admin管理员组文章数量:1291002
I previously asked this question on StackOverflow about using loop invariants to catch a bug in my program. Now, I want to take the next step and understand how to compute the weakest precondition when a loop invariant is provided.
Background: For a simple if-statement, I understand how to compute the weakest precondition. Consider the following code:
if x > 0:
x = x - 1
else:
x = x + 1
# Postcondition: { x >= 0 }
To ensure that the postcondition x >= 0 holds after execution, I compute the weakest precondition as:
(x>0/\x>=1)\/(x<0/\(x+1)>=0)
which simplifies to:
(x>1)∨(−1<x<0)
However, I don’t know how to compute the weakest precondition when there is a loop and a given loop invariant.
My Question: Consider the following loop:
i = 0
x = user_input
while i < 10:
if x > 0:
x = x - 1
else:
x = x + 1
# Postcondition: { x >= 0 }
For some loop invariant I provided and proved (x>=0), how do I formally infer the weakest precondition for the entire program using my postcondition and invariant with backward reasoning?
I previously asked this question on StackOverflow about using loop invariants to catch a bug in my program. Now, I want to take the next step and understand how to compute the weakest precondition when a loop invariant is provided.
Background: For a simple if-statement, I understand how to compute the weakest precondition. Consider the following code:
if x > 0:
x = x - 1
else:
x = x + 1
# Postcondition: { x >= 0 }
To ensure that the postcondition x >= 0 holds after execution, I compute the weakest precondition as:
(x>0/\x>=1)\/(x<0/\(x+1)>=0)
which simplifies to:
(x>1)∨(−1<x<0)
However, I don’t know how to compute the weakest precondition when there is a loop and a given loop invariant.
My Question: Consider the following loop:
i = 0
x = user_input
while i < 10:
if x > 0:
x = x - 1
else:
x = x + 1
# Postcondition: { x >= 0 }
For some loop invariant I provided and proved (x>=0), how do I formally infer the weakest precondition for the entire program using my postcondition and invariant with backward reasoning?
1 Answer
Reset to default 1Filling in the assertions between statements:
i = 0
x = user_input
{ x >= 0 }
while i < 10:
{ x >= 0 }
if x > 0:
{ x > 0 }
{ x >= 1 }
{ x-1 >= 0 }
x = x - 1
{ x >= 0 }
else:
{ x <= 0 && x >= 0}
{ x = 0 }
{ x+1 >= 0} {x >= -1 }
x = x + 1
{ x >= 0 }
# Postcondition: { x >= 0 }
Since nothing happens between reading x & the loop, the loop's invariant would be your weakest precondition.
Note: the whole point of having a loop invariant is that you can use the same reasoning as you would for more "static" code.
本文标签: semanticsHow do I infer the weakest precondition when a loop invariant is givenStack Overflow
版权声明:本文标题:semantics - How do I infer the weakest precondition when a loop invariant is given? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741504671a2382248.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
ifis wrong; it says x can't be 0, but x ends up as 1 if you start theifwith x=0, which satisfies your postcondition. In fact, it says x can't be 1 either, but x ends up 0 if you start with x=1, which also satisfies your postcondition. – Scott Hunter Commented Feb 14 at 13:27