Assignment 8 – WP exercises and Dafny
Due Wed 12/8 11:59pm
1 Part one: WP exercises.
Use the WP logic to determine the condition that must hold on input in order to guarantee the condition written at the end of each program.
Do this by adding comments before each line of code describing the WP at that point, like we did in class. For each "step" applying a rule, first show the raw formula produced by the rule. Then, you may simplify the formula on one or more lines above that, and use the simplified version for the next step.
{result < 25} <-- simplified |
{result < 5*5 ∧ 5 > 2} <-- raw formula produced by the assignment rule |
x = 5 |
{result < x*x ∧ x > 2} <-- original formula |
When you finish, you may have a complex expression; it should simplify to bounds on input.
x = input * 2
if (x < 100)
y = x
else
y = 100
result = y - input
{goal: result >= 0}
x = (input - 20)*5
result = max(x, input)
{goal: result >= 0}
{pre: true}
def max(a, b):
if a > b:
result = a;
else:
result = b;
{post: result >= a ∧ result >= b}
(Be sure to prove the max function is correct too!)
--------------------------- |
{goal[x -> e]} x = e {goal} |
|
|
{pre} S1 {pre-S2} {pre-S2} S2 {goal} |
---------------------------------------- |
{pre} S1; S2 {goal} |
|
|
{pre-S1} S1 {goal} {pre-S2} S2 {goal} |
---------------------------------------------------- |
{(b ⇒ pre-S1) ∧ (~b ⇒ pre-S2)} (if (b) S1 S2) {goal} |
|
|
obligations = pre(f, AE ...) assumptions = post(f, AE ...) |
------------------------------------------------------------------------- |
{obligations ∧ (assumptions ⇒ goal[x -> f(AE ...)])} x = f(AE ...) {goal} |
|
where pre(f, AE ...) substitutes each argument AE |
into the precondition of f |
post(f, AE ...) substitutes each argument AE |
into the postcondition of f, and |
replaces `result` in the |
postcondition with f(AE ...) |
|
|