Questions about Hoare's logical framework for program correctness proofs and variants.
Questions tagged [hoare-logic]
82 questions
21
votes
1 answer
Difference between Dependent type , refinement type and Hoare Logic
I know little dependent type theory. From wikipedia :
A dependent type is a type whose definition depends on a value.
And from my Type theory course i recall that a dependent type is :
Family of types indexed by a type.
But i have a confusion…
Pushpa
- 943
- 6
- 12
18
votes
5 answers
Example of an algorithm that lacks a proof of correctness
We have Hoare logic. Why is it still possible that an algorithm is right but there is no proof that it's correct? Suppose the algorithm is expressed in C. Then we can argue step by step that it's doing what it's supposed to do.
So my question…
Zirui Wang
- 1,028
- 6
- 13
12
votes
2 answers
How to deal with arrays during Hoare-style correctness proofs
In the discussion around this question, Gilles mentions correctly that any correctness proof of an algorithm that uses arrays has to prove that there are no out-of-bounds array accesses; depending on the runtime model, this would cause a runtime…
Raphael
- 73,212
- 30
- 182
- 400
8
votes
1 answer
What was the major breakthrough between Hoare-Floyd logic and Scott–Strachey semantics?
I'm reading through a commentary on Milner's "The use of machines to assist in rigorous proof" by Mike Gordon. In this paper, he explains how LCF was born from the ideas of denotational semantics by Dana Scott and Strachey.
It seems to me that…
user1868607
- 2,224
- 14
- 23
7
votes
1 answer
Hoare logic - total correctness of loops
Consider a while loop of the form :
$\texttt{while (C) {S}}$
with $\texttt{C}$ the condition and $\texttt{S}$ the body of the loop.
Let $\texttt{I}$ and $\texttt{V}$ respectively be an invariant and a variant of this loop. The rule for total…
Dory
- 73
- 5
6
votes
3 answers
Intuitive explanation of Hoare assignment axiom
$\small\textit{''The obvious things are the most difficult to understand''}$
May be the question does not make sense, but let me ask it anyway.
The Hoare assignment axiom is
$$
\dfrac{}{\{Q[v \mapsto expr]\} \;\; v:=expr \;\; \{Q\}}
$$
Is there an…
Ayrat
- 1,135
- 1
- 9
- 23
6
votes
1 answer
Question about the formal proof of the inorder traversing
In Don Knuth's famous series of books, The Art of Computer Programming, section 2.3.1, he describes an algorithm to traverse binary tree in inorder, making use of an auxiliary stack:
T1 [Initialize.] Set stack $\rm A$ empty and set the link…
Yai0Phah
- 621
- 6
- 14
5
votes
1 answer
Relation between Hoare Type Theory and pointers
My understanding is that in Hoare Type Theory every imperative statement has a type of the form {Pre}res:T{Post} where T is the type of the result of the computation and Pre and Post are propositions representing respectively the pre and…
Pasqui23
- 53
- 2
5
votes
2 answers
What does it mean to "strengthen the precondition and weaken the postcondition" in Hoare logic?
Having learned a rough summary of Hoare logic (i.e. learning just the basic concept of Hoare triples and a few of the rules) I kept seeing a statement along these lines:
The rule of consquence allows us to strengthen the precondition and weaken the…
Dave
- 495
- 3
- 11
5
votes
1 answer
What is a predicate transformer?
I'm reading Programming - The derivation of algorithms, and I want to understand the purpose of a predicate transformer. This is the excerpt (p. 14-15):
A more precise way in which constructs may be introduced is as follows. For each construct $S$…
InfZero
- 183
- 8
5
votes
3 answers
Hoare triple for assignment P{x/E} x:=E {P}
I am trying to understand Hoare logic presented at Wikipedia,
Hoare logic at Wikipedia
Apparently, if I understand correctly, a Hoare triple $$\{P\}~ C ~\{Q\}$$ means
if P just before C, then Q holds immediately after C, as long as C terminates.…
zell
- 374
- 2
- 10
5
votes
2 answers
proving program equivalence
I understand that the general problem of program equivalence is undecidable, but I'm wondering what approaches exist to tackle the problem? I am familiar with Hoare-style verification, but are there any other frameworks for proving program…
user120913
- 51
- 2
5
votes
2 answers
Why is the assignment rule the way it is in Hoare Logic?
Why is the assignment rule the way it is in Hoare Logic/Axiomatic Semantics?
I can't wrap my head around why the assignment rule is backwards from what I expected.
I understand Hoare logic is use to prove formal propositions of the state of a…
Charlie Parker
- 3,130
- 22
- 39
4
votes
2 answers
The difference between a Hoare Triple/Assertion and a Typed Function
I have been trying to wrap my head around applying Hoare Logic and am running into the question of how Hoare triples are any different from (simply) a typed function.
That is, say you have a typed function $f : A \to B$. The initial state for the…
Lance Pollard
- 2,323
- 1
- 19
- 34
4
votes
1 answer
Developing invariants for comparing two strings
The following algorithm is supposed to compare two strings $S_1$ and $S_2$ ("/\" for empty string):
X = S1
Y = S2
E = true
// (1)
while X != /\ and Y != /\ and E == true
if head(X) == head(Y)
X = tail(X)
Y =…
hengxin
- 9,671
- 3
- 37
- 75