Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Last revision Both sides next revision | ||
|
sav07_lecture_4 [2007/03/28 14:45] cedric.jeanneret |
sav07_lecture_4 [2007/03/28 14:49] cedric.jeanneret |
||
|---|---|---|---|
| Line 8: | Line 8: | ||
| We use weakest preconditions, although you could also use strongest postconditions or any other variants of the conversion from programs to formulas. | We use weakest preconditions, although you could also use strongest postconditions or any other variants of the conversion from programs to formulas. | ||
| + | |||
| Line 42: | Line 43: | ||
| havoc(x) = {(s,t) | ∀y "y"≠"x".t("y")=s("y")} | havoc(x) = {(s,t) | ∀y "y"≠"x".t("y")=s("y")} | ||
| - | This is the relation that links all states where all variables but x remain unchanged. Intuitively, it makes sense that proving Q holds after visiting the havoc(x) relation, it is the same than proving Q for all values of x. | + | This is the relation that links all states where all variables but x remain unchanged. Intuitively, it makes sense that proving Q holds after visiting the havoc(x) relation is the same than proving Q for all values of x. |
| wp(Q,havoc(x)) = {(x1,y1) | ∀(x2,y2). ((x1,y1),(x2,y2)) ∈ havoc(x) -> (x2,y2) ∈ Q} | wp(Q,havoc(x)) = {(x1,y1) | ∀(x2,y2). ((x1,y1),(x2,y2)) ∈ havoc(x) -> (x2,y2) ∈ Q} | ||