/*

Use the WP logic to determine the condition that must hold on @tt{input}
in order to guarantee the condition written at the end of each program.

Do this by adding comments before each line of code describing the WP at that point, like we did in class.
For each "step" applying a rule, first show the raw formula produced by the rule.
Then, you may simplify the formula on one or more lines above that, and use the simplified version for the next step.

For example:
{2 < input < 5}          <-- fully simplified
{-5 < input < 5 ∧ input > 2} <-- one level simplification
{input * input < 25 ∧ input > 2} <-- raw formula produced by the assignment rule
result = input * input
{result < 25 ∧ input > 2} <-- original formula

When you finish, you may have a complex expression; it should simplify to bounds on input.
*/

// Problem 1:

x = input * 2
if (x < 100)
  y = x
else
  y = 100
result = y - input
{goal: result >= 0}


// Problem 2:

x = (input - 20)*5
result = max(x, input)

{goal: result >= 0}

{pre: true}
def max(a, b):
    if a > b:
       result = a;
    else:
       result = b;
{post: result >= a ∧ result >= b}
(Be sure to prove the max function is correct too!)




// Problem 3:

/* Consider the following derivation for a function add1 that adds 1 to the input. 
Are there any mistakes in the way the derivation applied the rules we learned in class? If so where is the mistake? 
If the derivation itself is correct, is the function correct? If not, explain the source of the 
unsoundness. 
*/

{pre: true}
def add1(n):
    {true}
    {n == 0 => 1 =1}
    {n == 0 => 1 = 0 + 1}
    {n == 0 => 1 = n + 1}
    {n == 0 => 1 = n + 1 ∧ n != 0 ==> true }
    if n == 0:
        {1 = n+1}
        result = 1
        {result = n+1}
    else:
        {true}
        {true ∧ (add1(n) = n+1 => add1(n) = n+1)}
        result = add1(n)
        {result = n+1}
{post: result = n+1}