Hoare Logic { sample proofs September 25, 2006 Swap Program
Swap Program
Hoare Logic { sample proofs
September 25, 2006
Hoare Logic { sample proofs
Swap Program
Hoare Triple
^
s x =a s y =b
((x := s :s x + s y );
((y := s :s x
s y );
(x := s :s x
s y )))
2. s x = b s y = a
1.
P1.
^
pre
code
goal
Hoare Logic { sample proofs
Swap Program
Semi
^
s x =a s y =b
((x := s :s x + s y );
((y := s :s x
s y );
(x := s :s x
s y )))
2. s x = a s y = b
P2. (x := s :s x + s y )
3. s x = a + b s y = b
4. s x = a + b s y = b
P3. ((y := s :s x
s y );
(x := s :s x
s y ))
5. s x = b s y = a
6. s x = b s y = a
1.
P1.
^
^
^
^
^
Mid:
s x =a+b
pre
code
pre
code
goal
mid
code
goal
semi P1 (2, 4) (5, 6)
^ s y = b.
Hoare Logic { sample proofs
Swap Program
Assign
^
s x =a s y =b
((x := s :s x + s y );
((y := s :s x
s y );
(x := s :s x
s y )))
2. s x = a s y = b
3. (s :s x = a + b s y = b )(s [x
P2. (x := s :s x + s y )
4. s x = a + b s y = b
5. s x = a + b s y = b
P3. ((y := s :s x
s y );
(x := s :s x
s y ))
6. s x = b s y = a
7. s x = b s y = a
1.
P1.
^
^
^
^
^
^
pre
code
pre
7! s x + s y ]) goal
code
assg 3
mid
code
goal
semi P1 (2, 4) (5, 6)
Hoare Logic { sample proofs
Swap Program
Assign
^
s x =a s y =b
((x := s :s x + s y );
((y := s :s x
s y );
(x := s :s x
s y )))
2. s x = a s y = b
3. (s :s x = a + b s y = b )(s [x
P2. (x := s :s x + s y )
4. s x = a + b s y = b
5. s x = a + b s y = b
P3. ((y := s :s x
s y );
(x := s :s x
s y ))
6. s x = b s y = a
7. s x = b s y = a
1.
P1.
^
^
^
^
^
^
pre
code
7! s x + s y ])
pre
simp 2
code
assg P2 3
mid
code
goal
semi P1 (2, 4) (5, 6)
Hoare Logic { sample proofs
Swap Program
Semi
^
s x =a s y =b
((x := s :s x + s y );
((y := s :s x
s y );
(x := s :s x
s y )))
2. s x = a s y = b
3. (s :s x = a + b s y = b )(s [x
P2. (x := s :s x + s y )
4. s x = a + b s y = b
5. s x = a + b s y = b
P3. ((y := s :s x
s y );
(x := s :s x
s y ))
6. s x = a + b s y = b
pre
P4. (y := s :s x
s y)
code
7. s x = a + b s y = a goal
8. s x = a + b s y = a mid
P5. (x := s :s x
s y)
code
9. s x = b s y = a
goal
10. s x = b s y = a
11. s x = b s y = a
1.
P1.
^
^
^
^
pre
code
7! s x + s y ])
pre
simp 2
code
assg P2 3
mid
code
^
^
^
^
^
^
Mid:
s x =a+b
semi P3 (6, 7) (8,9)
semi P1 (2, 4) (5, 10)
^ s y = a.
Hoare Logic { sample proofs
Swap Program
Assign
^
s x =a s y =b
((x := s :s x + s y );
((y := s :s x
s y );
(x := s :s x
s y )))
2. s x = a s y = b
3. (s :s x = a + b s y = b )(s [x
P2. (x := s :s x + s y )
4. s x = a + b s y = b
5. s x = a + b s y = b
P3. ((y := s :s x
s y );
(x := s :s x
s y ))
6. s x = a + b s y = b
7. (s :s x = a + b s y = a)(s [y
P4. (y := s :s x
s y)
8. s x = a + b s y = a
9. s x = a + b s y = a
P5. (x := s :s x
s y)
10. s x = b s y = a
11. s x = b s y = a
12. s x = b s y = a
1.
P1.
^
^
pre
code
pre
7! s x + s y ])
simp 2
code
^
^
^
^
^
^
^
^
^
assg P2 3
mid
code
7! s x
s y ])
pre
goal
code
assg P4 7
mid
code
goal
semi P3 (6, 8) (9,10)
semi P1 (2, 4) (5, 11)
Hoare Logic { sample proofs
Swap Program
Assign
^
s x =a s y =b
((x := s :s x + s y );
((y := s :s x
s y );
(x := s :s x
s y )))
2. s x = a s y = b
3. (s :s x = a + b s y = b )(s [x
P2. (x := s :s x + s y )
4. s x = a + b s y = b
5. s x = a + b s y = b
P3. ((y := s :s x
s y );
(x := s :s x
s y ))
6. s x = a + b s y = b
7. (s :s x = a + b s y = a)(s [y
P4. (y := s :s x
s y)
8. s x = a + b s y = a
9. s x = a + b s y = a
P5. (x := s :s x
s y)
10. s x = b s y = a
11. s x = b s y = a
12. s x = b s y = a
1.
P1.
^
^
pre
code
pre
7! s x + s y ])
simp 2
code
^
^
^
^
^
^
^
^
^
assg P2 3
mid
code
7! s x
s y ])
pre
simp 6
code
assg P4 7
mid
code
goal
semi P3 (6, 8) (9,10)
semi P1 (2, 4) (5, 11)
Hoare Logic { sample proofs
Swap Program
Assign
^
s x =a s y =b
pre
((x := s :s x + s y );
code
((y := s :s x
s y );
(x := s :s x
s y )))
2. s x = a s y = b
pre
3. (s :s x = a + b s y = b )(s [x
s x + s y ])
simp 2
P2. (x := s :s x + s y )
code
4. s x = a + b s y = b
assg P2 3
5. s x = a + b s y = b
mid
P3. ((y := s :s x
s y );
code
(x := s :s x
s y ))
6. s x = a + b s y = b
pre
7. (s :s x = a + b s y = a)(s [y
s x s y ])
simp 6
P4. (y := s :s x
s y)
code
8. s x = a + b s y = a
assg P4 7
9. s x = a + b s y = a
mid
10. (s :s x = b s y = a)(s [x
s x s y ])
goal
P5. (x := s :s x
s y)
code
11. s x = b s y = a
assg P5 10
12. s x = b s y = a
semi P3 (6, 8) (9,11)
13. s x = b s y = a
semi P1 (2, 4) (5, 12)
1.
P1.
^
^
7!
^
^
^
^
^
^
^
7!
7!
^
^
^
Hoare Logic { sample proofs
Swap Program
Assign
^
s x =a s y =b
pre
((x := s :s x + s y );
code
((y := s :s x
s y );
(x := s :s x
s y )))
2. s x = a s y = b
pre
3. (s :s x = a + b s y = b )(s [x
s x + s y ])
simp 2
P2. (x := s :s x + s y )
code
4. s x = a + b s y = b
assg P2 3
5. s x = a + b s y = b
mid
P3. ((y := s :s x
s y );
code
(x := s :s x
s y ))
6. s x = a + b s y = b
pre
7. (s :s x = a + b s y = a)(s [y
s x s y ])
simp 6
P4. (y := s :s x
s y)
code
8. s x = a + b s y = a
assg P4 7
9. s x = a + b s y = a
mid
10. (s :s x = b s y = a)(s [x
s x s y ])
simp 9
P5. (x := s :s x
s y)
code
11. s x = b s y = a
assg P5 10
12. s x = b s y = a
semi P3 (6, 8) (9,11)
13. s x = b s y = a
semi P1 (2, 4) (5, 12)
1.
P1.
^
^
7!
^
^
^
^
^
^
^
7!
7!
^
^
^
Hoare Logic { sample proofs
Swap Program
The Proof.
^
s x =a s y =b
pre
((x := s :s x + s y );
code
((y := s :s x
s y );
(x := s :s x
s y )))
2. s x = a s y = b
pre
3. (s :s x = a + b s y = b )(s [x
s x + s y ])
simp 2
P2. (x := s :s x + s y )
code
4. s x = a + b s y = b
assg P2 3
5. s x = a + b s y = b
mid
P3. ((y := s :s x
s y );
code
(x := s :s x
s y ))
6. s x = a + b s y = b
pre
7. (s :s x = a + b s y = a)(s [y
s x s y ])
simp 6
P4. (y := s :s x
s y)
code
8. s x = a + b s y = a
assg P4 7
9. s x = a + b s y = a
mid
10. (s :s x = b s y = a)(s [x
s x s y ])
simp 9
P5. (x := s :s x
s y)
code
11. s x = b s y = a
assg P5 10
12. s x = b s y = a
semi P3 (6, 8) (9, 11)
13. s x = b s y = a
semi P1 (2, 4) (5, 12)
1.
P1.
^
^
7!
^
^
^
^
^
^
^
7!
7!
^
^
^
Hoare Logic { sample proofs
Swap Program
Example of detailed Simp
1.
2.
6
^ 6
x =y y =x
s x =a+b s y =b
no alias
pre
^
s x =a+b
8. s y = b
9. a + b
b=a
10. a + b
s y =a
11. s x
s y =a
12. (s [y
s x s y ]) y = s x
13. (s [y
s x s y ]) y = a
7.
s x =a+b
x =y
5. (s [y
s x s y ]) x = s x
6. (s [y
s x s y ]) x = a + b
3.
4.
14. (s [y
6
7!
7!
7! s x
15. (s :s
andE 2
andE 1
fun upd other 4
subst (3, 5)
^
7!
7!
7!
s y
s y ]) x = a + b (s [y
s x s y ]) y = a
x = a + b s y = a)(s [y
s x s y ])
^
7!
Hoare Logic { sample proofs
andE 2
andE 2
add di cancel
subst 8, 9
subst 7, 10
fun upd same
subst (11, 12)
andI (6) (13)
red. 14
© Copyright 2025