Chapter 4

Discrete Mathematics Chapter 4 Induction and Recursion By courtesy of Prof. Cheng-Chia Chen

Contents 4.1 Mathematical inductions 4.2 Strong Induction and well-ordering 4.3 Recursive definitions & structural induction 4.4 Recursive algorithms 4.5 Program correctness (skip)

4.1 Mathematical Induction (MI) • Principle of MI: To show that a property p hold for all nonnegative integer n, it suffices to show that 1. Basis step: P(0) is true 2. Inductive step: P(n)  P(n+1) is true for all nonnegative integer n. • P(n) in Step 2 is called the inductive hypothesis. Notes: 1. Math. Ind. is exactly the inference rule: • P(0), "n P(n)P(n+1) • -------------------------------- • "n P(n) for any property P 2. If the intended domain is all positive integers, then the basis step should be changed to: • Basis step: P(1) is true.

Examples • Show that for all positive integers n, 1 + 2 + … + n = n (n+1) /2. Pf: Let P(n) denote the proposition:1 + 2 + … + n = n (n+1) /2. The proof is by induction on n. Basis step: P(1) is true since 1 = 1 x (1+1) /2. Ind. step: Assume p(k) holds for arbitrary integer k > 0, i.e., 1 + 2 + … + k = k(k+1)/2. Then 1 + … + k + (k+1) = k(k+1)/2 + (k+1) = k(k+1)/2 + 2(k+1)/2 = (k+1)[(k+1)+1] /2. Hence p(k+1) is also true. This completes the proof of basis step and inductive step of MI, and hence by MI, p(n) holds for all positive integers n.

Examples : 2. Si=1,n 2i-1 = n2 3. n < 2n 4. 3 | n3 - n if n > 0 5. Si=1,n 2i = 2(n+1) -1 6. Sj=1,n arj = arn+1 - a / (r - 1) 7. Let Hk = 1 + 1/2 +...+ 1/k => H2n³ 1 + n/2 8. |S| = n => |2S| = 2n. 9. If n > 3 => 2n < n! 10. ~(S1Ç ...ÇSn) = ~S1 U ... U ~Sn. 11. Odd Pie Fights 12. Checkerboard Tiling by Triominoes

7. Let Hk = 1 + 1/2 +...+ 1/k. Then H2n³ 1 + n/2 for all non-negative integers n. Pf: By induction on n. Let p(n) be the proposition H2n³ 1 + n/2 Basis Step: n = 0. Then H20 = H1 = 1 ³ 1 + 0/2. Hence p(0) is true. Ind. Step: Assume p(n) holds for any n ³ 0, i.e., H2n³ 1 + n/2 holds for any n ³ 0. Then H2n+1 = 1 +… + 1/2n + 1/(2n+1) + … 1/(2n+2n) ³ H2n + 2n x 1/(2n+2n) ³ 1 + n/2 + ½ = 1 + (n+1)/2. This establishes the ind. step of MI. As a result p(n), i.e., H2n³ 1 + n/2 , holds for all nonnegative integers n.

More examples: For every k 12, there are m, n  0 s.t. k = 4m + 5n. Pf: By induction on k’ where k’ = k-12. Basis: k’= 0 (i.e., k = K'+12). Then k = 12 = 4 x 3 + 5 x 0. Inductive step: k’ = t’ + 1 > 0 (i.e., k = t +1 > 12 ) By Ind. Hyp., t = 4m + 5n. Then k = t + 1 = 4m + 5n + 1. If m > 0 => k = 4(m-1) + 5(n+1). If m = 0 => t = 5n > 11 => n  3. Hence t+1 = 5(n-3) + 15 + 1 = 4 x 4 + 5(n-3). Q.E.D.

Correctness of MI • Correctness of MI: Let p(.) be a property about positive integers. If p(1) holds and p(n) implies p(n+1) for all n, then it is true that p(n) holds for all positive integer n. Pf: Assume MI is incorrect. i.e. the set NP = {k > 0 | p(k) is false} is not empty. Let m be the least number of NP -- existence implied by well-ordering theorem Since p(1), 1 Ï NP and m > 1. => m-1 > 0 isapositiveinteger and p(m-1) is true => p(m) holds [by the inductive step of MI] => m Ï NP => a contradiction. Q.E.D.

Strong Induction and Well-Orering • [A problem MI is hard to prove.] If n is a positive number > 1, then n can be written as a product of primes. • To prove this theorem using induction, we needs a stronger form of MI.

Strong Induction • [The 2nd form of MI (Strong Induction; complete Induction)] To prove that p(n) holds for all non-negative integers n, where p(n) is a propositional function of n, it suffices to show that • Basis step: P(0) holds • Inductive step: P(0) /\ P(1) /\ ,..., /\ p(k-1)  P(k) holds for all k  0. • I.e., assume P(0),…, P(k-1) hold for arbitrary k, and then show that p(k) is true as well. Notes: • P(0) /\ P(1) /\ ..., /\ p(k-1) (or "t t<k P(k)) is called the induction hypothesis of the proof. • If our intended domain is positive integers, then the basis step is: P(1) holds, and Ind. Hyp. is P(1) /\ P(1) /\ ..., /\ P(k-1)

Example Ex2: If n is a positive number > 1, then n can be written as a product of primes. Pf: Let p(n) be the proposition: if n > 1 then it can be written as a product of primes. Basis step: p(1) holds since ~ (n > 1). Ind. step: Let k be arbitrary positive number and assume p(t) holds for all t < k. There are two cases to consider: Case 1: k is a prime number, and then p(k) holds since k = k is the product of itself. Case 2: k is a composite number. Then by definition, there are two numbers 1 < a, b < k such that k = ab. By ind. hyp., p(a) and p(b) hold and since a, b > 1, a and b can be written as a product of primes. Let a = a1,…,ai and b = b1,…bj, then k = a1…ai x b1…bj is a product of primes.

Correctness of Strong Induction and Well-ordering • Correctness of SI: Let p(.) be a property about positive integers. If p(1) holds and p(1) /\ p(2) … /\ p(n) implies p(n+1) for all n, then it is true that p(n) holds for all n. Pf: Assume SI is incorrect, i.e. the set NP = {k | p(k) is false} is not empty. Let m be the least number of NP -- existence by well-ordering property of positive integers Since p(1), 1 Ï NP and m >1. => m-1 exists and for all t < m, p(t) is true => p(m) holds [by the inductive step of SI] => m Ï NP => a contradiction. Q.E.D. • Ex. Match Removal • Ex. Triangulation of Simple Polygons

Well-ordered Property • [Well-ordered property of natural numbers] Every non-empty subset of non-negative integers has a least element. (每一非空自然數子集合必然存在最小元素。) • The property can be used directly in the proof (in place of MI or SI). Ex: In round-robin tournament, every player plays every other exactly once and each match has a winner and a looser. We say p1,p2,…,pm form a cycle of length m if p1 beats p2, p2 beats p3,…,pm beats p1. Show that if there is a cycle of length m ³ 3, then there must exist a cycle of 3.

Ex. 6 Pf: Let C be the set {n | there is a cycle of length n} in the tournament. Obviously, m  C and C is a subset of non-negative integers. So by well-ordering property, C has a least element, say k. Let p1, p2,…, pk be such cycle. Since there is no cycle of 1 or 2, k must ³ 3. If k = 3, then we are done. O/w, k > 3 and consider p1 and p3. If p3 beats p1, then p1, p2, p3 is a cycle of length 3 < k, a contradiction. If p1 beats p3, then p1, p3,…, pk form a cycle of length < k. This violates the fact that k is the least element of C. As a result, k must = 3.

4.3 Recursive definitions and structural induction • Different ways of defining a functions • Explicit listing • Suitable for finite functions only. • Define by giving an explicit expression • Ex: F(n) = 2n • Recursive (or inductive) definition • Define value of objects (sequences, functions, sets, ...) in terms of values of smaller similar ones. • Ex: the sequence 1,2,4,... (an = 2n) can be defined recursively as follows: 1. a0 = 1; 2. an+1 = 2 x an for n > 0.

Recursively defined functions • To define a function f with the set of nonnegative integers as its domain: • Specify the value of f at 0 (i.e., f(0)) • Given a rule for finding f(n) from f(n-1),..., f(0). • i.e., f(n) = some expression in terms of n and f(n), ..., f(0). • Such a definition is called a recursive or inductive definition. • Ex1: • f(n) = 3 if n = 0 • = 2f(n-1) +3 if n > 0 • => f(0) = 3, f(1) = 2f(0) +3 = 9; f(2) = 2f(1)+3 = 21,... • This guarantees that f is defined for all numbers.

More examples functions • Ex2: The factorial function f(n) = n! • f(0) = 1 • f(n) = n f(n-1) for all n > 0. • Recursively defined functions (over N) are well defined. Pf: Let P(n) = "there is at least one value assigned to f(n)". Q(n) = "there are at most one value assigned to f(n)". We show P(n) holds for all n by MI. Basis: P(0) holds. Ind.: Assume p(k) holds for all k ≤ n. => Since f(n+1) can be assigned a value by evaluating the expr(n,f(0),..,f(n)), where by ind. hyp. all f(i)s (i<n) have been assigned a value. The fact that Q(n) holds for all n is trivial, since each f(k) appears at the left hand side of the definition exactly once. QED

More examples: Ex5: The Fibonacci sequence: • f(0) = 0; f(1) = 1; • f(n) = f(n-1) + f(n-2) for n > 1. • ==> 0,1,1,2,3,5,8,…

Ex6: Show that f(n) > an-2 whenever n ≥ 3, where a = (1+ sqrt(5))/2 = 1.618 is the golden ratio • Properties of a: a2 = (1 + a). Pf: (by MI) Let P(n) = "f(n) > an-2 ". Basis: P(3) holds since f(3) = 2 > a3-2 . Ind. Step: (for n ≥ 4) If n = 4 => f(4) = 3 > a4-2 = 1.6182. If n > 4 => by ind. hyp., f(n-1) >an-3, f(n-2) >an-4 Hence f(n) = f(n-1) + f(n-2) > an-3 + an-4 = (1+ a) an-4 = an-2. QED (Supplementary material)

Lame's theorem (skip) • a,b: positive integer with a  b. => #divisions used by the Euclidean algorithm to find gcd(a,b) £ 5 x #decimal digits in b. Pf: seq of equations used for finding gcd(a,b) where r0 = a, r1 = b. r2 = ro mod r1¹ 0, r3 = r1 mod r2¹ 0 ... … rn = rn-2 mod rn-1¹ 0, rn+1 = rn-1 mod rn = 0 i.e., until rn | rn-1 . Then gcd(a,b) = rn. and #division used = n. Note: rn³ 1 = f2 ; rn-1³ 2rn³ 2f2 = f3; rn-2³ rn+rn-1 = f2 + f3 = f4 ... (被除數³ 除術+餘數) r2³ r3 + r4³fn-1+fn-2=fn; b = r1³ r2+ r3³ fn+fn-1 = fn+1.> an-1. logb > (n-1) log a ~ 0.208 (n-1) > (n-1)/5 n -1 < 5 log b < 5 #digit(b). => n £ 5#digit(b).

Recursively defined sets • Given a universal set U, a subset V of U and a set of operations OP on U, we often define a subset D of U as follows: • 1. Init. (Basis Step): Every element of V is an element of D. • 2. Closure (Recursive Step): For each operation f in OP, if f: Un->U and t1,..,tn are objects already known to be in the set D, then f(t1,..,tn) is also an object of D. • Example: The set S = {3n | n >0} can be defined recursively as follows: • 1. Init: 3 ∈ S (i.e., V = {3}) • 2. Closure: S is closed under +. • i.e., If a, b ∈ S then so is a+b. (OP = {+}) • (Can be proven by MI.)

Well-formed arithmetic expressions (skip) Ex 11 : (2 +x), (x + (y/3)),... (ok) x2+, xy*/3 ... (no) Let Vr = {x,y,..,} be the set of variables, M = numerals = finite representations of numbers OP = {+,-,x,/,^} U = the set of all finite strings over Vr U M U OP U {(,)}. The set of all well-formed arithmetic expressions (wfe) can be defined inductively as follows: 1. Init: every variable x in Vr and every numeral n in M is a wfe. 2. closure: If A, B are wfe, then so are (A+B), (A-B), (A * B), (A / B) and (A ^ B). Note: "1 + x " is not a wfe. Why ? (1+x)

More examples: (skip) • Ex10: wff (well-formed propositional formulas) • PV: {p1,p2,.. } a set of propositional symbols. • OP = {/\, \/, ~, -> } • U = the set of all finite strings over PV U OP U {(,)} • Init: every pi∈PV is a wff • closure: If A and B are wffs, then so are • (A/\B), (A \/B), (A->B),(A <->B), and ~A.

Notes about recursively defined sets (skip) 1. The definition of D is not complete (in the sense that there are multiple subsets of U satisfying both conditions). Ex: the universe U satisfies (1) and (2), but it is not Our intended D. 2. In fact the intended defined set 3': D is the least of all subsets of U satisfying 1 & 2, or 3'': D is the intersection of all subsets of U satisfying 1 & 2 or 3''': Only objects obtained by a finite number of applications of rule 1 & 2 are elements of D. 3. It can be proven that 3',3'',and 3''' are equivalent. 4. Hence, to be complete, one of 3',3'' or 3''' should be appended to condition 1 & 2, though it can always be omitted (or replaced by the adv. inductively, recursively) with such understanding in mind.

Proof of the equivalence of 3',3'' and 3''‘ (skip) • D1: the set obtained by 1,2,3' • D1 satisfies 1&2 and any S satisfies 1&2 is a superset of D1. • D2: the set obtained by 1,2,3''. • D2 = the intersection of all subsets Sk of U satisfying 1&2. • D3: the set obtained by 1,2,3'''. • For any x ∈ U, x ∈ D3 iff there is a (proof) sequence x1,...,xm = x, such that for each xi (i = 1..m) either • (init: ) xi ∈ V or • (closure:) there are f in OP and t1,...tn in {x1,..,xi-1} s.t. • xi = f(t1,..,tn).

Proof (skip) • D2 satisfies 1&21.1 and is the least1.2 of all sets satisfying 1&2 , Hence D1 exists and equals to D2. 2 (2.1) D3 satisfies 1 & 2. (2.2) D3 is contained in all sets satisfying 1 & 2. Hence D3 = D2. pf: 1.1: Let C = { T1,…,Tm,…} be the collection of all sets satisfying 1&2, and D2, by definition, is ∩C. Hence V  Tk for all Tk ∈ C and as a result V  D2.--- (1) Suppose t1,…,tn ∈ D2, then t1,…,tn ∈ Tk for each Tk in C, Hence f(t1,…,tn) ∈ Tk and as a result f(t1,..,tn) ∈ D2. ---(2). 1.2: Since D2 = ∩C, D2 is a subset of all Tk’s, and by 1.1, D2∈C, D2 thus is the least among these sets. Hence D1 exists and equals to D2.

2.1 D3 satisfies 1 & 2.[ by ind.] (skip) 2.2 D3 is contained in all sets satisfying 1 & 2 [by ind.] Hence D3 = D2. pf: 2.1: two propositions need to be proved: V ⊆ D3 ---(1) and {t1,..,tn}⊆ D3 => f(t1,…,tn) ∈ D3 ---(2). (1) is easy to show, since for each x in V, the singleton sequence x is a proof. Hence x ∈ D3. As to (2), since {t1,..,tn}⊆ D3, by definition, there exist proof sequences S1,S2,…,Sn for t1,…,tn, respectively. We can thus join them together to form a new sequence S = S1,S2,…,Sn. We can then safely append f(t1,…,tn) to the end of S to form a new sequence for f(t1,…,tn), since all t1,…,tn have appeared in S. As a result f(t1,…,tn) ∈ D3. (2) thus is proved.

(skip) 2.2 D3 is contained in all sets satisfying 1 & 2 [by ind.] pf: Let D be any set satisfying 1&2. We need to show that for all x, x ∈ D3 =>x ∈ D. The proof is by ind. on the length m of the minimum proof sequence for x: x1,…,xm = x If m = 1 then x=x1 ∈ V, and hence x ∈ D. If m = k+1 > 1, then either xm ∈ V (and xm ∈ D) or ∃ j1,j2,…jn < m and xm = f(xj1,…,xjn) for some f ∈ OP. For the latter case, by ind. hyp., xj1,…xjn ∈ D. Since D satisfies closure rule, f(xj1,…,xjn) = xm ∈ D. Q.E.D

Example: Def 2: The set S*of strings over an alphabet S can be defined recursively as follows: • Basis Step: e ∈ S*. • Recursive Step: If a ∈ S and x ∈ S*, then ax ∈ S*. Ex8': If S = {0,1,2}, then 1201 ∈ S* since • e  1 e = 1  01  201 1201. Ex 8'': The set of natural numbers can be defined as a subset of {1}* inductively as follows: • Init: e in N. • Closure: If x in N, then 1x in N. e,1, 11,111,1111,... are natural numbers • (unary representation of natural numbers)

Induction principles III (structural induction) (skip) • D: a recursively defined set • P: D{true, false}; a property about objects of D. • To show that P(t) holds for all t ∈ D, it suffices to show that • 1. Basis Step: P(t) holds for all t ∈ V. • 2. Ind. Step: For each f in OP and t1,..,tn ∈ D, if P(t1),...,P(tn) holds, then P(f(t1,..,tn)) holds, too.

Correctness of SI (skip) • Show the correctness of structural induction. Pf: Assume not correct. => NP = {t ∈ D | P(t) does not hold} is not empty. =>let x be any member of NP with a minimum length n of proof sequence, say x1,..xn = x. Since x has minimum length in NP, all x1,..xn-1∉ NP. => If n =1, then x1 = x ∈ V (impossible) Else either n > 1 and x ∈ V (impossible, like n=1) or n > 1, and x=f(t1,.,tn) for some {t1,..,tn} in {x1,..xn-1} and P holds for all tk’s => P(x) holds too => x ∉ NP, a contradiction. QED.

MI is a specialization of SI (skip) • Rephrase the SI to the domain N, we have: • To show P(t) holds for all t ∈ N, it suffices to show that • Init: P(e ) holds • Ind. step: [OP={ 1+ }] • for any x in N, If P(x) holds than P(1x) holds. • Notes: • 1. The above is just MI. • 2. MI is only suitable for proving properties of natural numbers; whereas SI is suitable for proving properties of all recursively defined sets. • 3. The common variant of MI starting from a value c ≠ 0 ,1 is also a special case of SI with the domain • D = {c, c+1, c + 2, … }

Well-formed arithmetic expressions (skip) Ex 11 : (2 +x), (x + (y/3)),... (ok) x2+, xy*/3 ... (no) Let Vr = {x,y,..,} be the set of variables, M = numerals = finite representations of numbers OP = {+,-,x,/,^} U = the set of all finite strings over Vr U M U OP U {(,)}. The set of all well-formed arithmetic expressions (wfe) can be defined inductively as follows: 1. Init: every variable x in Vr and every numeral n in M is a wfe. 2. closure: If A, B are wfe, then so are (A+B), (A-B), (A * B), (A / B) and (A ^ B). Note: "1 + x " is not a wfe. Why ?

More examples: (skip) • Ex10: wff (well-formed propositional formulas) • PV: {p1,p2,.. } a set of propositional symbols. • OP = {/\, \/, ~, -> } • U = the set of all finite strings over PV U OP U {(,)} • Init: every pi∈PV is a wff • closure: If A and B are wffs, then so are • (A/\B), (A \/B), (A->B),(A <->B), and ~A.

(skip) • Ex9: Recursively define two functions on S*. • len : S* -> N s.t. len(x) = the length of the string x. • Basis: len(e) = 0 • Ind. step: for any x ∈ S* and a ∈S, len(ax) = len(x) + 1. • +: S* x S*  S* s.t. +(x,y) = x+y = the concatenation of x and y. • Basis:e+ y = y for all strings y. • Recursive step: (az) + y = a(z+y) for all symbols a and strings z, y.

(skip) • Prove properties of len(-) on S*: Ex14: show that len(x+y) = len(x)+len(y) for any x,y ∈ S*. • By SI on x. Let P(x) = "len(x+y) = len(x) +len(y)". • Basis: x = e. => • x + y = y => len(x + y) = len(y) = len(e) + len(y). • Ind. step: x = az • len(x+y) = len((az) + y) = len((a(z+y)) • = 1 + len(z+y) • = 1+ len(z) + len(y) -- SI • = len(az) +len(y) • = len(x) + len(y).

Where do we use recursion? • Define a domain • numbers, lists, trees, formulas, strings,... • Define functionson recursively defined domains (n!) • Prove properties of functions or domains by structural induction. • Compute recursive functions • --> recursive algorithm

Define lp, rp : wff  N (skip) • Define two functions lp, rp : wff  N s.t., • lp(A) and rp(A) are the number of '(' and ')' occurring in A, respectively. • Define lp and rp recursively by cases of input A: • Basis Case: A = p is a logical variable. • Then lp(A)=rp(A) = 0. • Recursive cases: • 1. A = (B @C)where @ is either /\ or \/ or or <->. • Then lp((B@C)) = 1 + lp(B) + lp(C) and • rp((B@C)) = 1 + rp(B) + rp(C). • 2. A= ~B. Then lp(~B) = lp(B) and rp(~B) = rp(B). • EX: lp( (p1 /\ (~p2p1)) ) = rp( (p1 /\ (~p2p1)) ) = 2.

(skip) Ex13: Show that for every wff A, lp(A) = rp(A). Namely, every wff has an equal number of left and right parentheses. pf: By S.I. on A. Basis Step: A = p is a logic variable. Then lp(p) = 0 = rp(p). Recursive step: case 1: A= (B@C), where @is any binary connective. Then lp(A) = 1 + lp(B) + lp(C) --- Definition of lp = 1 + rp(B) + rp(C) --- Ind. Hyp. =rp(A) --- Def. of rp. case2: A=~B. Then lp(A) = lp(B) = rp(B) = rp(A).

Full Binary Tree Def 6: Theset of full binary trees can be defined inductively as follows: Basis Step: A single vertex is a full binary tree. Recursive Step: If T1 and T2 are disjoint full binary trees, and r is a vertex not in T1 and T2, then (r,T1,T2) is a full binary tree with root r, left subtree T1 and right subtree T2. Ex: r0, (r2, r0, r1), (r3, r0, (r2, r1, r4)) Counter Ex: (r0,r1)

Internal nodes and leaves: Def: 1. A vetex r in a full binary tree T is an internal node if it has two subtrees. 2. A vetex r in a full binary tree T is a leaf if it has no subtrees. Def: Define two functions #Int, #leaf: the set of full binary tree  N recursively as follows: Basis Case: t = r is a single node tree. Then #Int(r) = 0 and #leaf(r) = 1. Recursive Case: t = (r, T1,T2) is a non-single node tree. Then #Int(t) = 1 + #Int(T1) + #Int(T2) and #leaf(t) = #leaf(T1) + #leaf(T2).

Show that for all full binary trees T, the set of leaves is 1 more than the set of internal vertices. I.e., #leaf(T) = 1 + #Int(T). Pf: By S.I. on T. Basis Case: T is a single-vertex tree. Then #leaf(T) = 1 = 1 + 0 = 1 + #Int(T). Ind. Case: T = (r, T1, T2). Then #leaf(T) = #leaf(T1) + #leaf(T2) --- Def of #leaf = 1 + #Int(T1) + 1 + #Int(T2) --- Ind. Hyp. = 1 + #Int( T)--- Def. of #Int.

3.4 Recursive algorithm • Definition: an algorithm is recursive if it solves a problem by reducing it to an instance of the same problem with smaller inputs. • Ex1: compute an where a ∈ R and n ∈ N. • Ex2: gcd(a,b) a, b ∈ N, a > b gcd(a,b) =def if b = 0 then a else gcd(b, a mod b). • Ex: show that gcd(a,b) will always terminate. • Comparison b/t recursion and iteration • Recursion: easy to read, understand and devise. • Iteration:use much less computation time. • Result:programmer --> recursive program --> • compiler --> iterative program --> machine. • Exp: F(n+1) – 1 vs. n additions for calculating F(n) • Exp: O(n log n) for merge sort

3.5 Program correctness (skip hereinafter) • After designing a program to solve a problem, how can we assure that the program always produce correct output? • Types of errors in a program: • syntax erroreasy to detect by the help of compilers • semantic error test or verify • Program testing can only increase our confidence about the correctness of a program; it can never guarantee that the program passing test always produce correct output. • A program is said to be correct if it produces the correct output for every possible input. • Correctness proof generally consists of two steps: • Termination proof : • Partial correctness: whenever the program terminates, it will produce the correct output.

Program verification • Problem: • what does it mean that a program produce the correct output (or results)? • By specifying assertions (or descriptions) about the expected outcome of the program. • Input to program verifications: • Pr : the program to be verified. • Q : final assertions (postconditions), giving the properties that the output of the program should have • P : initial assertions (preconditions) , giving the properties that the initial input values are required to have.

Hoare triple: • P,Q; assertions • S: a program or program segment. • P {S} Q is called a Hoare triple, meaning that S is partially correct (p.c.) w.r.t P,Q,i.e., whenever P is true for I/P value of S and terminates, then Q is true for the O/P values of S. Ex1: x=1 {y := 2; z := x+ y} z = 3 is true. Why ? Ex 2: x = 1 { while x > 0 x++ } x = 0 is true. why?

Typical program constructs: 1. assignment: x := expr • x := x+y-3 2. composition: S1;S2 • Execute S1 first, after termination, then execute S2. 3. Conditional: • 3.1 If <cond> then S • 3.2 If <cond> then S1 else S2. 4. Loop: • 4.1 while <cond> do S • 4.2 repeat S until <cond> // 4.3 do S while <cond> … • Other constructs possible, But it can be shown that any program can be converted into an equivalent one using only 1,2,3.1 and 4.1

Assignment rule • P[x/expr] {x := expr } P • P[x/expr] is the result of replacing every x in P by the expression expr. • ex: P = "y < x /\ x + z = 5" => P[x/3] = “y < 3 /\ 3+z = 5". • Why correct? • consider the variable spaces • (...,x,...) == x := expr ==> (..., expr,...) |= P • Hence if P[x/expr] holds before execution, P will hold after execution. • Example: Q {y := x+y} x > 2y + 1 => Q = ? • (xb,yb) ==>{ya := xb+yb} ==>(xb,xb+yb) = (xa,ya) |= P(xa,ya) =def ‘’xa > 2ya +1’’ • => (xb,yb) |= Q = P(xa,ya)[xa/xb;ya/xb+yb] • = P(xb,xb+yb)  “xb > 2(xb+yb) +1”

Composition rules: • Splitting programs into subprograms and then show that each subprogram is correct. • The composition rule: P {S1} Q x = 0 { x:= x+2} ? Q {S2} R ? { x := x-1} x > 0 ------------------- --------------------------------------- P {S1;S2} R x=0 {x:= x+2; x:= x -1} x > 0 • Meaning: • Forward reading: • Backward reading: to prove P{S1;S2}Q, it suffices to find an assertion Q s.t. P{S1}Q and Q {S2}R. • Problem: How to find Q ?

Example: • Show that x =1 {y := 2; z := x +y} z = 3 • x = 1 {y := 2; z := x+y} z = 3 • -------------------------------------------------------- • x=1 {y := 2} ? ? {z := x+y} z = 3

Chapter 4

Chapter 4

Presentation Transcript

Chapter 4

Chapter 4

Chapter 4

Chapter 4

Chapter 4

Chapter 4

Chapter 4

Chapter 4-4

Chapter 4

Chapter 4

Chapter 4 - 4

Chapter 4

CHAPTER 4

Chapter 4

Chapter 4

CHAPTER 4

Chapter 4

Chapter 4

CHAPTER 4

Chapter 4

Chapter 4

Chapter 4