od Introduction Loops Loop Equations Loop Invariants Termination Introduction Loops Loop Equations Loop Invariants Termination Objectives You should be able to ... Loop Invariants ◮ Explain the concept of well formed induction. Dr. Mattox Beckman ◮ Enumerate the three conditions necessary for a loop to yield the correct answer. ◮ Enumerate the three conditions necessary for a loop to terminate. University of Illinois at Urbana-Champaign Department of Computer Science ◮ Pick a good loop invariant to verify a loop. Introduction Loops Loop Equations Loop Invariants Termination Introduction Loops Loop Equations Loop Invariants Termination What Is a Loop? Loop Proof ◮ A loop proof outline looks like this: ◮ Remember from our discussion of if that it is best to consider the if as one statement { q } rather than two branches. S i { inv : p } { bd : t } { p ∧ B } S 1 { q } { p ∧ ¬ B } S 2 { q } while B do { p } if B then S 1 else S 2 fi { q } { p ∧ B } ◮ With loops, we have a similar problem. S { p } ◮ … p and q are the same thing, though! { p ∧ ¬ B } { r }
od od od Introduction Loops Loop Equations Loop Invariants Termination Introduction Loops Loop Equations Loop Invariants Termination Loop Equations Example 1 – Partial Correctness Example 1 ◮ We need to solve fjve equations. s := 0; { q } i := 0; S i while ( i < | A | ) do { inv : p } { bd : t } 1. { q } S i { p } s := s + A [ i ]; while B do 2. { p ∧ B } S { p } i := i + 1 { p ∧ B } 3. p ∧ ¬ B → r S { p } 4. p → t ≥ 0 Solutions: What are these equations? 5. { p ∧ B ∧ t = z } S { t < z } ◮ { true } s := 0; i := 0 { i ≤ | A | ∧ s = Σ i − 1 A [ i ] } ◮ { q } S i { p } { p ∧ ¬ B } 0 ◮ { i ≤ | A |∧ s = Σ i − 1 A [ i ] ∧ i < | A |} S { i ≤ | A |∧ s = Σ i − 1 A [ i ] } ◮ { p ∧ B } S { p } { r } 0 0 A [ i ] ∧ i ≥ | A | → s = Σ | A |− 1 ◮ p ∧ ¬ B → r ◮ i ≤ | A | ∧ s = Σ i − 1 A [ i ] 0 0 Introduction Loops Loop Equations Loop Invariants Termination Introduction Loops Loop Equations Loop Invariants Termination Example 2 – Partial Correctness How to Pick a Loop Invariant ◮ The loop invariant is a weaker version of the postcondition. Example 2 ◮ p ∧ ¬ B → r while ( a > 0) do ◮ The loop’s job is to incrementally make B false. a , b := b mod a , a ◮ So, to pick a loop invariant, you need to weaken the postcondition. Ways to Weaken What are these equations? Solutions: ◮ No initialization! ◮ Replace a constant with a range. ◮ { q } S i { p } ◮ Add a disjunct. ◮ { p ∧ B } S { p } ◮ { gcd ( a , b ) = gcd ( a ′ , b ′ ) ∧ a > 0 } S { gcd ( a , b ) = gcd ( a ′ , b ′ ) } ◮ Remove a conjunct. ◮ p ∧ ¬ B → r ◮ gcd ( a , b ) = gcd ( a ′ , b ′ ) ∧ a = 0 → b = gcd ( a ′ , b ′ )
Introduction Loops Loop Equations Loop Invariants Termination Introduction Loops Loop Equations Loop Invariants Termination Example 1 Example 1 s = Π | A |− 1 A [ j ] j =0 s = Π | A |− 1 A [ j ] Replace a constant with a range: j =0 0 ≤ n ≤ | A | ∧ r = Π n − 1 j =0 A [ j ] Introduction Loops Loop Equations Loop Invariants Termination Introduction Loops Loop Equations Loop Invariants Termination Example 2 Example 2 a = 0 ∧ b = gcd ( a ′ , b ′ ); a = 0 ∧ b = gcd ( a ′ , b ′ ); Add a disjunct: a > 0 ∧ gcd ( a , b ) = gcd ( a ′ , b ′ ) ∨ a = 0 ∧ b = gcd ( a ′ , b ′ );
Introduction Loops Loop Equations Loop Invariants Termination Introduction Loops Loop Equations Loop Invariants Termination Example 3 Example 3 | f ( x ) | < ε ∧ δ < ε | f ( x ) | < ε ∧ δ < ε | f ( x ) | < ε Introduction Loops Loop Equations Loop Invariants Termination Introduction Loops Loop Equations Loop Invariants Termination Making Progress The Total Correctness Formulas ◮ What does it mean to “make progress toward termination?” ◮ p → t ≥ 0 ◮ Consider a function on integers ... ◮ { p ∧ B ∧ t = z } S { t < z } ◮ A function on lists ... ◮ A function on Hydras ...
od od Introduction Loops Loop Equations Loop Invariants Termination Introduction Loops Loop Equations Loop Invariants Termination Example 1 – Total Correctness Example 2 – Total Correctness Example 1 Example 2 s := 0; i := 0; while ( a > 0) do while ( i < | A | ) do a , b := b mod a , a s := s + A [ i ]; i := i + 1 What are these equations? Solutions: ◮ p → t ≥ 0 ◮ a > 0 → t ≥ 0 Solution: What are these equations? ◮ i ≤ | A | ∧ s = Σ i − 1 ◮ (Too big to fjt. But notice a always decreases!) ◮ { p ∧ B ∧ t = z } S { t < z } A [ i ] → t ≥ 0 ◮ p → t ≥ 0 0 ◮ { i ≤ | A | ∧ s = Σ i − 1 A [ i ] ∧ i < | A | ∧ t = z } S { t < z } ◮ { p ∧ B ∧ t = z } S { t < z } 0 ◮ Let t = | A | − i .
Recommend
More recommend
