From mboxrd@z Thu Jan 1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
ip-172-31-65-14.ec2.internal
X-Spam-Level:
X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,T_SCC_BODY_TEXT_LINE
autolearn=ham autolearn_force=no version=3.4.6
Path: eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: Ben Bacarisse
Newsgroups: comp.lang.ada
Subject: Re: Contracts in generic formal subprogram
Date: Wed, 12 Apr 2023 13:29:50 +0100
Organization: A noiseless patient Spider
Message-ID: <87leixxozl.fsf@bsb.me.uk>
References: <0c555ce7-0b2e-49f1-8930-c4f4796793e4n@googlegroups.com>
<4I=3lX6HccsqYa6JC@bongo-ra.co>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Info: dont-email.me; posting-host="45580961277d0defc186a0e296bb7772";
logging-data="3188366"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/ATGrEMaR5RCKtP2Z8KDdmyClFS1XEk4M="
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:gTztkUtt0ccWfk8Pbm/eJfvxivU=
sha1:ezRmSjGIQGTm0CDnCm/6u9NFqgQ=
X-BSB-Auth: 1.912a3296252d1014ecda.20230412132950BST.87leixxozl.fsf@bsb.me.uk
Xref: feeder.eternal-september.org comp.lang.ada:65092
List-Id:
Spiros Bousbouras writes:
> On Wed, 12 Apr 2023 02:18:45 -0000 (UTC)
> Spiros Bousbouras wrote:
>> On Tue, 11 Apr 2023 14:03:27 +0200
>> "Dmitry A. Kazakov" wrote:
>> > The formal meaning of weaker/stronger relation on predicates P and Q:
>> >
>> > weaker P => Q
>> > stronger Q => P
>> >
>> > The formal rationale is that if you have a proof
>> >
>> > P1 => P2 => P3
>> >
>> > Then weakening P1 to P1' => P1 and strengthening P3 => P3' keeps it:
>> >
>> > P1' => P2 => P3'
>>
>> You have it backwards ; if P1' implies P1 then P1' is stronger
>> than P1 .
>
> Apologies ; it was me who got it backwards.
No, you are correct. If P1' => P1 then P1' /is/ stronger (or at least
no weaker) than P1.
Using upper and lower case to suggest stronger and weaker then if we
have a proof p |- Q, then we can also assert that P |- q for all
stronger premises P and weaker conclusions q. Formally
{p, P=>p, Q=>q} |- q
Or, written out using the deduction theorem, if we have p=>Q then we can
assert P=>q for any stronger P (so P=>p) and any weaker q (so Q=>q).
In Floyd-Hoare logic, this is embodied in the consequence rule:
P=>p, {p}S{Q}, Q=>q
-------------------
{P}S{q}
which says that we can always strengthen a pre-condition and weaken a
post-condition.
However (if I've got the context right), in terms of substitution and/or
inheritance, Dmitry-Kazakov was correct to say that "The general
principle of substitutability is that the preconditions can be weakened,
the postoconditions can be strengthened". It's just the definition that
was backwards.
--
Ben.