S-Program Calculus

arXiv:1003.0773v1 [cs.LO] 3 Mar 2010 S-Program Calculus ALEKSANDAR KUPUSINAC and DUˇSAN MALBAˇSKI1 Abstract This paper presents a special subset of the first-order predicate logic named S-program calculus (briefly S-calculus). The S-calculus is a calculus consisting of so-called S-formulas that are defined over the abstract state space of a virtual machine. We show that S-formulas are a highly general tool for analyzing program semantics inasmuch as Hoare triplets of total and partial correctness are not more than two S-formulas. Moreover, all the rules of Hoare logic can be derived using S-formulas and axioms/theorems of first-order predicate calculus. The S-calculus is a powerful mechanism for proving program correctness as well as for build- ing additional proving tools using theorems of the predicate logic. Every proof is based on deriving the validity of some S-formula, so the procedure may be automated using automatic theorem provers (we will use Coq in this paper). As an example of the use of S-calculus, we will prove the four basic properties of Dijsktra’s operator wp. The proofs given by Dijkstra are not completely formalized and we will show that a full formalization can be achieved using S-calculus. Finally, we add one more theorem to the above-mentioned four, namely the law of negation. Key words: first-order predicate logic, Hoare logic, formal methods, program correctness, program semantics, weakest precondition 1 Introduction The key motivation for this research is the idea that programs may be treated as predicates and/or Boolean expressions [28][24][19][32][23][20][21]. The connection between Floyd-Hoare logic [15][22] and predicate logic is outlined in the papers of Cook [10] and Blass and Gurevich [7], where they use it to analyze the completeness of Hoare logic [2]. Blass and Gurevich consider the possibility of incorporating first-order predicate logic into Hoare logic, but they conclude that it would significantly increase the complexity of the latter. In our opinion, it is not necessarily the case: it is possible to generalize the ideas of Hoare logic on the abstract state space and simultaneously simplify proofs, if the interpretation domain is strictly separated from the domain of the abstract state space. Back, Akademi and von Wright [3] have developed the idea of a special program calculus called refinement calculus, which was meant to combine Hoare’s ideas with predicate logic. They solved the problem of indeterminism in the total/partial correctness formulas by introducing additional formulas of angelical and demonical correctness [4], but at the price of increasing the complexity of refinement calculus. Our idea is to develop a program calculus that associates Hoare logic with first-order predicate logic and clearly separates the interpretation domain from the abstract state domain (similarly to [27]). Secondly, it must not have any problems with indeterminism. Finally, it must treat total/partial correctness directly, i.e. without any requirement for additional concepts and formulas. In this paper, we will present the development of S-program calculus (briefly S-calculus), which represents a mathematical tool for the program semantics analysis [26]. Generality of the S-calculus stems from the fact that it is built around so-called S-formulas that are defined on the abstract state space and not on any of its interpretations, which was the reason for naming it ”S-calculus”, after the word ”state”. Simultaneously with the development of S-calculus, we will discuss the following six issues: 1Authors’ address: A. Kupusinac and D. Malbaˇski, University of Novi Sad, Faculty of Technical Sciences, Trg Dositeja Obradovi´ca 6, 21000 Novi Sad, Serbia. {sasak, malbaski}@uns.ac.rs 2 A. Kupusinac and D. Malbaˇski 1.) The S-calculus uses an abstract state space and is a general tool for describing program semantics. 2.) Hoare’s formulas of total and partial correctness are no more than two particular S-formulas. 3.) The S-calculus is based on the axioms and theorems of first-order predicate logic. The assignment statement and standard syntax units (such as if-then, if-then-else, while etc.) are defined using S-formulas so there is no need for special axioms and rules, as in Hoare logic. 4.) Variable declaration is also described using appropriate S-formulas. 5.) The general rules of Hoare logic are theorems in S-calculus and can be derived using axioms and theorems of first-order predicate logic. 6.) Proofs in the S-calculus are simple since they rely only on the results of first-order predicate logic. Moreover, they lend themselves to automation using standard theorem provers, making it easier to introduce new rules and theorems. The axiomatic system of S-calculus consists of the axioms of first-order predicate calculus. Each theorem in the predicate calculus is also a theorem in the S-calculus and vice versa. In Section 2, we will present the basic components, the axioms and several theorems in the S-cal

…(Full text truncated)…

This content is AI-processed based on ArXiv data.