CSE 755 <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW, NOARCHIVE"> </HEAD> <BODY BGCOLOR="#FFFFFF"> <pre> 1. (a) is invalid because if we start in a state that satisfies the given pre-condition, the execution will terminate immediately and the final state will not satisfy false, the given post-condition. (b) is valid. Derivation: {true} x:=0 { true} (by assignment axiom) ... (1) {false} x:=0 { true} (by (1) and rule of consequence) ... (2) (c) valid. Derivation: {false} x:=0 {false} (by assignment axiom) ... (1) (d) is valid. Derivation alredy given as part of (b) above. 2. The existing axiom will be inconsistent with respect to this new model. This is because we can derive the following result using the existing axiom (and the rule of consequence) [do it!]: { in=<2,3> && out=<> } read x; { out=<> } but this is invalid in the new model. The axiom will also be incomplete. For example, we cannot derive the following result using the existing axiom (and the rule of conseq.): { in=<2,3> && out=<> } read x; { out=<2> } You should be able to argue intuitively that the above result cannot be derived. But *showing* that this result cannot be derived, especially given the rule of consequence, is a bit involved; we will talk about that after the midterm. 3. According to the new model of read, "read x" is essentially equivalent to the following: x := head(in); out := out^head(in); in := tail(in) So the corresponding axiom: {( ( p[in/tail(in)] )[out/out^head(in)] )[x/head(in)] } read x {p} The justification of the axiom is based on the equivalence noted above. 4. (This question would not be appropriate for this midterm since we have not yet seen the rule for while loops. We will see that rule after the midterm. In the midterm, you can instead expect a question or two that ask you to derive results similar to the ones we did in class.)<br> The loop invariant to use for this is *not* (x=y). This invariant won't work (why not?). Instead, use just (y=10); then ~b, in conjunction with the invariant, will let us derive the post-condition (x=y). Derivation details left to you (after the midterm). 5. It turns out that this rule is essentially equivalent to the current rule. How do you show that? By arguing that every result derivable using the current rule is derivable using this rule and vice-versa. The former is easy. The current rule is: {p}S1{q}, {q}S2{r} ------------------- {p}S1;S2{r} So if you have derived a result using this rule, it must be of the form {p}S1;S2{r} and to derive it, you must have first derived {p}S1{q} and {q}S2{r}. But then, given {p}S1{q} and {q}S2{r}, I can derive {p}S1;S2{r} using the new rule also; I will just take q' to be the same as q. The converse would seem difficult because q' may not be the same as q. In other words, you first derive {p}S1{q}, q==>q', and {q'}S2{r}; then using this new rule, you derived {p}S1;S2{r}. And the question is, how do I show that I can derive {p}S1;S2{r} using the original seq. comp. rule? The answer is that if you have derived {p}S1{q} and q==>q' you can also derive {p}S1{q'} (why?). Hence, since you have also derived {q'}S2{r}, you can now derive {p}S1;S2{r} using the original seq. comp. rule. That is what we had to show. Hope those answers were clear. If you find a mistake or have a question or comment, please email or post. There is no question on Lisp in this sample; but there might be one in the actual exam. </pre> </body> </html>