Healthiness Conditions for Predicate Transformers

The behavior of a program can be modeled by describing how it transforms input states to output states, the state transformer semantics. Alternatively, for verification purposes one is interested in a ’predicate transformer semantics’ which, for every condition on the output, yields the weakest precondition on the input that guarantees the desired property for the output. In the presence of computational effects like nondeterministic or probabilistic choice, a computation will be modeled by a map t:X → T Y , where T is an appropriate computational monad. The corresponding predicate transformer assigns predicates on Y to predicates on X. One looks for necessary and, if possible, sufficient conditions (healthiness conditions) on predicate transformers that correspond to state transformers t:X → T Y . In this paper we propose a framework for establishing healthiness conditions for predicate transformers. As far as the author knows, it fits to almost all situations in which healthiness conditions for predicate transformers have been worked out. It may serve as a guideline for finding new results.