This preview shows pages 1–3. Sign up to view the full content.
Proof Outlines; Weakest Preconditions and
Strongest Postconditions
CS 536 Notes: Lecture 8, Mon Oct 25, 2010
A. Why
•
Proof outlines are a shorthand for formal proofs, so they give us an easier way to think
about correctness than formal proofs.
•
Weakest preconditions and strongest postconditions help us expand partial proof
outlines.
B. Outcomes
After this lecture, you should
•
Know how to translate partial proof outlines to full proof outlines to formal proofs.
•
Know what weakest preconditions and strongest postconditions are and how to
±
nd
them.
C. Return Midterm Exam
•
Scores and statistics:
100
98 98 96 96
95 94 94 94 93 91 90 90 90 90 90 90 90 90
89 89 88 88 87 86 86 86
85 85 85 84 84 83 83 83 83 83 82 82 82 81 81 81 80 80
79 77 77
75 75 74 73 72 71 70
67 67 67 67 66
64 62 61
59
41
Count: 67
Mean: 79.4
Std dev: 11.3
•
The question with the lowest average score was Question 16 (at 52%), which involved
translating an English description of a program speci
±
cation into a formal one that uses
pre/postconditions.
•
Next lowest was Question 14 (at 79%), which involved calculating the meaning of an if
then statement.
Illinois Institute of Technology
Notes for Lecture 8
CS 536: Science of Programming
 1 of 8 
© James Sasaki, 2010
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
All other questions had averages
!
86% (treating Questions 1–10 as one big question).
D. Proof Outlines
•
Formal proofs are really long because they have a lot of repeated text.
:(
•
The structure of a formal proof of correctness mirrors the structure of the program.
•
If we
annotate
(
=
decorate
) the program with the assertions/conditions from the
proof, we get a proof outline.
•
A
proof outline
contains all the information needed to generate a formal proof but
without repeating so much text.
•
Conditions are written within curly braces {…}, just as in correctness triples.
•
If a statement appears between two conditions, there is a corresponding correctness
triple in the proof.
•
Example: {
P
#
}
S
#
;
{
P
$
}
S
$
{
P
%
} stands for 3 correctness triples:
•
{
P
#
}
S
#
{
P
$
}
•
{
P
$
}
S
$
{
P
%
}
•
{
P
#
}
S
#
;
S
$
{
P
%
}
•
If two conditions lie next to each other, there is a corresponding use of precondition
strengthening or postcondition weakening — the implication has the
±
rst condition
implying the second.
•
Example: {
P
#
}{
P
$
}
S
{
P
%
} stands for
•
{
P
$
}
S
{
P
%
}
•
P
#
!
P
$
•
{
P
#
}
S
{
P
%
}
•
To specify a loop invariant, we write
{inv
P
} while
B
do
S
#
od
.
The keyword
inv
omitted when using
P
as a condition. (
P
gets used in the pre and postconditions of
the loop and the loop body.)
•
Note there can exist > 1 proof outline for a program, since there can exist > 1 proof
for a program.
Illinois Institute of Technology
This is the end of the preview. Sign up
to
access the rest of the document.
This note was uploaded on 04/17/2011 for the course CS 536 taught by Professor Cs536 during the Fall '08 term at Illinois Tech.
 Fall '08
 cs536

Click to edit the document details