

Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An axiomatic proof for an iterative fibonacci program in louden's sample language. The proof demonstrates that the program correctly computes the fibonacci sequence and its performance is directly proportional to the size of the argument. The loop invariant, the base case, and the induction steps.
Typology: Study notes
1 / 2
This page cannot be seen from the preview
Don't miss anything!


Example Axiomatic Program Proof
page 1 of 2
The Fibonacci numbers are a sequence of integers defined recursively by
fib(0) = 0, fib(1) = 1, and
fib(N) = fib(N-1)+fib(N-2), for N>1.
The naturally corresponding recursive program (in any language) for this
definition is clearly correct but so highly inefficient that it is of no practical
use, even for small (e.g., two digit) arguments. We prove that the following
iterative program fragment in Louden's Sample language is correct (its
performance is clearly directly proportional to the size of the argument N).
while N-I d o
OLD:= NEW-OLD od
{ OLD = fib(N) }
Proof (read ˙
æ as “it is provable that”)
Step 0: discover the loop invariant P
Informally the idea of the loop is that as I is incremented, the variables NEW
and OLD are revised to maintain the value of fib(I) and fib(I+!). We also include
a technical condition relating I and N that’s needed in the last step.
Take P
≡ (0£I£N Ÿ NEW=fib(I+1) Ÿ OLD=fib(I))
Step 1: Show ˙
æ { N≥ 0 } NEW:=1; OLD:=0; I:=0 { P
Exercise — takes several steps using ASN and SEQ.
Step 2: Show ˙
æ { P
} while … { OLD=fib(N) } (i.e., prove the post-condition)
This step is established through several intermediate steps.
Step 2A: Find Q
1
and Q
2
to show (i.e., P
is a loop invariant)
æ { P
1
2
Example Axiomatic Program Proof
page 2 of 2
Step 2Ai: formulate Q
1
After I is incremented, but NEW and OLD have not yet been changed, the
Fibonacci indicies of NEW and OLD are one step behind.
Take Q
1
≡ 0 £I£N Ÿ NEW=fib(I) Ÿ OLD=fib(I-1)
Step 2Aii: Show ˙
æ { P
1
It can be seen that ( P
[I fi I+1] so by ASN and STR, step 2Aii
holds.
Step 2Aiii: formulate Q
2
At this point, the index I and the variable NEW have been updated, but
the variable OLD is still a step behind.
Take Q
2
≡ 0 £I£N Ÿ NEW=fib(I+1) Ÿ OLD=fib(I-1)
Step 2Aiv: show ˙
æ { Q
1
2
This is a direct application ofASN.
Step 2Av: show ˙
æ { Q
2
One can see that Q
2
[OLD fi NEW-OLD] so that by ASN and STR, this
step is proven
Step 2Avi: by steps 2Aii, 2Aiv, and 2Av and SEQ (applied twice), the proof
of step 2A is complete.
Step 2B: by step 2A and WHL we have
æ { P
} while … { P
Ÿ N-I≤ 0 }. Now, P
Ÿ N-I≤ 0 implies (this is where w e
need 0 ≤I≤N included in the loop invariant)
I=N Ÿ OLD=fib(I)/
Therefore, ˙
æ P
Ÿ I≥N Æ OLD=fib(N) (i.e., the value of I is immaterial at the
end).
Step 3: By steps 1 and 2 and WKN , the program is proven.
This presentation has illustrated how to discover the program proof and
determine the needed steps. A valid logic proof would require reordering all
the individual steps so that each is either an axiom or is derived from previous
steps by a rule of inference.