Presentation is loading. Please wait.

Presentation is loading. Please wait.

Example of a Worked-out Proof

Published byΕυτέρπη Ζαφειρόπουλος Modified over 5 years ago

Similar presentations

Presentation on theme: "Example of a Worked-out Proof"— Presentation transcript:

1 Example of a Worked-out Proof

2 Consider again this program
Let 0n. This program checks if all elements of the segment a[0..n) are zero. {* 0n *} i := 0 ; r := true ; while i<n do { r := r /\ (a[i]=0) ; i++ } {* ?? *}

3 Proof rule for loop (total correctness)
{* g /\ I *} S {* I *} // invariance I /\ g  Q // exit cond {* I /\ g *} C:=m; S {* m<C *} // m decreasing I /\ g  m > // m bounded below {* I *} while g do S {* Q *}

4 Formal spec, inv, and term. metric
{* 0n *} i := 0 ; r := true ; while i<n do { r := r /\ (a[i]=0) ; i++ } {* r = (k : 0k<n : a[k]=0) *} Chosen invariant & termination metric: I : (r = (k : 0k<i : a[k]=0)) /\ 0in m : n - i I1 I2

5 It comes down to proving these
(Exit Condition) I /\ g  Q (Initialization Condition) {* given-pre-cond *} i := 0 ; r := true {* I *}, Equivalently : given-pre-cond  wp (i := 0 ; r := true) I (Invariance) I /\ g  wp body I (Termination Condition) I /\ g  wp (C:=m ; body) (m<C) (Termination Condition) I /\ g  m>0

6 Proof of the exit condition
PROOF PEC [A1] r = (k : 0k<i : a[k]=0) // I1 [A2] 0in // I2 [A3] in // g [G] r = (k : 0k<n : a[k]=0) { A2 and A3 } i = n { rewrite A1 with 1 } r = (k : 0k<n : a[k]=0) END

7 Proof of the initialization condition
Calculate the wp first : wp (i := 0 ; r := true ) I = PROOF Init [A1] 0n [ G ] (true = (k : 0k<0 : a[k]=0)) /\ 00n // calculated wp { 00 , conjunction with A1 } 0n { see the eq. sub proof below } true = (k : 0k<0 : a[k]=0) EQUATIONAL PROOF (k : 0k<0 : a[k]=0) = { the domain is empty } (k : false : a[k]=0) = { over empty domain } true END { conjunction of 1 and 2 } G

8 Proof of the invariance condition
We have to prove: I /\ g  wp body I Calculate the wp first: wp (r := r /\ (a[i]=0) ; i++ ) I = .... Proof structure: PROOF PIC [A1] r = (k : 0k<i : a[k]=0) // I1 [A2] 0in // I2 [A3] i<n // g [G] here the wp you calculated above

9 Proof of the invariance condition
PROOF PIC [A1] r = (k : 0k<i : a[k]=0) [A2] 0in [A3] i<n [G1] r/\(a[i]=0) = (k : 0k<i+1 : a[k]=0) [G2] 0i+1n { follows from 0  i in A2 } 0i+1 { follows from A3 } i+1n { see eq. subproof below } G EQUATIONAL PROOF (k : 0k<i+1 : a[k]=0) = { dom. merge , PIC.A2 } (k : 0k<i \/ k=i : a[k]=0) = {  domain-split } (k : 0k<i: a[k]=0) /\ (k : k=i : a[k]=0) = { PIC.A1 } r /\ (k : k=i : a[k]=0) = { quant. over singleton } r /\ (a[i]=0) END { conjunction of 1,2,3} G END

10 Proof that m decreases You have to prove: I /\ g  wp (C:=m ; body) (m<C) Calculate this first: wp (C:=n-i ; r := r /\ (a[i]=0) ; i++ ) (n-i<C) = .... PROOF PTC1 [A1] r = (k : 0k<i : a[k]=0) // I1 [A2] 0in // I2 [A3] i<n // g [G] n-(i+1) < n-i { x-1 < x } n – i < n-i { rewriting 1 } n – (i+1) < n-1 END

11 Proof that m has a lower bound
You have to prove: I /\ g  m0 PROOF PTC2 [A1] r = (k : 0k<i : a[k]=0) // I1 [A2] 0in // I2 [A3] i<n // g [G] n – i > 0 ..... complete this yourself.

12 Let’s take a look at the version with a break
{* 0n *} i := 0 ; r := true ; while i<n /\ r do { r := r /\ (a[i]=0) ; i++ } {* r = (k : 0k<n : a[k]=0) *} Let’s just use the same invariant & termination metric: I : (r = (k : 0k<i : a[k]=0)) /\ 0in m : n - i let’s call this g /\ h

13 Ok.. so what do we have to prove ?
(Exit Condition) I /\ (g /\ h)  Q (Initialization Condition) given-pre-cond  wp (i := 0 ; r := true) I (Invariance) I /\ g /\ h  wp body I (Termination Condition) I /\ g /\ h  wp (C:=m ; body) (m<C) (Termination Condition) I /\ g /\ h  m>0

14 Patched proof of the exit condition
PROOF PEC [A1] r = (k : 0k<i : a[k]=0) // I1 [A2] 0in // I2 [A3] in \/ r // g [G] r = (k : 0k<n : a[k]=0) { see subproof1} i  n  G { see subproof2} r  G { case-split on A3, using 1 and 2 } G END

15 The Subproofs of PEC PROOF sub2 [A1] r [G] r = (k : 0k<n : a[k]=0) { rewrite A1 with PEC.A1} (k : 0k<i : a[k]=0) { neg of  on 1 } (k : 0k<i : a[k]  0) { elim on 2} [SOME k] 0k<i /\ a[k]  0 {PEC.A2 says i  n, so 3 implies this: } 0k<n /\ a[k]  0 { intro on 4 } (k : 0k<n : a[k]  0) { neg of  on 5 } (k : 0k<n : a[k]=0) {A1 and 6 } r = (k : 0k<n : a[k]=0) { follows from 7 } r = (k : 0k<n : a[k]=0) END P , Q P = Q

16 We can also prove sub2’s goal with an equational proof
EQ PROOF sub2 [A1] r (k : 0k<n : a[k]=0) = { domain merging, justified by PEC.A2 } (k : 0k<i \/ ik<n : a[k]=0) = { domain split } (k : 0k<i : a[k]=0) /\ (k : ik<n : a[k]=0) = { rewrite with PEC.A1 } r /\ (k : ik<n : a[k]=0) = { rewrite with A1 above } false /\ (k : ik<n : a[k]=0) = { trivial } false = { A1 implies r=false } r END

Download ppt "Example of a Worked-out Proof"

Similar presentations

Ack: Several slides from Prof. Jim Anderson’s COMP 202 notes.

Ack: Several slides from Prof. Jim Anderson’s COMP 202 notes.
AE1APS Algorithmic Problem Solving John Drake

AE1APS Algorithmic Problem Solving John Drake
PROOF BY CONTRADICTION

PROOF BY CONTRADICTION
If R = {(x,y)| y = 3x + 2}, then R -1 = (1) x = 3y + 2 (2) y = (x – 2)/3 (3) {(x,y)| y = 3x + 2} (4) {(x,y)| y = (x – 2)/3} (5) {(x,y)| y – 2 = 3x} (6)

If R = {(x,y)| y = 3x + 2}, then R -1 = (1) x = 3y + 2 (2) y = (x – 2)/3 (3) {(x,y)| y = 3x + 2} (4) {(x,y)| y = (x – 2)/3} (5) {(x,y)| y – 2 = 3x} (6)
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
MA/CSSE 473/474 How (not) to do an induction proof.

MA/CSSE 473/474 How (not) to do an induction proof.
>In We need a rule that will let us prove a conditional. What should the rule be?

>In We need a rule that will let us prove a conditional. What should the rule be?
Program Proving Notes Ellen L. Walker.

Program Proving Notes Ellen L. Walker.
1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.
Program Analysis and Verification Spring 2014 Program Analysis and Verification Lecture 5: Axiomatic Semantics II Roman Manevich Ben-Gurion University.

Program Analysis and Verification Spring 2014 Program Analysis and Verification Lecture 5: Axiomatic Semantics II Roman Manevich Ben-Gurion University.
Sorting. Input: A sequence of n numbers a 1, …, a n Output: A reordering a 1 ’, …, a n ’, such that a 1 ’ < … < a n ’ 14326816 23141668.

Sorting. Input: A sequence of n numbers a 1, …, a n Output: A reordering a 1 ’, …, a n ’, such that a 1 ’ < … < a n ’
4/17/2017 Section 3.6 Program Correctness ch3.6.

4/17/2017 Section 3.6 Program Correctness ch3.6.
1 Recitation 7. Developing loops Introduction. This recitation concerns developing loops using their invariants and bound functions. Your recitation instructor.

1 Recitation 7. Developing loops Introduction. This recitation concerns developing loops using their invariants and bound functions. Your recitation instructor.
Proving correctness. Proof based on loop invariants  an assertion which is satisfied before each iteration of a loop  At termination the loop invariant.

Proving correctness. Proof based on loop invariants  an assertion which is satisfied before each iteration of a loop  At termination the loop invariant.
Floyd Hoare Logic. Semantics A programming language specification consists of a syntactic description and a semantic description. Syntactic description:symbols.

Floyd Hoare Logic. Semantics A programming language specification consists of a syntactic description and a semantic description. Syntactic description:symbols.
Reading and Writing Mathematical Proofs

Reading and Writing Mathematical Proofs
1 Inference Rules and Proofs (Z); Program Specification and Verification Inference Rules and Proofs (Z); Program Specification and Verification.

1 Inference Rules and Proofs (Z); Program Specification and Verification Inference Rules and Proofs (Z); Program Specification and Verification.
Equations Reducible to Quadratic

Equations Reducible to Quadratic
TABLES AND VALUES Section 1.5. Open Sentence Equation.

TABLES AND VALUES Section 1.5. Open Sentence Equation.

Similar presentations

Ads by Google