CS336F106

# CS336F106 - What We’ll Discuss Lecture 6 CS336 The Check...

This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 9/13/10 What We’ll Discuss Lecture 6 CS336 The Check List Homework Program Development: Systematic Programming using Goal Oriented Approaches Program Correctness GCN for Loops do B1→ S1 repeat as long as possible. B2→ S2 choose a B that is true and . execute its command . . Bn→ Sn od “DO Check List”: for an ncommand loop: •  Show that P holds before loop execution begins. •  Show that (∀i|1≤i≤n: {P∧Bi} Si {P}). •  Show that P∧¬BB → R. •  Show that P∧BB → (t≥0). •  Show that (∀i| 1≤i≤n: {P∧Bi} t':=t; Si {t<t'}). Euclid’s Method for finding GCD   •  Example  x=42  y=56  y‐x=14  now let y=14 and x=42 repeat  x‐y=28 now let y=14 and x=28 repeat  x‐y=14 now let y=14 and x=14 repeat  The GCD is 14.  Applying this checklist to a gcd example, we annotated the program: {X>0 ∧ Y>0} x,y:= X,Y; {inv P: gcd(x,y) = gcd(X,Y) ∧ 0<x≤X ∧ 0<y≤Y} {bound t = ?} do x>y → x:= x-y  y>x →y:= y-x od {R: x=y=gcd(X,Y)} 1 9/13/10 Some useful facts about gcd: •  gcd(a,b) = gcd(a-b,b) (i) gcd(a,b) = gcd(b,a) (ii) gcd(a,a) = a (iii) Show that P holds before loop execution begins. Q → wp(“S0”,P) ↔ <instantiation> X>0 ∧ Y>0 → wp(“x,y:= X,Y”, gcd(x,y) = gcd(X,Y) ∧ 0<x≤X ∧ 0<y≤Y) ↔ <wp:=> X>0 ∧ Y>0 → gcd(X,Y) = gcd(X,Y) ∧ 0<X≤X ∧ 0<Y≤Y) ↔ <identity; ∧-simp > X>0 ∧ Y>0 → 0< X ∧ 0< Y ↔ <identity (or → simp)> T Show that ((∀i|1≤i≤n: {P∧Bi} Si {P}). i=1: P∧B1 → wp(“x:= x-y”, gcd(x,y) = gcd(X,Y) ∧ 0<x≤X ∧ 0<y≤Y) ↔ <def. of wp “:=”, subst.> P∧B1 → gcd(x-y,y) = gcd(X,Y) ∧ 0<(x-y)≤X ∧ 0<y≤Y ↔ <gcd-fact (i)> P∧B1 → gcd(x,y) = gcd(X,Y) ∧ 0<(x-y)≤X ∧ 0<y≤Y ↔ <algebra> gcd(x,y) = gcd(X,Y) ∧ 0<x≤X ∧ 0<y≤Y ∧ x>y → gcd(x,y) = gcd(X,Y) ∧ y<x≤X +y∧ 0<y≤Y ∧ x>y Show that ((∀i|1≤i≤n: {P∧Bi} Si {P}). i=2: Left as exercise. On account of gcd-fact (ii) —the symmetry of the function— the same argument for i=1 establishes {P∧B2} S2 {P} . ↔ <w/s > T Show that P∧¬BB → R. P∧¬BB → R ↔<inst.> gcd(x,y) = gcd(X,Y) ∧ 0<x≤X∧0<y≤Y ∧¬ (x>y ∨ y>x) → x=y=gcd(X,Y) ↔<algebra x=y; substitution> gcd(x,x) = gcd(y,y) =gcd(X,Y) ∧ 0<x≤X∧0<y≤Y ∧ x=y→ x=y=gcd(X,Y) ↔< gcd-fact(iii); W/S> T Show that P∧BB → (t≥0).. •  Choose t= x+y. P∧BB → (t≥0) ↔ <inst.> gcd(x,y) = gcd(X,Y) ∧ 0<x≤X ∧ 0<y≤Y ∧ (x>y ∨ y>x) → x+y≥0 ↔ <algebra x≥0 and y≥0 then x+y≥0, W/S> T 2 9/13/10 Show that (∀i| 1≤i≤n: {P∧Bi} t':=t; Si {t<t'}). i=1: –  P∧B1 → wp(“t':= t; S1 ”, t<t') ↔ <inst; def. of wp “;” ; def. of wp“:=”> P∧B1 → wp(“t':= x+y”, x-y+y<t') ↔ < algebra> P∧B1 → wp(“t':= x+y”, x<t') ↔ < def. of wp “:=”> P∧B1 → x<x+y ↔ <inst; algebra> gcd(x,y) = gcd(X,Y) ∧ 0<x≤X ∧ 0<y≤Y ∧ x>y → 0<y ↔ < W/S> T Show that (∀i| 1≤i≤n: {P∧Bi} t':=t; Si {t<t'}). And again by symmetry —i.e. gcd(a,b)= gcd(b,a)— the same argument establishes {P∧B2} t':=t; S2 {t<t'} Left as Exercise. Hence by the Do theorem, the program segment is correct. HW 2. Prove or disprove the correctness of the following algorithm. 3. Prove the correctness for the following algorithm. What is the goal of this algorithm? {Q: 0<n} i ,z:= 0,0; {P: 0≤i≤n∧ z = (Σj|0≤j<i∧b[j]=0:1)} do i<n→ if b[i]=0 →z:=z+1 b[i]≠0 →skip fi; i:=i+1 od {R: z = (Σj| 0≤j<n∧b[j]=0:1)} Example of developing a program that  is correct (from last semesters exam)   {Q: 0<m ∧ 0<n} i,j := m-1, n-1; {P: 0≤i<m ∧ 0≤j<n} do j≠0 → j := j-1 j=0 ∧ i≠0 → i,j:= i-1, n-1 od {R: i=0 ∧ j=0}   (10) Find x to make the following program  segment correct. (Hint: you might notice that  this may be part of a program that expands a  bit representation of a number to decimal  form.)  Check you answer.    {Q: y=(Σ j| 0≤j<i : b[j] ×2j)}    y,i:= x,i+1;    {R: y=(Σ j| 0≤j<i : b[j] ×2j)}  3 9/13/10 Program Development     The programmer ’s goal is generally to  arrange for the establishment of a state  satisfying a postcondition R prescribed by the  problem; often some precondition Q is also  prescribed.  First steps would be to formalize R  and Q.  Program Development   The general pattern for 1‐guard loops is    {invariant: P}  {bound: t}  do B → Command decreases t, keeping P true  od  { P∧¬B}  Invariants     A programmer attacking a problem does not  usually begin with invariants and bound  functions already specified— inventing them  is an important part of the programming  activity.     In fact, the invariants (or a different variant)  may yield different algorithms.  How are Invariants developed?     •  First we determine R and Q , then develop the  invariant.  •  Since P is true before and after each iteration, but R  is true only after the last one, P is weaker than R—  there are more states that satisfy P than satisfy R, as  is also shown by the familiar P∧¬B → R.  Hence a  very good way to develop the unknown P is by  weakening the known R.  How can a predicate be weakened?  The useful ways are  •  Delete a conjunct.  For example, A ∧ B ∧ C → A ∧ B.  •  Replace a constant by a variable.  For example,           x ≤ b[0..n‐1] ∧ (∃j: 0≤j<n: x=b[j])  →  x ≤ b[0..i‐1] ∧ (∃j: 0≤j<i : x=b[j]) ∧ 1≤i≤n      (and we must specify the new variable’s range).  •  Enlarge a variable’s range.  For example,         1≤i≤n → 0≤i≤n.  Example       The program is the linear search—  Given an  array b[0..m‐1], where 0<m and x∈b, the  program is to find the smallest value of i such  that x = b[i].      What are R and Q?  4 9/13/10 Example       The program is the linear search—  Given an  array b[0..m‐1], where 0<m and x∈b, the  program is to find the smallest value of i such  that x = b[i].      How can we come up with a suitable invariant P?    We start with    Q: 0<m ∧ x ∈ b[0..m‐1]  R: 0≤i<m ∧ x = b[i] ∧ (∀j: 0≤j<i: x ≠ b[j])    Which of R’s conjuncts should we delete?  Example       The program is the linear search—  Given an array  b[0..m‐1], where 0<m and x∈b, the program is to  find the smallest value of i such that x = b[i].      Q: 0<m ∧ x ∈ b[0..m‐1]    P: 0≤i<m ∧ (∀j: 0≤j<i: x ≠ b[j])    do           od    R: 0≤i<m ∧ x = b[i] ∧ (∀j: 0≤j<i: x ≠ b[j])  Example       The program is the linear search—  Given an array  b[0..m‐1], where 0<m and x∈b, the program is to  find the smallest value of i such that x = b[i].      Q: 0<m ∧ x ∈ b[0..m‐1]  S0 i=0    P: 0≤i<m ∧ (∀j: 0≤j<i: x ≠ b[j])      do         od    R: 0≤i<m ∧ x = b[i] ∧ (∀j: 0≤j<i: x ≠ b[j])  Example       The program is the linear search—  Given an array  b[0..m‐1], where 0<m and x∈b, the program is to  find the smallest value of i such that x = b[i].      Q: 0<m ∧ x ∈ b[0..m‐1]  S0: i=0    P: 0≤i<m ∧ (∀j: 0≤j<i: x ≠ b[j])      do x≠b[i] ∧i<m-1 → i:=i+1 od    R: 0≤i<m ∧ x = b[i] ∧ (∀j: 0≤j<i: x ≠ b[j])  Evaluate α:= xTy + α0 Q: {α= α0} S 0: P: S: do od R: α= ( Σ j| 0≤j<n : xjyj) + α0 5 9/13/10 Evaluate α:= xTy + α0 Q: {α= α0} S 0: P: 0≤i≤n ∧ α= ( Σ j| 0≤j<i : xjyj) + α0 S: do od R: α= ( Σ j| 0≤j<n : xjyj) + α0 Evaluate α:= xTy + α0 Q: {α= α0} S 0: P: 0≤i≤n ∧ α= ( Σ j| 0≤j<i : xjyj) + α0 S: do i<n → od R: α= ( Σ j| 0≤j<n : xjyj) + α0 Evaluate α:= xTy + α0 Q: {α= α0} S0: α, i: = α0, 0 P: 0≤i≤n ∧ α= ( Σ j| 0≤j<i : xjyj) + α0 S: do i<n → od R: α= ( Σ j| 0≤j<n : xjyj) + α0 Evaluate α:= xTy + α0 Q: {α= α0} S0: α, i: = α0, 0 P: 0≤i≤n ∧ α= ( Σ j| 0≤j<i : xjyj) + α0 S: do i<n → α, i:= xiyi + α, i+1 od R: α= ( Σ j| 0≤j<n : xjyj) + α0 Next time •  More on systematic programming using goal  oriented approaches. GUEST  6 ...
View Full Document

{[ snackBarMessage ]}

Ask a homework question - tutors are online