Constructing Loops Roland Backhouse April 30, 2001 2 Outline The - - PowerPoint PPT Presentation

constructing loops
SMART_READER_LITE
LIVE PREVIEW

Constructing Loops Roland Backhouse April 30, 2001 2 Outline The - - PowerPoint PPT Presentation

Jun 14, 2023 151 likes •357 views

1 Constructing Loops Roland Backhouse April 30, 2001 2 Outline The do-od statement Invariants and Bound Functions Examples 3 The do-od statement The statement denoted by while {b} do S in Java, or while b do S in Pascal is

slide-1
SLIDE 1

1

Constructing Loops

Roland Backhouse April 30, 2001

slide-2
SLIDE 2

2

Outline

  • The do-od statement
  • Invariants and Bound Functions
  • Examples
slide-3
SLIDE 3

3

The do-od statement

The statement denoted by while {b} do S in Java, or while b do S in Pascal is denoted here by do b→S od .

slide-4
SLIDE 4

4

Multiple Guards

The notation do b1→S1 ✷ b2→S2 ✷ . . . ✷ bn→Sn

  • d ,

where the b’s are boolean-valued expressions and the S’s are statements, denotes a program that is executed by iterating the process of choosing an i such that the guard bi evaluates to true and then executing the statement Si. If none of the guards evaluates to true then execution terminates. (Note that nondeterminism is allowed; it may be that more than one guard evaluates to true in which case an arbitrary choice is made as to which statement to execute.) We call a statement of this form a loop.

slide-5
SLIDE 5

5

Example

The statement do m <n → d,m := d+1 ,m+1 ✷ m >n → d,n := d+1 ,n+1

  • d

adds to the initial value of d the absolute difference between (integer) variables m and n, resetting m and n in the process to the maximum

  • f their initial values.
slide-6
SLIDE 6

6

Multiple to Single

Allowing multiple guards does not increase the power of the language since do b1→S1 ✷ . . . ✷ bn→Sn od is equivalent to do b1 ∨ . . . ∨ bn → if b1→S1 ✷ . . . ✷ bn→Sn fi

  • d .

So loops with multiple guards are easily rewritten as while statements. But, as in the case of conditional statements, multiple guards improve readability as well as helping to avoid error.

slide-7
SLIDE 7

7

Invariants and Bound Functions

When constructing loops the notions of an invariant property and a bound function are crucial. Loops are designed so that each iteration of the loop body maintains the invariant whilst making progress to the required postcondition by always decreasing the bound function.

Designing Loops

Suppose a problem is specified by precondition P and postcondition Q. We design a loop to meet this specification by identifying an invariant property inv and a bound function bf .

slide-8
SLIDE 8

8

The Bound Function

The bound function is a measure of the size of the problem to be solved. It is required to be an integer-valued function of the program variables that is guaranteed to be at least zero when the loop is executed. A guarantee that the value of such a bound function is always decreased at each iteration is a guarantee that the number of times the loop body is executed is at most the initial value of the bound function.

slide-9
SLIDE 9

9

The Invariant Property

The invariant property is designed by generalising the required postcondition. Split the postcondition Q into a termination condition, done, and the invariant property inv in such a way that done ∧ inv ⇒ Q . (1) Often the termination condition is equivalent to the value of the bound function being zero. The invariant property is chosen so that it is easy to design an initialisation statement S that establishes the invariant property inv. That is, we design S such that { P } S { inv } . (2)

slide-10
SLIDE 10

10

The invariant should also guarantee that the value of the bound function is at least zero. That is, inv ⇒ bf ≥0 . (3) The design is completed by constructing a loop body T that maintains the invariant whilst making progress towards the termination condition. That is, using the ghost variable C to relate the values of the bound function before and after execution of T, we design T to satisfy the specification { inv ∧ ¬done ∧ bf = C } T { inv ∧ bf < C } . (4)

slide-11
SLIDE 11

11

If the termination condition, done, the bound function, bf , the invariant, inv, and the loop body, T, have all been constructed so as to satisfy (1) and (4) it is the case that { inv } do ¬done →T od { Q } . (5) Moreover, if statement S has been constructed to satisfy (2), we can use the rule of sequential composition to infer that { P } S ; do ¬done →T od { Q } . (6)

slide-12
SLIDE 12

12

Summary

The task is to construct S, done and T to meet the specification { P } S ; do ¬done →T od { Q } . We do this with the aid of an invariant inv and a bound function bf . The invariant and termination condition are chosen so that: done ∧ inv ⇒ Q , (7) so that the invariant can be established by the initialisation statement S: { P } S { inv } , (8) and so that the loop body T can be constructed guaranteeing progress towards the termination condition whilst maintaining the invariant: { inv ∧ ¬done ∧ bf = C } T { inv ∧ bf < C } . (9) Finally the invariant should guarantee that the bound function never falls below zero. inv ⇒ bf ≥0 . (10)

slide-13
SLIDE 13

13

Summing the Elements of an Array

Suppose 0≤N and it is required to compute Σi| 0≤i<N: ai . The obvious solution is to introduce a variable s and assign to s successively 0, a0, a0+a1, a0+a1+a2, and so on. Using index variable k to count the number of values that have been added, the invariant property is 0≤k≤N ∧ s = Σi| 0≤i <k : ai , and the termination condition is k= N. The appropriate initialisation is the assignment k,s := 0,0 and the bound function is N−k. Maintaining the invariant property whilst making progress towards the termination condition is achieved by the assignment k,s := k+1 ,s+ak .

slide-14
SLIDE 14

14

The Program

{ 0≤N } k,s := 0,0 ; { Invariant: 0≤k≤N ∧ s = Σi| 0≤i<k : ai Bound function: N−k } do k <N → k,s := k+1 ,s+ak

  • d

{ s = Σi| 0≤i <N: ai }

slide-15
SLIDE 15

15

Verifying Correctness

Termination Condition (7) k≥N ∧ 0≤k≤N ∧ s = Σi| 0≤i <k : ai ⇒s = Σi| 0≤i <N : ai . Initialisation (8) { 0≤N } k,s := 0,0 { 0≤k≤N ∧ s = Σi| 0≤i<k : ai } . Loop Body (9) { 0≤k≤N ∧ s = Σi| 0≤i <k : ai ∧ k <N ∧ N−k= C } k,s := k+1 ,s+ak { 0≤k≤N ∧ s = Σi| 0≤i <k : ai ∧ N−k <C } . Bound Function (10) 0≤k≤N ∧ s = Σi| 0≤i <k : ai ⇒ N−k≥0 .

slide-16
SLIDE 16

16

Evaluating a Polynomial

Suppose we are required to evaluate

  • Σi| 0≤i <N: ai×Xi

for given real number X and array a. Horner’s rule involves computing the values aN−1 aN−1×X + aN−2 (aN−1×X + aN−2)×X+ aN−3 etc.

slide-17
SLIDE 17

17

Evaluating a Polynomial (Continued)

Horner’s rule maintains invariant the property 0≤k≤N ∧ s×Xk =

  • Σi| k≤i <N :ai×Xi

. This property is established initially by the assignment k,s := N,0 and the required postcondition is satisfied when k= 0 . We calculate that 0 <k≤N ∧ s×Xk =

  • Σi| k≤i <N: ai×Xi

∧ S = s×X + ak−1 ⇒0≤k−1≤N ∧ S×Xk−1 =

  • Σi | k−1≤i<N : ai×Xi

. So the loop body is k,s := k−1 , s×X + ak−1 .

slide-18
SLIDE 18

18

Evaluating a Polynomial (Continued)

The complete algorithm is thus: { 0≤N } k,s := N,0 ; { Invariant: 0≤k≤N ∧ s×Xk =

  • Σi| k≤i<N : ai×Xi

Bound function: k } do k >0 → k,s := k−1 , s×X + ak−1

  • d

{ s =

  • Σi| 0≤i <N :ai×Xi

}

slide-19
SLIDE 19

19

Evaluating Powers Using Horner’s Rule

Problem: evaluate XM for M ≥0. Suppose the binary representation of M is stored in the array a. Specifically we assume that M =

  • Σi| 0≤i <N: ai×2i

(11) where ∀i | 0≤i <N : ai = 0∨ ai = 1 . Then Horner’s rule suggests the computation in order of XaN−1 XaN−1×2 + aN−2 X(aN−1×2 + aN−2)×2 + aN−3 and so on.

slide-20
SLIDE 20

20

Evaluating Powers Using Horner’s Rule (Cont)

k,y := N,1 ; { Invariant: 0≤k≤N ∧ y = Xs where s×2k =

  • Σi| k≤i<N :ai×2i

Bound function: k } do k >0 → k,y := k−1 ,y2 ; if ak = 0→skip ✷ ak = 1 → y := y×ak fi

  • d

{ y = XM }