across the internet. We begin with foylds version of the assignment axiom. Separation logic builds on early ideas of burstall, but its modern form is due to ohearn and reynolds.
It would be fascinating that some one develop it with any example, due to as my problem to solve is. Exercises for hoare logic jean pichonpharabod 20182019 this exercise sheet is based on previous exercise sheets by kasper svendsen and by mike gordon. Missing links in the proof of soundness of the hoare rules, we encountered some preliminary lemmas about substitution and went over them without proof. Describes a deductive system for proving program correctness. I understand that theyre rules such as assignment axiom, precondition strengthening, postcondition weakening etc. Proof rule for while and loop invariants hoare logic, part. We sketch a simple theory of hoare logic contracts for programs with procedures, presented in denotational semantics. Week 7 tutorial solution hoare logic the warmup exercises. However, not every correct assertion can be proved using hoare logic. But you may find the paper version more convenient or that it makes it easier to focus on the logic without the distraction of the actual spreadsheet. This library allows you to formalise the speci cations of programs of a simple programming language in the form of hoare triples. It lies at the core of a multitude of tools that are being used in academia and industry to specify and verify real software systems. It never gives a wrong answer, but it may give no answer at all. Pdf hoare logic handouts mohammad alharthy academia.
Cmsc 630 february 11, 2015 4 hoare logic and program veri. If hoare s logic, hla, is complete on a structure a, then the set pca of all asserted. Require invariants at all whileloops and procedure calls extra assertions are allowed 2. It was proposed in 1969 by the british computer scientist and logician tony hoare, and subsequently refined by hoare and other researchers.
And not like anything ive seen in the course or in the exercises so far, so i was wondering if there was a more elegant solution here. Hoare logic originates in the 1960s, and it continues to be the. Tutorials for program veri cation exercise sheet 4 exercise 1. Hoare logic an axiomatic basis for computer programming 1969, c. I but to understand proof rule for while, we rst need concept of aloop invariant i a loop invariant i has following properties. We derive a variant of quantum hoare logic qhl, called applied quantum hoare logic aqhl for short, by. These set of hoare rules represent an inductive denition for a set of partial correctness statements fpg c fqg. Reasoning about code hoare logic, cse 331 spring 2012 15 the basic idea of binary search is to maintain three regions of the array. A variety of spreadsheet based exercises and learning tools are also available to you, including. Matching logic reachability has been recently proposed as an alternative program veri. Hoare logic also known as floyd hoare logic or hoare rules is a formal system with a set of logical rules for reasoning rigorously about the correctness of computer programs. Most verification systems based on hoare logic offer some basic tracing support by emitting the current line number whenever a vc is constructed. Floyd hoare logic this class is concerned with floyd hoare logic i also known just as hoare logic hoare logic is a method of reasoning mathematically about imperative programs it is the basis of mechanized program veri.
The 2% is subdivided into 100% of which typically 40%50% are for easy exercises, which should give you enough points for a pass mark. Tadeuszsznukandaleksyschubert instituteofinformatics,universityofwarsaw ul. The logic in which annotations are written needs to be expressive enough, so that the loop invariants needed can be obtained, in theory. The reason, why the proof assistant is webbased is the fact, that it is easily accessible, easy to use and no installation is.
Using crash hoare logic for certifying the fscq file system. How can i demonstrate through hoare logic the correctness of a program that has a while cycle. Soundness follow from each of the rules or axioms of hoare logic being correct. Im having trouble proving hoare logic questions as im not sure of the process that is taken to prove them. We are interested in termination, so that means we need to. Wewillsaythatfpg c fqg isatheoreminhoarelogic,written. I a compositional proof technique for proving that programs are correct with respect to the speci cations. An exercise in denotational semantics 121 positive since it is assumed to be nonnegative in the precondition, and must be different from zero in the elsebranch, and hence n1 must be nonnegative. Pdf we present a novel hoare style logic, called reverse hoare logic, which can be used to reason about state reachability of imperative programs find, read and cite all the research you.
A short introduction to hoare logic cse, iit bombay. Matching logic has been recently proposed as an alternative program veri. Reasoning about code hoare logic, cse 331 spring 2012 3 this happens in forward reasoning because you dont know where youre trying to go what youre trying to prove. Hoare logic advances in programming languages 2010. Hoare triple with unknown variable in postcondition. It lies at the core of a huge variety of tools that are now being used to specify and verify real software systems. Introduction to hoare logic in isabelle in the following exercise, you will formally verify the correctness of some simple programs using isabelles hoare logic library. Hoare, an axiomatic basis for computer programming some presentation ideas from a lecture by k. Hoare logic i introduction to deductive program veri. It was proposed in 1969 by the british computer scientist and logician tony hoare, and subsequently refined by hoare. Chapter 7 is an introduction to the ideas of separation logic, an extension of hoare logic for specifying and verifying programs that manipulate pointers. Hoare logic has a long history, dating back to the 1960s, and it has been the subject of intensive research right up to the present day. However, one can formulate a propositional version, appropriately namedpropositionalhoare logic. We often use mathematical symbols as well as program text.
Termination is usually straightforward to show, but there are examples where it is not. The purpose of this booklet is to give you a number of exercises on propositional. The book concrete semantics introduces semantics of programming languages through the medium of a proof assistant. Hoare logic i introduction to deductive program veri cation.
However, this is not to suggest that logic is an empirical i. The examinable material in the course hoare logic consists of what is actually presented. Hoare logic and auxiliary variables thomas kleymann lfcs, division of informatics university of edinburgh october 28, 1998 abstract. I a natural way of writing down speci cations of programs. As far as i understood the question, we need to express some condition for p. Programs as state transformers hoare logic weakest preconditions conclusion hoare logic can be extended to reason about programs with arrays, pointers separation logic, function calls, etc. A primer on separation logic and automatic program.
Verify each triple separately only loopcallfree code left including check for nullpointer dereferences and other memory errors. Frans kaashoek, and nickolai zeldovich mit csail abstract fscq is the first file system with a machinecheckable proof using the coq proof assistant that its implementation meets. Correctness of hoare logic proof by induction on the derivation of. Newest hoarelogic questions computer science stack. Determine the truth value of the following hoare triples and give your reasoning. The result of this bachelors thesis is a webbased hoare logic proof assistant for teaching purposes, which supports students in becoming familiar with hoare logic proof outlines. Try to come up with a rule that is both sound and as precise as possible. Prove that the following backwards reasoning sequenced assignment rule is derivable from the normal proof rules of hoare logic. Hoare logic is a program logic that can be used to reason compositionally about the correctness of programs. Exercises a further introduction to the mathematical notation used in programming languages research.
Try to prove some of the example triples given in the slides using the hoare rules and logic. Another way of putting this is that a paper like hoare s but which covers all the constructs in a popular language would be. This list is an attempt to bring to light those awesome cs courses which make their highquality material i. Cs 6110 s11 handout b hoare logic examples 11 march 2011 1. Approximate relational hoare logic for continuous random. I hongseok yang will show how separation logic allows hoare style reasoning on heapmanipulating programs i can also be used to reason about concurrent programs sharing resources supratik chakraborty i. For the while case we also proceed by induction on the.
These paper based logic exercises for excel are also available in electronic format. This rule forces us to include assertions among the formulas of hoare s logic. Using crash hoare logic for certifying the fscq file system haogang chen, daniel ziegler, tej chajed, adam chlipala, m. The main issue here is that it is very important not to needlessly multiply all the mathematical statements you must refer to from the hoare logic.
Bombay a short introduction to hoare logic june 23, 2008 2 34. Define a command c that computes the exponentiation function expm,n and places the result in variable p. Exercise 4 structural induction we presented a proof in class. The material presented here is not a direct component of the course but is offered to. They are required to relate the value of variables in different states. Give a sound and relatively complete rule for a repeatcuntilb command which is syntactic sugar for c. Logic practice on paper using logical functions in modeling exercise 3. You need to address successfully all exercises in order to come in the range of a first class mark. Another way of putting this is that a paper like hoare s but which covers all the constructs in a popular language would be really long, redundant, and hard to get the gist of. Approximate relational hoare logic aprhl 2,16 is a probabilistic variant of the relational hoare logic 4 for formal veri. Cooks and gurevich and blasss investigations in hoare logic, like most, are carried out in a rstorder tarskian context 1,2,6. Part ii is an introduction to semantics and its applications and is based on a simple imperative programming language. However, this does not provide any information as to which other parts of the program have contributed to the vc, how it has been constructed, or what its purpose is, and is therefore insuffi.
1405 718 1461 1010 1575 875 756 462 130 597 1240 311 847 553 756 974 1144 706 753 399 86 554 1171 172 1634 1028 386 708 1590 585 1300 267 1485 363 894 1223 1044 649 626 1400 1471