-
Correctness of Hoare triple: {Q}S{R}
• Assignment statement: {Q}x := E{R}
• Conditional statements:
{Q}if B → S1[] ¬B → S2fi
{R}
• Loops statements:{Q}do B → S od{R}
� prove termination of Loops: �nd bound function T .
1
-
SFWR ENG 2FA3:Discrete
Mathematics andLogic II
Dr. R. Khedri
Introduction
Specification ofprograms
Reasoning aboutthe assignmentstatement
Dealing with partialfunctions
Proofs of{Q} x := E {R}Reasoning aboutsequences
ofassignments
Calculating parts ofassignments
Conditionalstatements andexpressions
Predicates and Programming Reasoning aboutthe assignment
statement (Proofs of {Q} x := E {R})
We claim that R[x := E ] is the weakest precondition
Another precondition Q satisfies {Q} x := E {R} ifand only if Q
=⇒ R[x := E ] holds
Assignment introduction: To show that x := E is animplementation
of {Q} x := ? {R}, prove
Q =⇒ R[x := E ]
Dr. R. Khedri SFWR ENG 2FA3: Discrete Mathematics and Logic
II
-
Correctness of Hoare triple: {Q}S{R}
• Assignment statement: {Q}x := E{R}
• Conditional statements:
{Q}if B → S1[] ¬B → S2fi
{R}
• Loops statements:{Q}do B → S od{R}
� prove termination of Loops: �nd bound function T .
1
-
SFWR ENG 2FA3:Discrete
Mathematics andLogic II
Dr. R. Khedri
Introduction
Specification ofprograms
Reasoning aboutthe assignmentstatement
Calculating parts ofassignments
Conditionalstatements andexpressions
The alternativestatement
Predicates and Programming Conditionalstatements and expressions
(The alternative statement)
IFG : if B1 −→ S1dc B2 −→ S2dc B3 −→ S3fi
Proof method for IFG: To prove {Q} IFG {R}, it sufficesto
prove:
1 Q =⇒ Bl ∨ B2 ∨ B32 {Q ∧ B1} S1 {R}3 {Q ∧ B2} S2 {R}4 {Q ∧ B3}
S3 {R}
Dr. R. Khedri SFWR ENG 2FA3: Discrete Mathematics and Logic
II
-
Correctness of Hoare triple: {Q}S{R}
• Assignment statement: {Q}x := E{R}
• Conditional statements:
{Q}if B → S1[] ¬B → S2fi
{R}
• Loops statements:{Q}do B → S od{R}
� prove termination of Loops: �nd bound function T .
1
-
SFWR ENG 2FA3:Discrete
Mathematics andLogic II
Dr. R. Khedri
Introduction
Induction over thenatural numbers
Inductive definition
Induction andwell-founded sets
The correctness ofloops
Mathematical Induction and Loop AnalysisThe correctness of
loops
{P}doB −→ S od{R}
Checklist for proving loop correct
1 P is true before execution of the loop
2 P is a loop invariant: {P ∧ B} S {P}3 Execution of the loop
terminates
4 R holds upon termination: P ∧ ¬B =⇒ R
Dr. R. Khedri SFWR ENG 2FA3: Discrete Mathematics and Logic
II
-
Exercise on loops: 12.42 page 247
a) The Fibonacci number Fn for n ≥ 0. (Fk+1 = Fk + Fk−1,F−1 =
1)
{Q : n ≥ 0}k, b, c := 0,1,0;
{invariant P : 0 ≤ k ≤ n ∧ b = Fk−1 ∧ c = Fk}do k 6= n→ k, b, c
:= k + 1, c, b + c od{R : c = Fn}
2-a
-
b) The sum of the n elements of array b[0...n− 1] for n ≥ 0
{Q : n ≥ 0}x, k := 0,0
{invariant P : 0 ≤ k ≤ n ∧ x = (Σi|0 ≤ i < k : b[i])}do k 6=
n→ x, k := x + b[k], k + 1 od{R : x = (Σi | 0 ≤ i < n :
b[i])}
2-b
-
c) The sum of the n elements of array b[0...n− 1] for n ≥ 0
{Q : n ≥ 0}x, k := 0, n
{invariant P : 0 ≤ k ≤ n ∧ x = (Σi|k ≤ i < n : b[i])}do k 6=
n→ x, k := x + b[k − 1], k − 1 od{R : x = (Σi|0 ≤ i < n :
b[i])}
2-c
-
d) The greates common divisor X gcd Y . (x mod y is the
reminder of x divided by y.)
{Q : 0 ≤ X ∧ 0 ≤ Y }x, y := X,Y
{invariant P : x ≥ 0 ∧ y ≥ 0 ∧ x gcd y = X gcd Y }do y 6= 0→ x,
y := y, x mod y od{R : X gcd Y = x}
2-d
-
tutorial4Tutorial4slidestutorial4123tutorial4exe
