Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456
Hoare Logic (CST Part II)

Hoare Logic

Lecturer: Mike Gordon
Taken by: Part II
Number of lectures:12
Lecture location: Lecture Theatre 2, WGB (provisional)
Lecture times: 11:00 on Mon, Wed & Fri starting Fri Oct 07, 2011
Feedback form

Official web page

Summary: Program specification: partial and total correctness. Hoare notation. Axioms and rules of Hoare logic. Soundness and completeness. Mechanised program verification: verification conditions, weakest preconditions and strongest postconditions. Pointers, the frame problem and separation logic
(Official syllabus)
Material is examinable if it is presented in lectures!

Exercises and past exam questions

The first 16 exercises in this exercise list have some solution notes.
There are also some past exam questions that are relevant to this course.

Examples classes:

Examples classes will be run by John Wickerson in Room FW26.

The first class will be on Tue 25 Oct, 1600-1730.
John writes: in the first examples class we will work through the following exercises. Feel free to have a go at them beforehand if you like.
- 2005 Paper 7 Question 6
- 1993 Paper 10 Question 12. Parts (a)-(c).
- Consider this program, written in a C-like language:
  
  x = 1; while (z > 0) { if (z & 1 == 1) x = y * x; z = z >> 1; y = y * y; }
  Work out what it is supposed to do, invent a sensible specification for it, and prove that the specification holds.
The second class will be on Wed 09 Nov, 1530-1700. In this we will work through 2006 Paper 8 Question 15 (feel free to have a go beforehand), and then talk about Separation Logic.

Reading

Some background reading (latest version incorporates suggestions and corrections from John Wickerson)
Further reading (optional)

Slides

The whole set of slides is available both as a single document:

[A3 postscript (for projection) | A4 pdf | A4 pdf (4 slides per page) | printed handout (won't be updated)]

or split into sections:

Introduction to formal methods and Hoare logic.
[ A3 for projection | A4 for printing (PDF) ]
Formal Specification.
[ A3 for projection | A4 for printing (PDF) ]
Introduction to Primitive Axioms and Rules for Partial Correctness.
[ A3 for projection | A4 for printing (PDF) ]
Further Primitive Rules. Invariants.
[ A3 for projection | A4 for printing (PDF) ]
Soundness and Completeness.
[ A3 for projection | A4 for printing (PDF) ]
Derived Rules; Mechanizing Hoare Logic.
[ A3 for projection | A4 for printing (PDF) ]
Proving Programs Terminate.
[ A3 for projection | A4 for printing (PDF) ]
More constructs: arrays, blocks and FOR-commands.
[ A3 for projection | A4 for printing (PDF) ]
Refinement.
[ A3 for projection | A4 for printing (PDF) ]
Pointers, the Frame Problem and Separation Logic.
[ A3 for projection | A4 for printing (PDF) ]

The actual slides presented in each lecture: Oct 7, Oct 10, Oct 12, Oct 14, Oct 17, Oct 19, Oct 21, Oct 24, Oct 26, Oct 28, Oct 31, Nov 2 (Holfoot).

John Wickerson gave a guest lecture on October 21 on VCC.
- VCC can be tried online at rise4fun.com/vcc.
- Alternatively it can be downloaded from vcc.codeplex.com. You will need a working installation of MS Visual Studio 2010. Please note the following three common problems with VCC installation and use:
  1. You must make a Visual Studio project before you can begin verifying. In the project properties, select "Configuration properties", then "VC++ directories", and then add $(INCLUDE) to the end of the list of "Include directories".
  2. Any file you verify must be part of a project, otherwise you will get an "Object instance not set to an object" error. If you right-click on the project and select "Add item", then you can be sure that your file is part of the project.
  3. In the VCC options (available from the Verify menu), ensure that VCC version is set to "V3". This version uses very different syntax from previous versions of VCC.
- Here is a zip file containing the 6 source files verified during the lecture, plus selection-sort which was left as an exercise.
- John's lecture to the 2010 MPhil/ACS course describes hand proofs of the linked list reversal program first using original 'old style' Hoare logic (which is what VCC implements) and then using separation logic (whose implementation is the subject of current research).

Interesting links

Floyd's orbituary; his seminal 1967 paper Assigning meanings to programs
Hoare's home page at Microsoft; his seminal 1969 paper An axiomatic basis for computer programming
Programming Language Constructs for Which It Is Impossible To Obtain Good Hoare Axiom Systems by Edmund M. Clarke Jr.
Zune bug explained in detail
Why - a generic verification condition generator
Scalable Specification and Reasoning: Technical Challenges for Program Logic by Peter O'Hearn
Verified Software: A Grand Challenge
Microsoft SLAM, TERMINATOR and SLAyer projects.
Wikipedia article on Material Implication, the Paradoxes of Material Implication and some classic fallacies
Bibliographic Notes on Hoare Logic compiled by John Reynolds, and the slides for his course at CMU
Collection of Software Bugs and Software Glitches
Peter Homeier's Sunrise system
Design by Contract (a paper by Gary T. Leavens and Yoonsik Cheon)
Separation logic inspired startup Monoidics and their tool INFER.
Starting from about 28:26 minutes into this video there is a nice introduction to metamathematics (soundness, completeness, Goedel's theorem, Turing machines etc.).

Related courses

Programming Logics and Software Verification (MPhil ACS)
Specification and Verification I (predecessor Part II course)