Transcript


00:00
00:01
PROFESSOR: The Hoare triple for assignment
00:03
to a simple variable, not an array element, for example,
00:07
defines that assignment in terms of how one proves it correct.
00:12
You will be surprised at its simplicity.
00:17
Suppose we want to find the precondition under which
00:20
execution of x becomes 2, terminates with 0, at most x,
00:25
at most 4.
00:28
Since the assignment is x becomes 2,
00:32
the precondition is the post-condition,
00:37
but with every occurrence of x replaced by 2.
00:41
00:43
Since the precondition is equivalent to true,
00:47
we can put that precondition in the beginning.
00:53
Thus, in all initial states, execution of x becomes 2,
00:58
terminates with 0 at most x, at most 4.
01:03
Note what we did.
01:06
Because the assignment is x becomes 2,
01:10
the precondition is the post-condition,
01:13
with every occurrence of x in the post-condition replaced
01:17
by 2.
01:18
01:22
Let's try another example.
01:23
01:26
Since the assignment is x becomes x plus 1,
01:31
the precondition is the post-condition, x at least 5,
01:35
but with every occurrence of x in it replaced by x plus 1.
01:42
And we can write this as, x at least 4.
01:46
01:50
This way of figuring out what the precondition is
01:54
works for every assignment, x becomes
01:57
e, to a simple variable x.
01:59
02:04
To define this carefully, we introduce the notation r
02:09
bracket x colon equal e close bracket.
02:15
To denote a copy of assertion r, but with each occurrence of x
02:21
replaced by e.
02:24
For example, in this use of the notation,
02:29
the value of the expression is x times x at least 5.
02:38
But with every occurrence of x replaced by x plus 1.
02:44
02:51
We then define the assignment statement like this.
02:54
02:57
The extra term is needed to eliminate cases
03:01
where evaluation of e aborts-- say, by dividing by 0,
03:08
or goes into an infinite loop.
03:11
For example, in this Hoare triple,
03:16
the statement x becomes 6 divided by 0 always aborts.
03:23
It never terminates with y equal 5.
03:28
And thus the precondition is false.
03:31
Evaluation of 6 divided by 0 does not terminate normally.
03:38
We take it for granted that in the programs
03:41
we write, evaluation will terminate normally,
03:45
in order to simplify later discussions
03:47
and to be able to write the definition in this way.
03:51
03:54
Note, we can think of this as the definition of assignment
03:59
to a simple variable.
04:00
Not in terms of how to execute the assignment,
04:04
but in terms of how to prove it correct.
04:08
That's neat.
04:10
Here's another example.
04:12
We want to find the precondition for the following sequence.
04:16
04:19
Using the rule just given, we find the precondition of s
04:25
becomes s plus k.
04:29
Using the rule again, we find the precondition of k
04:34
becomes k plus 1.
04:35
04:38
We can simplify this precondition.
04:40
To make it absolutely clear, we first
04:43
split off the last term of the sum and then subtract k plus 1
04:53
from both sides.
04:56
So the precondition is s equal sum of m..k.
05:02
And we see that the assignments--
05:05
k become k plus 1, s become s plus k--
05:08
leave the assertion s equal sum of m..k true,
05:14
while increasing k by 1.
05:16
05:20
On the last page of the text version of this audio,
05:24
there are two exercises for you to try.
05:27
Please do them.
05:29