Partial correctness rules (intensional approach)
[assp ]
{ P [x7→a] } x := a { P }
[skipp ]
{ P } skip { P }
[compp ]
{ P } S1 { Q } { Q } S 2 { R }
{ P } S1 ; S 2 { R }
[ifp ]
{ b ∧ P } S1 { Q } { ¬b ∧ P } S2 { Q }
{ P } if b then S1 else S2 { Q }
{b ∧ P }S {P }
[whilep ]
{ P } while b do S { ¬b ∧ P }
[consp ]
{ P 0 } S { Q0 }
if P ⇒ P 0 and Q0 ⇒ Q
{P }S {Q}
1
The formula P in rule [whilep ] is called the loop invariant.
Remember that:
• { P } S { Q } means
if
S is executed in a state satisfying P
and S terminates
then
the final state satisfies Q
• P [x7→a] stands for the formula P with every (free) occurrence of the
variable x replaced by a.
So for instance from rule [assp ] we get
{ x + 1 = n } x := x + 1 { x = n }, and
{ x = x } x := n { x = n }.
From the latter by rule [consp ] we obtain { true } x := n { x = n }.
2