## Hoare Logic and Auxiliary Variables (1998)

### Cached

### Download Links

- [www.lfcs.informatics.ed.ac.uk]
- [www.lfcs.informatics.ed.ac.uk]
- [www.lfcs.inf.ed.ac.uk]
- DBLP

### Other Repositories/Bibliography

Venue: | Formal Aspects of Computing |

Citations: | 38 - 0 self |

### BibTeX

@TECHREPORT{Kleymann98hoarelogic,

author = {Thomas Kleymann},

title = {Hoare Logic and Auxiliary Variables},

institution = {Formal Aspects of Computing},

year = {1998}

}

### Years of Citing Articles

### OpenURL

### Abstract

Auxiliary variables are essential for specifying programs in Hoare Logic. They are required to relate the value of variables in different states. However, the axioms and rules of Hoare Logic turn a blind eye to the rle of auxiliary variables. We stipulate a new structural rule for adjusting auxiliary variables when strengthening preconditions and weakening postconditions. Courtesy of this new rule, Hoare Logic is adaptation complete, which benefits software re-use. This property is responsible for a number of improvements. Relative completeness follows uniformly from the Most General Formula property. Moreover, contrary to common belief, one can show that Hoare Logic subsumes VDM's operation decomposition rules in that every derivation in VDM can be naturally embedded in Hoare Logic. Furthermore, the new treatment leads to a significant simplification in the presentation for verification calculi dealing with more interesting features such as recursion or concurrency.

### Citations

1497 | An Axiomatic Basis for Computer Programming
- Hoare
- 1969
(Show Context)
Citation Context ...2.4 (Semantics of Hoare Logic for Partial Correctness) j= Hoare fpg S fqg ` L \Theta prog \Theta L def = 8s;t \Delta \Gamma [[ p]](s) s S - t \Delta ) [[q]](t) : Based on work by Floyd [Flo67], Hoare =-=[Hoa69]-=- proposed a syntax-directed proof system for deriving correctness formula. For every construct of the imperative programming language, Hoare Logic provides a rule which allows one to decompose a progr... |

612 |
Assigning meaning to programs
- Floyd
- 1967
(Show Context)
Citation Context ...ns. Definition 2.4 (Semantics of Hoare Logic for Partial Correctness) j= Hoare fpg S fqg ` L \Theta prog \Theta L def = 8s;t \Delta \Gamma [[ p]](s) s S - t \Delta ) [[q]](t) : Based on work by Floyd =-=[Flo67]-=-, Hoare [Hoa69] proposed a syntax-directed proof system for deriving correctness formula. For every construct of the imperative programming language, Hoare Logic provides a rule which allows one to de... |

118 | Soundness and completeness of an axiom system for program veri¯cation
- Cook
- 1978
(Show Context)
Citation Context ...s. To avoid this problem, Cook has proposed that one investigates relative completeness in an attempt to separate the reasoning about programs from the reasoning about the underlying logical language =-=[Coo78]-=-. Two concessions are made: 1. One only considers expressive (first-order) logics in the sense of Sect. 2.5.1 below. 5 2. Furthermore, the formal system is augmented by a theory 1 of first-order logic... |

84 |
Procedures and parameters: An axiomatic approach
- Hoare
- 1971
(Show Context)
Citation Context ...ead to infinite derivations when S 0 calls itself. Induction comes to the rescue. Let us first omit the issue of termination. We may simply assume ` Hoare fpg call fqg to conclude ` Hoare fpg S 0 fqg =-=[Hoa71]-=- i.e., fpg call fqg ` Hoare fpg S 0 fqg ` Hoare fpg call fqg : This rule introduces a fundamental change in deriving correctness formulae. Derivations are now to be considered with respect to a contex... |

72 |
Methods and logics for proving programs
- Cousot
- 1990
(Show Context)
Citation Context ...8a]. We discuss a refined proof technique in Sect. 4.s1 the set of all valid as opposed to derivable formulae 2 For partial correctness, one needs to instead consider the weakest liberal precondition =-=[Cou90]-=-. 6 2.6 Adaptation Completeness For programming in the large, adaptation completeness is a desirable feature [Zwi89]. Whenever, irrespective of the details of the program S, two correctness formula fp... |

70 | Ten years of Hoare logic: A survey { part I
- Apt
- 1981
(Show Context)
Citation Context ...owski [Sok77] suggests 8n : N \Delta fp(n)g call fqg ` Hoare fp(n+1)g S 0 fqg ` Hoare f9n : N \Delta p(n)g call fqg provided :p(0). (18) He claims to establish soundness and completeness, but, as Apt =-=[Apt81]-=- points out, merely adding such a rule for procedure invocations in a setting with Hoare's consequence rule does not lead to a complete system. Unlike logic, where finding valid formulae which cannot ... |

54 |
Mathematical Theory of Program Correctness
- Bakker
- 1980
(Show Context)
Citation Context ...derably more difficult to devise a syntactic version of the precondition. If the assertion language is Peano Arithmetic, this construction involves encoding computations with the help of Gdel numbers =-=[dB80]-=-. However, in any case, the logic L must be able to express this assertion. This is guaranteed by the definition of expressiveness since [[ p]] = wp \Gamma S; [[q]] \Delta . Theorem 4.1 (MGF) For an a... |

41 | Assignment and procedure call proof rules - Gries, Levin - 1980 |

38 |
and Ernst-Rüdiger Olderog. Verification of Sequential and Concurrent Programs. Texts and Monographs in Computer Science
- Apt
- 1990
(Show Context)
Citation Context ...the help of auxiliary variables e.g., one could record computation histories in auxiliary variables [Sou84]. Is this orthogonal to our approach to auxiliary variables? Employing two standard examples =-=[AO91]-=-, we motivate that our rule of consequence might subsume Owicki's structural rule to deal with auxiliary variables for concurrency. We first consider disjoint parallel programs. The second example inv... |

23 |
A complete axiomatic system for proving assertions about recursive and nonrecursive programs
- Gorelick
- 1975
(Show Context)
Citation Context ...pleteness. One may adapt arbitrary satisfiable specifications. As a consequence, ffl we clarify how to uniformly establish completeness as a corollary of Gorelick's Most General Formula (MGF) theorem =-=[Gor75]-=- which focusses on deriving a specific correctness formula. One may adapt the MGF specification to an arbitrary specification in a single step. ffl We can show that, contrary to common belief, Hoare L... |

19 | Deliverables: a categorical approach to program development in type theory - Burstall, McKinna - 1992 |

19 | The science of computer programming - Gries - 1981 |

18 |
Proving total correctness of recursive procedures
- America, Boer
- 1990
(Show Context)
Citation Context ...s leads to a significantly simpler sound and complete verification calculus for recursive procedures in the setting of total correctness. Specifically, it is an improvement over America and de Boer's =-=[AdB90]-=- system. Our new rule of consequence subsumes their four structural rules. We restrict our attention to a single parameterless procedure. Let S 0 denote the body of the procedure. Invoking the procedu... |

11 |
Mechanical verification of mutually recursive procedures
- Homeier, Martin
- 1996
(Show Context)
Citation Context ...nforce that program variables have to start with a lower-case letter, whereas auxiliary variables must start with an upper-case letter. To be well-formed, programs may only refer to program variables =-=[HM96]-=-. Technically, it is more elegant to distinguish between program variables and auxiliary variables at the semantic level, too. Following a proposal by Apt and Meertens [AM80], we interpret assertions ... |

5 | A system of proof rules for the correctness of iterative programs – some notational and organisational suggestions. Unpublished - Aczel - 1982 |

5 |
Completeness with finite systems of intermediate assertions for recursive program schemes
- Meertens
- 1980
(Show Context)
Citation Context ...efer to program variables [HM96]. Technically, it is more elegant to distinguish between program variables and auxiliary variables at the semantic level, too. Following a proposal by Apt and Meertens =-=[AM80]-=-, we interpret assertions relative to an (arbitrary) domain of auxiliary variables and the state space. It is straightforward to revise the above definitions. In particular, semantics of Hoare Logic a... |

4 | On the use of history variables - Clint - 1981 |

1 | A note on program verification. Unpublished, see also [Jon86 - Aczel - 1982 |