SE 504
Proving Correctness of an Assignment

The Hoare Triple law for assignment says

{P} x:=E {Q}  ≡  [P ⇒ Q(x := E)]

Example: Prove {P1 ∧ P2} x, y := x*x, y div 2 {P1}, where

P1: C = xy   and   P2: even.y

Solution: By the Hoare Triple law for assignment, it suffices to prove P1 ∧ P2  ⇒  P1(x,y := x*x, y div 2). The usual approach is to assume the antecedant and to show the consequent: 

  Assume P1 ∧ P2 

     P1(x,y := x*x, y div 2)

  =     < defn of P1 and textual substitution >

     C = (x*x)y div 2

  =     < algebra: x*x = x2 >

     C = (x2)y div 2

  =     < algebra: (ab)c = abc >

     C = x2(y div 2)

  =     < assumption P2 implies y div 2 = y/2 >

     C = x2(y/2)

  =     < algebra: a(b/a) = b (for a != 0) >

     C = xy

  =     < assumption P1 >

     true

Now suppose that we use the wp approach instead of the Hoare Triple approach. The relationship between wp and Hoare Triples is

{P} S {Q}  ≡  [P ⇒ wp.S.Q]

Furthermore, the wp assignment rule is [wp.(x:=E).Q ≡ Q(x:=E)].

Hence, to prove {P1 ∧ P2} x,y := x*x, y div 2 {P1} we show the equivalent

[P1 ∧ P2  ⇒  wp.(x,y := x*x, y div 2).P1]

The usual approach is to assume the antecedant and to show the consequent: 

  Assume P1 ∧ P2.

     wp.(x,y := x*x, y div 2).P1

  =     < wp assignment rule >

     P1(x,y := x*x, y div 2)

  =     < defn of P1 and textual substitution >

     C = (x*x)y div 2
As this is the second line of the proof above, we simply continue as in that proof.