**9.2** On page 307, Stansifer gives a simple example
of how the treatment of variables in Hoare logic can lead to unfortunate
results (namely, an obviously wrong program can be proved correct!).
Actually, Stansifer does not seem aware that the problem is with the treatment
of variables in this version of Hoare logic, and instead says it is due to the
definition of partial correctness; but he is wrong. Algebraic denotational
semantics, by treating different kinds of variables differently, allows a
notion of partial correctness where such silly trivially wrong programs cannot
be proved correct.

**9.3** As noted in **Algebraic Semantics**, weakest preconditions do
not work correctly for specifications written in first order logic; you must
use infinitary logic (which is the logic of infinitely long expressions!) or
second order logic, and as a result things get much more complicated (see
p. 309). Also, Theorem 20 (p. 311) is not stated correctly: only *relative
completeness* holds, i.e., completeness assuming an oracle for theorems of
arithmetic. (Roughly speaking, the problem is that arithmetic is undecidable
(by a famous theorem of Goedel), and arbitrarily difficult theorems of
arithmetic may be needed in proving programs correct, but Hoare logic does not
provide any way to get theorems about arithmetic.)

To CSE 230 homepage

To CSE 230 notes page

Maintained by Joseph Goguen

© 2000, 2001, 2002 Joseph Goguen

Last modified: Fri Feb 1 13:51:47 PST 2002