Loop Invariants Dr. Mattox Beckman University of Illinois at - PowerPoint PPT Presentation

Introduction Loops Loop Equations Loop Invariants Termination Loop Invariants Dr. Mattox Beckman University of Illinois at Urbana-Champaign Department of Computer Science

Introduction Loops Loop Equations Loop Invariants Termination Objectives You should be able to ... ◮ Explain the concept of well formed induction. ◮ Enumerate the three conditions necessary for a loop to yield the correct answer. ◮ Enumerate the three conditions necessary for a loop to terminate. ◮ Pick a good loop invariant to verify a loop.

Introduction Loops Loop Equations Loop Invariants Termination What Is a Loop? ◮ Remember from our discussion of if that it is best to consider the if as one statement rather than two branches. { p ∧ B } S 1 { q } { p ∧ ¬ B } S 2 { q } { p } if B then S 1 else S 2 fi { q } ◮ With loops, we have a similar problem. ◮ … p and q are the same thing, though!

od Introduction Loops Loop Equations Loop Invariants Termination Loop Proof ◮ A loop proof outline looks like this: { q } S i { inv : p } { bd : t } while B do { p ∧ B } S { p } { p ∧ ¬ B } { r }

od Introduction Loops Loop Equations Loop Invariants Termination Loop Equations ◮ We need to solve fjve equations. { q } S i { inv : p } { bd : t } 1. { q } S i { p } while B do 2. { p ∧ B } S { p } { p ∧ B } 3. p ∧ ¬ B → r S 4. p → t ≥ 0 { p } 5. { p ∧ B ∧ t = z } S { t < z } { p ∧ ¬ B } { r }

od Introduction Loops Loop Equations Loop Invariants Termination Example 1 – Partial Correctness Example 1 s := 0; i := 0; while ( i < | A | ) do s := s + A [ i ]; i := i + 1 Solutions: What are these equations? ◮ { true } s := 0; i := 0 { i ≤ | A | ∧ s = Σ i − 1 A [ i ] } ◮ { q } S i { p } 0 ◮ { i ≤ | A |∧ s = Σ i − 1 A [ i ] ∧ i < | A |} S { i ≤ | A |∧ s = Σ i − 1 A [ i ] } ◮ { p ∧ B } S { p } 0 0 A [ i ] ∧ i ≥ | A | → s = Σ | A |− 1 ◮ p ∧ ¬ B → r ◮ i ≤ | A | ∧ s = Σ i − 1 A [ i ] 0 0

od Introduction Loops Loop Equations Loop Invariants Termination Example 2 – Partial Correctness Example 2 while ( a > 0) do a , b := b mod a , a What are these equations? Solutions: ◮ No initialization! ◮ { q } S i { p } ◮ { gcd ( a , b ) = gcd ( a ′ , b ′ ) ∧ a > 0 } S { gcd ( a , b ) = gcd ( a ′ , b ′ ) } ◮ { p ∧ B } S { p } ◮ p ∧ ¬ B → r ◮ gcd ( a , b ) = gcd ( a ′ , b ′ ) ∧ a = 0 → b = gcd ( a ′ , b ′ )

Introduction Loops Loop Equations Loop Invariants Termination How to Pick a Loop Invariant ◮ The loop invariant is a weaker version of the postcondition. ◮ p ∧ ¬ B → r ◮ The loop’s job is to incrementally make B false. ◮ So, to pick a loop invariant, you need to weaken the postcondition. Ways to Weaken ◮ Replace a constant with a range. ◮ Add a disjunct. ◮ Remove a conjunct.

Introduction Loops Loop Equations Loop Invariants Termination Example 1 s = Π | A |− 1 A [ j ] j =0

Introduction Loops Loop Equations Loop Invariants Termination Example 1 s = Π | A |− 1 A [ j ] j =0 Replace a constant with a range: 0 ≤ n ≤ | A | ∧ r = Π n − 1 j =0 A [ j ]

Introduction Loops Loop Equations Loop Invariants Termination Example 2 a = 0 ∧ b = gcd ( a ′ , b ′ );

Introduction Loops Loop Equations Loop Invariants Termination Example 2 a = 0 ∧ b = gcd ( a ′ , b ′ ); Add a disjunct: a > 0 ∧ gcd ( a , b ) = gcd ( a ′ , b ′ ) ∨ a = 0 ∧ b = gcd ( a ′ , b ′ );

Introduction Loops Loop Equations Loop Invariants Termination Example 3 | f ( x ) | < ε ∧ δ < ε

Introduction Loops Loop Equations Loop Invariants Termination Example 3 | f ( x ) | < ε ∧ δ < ε | f ( x ) | < ε

Introduction Loops Loop Equations Loop Invariants Termination Making Progress ◮ What does it mean to “make progress toward termination?” ◮ Consider a function on integers ... ◮ A function on lists ... ◮ A function on Hydras ...

Introduction Loops Loop Equations Loop Invariants Termination The Total Correctness Formulas ◮ p → t ≥ 0 ◮ { p ∧ B ∧ t = z } S { t < z }

od Introduction Loops Loop Equations Loop Invariants Termination Example 1 – Total Correctness Example 1 s := 0; i := 0; while ( i < | A | ) do s := s + A [ i ]; i := i + 1 Solution: What are these equations? ◮ i ≤ | A | ∧ s = Σ i − 1 A [ i ] → t ≥ 0 ◮ p → t ≥ 0 0 ◮ { i ≤ | A | ∧ s = Σ i − 1 A [ i ] ∧ i < | A | ∧ t = z } S { t < z } ◮ { p ∧ B ∧ t = z } S { t < z } 0 ◮ Let t = | A | − i .

od Introduction Loops Loop Equations Loop Invariants Termination Example 2 – Total Correctness Example 2 while ( a > 0) do a , b := b mod a , a What are these equations? Solutions: ◮ p → t ≥ 0 ◮ a > 0 → t ≥ 0 ◮ (Too big to fjt. But notice a always decreases!) ◮ { p ∧ B ∧ t = z } S { t < z }