1 / 14

Loops

Loops. Partial Correctness allows the code to be non-terminating . We will start by assuming that code terminates and postpone the termination topic until later. So we will deal with the situation where if the code terminates then its final state {Q} is satisfied. Some Definitions:

read
Download Presentation

Loops

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Loops • Partial Correctness allows the code to be non-terminating. We will start by assuming that code terminates and postpone the termination topic until later. So we will deal with the situation where if the code terminates then its final state {Q} is satisfied. • Some Definitions: • Loop Invariant:“features” that stay the same in a loop • Loop Variant: a “variable (expression)” that measures the progress toward the satisfaction of exit condition; it changes in the loop • Entry Condition: “condition”satisfied at the beginning and allows entry into the loop • Exit Condition: negation of the entry condition

  2. LOOP Example • Consider the following pseudo-code: • s := 0 • x := 0 • while (NOT (x=n)) DO • begin • s := s + a • x := x+1 • end • Entry Condition is x does not equal n. • Exit Condition is (x = n) or {(x-n) = 0}. • Loop Variant is x or (x-n - - - which moves toward 0). • For each iteration, s= s+ a and afterwards s = x*a; so when x=n, we will have s=x*a or s=n*a. Thus even though s changes in value the actual “expression” s= x*a is “Loop Invariant” and is also a “Postcondition.” What is an important assumption we made about ‘n’ for this code ? (what happens if n= -5?)

  3. Preliminary WHILE Rule • If there is an invariant I of code C such that {I}C{I} holds, then the following rule applies: • {I} C {I} • {I} WHILE E do C { ~ E AND I } • Here E is the entry condition ; therefore ~E is the exit condition. • Explanation : {I} C {I} implies that {I} is the precondition and the postcondition of each iteration inside the loop. Therefore after each iteration {I} holds, and the next iteration starts with {I} as the precondition.

  4. WHILE Proof Example • Consider the following code: • sum :=0 • j:=0 • WHILE j ≠ n DO • Begin • sum := sum + a • j := j + 1 • End • Proof : need to show that • the precondition, post-condition and thus the invariant is { sum = j * a} and • the exit condition is j=n. • We will do this in 3 parts. Assume n = positive integer

  5. WHILE Proof Example First Part • Part (1) work on the code inside the loop • use { } as the precondition and {sum = j*a} as the postcondition because {sum=j*a} is the invariant. Perform reverse assignment rules. • Precondition Statement Postcondition • j := j+1 {sum=j*a} • {sum=(j+1)*a} j := j+1 {sum=j*a} • sum:=sum+a {sum=(j+1)*a} • {sum+a=(j+1)*a} sum:=sum+a {sum=(j+1)*a} • { sum +a=(j*a)+a } sum:= sum+a {sum=(j+1)*a} • {sum = j*a} sum:= sum+a {sum=(j+1)*a} • So we have {sum=j*a} sum:=sum+a; j= j+1 {sum=j*a} • This established {I} C {I} for every iteration, including the last iteration. manipulating the precondition

  6. WHILE Proof Example (cont.)- Part Two • Part 2) : work on the code prior to the loop, which (the loop) has a precondition of { sum = j*a }. Thus the postcondition of the code prior to the loop would be the same {sum = j*a} • continue the reverse assignment rule: • PreconditionStatement Postcondition • j: = 0 {sum =j*a} • {sum = 0*a} j := 0 {sum =j*a} • sum := 0 {sum = 0} • {0=0} sum:= 0 {sum = 0} • { } sum:= 0 {sum = 0} • This shows that { } sum:=0; j:= 0 {sum = j*a} True

  7. With Part 1 and 2 We have from Part 2: { } sum:=0; j:=0 {sum := j*a} • sum :=0 • j:=0 • WHILE j NOT = n DO • Begin • sum := sum + a • j := j + 1 • End We have from Part 1: {sum=j*a} sum:=sum+a; j= j+1 {sum=j*a}

  8. WHILE Proof Example - Part Three • Part 3) for the WHILE loop itself we need to show: • for the {I} WHILE E do C { ~E and I} • { I} and precondition is {sum= j*a } • {I} and postcondition is {sum = j *a} • Exit and postcondition : ~E is { ~ (j ≠ n) }, which is the same as {j=n} • From Part 1, we have: • {sum = j*a} sum:= sum +a ; j:= j+1 {sum = j*a} • We also know that when the loop terminates the value of sum will be : sum = n*a because sum = sum + a has gone through n times. Substituting “n*a” for “sum” into the invariant post condition we have n*a = j*a or j=n. Thus j=n is also in the postcondition, which happens to be the exit condition we needed. • So now we have: • WHILE j ≠ n do C {j=n, sum = j*a} • From Part 2, we have the postcondition to the code prior to the WHILE loop: {sum=j*a} • Combining all the above we have : • {sum = j*a} WHILE j ≠ n do C {j=n, sum=j*a}

  9. The WHILE Rule:With Parts 1, 2, and 3 We have from Part 2: { } sum:=0; j:=0 {sum := j*a} • sum :=0 • j:=0 • WHILE j NOT = n DO • Begin • sum := sum + a • j := j + 1 • End We have from Part 1: {sum=j*a} sum:=sum+a; j= j+1 {sum=j*a} We have from Part 3: {sum=j*a} WHILE j ≠ n DO sum:=sum+a ; j:=j+1 {j=n, sum=j*a} Through this example we have shown the WHILE Rule: {I} C {I} {I} WHILE E do C {~E , I}

  10. Loop Invariant • Typically, the loop invariant is the precursor of the postcondition --- therefore it is similar to the postcondition. • Also, it must contain the variables that change in the loop. • Sum := 0 • j := 0 • WHILE j NOT = n DO • begin • Sum := Sum + a • j := j+1 • end • In looking for invariant for loops, think of what is accomplished at the end of the loop (same as when you are designing) Trick is to realize that Sum := Sum +a after n times is the same as Sum = n*a.

  11. General WHILE Rule • If C is a code such that {E AND I} C {I} holds true, then the following inference can be made • {E AND I} C {I} • {I} While E Do C { ~E AND I }

  12. Program Termination • A program is partially correct if it can be shown that, if it terminates, it terminates and satisfies the postcondition. • If in addition to partial correctness, one can show that that the program does indeed terminates, then the program is totally correct. • Proof of total correctness is done in 2 parts: • show partial correctness • show termination

  13. Program Termination (cont.) • In this case we will consider termination for 2 cases: • non-looping statements which imply termination • looping statements may exhibit non-termination (we consider only the WHILE loop construct) • in WHILE construct: • 1) If the exit condition is always true (met before entry), then no loop is entered; this implies termination. • 2) If the exit condition is always false, then the loop will never terminate. • 3) The situation we are interested in is when the exit condition can change. That means there is at least one variable contained in the exit condition that changes value inside the loop. This is called the variant variable.If there are more than one, then the set is called the variantvector. If the variant vector, after finite iterations, reaches the exit condition, then the loop terminates.

  14. Termination Example • Consider : • j:= 0; i:= 0; r:=3 • WHILE i ≠ r Do • begin • i := i+ 1 • j := j + 1 • end • The only variable in the entry/exit condition that changes inside the loop is i. So i is the variant variable. • 1) i describes a sequence of variables 0,1, ----, r-1 and as soon as i=r, the loop terminates for all r >= 0. • 2) if r<0, then the i sequence of 0,1, ----- will never satisfy the i = r condition and the i sequence is all of the positive integers which is infinite. Thus for r<0, the loop is non-terminating.

More Related