SE 504
Sample Proof of Correctness of a Selection Command

Prove the following Hoare triple:

{P} if k > 0 ⟶ k := k+1 [] k < 0 ⟶ k := k-1 fi {Q}

where both P and Q are k≠0.

By the Hoare Triple Selection Law (HTSL), to prove this Hoare Triple it suffices to prove each of the following:

1. [P ⟹ k>0 ∨ k<0]
2. {P ∧ k>0} k:=k+1 {Q}
3. {P ∧ k<0} k:=k-1 {Q}

As for the first, which is an implication, we employ the "Assume the Antecedant" approach:

Assume P (i.e., k≠0) k>0 ∨ k<0 = < number theory: x>y ∨ x<y ≡ x≠y > k≠0 = < assumption P > true

As for the second (i.e., {P ∧ k>0} k:=k+1 {Q}), by the relationship between Hoare Triples and the wp function, it is equivalent to [P ∧ k>0 ⟹ wp.(k:=k+1).Q], so we prove it employing the Assume the Antecedant approach:

Assume P and k>0. wp.(k:=k+1).Q = < defn. of Q > wp.(k:=k+1).(k≠0) = < wpAL (wp Assignment law) > (k≠0)(k:=k+1) = < textual substitution > k+1 ≠ 0 = < algebra > k ≠-1 = < assumption k>0 > true

As for the third (i.e., {P ∧ k<0} k:=k-1 {Q}), the proof of its validity is very similar to the proof just presented, so it is omitted.