Lec08_Pf_outlines_wp_sp

# Lec08_Pf_outlines_wp_sp - Illinois Institute of Technology...

This preview shows pages 1–3. Sign up to view the full content.

Proof Outlines; Weakest Preconditions and Strongest Postconditions CS 536 Notes: Lecture 8, Mon Oct 25, 2010 A. Why Proof outlines are a shorthand for formal proofs, so they give us an easier way to think about correctness than formal proofs. Weakest preconditions and strongest postconditions help us expand partial proof outlines. B. Outcomes After this lecture, you should Know how to translate partial proof outlines to full proof outlines to formal proofs. Know what weakest preconditions and strongest postconditions are and how to ± nd them. C. Return Midterm Exam Scores and statistics: 100 98 98 96 96 95 94 94 94 93 91 90 90 90 90 90 90 90 90 89 89 88 88 87 86 86 86 85 85 85 84 84 83 83 83 83 83 82 82 82 81 81 81 80 80 79 77 77 75 75 74 73 72 71 70 67 67 67 67 66 64 62 61 59 41 Count: 67 Mean: 79.4 Std dev: 11.3 The question with the lowest average score was Question 16 (at 52%), which involved translating an English description of a program speci ± cation into a formal one that uses pre/post-conditions. Next lowest was Question 14 (at 79%), which involved calculating the meaning of an if- then statement. Illinois Institute of Technology Notes for Lecture 8 CS 536: Science of Programming - 1 of 8 - © James Sasaki, 2010

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
All other questions had averages ! 86% (treating Questions 1–10 as one big question). D. Proof Outlines Formal proofs are really long because they have a lot of repeated text. :-( The structure of a formal proof of correctness mirrors the structure of the program. If we annotate ( = decorate ) the program with the assertions/conditions from the proof, we get a proof outline. A proof outline contains all the information needed to generate a formal proof but without repeating so much text. Conditions are written within curly braces {…}, just as in correctness triples. If a statement appears between two conditions, there is a corresponding correctness triple in the proof. Example: { P # } S # ; { P \$ } S \$ { P % } stands for 3 correctness triples: { P # } S # { P \$ } { P \$ } S \$ { P % } { P # } S # ; S \$ { P % } If two conditions lie next to each other, there is a corresponding use of precondition strengthening or postcondition weakening — the implication has the ± rst condition implying the second. Example: { P # }{ P \$ } S { P % } stands for { P \$ } S { P % } P # ! P \$ { P # } S { P % } To specify a loop invariant, we write {inv P } while B do S # od . The keyword inv omitted when using P as a condition. ( P gets used in the pre- and post-conditions of the loop and the loop body.) Note there can exist > 1 proof outline for a program, since there can exist > 1 proof for a program. Illinois Institute of Technology
This is the end of the preview. Sign up to access the rest of the document.

## This note was uploaded on 04/17/2011 for the course CS 536 taught by Professor Cs536 during the Fall '08 term at Illinois Tech.

### Page1 / 8

Lec08_Pf_outlines_wp_sp - Illinois Institute of Technology...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online