Presentation is loading. Please wait.

Presentation is loading. Please wait.

CORRECTNESS ISSUES AND LOOP INVARIANTS Lecture 8 CS2110 – Fall 2015.

Published byMyra West Modified over 8 years ago

Similar presentations

Presentation on theme: "CORRECTNESS ISSUES AND LOOP INVARIANTS Lecture 8 CS2110 – Fall 2015."— Presentation transcript:

1 CORRECTNESS ISSUES AND LOOP INVARIANTS Lecture 8 CS2110 – Fall 2015

2 Final exam Taken from this webpage: https://registrar.cornell.edu/Sched/EXFA.html CS 2110 001 Sat, Dec 12 2:00 PM It will be optional. We will tell you as soon as everything is graded what your letter grade will be if you don’t take it. You tell us whether you will take the final or not. Taking it can lower (rarely) as well as raise your grade. Usually, ~20% of the class takes the final 2

3 The next several lectures 3 Study algorithms for searching and sorting arrays. Investigate their complexity –how much time and space they take “Formalize” the notions of average-case and worst-case complexity We want you to know these algorithms Not by memorizing code but by Being able to develop the algorithms from their specifications and, when necessary, a small idea We give you some guidelines and instructions on how to develop an algorithm from its specification. Deal mainly with developing loops and loop invariants

4 Relative precedence of && and || 4 What is the value of true || true && false

5 How (not) to write an expression 5 /** Return value of "this person and p are intellectual siblings. " * Note: if p is null, they are not siblings. */ public boolean isPhDSibling(PhD p) { return p != null //p cannot be null && this.equals(p) == false //p & this are not the same object //have a non-null advisor in common && ((this.adv1!= null && p.getFirstAdvisor()!= null && this.adv1.equals(p.getFirstAdvisor())) || (this.adv1!= null && p.getSecondAdvisor()!=null && this.adv1.equals(p.getSecondAdvisor())) || (this.adv2!= null && p.getFirstAdvisor()!=null && this.adv1.equals(p.getSecondAdvisor())) | && this.adv2.equals(p.getSecondAdvisor()))); }

6 How to write an expression 6 Avoid useless clutter, e.g. unnecessary "this.” unnecessary parentheses redundant operations Put spaces around operators –use spaces to reflect relative precedences Be consistent, e.g. don't use field for one object and getter for another Make the presentation on several lines reflect the structure of the expression Simplify, don’t “complify” (complicate)

7 Show development of isPalindrome 7 /** Return true iff s is a palindrome */ public static boolean isPalindrome(String s) Our instructions said to visit each char of s only once!

8 isPalindrome: Set ispal to “s is a palindrome” (forget about returns for now. Store value in ispal. 8 Think of checking equality of outer chars, then chars inside them, then chars inside them, etc. bac … cab s 0 s.length() Key idea: Generalize this to a picture that is true before/after each iteration

9 isPalindrome: Set ispal to “s is a palindrome” (forget about returns for now. Store value in ispal. 9 bac … cab s 0 s.length() unreversed s 0 s.length() These sections are each others’ reverse h k Generalize to a picture that is true before/after each iteration

10 Do it with one variable? 10 unreversed s 0 s.length() These sections are each others’ reverse h k unreversed s 0 s.length() These sections are each others’ reverse h s.length()-1-h Using only h makes it more difficult to figure out when to stop and doesn’t save any computation.

11 isPalindrome: Set ispal to “s is a palindrome” 11 unreversed s 0 s.length() These sections are each others’ reverse h k int h= 0; int k= s.length() – 1; // s[0..h-1] is the reverse of s[k+1..] Initialization to make picture true while ( ) { } h < k&& s.charAt(h) == s.charAt(k) h= h+1; k= k-1; ispal= h >= k; Stop when result is known Continue when it’s not Make progress toward termination AND keep picture true

12 /** Return true iff s is a palindrome */ public static boolean isPal(String s) { int h= 0; int k= s.length() – 1; // invariant: s[0..h-1] is reverse of s[k+1..] while (h < k) { if (s.charAt(h) != s.charAt(k)) return false; h= h+1; k= k-1; } return true; } isPalindrome: written as a function. Return when answer known 12 unreversed s 0 s.length() These sections are each others’ reverse h k Loop invariant — invariant because it’s true before/after each loop iteration

13 Engineering principle 13 Break a project up into parts, making them as independent as possible. When the parts are constructed, put them together. Each part can be understood by itself, without mentioning the others.

14 Reason for introducing loop invariants 14 Given c >= 0, store b^c in x z= 1; x= b; y= c; while (y != 0) { if (y is even) { x= x*x; y= y/2; } else { z= z*x; y= y - 1; } {z = b^c} Algorithm to compute b^c. Can’t understand any piece of it without understanding all. In fact, only way to get a handle on it is to execute it on some test case. Need to understand initialization without looking at any other code. Need to understand condition y != 0 without looking at loop body Etc.

15 Invariant: is true before and after each iteration 15 initialization; // invariant P while (B) {S} “invariant” means unchanging. Loop invariant: an assertion —a true-false statement— that is true before and after each iteration of the loop —every time B is to be evaluated. Help us understand each part of loop without looking at all other parts. init B S true false {P} {P and ! B} Upon termination, we know P true, B false

16 Simple example to illustrate methodology 16 Store sum of 0..n in s Precondition: n >= 0 // { n >= 0} k= 1; s= 0; // inv: s = sum of 0..k-1 && // 0 <= k <= n+1 while (k <= n) { s= s + k; k= k + 1; } {s = sum of 0..n} First loopy question. Does it start right? Does initialization make invariant true? Yes! s = sum of 0..k-1 = 0 = sum of 0..1-1 = 0 = sum of 0..0 We understand initialization without looking at any other code

17 Simple example to illustrate methodology 17 Store sum of 0..n in s Precondition: n >= 0 // { n >= 0} k= 1; s= 0; // inv: s = sum of 0..k-1 && // 0 <= k <= n+1 while (k <= n) { s= s + k; k= k + 1; } {s = sum of 0..n} Second loopy question. Does it stop right? Upon termination, is postcondition true? Yes! inv && ! k <= n => inv && k = n+1 => s = sum of 0..n+1-1 We understand that postcondition is true without looking at init or repetend

18 Simple example to illustrate methodology 18 Store sum of 0..n in s Precondition: n >= 0 // { n >= 0} k= 1; s= 0; // inv: s = sum of 0..k-1 && // 0 <= k <= n+1 while (k <= n) { s= s + k; k= k + 1; } {s = sum of 0..n} Third loopy question. Progress? Does the repetend make progress toward termination? Yes! Each iteration increases k, and when it gets larger than n, the loop terminates We understand that there is no infinite looping without looking at init and focusing on ONE part of the repetend.

19 Simple example to illustrate methodology 19 Store sum of 0..n in s Precondition: n >= 0 // { n >= 0} k= 1; s= 0; // inv: s = sum of 0..k-1 && // 0 <= k <= n+1 while (k <= n) { s= s + k; k= k + 1; } {s = sum of 0..n} Fourth loopy question. Invariant maintained by each iteration? Is this property true? {inv && k <= n} repetend {inv} Yes! {s = sum of 0..k-1} s= s + k; {s = sum of 0..k} k= k+1; {s = sum of 0..k-1}

20 4 loopy questions to ensure loop correctness 20 {precondition Q} init; // invariant P while (B) { S } {R} First loopy question; Does it start right? Is {Q} init {P} true? Second loopy question: Does it stop right? Does P && ! B imply R? Third loopy question: Does repetend make progress? Will B eventually become false? Fourth loopy question: Does repetend keep invariant true? Is {P && ! B} S {P} true? Four loopy questions: if answered yes, algorithm is correct.

21 Note on ranges m..n 21 Range m..n contains n+1–m ints: m, m+1,..., n (Think about this as “Follower (n+1) minus First (m)”) 2..4 contains 2, 3, 4: that is 4 + 1 – 2 = 3 values 2..3 contains 2, 3: that is 3 + 1 – 2 = 2 values 2..2 contains 2: that is 2 + 1 – 2 = 1 value 2..1 contains : that is 1 + 1 – 2 = 0 values Convention: notation m..n implies that m <= n+1 Assume convention even if it is not mentioned! If m is 1 larger than n, the range has 0 values b m n array segment b[m..n]:

22 Can’t understand this example without invariant! 22 Given c >= 0, store b^c in z z= 1; x= b; y= c; // invariant y >= 0 && // z*x^y = b^c while (y != 0) { if (y is even) { x= x*x; y= y/2; } else { z= z*x; y= y - 1; } {z = b^c} First loopy question. Does it start right? Does initialization make invariant true? Yes! z*x^y = 1*b^c = b^c We understand initialization without looking at any other code

23 For loopy questions to reason about invariant 23 Given c >= 0, store b^c in x z= 1; x= b; y= c; while (y != 0) { if (y is even) { x= x*x; y= y/2; } else { z= z*x; y= y - 1; } {z = b^c} Second loopy question. Does it stop right? When loop terminates, is z = b^c? Yes! Take the invariant, which is true, and use fact that y = 0: z*x^y = b^c = z*x^0 = b^c = z = b^c We understand loop condition without looking at any other code // invariant y >= 0 AND // z*x^y = b^c

24 For loopy questions to reason about invariant 24 Given c >= 0, store b^c in x z= 1; x= b; y= c; // invariant y >= 0 AND // z*x^y = b^c while (y != 0) { if (y is even) { x= x*x; y= y/2; } else { z= z*x; y= y - 1; } {z = b^c} Third loopy question. Does repetend make progress toward termination? Yes! We know that y > 0 when loop body is executed. The loop body decreases y. We understand progress without looking at initialization

25 For loopy questions to reason about invariant 25 Given c >= 0, store b^c in x z= 1; x= b; y= c; // invariant y >= 0 AND // z*x^y = b^c while (y != 0) { if (y is even) { x= x*x; y= y/2; } else { z= z*x; y= y - 1; } {z = b^c} Fourth loopy question. Does repetend keep invariant true? Yes! Because of properties: For y even, x^y = (x*x)^(y/2) z*x^y = z*x*x^(y-1) We understand invariance without looking at initialization

26 Develop binary search for v in sorted array b 26 ? pre: b 0 b.length post: b 0 h b.length v 2 2 4 4 4 4 7 9 9 9 9 pre: b 0 4 5 6 7 b.length Example: If v is 4, 5, or 6, h is 5 If v is 7 or 8, h is 6 If v in b, h is index of rightmost occurrence of v. If v not in b, h is index before where it belongs. Store in h to make this true:

27 Develop binary search in sorted array b for v 27 ? pre: b 0 b.length post: b 0 h b.length v Get loop invariant by combining pre- and post- conditions, adding variable t to mark the other boundary inv: b 0 h t b.length v Store a value in h to make this true:

28 How does it start (what makes the invariant true)? 28 ? pre: b 0 b.length inv: b 0 h t b.length v Make first and last partitions empty: h= -1; t= b.length;

29 When does it end (when does invariant look like postcondition)? 29 inv: b 0 h t b.length v h= -1; t= b.length; while ( ) { } post: b 0 h b.length v Stop when ? section is empty. That is when h = t-1. Therefore, continue as long as h != t-1. h != t-1

30 How does body make progress toward termination (cut ? in half) and keep invariant true? 30 inv: b 0 h t b.length v h= -1; t= b.length; while ( h != t-1 ) { } Let e be index of middle value of ? Section. Maybe we can set h or t to e, cutting ? section in half b 0 h e t b.length v int e= (h+t)/2;

31 How does body make progress toward termination (cut ? in half) and keep invariant true? 31 inv: b 0 h t b.length v h= -1; t= b.length; while ( h != t-1 ) { int e= (h+t)/2; } b 0 h e t b.length v if (b[e] <= v) h= e; If b[e] <= v, then so is every value to its left, since the array is sorted. Therefore, h= e; keeps the invariant true. b 0 h e t b.length v

32 How does body make progress toward termination (cut ? in half) and keep invariant true? 32 inv: b 0 h t b.length v h= -1; t= b.length; while ( h != t-1 ) { int e= (h+t)/2; if (b[e] <= v) h= e; } b 0 h e t b.length v else t= e; If b[e] > v, then so is every value to its right, since the array is sorted. Therefore, t= e; keeps the invariant true. b 0 h e t b.length v > v

33 Develop binary search in sorted array b for v 33 ? pre: b 0 b.length post: b 0 h b.length v Store a value in h to make this true: DON’T TRY TO MEMORIZE CODE! Instead, learn to derive the loop invariant from the pre- and post-condition and then to develop the loop using the pre- and post-condition and the loop invariant. PRACTICE THIS ON KNOWN ALGORITHMS!

34 Processing arrays from beg to end (or end to beg) 34 Many loops process elements of an array b (or a String, or any list) in order: b[0], b[1], b[2], … If the postcondition is R: b[0..b.length-1] has been processed Then in the beginning, nothing has been processed, i.e. b[0..-1] has been processed After k iterations, k elements have been processed: P: b[0..k-1] has been processed invariant P: b processed not processed 0 k b.length

35 Processing arrays from beg to end (or end to beg) 35 Task: Process b[0..b.length-1] {R: b[0..b.length-1] has been processed} Replace b.length in postcondition by fresh variable k to get invariant b[0..k-1] has been processed inv P:b processed not processed 0 k b.length or draw it as a picture k= 0; {inv P} while ( ) { } k != b.length k= k + 1; // progress toward termination Process b[k]; // maintain invariant

36 Processing arrays from beg to end (or end to beg) 36 Task: Process b[0..b.length-1] {R: b[0..b.length-1] has been processed} inv P:b processed not processed 0 k b.length k= 0; {inv P} while ( ) { } k != b.length k= k + 1; // progress toward termination Process b[k]; // maintain invariant Most loops that process the elements of an array in order will have this loop invariant and will look like this.

37 Count the number of zeros in b. Start with last program and refine it for this task 37 Task: Set s to the number of 0’s in b[0..b.length-1] {R: s = number of 0’s in b[0..b.length-1]} inv P:b s = # 0’s here not processed 0 k b.length k= 0; {inv P} while ( ) { } k != b.length k= k + 1; // progress toward termination Process b[k]; // maintain invariant s= 0; if (b[k] == 0) s= s + 1;

38 Be careful. Invariant may require processing elements in reverse order! 38 inv P:b processed not processed 0 k b.length This invariant forces processing from beginning to end inv P:b not processed processed 0 k b.length This invariant forces processing from end to beginning

39 Process elements from end to beginning 39 inv P:b not processed processed 0 k b.length {R: b[0..b.length-1] is processed} k= b.length–1; // how does it start? while (k >= 0) { // how does it end? } k= k – 1; // how does it make progress? Process b[k]; // how does it maintain invariant?

40 Process elements from end to beginning 40 inv P:b not processed processed 0 k b.length {R: b[0..b.length-1] is processed} k= b.length–1; while (k >= 0) { } k= k – 1; Process b[k]; Heads up! It is important that you can look at an invariant and decide whether elements are processed from beginning to end or end to beginning! For some reason, some students have difficulty with this. A question like this could be on the prelim!

Download ppt "CORRECTNESS ISSUES AND LOOP INVARIANTS Lecture 8 CS2110 – Fall 2015."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
MATH 224 – Discrete Mathematics

MATH 224 – Discrete Mathematics
CS 1031 Recursion (With applications to Searching and Sorting) Definition of a Recursion Simple Examples of Recursion Conditions for Recursion to Work.

CS 1031 Recursion (With applications to Searching and Sorting) Definition of a Recursion Simple Examples of Recursion Conditions for Recursion to Work.
SEARCHING AND SORTING HINT AT ASYMPTOTIC COMPLEXITY Lecture 9 CS2110 – Spring 2015 We may not cover all this material.

SEARCHING AND SORTING HINT AT ASYMPTOTIC COMPLEXITY Lecture 9 CS2110 – Spring 2015 We may not cover all this material.
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
1 CS1110 10 March 2009 While loops Reading: today: Ch. 7 and ProgramLive sections. For next time: Ch. 8.1-8.3 Prelim in two days: Th 7:30-9pm Uris Aud.

1 CS March 2009 While loops Reading: today: Ch. 7 and ProgramLive sections. For next time: Ch Prelim in two days: Th 7:30-9pm Uris Aud.
1 CS100J October 06, 2005 For Loops Reading: Secs 7.5-7.6 Quote for the Day: Perhaps the most valuable result of all education is the ability to make yourself.

1 CS100J October 06, 2005 For Loops Reading: Secs Quote for the Day: Perhaps the most valuable result of all education is the ability to make yourself.
Recursion. Objectives At the conclusion of this lesson, students should be able to Explain what recursion is Design and write functions that use recursion.

Recursion. Objectives At the conclusion of this lesson, students should be able to Explain what recursion is Design and write functions that use recursion.
Logical Operators Java provides two binary logical operators (&& and ||) that are used to combine boolean expressions. Java also provides one unary (!)

Logical Operators Java provides two binary logical operators (&& and ||) that are used to combine boolean expressions. Java also provides one unary (!)
CS 1110 Prelim III: Review Session 1. Info My name: Bruno Abrahao – We have two other TA’s in the room to help you individually Beibei Zhu Suyong Zhao.

CS 1110 Prelim III: Review Session 1. Info My name: Bruno Abrahao – We have two other TA’s in the room to help you individually Beibei Zhu Suyong Zhao.
1 Teaching the development of algorithms Teach skill, not only facts David Gries Computer Science Department Cornell University November 2004 DrJava is.

1 Teaching the development of algorithms Teach skill, not only facts David Gries Computer Science Department Cornell University November 2004 DrJava is.
1 Chapter 18 Recursion Dale/Weems/Headington. 2 Chapter 18 Topics l Meaning of Recursion l Base Case and General Case in Recursive Function Definitions.

1 Chapter 18 Recursion Dale/Weems/Headington. 2 Chapter 18 Topics l Meaning of Recursion l Base Case and General Case in Recursive Function Definitions.
1 Recitation 7. Developing loops Introduction. This recitation concerns developing loops using their invariants and bound functions. Your recitation instructor.

1 Recitation 7. Developing loops Introduction. This recitation concerns developing loops using their invariants and bound functions. Your recitation instructor.
1 Assignment 6. Developing Loops Due on Tuesday, 30 October, by midnight (submitted electronically). Note that each question will be graded on the following.

1 Assignment 6. Developing Loops Due on Tuesday, 30 October, by midnight (submitted electronically). Note that each question will be graded on the following.
1 CS100J 25 October 2006 Arrays. Reading: Secs 8.1, 8.2, 8.3. Listen to the following lectures on loops on your Plive CD. They are only 2-3 minutes long,

1 CS100J 25 October 2006 Arrays. Reading: Secs 8.1, 8.2, 8.3. Listen to the following lectures on loops on your Plive CD. They are only 2-3 minutes long,
CHAPTER 10 Recursion. 2 Recursive Thinking Recursion is a programming technique in which a method can call itself to solve a problem A recursive definition.

CHAPTER 10 Recursion. 2 Recursive Thinking Recursion is a programming technique in which a method can call itself to solve a problem A recursive definition.
CS 106 Introduction to Computer Science I 10 / 16 / 2006 Instructor: Michael Eckmann.

CS 106 Introduction to Computer Science I 10 / 16 / 2006 Instructor: Michael Eckmann.
Introduction to Programming (in C++) Vectors Jordi Cortadella, Ricard Gavaldà, Fernando Orejas Dept. of Computer Science, UPC.

Introduction to Programming (in C++) Vectors Jordi Cortadella, Ricard Gavaldà, Fernando Orejas Dept. of Computer Science, UPC.
11 Chapter 4 LOOPS AND FILES. 22 THE INCREMENT AND DECREMENT OPERATORS To increment a variable means to increase its value by one. To decrement a variable.

11 Chapter 4 LOOPS AND FILES. 22 THE INCREMENT AND DECREMENT OPERATORS To increment a variable means to increase its value by one. To decrement a variable.
1 CS1110 23 October 2008 The while loop and assertions Read chapter 7 on loops. The lectures on the ProgramLive CD can be a big help. Quotes for the Day:

1 CS October 2008 The while loop and assertions Read chapter 7 on loops. The lectures on the ProgramLive CD can be a big help. Quotes for the Day:

Similar presentations

Ads by Google