Proving Programs Examples Prove each of the following code segments are correct by backing up the postcondition to get an appropriate precondition 1. { input ^ 8 = input ^ 8 } <=> { true } read(x); { x * x * x * x * x * x * x * x = input ^ 8 } x := x * x; { x * x * x * x = input ^ 8 } x := x * x; { x * x = input ^ 8 } x := x * x; { x = input ^ 8 } write(x); { output = input ^ 8 } 2. { input >= 0 and (input = input or input = 0 - input) and (input >= 0) or 0 >= input and (0 - input = input or input = input) and input < 0 } <=> { true } read(x); { x >= 0 and (x = input or x = 0 - input) and (x >= 0) or 0 >= x and (0 - x = input or x = input) and x < 0 } if (x < 0) then { 0 - x >= 0 and (0 - x = input or 0 - x = 0 - input) } x := 0 - x { x >= 0 and (x = input or x = 0 - input) } write(x); { output >= 0 and (output = input or output = 0 - input} 3. { 1 = 2^(input-input) and (input >= 0) } <=> { input >= 0 } read(x); { 1 = 2^(input-x) and (x >= 0) } res := 1; { res = 2^(input-x) and (x >= 0) } Loop invariant: { res = 2^(input-x) and (x >= 0) } P and => P' : { res = 2^(input-x) and (x >= 0) and x > 0 } => { res = 2 ^ (input - x) and x > 0 } P and (not ) => Q : { res = 2^(input-x) and (x >= 0) and (x <= 0) => { res = 2^input } while (x > 0) do BEGIN { res * 2 = 2^(input-x+1) and (x-1 >= 0) } <=> { res = 2 ^ (input - x) and x > 0 } res := res * 2; { res = 2^(input-x+1) and (x-1 >= 0) } x := x - 1; { res = 2^(input-x) and (x >= 0) } END; { res = 2^input } write(res); { output = 2^input } 4. { input = input1 and input2 >= 0 } <=> { input2 >= 0 } read(x); { 0 = x * (input2 - input2) and x = input1 and input2 >= 0 } <=> { x = input1 and input2 >= 0 } read(y); { 0 = x * (input2 - y) and x = input1 and y >= 0 } res := 0; { res = x * (input2 - y) and x = input1 and y >= 0 } Loop invariant P: { res = x * (input2 - y) and x = input1 and y >= 0 } P and => P' : { res = x * (input2 - y) and x = input1 and y >= 0 and y > 0} => { res = x * (input1 - y) and x = input1 and y > 0 } P and (not ) => Q { res = x * (input2 - y) and x = input1 and y >= 0 and y <= 0} => { res = input1 * input2 } while (y > 0) do BEGIN { res + x = x * (input2 - y + 1) and x = input1 and y - 1 >= 0 } <=> { res = x * (input2 - y) and x = input1 and y > 0 } res := res + x; { res = x * (input2 - y + 1) and x = input1 and y - 1 >= 0 } y := y - 1; { res = x * (input2 - y) and x = input1 and y >= 0 } END; { res = input1 * input2 } write(res); { output = input1 * input2 } 5. This one is a little tricky ... You can assume that all variables are integers. { 0 <= input and input = input } <=> { input >= 0 } read(x); { 0 = 0 and 0 <= x and x = input } <=> { 0 <= x and x = input } res := 0; { res = 0 and 0 <= x and x = input } y := 0 { res = y * (y + 1) / 2 and y <= x and x = input } Loop invariant P: { res = y * (y + 1) / 2 and y <= x and x = input } P and => P' : { res = y * (y + 1) / 2 and y <= x and x = input and x > y } => { res = y * (y + 1) / 2 and y < x and x = input } P and (not ) => Q { res = y * (y + 1) / 2 and y <= x and x = input and x <= y } => { res = input * (input + 1) / 2 } while (x > y) do BEGIN { res + (y + 1) = (y + 1) * (y + 2) / 2 and y <= x + 1 and x = input } <=> { res = (y*y + 3y + 2 - 2y - 2) / 2 and y < x and x = input } <=> { res = y * (y + 1) / 2 and y < x and x = input } y := y + 1; { res + y = y * (y + 1) / 2 and y <= x and x = input } res := res + y; { res = y * (y + 1) / 2 and y <= x and x = input } END; { res = input * (input + 1) / 2 } write(res); { output = input * (input + 1) / 2 }