SC195, Class 26: Weakest Preconditions Overview: * What's a precondition? * What's makes a precondition weak? * How do we use weakest preconditions? * Cool properties * Starting to define a language Notes: * Ben Gum runs 7 March 2003 class (lab). * No class on 14 March 2003. * Read K&R on files. * Interesting behavior from CS151/3 project http://www.cs.grinnell.edu/~rebelsky/Courses/CS153/2003S/Examples/dicegame.cgi * College's decision: Four MAPs, Three MIPs. Expect to hear my decisions real soon now. * Exam 1 to be distributed tomorrow. + You may not ask Daren any questions on the exam. * Interesting class format: You get the pen. You get to say things and ask questions of your colleagues. I get to decide when you pass the pen. ---------------------------------------- Sanchit on Preconditions What are preconditions? * What the state of the function has to be. * What kind of input - What your variable takes as parameters Sam, unable to give up control, inserts: * Are you talking about Gries-style preconditions or those we normally write for functions? According to Gries, * Preconditions ensure that the program executes Devin on weakness: * Statement: Looking at { S } Q { R } * How do these differ from weakest preconditions? S is a single state, weakest preconditions is a set of all states for which ... ---- A state is a set of assignments of values to variables. How do we normally define single states? { var=val; var=val; ... } { x=1; y=2 } How do we normally define sets of states? Use predicates to define sets of states x >= 2 = Union { x=2 } { x=3 } { x = 4 } ... { p } S { P } p is a predicate S is a (function from p to P) (Not normally) is a statement P is a predicate Claim: { p } is a state; wp(S,P) is a set of states FALSE Because { p } is a *set* of states. What is a precondition (Gries sense)? A predicate (that is, a set of states) before something runs That ensure (1) that P holds after S "is executed" (2) S terminates Side note: This is a strange programming environment. Statemnts don't return values. They simply change the state of the world. Question: How hard is it to write a precondition, given that S always terminates and P is not False (that is, "no states")? The logician's hack: F is a simple precondition However, it's not a very useful one. To talk about preconditions, we need a measure of usefulness. What are possible relationships between two sets of states, S1 and S2? S1 is a subset of S2 (also proper) S2 is a subset of S1 (also proper) intersection of S1 and S2 is nonempty difference is also nonempty intersection of S1 and S2 is empty We want the largest possible set of states. P1 is weaker than P2 if In every state for which P2 holds, P1 also holds. Does P1 or P2 define a bigger set? Can we have a state in holds(P1) not in holds(P2)? Can we have a state in holds(P2) not in holds(P1)? P1 is therefore more general The weakest precondition is the most general precondition. wp(S,P) is a function, but not a generally computable function We use wp(S,P) primarily as a way of *thinking about* preconditions. p => wp(S,P) "p is *a* precondition of S { P }" x => y is "y is weaker than x" General rules are possible. Law of Excluded Miracle wp(S,false) = false Distributivity of Conjunction wp(S,P1 and P2) = wp(S,P1) and wp(S,P2) Distributivity of Disjunction wp(S,P1 or P2) <= wp(S,P1) or wp(S,P2) ---------------------------------------- How do we use weakest preconditions? * We may want to write preconditions; weakest are best * Helps us generally think about precondtiions * Can determine if a program is correct. * Can define basic operations.