Free electronic library

R)
which in turn implies that / \C;S?‡’/ \C;S. End of Proof
Corollary 7.10
a. If / \B;S1;/ \B;S2;/ \B;S3; . . . ;/ \B;Sn;/ \?¬B is a trace subprogram
of while B do S then each Si (1 ?‰¤ i ?‰¤ n) is a trace subprogram of S.
b. If S1;/ \B;S2;/ \B;S3; ...;/ \B;Sn;/ \?¬B is a trace subprogram of
repeat S until ?¬B, then each Si (1 ?‰¤ i ?‰¤ n) is a trace subprogram
of S.
Proof. It immediately follows from the semantics of a repeat construct
and Definition 5.1a.
76
Program Recomposition
Theorem 7.11
Let S and S be two programs.
a. If (1) S is deterministic, (2) Q is a loop invariant of / \Q; while B
do S, (3) S?‡’S, and (4) wp(/ \Q;S, T) ?‰? wp(/ \Q;S, T), then Q is
also a loop invariant of / \Q; while B do S.
b. If (1) S is deterministic, (2) Q is a loop invariant of / \Q; repeat S
until ?¬B, (3) S?‡’S, and (4) wp(/ \Q;S, T) ?‰? wp(/ \Q;S, T), then
Q is also a loop invariant of / \Q; repeat S until ?¬B.
Proof. What follows is a proof of Part a. Part b can be similarly proved.
Let
A1: wp(S, Q) ??§ wp(S, ?¬Q) ?‰? F, i.e., S is deterministic,
A2: Q??§ B ??? wp(S, Q), i.e., Q is a loop invariant of / \Q; while B do S,
A3: (wp(S, Q) ??? wp(S, Q)) ??§ (wp(S, ?¬Q) ??? wp(S, ?¬Q)), i.e., S?‡’S,
A4: wp(/ \Q;S, T) ?‰? wp(/ \Q;S, T), which is logically equivalent to
Q ??§ (wp(S, Q) ??? wp(S, ?¬Q)) ?‰? Q ??§ (wp(S, Q) ???
wp(S, ?¬Q)), and
C: Q ??§ B ??? wp(S, Q), i.


Pages:
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93