1 / 14

Loop correctness & Termination proff

Loop correctness & Termination proff. Init; Invariant Loop. Pseudo-Code Notation. R is of the form: {r} T ; {inv : p } {bd : t } while B do S ; od {q}. require --- from init invariant inv variant var until exit loop body ensure --- end. Correctness Proof (1).

teresa
Download Presentation

Loop correctness & Termination proff

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Loop correctness & Termination proff Init; Invariant Loop

  2. Pseudo-Code Notation R is of the form: {r} T; {inv : p}{bd : t } whileBdo S; od {q} require --- frominit invariant inv variant var until exit loop body ensure --- end

  3. Correctness Proof (1) • pis initially established;that is {r}T{p} holds. • p is a loop invariant;that is, {p /\ B}S{p} holds. • Upon loop termination q is true;that is, p /\ !B --> q

  4. Correctness Proof (2) • p implies t >= 0;that is p --> t >= 0 • t is decreased with each iteration;that is, {p /\ B /\ t = z}S{t < z}

  5. Summation Problem Store in a variable ‘result’the sum of the elements in a given array. SUM = k := 0; result := 0;whilek != N do result := result + a[k]; k := k + 1; od

  6. Pre, Post , Invariant Precondition: Postcondition: We choose the invariant :

  7. The code array_sum (a: ARRAY[G]): G islocal i: INTEGERdo from i := a.lower invariantvalue: -- Result = limit: ia.upper + 1 andia.lowervarianta.upper + 1 – iuntili > a.upperloopresult := result + a @ i -- *** i := i + 1endensure -- result = end

  8. Proof (1) (a) the invariant is true at the beginning of the first loop iteration; k == 0 result == 0 So the invariant trivially holds.

  9. Proof (2) (b) the invariant is maintained by one pass through the loop body;p /\ B implies p. B : k != N p /\ B :

  10. Proof (2) contd. 1. while k != N do 2. result := result + a[k]; 3. k := k + 1; 4. od Afer 2: This is p[k := k + 1] After 3:

  11. Proof (3) (c) the postcondition follows from the invariant and the exit condition; p /\ !B implies q : !B : k == N P /\ !B :

  12. Proof (4) (d) the variant is always non-negative; We choose the variant to be N - k and we have p implies N - k >= 0.

  13. Proof (5) (e) the variant decreases by at least one in every pass through the loop body. As we pass through the loop we have k := k + 1; thus, the variant decreases by 1 with every iteration.

  14. Mystery Program input(x,y) z := 1;while y != 0 doif odd(y)then y := y -1; z := x*z;else x := x * x; y := y / 2; output(z);

More Related