Integer Division - Lecture Notes - Introduction to Software Engineering | CS 3300, Study notes of Software Engineering

Material Type: Notes; Class: Intro to Software Engr; Subject: Computer Science; University: Georgia Institute of Technology-Main Campus; Term: Unknown 1989;

Typology: Study notes

Pre 2010

Uploaded on 08/05/2009

koofers-user-wm1
koofers-user-wm1 🇺🇸

10 documents

1 / 7

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
What Does this Program Do?
Q 0
R X
while (R Y)
R R Y
Q Q +1
How can you be sure?
Integer division
Compute quotient Qand remainder Rof X
divided by Y, for non-negative integer Xand
positive integer Y
Expressed as a function returning two results
<Q, R> DIVIDE(X, Y)
Expressed as a relation of four variables
DIVIDE(X, Y, Q, R)
Answer
Preconditions
What must be true about the inputs to this
program in order for the program to
successfully execute?
Q 0
R X
while (R Y)
R R Y
Q Q +1
Preconditions
•X 0 Y> 0
The value of X is non-negative and
The value of Y is positive before execution
begins
Q 0
R X
while (R Y)
R R Y
Q Q +1
Postconditions
What must be true about the program
output variables after the program has
completed execution?
Expressed in terms of input and output
variables
Assuming that it terminates Q 0
R X
while (R Y)
R R Y
Q Q +1
Postconditions
•Y> 0
•X0
Q 0
R X
while (R Y)
R R Y
Q Q +1
pf3
pf4
pf5

Partial preview of the text

Download Integer Division - Lecture Notes - Introduction to Software Engineering | CS 3300 and more Study notes Software Engineering in PDF only on Docsity!

What Does this Program Do?

Q ← 0

R ← X

while (R ≥ Y)

R ← R − Y

Q ← Q + 1

How can you be sure?

• Integer division

─ Compute quotient Q and remainder R of X

divided by Y , for non-negative integer X and

positive integer Y

– Expressed as a function returning two results

<Q, R> ← DIVIDE(X, Y)

– Expressed as a relation of four variables

DIVIDE(X, Y, Q, R)

Answer

Preconditions

• What must be true about the inputs to this

program in order for the program to

successfully execute?

Q ← 0

R ← X

while (R ≥ Y) R ← R − Y Q ← Q + 1

Preconditions

• X ≥ 0 ∧ Y > 0

– The value of X is non-negative and

– The value of Y is positive before execution

begins

Q ← 0

R ← X

while (R ≥ Y) R ← R − Y Q ← Q + 1

Postconditions

• What must be true about the program

output variables after the program has

completed execution?

– Expressed in terms of input and output

variables

– Assuming that it terminates Q^ ←^0

R ← X

while (R ≥ Y) R ← R − Y Q ← Q + 1

Postconditions

• Y > 0 ∧

• X ≥ 0

Q ← 0

R ← X

while (R ≥ Y) R ← R − Y Q ← Q + 1

Postconditions

• Y > 0 ∧

• X ≥ 0 ∧

• Q ≥ 0

Q ← 0

R ← X

while (R ≥ Y) R ← R − Y Q ← Q + 1

Postconditions

• Y > R ≥ 0 ∧

• X ≥ 0 ∧

• Q ≥ 0

Q ← 0

R ← X

while (R ≥ Y) R ← R − Y Q ← Q + 1

Postconditions

• Y > R ≥ 0 ∧

• X ≥ 0 ∧

• Q ≥ 0 ∧

• X = Q ∗ Y + R Q ← 0

R ← X

while (R ≥ Y) R ← R − Y Q ← Q + 1

Proof Plan

• Construct flow chart

• Annotate with preconditions

• Add invariants at intermediate program

points based on the type of statement

executed

– Assignment

– Conditional

– Loop

Flow

Chart

START

Q0

RX

R < Y

RR - Y

QQ + 1

Yes No

EXIT

Add Pre-

Conditions

START

Q0

RX

R < Y

RR - Y

QQ + 1

Yes No

EXIT

X0, Y > 0

Loops

  • Unlike other statements, a loop, like the one in the example, has to deal with multiple incoming flows of control - That is, there are two ways of entering the loop - One from the start of the program - One after going around the loop at least once
  • The statements inside the loop must be true in both circumstances
  • In fact, they need to be true no matter how many times the loop is executed
  • For this reason, they are called loop invariants
    • Normally, you think of loops behaving differently on each iteration
    • But the assertion has to stay the same
  • That is, the loop invariant has to generalize over all iterations
    • The analyst has to invent this generalization

More on Loop Invariants

• A loop invariant has to satisfies three

properties

  • It must be true the first time execution reaches it
  • If it is true after some number (n) of iterations, it must be true after n + 1
  • It must be strong enough to imply the postcondition

• Recall, the post condition we are looking for is

– Y > R ≥ 0 ∧ X ≥ 0 ∧ Q ≥ 0 ∧ X = Q ∗ Y + R

• We already have Y > 0, Y > R, X ≥ 0

• Let's try R ≥ Y > 0, X ≥ 0, Q ≥ 0, X = R + Q ∗ Y

START

Q0

RX

R < Y

RR - Y

QQ + 1

Yes HALT No

X0, Y > 0 X0, Y > 0, Q = 0

RY > 0, X0, Q0, X = R + QY

R0, Y > 0, X0, Q = 0, X = R

Y > R, Y0, X0

Example

More Invariants

• Let's try our first test. Is the invariant true the

first time through

  • Condition before entering the loop R0 , Y > 0, X0, Q = 0, X = R
  • Loop invariant RY > 0, X0, Q0, X = R + QY
  • R0 and Y > 0 and RY implies RY > 0; so we are okay so far
  • X still non-negative
  • If Q equal to 0 , then it is certainly greater than or equal to it
  • Finally, if Q = 0 and X = R then X does equal R + QY = R + 0Y = R

Assignments One Last Time

  • The algorithm includes the assignment statement RR - Y
  • What is interesting about this statement is that the variable on the left hand side ( R ) also occurs on the right hand side
  • If we naively state that the postcondition is {R = R - Y}, we would get nonsense
  • Instead, we must introduce a little more notation and perform some algebraic manipulations

Assignments - 2

  • Assume that the precondition for the assignment statement is {X = R + Q * Y} and the assignment statement RR - Y
  • First, using the assignment statement, annotate the left hand R with a prime (R') - R' can be read as "the value of R after the assignment"
  • Then, solve for R in terms of R': R' = R - YR' + Y = R
  • Substitute this expression (R' + Y) into the precondition for all occurrences of R : {X = (R' + Y) + QY}
  • Simplify to produce the postcondition (drop the prime): {X = R + (Q + 1)Y}
  • The general rule is to solve for the variable without the apostrophe and plug that expression into the precondition

More

Assignments

Y > R0, X0, Q0, X= R + Q * Y

R ≥ 0, X0, Y > 0, Q ≥ 0 , X = R + (Q + 1) * Y

START

Q0

RX

R < Y

RR - Y

QQ + 1

Yes HALT No

X0, Y > 0 X0, Y > 0, Q = 0

RY > 0, X0, Q0, X = R + Q * Y

R0, Y > 0, X0, Q = 0, X = R

Last Assignment

  • Let's try this procedure on the last assignment statement in the algorithm QQ + 1
  • The precondition of the assignment is R0, X0, Y > 0, Q0, X = R + (Q + 1)Y
  • Set Q' = Q + 1
  • Solve for Q: Q = Q' - 1
  • Substitute into precondition: R0, X0, Y > 0, (Q' - 1)0, X = R + ((Q' - 1) + 1)Y
  • Simplify R0, X0, Y > 0, Q > 0, X = R + QY

Last

Assignment

Y > R0, X0, Q0, X = R+QY*

R ≥ 0, X0, Y > 0, Q ≥ 0 , X = R + (Q + 1) * Y

START

Q0

RX

R < Y

RR - Y

QQ + 1

Yes HALT No

X0, Y > 0 X0, Y > 0, Q = 0

R ≥ 0, X0, Y > 0, Q > 0, X = R + Q * Y

RY > 0, X0, Q0, X = R + Q * Y

R0, Y > 0, X0, Q = 0, X = R

Implications

  • Notice that the postcondition of the last assignment labels the arc that returns to the top of the loop
  • We can now make our second test on the loop invariant: if the loop has successfully executed n times, is will the invariant hold on the n + 1
  • The postcondition on the nth execution (on any execution) is R0, X0, Y > 0, Q > 0, X = R + QY
  • The loop invariant is RY > 0, X0, Q0, X = R + QY
  • Surely Q > 0 implies Q0
  • And R0, Y > 0, and the loop condition RY imply RY > 0
  • So the second test of our loop invariant is passed

Third Test

  • It is easy to come up with loop invariants. After all, 1 + 1 = 2 is a loop invariant. It is true for every execution of any loop
  • But it is not much good in proving programs
  • We need to have loop invariants that imply the program's post conditions
  • This is just another way of saying that the loop computation has to contribute to the producing the intended program result
  • For the example program, the result of the loop is R0, X0, Y > 0, Q > 0, X = R + QY
  • We also know from the conditional that R < Y
  • The program post condition is Y > R0, X0, Q0, X = QY + R
  • So the third test is passed as well

Summary of Example

• Preconditions for successful execution

• Postconditions

• Examination of all possible paths

• Assignment

• Conditionals

• Loop

  • Invariant
  • First execution
  • Induction
  • Strong enough

Step 2

• Provide a convincing argument, in English,

that this is so