hoare logic
play

Hoare Logic Andreas Podelski November 8, 2011 Hoare logic - PowerPoint PPT Presentation

May 29, 2023 •31 likes •401 views

Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969 builds on first-order logic Hoare logic introduced by Hoare in 1969 builds on first-order logic correctness specification = pre- and

  1. Hoare Logic Andreas Podelski November 8, 2011

  2. Hoare logic ◮ introduced by Hoare in 1969 builds on first-order logic

  3. Hoare logic ◮ introduced by Hoare in 1969 builds on first-order logic ◮ correctness specification = pre- and postcondition pair

  4. Hoare logic ◮ introduced by Hoare in 1969 builds on first-order logic ◮ correctness specification = pre- and postcondition pair ◮ standard presentation of Hoare logic: proof uses invariant for every loop in program

  5. Hoare logic ◮ introduced by Hoare in 1969 builds on first-order logic ◮ correctness specification = pre- and postcondition pair ◮ standard presentation of Hoare logic: proof uses invariant for every loop in program ◮ here: invariants are given as part of correctness specification

  6. Hoare logic ◮ introduced by Hoare in 1969 builds on first-order logic ◮ correctness specification = pre- and postcondition pair ◮ standard presentation of Hoare logic: proof uses invariant for every loop in program ◮ here: invariants are given as part of correctness specification ◮ correctness proof possible only if invariants are adequate for pre- and postcondition pair

  7. Programs ◮ (program) expression e ::= x | f ( e 1 , . . . , e n ) where f maps into domain of values

  8. Programs ◮ (program) expression e ::= x | f ( e 1 , . . . , e n ) where f maps into domain of values ◮ Boolean expression b ::= x | f ( e 1 , . . . , e n ) where f maps into Boolean domain

  9. Programs ◮ (program) expression e ::= x | f ( e 1 , . . . , e n ) where f maps into domain of values ◮ Boolean expression b ::= x | f ( e 1 , . . . , e n ) where f maps into Boolean domain ◮ command C ::= skip | x : = e | C 1 ; C 2 | if b then C 1 else C 2 | while b do C

  10. Semantics of Expression e ◮ state s = function from program variables to value, s : Var → Val

  11. Semantics of Expression e ◮ state s = function from program variables to value, s : Var → Val ◮ program expression e in state s evaluates to value [ | e | ]( s ) ∈ Val

  12. Semantics of Expression e ◮ state s = function from program variables to value, s : Var → Val ◮ program expression e in state s evaluates to value [ | e | ]( s ) ∈ Val ◮ semantics of program expressions e = function from set of states to set of values [ | e | ] : States → Val

  13. Semantics of Expression e ◮ state s = function from program variables to value, s : Var → Val ◮ program expression e in state s evaluates to value [ | e | ]( s ) ∈ Val ◮ semantics of program expressions e = function from set of states to set of values [ | e | ] : States → Val ◮ interpretation of function symbol f in expression f ( e 1 , . . . , e n ) depends on logical first-order model (“+” interpreted over model of unbounded integers or in model for modulo arithmetic?)

  14. Semantics of Boolean Expression b ◮ state s = function from program variables to values, s : Var → Val

  15. Semantics of Boolean Expression b ◮ state s = function from program variables to values, s : Var → Val ◮ Boolean expression b in state s evaluates to Boolean truth value [ | b | ]( s ) ∈ { T , F }

  16. Semantics of Boolean Expression b ◮ state s = function from program variables to values, s : Var → Val ◮ Boolean expression b in state s evaluates to Boolean truth value [ | b | ]( s ) ∈ { T , F } ◮ semantics of Boolean expression b = function from set of states to set of Boolean truth values [ | b | ] : States → { T , F }

  17. Semantics of Boolean Expression b ◮ state s = function from program variables to values, s : Var → Val ◮ Boolean expression b in state s evaluates to Boolean truth value [ | b | ]( s ) ∈ { T , F } ◮ semantics of Boolean expression b = function from set of states to set of Boolean truth values [ | b | ] : States → { T , F } ◮ evaluation of Boolean expression b depends on logical first-order model (“ x ≤ x + 1” true in model of unbounded integers but false in model for modulo arithmetic)

  18. Semantics of Commands C (1) ◮ semantics of command C = functions from set of states to set of states s �→ s ′ [ | C | ] : States → States ,

  19. Semantics of Commands C (1) ◮ semantics of command C = functions from set of states to set of states s �→ s ′ [ | C | ] : States → States , ◮ execution of command C starting in state s ends in state s ′ ( C , s ) � s ′

  20. Semantics of Commands C (1) ◮ semantics of command C = functions from set of states to set of states s �→ s ′ [ | C | ] : States → States , ◮ execution of command C starting in state s ends in state s ′ ( C , s ) � s ′ ◮ execution of update statement = update of function s : Var → Val = e , s ) � s ′ where s ′ ( x ) = [ ( x : | e | ]( s ) and s ′ ( y ) = s ( y ) for x �≡ y

  21. Semantics of Commands C (1) ◮ semantics of command C = functions from set of states to set of states s �→ s ′ [ | C | ] : States → States , ◮ execution of command C starting in state s ends in state s ′ ( C , s ) � s ′ ◮ execution of update statement = update of function s : Var → Val = e , s ) � s ′ where s ′ ( x ) = [ ( x : | e | ]( s ) and s ′ ( y ) = s ( y ) for x �≡ y ◮ execution of update depends on logical first-order model

  22. Semantics of Commands C (2) ◮ execution of sequence of commands C ≡ C 1 ; C 2 = execution of first command C 1 followed by execution of second command C 2 ( C , s ) � s ′′ if ( C 1 , s ) � s ′ and ( C 2 , s ′ ) � s ′′

  23. Semantics of Commands C (2) ◮ execution of sequence of commands C ≡ C 1 ; C 2 = execution of first command C 1 followed by execution of second command C 2 ( C , s ) � s ′′ if ( C 1 , s ) � s ′ and ( C 2 , s ′ ) � s ′′ ◮ execution of command skip does not change state ( skip , s ) � s (“empty sequence of commands”)

  24. Semantics of Commands C (3) ◮ execution of conditional command C ≡ if b then C 1 else C 2 = execution of then-command C 1 if expression b evaluates to true ( C , s ) � s ′ if [ | b | ]( s ) = T and ( C 1 , s ) � s ′

  25. Semantics of Commands C (3) ◮ execution of conditional command C ≡ if b then C 1 else C 2 = execution of then-command C 1 if expression b evaluates to true ( C , s ) � s ′ if [ | b | ]( s ) = T and ( C 1 , s ) � s ′ ◮ execution of conditional command C ≡ if b then C 1 else C 2 = execution of then-command C 2 if expression b evaluates to false ( C , s ) � s ′ if [ ]( s ) = F and ( C 2 , s ) � s ′ | b |

  26. Semantics of Commands C (3) ◮ execution of conditional command C ≡ if b then C 1 else C 2 = execution of then-command C 1 if expression b evaluates to true ( C , s ) � s ′ if [ | b | ]( s ) = T and ( C 1 , s ) � s ′ ◮ execution of conditional command C ≡ if b then C 1 else C 2 = execution of then-command C 2 if expression b evaluates to false ( C , s ) � s ′ if [ ]( s ) = F and ( C 2 , s ) � s ′ | b | ◮ execution of conditional depends on logical first-order model

  27. Semantics of Commands C (4) ◮ execution of while command C ≡ while b do C 0 = execution of body C 0 followed by execution of while command C if expression b evaluates to true ( C , s ) � s ′′ if [ ]( s ) = T and ( C 0 , s ) � s ′ and ( C , s ′ ) � s ′′ | b |

  28. Semantics of Commands C (4) ◮ execution of while command C ≡ while b do C 0 = execution of body C 0 followed by execution of while command C if expression b evaluates to true ( C , s ) � s ′′ if [ ]( s ) = T and ( C 0 , s ) � s ′ and ( C , s ′ ) � s ′′ | b | ◮ execution of while command C ≡ while b do C 0 = execution of skip if expression b evaluates to false ( C , s ) � s if [ | b | ]( s ) = F

  29. Semantics of Commands C (4) ◮ execution of while command C ≡ while b do C 0 = execution of body C 0 followed by execution of while command C if expression b evaluates to true ( C , s ) � s ′′ if [ ]( s ) = T and ( C 0 , s ) � s ′ and ( C , s ′ ) � s ′′ | b | ◮ execution of while command C ≡ while b do C 0 = execution of skip if expression b evaluates to false ( C , s ) � s if [ | b | ]( s ) = F ◮ execution of while loop depends on logical first-order model

  30. Hoare Triple { φ } C { ψ } ◮ { φ } C { ψ } valid in given logical first-order model if

  31. Hoare Triple { φ } C { ψ } ◮ { φ } C { ψ } valid in given logical first-order model if for all states s if [ | φ | ]( s ) = T and

  32. Hoare Triple { φ } C { ψ } ◮ { φ } C { ψ } valid in given logical first-order model if for all states s if [ | φ | ]( s ) = T and if ( C , s ) � s ′ then

  33. Hoare Triple { φ } C { ψ } ◮ { φ } C { ψ } valid in given logical first-order model if for all states s if [ | φ | ]( s ) = T and if ( C , s ) � s ′ then [ | ψ | ]( s ′ ) = T ◮ { φ } C { ψ } valid if valid in every logical first-order model ◮ Γ | = { φ } C { ψ } if { φ } C { ψ } valid in every logical first-order model of set of assertions Γ

  34. Variables in Hoare Triple { φ } C { ψ } ◮ program variables: occur in commands in program C

  35. Variables in Hoare Triple { φ } C { ψ } ◮ program variables: occur in commands in program C may occur ( free ) in φ and ψ ◮ auxiliary variables: occur ( free ) in φ and/or ψ but do not occur in commands in program C

Recommend

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge CST Part II 2017/18 Introduction Last time, we saw that that proofs in Hoare logic can involve large amounts of very error-prone bookkeeping

690 views • 48 slides
Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge

Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge

Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Semantics of Hoare Logic

663 views • 10 slides
Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we

Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we

Recap Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we specified and verified some example programs using the syntactic rules of Hoare logic that we introduced in the first lecture. Jean

477 views • 13 slides
Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it

Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it

Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it reduces a program and its specification to a set of verifications conditions. Slides by Wishnu Prasetya URL : www.cs.uu.nl/~wishnu Course URL :

1.4k views • 124 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification Invented: Quicksort, the null reference (called it his billion dollar mistake) CSP (formal specification language), and Hoare Logic 2 Summary L

2k views • 158 slides
COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification Invented: Quicksort, the null reference (called it his billion dollar mistake) CSP (formal specification language), and Hoare Logic 2 Summary L

770 views • 59 slides
Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre

Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre

Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre ==> post] Probabilistic Hoare Logic [ c : = ] = (see Lecture 6): bd_hoare [ c : pre ==> post ] = r Probabilistic Relational Hoare

377 views • 23 slides
Hoare Logic Jari Stenman February 10, 2012 Jari Stenman () Hoare Logic February 10, 2012 1 /

Hoare Logic Jari Stenman February 10, 2012 Jari Stenman () Hoare Logic February 10, 2012 1 /

Hoare Logic Jari Stenman February 10, 2012 Jari Stenman () Hoare Logic February 10, 2012 1 / 25 Outline Background 1 Axioms and Rules 2 A note on Weakest Preconditions 3 Jari Stenman () Hoare Logic February 10, 2012 2 / 25 Outline

463 views • 25 slides
Hoare Logic Part II Decorations and Hoare as Logic Thomas Churchman Radboud University Nijmegen

Hoare Logic Part II Decorations and Hoare as Logic Thomas Churchman Radboud University Nijmegen

Recap Decoration Preliminaries Radboud University Nijmegen Decorations Hoare as Logic Hoare Logic Part II Decorations and Hoare as Logic Thomas Churchman Radboud University Nijmegen Type Theory and Coq - 2016 Thomas Churchman Type Theory

289 views • 18 slides
Logic for Computer Science 15 Hoare logic Wouter Swierstra University of Utrecht 1 Last

Logic for Computer Science 15 Hoare logic Wouter Swierstra University of Utrecht 1 Last

Logic for Computer Science 15 Hoare logic Wouter Swierstra University of Utrecht 1 Last time Natural deduction 2 This lecture Semantics of computer programs A logic for reasoning about them 3 Syntax of programming language The BNF

796 views • 78 slides
locales C ONTENT I SAR I S B ASED O N C ONTEXTS Intro & motivation, getting started with

locales C ONTENT I SAR I S B ASED O N C ONTEXTS Intro & motivation, getting started with

L AST T IME Syntax and semantics of IMP Hoare logic rules Soundness of Hoare logic NICTA Advanced Course Verification conditions Slide 1 Theorem Proving Slide 3 Principles, Techniques, Applications Example program proofs

322 views • 8 slides
Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

CS6202: Advanced Topics in Programming Hoare Logic Hoare Logic Languages and Systems Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview Notation : {P} code {Q} Assertion Logic {P}

557 views • 19 slides
Hoare Logic for Multiprocessing (Work in progress) Daniel Pellarini joint work with Marina

Hoare Logic for Multiprocessing (Work in progress) Daniel Pellarini joint work with Marina

Varese, September 19-21 2012 Hoare Logic for Multiprocessing (Work in progress) Daniel Pellarini joint work with Marina Lenisa Universit degli studi di Udine, Italy Daniel Pellarini and Marina Lenisa Hoare Logic for Multiprocessing Hoare

507 views • 23 slides
Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic

Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic

Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge Academic year

1.15k views • 48 slides
Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan

Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan

Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich Reading: C.A.R. Hoare, An Axiomatic Basis for Computer Programming Some presentation ideas from a lecture by K. Rustan M. Leino Testing and

392 views • 23 slides
Matching Logic An Alternative to Hoare/Floyd Logic Grigore Rosu University of Illinois at

Matching Logic An Alternative to Hoare/Floyd Logic Grigore Rosu University of Illinois at

Matching Logic An Alternative to Hoare/Floyd Logic Grigore Rosu University of Illinois at Urbana-Champaign (UIUC) Joint work with Chucky Ellison (UIUC) Wolfram Schulte (Microsoft Research) How It Started NASA project runtime verification

568 views • 28 slides
Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of

Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of

Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of Cambridge CST Part II 2017/18 Introduction In the previous lectures, we have considered a language, WHILE , where mutability only concerned program

734 views • 57 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Hoare Logic Deepak DSouza, K. V. Raghavan Department of Computer Science and Automation

Hoare Logic Deepak DSouza, K. V. Raghavan Department of Computer Science and Automation

Programs as state transformers Hoare logic Weakest Preconditions Hoare Logic Deepak DSouza, K. V. Raghavan Department of Computer Science and Automation Indian Institute of Science, Bangalore. April 2012 Programs as state transformers

378 views • 26 slides
Software verification using Hoare logic in Isabelle Petros Papapanagiotou pe.p@ed.ac.uk 7

Software verification using Hoare logic in Isabelle Petros Papapanagiotou pe.p@ed.ac.uk 7

Automated R Reasoni ning ng Coursework Assignm nment nt 1 1 Software verification using Hoare logic in Isabelle Petros Papapanagiotou pe.p@ed.ac.uk 7 October 2013 Breakdown Part 1 : Natural Deduction (40 marks) 14 lemmas to

389 views • 22 slides
Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic

Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic

Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group, University of Cambridge Academic year

972 views • 41 slides
Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that

Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that

Introduction Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that Separation Logic is based on. This lecture will Kasper Svendsen University of Cambridge introduce a formal proof system for Separation

740 views • 10 slides
Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of

Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of

Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of compiling one into the other? Both have very different models of time How do they compare? We have seen two widely used temporal logics Relative

510 views • 10 slides

More recommend