5.3.1 Sample Formulas

As a way to nurture the reader’s understanding of this notation, we give below a number of formulas, which we want to consider as valid (in reference to the definition above); we let x and y be integer variables and we classify the sample formulas by the control structure of the program p.

Assignment statement: • {x=1} x=x+1; {x=2}

• {x≥1} x=x+1; {x≥2} • {x≥1} x=x+1; {x≥1} • {x=1

y=4} x=x+1; {x=2

y=4}

• {x=x0} x=x+1 {x=x0+1}, for some constant x0. • {x=x0

y=y0} x=x+1 {x=x0+1 y=y0}, for some constants x0 and y0. • {x=x0

y=y0} x=x+1 {x≥x0+1 y≥y0}, for some constants x0 and y0. Sequence statement:

• {x=3} x=x+3; y=x*x; {x=6

y=36}

• {x=3} x=x*x; y=x+9 {x=9

y=18}

• {x=x0 y=y0} x=x+3; y=x*x; {x=x0+3 y=(x0+3) 2 }, for some constants x0 and y0. • {x=x0

y=y0} x=x*x; y=x+9; {x=x0 2 y=x0 2 +9}, for some constants x0 and y0. • {x=x0

y=y0} x=x+y; y=x–y; x=x–y; {x=y0 y=x0}, for some constants x0 and y0. • {x=x0

y=y0} x=x+1; y=y–1; {x=x0+1 y=y0–1}, for some constants x0 and y0.

90 PROGRAM CORRECTNESS AND VERIFICATION

• {x=x0 y=y0} x=x+1; y=y–1; {x+y=x0+y0}, for some constants x0 and y0. • {x+y=A} x=x+1; y=y–1; {x+y=A}, for some constant A.

Conditional statement: • {true} if (x<0) {x=−x;} {x≥0}. • {x=x0} if (x<0) {x=–x;} {x=|x0|}. • {true} if (x<y) {x=x+y; y=x−y; x=x−y;} {x≥y}. • {x=x0

y=y0} if (x<y) {x=x+y; y=x–y; x=x–y;} {x=max(x0,y0) y=min (x0,y0)}, for some constants x0 and y0.

Alternation statement: • {x=x0

x y} if (x>y) {x=x–y ;} else {y=y–x ;} {gcd(x,y)=gcd(x0,y0)}, for some constants x0 and y0. • {gcd(x,y)=A

x y} if (x>y) {x=x–y ;} else {y=y–x ;} {gcd (x,y)=A}, for some constant A.

x>0

y>0

Iteration: • {true} while (y 0) {x=x+1; y=y–1;} {y=0} • {y≥0} while (y 0) {x=x+1; y=y–1;} {y=0} • {y<0} while (y 0) {x=x+1; y=y–1;} {y=0} • {x=x0

y=y0} while (y 0) {x=x+1; y=y–1;} {x=x0+y0 y=0}, for some constants x0 and y0. • {y≥0} while (y>0) {x=x+1; y=y–1;} {y=0}

• {x=x0 y≥0} while (y>0) {x=x+1; y=y–1;} {x≥x0} • {y<0} while (y>0) {x=x+1; y=y–1;} {y<0}

• {x=x0 y=y0 y≥0} while (y>0) {x=x+1; y=y–1;} {x=x0+y0 y=0}, for some constants x0 and y0. • {x=x0

y=y0 y<0} while (y>0) {x=x+1; y=y–1;} {x=x0 y= y0 y<0}, for some constants x0 and y0. • {y<0} while (y 0) {x=x+1; y=y–1;} {y=–1}

• {y<0} while (y 0) {x=x+1; y=y–1;} {y=1} • {y<0} while (y 0) {x=x+1; y=y–1;} {y=2}

We leave it to the reader to ponder, by reference to the definition of this notation, why each one of the formulas above is valid. So far we have established the validity of these formulas by inspection, in reference to the definition. For larger and more com- plex programs, this may not be practical; in the next section, we introduce a deductive process that aims to establish the validity of complex formulas by induction on the complexity of the program structure.

5.3 VERIFICATION