How to find a loop-invariant of this program?

Question

Probably it is a very simple solution and I am just dumb, but I cant find the invariant for this while loop. For proving (a+b) <= 2x you can take (x+y>a+b), so probably this is the first part of the invariant, but for the second part, so to prove 2x<= (a+b+1)... what the hell do you do here? I tried everything and lost two hours doing that.

I feel like it should be obvious, I just cant see it.

I understand the theory regarding proving partial correctness. I just cannot find the loop-invariant, so just the invariant would be much appreciated, no need to explain the theory.

Prove partial correctness of the following program

{a<b}
x = a;
y = b;

while x < y do

    x = x+1;
    y = y-1;
done;

{(a+b) <= 2x <= (a+b+1)}

Your program is not valid wrt this assertion, consider `a=0`, `b=2`. — zch, Aug 04 '19 at 18:05

score 0 · Answer 1 · answered Oct 03 '19 at 01:22

Here is a loop invariant that guarantees the assertion:

a + b == x + y && x <= y + 1

Note that your conjectured invariant x+y>a+b does not hold on entry to the loop.

Here's a Dafny program proving the assertion:

method blah (a: int, b: int)
requires a < b
{
  var x := a;
  var y := b;
  while x < y
  invariant a + b == x + y && x <= y + 1
  {
    x := x + 1;
    y := y - 1;
  }
  assert (a+b) <= 2*x <= (a+b+1);
}

How to find a loop-invariant of this program?

1 Answers1