CS 1813 Discrete Mathematics, Univ Oklahoma Copyright © 2000 by Rex Page 1 Lecture 18 CS 1813 – Discrete Mathematics Loops Without Invariants Are Like.

CS 1813 Discrete Mathematics, Univ Oklahoma

Copyright © 2000 by Rex Page

1

Lecture 18CS 1813 – Discrete Mathematics

Loops Without InvariantsAre Like

Disneyland Without Crowd Control



2

Loop Inductionfor verifying properties of loops

Proof by Loop Induction Prove: P(x1, x2, … x) is true when a loop begins Prove: same P(x1, x2, … x) is true at end of each iteration

Proof assumes P(x1, x2, … x) was true on previous iterations Conclude: P(x1, x2, … x) is True and B(x1, x2, … x) is False

if and when the loop terminates

RequirementComputing B(x1, x2, … x) does not affect values of x1, x2, … x

Loop precondition: P(x1, x2, … x) proved Truewhile B(x1, x2, … x) … body of loop … Loop invariant: P(x1, x2, … x) proved True

P(x1, x2, … x) B(x1, x2, … x) is True Loop Induction



3

a[i] = i=1

+1

a[i] where denotes top-of-loop value of k i=1

a[+1] +

Loop precondition True Subscript set for is empty and empty sums are 0, by convention

Loop invariant True at end of loop if True at beginning

sum = foldr (+) 0 — as a loopFunction precondition: a[1..n] defined

Loop precondition: s = a[i] i=1k

integer sum(integer a[ ])integer n = length(a[ ])integer k, ss = 0k = 0

while (k n) k = k+1 s = s + a[k]

return s

Loop invariant: s = a[i] i=1k

Conclude at return (by loop induction)

s = a[i] i=1k

But what is k at return?

Loop terminates with k n by counting-loop theorem (coming up)



4

The Counting-Loop Theorem

A type, c, is a “counting type” if c includes operations suc::c -> c and (), ()::c -> c -> bool (suc m) n whenever (m n) {Note: x y means (x

y)(x y)} (m n) (n iterate suc m)

iterate f x = x : (iterate f (f x)) Computation pattern: iterate f x = [x, f x, f(f x), f(f(f x), … ]

Theorem (counting loop) If k, m, n :: c, and m n, and If neither cmd1 nor cmd2 affects the values of k, m, or n Then the following loop terminates and when it does, k n k = m

while (k n) cmd1 k = suc k cmd2



5

Counting-Loop Proof k = m

Loop precondition: k nwhile (k n) cmd1 k = suc k cmd2 Loop invariant: k n

The values of k proceed through the sequence (iterate suc m) k = m, k = suc k = suc m, k = suc k = suc(suc m), …

Since c is a counting type and m n, n iterate suc m That is, k takes on values at least as large as n Therefore, the loop terminates

m n (assumption of theorem)

k m (meaning of assignment

cmd) So, k n k n at top of loop

suc n whenever n

k = suc at bottom of loop

So, k n

k n (k n) (loop induction)So, k n at this point



6

bool vectorSum(double x[ ], double y[ ])integer k, n = length(x[ ])double z[1 .. n]k = 0

while (k n) k = k+1 z[k] = x[k] + y[k]

return z[1 .. n]

addVectors = zipWith (+)

Function precondition: x[1..n], y[1..n] defined

Loop precondition: i k.z[i] x[i] + y[i]

Loop invariant: i k.z[i] x[i] + y[i]

By loop induction, (i k.z[i] x[i] + y[i])

By counting-loop theorem, k = n

Since k n, i n.z[i] x[i] + y[i]That is, z[i] x[i] + y[i] for i = 1, 2, … n



7

Conclude: (i k.a[i]) a[k] at return by loop induction

Case 1: k n at return (a[k] = True) (k n) So, ( a[i] ) = True = (k n)

or = foldr (\/) False — as a loopFunction precondition: a[1..n] defined, a[n+1] exists

Loop precondition: i k.a[i]

bool or(bool a[ ], integer n)integer ka[n+1] = True k = 1

while (not a[k]) k = k+1

return (k n)

Loop invariant: i k.a[i]

n

i=1

Case 2: k n at return i k.a[i] i n+1.a[i] i n.a[i] a[i] = False = (k n)n

i=1



8

bool isPalindrome(char a[ ])integer k, n = length(a[ ])bool okSoFarokSoFar = True k = 1

while (okSoFar (k n div 2)) okSoFar = (a[k] a[n-k+1] ) k = k+1

return okSoFar (k n div 2) (a[k] a[n-k+1] )

isPalindrome xs = (xs == reverse xs)Function precondition: a[1..n] defined

Loop precondition: (i k.a[i] a[n-i+1]) okSoFar

Loop invariant: (i k.a[i] a[n-i+1]) okSoFar

If False, then either okSoFar (Why?) or a[k] a[n-k+1]

Either way, i. a[i] a[n-i+1]

If True, then (k n div 2) (a[k] a[n-k+1] ) ((i k.a[i] a[n-i+1]) okSoFar)

So, i n div 2.a[i] a[n-i+1] if okSoFar

Is N

OT p

alin

dro

me

Is palindrome

What proves this equation is

True?

Palindromic predicates i n div 2.a[i] a[n-i+1] (i. a[i] a[n-i+1])

And, (i n div 2.a[i] a[n-i+1]) if okSoFar

loop induction



9

An Invariant for Every Loop

Software engineer must understand each loop Loop invariants specify essential properties of loop

Software engineer states invariant for each loop Invariant encapsulates all important properties Sketch of proof or informal reasoning confirm correct results Fools and amateurs can skip this step … Professionals

cannot

Advantages of practicing this discipline Way improves software quality

Necessary to produce defect-free software Facilitates software review and maintenance Saves time, overall



10

End of Lecture

CS 1813 Discrete Mathematics, Univ Oklahoma Copyright © 2000 by Rex Page 1 Lecture 18 CS 1813 – Discrete Mathematics Loops Without Invariants Are Like.

Documents