CS 641 meeting -*- Outline -*-

* introduction to chapter 2 (2.0)

	In chapter 2, we discuss concepts relevant to programming methods,
		and recursion and repetition
	Note that so far we don't have any way to repeatedly execute commands
	(Proof of soundness for recursion and repitition is postponed to ch 4)

	Context: we've seen semantics of straight-line programs,
		now want to work up to recursion.
		(Recall recursion separates denotational and operational...)

------------------------------------------
flavor ! features   ! benefits ! recursion
       ! / main use ! / limits ! semantics
==========================================
axiom. ! abstract   ! avoid    ! we'll
       ! / verif.   !  overspec!  see
       ! is direct  ! / realism!
       !	    !	       !
denot. ! math mean. ! composit.! fixpoint
       ! / compare  !/ overspec! in approx
       ! languages  ! nondeterm! order
       !	    !	       !
operat.! concrete   ! nondeterm! sequence
       ! / compilers! parallel ! of loop
       ! parallel   ! / detail ! steps
------------------------------------------

* specification (2.1)

------------------
def: let p and q be predicates
 The (total correctness) *Hoare triple*
 {p} c {q} is [p ==> wp.c.q].

 The (partial correctness) *Hoare triple*
 q {c} q is [p ==> wlp.c.q]
------------------
	Other notations are [p] c [q] for total correctness,
		and {p} c {q} for partial correctness,
		but that would be confusing with everywhere operator here...

	Examples:
		{p /\ b} !b {p}
		{p} ?b {p /\ b}

	Q: can you this last one is valid?
		    {p} ?b {p /\ b}
		equiv	{def of Hoare Triple}
		    [p ==> wp.?b.(p /\ b)]
		equiv	{def of wp of ?b}
		    [p ==> (b ==> (p /\ b))]
		equiv	{calculus}
		    [(p /\ b) ==> (p /\ b)]
		equiv	{calculus}
		    true

** ghost variables
	free variables in Hoare triples are implicitly universally quantified.

	That is...

		{v = t} v := v-1 {v < t}
	means (all t :: {v = t} v := v-1 {v < t})

	These are also called specification constants, logical variables.

** rules for commands
	The following fall straight out of the definition (and are review)

	Thm (rules of consequence):
		([p ==> q] /\ {q} c {r}) ==> {p} c {r}
		({p} c {q} /\ [q ==> r]) ==> {p} c {r}
	Thm (composition rule):
		({p} c {q} /\ {q} d {r})  ==> {p} c;d {r}
	Thm (choice operator rule):
		({p} ([] i \in I ::  c.i) {q})
	  equiv (all i \in I :: {p} c.i {q})

	Thm (covering rule): If [p ==> (exists i :: r.i)], then
		{p} c {q}  equiv  (all i \in I :: {p /\ r.i} c {q}).

	Q: Can you prove this?
		Hint, start with the rhs,
			use 1.1.4(b)
			 (all p\in U :: [p==>q])
			  equiv [(exists p\in U:: p) ==> q]
			and 1.1.3(a) (conjunction distributes over exists),
			and the hypothesis.