Axiomatic Proof of an Iterative Fibonacci Program, Study notes of Programming Languages

An axiomatic proof for an iterative fibonacci program in louden's sample language. The proof demonstrates that the program correctly computes the fibonacci sequence and its performance is directly proportional to the size of the argument. The loop invariant, the base case, and the induction steps.

Typology: Study notes

Pre 2010

Uploaded on 03/11/2009

koofers-user-jfy
koofers-user-jfy 🇺🇸

10 documents

1 / 2

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
22C:111
Example Axiomatic Program Proof
page 1 of 2
The Fibonacci numbers are a sequence of integers defined recursively by
fib(0) = 0, fib(1) = 1, and
fib(N) = fib(N-1)+fib(N-2), for N>1.
The naturally corresponding recursive program (in any language) for this
definition is clearly correct but so
highly
inefficient that it is of no practical
use, even for small (e.g., two digit) arguments. We prove that the following
iterative program fragment in Louden's Sample language is correct (its
performance is clearly directly proportional to the size of the argument N).
{ N0 }
NEW:= 1; OLD:= 0; I:= 0;
{ P
P}
while N-I do
I:= I+1; NEW:= NEW+OLD;
OLD:= NEW-OLD od
{ OLD = fib(N) }
Proof (read ˙æ as “it is provable that”)
Step 0: discover the loop invariant P
P
Informally the idea of the loop is that as I is incremented, the variables NEW
and OLD are revised to maintain the value of fib(I) and fib(I+!). We also include
a technical condition relating I and N that’s needed in the last step.
Take P
P (0£I£N Ÿ NEW=fib(I+1) Ÿ OLD=fib(I))
Step 1: Show ˙æ { N0 } NEW:=1; OLD:=0; I:=0 { P
P }
Exercise — takes several steps using ASN and SEQ.
Step 2: Show ˙æ { P
P } while{ OLD=fib(N) } (i.e., prove the post-condition)
This step is established through several intermediate steps.
Step 2A: Find Q
Q1 and Q
Q2 to show (i.e., P
P is a loop invariant)
˙æ { P
P Ÿ N-I>0 }
I:=I+1;
{ Q
Q1 } NEW:= NEW+OLD;
{ Q
Q2 } OLD:= NEW-OLD
{ P
P }
pf2

Partial preview of the text

Download Axiomatic Proof of an Iterative Fibonacci Program and more Study notes Programming Languages in PDF only on Docsity!

22C:

Example Axiomatic Program Proof

page 1 of 2

The Fibonacci numbers are a sequence of integers defined recursively by

fib(0) = 0, fib(1) = 1, and

fib(N) = fib(N-1)+fib(N-2), for N>1.

The naturally corresponding recursive program (in any language) for this

definition is clearly correct but so highly inefficient that it is of no practical

use, even for small (e.g., two digit) arguments. We prove that the following

iterative program fragment in Louden's Sample language is correct (its

performance is clearly directly proportional to the size of the argument N).

{ N≥ 0 }

NEW:= 1; OLD:= 0; I:= 0;

{ P

P

while N-I d o

I:= I+1; NEW:= NEW+OLD;

OLD:= NEW-OLD od

{ OLD = fib(N) }

Proof (read ˙

æ as “it is provable that”)

Step 0: discover the loop invariant P

P

Informally the idea of the loop is that as I is incremented, the variables NEW

and OLD are revised to maintain the value of fib(I) and fib(I+!). We also include

a technical condition relating I and N that’s needed in the last step.

Take P

P

≡ (0£I£N Ÿ NEW=fib(I+1) Ÿ OLD=fib(I))

Step 1: Show ˙

æ { N≥ 0 } NEW:=1; OLD:=0; I:=0 { P

P

Exercise — takes several steps using ASN and SEQ.

Step 2: Show ˙

æ { P

P

} while … { OLD=fib(N) } (i.e., prove the post-condition)

This step is established through several intermediate steps.

Step 2A: Find Q

Q

1

and Q

Q

2

to show (i.e., P

P

is a loop invariant)

æ { P

P

Ÿ N-I>0 }

I:=I+1;

{ Q

Q

1

} NEW:= NEW+OLD;

{ Q

Q

2

} OLD:= NEW-OLD

{ P

P

22C:

Example Axiomatic Program Proof

page 2 of 2

Step 2Ai: formulate Q

Q

1

After I is incremented, but NEW and OLD have not yet been changed, the

Fibonacci indicies of NEW and OLD are one step behind.

Take Q

Q

1

≡ 0 £I£N Ÿ NEW=fib(I) Ÿ OLD=fib(I-1)

Step 2Aii: Show ˙

æ { P

P

Ÿ I< N } I:= I+1 { Q

Q

1

It can be seen that ( P

P

Ÿ I<N) Æ Q

Q

[I fi I+1] so by ASN and STR, step 2Aii

holds.

Step 2Aiii: formulate Q

Q

2

At this point, the index I and the variable NEW have been updated, but

the variable OLD is still a step behind.

Take Q

Q

2

≡ 0 £I£N Ÿ NEW=fib(I+1) Ÿ OLD=fib(I-1)

Step 2Aiv: show ˙

æ { Q

Q

1

} NEW:= NEW+OLD { Q

Q

2

This is a direct application ofASN.

Step 2Av: show ˙

æ { Q

Q

2

} OLD:= NEW-OLD { P

P

One can see that Q

Q

2

Æ P

P

[OLD fi NEW-OLD] so that by ASN and STR, this

step is proven

Step 2Avi: by steps 2Aii, 2Aiv, and 2Av and SEQ (applied twice), the proof

of step 2A is complete.

Step 2B: by step 2A and WHL we have

æ { P

P

} while … { P

P

Ÿ N-I≤ 0 }. Now, P

P

Ÿ N-I≤ 0 implies (this is where w e

need 0 ≤I≤N included in the loop invariant)

I=N Ÿ OLD=fib(I)/

Therefore, ˙

æ P

P

Ÿ I≥N Æ OLD=fib(N) (i.e., the value of I is immaterial at the

end).

Step 3: By steps 1 and 2 and WKN , the program is proven.

This presentation has illustrated how to discover the program proof and

determine the needed steps. A valid logic proof would require reordering all

the individual steps so that each is either an axiom or is derived from previous

steps by a rule of inference.