5.5 Application: Correctness of Algorithms 1

Discrete Structures

Chapter 5: Sequences, Mathematical Induction, and Recursion

5.5 Application: Correctness of Algorithms

[P]rogramming reliability – must be an activity of an undeniably mathematical nature…You see, mathematics is about thinking, and

doing mathematics is always trying to think as well as possible.– Edsger W. Dijkstra, 1930 – 2002

5.5 Application: Correctness of Algorithms 2

Programming Errors

• Syntax errors– Failure to declare a variable– Using a restricted keyword as a variable name–Writing ik instead of if

• Logical errors

5.5 Application: Correctness of Algorithms 3

Programming Errors

• In this section, we will – give an overview of the general format of correctness

proofs, and– go into details of one crucial technique called the loop

invariant procedure

• We now need to switch from using the term program which refers to a particular programming language, and use the more general term algorithm.

5.5 Application: Correctness of Algorithms 4

Assertions

• Both the initial and final states can be expressed as predicates involving the input and output variables.

• Pre-condition for the algorithm – the predicate describing the initial state.

• Post-condition for the algorithm – the predicate describing the final state.

5.5 Application: Correctness of Algorithms 5

Example of Assertions

• Algorithm to compute a product of nonnegative integers.– Pre-condition: The input variables m and n are

nonnegative integers.

– Post-condition: The output variable p equals mn.

5.5 Application: Correctness of Algorithms 6

Loop Invariants

• The annotated loop has the following appearance.

[Pre-condition for the loop]

while (Guard)

[Statements in the body of the loop. None contain branching statements that lead outside the loop.]

end while

[Post-condition for the loop]

5.5 Application: Correctness of Algorithms 7

Definition

• Correct w.r.t pre- and post-conditions

A loop is defined as correct w.r.t pre- and post-conditions iff whenever the algorithm variables satisfy the pre-condition for the loop and the loop terminates after a finite number of steps, the algorithm variables satisfy the post-condition for the loop.

5.5 Application: Correctness of Algorithms 8

Theorem 5.5.1 – Loop Invariant Theorem

• Let a while loop with guard G be given, together with pre- and post-conditions that are predicates in the algorithm variables. Also let a predicate I(n), called the loop invariant, be given. If the following four properties are true, then the loop is correct w.r.t. its pre- and post-conditions.

5.5 Application: Correctness of Algorithms 9

Theorem 5.5.1 – Loop Invariant Theorem

I. Basis Property

The pre-condition for the loop implies that I(0) is true before the first iteration of the loop.

II. Inductive Property

For all integers k 0, if the guard G and the loop invariant I(k) are both true before an iteration of the loop, then I(k + 1) is true after an iteration of the loop.

5.5 Application: Correctness of Algorithms 10

Theorem 5.5.1 – Loop Invariant Theorem

III. Eventual Falsity of Gaurd

After a finite number of iterations of the loop, the guard G becomes false.

IV. Correctness of the Post-Conditions

If N is the least number of iterations after which G is false and I(N) is true, then the values of the algorithm variables will be as specified in the post-condition of the loop.

5.5 Application: Correctness of Algorithms 11

Example – pg. 288 #2

• Show that if the predicate is true before entry to the loop, then it is also true after the loop.

Loop: while (m 0 and m 100)

m := m + 4

n := n – 2

end while

Predicate: m + n is odd

5.5 Application: Correctness of Algorithms 12

Example – pg. 288 #7

• Use the loop invariant theorem to prove the correctness of the loop w.r.t. the pre- and post-condtions.

[Pre-condition: largest = A[1] and i =1]

while (i m)

1. i := i + 1

2. if A[i] > largest then largest := A[i]

end while

[Post-condition: largest = max value of A[1], A[2], …, A[m]]