{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Lec09_Loops_Termination

# Lec09_Loops_Termination - Illinois Institute of Technology...

This preview shows pages 1–4. Sign up to view the full content.

More Loops; Termination CS 536 Notes, Lecture 9, Mon Nov 1, 2010 A. Why Loops are ubiquitous, so it’s useful to see examples of proving them correct. Diverging programs aren’t useful, so it’s useful to know how to show that loops terminate. B. Outcomes After this lecture, you should Be familiar with proof outlines for loops with conditionals in their body. Be familiar with the loop bound method of ensuring termination. Be familiar with the extra obligations required to prove that a partially correct program is totally correct. C. Example: Some Variants of Summation We’ve looked at the simple summation loop { n 0 } i:=0;s:=0; { inv P } while i<n do i:=i+1; s:=s+i od { s=sum(0,n) } where P is 0 i n s=sum(0,i) We’ve seen how modifying the initialization causes changes to the initial condition (and invariant) 1 { n 1 } i:=1;s:=1; { inv 1 i n s=sum(0,i) } ... But we can have other variations too. E.g., { n 1 } i:=1;s:=0; { inv 1 i n s=sum(0,i-1) } while i-1 n ... { n 1 } i:=0;s:=1; { inv 0 i+1 n s=sum(0,i+1) } while i+1 n ... There are the down-going loops too. Given that the postcondition is s=sum(0,n) , we could get an invariant by generalizing from 0 to a variable j that decreases from n to 0 . { n 0 } j:=n;s:=n; { inv 0 j n s=sum(j,n) } while j 0 do s:=s+j-1; j:=j-1 od { s=sum(0,n) } D. Example: Iterative GCD For x , y , x , y > 0 , gcd ( x , y ) is the largest value that divides both x and y evenly (without remainder). E.g., gcd (300, 180) = gcd (2 ² * 3 * 5 ² , 2 ² * 3 ² * 5) = 2 ² * 3 * 5 = 60. Illinois Institute of Technology Notes for Lecture 9 CS 536: Science of Programming - 1 of 9 - © James Sasaki, 2010 1 Technically we don’t need to modify the invariant, but as i will never =0 , we might as well.

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Useful gcd property: Case 1 ( x > y ): gcd ( x , y ) = gcd ( x - y , y ) Case 2 ( y > x ): gcd ( x , y ) = gcd ( x , y - x ) Case 3 ( x = y ): gcd ( x , y ) = x = y E.g., gcd (300, 180) = gcd (120, 180), gcd (120, 60) = gcd (60, 60) = 60. Here’s an iterative gcd -calculating loop: { x>0 y>0 x=x y=y } // x and y are the initial values of x and y { inv P } // where P is x>0 y>0 gcd ( x , y ) = gcd ( x , y ) while x y do if x>y then x:=x-y else y:=y-x fi od { x= gcd ( x , y )} A full annotation: { x>0 y>0 x=x y=y } { inv P } while x y do { P x y } // where P is x>0 y>0 gcd ( x , y ) = gcd ( x , y ) if x>y then { P x y x>y } { P [ x-y/x ]} x:=x-y { P } else { P x y x y } { P [ y-x/y ]} y:=y-x { P } fi { P } od { P x=y } { x= gcd ( x , y )} The substitutions are P [ x-y/x ] is x-y>0 y>0 gcd ( x , y ) = gcd ( x-y , y ) P [ y-x/y ] is x>0 y-x>0 gcd ( x , y ) = gcd ( x , y-x ) We have a number of predicate logic obligations ( x>0 y>0 x=x y=y ) P P x y x>y P [ x-y/x ] P x y x y P [ y-x/y ] P x=y x= gcd ( x , y ) Illinois Institute of Technology Notes for Lecture 9 CS 536: Science of Programming - 2 of 9 - © James Sasaki, 2010
Inside the loop body, we could have pulled the true and false branch preconditions

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

### Page1 / 9

Lec09_Loops_Termination - Illinois Institute of Technology...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online