UP | HOME
2016-09-08 | ../../

Dijkstra's Weakest Preconditions

Table of Contents

1 Abstract

This page is about wp(), without concurrency related issues.

2 Weakest Precondition

  1. Let R stand for wp(S, Q). R is an assertion/ predicate/ condition. R is a <i>weakest precondition</i> if the following holds.
  2. For all states s that satisfy R, executing S on s always terminates, and the resulting state s' satisfies Q.
  3. Hoare's triplet {wp(S, Q)} S {Q} is therefore True.
  4. Note that wp() is about total correctness: It includes termination.

3 wp Defined for a PL

  1. wp(skip, R) is R // skip is is a "do nothing" statement
  2. wp(abort, R) is False // abort is an "always fail" statement
  3. wp(x := e, R) is (R with x replaced by e)
  4. wp(S1; S2, R) is wp(S1, wp(S2, R))
  5. wp(if B then S1 else S2 fi, R) is<br> ((B ⇒ wp(S1, R)) and (not B ⇒ wp(S2, R)))
  6. wp(while B do S od) is …

3.1 Law of Excluded Miracle

  1. wp(S, False) = False is impossible.
  2. This is known as the Law of Excluded Miracle. The phrase "is impossible" can be confusing. Understand it as "we cannot do it" as in we cannot satisfy the precondition False, execute S, and expect False to be True. So, for any Q, wp(S, Q) = False is impossible.
  3. wp(S, True) = True? Does this define liveness of S?

4 wp Example Q/Answers

Determine weakest preconditions of the following. Show all intermediate steps. Assume that all variables are of integer type. PL code is shown enclosed in braces. Note that CS literature uses := as an assignment-operator, and = as equals.

4.1 Weakest Preconditions-4

wp( {n := n + m; m := n + m; n := m - n}, (n = 6) and (m = 1) )
= wp( {n := n + m; m := n + m}, (m - n = 6) and (m = 1) )
= wp( {n := n + m}, (n + m - n = 6) and (n + m = 1) )
= wp( {n := n + m}, (m = 6) and (n + m = 1) )
= (m = 6) and (n + m + m = 1)
= m = 6 and n = -11

4.2 Weakest Preconditions-5

wp( {if i > j then i := i - j else j := i fi}, i = j )
= (i > j ⇒ wp({i := i - j},i = j)) and (i <= j ⇒ wp({j := i}, i = j))
= (i > j ⇒ i - j = j) and (i <= j ⇒ i = i)
= (i > j ⇒ i = 2*j) and (i > j or true)
= (i <= j or i = 2*j) and (true)
= (i <= j or i = 2*j)

4.3 Weakest Preconditions-6

wp( {while i > 3 do i := i - 3 od}, i = 3 )

P0 = (i <= 3) and (i = 3) = (i = 3)
P1 = (i > 3) and wp({i := i - 3}, i=3) = (i > 3) and (i-3 = 3) = (i = 6)
P2 = (i > 3) and wp({i := i - 3}, i=6) = (i > 3) and (i-3 = 6) = (i = 9)
Pk = i = 3*(k+1)

wp( {while i > 3 do i := i - 3 od}, i = 3 ) = (P0 or ∃ k>= 0: Pk)
= (i = 3 or (∃ k >= 0: i = 3 * (k + 1)))
= (∃ k >= 1: i = 3*k)
= i = 3*k, for some k > 0

5 References

  1. Dijkstra, Edsger Wybe, A Discipline of Programming. Englewood Cliffs: prentice-hall, 217pp, 1976. A classic. Dijkstra is a Turing award winner.
  2. See Andrews, Chapter 1.
  3. http://en.wikipedia.org/wiki/Predicate_transformer_semantics
  4. Prabhaker Mateti, Lecture Notes on Assertions, 2016.

6 End

Copyright © 2016 • www.wright.edu/~pmateti • 2016-09-08