From: Niklas Holsti
Subject: Re: Contracts in generic formal subprogram
Date: Wed, 12 Apr 2023 09:49:35 +0300
On 2023-04-12 6:37, Spiros Bousbouras wrote:
> On Wed, 12 Apr 2023 02:18:45 -0000 (UTC)
> Spiros Bousbouras <spibou@gmail.com> wrote:
>> On Tue, 11 Apr 2023 14:03:27 +0200
>> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> wrote:
>>> The formal meaning of weaker/stronger relation on predicates P and Q:
>>>
>>> weaker P => Q
>>> stronger Q => P
>>>
>>> The formal rationale is that if you have a proof
>>>
>>> P1 => P2 => P3
>>>
>>> Then weakening P1 to P1' => P1 and strengthening P3 => P3' keeps it:
>>>
>>> P1' => P2 => P3'
>>
>> You have it backwards ; if P1' implies P1 then P1' is stronger
>> than P1 .
>
> Apologies ; it was me who got it backwards.
Speaking of logic in general, rather than Ada contracts in particular, I
would say that you got it right, and Dmitry did not.
Suppose we have a theorem about geometrical figures F, and at first we
can prove the theorem only if we assume (precondition) that the figure F
is a square. Later we manage to improve the proof so that it holds also
for rectangles. I would say, and I think mathematicians would say, that
we /weakened/ the assumptions from "F is a square" to "F is a
rectangle", and indeed the former (stronger) implies the latter
(weaker), which is not as Dmitry defined "stronger".

