- 38 Views
- Uploaded on
- Presentation posted in: General

Arrays and quantifiers

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Arrays and quantifiers

Programming Fundamentals

19

Feliks Kluźniak

a : integer array of N elements

Sorted : a[ 0 ] =< a[ 1 ] and a[ 1 ] =< a[ 2 ] and

... and a[ N – 2 ] =< a[ N – 1 ]

Arrays and predicates

a : integer array of N elements

Sorted : a[ 0 ] =< a[ 1 ] and a[ 1 ] =< a[ 2 ] and

... and a[ N – 2 ] =< a[ N – 1 ]

Unsorted : a[ 0 ] > a[ 1 ] or a[ 1 ] > a[ 2 ] or

... or a[ N – 2 ] > a[ N – 1 ]

NOTE: Recall de Morgan’s laws, and not (x =< y) = (x > y) .

Arrays and predicates

a : integer array of N elements

Sorted : a[ 0 ] =< a[ 1 ] and a[ 1 ] =< a[ 2 ] and

... and a[ N – 2 ] =< a[ N – 1 ]

Unsorted : a[ 0 ] > a[ 1 ] or a[ 1 ] > a[ 2 ] or

... or a[ N – 2 ] > a[ N – 1 ]

NOTE: Recall de Morgan’s laws, and not (x =< y) = (x > y) .

This is unwieldy, and does not work very well for large N !

Arrays and predicates

The (bounded) universal quantifier :

Sorted : (A i : 0 =< i < N – 1 : a[ i ] =< a[ i + 1 ])

This is generalized conjunction:

for every i

such thati is positive and smaller than N – 1,

a[ i ] is not greater than a[ i + 1 ] .

i : 0 =< i < N – 1 : a[ i ] =< a[ i + 1]

Arrays and predicates

The (bounded) universal quantifier :

Sorted : (A i : 0 =< i < N – 1 : a[ i ] =< a[ i + 1 ])

This is generalized conjunction:

for every i we most often say ”for all”, but mean ”for every”/”for each”

such thati is positive and smaller than N – 1,

a[ i ] is not greater than a[ i + 1 ] .

i : 0 =< i < N – 1 : a[ i ] =< a[ i + 1]

Arrays and predicates

The (bounded) universal quantifier :

Sorted : (Ai : 0 =< i < N – 1 : a[ i ] =< a[ i + 1 ])

quantifier

i : 0 =< i < N – 1 : a[ i ] =< a[ i + 1]

Arrays and predicates

The (bounded) universal quantifier :

Sorted : (Ai: 0 =< i< N – 1 : a[ i] =< a[ i+ 1 ])

quantifier, dummy variable

i: 0 =< i < N – 1 : a[ i ] =< a[ i + 1]

Arrays and predicates

The (bounded) universal quantifier :

Sorted : (Ai: 0 =< i< N – 1 : a[ i ] =< a[ i+ 1 ])

quantifier, dummy variable

Note: The dummy variable is bound by the quantifier: we cannot substitute anything for it, and the value of the entire formula does not depend on it.

Arrays and predicates

The (bounded) universal quantifier :

Sorted : (Ai: 0 =< i< N – 1 : a[ i] =< a[ i+ 1 ])

quantifier, dummy variable

Note: The dummy variable is boundby the quantifier: we cannot substitute anything for it, and the value of the entire formula does not depend on it.

The variables on which the value of the formula depends are the free variables . In this case they are N and the various elements of the array a.

Arrays and predicates

The (bounded) universal quantifier :

Sorted : (A i : 0 =< i < N – 1 : a[ i ] =< a[ i + 1 ])

quantifier, dummy variable, range

i : 0 =< i < N – 1 : a[ i ] =< a[ i + 1]

Arrays and predicates

The (bounded) universal quantifier :

Sorted : (A i : 0 =< i < N – 1 : a[ i ] =< a[ i + 1 ])

quantifier, dummy variable, range, quantified formula

i : 0 =< i < N – 1 : a[ i ] =< a[ i + 1]

Arrays and predicates

The (bounded) universal quantifier :

Sorted : (A i : 0 =< i < N – 1 : a[ i ] =< a[ i + 1 ])

This is simply shorthand for

true and a[ 0 ] =< a[ 1 ] and a[ 1 ] =< a[ 2 ] and ...

.... and a[ N – 2 ] =< a[ N – 1 ]

Notice that when N =< 1, this expression reduces to

true !

Arrays and predicates

The (bounded) existential quantifier :

Unsorted : (E i : 0 =< i < N – 1 : a[ i ] > a[ i + 1 ])

This is generalized disjunction:

there exists ani

such thati is positive and smaller than N – 1,

and a[ i ] is not greater than a[ i + 1 ] .

i : 0 =< i < N – 1 : a[ i ] > a[ i + 1]

Arrays and predicates

The (bounded) existential quantifier :

Unsorted : (E i : 0 =< i < N – 1 : a[ i ] > a[ i + 1 ])

This is simply shorthand for

false or a[ 0 ] =< a[ 1 ] or a[ 1 ] =< a[ 2 ] or ...

.... or a[ N – 2 ] =< a[ N – 1 ]

Notice that when N =< 1, this expression reduces to

false !

Arrays and predicates

The dummy variable is bound (i.e., not free).

One must be careful to avoid a clash of names.

P( y ) : (A x : 0 < x < N : x > y)

Q : 9 < x and x < 99 and P( x )

P( x ) is not equivalent to (A x : 0 < x < N : x > x)

but to (A z : 0 < z < N : z > x)

(where z is some unused variable).

Arrays and predicates

For bounded quantifiers, it follows directly from

de Morgan’s laws that:

(not (A v : r : P)) = (E v : r : not P)

(not (E v : r : P)) = (A v : r : not P)

Arrays and predicates

(A v : r : P)

is equivalent to ( A v :: r implies P )

Hence the pleasant and very important property that a universally quantified formula with an empty range is true!

Arrays and predicates

(A v : r : P)

is equivalent to ( A v :: r implies P )

Hence the pleasant and very important property that a universally quantified formula with an empty range is true!

NOTE:

”Empty range” does not mean that there is no range expression, as in

( A x :: P( x ) ). It means that the range expression is false, as in

( A i : 0 < i < 1 : P( x ) ) .

Arrays and predicates

From our generalised de Morgan’s laws it follows that an existentially quantified formula with an empty range is false.

(not (A v : r : P)) = (E v : r : not P)

Arrays and predicates

Sorted( n ) : (A i : 0 =< i < n – 1 : a[ i ] =< a[ i + 1 ])

Unsorted( n ) : (E i : 0 =< i < n – 1 : a[ i ] > a[ i + 1 ])

For an array with only one element the range is empty. So the array is sorted, and is not unsorted.

Arrays and predicates

Other useful quantifiers: sum

(S i : 0 =< i < N : a[ i ])

The sum of the elements of ain the range [ 0, N ),

i.e., a[ 0 ] + a[ 1 ] + a[ 2 ] + .... + a[ N – 1 ] .

NOTE: This is not a predicate: its value is numerical.

Arrays and predicates

Other useful quantifiers: sum, product

(S i : 0 =< i < N : a[ i ])

(P i : 0 =< i < N : a[ i ])

The product of the elements of ain the range [ 0, N ) ,

i.e., a[ 0 ] * a[ 1 ] * a[ 2 ] * .... * a[ N – 1 ].

NOTE: These are not predicates: their values are numerical.

Arrays and predicates

Other useful quantifiers: sum, product, count.

(S i : 0 =< i < N : a[ i ])

(P i : 0 =< i < N : a[ i ])

(N i : 0 =< i < N : a[ i ] = 0)

The number of elements of ain the range [ 0, N ) whose value is 0.

(Here, a[ i ] = 0 is just an example of a predicate and a[ i ] is just an example of an expression).

NOTE: These are not predicates: their values are numerical.

Arrays and predicates

Other useful quantifiers: sum, product, count.

(S i : 0 =< i < N : a[ i ])

(P i : 0 =< i < N : a[ i ])

(N i : 0 =< i < N : a[ i ] = 0)

The counting quantifier has no classical counterpart, the first two do:

N - 1

N - 1

a i

a i

i = 0

i = 0

Arrays and predicates

Let j < k, and let P be some predicate.

Arrays and predicates

Let j < k, and let P be some predicate.

Which of the following two predicates is stronger?

(A i : 0 =< i < j : P( i ))(A i : 0 =< i < k : P( i ))

Arrays and predicates

Let j < k, and let P be some predicate.

Which of the following two predicates is stronger?

(A i : 0 =< i < j : P( i )) is implied by

(A i : 0 =< i < k : P( i ))

Arrays and predicates

Let j < k, and let P be some predicate.

Which of the following two predicates is stronger?

(A i : 0 =< i < j : P( i )) is implied by

(A i : 0 =< i < k : P( i ))

Because

P( 0 ) and P( 1 ) and .... and P( j )

is implied by

P( 0 ) and P( 1 ) and .... and P( j ) and ... and P( k )

Arrays and predicates

Let j < k, and let P be some predicate.

Which of the following two predicates is stronger?

(E i : 0 =< i < j : P( i )) (E i : 0 =< i < k : P( i ))

Arrays and predicates

Let j < k, and let P be some predicate.

Which of the following two predicates is stronger?

(E i : 0 =< i < j : P( i )) implies (E i : 0 =< i < k : P( i ))

Arrays and predicates

Let j < k, and let P be some predicate.

Which of the following two predicates is stronger?

(E i : 0 =< i < j : P( i )) implies (E i : 0 =< i < k : P( i ))

Because

P( 0 ) or P( 1 ) or ... or P( j )

implies

P( 0 ) or P( 1 ) or ... or P( j )or ... or P( k )

Arrays and predicates

So it will normally be more natural to use a universally quantified formula for expressing an invariant when we do something with an array.

Recall that our method is to find an invariant that is weaker than the desired outcome, and then to strengthen it as the program progresses:

P

P and not B

desired

- There is a whole class of programs that traverse an array sequentially. They share the following properties:
- The invariant is of the form
- ( A j : 0 =< j < k : P( j ) ) and k =< N
- The loop condition is of the form
- k != N and .... (sometimes simply k != N )
- The termination argument is
- the invariant implies N – k >= 0, and N – k strictly decreases with each iteration (becausekincreases).

Arrays and predicates

Let a be an array with N elements. Let us write a program that finds whether a contains the integer m .

Arrays and predicates

Let a be an array with N elements. Let us write a program that finds whether a contains the integer m .

Specifically, we want variable k to be the lowest value such that a[ k ] = m . If a does not contain m, we want k = N .

Arrays and predicates

Let a be an array with N elements. Let us write a program that finds whether a contains the integer m .

Specifically, we want variable k to be the lowest value such that a[ k ] = m . If a does not contain m, we want k = N .

This can be expressed as follows:

R: (A i : 0 =< i < k : a[ i ] != m) and (a[ k ] = m or k = N)

k

all elements are different from m

m

k

all elements are different from m

Arrays and predicates

R: (A i : 0 =< i < k : a[ i ] != m) and (k = N or a[ k ] = m)

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

Notice that P( k ) is a straightforward weakening of R .

k

all elements are different from m

Arrays and predicates

R: (A i : 0 =< i < k : a[ i ] != m) and (k = N or a[ k ] = m)

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

Clearly, P(k) and a[ k ] = m means that we found the answer.

k

all elements are different from m

m

Arrays and predicates

R: (A i : 0 =< i < k : a[ i ] != m) and (k = N or a[ k ] = m)

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

Clearly, P(k) and a[ k ] = m means that we found the answer, and so does P(k) and k = N .

k

all elements are different from m

m

k

all elements are different from m

Arrays and predicates

R: (A i : 0 =< i < k : a[ i ] != m) and (k = N or a[ k ] = m)

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

Clearly, P(k) and a[ k ] = m means that we found the answer, and so does P(k) and k = N .

P(k) is trivial to establish. How?

Arrays and predicates

R: (A i : 0 =< i < k : a[ i ] != m) and (k = N or a[ k ] = m)

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

Clearly, P(k) and a[ k ] = m means that we found the answer, and so does P(k) and k = N .

P(k) is trivial to establish: k := 0 (empty range!).

Arrays and predicates

R: (A i : 0 =< i < k : a[ i ] != m) and (k = N or a[ k ] = m)

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

Clearly, P(k) and a[ k ] = m means that we found the answer, and so does P(k) and k = N .

P(k) is trivial to establish: k := 0 (empty range!). So the program writes itself:

k := 0; % P(k)

while k != N and a[ k ] != m do

% P(k) and k != N and a[ k ] != m

k := k + 1 % P(k) Why?

od

Arrays and predicates

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

k := 0; % P(k)

while k != N and a[ k ] != m do

% P(k) and k != N and a[ k ] != m

k := k + 1 % P(k) Why?

od

P(k) will hold after the assignment k := k + 1 if P( k + 1 ) holds before the assignment.

Arrays and predicates

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

k := 0; % P(k)

while k != N and a[ k ] != m do

% P(k) and k != N and a[ k ] != m

k := k + 1 % P(k) Why?

od

P(k) will hold after the assignment k := k + 1 if P( k + 1 ) holds before the assignment.

So our task is to show that

(P( k ) and k != N and a[ k ] != m) implies P( k + 1 ) . Why is this so?

Arrays and predicates

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

k := 0; % P(k)

while k != N and a[ k ] != m do

% P(k) and k != N and a[ k ] != m

k := k + 1 % P(k) Why?

od

P(k) will hold after the assignment k := k + 1 if P( k + 1 ) holds before the assignment.

So our task is to show that

(P( k ) and k != N and a[ k ] != m) implies P( k + 1 ) . Why is this so?

P( k + 1 ) = (P( k ) and (a[ k ] != m) and (k + 1 =< N))

Arrays and predicates

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

k := 0; % P(k)

while k != N and a[ k ] != m do

% P(k) and k != N and a[ k ] != m

k := k + 1 % P(k)

od

Let m = 4 and let the array be:

5 1 4 0

Arrays and predicates

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

k := 0; % P(k)

while k != N and a[ k ] != m do

% P(k) and k != N and a[ k ] != m

k := k + 1 % P(k)

od

Let m = 4 and let the array be:

5 1 4 0

k = 0

Arrays and predicates

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

k := 0; % P(k)

while k != N and a[ k ] != m do

% P(k) and k != N and a[ k ] != m

k := k + 1 % P(k)

od

Let m = 4 and let the array be:

5 1 4 0

k = 1

Arrays and predicates

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

k := 0; % P(k)

while k != N and a[ k ] != m do

% P(k) and k != N and a[ k ] != m

k := k + 1 % P(k)

od

Let m = 4 and let the array be:

5 1 4 0

k = 2 BINGO!

Arrays and predicates

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

k := 0; % P(k)

while k != N and a[ k ] != m do

% P(k) and k != N and a[ k ] != m

k := k + 1 % P(k)

od

If we were searching for m = 6, then we would proceed:

5 1 4 0

k = 2

Arrays and predicates

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

k := 0; % P(k)

while k != N and a[ k ] != m do

% P(k) and k != N and a[ k ] != m

k := k + 1 % P(k)

od

If we were searching for m = 6, then we would proceed:

5 1 4 0

k = 3

Arrays and predicates

Our invariant will be P(k): ( A j : 0 =< j < k : a[ j ] != m ) and k =< N.

k := 0; % P(k)

while k != N and a[ k ] != m do

% P(k) and k != N and a[ k ] != m

k := k + 1 % P(k)

od

If we were searching for m = 6, then we would proceed:

5 1 4 0

k = 4

So we don’t try to access a[ 4 ]. Why?

Arrays and predicates

Let a be an array with N elements. We want to establish:

R : sumsq = ( S i : 0 =< i < N : a[ i ] * a[ i ] )

Arrays and predicates

Let a be an array with N elements. We want to establish:

R : sumsq = ( S i : 0 =< i < N : a[ i ] * a[ i ] )

Our invariant will be

P( k ) : (sumsq = ( S i : 0 =< i < k : a[ i ] * a[ i ] ) and k =< N.

Arrays and predicates

Let a be an array with N elements. We want to establish:

R : sumsq = ( S i : 0 =< i < N : a[ i ] * a[ i ] )

Our invariant will be

P( k ) : (sumsq = ( S i : 0 =< i < k : a[ i ] * a[ i ] ) and k =< N.

which is trivially established by WHAT?

Arrays and predicates

Let a be an array with N elements. We want to establish:

R : sumsq = ( S i : 0 =< i < N : a[ i ] * a[ i ] )

Our invariant will be

P( k ) : (sumsq = ( S i : 0 =< i < k : a[ i ] * a[ i ] ) and k =< N.

which is trivially established by sumsq, k := 0, 0 .

Arrays and predicates

Let a be an array with N elements. We want to establish:

R : sumsq = ( S i : 0 =< i < N : a[ i ] * a[ i ] )

Our invariant will be

P( k ) : (sumsq = ( S i : 0 =< i < k : a[ i ] * a[ i ] ) and k =< N.

which is trivially established by sumsq, k := 0, 0 .

And, of course, P( k ) and k = N implies R .

Arrays and predicates

Let a be an array with N elements. We want to establish:

R : sumsq = ( S i : 0 =< i < N : a[ i ] * a[ i ] )

Our invariant will be

P( k ) : (sumsq = ( S i : 0 =< i < k : a[ i ] * a[ i ] ) and k =< N.

sumsq, k := 0, 0 ;% P( k )

while k != N do

% P( k ) and k != N

sumsq := sumsq + a[ k ] * a[ k ] ; % P( k ) violated

...

od

% P( k ) and k = N, hence R

Arrays and predicates

Let a be an array with N elements. We want to establish:

R : sumsq = ( S i : 0 =< i < N : a[ i ] * a[ i ] )

Our invariant will be

P( k ) : (sumsq = ( S i : 0 =< i < k : a[ i ] * a[ i ] ) and k =< N.

sumsq, k := 0, 0 ;% P( k )

while k != N do

% P( k ) and k != N

sumsq := sumsq + a[ k ] * a[ k ] ; % P( k ) violated

k := k + 1 % progress, P( k ) restored

od

% P( k ) and k = N, hence R

Arrays and predicates

Exercise:

Let a be an array with M elements.

Write a program (together with the proof of correctness!)

that establishes:

R : nneg = ( N i : 0 <= i < M : a[ i ] < 0 )

counting

quantifier

NOTE: Don‘t do this. Do Homework 2 instead.

Arrays and predicates