From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on ip-172-31-65-14.ec2.internal X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 Path: eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail From: Ben Bacarisse Newsgroups: comp.lang.ada Subject: Re: Contracts in generic formal subprogram Date: Wed, 12 Apr 2023 13:29:50 +0100 Organization: A noiseless patient Spider Message-ID: <87leixxozl.fsf@bsb.me.uk> References: <0c555ce7-0b2e-49f1-8930-c4f4796793e4n@googlegroups.com> <4I=3lX6HccsqYa6JC@bongo-ra.co> MIME-Version: 1.0 Content-Type: text/plain Injection-Info: dont-email.me; posting-host="45580961277d0defc186a0e296bb7772"; logging-data="3188366"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/ATGrEMaR5RCKtP2Z8KDdmyClFS1XEk4M=" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) Cancel-Lock: sha1:gTztkUtt0ccWfk8Pbm/eJfvxivU= sha1:ezRmSjGIQGTm0CDnCm/6u9NFqgQ= X-BSB-Auth: 1.912a3296252d1014ecda.20230412132950BST.87leixxozl.fsf@bsb.me.uk Xref: feeder.eternal-september.org comp.lang.ada:65092 List-Id: Spiros Bousbouras writes: > On Wed, 12 Apr 2023 02:18:45 -0000 (UTC) > Spiros Bousbouras wrote: >> On Tue, 11 Apr 2023 14:03:27 +0200 >> "Dmitry A. Kazakov" wrote: >> > The formal meaning of weaker/stronger relation on predicates P and Q: >> > >> > weaker P => Q >> > stronger Q => P >> > >> > The formal rationale is that if you have a proof >> > >> > P1 => P2 => P3 >> > >> > Then weakening P1 to P1' => P1 and strengthening P3 => P3' keeps it: >> > >> > P1' => P2 => P3' >> >> You have it backwards ; if P1' implies P1 then P1' is stronger >> than P1 . > > Apologies ; it was me who got it backwards. No, you are correct. If P1' => P1 then P1' /is/ stronger (or at least no weaker) than P1. Using upper and lower case to suggest stronger and weaker then if we have a proof p |- Q, then we can also assert that P |- q for all stronger premises P and weaker conclusions q. Formally {p, P=>p, Q=>q} |- q Or, written out using the deduction theorem, if we have p=>Q then we can assert P=>q for any stronger P (so P=>p) and any weaker q (so Q=>q). In Floyd-Hoare logic, this is embodied in the consequence rule: P=>p, {p}S{Q}, Q=>q ------------------- {P}S{q} which says that we can always strengthen a pre-condition and weaken a post-condition. However (if I've got the context right), in terms of substitution and/or inheritance, Dmitry-Kazakov was correct to say that "The general principle of substitutability is that the preconditions can be weakened, the postoconditions can be strengthened". It's just the definition that was backwards. -- Ben.