Predicative programming 📖 Wikipedia

Predicative programming is the original name of a formal method for program specification and refinement, more recently called a Practical Theory of Programming, invented by Eric Hehner. The central idea is that each specification is a binary (boolean) expression that is true of acceptable computer behaviors and false of unacceptable behaviors. It follows that refinement is just implication. This is the simplest formal method, and the most general, applying to sequential, parallel, stand-alone, communicating, terminating, nonterminating, natural-time, real-time, deterministic, and probabilistic programs, and includes time and space bounds.

Commands in a programming language are considered to be a special case of specification—those specifications that are compilable. For example, if the program variables are ${\displaystyle x}$, ${\displaystyle y}$, and ${\displaystyle z}$, the command ${\displaystyle x}$:= ${\displaystyle y}$+1 is equivalent to the specification (binary expression) ${\displaystyle x'}$=${\displaystyle y}$+1 ∧ ${\displaystyle y'}$=${\displaystyle y}$ ∧ ${\displaystyle z'}$=${\displaystyle z}$ in which ${\displaystyle x}$, ${\displaystyle y}$, and ${\displaystyle z}$ represent the values of the program variables before the assignment, and ${\displaystyle x'}$, ${\displaystyle y'}$, and ${\displaystyle z'}$ represent the values of the program variables after the assignment. If the specification is ${\displaystyle x'}$>${\displaystyle y}$, we easily prove (${\displaystyle x}$:= ${\displaystyle y}$+1) ⇒ (${\displaystyle x'}$>${\displaystyle y}$), which says that ${\displaystyle x}$:= ${\displaystyle y}$+1 implies, or refines, or implements ${\displaystyle x'}$>${\displaystyle y}$.

Loop proofs are greatly simplified. For example, if ${\displaystyle x}$ is an integer variable, to prove that

while ${\displaystyle x}$>0 do ${\displaystyle x}$:= ${\displaystyle x}$–1 od

refines, or implements the specification ${\displaystyle x}$≥0 ⇒ ${\displaystyle x'}$=0, prove

if ${\displaystyle x}$>0 then ${\displaystyle x}$:= ${\displaystyle x}$–1; (${\displaystyle x}$≥0 ⇒ ${\displaystyle x'}$=0) else ${\displaystyle ok}$ fi ⇒ (${\displaystyle x}$≥0 ⇒ ${\displaystyle x'}$=0)

where ${\displaystyle ok}$ = (${\displaystyle x'}$=${\displaystyle x}$) is the empty, or do-nothing command. There is no need for a loop invariant or least fixed point. Loops with multiple intermediate shallow and deep exits work the same way. This simplified form of proof is possible because program commands and specifications can be mixed together meaningfully.

Execution time (upper bounds, lower bounds, exact time) can be proven the same way, just by introducing a time variable. To prove termination, prove the execution time is finite. To prove nontermination, prove the execution time is infinite. For example, if the time variable is ${\displaystyle t}$, and time is measured by counting iterations, then to prove that execution of the previous while-loop takes time ${\displaystyle x}$ when ${\displaystyle x}$ is initially nonnegative, and takes forever when ${\displaystyle x}$ is initially negative, prove

if ${\displaystyle x}$>0 then ${\displaystyle x}$:= ${\displaystyle x}$–1; ${\displaystyle t}$:= ${\displaystyle t}$+1; (${\displaystyle x}$≥0 ⇒ ${\displaystyle t'}$=${\displaystyle t}$+${\displaystyle x}$) ∧ (${\displaystyle x}$<0 ⇒ ${\displaystyle t'}$=∞) else ${\displaystyle ok}$ fi ⇒ (${\displaystyle x}$≥0 ⇒ ${\displaystyle t'}$=${\displaystyle t}$+${\displaystyle x}$) ∧ (${\displaystyle x}$<0 ⇒ ${\displaystyle t'}$=∞)

where ${\displaystyle ok}$ = (${\displaystyle x'}$=${\displaystyle x}$ ∧ ${\displaystyle t'}$=${\displaystyle t}$).

• E.C.R. Hehner, a Practical Theory of Programming, Springer-Verlag 1993. Most recent edition online at a Practical Theory of Programming.

• Publications by Eric Hehner.

This formal methods-related article is a stub. You can help Wikipedia by adding missing information.

• v
• t
• e