SE 500 (Math for Software Engineering)
SE 504 (Formal Methods and Models)
SE 507 (Requirements Analysis and Software Specification)
Weakening/Strengthening Proofs
(or: On Proofs Involving the Replacement of A by B, where A B)

In the following, A, B, and C represent arbitrary boolean expressions satisfying [A B] (i.e., in all states, A implies B), and represents any one of the operators ∧ (conjunction), ∨ (disjunction), ≡ (equivalence), (implication), or <== (consequence). Students often assume, wrongly, that, regardless of what is, the following is a valid proof step: 

      A ⊕ C 

⇒      < hint as to why [A ⇒ B] >

      B ⊕ C
(You can easily imagine similar scenarios in which the two operands of are swapped in each expression and/or in which each occurrence of is replaced by <==.)

Do you see anything wrong?

What is wrong is that this step is not valid, unless happens to be either ∨, ∧, or ⇐. In the first two of these cases, the step is justified by the Monotonicity Theorems (4.2) and (4.3), respectively, in Gries and Schneider. Analogous theorems for the other two binary boolean operators (namely ≡ and ⇒) do not exist!! Indeed, it is easy to devise counterexamples to demonstrate that, for each of the operators ≡ and , the above proof step is not valid. This is left as an exercise for the reader.

The following theorem indicates for which combinations of operators and a proof step of the form 

      A ⊕ C 

∗      < hint as to why [A ⇒ B] >

      B ⊕ C
is valid.

Theorem:

  1. (p q)    (p ∨ r q ∨ r)   (4.2)   (weakening a disjunct weakens a disjunction)
  2. (p q)    (p ∧ r q ∧ r)   (4.3)   (weakening a conjunct weakens a conjunction)
  3. (p q)    ((p r) <== (q r))   (weakening the antecedant strengthens an implication)
  4. (p q)    ((r p) (r q))   (weakening the consequent weakens an implication)
  5. (p q)    (¬q ¬p)   (weakened form of (3.61) Contrapositive)

You may find it helpful to think of each of these as giving rise to a rule of inference that can be applied in carrying out proofs in equational logic:

(a) (b) (c) (d) (e)
P ⇒ Q
---------------
P ∨ R ⇒ Q ∨ R
P ⇒ Q
---------------
P ∧ R ⇒ Q ∧ R
P ⇒ Q
--------------------
(P ⇒ R) <== (Q ⇒ R)
P ⇒ Q
-------------------
(R ⇒ P) ⇒ (R ⇒ Q)
P ⇒ Q
-----------
¬Q ⇒ ¬P

For example, from (c) it follows that for any boolean expressions A, B, C satisfying [A B], the following is valid: 

      A ⇒ C 

<==      < hint as to why [A ⇒ B] >

      B ⇒ C
From (d) it follows that 
      C ⇒ A 

⇒      < hint as to why [A ⇒ B] >

      C ⇒ B
is valid.

From (e), it follows that 

      ¬A 

<==      < hint as to why [A ⇒ B] >

      ¬B
is valid.

If the subexpression that we replace with a weaker one in a given step is an operand not of the primary operator of the expression but rather a secondary (or tertiary, etc.) operator, then the theorems listed above need to be applied in sequence. For example, consider this proof step: 

      D ⇒ C ∨ A

⇒      < hint as to why [A ⇒ B] >

      D ⇒ C ∨ B

This step's validity rests upon both parts (a) and (d) of the theorem above. Specifically, replacing A by B transforms C∨A into the weaker C∨B, according to part (a) of the theorem (which is Theorem (4.2) in Gries & Schneider). Which is to say that we have weakened the consequent of the implication, so that by part (d) of the theorem, the resulting implication (D ⇒ C ∨ B) is weaker than the original (D ⇒ C ∨ A).

Exercises:

Suppose that [A⇒B] (i.e., A⇒B is a theorem). For each pair of expressions given, tell what relationship, if any, we can we claim holds between them.

1. D ∧ A ⇒ C  and  D ∧ B ⇒ C.

2. D ∧ ¬A ⇒ C  and  D ∧ ¬B ⇒ C.