360 likes | 379 Views
Learn about loop invariants, correctness proofs, summation problems, and Fibonacci sequence proofs with detailed steps and examples.
E N D
General Notation {r} T; {inv : p}{bd : t } whileBdo S; od {q} require --- frominit invariant inv variant var until exit loop body ensure --- end
Correctness Proof • p is initially established;that is {r}T{p} holds. • p is a loop invariant;that is, {p /\ B}S{p} holds. • Upon loop termination q is true;that is, p /\ !B --> q • p implies t >= 0;that is p --> t >= 0 • t is decreased with each iteration; that is, {p /\ B /\ t = z}S{t < z} Correctness Termination
proof steps (in other words) • The invariant is true at the beginning of the first loop iteration; • The invariant is maintained by one pass through the loop body; • The postcondition follows from the invariant and the exit condition; • The variant is always non-negative; • The variant decreases by at least one in every pass through the loop body;
Summation Problem Store in a variable ‘result’the sum of the elements in a given array. SUM = k := 0; result := 0;whilek != N do result := result + a[k]; k := k + 1; od
Pre, Post , Invariant Precondition: Postcondition: We choose the invariant :
The code array_sum (a: ARRAY[G]): G islocal i: INTEGERdo from i := a.lower invariantvalue: -- Result = limit: ia.upper + 1 andia.lowervarianta.upper + 1 – iuntili > a.upperloopresult := result + a @ i -- *** i := i + 1endensure -- result = end
Proof (1) (a) the invariant is true at the beginning of the first loop iteration; k == 0 result == 0 So the invariant trivially holds.
Proof (2) (b) the invariant is maintained by one pass through the loop body;p /\ B implies p. B : k != N p /\ B :
Proof (2) contd. 1. while k != N do 2. result := result + a[k]; 3. k := k + 1; 4. od Afer 2: This is p[k := k + 1] After 3:
Proof (3) (c) the postcondition follows from the invariant and the exit condition; p /\ !B implies q : !B : k == N P /\ !B :
Proof (4) (d) the variant is always non-negative; We choose the variant to be N - k and we have p implies N - k >= 0.
Proof (5) (e) the variant decreases by at least one in every pass through the loop body. As we pass through the loop we have k := k + 1; thus, the variant decreases by 1 with every iteration.
Fibonacci ? ?
n >=3 I2 I1 I3 I4 Step 1: The inv holds on entry • n>=1 [precondition] • not(n=1 or n=2) [if condition] • Init: c=2 and a=1=fib_spec(1) • Init: b=1=fib_spec(2)[fib_spec post] • c=2 ≥ 2 • c=2 ≤ 3 ≤ n
Step 2: inv is maintained by one pass • t=a’;a=b’;b=a’+b’;c=c’+1 • I3 c’≥ 2 c ≥ 3 ≥ 2 I3 • I1 && I2 b’=fib_spec(c’) && a’=fib_spec(c’-1): a=b’= fib_spec(c’) =fib_spec(c-1) I2 • b=a’+b’=fib_spec(c’-1)+fib_spec(c’)=fib_spec(c-2)+fib_spec(c-1)=fib_spec(c) I1 • I4 c’≤ n, c’≠ n c’ ≤ n-1 c ≤ n
Step 3: post follows from inv and exit cond. • IF n=1 or n=2 Result is 1 • IF n ≥ 3, the exit condition is c=n. • On exit:Result = b && I1 fib_spec(c) • On exit: fib_spec(c) = fib_spec(n)
Step 4: The variant is non-negative • By I4, c ≤ n n – c ≥ 0
Step 5: The variant decreases each pass • n is a constant • c increases by 1 on every pass • n – c decreases by 1 every pass
MINSUM - Examples 0 1 2 3 4 a: 5 -3 2 -4 1 minimum-sum section is a[1:3] = (-3,2,-4). The sum is -5. 0 1 2 3 4 a: 5 2 5 4 2 The two minimum-sum sections are a[1:1] and a[4:4]. The sum is 2.
… MINSUM Problem 0 1 2 3 4 N We’re looking for a section a[i:j] s.t. the sum of the elements in this subsection is minimal over all possible subsections. a:
The Problem {N > 0} MINSUM {q}
We introduce the following notation The sum of the minimum-sum section of a[0:k-1] Then we have
Pre-condition We try finding the invariant p by replacing the constant N in the postcondition q by a variable k and by putting the appropriate bounds on k:
We now attempt to satisfy conditions 1-5 choosing B, S, and t in an appropriate way. {r} T; {inv : p}{bd : t } whileBdo S; od {q}
1. p is initially established To establish {N>0}T{p} we choose as initialization: T :k := 1; sum := a[0];
3. Upon loop termination q is true To establish p /\ !B --> q we choose B to beB : k != N
4. p implies t >= 0 Because p --> N - k >= 0 we chooset : N - k as the bound function. (variant)
5. t is decreased with each iteration To decrease the bound function with each iteration we put k := k + 1;at the end of each loop.
2. p is a loop invariant that is, {p /\ B}S{p} holds: {N > 0}k := 1; sum := a[0];{inv:p}{t : N-k}whilek != Ndo {p /\ (k != N)} S’; {p[k := k + 1]}k := k + 1; {p}od{p /\ (k == N)}{q}
{N > 0}k := 1; sum := a[0];{inv:p}{t : N-k}whilek != Ndo {p /\ (k != N)} S’; {p[k := k + 1]}k := k + 1; {p}od{p /\ (k == N)}{q} S
S’ S’ :x := min(x + a[k], a[k]);sum := min(sum,x);
MINSUM MINSUM : k : = 1; sum := a[0]; x := 0;while k != N do x := min(x + a[k], a[k]); sum := min(sum,x); k := k + 1;od
Fibonachi fib(n:int):int is require n>=1 local: a, b, c, t:int do