A Hoare logic for the coinductive trace-based big-step semantics of While

TL;DR

This paper introduces a Hoare logic for coinductive trace-based big-step semantics of While, enabling reasoning about non-terminating programs with formal proofs in Coq, and demonstrating its soundness and completeness.

Contribution

It presents a novel Hoare logic for coinductive trace semantics that subsumes standard logics and can reason about divergence and nontermination.

Findings

Logic is sound and complete.

Embeds standard partial and total correctness logics.

Formalized in Coq for constructive reasoning.

Abstract

In search for a foundational framework for reasoning about observable behavior of programs that may not terminate, we have previously devised a trace-based big-step semantics for While. In this semantics, both traces and evaluation (relating initial states of program runs to traces they produce) are defined coinductively. On terminating runs, this semantics agrees with the standard inductive state-based semantics. Here we present a Hoare logic counterpart of our coinductive trace-based semantics and prove it sound and complete. Our logic subsumes the standard partial-correctness state-based Hoare logic as well as the total-correctness variation: they are embeddable. In the converse direction, projections can be constructed: a derivation of a Hoare triple in our trace-based logic can be translated into a derivation in the state-based logic of a translated, weaker Hoare triple. Since we work with a constructive underlying logic, the range of program properties we can reason about has a fine structure; in particular, we can distinguish between termination and nondivergence, e.g., unbounded classically total search fails to be terminating, but is nonetheless nondivergent. Our meta-theory is entirely constructive as well, and we have formalized it in Coq.