CS 641 meeting -*- Outline -*- * discussion of Dijkstra's paper Guarded Commands, Nondeterminacy and Formal Derivation of Programs. CACM, 18(8):453-457, 1975. See the homework, on which the discussion is based ** section 2 a. discuss b. have someone explain it c. have someone explain it assumes f is a math function: terminates, deterministic, doesn't affect j, n, or k ** section 3 d. discuss e. note that F is the always false predicate F ==> P for all P so if wp(S,F) were not false, you could have a command that does anything at all (even non-computable stuff) it's not really a law (cf. Dijkstra-Scholten) f. havoc gives a counter-example wp(havoc,T) = T wp(havoc,Q) = F for any Q not equal to T i.e., havoc is guaranteed to terminate, but can have any effect maximally nondeterministic! consider wp(havoc, i=3 \/ ~(i=3)) = T but wp(havoc, i=3) \/ wp(havoc, ~(i=3)) = F \/ F = F Q: why does it work if S is deterministic? g. discuss, it's unclear don't consider statements that can nondeterminitically terminate or not? does decideablity contradict Turing's thesis? (indicates where waffling may conceal a problem) h. depends on point of view i. if {P} S {Q}, then P ==> wp(S,Q) remarks about meta-level implication vs. implication in system j. The trick is to figure what to prove! (note: missing right paren in def of wp(IF,R).) Q /\ BB /\ (all i : 1<=i<= n : Q /\ B.i ==> wp(SL.i,R)) ==> wp(IF,R) (calculational proof) Q /\ BB /\ (all i : 1<=i<= n : Q /\ B.i ==> wp(SL.i,R)) equiv BB /\ Q /\ (all i : 1<=i<= n : Q /\ B.i ==> wp(SL.i,R)) equiv BB /\ (all i : 1<=i<= n : Q /\ (Q /\ B.i ==> wp(SL.i,R))) equiv BB /\ (all i : 1<=i<= n : Q /\ (~(Q /\ B.i) \/ wp(SL.i,R))) equiv BB /\ (all i : 1<=i<= n : Q /\ (~Q \/ ~B.i \/ wp(SL.i,R))) equiv BB /\ (all i : 1<=i<= n : (Q /\ ~Q) \/ (Q /\ (~B.i \/ wp(SL.i,R)))) equiv BB /\ (all i : 1<=i<= n : Q /\ (~B.i \/ wp(SL.i,R))) ==> P> BB /\ (all i : 1<=i<= n : ~B.i \/ wp(SL.i,R)) equiv wp(IF,R) k. Dijkstra's is more complex, Thm 4 is like Hoare's rule, the other is there to help prove termination ** section 4 l. work backwards, standard plans for programs, role of domain knowledge m. don't have to waste time making meaningless choices ** section 5 n. discuss ** general o. have students summarize p. discuss, might need more details q. The CACM wouldn't let him, the referee's insisted (and Hoare is a friend and Dijkstra was on the Algol 60 committee) yes (Marybeth says the first 5 words of 3.3 are extraneous) he didn't think of that yet (and the examples are always at the end of sentences)