$$ \begin{array}{ll} \text{Variables} & x,y,z \ \text{Constants} & c \; ::= \; \ldots,-1,0,1,\ldots \
\text{Expressions} & e \; ::= \; c \mid x \mid e_1 + e_2 \mid e_1 * e_2 \mid \ldots \
\text{Programs} & \alpha,\beta \; ::= \; x := e \mid \alpha;\beta \mid \textbf{if } P \textbf{ then } \alpha \textbf{ else } \beta \mid \textbf{while } P \ \alpha \
\text{Formulas} & P,Q \; ::= \; e_1 \le e_2 \mid e_1 = e_2 \mid \ldots \ & \qquad \mid P \land Q \mid P \lor Q \mid P \rightarrow Q \mid P \leftrightarrow Q \mid \neg P \mid \top \mid \bot \ & \qquad \mid \forall x.P(x) \mid \exists x.P(x) \ & \qquad \mid [\alpha]Q \mid \langle \alpha \rangle Q \end{array} $$
State: total (For every x\in X, there exists exactly one y\in Y such that f(x)=y) map from variable to integer.
Program: partial function (loop may not terminate) from prestate to poststate
Trace: sequence of states a program goes
[\alpha]Q (pronounced “box alpha Q”) which is true if, starting in a prestate w, the formula Q will be true in every poststate v we can reach by executing program \alpha
<\alpha>Q (pronounced “diamond alpha Q”) which is true in a state w if there is a poststate v that we can reach by executing \alpha in which Q is true.
For deterministic program, since there will be zero or one poststates, <\alpha>Q \implies [\alpha]Q
$$ \begin{array}{lll} \omega \models e_1 \le e_2 & \text{iff} & \omega\llbracket e_1 \rrbracket \le \omega\llbracket e_2 \rrbracket \
\omega \models e_1 = e_2 & \text{iff} & \omega\llbracket e_1 \rrbracket = \omega\llbracket e_2 \rrbracket \
\omega \models P \land Q & \text{iff} & \omega \models P \text{ and } \omega \models Q \
\omega \models P \lor Q & \text{iff} & \omega \models P \text{ or } \omega \models Q \
\omega \models P \rightarrow Q & \text{iff} & \omega \models P \text{ implies } \omega \models Q \
\omega \models \neg P & \text{iff} & \omega \not\models P \
\omega \models P \leftrightarrow Q & \text{iff} & \omega \models P \text{ iff } \omega \models Q \
\omega \models \forall x.P(x) & \text{iff} & \omega[x \mapsto c] \models P(x) \text{ for every } c \in \mathbb{Z} \text{ (what x currently holds doesn't matter) } \
\omega \models \exists x.P(x) & \text{iff} & \omega[x \mapsto c] \models P(x) \text{ for some } c \in \mathbb{Z} \text{ (what x currently holds matters) }\
\omega \models [\alpha]Q & \text{iff} & \text{for every } \nu \text{ with } \omega\llbracket \alpha \rrbracket \nu \text{ we have } \nu \models Q \text{ (allow loop) } \
\omega \models \langle \alpha \rangle Q & \text{iff} & \text{there is a } \nu \text{ with } \omega\llbracket \alpha \rrbracket \nu \text{ and } \nu \models Q \text{ (allow non-deterministic) } \end{array} $$
Now we redefine validity of P (\models P) as: P is valid if w \models P for every state w. Same goes with sequent.
Axioms: both sound and invertible
Good left/right rules: reductive axioms
We design the rules
to be sound, invertible, and reductive by proving [\alpha ; \beta]Q \iff [\alpha]([\beta]Q)
So we have the following axioms
Notice that we can't write [x := e]P \iff x = e \to P, this is because while := is a program assignment, = is a mathematical equality check. Therefore x:=x+1 is a valid program that increases x while x=x+1 will always resulting a false statement. If we have above incorrect rule, then [x := x + 1](x=17) \iff (x = x + 1) \to (x = 17) (which is incorrect, since the right side (x = x + 1) is always false and therefore right side is always true but the left side isn't always true.). So we prevent this issue by replacing variable x with a new variable x' so that if e mentions x, it would still be fine.
Table of Content