Arrays LAST TODAY NEXT Integers Array mechanics Searching arrays - - PowerPoint PPT Presentation

arrays last today next integers array mechanics searching
SMART_READER_LITE
LIVE PREVIEW

Arrays LAST TODAY NEXT Integers Array mechanics Searching arrays - - PowerPoint PPT Presentation

Jun 11, 2023 371 likes •716 views

Arrays LAST TODAY NEXT Integers Array mechanics Searching arrays Memory model Correctness Aliasing Safety Dataypes so far Basic (a.k.a. small types) : int, string, bool, char Integers represent numbers (rendered using 2s

slide-1
SLIDE 1

Arrays

slide-2
SLIDE 2

LAST Integers TODAY Array mechanics Memory model Aliasing Safety NEXT Searching arrays Correctness

slide-3
SLIDE 3

Dataypes so far

  • Basic (a.k.a. small types) : int, string, bool, char
  • Integers
  • represent numbers (rendered using 2’s complement)
  • represent bit patterns
  • Safety constraints on operations
  • x / y, x % y
  • x << k, x >> k
slide-4
SLIDE 4

Learning resources

slide-5
SLIDE 5

C0 Memory Model

Local Memory Contains values of local variables May only contain values of small types

int square(int x){ return x * x; }

x

slide-6
SLIDE 6

C0 Memory Model

Local Memory Contains values of local variables May only contain values of small types

int main(){ int x = 100; int y = square(x); return y; }

x y

slide-7
SLIDE 7

Function calls

Local Memory Contains values of local variables May only contain values of small types

int square(int x) { return x * x; } int main(){ int x = 10; int y = square(x); return y; }

main

10

x y square

10

x

100

slide-8
SLIDE 8

A new dataype

  • int, string, bool, char
  • t[] array whose elements are of type t

small not small

slide-9
SLIDE 9

C0 Memory Model

Local Memory Allocated Memory Contains values of local variables May only contain values of small types We can have addresses to the memory cells and store those addresses in local memory

slide-10
SLIDE 10

C0 array facts

alloc_array(t, n)

  • Initializes to a default value of type t
  • Precondition: n >= 0
  • Postcondition: length of allocated array is n


A[i]

  • Indexable by integers [0, n)
  • Precondition: 0 <= i < n
slide-11
SLIDE 11

Arrays in C0 examples with coin

slide-12
SLIDE 12

Arrays in C0

  • -> int[] A = alloc_array(int, 5);

A is 0x13500000 (int[] with 5 elements)

memory address

slide-13
SLIDE 13

Local Memory X

0xB8

Allocated Memory

5 6 7

0xB8

memory address

int[] X = alloc_array(int, 3); X[0] = 5; X[1] = 6; X[2] = 7;

slide-14
SLIDE 14

int[] X = alloc_array(int, 3); X[0] = 5; X[1] = 6; X[2] = 7; int[] Y = X;

Local Memory X

0xB8

Allocated Memory

5 6 7

0xB8

Y

0xB8

slide-15
SLIDE 15

int[] X = alloc_array(int, 3); X[0] = 5; X[1] = 6; X[2] = 7; int[] Y = X; Y[2] = 9;

Local Memory X

0xB8

Allocated Memory

5 6 9

0xB8

Y

0xB8

slide-16
SLIDE 16

Local Memory X

0xB8

Allocated Memory

5 6 9

0xB8

Y

0xB8

true

int[] X = alloc_array(int, 3); X[0] = 5; X[1] = 6; X[2] = 7; int[] Y = X; Y[2] = 9; X == Y;

slide-17
SLIDE 17

Local Memory X

0xB8

Allocated Memory

5 6 9

0xB8

Y

0xB8 0xC4

Z

5 6 9

0xC4

false

int[] X = alloc_array(int, 3); X[0] = 5; X[1] = 6; X[2] = 7; int[] Y = X; Y[2] = 9; int[] Z = alloc_array(int, 3); Z[0] = 5; Z[1] = 6; Z[2] = 9; X == Z;

slide-18
SLIDE 18

int[] X = alloc_array(int, 3); X[0] = 5; X[1] = 6; X[2] = 7; int[] Y = X; int[] Z = alloc_array(int, 3); X = alloc_array(int, 3); Y = alloc_array(int, 3);

  • ld X still accessible via Y
  • ld X will be garbage collected
slide-19
SLIDE 19

Contracts for array

  • perations
  • alloc_array(t, n)
  • //@requires
  • //@ensures
  • A[i] (both read and write)
  • //@requires
  • \length(A)
  • //@ensures

0 <= i && i < \length(A) \length(result) == n n >= 0 \result >= 0

slide-20
SLIDE 20

Example: copying an array

  • Write function array_copy, which will copy contents of

a given array to a new array and return the new array

  • What should the parameters be?
  • Pre and post conditions
  • Code example using array_copy:

int[] X = alloc_array(int, 3); int[] Y = array_copy(X,…);

Y should be a new array containing the same elements as in X!

slide-21
SLIDE 21

First attempt

int[] array_copy(int[] A) { return A; }

Y ends up being an alias for X, not what we want!

int[] X = alloc_array(int, 3); int[] Y = array_copy(X);

client(caller,user) code

slide-22
SLIDE 22

Second attempt

There is no primitive for getting length of a C0 array. \length(A) is allowed only in contracts.

int[] array_copy(int[] A) { int[] B = alloc_array(int,???); … }

slide-23
SLIDE 23

Second attempt

int[] array_copy(int[] A, int n) { int[] B = alloc_array(int,n); … } int[] X = alloc_array(int, 3); int[] Y = array_copy(X,5);

client(caller,user) code

safe? correct?

should not be allowed

slide-24
SLIDE 24

Precondition added

int[] array_copy(int[] A, int n) //@requires n == \length(A); { int[] B = alloc_array(int,n); … return B; } int[] X = alloc_array(int, 3); int[] Y = array_copy(X,3);

client code

slide-25
SLIDE 25

Precondition added

B is an alias to A, after array_copy returns, B is garbage collected.

int[] array_copy(int[] A, int n) //@requires n == \length(A); { int[] B = alloc_array(int,n); B = A; return B; } int[] X = alloc_array(int, 3); int[] Y = array_copy(X,3);

client code

slide-26
SLIDE 26

Third attempt

int[] array_copy(int[] A, int n) //@requires n == \length(A); { int[] B = alloc_array(int,n); for (int i = 0; i < n; i++) { B[i] = A[i]; } return B; }

slide-27
SLIDE 27

Safety on the function side

  • Is A[i] safe?
  • Is B[i] safe?

need to show 0 <= i < length of A/B

}

Using precondition, 
 loop guard, 
 and postcondition of alloc_array

int[] array_copy(int[] A, int n) //@requires n == \length(A); { int[] B = alloc_array(int,n); for (int i = 0; i < n; i++) { B[i] = A[i]; } return B; }

slide-28
SLIDE 28

Safety on the function side

int[] array_copy(int[] A, int n) //@requires n == \length(A); { int[] B = alloc_array(int,n); for (int i = 0; i < n; i++) //@loop_invariant 0 <= i; { B[i] = A[i]; } return B; }

show that it is a valid loop invariant

slide-29
SLIDE 29

Proof

INIT: obvious PRES: assume 0<= i, and show 0 <= i’

int[] array_copy(int[] A, int n) //@requires n == \length(A); { int[] B = alloc_array(int,n); for (int i = 0; i < n; i++) //@loop_invariant 0 <= i; { B[i] = A[i]; } return B; }

i’ = i + 1 i + 1 >= 0 ( i ! = int_max() because i < n by the loop guard)

slide-30
SLIDE 30

Safety on the caller side

  • Is int[] J = array_copy(I,3) safe?
  • Is int[] K = array_copy(J,3) safe?

int main() { int[] I = alloc_array(int, 3); for (int i=0; i<3; i++) { I[i] = i+5; // I is [5, 6, 7] } int[] J = array_copy(I,3); int[] K = array_copy(J,3); return 0; }

int[] array_copy(int[] A, int n) //@requires n == \length(A);

What is length of J?

slide-31
SLIDE 31

Postcondition added

int[] array_copy(int[] A, int n) //@requires n == \length(A); //@ensures \length(\result) == n; { int[] B = alloc_array(int,n); for (int i = 0; i < n; i++) //@loop_invariant 0 <= i; { B[i] = A[i]; } return B; }

slide-32
SLIDE 32

Effects visible to the client?

visible to caller int[] array_copy(int[] A, int n) //@requires n == \length(A); //@ensures \length(\result) == n; { int[] B = alloc_array(int,n); for (int i = 0; i < n; i++) //@loop_invariant 0 <= i; { B[i] = A[i]; } if (n > 0) A[0] = 42; return B; }

slide-33
SLIDE 33

not visible to caller int[] array_copy(int[] A, int n) //@requires n == \length(A); //@ensures \length(\result) == n; { int[] B = alloc_array(int,n); for (int i = 0; i < n; i++) //@loop_invariant 0 <= i; { B[i] = A[i]; } A = alloc_array(int, 10); if (n > 0) A[0] = 42; return B; }