Probabilistic guarded commands mechanized in HOL

The probabilistic guarded-command language pGCL [15] contains both demonic and probabilistic nondeterminism, which makes it suitable for reasoning about distributed random algorithms [14]. Proofs are based on weakest precondition semantics, using an underlying logic of real(rather than Boolean-) valued functions. We present a mechanization of the quantitative logic for pGCL [16] using the HOL theorem prover [4], including a proof that all pGCL commands satisfy the new condition sublinearity, the quantitative generalization of conjunctivity for standard GCL [1]. The mechanized theory also supports the creation of an automatic proof tool which takes as input an annotated pGCL program and its partial correctness specification, and derives from that a sufficient set of verification conditions. This is employed to verify the partial correctness of the probabilistic voting stage in Rabin’s mutual-exclusion algorithm [10].