CS 641 Lecture -*- Outline -*- * Conditional Expressions (8.3) ** conditionals ------------------------------------------ CONDITIONALS ^ cond.t.t1.t2 = (\choose x :: (t ==> x == t1) /\ (!t ==> x == t2)) * assuming x is not free in t, t1 or t2 Sugar: ^ if t then t1 else t2 fi = cond.t.t1.t2 Inference Rules: Phi |- t ___________________________(if true rule) Phi |- if t then t1 else t2 fi == t1 Phi |- !t __________________________(if false rule) Phi |- if t then t1 else t2 fi == t2 ------------------------------------------ Q: what does the definition of cond mean? Proving the inference rules is exercise 8.2. Proof of (if true rule): Suppose Phi |- t. Suppose x is a variable that is not free in t, t1, and t2. We calculate as follows. Phi |- if t then t1 else t2 fi == { definition of if } cond.t.t1.t2 == { definition of cond } (\choose x :: ("t" ==> x == t1) /\ (!"t" ==> x == t2)) == { by asumption t <==> T, twice } (\choose x :: "(T ==> x == t1) /\ (!T ==> x == t2)") == { predicate calculus } (\choose x :: x == t1) == { by "one point rule for \choose", x is not free in t1 } t1 QED The one point rule for \choose is proved in ../predicates-and-sets/selection-individuals.txt Q: can you fill in the details of the predicate calculus step? The proof of the (if false rule) is similar. Q: How would you prove the other inference rule: _____________________________________(if same rule) Phi |- if t then t' else t' fi == t' from the previous two rules? ------------------------------------------ FOCUSING RULES Let ~ be a reflexive relation. Phi, t |- t1 ~ t1' ___________________________(if focus true) Phi |- if t then t1 else t2 fi ~ if t then t1' else t2 fi Phi, !t |- t2 ~ t2' __________________________(if focus false) Phi |- if t then t1 else t2 fi ~ if t then t1 else t2' fi ------------------------------------------ Q: how would you prove these? Q: Why must ~ be reflexive? ** conditional expressions and state transformers these are just the pointwise extension Def: let b be a predicate s and let f: S -> G, g: S -> G be two state functions. Then the *conditional state function* ^ (if b then f else g fi).s = if b.s then f.s else g.s fi. This is a *conditional expression* if f and g are expresions. This is a *conditional state transformer* if f and g are state transformers. look at the theorems on page 145-146 ** proving properties about conditional state transformers ------------------------------------------ ADDING CONDITIONALS TO STRAIGHT-LINE PROGRAMS f ::= id | x := e | f1; f2 | if b then f1 else f2 fi where x is a list of distinct state attributes, e is a corresponding expression list, b is a Boolean expression ------------------------------------------ Q: how would you prove that var x : Nat |- (x := x + 2); (x := x - 2) == id ? note the use of functionality of assignment e == e' ==> (x := e) == (x := e'). we need a similar kind of functionality for functions over states Def: A function f: S -> G is pointwise functional iff (\forall s : e.s == e'.s : f.e.s == f.e'.s) . That is, iff (e == e') \subseteq (f.e == f.e'). Q: are pointwise extended functions pointwise functional? Q: are expressions in general pointwise functional? yes, lemma 8.6. Sequential composition is pointwise functional in its first argument, but not the second (f == f') \subseteq (f;g == f';g) however, while (g == g').(f.s) ==> (f;g == f;g').s { by Liebnitz } we don't have the converse, because, for example, (y := 2; x:= 3 == y:= 2; x := y+1).s but x := 3 != x := y + 1 ** Example proof Q: can you prove that var x, y |- (x := x max y) == if x <= y then x := y else id fi ? Q: what does "generalization" mean in the middle (big) step of the proof on p. 148?