CS 536 Notes: Proof Rules and Proofs
Lecture 7, Mon Oct 18, 2010
A. Why
•
To reason about programs, we need axioms or inference rules for each statement.
B. Outcomes
After this lecture, you should
•
Know the rules of inference for sequencing, conditional, and iterative statements.
C. Midterm Exam (60 minutes)
D. Last Time
•
Reviewed axiom for
skip
: {
P
}
skip
{
P
}
•
Reviewed forward axiom for assignment: {
P
∧
v
=
c
}
v
:=
e
{
P
[
c
/
v
]
∧
v
=
e
[
c
/
v
]}.
•
The constant
c
is a logical constant (appears only in the conditions).
•
Special case: {
P
}
v
:=
e
{
P
∧
v
=
e
} if
v
is fresh (appears in neither
P
or
e
).
•
Looked at backward axiom for assignment: {
P
[
e
/
v
]}
v
:=
e
{
P
}.
•
Looked at syntactic substitution.
•
For
e
₁
[
e
₂
/
v
],
fi
nd all occurrences of
v
within
e
₁
and replace them by
e
₂
.
•
Case 1: For quanti
fi
erfree
P
,
fi
nd all occurrences of v and replace them by
e
.
•
Case 2: The quanti
fi
ed variable is
v
, the one we’re substituting for.
•
(
Q
v
.
P
)[
e
/
v
] is
Q
v
.
P
.
•
Cases 3 and 4: The quanti
fi
ed variable isn’t
v
and doesn’t appear in
e
.
•
(
Q
w
.
P
)[
e
/
v
] is
Q
w
.(
P
[
e
/
v
]).
•
[In case 3,
v
doesn’t have a free occurrence in
P
, in which case
P
[
e
/
v
] is just
P
.]
•
Case 5: Capture would occur. (I.e.,
v
has a free occurrence in the body and the
quanti
fi
ed variable appears in
e
.)
•
Need to rename the quanti
fi
ed variable using a fresh variable (one used neither in
P
nor
e
): (
Q
w
.
P
)[
e
/
v
] is (
Q
z
.
(
P
[
z
/
w
][
e
/
v
])).
•
Saw proof rule for composition statements:
Composition Rule
:
{
P
}
S
₁
{
R
}
{
R
}
S
₂
{
Q
}
————————————————
{
P
}
S
₁
;
S
₂
{
Q
}
•
Saw proof rules that allow for precondition strengthening and postcondition weakening
•
Recall
P
is stronger than
Q
i
ff
Q
is weaker than
P
i
ff
(
P
→
Q
).
Illinois Institute of Technology
Notes for Lecture 7
CS 536: Science of Programming
 1 of 6 
© James Sasaki, 2010
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Consequence Rule:
P
₁
→
P
₂
{
P
₂
}
S
{
Q
₁
}
Q
₁
→
Q
₂
———————————————————
{
P
₁
}
S
{
Q
₂
}
Weaken Postcondition
{
P
}
S
{
Q
₁
}
Q
₁
→
Q
₂
——————————————
{
P
}
S
{
Q
₂
}
Strengthen Precondition
P
₁
→
P
₂
{
P
₂
}
S
{
Q
}
——————————————
{
P
₁
}
S
{
Q
}
•
Each of these two rules introduces one predicate logic obligation.
E.
Proof Rule for Conditional Statements
Conditional Statement
{
P
∧
B
}
S
₁
{
Q
}
{
P
∧
¬
B
}
S
₂
{
Q
}
————————————————————————
{
P
}
if
B
then
S
₁
else
S
₂
fi
{
Q
}
• If you know that
•
Running the true branch
S
₁
This is the end of the preview.
Sign up
to
access the rest of the document.
 Fall '08
 cs536
 Logic, formal methods, Illinois Institute of Technology, James Sasaki

Click to edit the document details