1 / 14

Discrete Structures Lecture 37 Loops II Read Ch 12.6

Discrete Structures Lecture 37 Loops II Read Ch 12.6. Example. {Q: n >= 0} x, k := 0; {P: 0 <=k<=n L x = ( S i| 0<=i<k: b[i]) } do k <> n  x, k := x + b[k], k+1 od {R: x = ( S i| 0<=i<n: b[i]) }. Precondition. Initialization. Loop Invariant. Body. Postcondition.

dylan-gallegos
Download Presentation

Discrete Structures Lecture 37 Loops II Read Ch 12.6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Discrete Structures Lecture 37 Loops II Read Ch 12.6

  2. Example {Q: n >= 0} x, k := 0; {P: 0 <=k<=n L x = (Si| 0<=i<k: b[i]) } do k <> n  x, k := x + b[k], k+1 od {R: x = (Si| 0<=i<n: b[i]) } Precondition Initialization Loop Invariant Body Postcondition

  3. Determining the correctness of a loop The loop checklist (12.45) for checking correctness of the loop. • P (the invariant) is true before execution of the loop. • P is a loop invariant: {P L B} S {P}. • Execution of the loop terminates. • R holds upon loop termination: P L ¬B  R (The invariant and NOT the guard ensures the loop's postcondition.)

  4. Loop correctness: Checklist 1. Q => wp( init, P ) i.e., "init" establishes the loop invariant 2. P and B => wp( S, P ) i.e., P is a loop invariant 3. P and !B => R i.e., loop termination establishes conclusion 4. We'll save proof of loop termination for later.

  5. Loop Correctness (12.42-b) This algorithm stores in x the sum of n elements of array b[0..n-1], for n>=0. Invariant P is developed by replacing n in R by a fresh variable k and placing suitable bounds on k. {Q: n >=0} x,k := 0,0; {invariant P: 0<=k<=n L x = (Si|0<=i<k:b[i])} do k<>n  x,k := x+b[k], k+1 od {R: x = (Si|0<=i<n:b[i])}

  6. Loop Correctness (12.42-b) 1. Q => wp( init, P ) We prove that P is initially true by proving that QP[x,k := 0,0] P[x,k := 0,0] = < Defn. of P> 0<=k<=nLx = (Si|0<=i<k:b[i])[x,k := 0,0] = < Textual Substitution > 0<=0<=nL0 = (Si|0<=i<0:b[i]) = <Predicate Calculus;Sum over empty range > 0<=nL0 = 0 = <(3.39) Identity ofL> 0<=n (This is just Q) so haveQ  Q (3.71 Reflexivity of )

  7. Loop Correctness (12.42-b) 2. P and B => wp( body, P ) We prove that P is a loop invariant wp("x,k := x+b[k],k+1", P) P[x,k := x+b[k],k+1] = < Defn. of P; Textual Substitution > 0<=k+1<=nLx+b[k] = (Si|0<=i<k+1:b[i]) = < (8.23) Split off term > k<>nL-1<=k<=nLx+b[k] = (Si|0<=i<k:b[i])+b[k] = < Subtract b[k] from both sides > k<>nL-1<=k<=nLx = (Si|0<=i<k:b[i]) < Definition of P and B > P L B

  8. Loop Correctness (12.42-b) 3. P and ¬B => R Show that P L ¬ B  R. ¬ B L P = < Definition of P and B> ¬(k<>n) L (0<=k<=n) L x=(Si|0<=i<k:b[i])  < 3.76b, weakening, 3.10 Def. of ineq. > k=nLx = (Si|0<=i<k:b[i]) = < Substitution, 3.84 > k=nLx = (Si|0<=i<n:b[i]) < Definition of R, 3.76b > R

  9. Proving Loop Termination (12.48) Theorem To prove that {invariant: P} {bound function: T} do B  S od terminates, it suffices to find a bound function, T, that is an upper bound on the number of iterations to be performed.

  10. Proving Loop Termination Our bound function T is an upper bound on the number of iterations if it satisfies the following: a) T decreases at each iteration. For a fresh variable, v, {P L B} v:=T; S {T < v} (Think of v as the old value of T. After executing S, the new value of T should be less than the old value of T). b) As long as there is another iteration to perform, T > 0. {P L B}  T > 0

  11. Bound function for our example {Q: n >=0} x,k := 0,0; {bound/termination function T: n-k} {invariant P: 0<=k<=n L x = (Si|0<=i<k:b[i])} do k<>n  x,k := x+b[k], k+1 od {R: x = (Si|0<=i<n:b[i])}

  12. Loop Termination (12.42-b) To see that the loop terminates, note that the value of n-k is always at least 0 and that it decreases by 1 at each iteration. When n-k becomes 0, the loop guard is false and the loop terminates.

  13. Loop Correctness (12.42-b) 4. P and B => T > 0 P and B  T > 0T > 0 : n - k > 0 P : 0<=k<=n L x = (Si|0<=i<k:b[i]) B : (k <> n) It turns out part of P and B does  T > 0 (0<=k <= n)L(k <> n)L(x=Si|0<=i<k:b[i])  < 3.76b > (k <= n)L(k <> n) = < remove abbreviation > (k < n V k = n) L (k <> n) = < 3.46 Distribution > (k < n L k <> n) V (k = n L k <> n) < 3.42 contradiction, 3.30 Identity of V, 3.76b > (k < n) (Done: n-k > 0 = n > k)

  14. Loop Correctness (12.42-b) 5.P and B => wp("v:= T; S", T < v) For a free identifier, v, i.e. T decreases on each loop iteration. wp ("v:=T; x,k:= x+b[k],k+1" (T < v)) wp ("v:=n-k; x,k:= x+b[k],k+1" (n-k < v)) (n-k < v)[x,k:= x+b[k],k+1][v:= n-k] (n-(k+1)< v)[v := n-k] n-(k+1) < n-k n-k-1 < n-k -1 < 0 true (0<=k<= n)L(x = (Si|0<=i<k:b[i]))L (k <> n)  true = <3.72 Right Zero of > true

More Related