patternMinor
Intuitive explanation of Hoare assignment axiom
Viewed 0 times
axiomintuitiveassignmenthoareexplanation
Problem
$\small\textit{''The obvious things are the most difficult to understand''}$
May be the question does not make sense, but let me ask it anyway.
The Hoare assignment axiom is
$$
\dfrac{}{\{Q[v \mapsto expr]\} \;\; v:=expr \;\; \{Q\}}
$$
Is there an intuitive explanation of the axiom?
I "agree" with the Floyd assignment axiom:
$$
\dfrac{}{\{Q\} \;\; v:=expr \;\; \{\exists old: Q(old,..) \land v=expr(old,...)\}}
$$
which can be thought as "if
Is there a similar intuition for the Hoare assignment axiom?
May be the question does not make sense, but let me ask it anyway.
The Hoare assignment axiom is
$$
\dfrac{}{\{Q[v \mapsto expr]\} \;\; v:=expr \;\; \{Q\}}
$$
Is there an intuitive explanation of the axiom?
I "agree" with the Floyd assignment axiom:
$$
\dfrac{}{\{Q\} \;\; v:=expr \;\; \{\exists old: Q(old,..) \land v=expr(old,...)\}}
$$
which can be thought as "if
Q holds before the assignment, then after the assignment we know that the variables should satisfy: 1) Q(old) holds for some old variables (since we assume Q holds), 2) variable v has the new valueexpr(old,...)".Is there a similar intuition for the Hoare assignment axiom?
Solution
Hoare Logic proceeds backwards. It is a method to compute a precondition such that the desired postcondition holds. In fact, the inference rules given in your standard Hoare Logic deductions compute weakest preconditions, or the most "specific" precondition that still guarantees that the post-condition holds at the next program point.
I think this is the salient difference. There's no comparable interpretation (of reasoning about the next program point) for backwards predicate transformers because we have to reason about the "state" before an operation given that we know its "state" after. In comparison, the alternative axiom reasons about the postcondition given a precondition.
Now, the two axioms are duals of each other, in the sense that the backwards axiom computes a weak precondition while the forward axiom computes a strong postcondition (most "general" postcondition such that all possible postconditions are subsumed). Logically, they are equivalent. Therefore, not only do we have a singular backwards intuition of the Hoare axiom, but we should also have some sort of connections between the intuitions behind the backwards axioms and those behind the forward axioms.
$$
\frac{}{\{P : Q [x \mapsto e]\} ~x = e ~\{Q\}}
$$
which roughly says that the weakest precondition of $Q$ preceding an assignment $x = e$ is just $Q$ with every occurrence of $x$ replaced by the expression $e$. To see this in action, say you have the goal $Q = (x^2 = 4)$ and you want to see if $x = 3$ satisfies this goal. Well, the assignment axiom tells us that we should transform this post-condition into $(x^2 = 4)[x \mapsto 3] \to (9 = 4) \equiv \bot$, which says that there is no precondition that can get us to the goal. On the other hand, a goal of $Q = (x^2 = 9)$ allows us to compute a weakest precondition of $(9 = 9) \equiv \top$, so any precondition will satisfy this program.
$$
Q = B(F(Q))
$$
(though the other direction $Q = F(B(Q))$ does not necessarily hold, since $B$ can produce $\bot$ and $F(\bot) = \bot$)
I think this is the salient difference. There's no comparable interpretation (of reasoning about the next program point) for backwards predicate transformers because we have to reason about the "state" before an operation given that we know its "state" after. In comparison, the alternative axiom reasons about the postcondition given a precondition.
Now, the two axioms are duals of each other, in the sense that the backwards axiom computes a weak precondition while the forward axiom computes a strong postcondition (most "general" postcondition such that all possible postconditions are subsumed). Logically, they are equivalent. Therefore, not only do we have a singular backwards intuition of the Hoare axiom, but we should also have some sort of connections between the intuitions behind the backwards axioms and those behind the forward axioms.
- The intuition behind the backwards axiom: This is actually relatively easy to see, given that you know what the deduction system is doing. Let's look at the Hoare assignment rule:
$$
\frac{}{\{P : Q [x \mapsto e]\} ~x = e ~\{Q\}}
$$
which roughly says that the weakest precondition of $Q$ preceding an assignment $x = e$ is just $Q$ with every occurrence of $x$ replaced by the expression $e$. To see this in action, say you have the goal $Q = (x^2 = 4)$ and you want to see if $x = 3$ satisfies this goal. Well, the assignment axiom tells us that we should transform this post-condition into $(x^2 = 4)[x \mapsto 3] \to (9 = 4) \equiv \bot$, which says that there is no precondition that can get us to the goal. On the other hand, a goal of $Q = (x^2 = 9)$ allows us to compute a weakest precondition of $(9 = 9) \equiv \top$, so any precondition will satisfy this program.
- The connection between the forward and backward systems: Recall that we said that the two deduction systems are duals of each other. In other words, given a deduction (in the form of an inference rule) in the forward system, we can infer a similar deduction (in the backward system) by joining the leaves/exit points of this tree together, and inverting the proof. In other words, there's a (rough) correspondence. Suppose that the forward system is characterized by the rule function $F$, such that $F(\{\phi_1, \dots\}) e$ returns the set of propositions that might hold after executing $e$ given that we know $\{\phi_1, \dots\}$ before hand. Similarly, we also have a backwards rule function $B$, such that $B(\{\psi_1, \dots\}) e$ returns the set of propositions that must be true before $e$ so that $\{\psi_1, \dots\}$ holds afterwards. We can see that
$$
Q = B(F(Q))
$$
(though the other direction $Q = F(B(Q))$ does not necessarily hold, since $B$ can produce $\bot$ and $F(\bot) = \bot$)
Context
StackExchange Computer Science Q#66199, answer score: 7
Revisions (0)
No revisions yet.