Theory of Programming: Notion of solution Zsolt Borsi

Notion of solution

Notation 1 Let H ∗∗ denote the set of all finite and infinite sequences of the elements of set H. H ∞ includes the
infinite sequences; H ∗ contains the finite ones. So, H ∗∗ = H ∗ ∪ H ∞ and H ∗ ∩ H ∞ = ∅. The length of the
sequence α ∈ H ∗∗ is |α|, in case of infinite sequence this value is denoted by ∞.

1 Program function
Definition 1 The weak program function of an S ⊆ A × (Ā ∪ {f ail})∗∗ program is a relation p̃(S) ⊆ A × (A ∪
{f ail}) such that

1. Dp̃(S) = {a ∈ A | S(a) ∩ (Ā ∪ {f ail})∗ ̸= ∅}

2. ∀a ∈ Dp̃(S) : p̃(S)(a) = {b ∈ A ∪ {f ail} | ∃α ∈ S(a) ∩ (Ā ∪ {f ail})∗ : b = α|α| }

Informally, if given a program S then its weak program function p̃(S) maps from A to A ∪ {f ail}, and
contains all the (a, b) pairs so that there is at least one finate execution of the program S starting from state
a, that ends up in state b (b is the special f ail state or an element of the statespace A). In other words, for
any state a the weak program function p̃(S) gives the states where the program S can terminate starting
its execution from state a. Note that executions of S that end up in the f ail state are not excluded here.

Definition 2 The program function of an S ⊆ A × (Ā ∪ {f ail})∗∗ program is a relation p(S) ⊆ A × A such that

1. Dp(S) = {a ∈ A | S(a) ⊆ Ā∗ }

2. ∀a ∈ Dp(S) : p(S)(a) = {b ∈ A | ∃α ∈ S(a) : b = α|α| }

Informally, if given a program S then its program function p(S) maps from A to A, and contains all the
(a, b) pairs so that there are only finate and faultless executions of the program S starting from state a,
and at least one of those finite executions ends up in state b. In other words, for any state a the program
function p(S) gives the states where the program S can terminate starting its execution from state a, but
p(S) is applicable only in states from where there are no faulty or endless executions the program can
produce.

Notation 2 The weak program function of a given S program is denoted by p̃(S), whereas the program function
of S is denoted by p(S).

1
Theory of Programming: Notion of solution Zsolt Borsi

Example 1 Determine the program function of the ABORT program.

Recall: ∀σ ∈ A : ABORT (σ) = {< σ, f ail >}

There is no state from where the program S starts and terminates faultlessly. For any σ starting state
there is only one possible execution of the program S, but the sequence assigned to σ ends in the f ail
state. This is why Dp(S) = ∅ and (as its domain is empty) the program function p(S) is also empty.
However, Dp̃(S) = A since only finite sequences are assigned to every state in the statespace. More
precisely, only one sequence is assigned to a given σ state, that ends in f ail, therefore
∀σ ∈ A : p̃(S)(σ) = {f ail}, the relation p̃(S) contains all the (σ, f ail) pairs where σ is an arbitrary state
in the statespace A.

Example 2 Determine the program function of the SKIP program.

Recall: ∀σ ∈ A : SKIP (σ) = {< σ >}

For any σ starting state there is only one possible execution of the program S. The only sequence as-
signed to σ is finite and ends in the σ state. This is why Dp̃(S) = A.
∀σ ∈ A : p̃(S)(σ) = {σ}, the relation p̃(S) contains all the (σ, σ) pairs where σ is an arbitrary state in
the statespace A. p(S) = p̃(S), since all the executions starting from the state σ are finite and terminate
faultlessly. Informally, starting from any state σ the SKIP program takes us to the σ state.

2 Solution
Definition 3 Let S be a program and F be a problem. We say that program S is partially correct with respect to
F if and only if

1. ∀a ∈ DF : p̃(S)(a) ⊆ F (a)

Remark 1 Notice that if a state a is not in the domain of the weak program function p̃(S) (that means only infinite
sequences are assigned to a by the program S) then p̃(S) = ∅, and p̃(S)(a) ⊆ F (a) is satisfied by default.
Briefly saying: partial correctness = assuming the program terminates, it terminates in good states.

Example 3 Consider the following problem: given a natural number n, our task is to find one of its positive divi-
sors, d. The specification of the problem can be given in the following form:
A = (n : N, d : N)
P re = (n = n′ )
P ost = (P re ∧ d | n)
For example, in the case of the “input” state {n : 10, d : 7}, the only good states are the elements of the statespace
where the value of n is not changed and d is a divisor of n. So the problem (remember: a problem is a relation)
assigns four states to the state {n : 10, d : 7}, namely {n : 10, d : 1}, {n : 10, d : 2}, {n : 10, d : 5} and
{n : 10, d : 10}.
What do we expect from a program to solve this given problem? If we consider the state {n : 10, d : 7}, we want
our program not to abort but surely terminate and end up in any of the listed four states starting it execution from

2
Theory of Programming: Notion of solution Zsolt Borsi

the state {n : 10, d : 7}. In general, we expect the program to surely terminate and end up in a “good” state (that
is assigned to the given state by the problem) starting its execution from any state of the domain of the problem.
In practice, we say that our program finds a divisor of 10 if the value of d is 1, 2, 5 or 10 after the execution of the
program. In case our program is nondeterministic, and it ends up in a state where the value of d is either 2 or 10,
but never is 1 or 5, we can say the program found a divisor of 10 (dispite the fact, that there is no execution of the
program that yields the divisor 5). However, if there is an infinite execution assigned to the state {n : 10, d : 7} by
the program, or the program can terminate in a state where d is not a divisor of n, then the program does not solve
the problem.

Informally, we say that a program solves the problem if

• for any state in the domain of the problem, it is guaranteed that the program terminates faultlessly starting
its execution from the given state

• for any state in the domain of the problem, staring its execution there, the program ends up in “good” states
(that are assigned to the given state by the problem)

Remark 2 When one wants to define the notion of solution, the notion of weak program function is not useful for
this purpose. Instead, the notion of (strong) program function has to be used. For any state a the weak program
function p̃(S) of the program S gives the states where the program may terminate starting its execution from state
a. Notice, that p̃(S) does not guarantee anything: if the pair (a, b) is an element of p̃(S), then there is at least
one execution of S that ends in state b, but it is not ensured that S faultlessly terminates whenever it is executed
starting from state a.

Let us suppose p̃(S)(a) = {b}. In case there is an infinite sequence assigned to a by S, or a sequence that ends in
the f ail state, it is not guaranteed that S terminates in state b.
In contrast, if p(S)(a) = {b} then every possible execution of S leads b from state a.

Definition 4 Let S be a program and F be a problem. We say that program S is totally correct with respect to F
(or solves the problem F ) if and only if

1. DF ⊆ Dp(S)

2. ∀a ∈ DF : p(S)(a) ⊆ F (a)

Remark 3 Notice that if S1 and S2 are programs such that their program functions equal ( P [S1 ] = P [S2 ] ) then
they solve the same problems. In this case we say that S1 and S2 programs are equivalent.

Exercise 1 Let A = [1..5] be a statespace, S ⊆ A × (A ∪ {f ail})∗∗ a program over the statespace A.

 

 1 →< 1, 2, 5, 1 > 1 →< 1, 4, 3, 5, 2 > 1 →< 1, 3, 2, 3, . . . >

2 →< 2, 1 > 2 →< 2, 4 > 3 →< 3, 3, 3, . . . >
 
S=

 4 →< 4, 1, 5, 4, 2 > 4 →< 4, 3, 1, 2, 5, 1 > 5 →< 5, 2, 3, 4 > 

5 →< 5, 2, f ail > 5 →< 5, 3, 4 >
 

Let F ⊆ A × A denote the following problem: F = { (2, 1), (2, 4), (4, 1), (4, 2), (4, 5) }

3
Theory of Programming: Notion of solution Zsolt Borsi

1. Determine the program function of S and its domain.

2. Decide whether S is totally correct with respect to the given problem F .

1. Determine the program function of S and its domain.

Dp(S) is a set of states to which only finite and faultless sequences are assigned. For example,
5∈/ Dp(S) since there exists a sequence linked to 5 that ends in the f ail state. However, at least one
of the sequences linked to 5 is finite, so 5 ∈ Dp̃(S) .
In case of state 1, there is an infinite sequence (namely < 1, 3, 2, 3, . . . >) linked to 1. This is why
1∈/ Dp(S) , but 1 ∈ Dp̃(S) and p̃(S)(1) = {1, 2} since there is a finite sequence assigned to 1 that ends
in 1 and an other one that ends in 2, respectively.

Dp(S) = {2, 4} p(S) = {(2, 1), (2, 4), (4, 2), (4, 1)}

The weak program function of S is the following relation:

Dp̃(S) = {1, 2, 4, 5} p̃(S) = {(1, 1), (1, 2), (2, 1), (2, 4), (4, 2), (4, 1), (5, 4), (5, f ail)}

2. Decide whether S is totally correct with respect to the given problem F .

We have to check the two conditions of the definition of total correctness:

• DF ⊆ Dp(S)
Only the states 2 and 4 are in the domain of the problem: DF = {2, 4}. We already calculated
Dp(S) . The domain of the problem and the domain of the program function are equal, so the
condition DF ⊆ Dp(S) holds.

{2, 4} = DF ⊆ Dp(S) = {2, 4} ✓

• ∀a ∈ DF : p(S)(a) ⊆ F (a)

DF = {2, 4}
In case a = 2, then {1, 4} = p(S)(2) ⊆ F (2) = {1, 4}. ✓
In case a = 4, then {2, 1} = p(S)(4) ⊆ F (4) = {1, 2, 5}. ✓

As both of the two conditions are satisfied, due to the definition of solution, S program solves the prob-
lem F .

3 Partial correctness vs total correctness

Example 4 Consider the following program S, where the statespace is A = (i : Z)

while T RU E do
i : = i +1
od

4
Theory of Programming: Notion of solution Zsolt Borsi

As the logical function T RU E is always true, the loop is an endless loop. For any state σ, S never
terminates starting its execution from σ. The only problem S solves is the empty problem where F = ∅.
Nevertheless, S is partially correct with respect to any problem F , as p̃(S) = ∅ and therefore p̃(S)(a) ⊆
F (a) holds for any a in the domain of F .

Example 5 Consider the following problem: given an integer number m, find an integer number i such that i is
the first integer number that is not less than m and for which a given β property holds.

Consider the following program S, where the statespace is A = (m : Z, i : Z, l : L).


S
i, l := m, f alse
¬l
A β(i)

A

l := true i := i + 1

As we do not know whether β holds for any integer number greater than or equal to m, it is not guar-
anteed that S terminates, so S does not solve the problem. However S is partially correct with respect
to the problem, as if it terminates, it ends up in a state where i is the first integer number that is not less
than m and for which β holds.