).@www.csse.monash.edu.au |
| Assessment | Contacts | Lectures | Resources | Timetables | Tutorials | Unit Outline |
| Last modified: 20080924:093828/initial version for 2008 | FIT3013 AJH-2008-26 |
In the student forum a couple of years ago, the question was asked what does "there is a weakest precondition - necessary and sufficient" mean? Is there any necessary weakest precondition or sufficient weakest precondition? By the way, what's the definition of "weakest precondition"? I posted the following analysis:
Think of it like this. There is a spectrum of "weakness" for preconditions, from the weakest (true) to the strongest (false). Everything satisfies the weakest precondition, nothing satisfies the strongest precondition. That's effectively what we mean by "weakness", where it is on this spectrum.
: true <--------------+------------------------>false : ^ : make weaker <-- | --> make stronger : +-- arbitrary program precondition
Ideally, all programs should have the weakest precondition as possible. That means they behave themselves in any circumstance. In practice, that's not realistic. So we seek the weakest possible preconditions *necessary* to guarantee behaviour. By "behaviour", we mean that the program satisfies a predicate (the "goal") upon completion.
G => [S] R
(Where G is the guard, S is the substitution, R is the goal predicate, and [S]R is the (weakest) precondition.)
In practice, you can always strengthen the preconditions. In the extreme, false is sufficient to guarantee any behaviour (remember the "miracle programs" and "pink elephants"?). However, we cannot work miracles, so we look for weaker preconditions *sufficient* that still guarantee the behaviour, without becoming so weak that the program must behave itself under broader circumstances than really required (necessary).
Of course, in Event-B, you need to substitute guards for preconditions as appropriate, but the basic ideas are the same.
Discuss the ideas of strengthening and weakening in the context of Event-B.
Visit the Moodle Forum to post your thoughts.
The web can be useful! Find a web page that talks about strengthening and/or weakening, and post its link. Discuss how the ideas of strengthening and weakening in this web page relate to your understanding of Event-B.
Event-B makes little use of the concept of preconditions as assumptions. Does this affect the fundamentals of the methodology (particular when compared to its predecessors, B and Z)? What about the concept of a weakest precondition?
With assignment 2 now out of the way, discuss the concepts of
strengthening and weakening with respect to your understanding
of refinement (and feel free to comment on any
misunderstandings from the change in the Assignment 2
specification ).
| 20080924:093828 | 7.0.0 | ajh | initial version for 2008 |
| This page maintained by John Hurst. Copyright Monash University Copyright Policy |
|
 
|
|
Generated at
20090724:2004
from an XML file modified on
20080924:1222 | |||