










Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The concept of program correctness through the use of hoare triples and the sequence, if-else, and loop rules. The sequence and if-else rules are presented as rote, while the loop rule requires the appropriate guesses as to the values of loop invariants. Proving a program correct is a challenging process, and debugging still plays a role.
Typology: Lecture notes
1 / 18
This page cannot be seen from the preview
Don't miss anything!











We know that any sum 25p+40m is divisible by 5. After $140, one can get every multiple of 5. Basis: $140 = ... $145 = … $ $ $ Then let n be some multiple of 5 > $160. Assume that every multiple of 5 between 140 and n is representable. Then for n+5, n+5-25 is between 140 and n. Thus n+5 = 25 + n+5-25. n+5-25 = m25 + p40 by the strong induction hypothesis. Thus n+5 = 25 + n+5-25 = 25 = 2+ m25+p40 = (m+1)*
Docsity.com
When it doesn't crash? When it answers the way we expect? When is a program "correct"? Program correctness Friday, October 15, 2010 6:41 PM Docsity.com
preconditions: what is true before the program starts. postconditions: what is true afterward. Every statement or program has preconditions and postconditions. p: y is a number (preconditions) S: x:=y; (statement) q: x==y (postconditions) Example x:=y The form p{S}q is called a Hoare triple. We write this as (y is a number) {x=y;} (x==y) Mathematical basis of program correctness. Friday, October 15, 2010 6:42 PM Docsity.com
Break large programs into smaller ones. Prove correctness of the smaller ones. Combine those proofs into a proof of correctness for the larger one. We can use a calculus of Hoare triples to The sequence rule: when is a sequence of statements correct? The if-else rule: what does an if statement do? The while rule: what does a "while" statement do? Several tools We can think of these rules as the semantics for sequence, if, and while. The calculus of Hoare triples Wednesday, October 20, 2010 2:33 PM Docsity.com
If pS 1 q and qS 2 r then p{S 1 ;S 2 }r The sequence(composition) rule: Example: T {x:=1} x==1 (def. of :=) x==1 {x:=x+1} x==2 (def. of +)
T {x:=1; x:=x+1} x== The sequence rule Friday, October 15, 2010 6:46 PM Docsity.com
if p→q and q{S}r then p{S}r. If p{S}q and q→r then p{S}r. Example: T { x=1 } x== x==1 → x>
T { x=1 } x> Implication Tuesday, October 19, 2010 3:26 PM Docsity.com
(p ˄ condition) {S} q (p ˄ ≦condition) → q
p { if condition then S} q T { if (x<0) x=-x; } x≥ 0 Example: p=T, condition=(x<0), S={x=-x;} Demonstrating this: (x<0) { x=-x; } (x>0) by definition of - x x>0 →x≥ 0 by definition of > so : (T ˄ x<0) { x=-x; } (x≥0) p˄condition{S}q (T ˄ x≥0) → x≥ 0 p˄ ≦ condition → q
T { if (x<0) x=-x; } x≥ 0 p {S} q The if statement Tuesday, October 19, 2010 3:15 PM Docsity.com
Start with perhaps disparate states, expressed as p, q, whatever. End with one description, e.g., q or r, of a complex expression. So far, we've been doing a rote algorithm So far Wednesday, October 20, 2010 3:40 PM Docsity.com
p { while condition S} (≦ condition ˄ p) p is called a loop invariant. p is an expression, whose variables aren't necessarily constant. In other words, if S doesn't affect p, then repeating it an arbitrary number of times doesn't affect p, either Example: (i=1) { while (i<10) i++ } (i≥ 10 ˄ i>=1) p=(i>=1): the loop invariant: i++ only increases i. S= (i++): loop operation. i>=10 is the same as ≦ (i<10) Note that (i≥ 10 ˄ i≥1) → i≥10, so we could write the above as: (i=1) { while (i<10) i++ } (i≥ 10 ) Loop invariants Tuesday, October 19, 2010 3:38 PM Docsity.com
condition is (j<=n) S is { sum += j; j++ } What is p? A tricky calculation: We know that for a particular j, sum = 1+…+j-1 = (j-1)j/ Thus an appropriate loop invariant is True for all j<=n+ p = (sum==(j-1)j/2 ^ j<=n+1) Thus, applying the loop rule: (p ˄ condition) {S} p
p { while condition S} (≦ condition ˄ p) we get: { sum += j; j++ } ((sum==(j-1)j/2 ^ j<=n+1) ^ j<=n) sum==(j-1)j/2 ^ j<=n+
{ while (j<=n) { sum += j; j++ } (sum==(j-1)j/2 ^ j<=n+1) (≦ (j<=n) ^ (sum==(j-1)j/2 ^ j<=n+1)) (≦ (j<=n) ^ (sum==(j-1)j/2 ^ j<=n+1) j>n ^ j<=n+1 ^ sum==(j-1)j/2) j==n+1 ^ sum==(j-1)j/ j==n+1 ^ sum==(n+1-1)(n+1)/ sum==n(n+1)/ Simplifying the last: Done! Whew! Docsity.com
Done! Whew! Docsity.com