4 hoare logic

Hoare logic: formal system to prove program correctness instead of testing.

Hoare Triple: ${φ} C {ψ}$ — “If precondition $φ$ holds and $C$ terminates, then postcondition $ψ$ holds”

Triple	Valid?	Why?
${⊤}$ `i+=1` ${⊤}$	✓	True always holds
${⊥}$ `i+=1` ${⊥}$	✓	Precondition never satisfied → trivially valid
${i < n}$ `i+=1` ${i \leq n}$	✓	$i < n$ then $i + 1 \leq n$ ✓
${i < n}$ `i+=1` ${i < n}$	✗	Counterexample: $i = 1, n = 2$

Assignment (read backwards): ${ψ [e / x]}$ x := e ${ψ}$

Sequence: $\frac{{ φ } C _{1} { φ ^{'} } { φ ^{'} } C _{2} { ψ }}{{ φ } C _{1} ; C _{2} { ψ }}$

While: $\frac{{ θ \land b } C _{0} { θ }}{{ θ } while b do C _{0} { θ \land \neg b }}$ — requires loop invariant $θ$

Property that holds before and after every iteration: ${θ \land b} C_{0} {θ}$

Ex: while (i<n) {i+=1} — Invariant $i \leq n$ ? Check: ${i < n \land i \leq n}$ i+=1 ${i \leq n}$ ✓

Finding good invariants is the hard part — must be strong enough for postcondition!

Sound: derivable → valid ✓
Not complete: some valid triples not derivable (undecidable)
Relatively complete (Cook ‘74): complete if invariants expressible & side conditions provable

Rule	Form
Skip	${φ}$ skip ${φ}$
Assign	${ψ [e / x]}$ x := e ${ψ}$
Seq	$\frac{{ φ } C _{1} { φ ^{'} } { φ ^{'} } C _{2} { ψ }}{{ φ } C _{1} ; C _{2} { ψ }}$
Cond	$\frac{{ φ \land b } C _{1} { ψ } { φ \land \neg b } C _{2} { ψ }}{{ φ } if b then C _{1} else C _{2} { ψ }}$
While	$\frac{{ θ \land b } C _{0} { θ }}{{ θ } while b do C _{0} { θ \land \neg b }}$
Conseq	$\frac{{ φ } C { ψ }}{{ φ ^{'} } C { ψ ^{'} }}$ if $φ^{'} \to φ$ and $ψ \to ψ^{'}$

{n ≥ 0}  f := 1; i := 1;
while i ≤ n do ⟨f = fact(i-1) ∧ 1 ≤ i ≤ n+1⟩
  { f := f·i; i := i+1 }
{f = fact(n)}

Valid: $\forall s, s^{'}$ : if $[[φ]] (s) = T$ and $(C, s) ⇝ s^{'}$ then $[[ψ]] (s^{'}) = T$
Auxiliary vars: in $φ$ / $ψ$ but not in $C$ (e.g., $x_{0}$ for initial value)
Loop unfolding: while $b$ do $C$ $\equiv$ if $b$ then $(C;$ while $b$ do $C)$ else skip

Work bottom-up from conclusion
Assignments: substitute backwards into postcondition
While: identify invariant $θ$ , show ${θ \land b} C_{0} {θ}$ , conclude ${θ}$ while ${θ \land \neg b}$
Use consequence rule to bridge logical gaps
Verify side conditions ( $φ^{'} \to φ$ , $ψ \to ψ^{'}$ )

Quartz 4