CS 641 meeting -*- Outline -*-

* two laws (3.2)

	two laws needed for corresondence with relational semantics (6.4)

** termination law
	wp.c.p.x holds if every execution starting in x terminates,
			and does so in a state satisfying p.
	wp.c.true.x holds if every execution starting in x terminates.
	wlp.c.true.x holds if every terminating execution starting in x
			does so in a state satisfying.
	hence
--------------------------
  TWO HEALTHINESS LAWS

    TERMINATION LAW
 wp.c.p = wp.c.true /\ wlp.c.p
--------------------------

** wlp is universally conjunctive

	(all p \in U :: wlp.c.p).x holds if for each p,
		execution of c either doesn't terminate, or winds up in p
	
	same as every execution of c starting in x not terminating or
		winding up in p.
----------------------
  UNIVERSAL CONJUNCTIVITY OF WLP
 wlp.c is universally conjunctive
----------------------
	Thus, for example,
		wlp.c.true = true

** potentially terminating
	wlp.c.false.x means every computation starting at x doesn't terminate
	so
	~wlp.c.false.x means x has a terminating computation (for c).

-----------------------
def: c is *potentially terminating*
iff [~wlp.c.false].
-----------------------

	Q: is a command that necessarily terminates
		also one that potentially terminates?
	Only if it's total

	     [wp.c.true ==> ~wlp.c.false]
	equiv	{calculus}
	     [~(wp.c.true /\ wlp.c.false)]
	equiv	{termination law}
	     [~wp.c.false]
	equiv	{def}
	     c is total


* important implications (3.3)

** wp is positively conjunctive
	Thm: wp is positively conjunctive
	Pf: let U be a nonempty set of predicates, c a command.

	     wp.c.(all u \in U :: u)
	equiv	{healthiness laws}
	     wp.c.true /\ (all u \in U :: wlp.c.u)
	equiv	{U is nonempty}
	     (all u \in U :: wp.c.true /\ wlp.c.u)
	equiv	{termination law}
	     (all u \in U :: wp.c.u)

** earlier postulates about wp and wlp follow from healthiness laws
--------------
 EARLIER "AXIOMS" PROVABLE

Thm: wp.c.p is stronger:
       [wp.c.p ==> wlp.c.p]
Pf: use termination law.

Thm: wp.c is monotone:
       [p ==> q] ==> [wp.c.p ==> wp.c.q]
and wlp.c is monotone:
       [p ==> q] ==> [wlp.c.p ==> wlp.c.q]
Pf: both wp and wlp are
finitely conjunctive.
---------------

** distrbutivity
	Thm: For nonempty sets C and D of commands,
		  ([] c \in C :: c) ; ([] d \in D :: d)
	      =~= ([] c \in C, d \in D :: c;d)

	Q: can you prove this?
	Q: does this mean that c;([] d \in D :: d) =~= ([] d \in D :: c;d) ?

	Remarks: this is one of the reasons for not allowing choices
		over nonempty commands.

** guards and assertions satisfy the healthiness laws (3.4)
	What's the point here?
		checking that our suite of simple commands satisfies the
		healthiness laws.

	Thm: guards and assertions satisfy the healthiness laws
		Pf: expand laws, use defs of the commands.
	Thm: assignments satisfy the healthiness laws.
		Pf: for termination expand laws, use defs of the commands.
		    for universal conjunctivity, consider a state x.

** termination law and repitition (3.5)
	earlier proof rule for repitition couples invariance and termination.
		combining them makes whole proof recordable in annotation.
		also makes the rule independent of healthiness laws

	point of this section is to give the usual theorem,
		which is justified by the earlier one, and the healthiness laws
		specifically the positive conjunctivity of wp.