Lecture 3: Hoare Logic

COMS E6998 Formal Verification of System Software
Fall 2018
Ronghui Gu

1. What is Hoare Logic

Goal of formal verification: software without bugs.

1.1 Intro to Hoare Logic

The goal is to prove the following specification:

using the following logical formalism:


1.2 A simple imperative language

Language Syntax:

Language Semantics:

1.3 Assertion language

Assertion: A logical formula describing a set of valuations on program variables with some interesting property.

Assertion semantics: if the integer model and the environment (i.e., state) models the assertion

1.4 Hoare Triple Semantics

The partial correctness Hoare triple is valid iff

The total correctness Hoare triple is valid iff

For program without loops, we have

2 Hoare Logic Inference Rules

3 Weakest Precondition

Intuitively, the largest set of states (represented as an assertion) starting from which if a program is executed, the resulting states satisfy a given post-condition , which is denoted as “”.

Given and , a weakest precondition is an assertion such that

3.1 Weakest Precondition Exists

4 Meta Theory of Hoare Logic

Theorem (Soundness)
Hoare Logic is sound:

Theorem (Relative Completeness)
If there is a complete proof system for proving assertions in the underlying logic, then all valid Hoare triples have a proof.

Given and the properties of the weakest precondition, we have that

Thus, as long as , we know that