where E is an expression to be computed so as to satisfy the Hoare Triple. We can attempt to calculate E by "solving for it" while carrying out a proof of the Hoare Triple. Here goes:
By the Law Relating HT with wp, this is equivalent to [C = 2i+j ⇒ wp.(i,j:=i-j,E).(C=i+j)]. By Gries's Metatheorem (9.16), to prove this it suffices to prove the nested implication (i.e., to which the "everywhere" operator is being applied). To do so, it is common to apply the Assume the Antecedant approach, as we do here.
Assume C = 2i+j. wp.(i,j:=i-j,E).(C=i+j) = < wp Assignment Law (wpAL) > (C=i+j)(i,j:=i-j,E) = < textual substitution > C = i-j + E = < assumption > 2i + j = i-j + E = < algebra > E = i + 2j |
The result of this calculation tells us that we can complete the assignment command in our program to make it look like this:
By the Law Relating HT with wp, this is equivalent to [P ∧ i≥0 ⇒ wp.(i,z := i+1,E).P]. By Gries's Metatheorem (9.16), to prove this it suffices to prove the embedded implication.
Assume P and i≥0 (where P : z = (+j | 0≤j<i : b.j)).
wp.(i,z := i+1,E).P
= < wpAL >
P(i,z := i+1,E)
= < definition of P >
{z = (+j | 0≤j<i : b.j)(i,z := i+1,E)
= < textual substitution >
E = (+j | 0≤j<i+1 : b.j)
= < Split off term (8.23) (requires assumption i≥0) >
E = (+j | 0≤j<i : b.j) + b.i
= < assumption P >
E = z + b.i
|
The result of this calculation tells us that we can complete the assignment command in our program to make it look like this: