Predicate transformer semantics

Predicate transformer semantics is an extension of Floyd-Hoare Logic invented by Dijkstra and extended and refined by other researchers. It was first introduced in Dijkstra's paper "Guarded commands, nondeterminacy and formal derivation of programs". It is a method for defining the semantics of an imperative programming language by assigning to each "command" in the language a corresponding "predicate transformer". A "predicate transformer" is a total function mapping between two "predicates" on the state space of a program.

The canonical "predicate transformer" of sequential imperative programming is the so-called "weakest precondition" $wp(S,\; R)$. Here "S" denotes a list of "commands" and "R" denotes a predicate on the space, called the "postcondition". The result of applying this function gives the "weakest pre-condition" for "S" terminating with "R" true. An example is the following definition of the assignment statement:

:$wp(x\; :=\; E,\; R)\; =\; R\_E^x$

This gives a predicate that is a copy of "R" with the value of "x" replaced by "E".

An example of a valid calculation of "wp" for assignments with integer valued variables "x" and "y" is:

:$wp(x\; :=\; y\; -\; 5,\; x\; >\; 10)\; =\; (y\; -\; 5\; >\; 10)\; =\; (y\; >\; 15)$

This means that in order for the "post-condition" "x > 10" to be true after the assignment, the "pre-condition" "y > 15" must be true before the assignment. This is also the "weakest pre-condition", in that it is the "weakest" restriction on the value of "y" which makes "x > 10" true after the assignment.

Dijkstra also defined alternative (if) and repetitive (do) constructs as well as a composition operator (;) using "wp". The alternative and repetitive constructs used "guarded commands" to influence execution. Because of the rules he imposed on the definition of "wp", both constructs allow for non-deterministic execution if the "guards" in the commands are non disjoint.

Unlike many other semantic formalisms, predicate transformer semantics was not designed as an investigation into foundations of computation. Rather, it is intended to provide programmers with a methodology to develop their programs as "correct by construction" in a "calculational style". This style was advocated by Dijkstra and others, and also developed further in a higher order logic setting by R.-J. Back in the Refinement Calculus.

Although the most common and most widely discussed because of their relevance to sequential programming, "weakest pre-conditions" are not the only "predicate transformers". For example, Leslie Lamport has suggested "win" and "sin" as "predicate transformers" for concurrent programming.

See also

* Weakest liberal precondition

References

* Edsger W. Dijkstra, "Guarded commands, nondeterminacy and formal derivation of programs". "Communications of the ACM", 18(8):453–457, August 1975. [http://doi.acm.org/10.1145/360933.360975]
* Leslie Lamport, "win" and "sin": Predicate Transformers for Concurrency". "ACM Transactions on Programming Languages and Systems", 12(3), July 1990. [http://research.microsoft.com/users/lamport/pubs/pubs.html#lamport-win]
* Ralph-Johan Back and Joakim von Wright, "Refinement Calculus: A Systematic Introduction", 1st edition, 1998. ISBN 0-387-98417-8.
* Edsger W. Dijkstra. "A Discipline of Programming" (A systematic introduction with examples). ISBN 0-613-92411-8.