Drawing upon early work by Burstall, we extend Hoare's approach to proving the correctness of imperative programs, to deal with programs that perform destructive updates to data structures containing more than one pointer to the same location. The key concept is an "independent conjunction" P & Q that holds only when P and Q are both true and depend upon distinct areas of storage. To make this concept precise we use an intuitionistic logic of assertions, with a Kripke semantics whose possible worlds are heaps (mapping locations into tuples of values).

Abstract. We propose a simple compositional program logic for an imperative extension of call-by-value PCF, built on Hoare logic and our preceding work on program logics for pure higher-order functions. A systematic use of names and operations on them allows precise and general description of complex higher-order imperative behaviour. The proof rules of the logic exactly follow the syntax of the language and can cleanly embed, justify and extend the standard proof rules for total correctness of Hoare logic. The logic offers a foundation for general treatment of aliasing and local state on its basis, with minimal extensions. After establishing soundness, we prove that valid assertions for programs completely characterise their behaviour up to observational congruence, which is proved using a variant of finite canonical forms. The use of the logic is illustrated through reasoning examples which are hard to assert and infer using existing program logics.

We show the adequacy of axioms and proof rules for strict and lazy functional programs. Our basic logic comprises a huge part of what is common to both styles of functional programming. The logic for callby -value is obtained by adding the axiom that says that all variables are defined, whereas the logic for call-by-name is obtained by adding the axiom that postulates the existence of undefined object for each type. To show the correctness of the axiomatization we do not use denotational semantics and the adequacy of the evaluation of programs with respect to the semantics. Instead we use the standard term models based on call-by-value and call-by-name evaluation. We introduce a new method to prove on the syntactical level the monotonicity of the evaluation of functional programs with unbounded recursion. The direct method yields result about the proof-theoretic strength of the axiomatization. As a side result we obtain a syntactical proof of the context lemma for simply typed lambda terms with recursion.