a simple relation between relational and predicate transformer semantics for nondeterministic...
TRANSCRIPT
Volume 11, number 4,5 INFORMATION PROCESSING LETTERS 12 December 1980
A SiMPLE RELATION BECWEEN RELATIONAL AND PREDICATE TRANSFORMER SEMANTICS FOR NOluDETERMINlSTIC PROGRAMS
Mila I. MAJSTERCEDERBAUM Institut fi?r Informatik, Technische Universitli’t i&When, D-8000 Minehen 2, Fed. Rep. Germany
Kcccived 2 1 May 1980
Nondeterministic programs, semantics, predicate transformer, relational semantics
The relation between ¬ational and Woare-like
semantics for both deterministic and nondeterministic programming languages has been investigated exten- sively (3 --71. The connection between predicate trans- former semantics and denotational semantics for deterministic programs is revealed in (71, but for non- deterministic programs only some first considerations
are known IS]. We present here the formal relation between rela-
tional semantics and predicate transformer semantics for nondeterministic programs. We assume that the reader is familiar with Dijkstra’s guarded command ianguage 121 including assignment, compounds, guarded nondeterministic selection and guarded non- dctermmistic loops.
Tilnoughout we will make use of the notion of a stute. A state s is a mapping from the program vari- ables to values. St denotes the set of all states. In addi- tion we will use ST1 = St u {l), where 1 is an element not contained in St.
We consider two ways of asso::iating an input-out- 3ut relation on states with a nondeterministic pro- gram P. In the first alternative we associate with P the ret IrfP) of all pairs (sr , sz) such that there is a compu- tation of P yielding s2 when starting in sl. The induc- tive definition of r(P) is given in the appendix. In the second alternative :ve associate with P the set rl(P) of all pairs Cs,. s2), where s2 S St and there is a computa- tion of P yielding s2 u lien started in sl, or s2 = 1 and there is a computation of P starting in st that does not tcrntinate. r’(P) is formally defined in the appendix.
We will further need the notions of the weakest
precondition wp and the weakest liberal precondition wlp [2]. For a nondeterministic program P and a con- dition R on states wp(P, R) is the condition on states that characterizes the set of all initial states such that activation of P will properly terminate and result in a state satisfying the condition R. We write s E wp(P,R) to denote that the state s satisfies wp(P, R). The for- mal definition of wp for guarded commands is given in [2]. Silmilarly, wlp(P, R) is the condition that char- acterizes the set of all initial states such that activation
of P will either not terminate or terminate in a state *
satisfying the condition R. In [2] wlp is introduced informally. We give here the first formal definition of wlp for nondeterministic guarded commands in the appendix. See also [9 ,I 01.
Let us now first consider the relational semantics that associates the input-output relation r(P) with the program P. Trivially there exist two programs Pi and P2 that compute the same relation r but have dif- ferent weakest precondition semantics, e.g.
Pr : if true + x := 2x 0 true + do true + skip od fi
with @Pi) = {(x, 2x): x E INT} and wp(Pi, R) = false;
P2: x :=2x
with r(P,) = {(x, 2x): x E INT} and wp(P2, R) = Rz” .
On thlz other hand two programs may have the same preldicate transformer semantics but different relational semantics, e.g.
P3:dox#xo +skipod
with r(P3) = ((x0, x0)1, and wp&, R) = (x = x0 A R);
Volume 11, number 4,5 INFORMATION PROCESSING LETTERS 12 December 1980
P,+:doxfx,, + skip 1 x # x0 + x := x0 od
with r(Pd = ((x, x0): x E INT) and wp(P4. R) =
(X = ~0 A R). Compare [S]. Hence, in the terminology of [S 1, wp semantics does not determine relational semantics and vice versa or, in ther terminology of [7, 81, there is no homomorphism from the wp-algebra to the relational semantic algebra and vice versa.
However, we can establish a one-to-one relation- ship between relational semantics r(P) and the weakest liberal pre-condition semantics as follows:
Lemma 1. Let P be a nondeterministic program, r(P) its relational semantics, then
r(P) = ((sl, sz) E St X St :
s1 $ wlp(P, (s E St: s f s*})} .
Proof. The proof can be performed formally by struc- tural induction on programs and the inductive defini- tion of r(P) and wlp. We argue here informally as fol- lows: let (sl, sz) E r(P) then there is a computation of P starting in s1 and terminating in s2. Assume s1 E wlp(P, (s: s # s2}) then for every computation c of P starting in s 1, c either diverges or ends in a state not
equal to s2 hence we get a contradiction. Let conver- sely (sl, s2) E St X St with s1 @ wlp(P, {s E St: s f sz})
then there is a computation c of P starting in s1 such that c terminates in s2 by definition of wlp.
Lemma 2. Let Pl , P2 be nondeterministic programs
(VSC~ wlpcP1. S) = wbP2,W iff r(Pd = r(P2).
Proof. ‘a : This is an obvious consequence of Lemma 1.
‘e’: Assume there is a set T C St such that wlp(P1, T) # wlp(P2, T). W.1.o.g. Let us assume that there is a state s s E wlp& , T) but s $& wlp(P2, T), hence for some u 4 T, s e wlp(P2, {s‘: s’ f u}). By Lemma 1 (s, u) E r(P2) = r(P1), i.e. s $wlp(Pl, {s’: s’ # u}). T C {s’: s’ # u), hence wlp(Pl, T) C wlp(P, , (s’ : s’ # u)), hence s 4 wlp(P,, T).
Lemnla 2 states: wlp and relational semantics deter-
mine each other.
Let us now cc:lnsider the second alternative for associating a iela tion with P. We can show analogously:
Lemma 3.
r’(P) = {(s,. s2)E St X St’:
s, $wlp(P, (sESt: sf s*))
V(S~ $ wpp, stj A s2 = I)).
Proof. The first clause has been explained before. The second clause takes care of all states for which there exists a nonterminating computation and associates as output state With them.
Lemma 4.
rl(P,) = r1(P2) i’f
c V scst
wlp(P13) = wlp(P*, S) A wp(P,, St)
Proof. ‘d : This is an obvious consequcnct’ of LcIilllla
‘*‘: wp(Pr , St) = the set of all states s foi which every computation of Pl starting in s tcrminafcs
= (S E St: (s, s’) E rl(Pl) -+ s’ # I}
= (s E St: (s. s’) E rL(P2) + s’ f I)
= wp(P;!, St).
In addition, rL(Pl) = rL(P2) kiplies r(P,;) = r(P2), hence by Lemma 2 we get the desired result.
It remains to investigate the relation bctwcen wp and r.
Lemma 5. rl(Pl) = +jP2) implies Vsc st u’p( PI , S) =
wpcp;, , 9.
Proof, Assume 3T: wp(Pl, T) # wp(P2, T), w.1.0.g. 3s such that s E wp(P1, T) A s 4 wp(P2. -I‘). ~fmx~
for every computation c of PI starting in s, c ternii- nates and ends in T, hence (s, s’) E rL(Pl) implies s’ # 1 and s’ E T. As s $ wp(P2, T) there is a colllplita- tion of Y2 that either does not terminate or ~~nli- nates outside of T. Hence either (s. 1) E r’(P2) or (s, s’) E r1(P2) = ri(P1) with s’ $#I T, yielding a cant ra-
dictkm.
The converse implication is not valid a!; a consc-
191
Volume Y 1, number 4,s fNFORMATION PROCESSING l:ETTERS 12 December 1980
quence of our remarks concerning the relation between r(P) and wp and of the fact that r’(P,) = rsW2) then r(P,) = r(P&
it shodcl not be difficult for the reader now to determine ~lp(P, S) in terms of r(P) and wp(l?, Sj in terms of 8(P)
The interebled ruder is referred to 18-I 0] for further results concerning the comparison of seman-
tics.
AppldiJi
(1)Let
wlp(D0, R) = Vk Rk, where
R* =RvB, v..+B,,,
Mk = wlp(lF, Rk_I) A K0 for k 2 1 .
The transformers for the remaining commands are ob- vious.
(1) r is obvious for skip and assignment . Let PI, P2 be programs
r[P,; I’*) = r(P1) * r(P2 j,
r(if B, +P, Il.-.B,+P,fi)
= bl O r(P,) U --- 6, 0 r(P,) ,
where bi = {(St S) E St X St: Bi(s)};
r(do B1 + P2 0 *a- B, + P, od)
= (b, 3 r(P,) U - b, 0 r(Pf,))* 0 l(t), IJ a-- b,) ,
wfxre Cj* = Ui>* qi,
References
ill E.W.D. Dijkstra, Guarded commands, nondeterminancy ard formal derivation of programs, Comm. ACM 18 (8) (1975) 453-457. I
VI
131
E.W.D. Dijkstra, A Discipline of Programming (Prentice Hall, Englcwood Cliffs, NJ). J. Donahue, Complementary definitions of programming language semantics, Springer Lecture Notes in Computer Science 42 (1976).
(3) r’ is obvious for skip and assignment.
rl(P1; P2) = {(s, S’): 3 t E St:
(s, 0 E r’(PA (t, s’) E r’(P&
U {(s, 0: (s, U 65 r’(PA
r’(if B1 -+ PI 0 *** B, + P, fij
= bl 0 rl(P1j U **- b,, 0 r’(P,j
u l(bl ..a b,) 0 {(s, I): s E St},
r’(do Bl + PI 0 **. B, i* P, od)
= {(s, s’j: 3i(s, s’) E ri, (s’, s’j $ bl U 0’. b,)
II {(s, I): Vi 3 t: (s, tj E r’l
(where ri = (b, 0 r’(P1) U **. b, 0 r’(P,)‘), by K6nig’s lemms.
161
171
181
S.A. Cook, Soundness and complctencss of an asiom system fol; program verification, SIAM J. Comput. 7 (1) (1978). 1. Crcif and A. Meyer, Specifying the semantics of while-programs, MIT/LCS/TM-130 Technical Report (1979). C.A.R. Hoare and P.E. Lauer, Consistent and compie- mentary formal thco:ies of the semantics of propratn- ming languages, Acta Informat. 3 (2) (1974). M.E. Majster, A unified view of semantics, Technical Report Cornell University, TR-79-394 (1979). M .E. Majster, Semantics: algebras, fised points, asioms, P,roc. 7th Internat. Colloquium on Automata, Languages and Programming (1980). M.E. Majster-Cederbaum, Towards a gcncral theory of semantics, submitted for publication. M.E. Majstcr-Cederbaum, General properties of semantics Technical Report, in print.
!92