Programming Theory
Tutorial 2: Weakest Preconditions
October 1, 2009
Example 1 Prove
wp
wp
(S ; skip;
(S ; skip;
P
) =
P
wp
(S;
P
)
)
f Definition of sequential composition g
=
(S; wp (skip; P ))
Definition of skip g
wp
f
=
wp
(S;
P
2
)
Example 2 Prove that the expression
IF1 :
if
!
!
B1
2
B2
fi;
S1
S2
S3
is equivalent to the expression
IF2 :
if
2
B1
B2
fi
!
!
S1
S2
;
;
S3
S3
Solution Prove that
wp
wp
(IF1 ;
=
S3 ; R
=
S3 ; R
) = wp (IF2 ;
R
)
)
f Definition of sequential composition g
wp
=
(IF1 ;
(IF1 ;
wp
(S3 ;
R
))
f Definition of the alternative command g
( 1 _ 2) ^ ( 1 )
( 1
( 3
))) ^ ( 2 )
f Definition of sequential composition g
( 1 _ 2) ^ ( 1 )
( 1; 3
)) ^ ( 2 )
(
B
B
B
wp
S ; wp
B
B
B
wp
S
S ; R
S ; R
1
B
B
wp
wp
S2
;
(S2 ;
wp
S3 ; R
))
(S3 ;
R
)))
f Definition of the alternative command g
(IF2
) 2
=
wp
; R
Example 3 Determine the weakest
such that
P
f g
P
IF :
if
f
fi
x
!
!
T
2
T
x
x
:= 1
:= 1
= 1g
holds.
Solution The weakest precondition of IF is
wp
(IF;
x
F
(false).
= 1)
f Definition of the alternative command g
( _ ) ^ ( )
(“ := 1”
= 1)) ^ ( )
f Definition of assignment g
( _ ) ^ ( ) 1 = 1) ^ ( ) 1 = 1)
f Left identity of ) g
( _ ) ^ 1=1 ^ 1=1
f Arithmetic g
( _ ) ^
^
f and-simplification g
2
=
=
=
=
=
T
T
T
T
T
T
T
T
T
T
T
wp
x
; x
T
wp
(“x :=
T
F
F
A Proof Method:
To prove that
1.
P
2.
P
where
f g IF f g is correct, prove the following points:
P
)
^ )
R
BB
Bi
BB
(
wp Si ; R
) for all
i
st1in
= B1 _ B2 _ : : : _ Bn
Example 4 Prove the following program correct.
P :
IF :
R
where
m
:
f _ g
if
!
2 !
x
f
fi
m
y
x
z
y
z
m
z
y
m
:=
:=
y
z
= min(x; y; z )g
= min(x; y; z ) is defined as
(m = x _ m = y _ m = z ) ^ m x ^ m y ^ m z
2
1”;
x
= 1))
Solution:
Prove
1. (x y _ x z )
2. ((x
3. ((x
)( _ )
_ ) ^ ) ) (“
_ ) ^ ) ) (“
z
y
z
y
y
x
z
z
y
wp
m
:=
y ; m
y
x
z
z
y
wp
m
:=
z ; m
Proof of 1:
Assume
x
_ y
x
”
= min(x; y; z ))
”
= min(x; y; z ))
z
z
_ = f Arithmetic g
2
y
z
y
T
Lemma 1:
((x y _ x z ) ^ y
z
)
)
y
= min(x; y; z )
Proof of Lemma 1:
Assume
Assume
y
x
y
_ y
x
z
z
= min(x; y; z )
=
f Definition of min g
( = _ = _ = )^ ^ ^ f Identity+ or-simplification g
^ ^ ^ f Arithmetic g
^ ^ ^ f Assumption: “ ” g
^ ^ ^
f and-simplification g
f Left identity of ) g
) f Assumption: “ _ ” g
( _ ) ) f Proof by cases g
) ^
) f Arithmetic: “ = ” and Lemma 2: “ )
y
=
=
=
=
=
x
=
=
y
y
z
T
y
x
y
y
T
y
x
T
y
z
y
z
T
y
x
y
x
T
=
y
y
T
y
y
y
y
z
z
x
x
y
x
y
y
x
x
z
y
x
x
z
y
y
y
x
x
z
x
x
T
^
) z
y
T
x
x
x
y
x
3
y
p
p
”
g
f and-simplification g
( ^ ) ) f Assumption: “ ” g
( ^ ) ) f Arithmetic g
( ^ ) ) f Arithmetic: “( ^ 2
=
T
=
x
z
y
y
=
=
x
z
y
z
x
z
y
x
y
z
z
x
y
x
y
z
z
x
) )
y
”
x
g
T
Proof of 2:
((x y _ x z )
=
^ ) ) (“ := ” = min(
f Definition of assignment g
(( _ ) ^ ) ) = min(
)
f Arithmetic: “ = ” g
(( _ ) ^ ) ) = min(
)
f Lemma 1: “(( _ ) ^ ) ) = min(
2
x
=
x
y
y
x
wp
z
z
y
x
=
y
z
y
z
z
x
m
y
z
y
z
y
x
y ; m
x; y; z
))
x; y; z
y
y
z
x; y; z
y
z
)”
g
= min(x; y; z )”
g
y
x; y; z
T
Proof of 3:
((x y _ x z ) ^ z y ) ) wp (“m :=
= f Definition of assignment g
”
z ; m
= min(x; y; z ))
((x y _ x z ) ^ z y ) ) z = min(x; y; z )
= f Commutativity and “min(x; y; z ) = min(x; z; y )”
((x z _ x y ) ^ z
=
f Lemma 1: “((
2
x
) ) = min(
_ )^ ) )
y
y
z
x
z
x; z; y
y
z
g
)
y
T
Example 5 Find
IF :
B1
f
and
x
if
2
f
fi
x
B2
such that
+ 2 y = zg
B1
B2
+2y
!
!
x; y
x; y
< z
:= y; x
:= 2 x + y;
x
+y
1
g
holds.
Solution Under the assumption
dition for the assignments are
wp
wp
x
+ 2 y = z we see that the weakest precon-
(“x; y :=
(“x; y := 2 x + y;
x
+y
”
y; x ; x
1”;
4
x
+2y
+2y
< z
)
=
x < y
< z
)
=
y
2<x
which we then can use as
and
B1
B2
respectively.
Prove
1.
x
+2y =z
2. (x + 2 y = z
3. (x+2y = z
Proof of 1:
Assume
x
^
)
^
y
(x < y
x < y
)
2 < x)
_
)
)
2 < x)
y
wp
wp
(“x; y :=
+2y
”
y; x ; x
(“x; y := 2 x + y;
x
< z
+y
)
1”;
+2y =z
x < y
=
_ 2
f Exercise g
2
y
< x
T
Proof of 2:
Assume
Assume
x
+2y =z
x < y
(“x; y := y; x”; x + 2 y < z )
= f Definition of multiple assignment
wp
+2
f Assumption: “ + 2 +2
+2
f Arithmetic g
2
+
f Arithmetic g
y
=
x < z
x
y
=
x < x
x < x
=
= z”
g
y
y
x < y
=
y
g
f Assumption: “
2
x < y
”
g
T
Proof of 3:
Assume
Assume
x
y
+2y =z
2<x
wp
(“x; y := 2 x + y;
=
y
=
+y
1”;
x
+2y
f Definition of multiple assignment g
2 + +2(
+
1)
f Arithmetic g
3
2
f Assumption: “ + 2 = ” g
3
2
+2
x
=
x
y
x
y
< z
x
y
< z
< x
y
y
5
z
< z
)
x
+2y
< z
)
=
f Arithmetic g
y
=
2<x
f Assumption: “
2
y
2 < x”
g
T
Note B1 = x < y and B2 = y 2 < x is not a unique solution. We could use
e.g. B1 = x < y and B2 = y 1 < x instead.
6
Exercise 1 Arrays f [0 : n] and g [0 : m] are alphabetically ordered lists of
names of people. It is known that at least one name is in both lists. Let X
represent the first (in alphabetic order) such name. Prove the program fRgS fRg
correct. Assume i and j are within the array bounds.
S
:
if
!
!
!
[ ] < g [j ]
[ ] = g [j ]
f [i] > g [j ]
f i
2
2
f i
fi
R
:
fordered(
f
^
[0 : n])
:= i + 1
skip
j := j + 1
i
^
ordered(g [0 : m])
[]X
f i
^
[ ] Xg
g j
You may use the following lemma:
ordered(b[0 : n])
^
)
[]<X
b i
[ + 1] X
b i
Solution: Prove
1.
R
2.
R
3.
R
4.
R
) ( [] [ ] _
^ [] [ ] )
^ []= [ ] )
^ [] [ ] )
f i
< g j
_
[ ] = g [j ]
f i
f i
< g j
wp
(“i :=
f i
g j
wp
(“skip”;
f i
> g j
wp
(“j :=
[ ] > g [j ])
f i
+ 1”;
i
j
R
R
)
)
+ 1”;
R
)
Hint: do them in ascending order of difficulty: first 3, then 1, then 2. The
proof of 4 is completely analogous to 2.
Proof of 1:
Assume
R
[ ] < g [j ]
f i
=
_
f Arithmetic g
[ ] [ ]_ [ ]
f Arithmetic g
2
f i
=
[ ] = g [j ]
f i
g j
f i
_
[ ] > g [j ]
f i
[ ]
> g j
T
Proof of 2:
Assume
Assume
Assume
Assume
Assume
ordered(f [0 : n])
ordered(g [0 : m])
f [i] X
g [j ] X
f [i] < g [j ]
(“i := i + 1”; ordered(f [0 : n])
= f Definition of assignment g
wp
ordered(f [0 : n])
^
^
ordered(g [0 : m])
ordered(g [0 : m])
7
^
^
[ + 1] X
f i
[]X
f i
^
^
[ ]X
g j
[ ] X ))
g j
=
f Assumptions: “ordered( [0 : ])”, “ordered( [0 : ])”, and “ [ ] and and-simplification g
[ + 1] f Left identity of ) g
) [ + 1] f and-simplification g
^ ) [ + 1] f Conditional Substitution: Assumptions: “ [ ] [ ]” and “ [ ] and Arithmetic: “(
^ ))
= ”g
^ []
) [ + 1] f Assumption: “ordered( [0 : ])” g
ordered( [0 : ]) ^ [ ]
) [ + 1] f Lemma g
2
f
f i
=
f i
T
=
=
T
f i
f i
< X
g j
f i
< g j
X
”
X
f i
y
n
z
x < z
g j
X
”
T
X
f
f
=
m
X
x < y
T
g
X
T
=
n
f i
n
< X
f i
X
T
Proof of 3:
Assume
Assume
R
[ ] = g [j ]
f i
wp
(“skip”;
=
R
)
f Definition of skip g
R
=
f Assumption: “
2
R
”
g
T
Proof of 4:
Assume
Assume
Assume
Assume
Assume
wp
(“j :=
=
ordered(f [0 : n])
ordered(g [0 : m])
f [i] X
g [j ] X
f [i] > g [j ]
j
+ 1”; ordered(f [0 : n])
T
=
n
g
f
g j
=
ordered(g [0 : m])
^
[]X
f i
^
[ ] X)
g j
f Definition of assignment g
ordered( [0 : ]) ^ ordered( [0 : ]) ^ [ ] ^ [ + 1] f Assumptions: “ordered( [0 : ])”, “ordered( [0 : ])”, and “ [ ] and and-simplification g
[ + 1] f Left identity of ) g
) [ + 1] f and-simplification g
^ ) [ + 1] f
=
^
T
m
n
T
X
g j
X
g
X
g j
f i
X
8
g j
m
X
f i
X
”
=
f Conditional Substitution: Assumptions: “ [ ] [
Arithmetic “(
)^( ) ) (
)= ”g
^ []
) [ + 1] f Assumption: “ordered( [0 : ])” g
ordered( [0 : ]) ^ [ ]
) [ + 1] f Lemma g
2
f i
x < y
T
=
g j
< X
g j
m
g j
z
x < z
T
X
g
g
=
y
< X
m
g j
T
9
> g j
X
]” and “f [i] X ” and