Weakest Precondition

Definition

Weakest Precondition

The weakest precondition (WP) is the most general (least restrictive) formula $F^{'}$ such that the Hoare triple ${F^{'}} Π {G}$ is totally correct.

Relation to WLP

The weakest precondition is more restrictive than the weakest liberal precondition because it must also guarantee termination:

wp (Π, G) = wlp (Π, G) \land terminates (Π)

Verification Method

To verify that a program $Π$ satisfies a specification ${F} Π {G}$ , one can:

Calculate the weakest precondition $F^{'}$ from the program $Π$ and the postcondition $G$ .
Show that the actual precondition $F$ implies $F^{'}$ (i.e., $F ⟹ F^{'}$ ).

Informative Power

If $F ⟹ F^{'}$ , then $F$ is stronger than $F^{'}$ . By proving this implication, we ensure that $F$ provides enough information/constraints to guarantee that the program ends in a state satisfying $G$ .

Examples

Example: Swapping Values

Let $P, Q$ be two conditions with:

P : Q : x = x_{0} \land y = y_{0} x = y_{0} \land y = x_{0}

Show that following Hoare triple is totally correct:

{P} t := x; x := y; y := t {Q}

Info

${F} Π {G}$ is totally correct if $F \Rightarrow wp (Π, G)$ .
$wp (v := e, G) wp (Π; Ω, G) = G [e / v] = wp (Π, wp (Ω, G))$

wp (t := x; x := y; y := t, Q) = wp (t := x; x := y, wp (y := t, Q)) = wp (t := x; x := y, Q [t / y]) = wp (t := x, wp(x:=y,Q[t/y])) = wp (t := x, Q [t / y] [y / x]) = Q [t / y] [y / x] [x / t]

Further, we can show that the computed precondition is implied by $P$ :

P (x = x_{0} \land y = y_{0}) (x = x_{0} \land y = y_{0}) (x = x_{0} \land y = y_{0}) (x = x_{0} \land y = y_{0}) \Rightarrow Q [t / y] [y / x] [x / t] \Rightarrow (x = y_{0} \land y = x_{0}) [t / y] [y / x] [x / t] \Rightarrow (x = y_{0} \land t = x_{0}) [y / x] [x / t] \Rightarrow (y = y_{0} \land t = x_{0}) [x / t] \Rightarrow (y = y_{0} \land x = x_{0}) □

Lukas' Notes

Weakest Precondition

Definition

Relation to WLP

Verification Method

Examples

Example: Swapping Values

Graph View

Table of Contents

Backlinks