Differences

This shows you the differences between two versions of the page.

--- sav08:hoare_logic [2009/02/25 14:34]
vkuncak
+++ sav08:hoare_logic [2009/03/04 11:03]
vkuncak
@@ Line 2: / Line 2: @@
 Hoare logic is a way of inserting annotations into code to make proofs about program behavior simpler.
 ===== Example Proof =====
-<code>
+<code java>
-{0 <= y}
+//{0 <= y}
 i = y;
-{0 <= y & i = y}
+//{0 <= y & i = y}
 r = 0;
-{0 <= y & i = y & r = 0}
+//{0 <= y & i = y & r = 0}
-while {r = (y-i)*x & 0 <= i}
+while //{r = (y-i)*x & 0 <= i}
  (i > 0) (
-  {r = (y-i)*x & 0 < i}
+  //{r = (y-i)*x & 0 < i}
   r = r + x;
-  {r = (y-i+1)*x & 0 < i}
+  //{r = (y-i+1)*x & 0 < i}
   i = i - 1
-  {r = (y-i)*x & 0 <= i}
+  //{r = (y-i)*x & 0 <= i}
 )
-{r = x * y}
+//{r = x * y}
 </code>
@@ Line 37: / Line 38: @@
 Note: weakest conditions (predicates) correspond to largest sets; strongest conditions (predicates) correspond to smallest sets that satisfy a given property (Graphically, a stronger condition $x > 0 \land y > 0$ denotes one quadrant in plane, whereas a weaker condition $x > 0$ denotes the entire half-plane.)
@@ Line 47: / Line 51: @@
 \]
-Note the similarity with relation composition.
+This is simply [[Sets and relations#Relation Image]] of a set.
 {{sav08:sp.png?400x250|}}
@@ Line 141: / Line 145: @@
 We then similarly extend the notion of $sp(P,r)$ and $wp(r,Q)$ to work on formulas and commands.   We use the same notation and infer from the context whether we are dealing with sets and relations or formulas and commands.
@@ Line 149: / Line 154: @@
      { \{P\} c_1 ; c_2 \{ R \} }
 \]
+We can prove this from
+  * definition of Hoare triple
+  * meaning of ';' as $\circ$
 ===== Further reading =====
   * {{sav08:backwright98refinementcalculus.pdf|Refinement Calculus Book by Back, Wright}}