CS 641 meeting -*- Outline -*-

* annotation (2.2)
	idea is to integrate the proof of correctness into the program text

	Write assertions at beginning, end, and between all commands.
		then use the Floyd-Hoare method, to show that each assertion
		follows from the previous by the command in between them

	Write assertions in { and } (comments)
		could also write them preceeded by !...
	Write predicate calculus arguments connecting assertions
		(as in rule of consequence) in (* and *) comments.

------------------
  ANNOTATION RULES
--------------------
	the following are allowed as annotations
--------------------
simple commands:
    v
  {p }  v := f  {p}
    f

  {p}   ?b     {p /\ b}
--------------------
	Q: why are these valid?
		see section 2.1 for the proof of the latter.

	Q: Why is this last one not {b ==> p} ?b {p}  ?
		That would be correct, as
		    {b ==> p} ?b {p}
		equiv	{def of Hoare Triple}
		    [(b ==> p) ==> wp.?b.p]
		equiv	{def of wp of ?b}
		    [(b ==> p) ==> (b ==> p)]
		equiv	{calculus}
		    true
	The given rule seems to be more useful.

--------------------
weakening:
  {p} (* arg why [p==>q] *) {q}
--------------------
	Here Cohen would write {p, hence q}
-------------------
sequencing:
  {p} c {r} ;d {q}
--------------------
	This last proves {p} c;d {q}
-------------------
choice:
  {p} ([] i \in I :: {p} c.i {q}) {q}

covering:
  {p} (* arg why [p==>(exists i::r.i)] *)
  {p /\ r.i} c {q}
-------------------
	this last follows from covering theorem

	Q: how would you annotate an if-then-else statement?  An if-no-else?
		assert?
	Recall Floyd-Hoare method