On the correctness of specs. Given a function and its pre- and post-conditions and , we say that f is correct wrt . , iff How may the spec be wrong? may be incorrect, i.e., t here may be , with ( or ) and. What does this mean for calls to f?.

Presentation Transcript
On the correctness of specs
• Given a function and its pre- and post-conditions and , we say that f is correct wrt. , iff
• How may the spec be wrong?
• may be incorrect, i.e.,
• there may be , with ( or )and
What does this mean for calls to f?
• How to we go about invocations of ?
• So, if we need to prove , and then the ‘wrong’ are ‘good enough’
• If, instead, (or ), then we cannot prove