Thm: If H;s has no negative constants and
H;s -->* H';s',
then H';s' has no negative constants.
For all H, s, and n.
If noneg(H) and noneg(s) and H;s -->n H';s'
then noneg(H') and noneg(s').
Proof by induction on n:
If n = 0, then H' = H and s' = s. check.
If n > 0, then by induction H;s --> n-1 H''; s'' for some H''; s''
such that noneg(H'') and noneg(s'').
So it suffices to show that if noneg(H'') and noneg(s'') and H'';s''
-> H';s' then noneg(H') and noneg(s').
Lemma: If noneg(H) and noneg(s) and H;s->H';s' then
noneg(H') and noneg(s').
Proof by induction on the height of the derivation thatn H;s -> H';s'.
height = 1
then one of these rules is at the bottom:
* while
then s has the form while e s'' and noneg(e) and noneg(s'').
furthermore H' = H and s' = if e (s; while e s'') skip
so noneg(H') and noneg(s')
* assign rule: just need a lemma:
If noneg(H) and noneg(e) and H;e V c,
then noneg(c).
* if, seq1 are straightforward.
height = n > 1
then seq2 is the bottommost rule
so s = s1;s2 and s' = s1';s2
and H;s1 -> H';s1' by a height n-1 derivation
so by induction noneg(H') and noneg(s1')
by assumption noneg(s2) so noneg(s1';s2)
If noneg(H) and noneg(e) and H;e V c,
then noneg(c).
By induction on height of H;e V c.
height = 0 ...
height = 1 ...
Thm: (If for all H, H;s1 terminates and
H;s2 terminates), then H;(s1;s2) terminates.
That means (if for all H, there exists an n such
that H;s1 -->n H';skip and
for all H''), then there exists an m such
H'';s2 -->m H3; skip.
Then using lemma, H;(s1;s2) -->n H';(skip;s2)
Then using seq1 H';(skip;s2) -->1 H';s2
Then using assumption H';s2 -->m H'';skip
and n+1+m is finite.
So lemma: If H;s1 -->n H';s1', then
H;(s1;s2) -->n H'; (s1';s2)
Induction on n:
n=0; then s1=s1'
n >0 then H;s1 -->n-1 H'';s1'' and by induction
that means H;(s1;s2) -->n-1 H'';(s1'';s2).
We also know H'';s1'' --> H';s1'.
So with the previous 2 lines and SEQ2 we're done.