CS 1813 Discrete Mathematics, Univ Oklahoma Copyright © 2000 by Rex Page 1 Lecture 17 CS 1813 – Discrete Mathematics How Does It Work in the Real World?

CS 1813 Discrete Mathematics, Univ Oklahoma Copyright © 2000 by Rex Page 2 What Are We Doing Here? And Where are We Going, Anyway?  What does “software correctness” mean?  It’s correct if it has the properties the designers intended Intended properties must be formulated Logical reasoning helps ensure that properties are satisfied  How can correct software be constructed?  Writing down intended properties helps Good first step towards ensuring correctness Encourages thinking about what is needed  Reasoning is efficient debugging Program review, logical analysis, proof of correctness Ten times faster than test-and-debug (reference: Watts Humphrey)  How can studying discrete math help?  Tools for specifying software properties  Mental processes of logical inference  Viewing software correctness as a controllable engineering factor

CS 1813 Discrete Mathematics, Univ Oklahoma Copyright © 2000 by Rex Page 3 What Software? Is Any of This Stuff Software?  Programs Examined So Far  sum  and  or  length  ++  concat  maximum  shuffle  deal  msort  qsort  Computation Patterns  foldr  map  zipWith  This Is Real Software Significant software modules Components of larger systems Important properties verified Full specs are an attainable goal  Non-trivial software  Non-trivial reasoning

CS 1813 Discrete Mathematics, Univ Oklahoma Copyright © 2000 by Rex Page 4 Maybe It’s Real, But It’s Weird What About Regular Software?  OK, consider the Russian peasant’s algorithm rp :: Integer -> Integer -> Integer rp b e =if e == 0 then 1 else if (evenNumber e) then (rp (b  b) (e `div` 2)) else b  (rp (b  b) (e `div` 2))  Still weird, but be patient … we’re getting there  Theorem (RPexp). b  0, e  0 |– (rp b e) = b e  Note:There’s a similar algorithm for multiplication That’s the one the peasants were using  Proof (strong induction on e) Base case: e = 0 rp b 0 = 1 (rp).0 = b 0 9 th grade algebra 8 `div` 3 = 2 Quotient in 3 rd grd arith

CS 1813 Discrete Mathematics, Univ Oklahoma Copyright © 2000 by Rex Page 5 Inductive Cases — Russian Peasant Proof Inductive case, even exponent: e = 2  n  0 rp b e = rp b (2  n) e = 2  n equation = rp (b  b) ((2  n) `div` 2) (rp).even = rp (b  b) n 2 nd grade arithmetic = (b  b) n induction hypothesis (n  e) = (b 2 ) n 9 th grade algebra = b 2n 9 th grade algebra = b e e = 2  n equation Inductive case, odd exponent: e = 2  n + 1 similar rp :: Integer -> Integer -> Integer rp b e =if e == 0 then 1 else if (evenNumber e) then (rp (b  b) (e `div` 2)) else b  (rp (b  b) (e `div` 2))

CS 1813 Discrete Mathematics, Univ Oklahoma Copyright © 2000 by Rex Page 6 Russian Peasant — as a looping program integer rph(integer b, integer e) integer r, a, n a = b n = e r = 1 while (n  0) if (oddNumber n) r = r  a a = a  a n = n div 2 return r Invariant: b e =r  a n  n  0 Loop precondition: b e =r  a n  n  0 Function precondition: b  0  e  0 Loop Induction  Prove: P(x 1, x 2, … x  ) is true when a loop begins  Prove: P(x 1, x 2, … x  ) is true at the end of each iteration Induction hypothesis: assume P(x 1, x 2, … x  ) true in previous iterations  Conclude: P(x 1, x 2, … x  )   B(x 1, x 2, … x  ) if & when loop terminates B(x 1, x 2, … x  ) is the loop continuation condition b e =  ind hyp =   odd =     9 th grd alg = r      r =  = r  a n a =  , n=  current state  = r  = a  = n b e = a n a = b, n = e = 1  a n mult id = r  a n r = 1 Proof Proof (odd case) b e = r  a n  n  0   (n  0)  r = b e

CS 1813 Discrete Mathematics, Univ Oklahoma Copyright © 2000 by Rex Page 7 Iteration another pattern of computation  until :: (a -> Bool) -> (a -> a) -> a -> a  until done next start = if (done start) then start else (until done next (next start))  “until” specifies the following pattern of computation next(next(next( … (next(next start)) …)))  Another notation for formulas like this next n start— n is the number of nexts in the pattern — n iterations of the function “next”  The “until” pattern computes the n th iterate of “next” until done next start = next n start n is the first natural number with done(next n start)  True  Theorem: P(start), (  x.(P(x)  P(next x))) |–  n.P(next n start)  Inductive case:  n.(P(next n start)  P(next n+1 start)) P(next n start)  P(next n+1 start) True because P(x)  P(next x) with x = (next n start), so P(next x) = P(next(next n start)) observing that P(next(next n start)) = P(next n+1 start)  Base case: P(next 0 start) is True because (next 0 start) = start  Therefore, by induction,  n.P(next n start)

CS 1813 Discrete Mathematics, Univ Oklahoma Copyright © 2000 by Rex Page 8 Russian Peasant Iterator  Russian peasant “next” function  nextRp(r, (b, e)) = if (oddNumber e) then (r  b, (b  b, e `div` 2)) else (r, (b  b, e `div` 2))  Invariant: P(a, (x, y))  a  x y  b e  Inductive case:  (x, (y, z)).((x  y z  b e )  (u  v w  b e )) where (u, (v, w)) = nextRp(x, (y,z)) –Odd case, z = 2k+1: x  y 2k+1  (x  y)  y  ) k  u  v k where (u, (v, k)) = nextRp(x, (y, 2k+1)) –Even case, z = 2k: : x  y 2k = x  y  ) k  u  v k where (u, (v, k)) = nextRp(x, (y, 2k))  Base case: P((1, (b, e))) is True because 1  b e = b e  Conclude  n. P(nextRp n (1, (b, e)) ) is True  Because P is invariant and the base case is True  Russian peasant “done” function  doneRp(r, (b, e)) = e == 0  Technicality: nextRp(r, (b, 0)) = (r, (b, 0)) Otherwise, nextRp fails to preserve property P after e reaches zero

CS 1813 Discrete Mathematics, Univ Oklahoma Copyright © 2000 by Rex Page 9 Russian Peasant - the final word  rpIteration b e = fst(until doneRp nextRp (1, (b, e)))  fst(x, y) = x {select 1 st component}  until d f s = if (d s) s else (until d f (f s)){“until” iteration}  (rpIteration b e) terminates  (rpIteration b e) = b e  (rpIteration b e) terminates   n. until doneRp nextRp (1, (b, e))) = nextRp n (1, (b, e)) {only way “until” can stop}  doneRP(nextRp n (1, (b, e))) = True {only way “until” can stop}  z = 0, where (x, (y, z)) = nextRp n (1, (b, e)) {only way “doneRP” true}  P(nextRp n (1, (b, e))) is True {theorem proved earlier}  x  y z = b e {def’n P}  b e = x  y z = x  y 0 = x  1 = x {since z = 0 and y 0 = 1}  fst(x, (y, z)) = x {def’n fst}  fst(nextRp n (1, (b, e))) = fst(x, (y, z)) = x {def’n (x, (y,z))}  rpIteration b e = x = b e {def’n rpIteration, b e = x}  Termination  Prove by strong induction on e in the formula (rpIteration b e)

CS 1813 Discrete Mathematics, Univ Oklahoma Copyright © 2000 by Rex Page 10 End of Lecture