CS 641 meeting -*- Outline -*-

* induction rules (4.9)

	Proofs of induction rules from section 2.7

** Hoare induction rule proof
	Thm: Suppose for every w \in WLP
	  (all i :: [p.i ==> w.(h.i).(q.i)]
	    ==> (all i ::
		 [p.i ==> w.(body.(h.i)).(q.i)]).
	Then (all i :: [p.i ==> wlp.(h.i).(q.i)])

	Proof: (using construction of wlp from this chapter, that's the point)

	    (all i :: [p.i ==> wlp.(h.i).(q.i)])
	=	{h.i \in H and wlp|H = wb_1}
	    (all i :: [p.i ==> wb_1.(h.i).(q.i)])
	=	{let V1 be the set of all subsets of (H->MU) such that
		     v \in V1 equiv (all i :: [p.i ==> v.(h.i).(q.i)])}
	    wb_1 \in V1
	<==	{wb_1 is greatest fixpoint of D_1, Knaster-Tarski theorem}
	    V1 is D_1-invariant and inf-closed in (H -> MT)

	So it remains to prove V1 is D_1-invariant and inf-closed in (H -> MT)

	Q: how would you prove V1 is D_1-invariant?
		what does it mean?
		use theorem's assumption and v^1 \in WLP
	Q: how would you prove V1 is D_1-invariant and inf-closed in (H -> MT)
		what does it mean?
		let U be a subset of V1, show (inf U) has property of V1

	Remark: we didn't use all of the assumption,
		can use a weaker set than WLP.
		(Similarly for the following.)

** necessity rule
	Thm: Suppose for every w \in WP
	  (all i :: [w.(h.i).(q.i) ==> p.i]
	    ==> (all i ::
		 [w.(body.(h.i)).(q.i) ==> p.i]).
	Then (all i :: [wp.(h.i).(q.i) ==> p.i])

	Pf: analogous to the proof of the Hoare induction rule.
		use wp = (wa_0)^0 and the fact that wa_0 is least-fixedpoint
		of D_0, and a sup-closed supset of WT.