CS336F106 - 9/13/10 What We’ll Discuss Lecture 6 CS336...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 9/13/10 What We’ll Discuss Lecture 6 CS336 The Check List Homework Program Development: Systematic Programming using Goal Oriented Approaches Program Correctness GCN for Loops do B1→ S1 repeat as long as possible. B2→ S2 choose a B that is true and . execute its command . . Bn→ Sn od “DO Check List”: for an ncommand loop: •  Show that P holds before loop execution begins. •  Show that (∀i|1≤i≤n: {P∧Bi} Si {P}). •  Show that P∧¬BB → R. •  Show that P∧BB → (t≥0). •  Show that (∀i| 1≤i≤n: {P∧Bi} t':=t; Si {t<t'}). Euclid’s
Method
for
finding
GCD 
 •  Example
 x=42

y=56
 y‐x=14

now
let
y=14
and
x=42
repeat
 x‐y=28
now
let
y=14
and
x=28
repeat
 x‐y=14
now
let
y=14
and
x=14
repeat
 The
GCD
is
14.
 Applying this checklist to a gcd example, we annotated the program: {X>0 ∧ Y>0} x,y:= X,Y; {inv P: gcd(x,y) = gcd(X,Y) ∧ 0<x≤X ∧ 0<y≤Y} {bound t = ?} do x>y → x:= x-y  y>x →y:= y-x od {R: x=y=gcd(X,Y)} 1 9/13/10 Some useful facts about gcd: •  gcd(a,b) = gcd(a-b,b) (i) gcd(a,b) = gcd(b,a) (ii) gcd(a,a) = a (iii) Show that P holds before loop execution begins. Q → wp(“S0”,P) ↔ <instantiation> X>0 ∧ Y>0 → wp(“x,y:= X,Y”, gcd(x,y) = gcd(X,Y) ∧ 0<x≤X ∧ 0<y≤Y) ↔ <wp:=> X>0 ∧ Y>0 → gcd(X,Y) = gcd(X,Y) ∧ 0<X≤X ∧ 0<Y≤Y) ↔ <identity; ∧-simp > X>0 ∧ Y>0 → 0< X ∧ 0< Y ↔ <identity (or → simp)> T Show that ((∀i|1≤i≤n: {P∧Bi} Si {P}). i=1: P∧B1 → wp(“x:= x-y”, gcd(x,y) = gcd(X,Y) ∧ 0<x≤X ∧ 0<y≤Y) ↔ <def. of wp “:=”, subst.> P∧B1 → gcd(x-y,y) = gcd(X,Y) ∧ 0<(x-y)≤X ∧ 0<y≤Y ↔ <gcd-fact (i)> P∧B1 → gcd(x,y) = gcd(X,Y) ∧ 0<(x-y)≤X ∧ 0<y≤Y ↔ <algebra> gcd(x,y) = gcd(X,Y) ∧ 0<x≤X ∧ 0<y≤Y ∧ x>y → gcd(x,y) = gcd(X,Y) ∧ y<x≤X +y∧ 0<y≤Y ∧ x>y Show that ((∀i|1≤i≤n: {P∧Bi} Si {P}). i=2: Left as exercise. On account of gcd-fact (ii) —the symmetry of the function— the same argument for i=1 establishes {P∧B2} S2 {P} . ↔ <w/s > T Show that P∧¬BB → R. P∧¬BB → R ↔<inst.> gcd(x,y) = gcd(X,Y) ∧ 0<x≤X∧0<y≤Y ∧¬ (x>y ∨ y>x) → x=y=gcd(X,Y) ↔<algebra x=y; substitution> gcd(x,x) = gcd(y,y) =gcd(X,Y) ∧ 0<x≤X∧0<y≤Y ∧ x=y→ x=y=gcd(X,Y) ↔< gcd-fact(iii); W/S> T Show that P∧BB → (t≥0).. •  Choose t= x+y. P∧BB → (t≥0) ↔ <inst.> gcd(x,y) = gcd(X,Y) ∧ 0<x≤X ∧ 0<y≤Y ∧ (x>y ∨ y>x) → x+y≥0 ↔ <algebra x≥0 and y≥0 then x+y≥0, W/S> T 2 9/13/10 Show that (∀i| 1≤i≤n: {P∧Bi} t':=t; Si {t<t'}). i=1: –  P∧B1 → wp(“t':= t; S1 ”, t<t') ↔ <inst; def. of wp “;” ; def. of wp“:=”> P∧B1 → wp(“t':= x+y”, x-y+y<t') ↔ < algebra> P∧B1 → wp(“t':= x+y”, x<t') ↔ < def. of wp “:=”> P∧B1 → x<x+y ↔ <inst; algebra> gcd(x,y) = gcd(X,Y) ∧ 0<x≤X ∧ 0<y≤Y ∧ x>y → 0<y ↔ < W/S> T Show that (∀i| 1≤i≤n: {P∧Bi} t':=t; Si {t<t'}). And again by symmetry —i.e. gcd(a,b)= gcd(b,a)— the same argument establishes {P∧B2} t':=t; S2 {t<t'} Left as Exercise. Hence by the Do theorem, the program segment is correct. HW 2. Prove or disprove the correctness of the following algorithm. 3. Prove the correctness for the following algorithm. What is the goal of this algorithm? {Q: 0<n} i ,z:= 0,0; {P: 0≤i≤n∧ z = (Σj|0≤j<i∧b[j]=0:1)} do i<n→ if b[i]=0 →z:=z+1 b[i]≠0 →skip fi; i:=i+1 od {R: z = (Σj| 0≤j<n∧b[j]=0:1)} Example
of
developing
a
program
that
 is
correct
(from
last
semesters
exam) 
 {Q: 0<m ∧ 0<n} i,j := m-1, n-1; {P: 0≤i<m ∧ 0≤j<n} do j≠0 → j := j-1 j=0 ∧ i≠0 → i,j:= i-1, n-1 od {R: i=0 ∧ j=0} 
 (10)
Find
x
to
make
the
following
program
 segment
correct.
(Hint:
you
might
notice
that
 this
may
be
part
of
a
program
that
expands
a
 bit
representation
of
a
number
to
decimal
 form.)

Check
you
answer.
 
 {Q:
y=(Σ
j|
0≤j<i
:
b[j]
×2j)}
 
 y,i:=
x,i+1;
 
 {R:
y=(Σ
j|
0≤j<i
:
b[j]
×2j)}
 3 9/13/10 Program
Development 
 
 The
programmer ’s
goal
is
generally
to
 arrange
for
the
establishment
of
a
state
 satisfying
a
postcondition
R
prescribed
by
the
 problem;
often
some
precondition
Q
is
also
 prescribed.

First
steps
would
be
to
formalize
R
 and
Q.
 Program
Development 
 The
general
pattern
for
1‐guard
loops
is
 
 {invariant:
P}
 {bound:
t}
 do
B
→ Command decreases
t,
keeping
P
true
 od
 { P∧¬B}
 Invariants 
 
 A
programmer
attacking
a
problem
does
not
 usually
begin
with
invariants
and
bound
 functions
already
specified—
inventing
them
 is
an
important
part
of
the
programming
 activity.
 

 In
fact,
the
invariants
(or
a
different
variant)
 may
yield
different
algorithms.
 How
are
Invariants
developed?

 
 •  First
we
determine
R
and
Q ,
then
develop
the
 invariant.
 •  Since
P
is
true
before
and
after
each
iteration,
but
R
 is
true
only
after
the
last
one,
P
is
weaker
than
R—
 there
are
more
states
that
satisfy
P
than
satisfy
R,
as
 is
also
shown
by
the
familiar
P∧¬B → R.

Hence
a
 very
good
way
to
develop
the
unknown
P
is
by
 weakening
the
known
R.
 How
can
a
predicate
be
weakened?
 The
useful
ways
are
 •  Delete
a
conjunct.

For
example,
A
∧
B
∧
C
→
A
∧
B.
 •  Replace
a
constant
by
a
variable.

For
example,
 
 






x
≤
b[0..n‐1]
∧
(∃j:
0≤j<n:
x=b[j])
 →

x
≤
b[0..i‐1]
∧
(∃j:
0≤j<i
:
x=b[j])
∧
1≤i≤n


 
 (and
we
must
specify
the
new
variable’s
range).
 •  Enlarge
a
variable’s
range.

For
example,

 
 
 
 1≤i≤n
→
0≤i≤n.
 Example

 
 
 The
program
is
the
linear
search—

Given
an
 array
b[0..m‐1],
where
0<m
and
x∈b,
the
 program
is
to
find
the
smallest
value
of
i
such
 that
x
=
b[i].


 
 What
are
R
and
Q?
 4 9/13/10 Example

 
 
 The
program
is
the
linear
search—

Given
an
 array
b[0..m‐1],
where
0<m
and
x∈b,
the
 program
is
to
find
the
smallest
value
of
i
such
 that
x
=
b[i].


 
 How
can
we
come
up
with
a
suitable
invariant
P?
 
 We
start
with
 
 Q:
0<m
∧
x
∈
b[0..m‐1]
 R:
0≤i<m
∧
x
=
b[i]
∧
(∀j:
0≤j<i:
x
≠
b[j])
 
 Which
of
R’s
conjuncts
should
we
delete?
 Example

 
 
 The
program
is
the
linear
search—

Given
an
array
 b[0..m‐1],
where
0<m
and
x∈b,
the
program
is
to
 find
the
smallest
value
of
i
such
that
x
=
b[i].


 
 Q:
0<m
∧
x
∈
b[0..m‐1]
 
 P:
0≤i<m
∧
(∀j:
0≤j<i:
x
≠
b[j])
 
 do










od
 
 R:
0≤i<m
∧
x
=
b[i]
∧
(∀j:
0≤j<i:
x
≠
b[j])
 Example

 
 
 The
program
is
the
linear
search—

Given
an
array
 b[0..m‐1],
where
0<m
and
x∈b,
the
program
is
to
 find
the
smallest
value
of
i
such
that
x
=
b[i].


 
 Q:
0<m
∧
x
∈
b[0..m‐1]
 S0
i=0
 
 P:
0≤i<m
∧
(∀j:
0≤j<i:
x
≠
b[j])
 
 
 do








od
 
 R:
0≤i<m
∧
x
=
b[i]
∧
(∀j:
0≤j<i:
x
≠
b[j])
 Example

 
 
 The
program
is
the
linear
search—

Given
an
array
 b[0..m‐1],
where
0<m
and
x∈b,
the
program
is
to
 find
the
smallest
value
of
i
such
that
x
=
b[i].


 
 Q:
0<m
∧
x
∈
b[0..m‐1]
 S0:
i=0
 
 P:
0≤i<m
∧
(∀j:
0≤j<i:
x
≠
b[j])
 
 
 do
x≠b[i]
∧i<m-1
→
i:=i+1
od
 
 R:
0≤i<m
∧
x
=
b[i]
∧
(∀j:
0≤j<i:
x
≠
b[j])
 Evaluate α:= xTy + α0 Q: {α= α0} S 0: P: S: do od R: α= ( Σ j| 0≤j<n : xjyj) + α0 5 9/13/10 Evaluate α:= xTy + α0 Q: {α= α0} S 0: P: 0≤i≤n ∧ α= ( Σ j| 0≤j<i : xjyj) + α0 S: do od R: α= ( Σ j| 0≤j<n : xjyj) + α0 Evaluate α:= xTy + α0 Q: {α= α0} S 0: P: 0≤i≤n ∧ α= ( Σ j| 0≤j<i : xjyj) + α0 S: do i<n → od R: α= ( Σ j| 0≤j<n : xjyj) + α0 Evaluate α:= xTy + α0 Q: {α= α0} S0: α, i: = α0, 0 P: 0≤i≤n ∧ α= ( Σ j| 0≤j<i : xjyj) + α0 S: do i<n → od R: α= ( Σ j| 0≤j<n : xjyj) + α0 Evaluate α:= xTy + α0 Q: {α= α0} S0: α, i: = α0, 0 P: 0≤i≤n ∧ α= ( Σ j| 0≤j<i : xjyj) + α0 S: do i<n → α, i:= xiyi + α, i+1 od R: α= ( Σ j| 0≤j<n : xjyj) + α0 Next time •  More
on
systematic
programming
using
goal
 oriented
approaches.
GUEST
 6 ...
View Full Document

Ask a homework question - tutors are online