Writing Correct Programs; Finding Invariants
CS 536, Mon Nov 8, 2010
Study Guide for Quiz 2
•
Quiz 2 will cover Lectures 6 – 9 except that loop termination and Activity 9.2 will not be
included. (Activity 9.1 is included.)
•
You’ll be given a list of the proof rules (forward and backward assignment,
skip
,
sequence, conditional,
while
loop).
•
Basic topics include:
•
Textual substitution
e
₁
[
e
₂
/
v
] and
P
[
e
/
v
] (Activity 6.1, HW 4).
•
Substitution into expressions and nonquanti
fi
ed predicates.
•
E.g.,
(x/y)[z+1/y]
is
x/(z+1)
, and
(x>y>z)[z+1/y]
is
x>z+1>z
.
•
Substitution into quanti
fi
ed predicates.
•
Body shielded by bound variable (substitution does nothing).
•
E.g.
(x=y*z
∧
∃
x.x<y)[z+1/x]
is
z+1=y*z
∧
∃
x.x<y
.
•
Body not shielded, but no capture will occur.
•
E.g.
(x=y*z
∧
∃
x.x<y)[z+1/y]
is
x=(z+1)*z
∧
∃
x.x<z+1
.
•
Body not shielded, capture would occur (so rename bound variable).
•
E.g.
(x=y*z
∧
∃
x.x<y)[x1/y]
is
x=(x1)*z
∧
∃
v.v<x1
.
•
Iterated substitution: Work from left to right.
•
E.g.,
(x/y)[x+1/y][c/x]
is
(x/(x+1))[c/x]
is
c/(c+1)
.
•
Proof rules for correctness triples
(Activity 6.2, HW 4).
For the rules for
assignment,
skip
, sequence, conditional, loop, consequence / precondition
strengthening / postcondition weakening:
•
Verify that a proof rule has been applied correctly.
•
E.g., does {
x>0
}
skip
{
x
≥
0
} match the
skip
rule? (No.)
•
E.g., does the below match the postcondition weakening rule?
(Yes)
{
x>0
}
skip
{
x>0
}
x>0
→
x
≥
0
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
This is the end of the preview.
Sign up
to
access the rest of the document.
 Fall '08
 cs536
 Logic, formal methods, Illinois Institute of Technology, James Sasaki, y*z ∧ ∃x.x

Click to edit the document details