CS 641 meeting -*- Outline -*- * developing loops, an introduction (Cohen's chapter 8) The key idea is figuring out what the predicates are so can go back to calculating the loopless parts ** before and after *** other forms of postconditions Note that the Invariance theorem requires postconditions to have a special form. Can use loops when have postconditions in other forms, by rule of consequence I.e., have to choose P and B to satisfy P /\ ~B ==> R (this requires creativity/experience, both to see to use a loop, and to choose appropriate P and /\ ~B) *** establishing the invariant The precondition may not be the same as the invariant. Can use the rule of consequence again, but in general need some intitialization code. *** summary ----------------- FORM OF TYPICAL LOOP {PROOF} {Q} S0 {invariant: P} ; do B -> S od {P /\ ~B, hence R} STEPS IN DEVELOPMENT OF LOOP 0. choose invariant P and guard B 1. find way to establish P (develop {Q} S0 {P}) --------------------------- 0. is creative, but we'll give heuristics 1. we covered earlier, if can do it with loopless program ** the loop body idea: use invariance theorem Recall: --------------------- Invariance Thm: {P} do B -> S od {P /\ ~B} <== {P /\ B} S {P} (Invariance) /\ {P /\ B /\ t=T} S {t ~B (Boundedness) ---------------------- so far we've chosen P and B, so spec of S is complete need to choose t. How? So that repeated decrease will falsify B example: if P is n >= 10 and guard B is ~(n = 10), can falsify B by choosing t = (n - 10), because decreasing t will approach making B false Q: what would you choose for t if P is 0 <= i and B is i > 1? So last steps are: -------------------- FINISHING STEPS 2. choose bound function, t, such that P /\ (t <= 0) ==> ~B 3. develop loop body S to satisfy invariance and progress -------------------- 2. is creative in general 3. is a development again ** remarks Invariant is crucial, and the step requiring the most creativity and experience But will try to codify this based on the shape of the postcondition will see heuristics "deleting a conjunct" and "replaacing constants by fresh variables"