ABV in the space context: verification of correctness requirements
LECTURE 3: Verification of algorithms correctness
description
Transcript of LECTURE 3: Verification of algorithms correctness
![Page 1: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/1.jpg)
Algorithmics - Lecture 3 1
LECTURE 3:
Verification of algorithms correctness
![Page 2: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/2.jpg)
Algorithmics - Lecture 3 2
Outline
• Algorithm analysis
• Basic notions
• Basic steps in correctness verification
• Rules for correctness verification
![Page 3: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/3.jpg)
Algorithmics - Lecture 3 3
Algorithm analysis When we design an algorithm there are two main aspects which
should be analyzed:
• Algorithm correctness: – analyze if the algorithm produces the desired output after a
finite number of operations
• Algorithm efficiency:– estimate the amount of resources needed to execute the
algorithm on a machine
![Page 4: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/4.jpg)
Algorithmics - Lecture 3 4
Algorithm correctness
There are two main ways to verify if an algorithm solves a given problem:
• Experimental (by testing): the algorithm is executed for a several instances of the input data
• Formal (by proving): it is proved that the algorithm produces the right answer for any input data
![Page 5: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/5.jpg)
Algorithmics - Lecture 3 5
Advantages and Disadvantages
Experimental Formal
Advantages • simple• easy to apply
• guarantees the correctness
Disadvantages • doesn’t guarantee the correctness
• rather difficult• cannot be applied for complex algorithms
![Page 6: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/6.jpg)
Algorithmics - Lecture 3 6
• Algorithm analysis
• Basic notions
• Basic steps in correctness verification
• Rules for correctness verification
Outline
![Page 7: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/7.jpg)
Algorithmics - Lecture 3 7
• Preconditions and postconditions
• Algorithm state
• Assertions
• Annotation
Basic notions
![Page 8: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/8.jpg)
Algorithmics - Lecture 3 8
• Precondititions = properties satisfied by the input data• Postconditions= properties satisfied by the result
Example: Find the minimum, m, of a non-empty array, x[1..n]
Preconditions: n>=1 (the array is non-empty)
Postconditions: m=min{x[i]| 1<=i<=n}
( the variable m contains the smallest value in x[1..n])
Preconditions and postconditions
![Page 9: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/9.jpg)
Algorithmics - Lecture 3 9
(Partial) Correctness verification =
prove that if the algorithm terminates it leads to postconditions starting from preconditions
Total correctness verification = prove partial correctness + finiteness
Intermediate steps in correctness verification:– analyze the algorithm state and– the effect of each processing step on the algorithm state
Preconditions and postconditions
![Page 10: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/10.jpg)
Algorithmics - Lecture 3 10
• Preconditions and postconditions
• Algorithm state
• Assertions
• Annotation
Basic notions
![Page 11: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/11.jpg)
Algorithmics - Lecture 3 11
• Algorithm state = set of values corresponding to all variables used in the algorithm
• During the execution of an algorithm its state changes (since the variables change their values)
• The algorithm is correct if at the end of the algorithm its state implies the postconditions
Algorithm state
![Page 12: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/12.jpg)
Algorithmics - Lecture 3 12
Algorithm stateExample: Solving the equation ax=b, a<>0Input data: a Output data: xPreconditions: a<>0 Postconditions: x satisfies ax=b
Algorithm: Algorithm’s stateSolve (real a,b) real x a=a0, b=b0, x undefined x← b/a a=a0, b=b0, x=b0/a0 return x
Current values of aand b
ax=b
![Page 13: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/13.jpg)
Algorithmics - Lecture 3 13
Basic notions
• Preconditions and postconditions
• Algorithm’s state
• Assertions
• Annotation
![Page 14: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/14.jpg)
Algorithmics - Lecture 3 14
Assertions
• Assertion = statement (asserted to be true) about the algorithm’ state
• Assertions are used to annotate the algorithms
• Annotation is useful both in – correctness verification
and as– documentation tool
![Page 15: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/15.jpg)
Algorithmics - Lecture 3 15
Basic notions
• Preconditions and postconditions
• Algorithm’s state
• Assertions
• Annotation
![Page 16: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/16.jpg)
Algorithmics - Lecture 3 16
Annotation Preconditions: a,b,c are distinct real numbersPostconditions: m=min(a,b,c)
min (real a,b,c) //{a<>b, b<>c, c<>a}
IF a<b THEN //{a<b} IF a<c THEN m ← a //{a<b, a<c, m=a} ELSE m ← c //{a<b, c<a, m=c} ENDIFELSE //{b<a} IF b<c THEN m ← b //{b<a, b<c, m=b} ELSE m ← c //{b<a, c<b, m=c} ENDIFENDIFRETURN m
m=min(a,b,c)m=min(a,b,c)
m=min(a,b,c)m=min(a,b,c)
![Page 17: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/17.jpg)
Algorithmics - Lecture 3 17
Annotation
Preconditions: a,b,c are distinct real numbersPostconditions: m=min(a,b,c)
Another variant to find the minimum of three values
min (real a,b,c) //{a<>b, b<>c, c<>a}
m ← a // m=aIF m>b THEN m ← b ENDIF // m<=a, m<=bIF m>c THEN m ← c ENDIF // m<=a, m<=b, m<=cRETURN m
m=min(a,b,c)
![Page 18: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/18.jpg)
Algorithmics - Lecture 3 18
Outline
• Algorithms analysis
• Basic notions
• Basic steps in correctness verification
• Rules for correctness verification
![Page 19: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/19.jpg)
Algorithmics - Lecture 3 19
Basic steps in correctness verification
• Identify the preconditions and postconditions
• Annotate the algorithm with assertions concerning its state such that
– the preconditions are satisfied– the final assertion implies the postconditions
• Prove that by each processing step one arrives from the previous assertion to the next assertion
![Page 20: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/20.jpg)
Algorithmics - Lecture 3 20
Some notations
Let us denote by
P - the preconditionsQ - the postconditionsA - the algorithm
The triple (P,A,Q) denote a correct algorithm if for input data which satisfy the preconditions P the algorithm will:– lead to postconditions Q– stop after a finite number of processing steps
Notation:P Q
A
![Page 21: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/21.jpg)
Algorithmics - Lecture 3 21
Outline
• Algorithms analysis
• Basic notions
• Basic steps in correctness verification
• Rules for correctness verification
![Page 22: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/22.jpg)
Algorithmics - Lecture 3 22
Rules for correctness verification
To prove that an algorithm is correct it can be useful to know rules corresponding to the usual statements:
• Sequential statement
• Conditional statement
• Loop statement
![Page 23: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/23.jpg)
Algorithmics - Lecture 3 23
Sequential statement rule
StructureA:
{P0}
A1
{P1}…
{Pi-1}
Ai
{Pi}…
{Pn-1}
An
{Pn}
Rule:
If
P P0
Pi-1 →Pi , i=1..n
Pn Q
Then
P → Q
Ai
A
What does this mean ?If
• the precondition implies the initial assertion,
• each action implies the next assertion
• the final assertion implies the post-condition
then the sequence is correct
![Page 24: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/24.jpg)
Algorithmics - Lecture 3 24
Sequential statement rule
Problem: Let x and y be two variables having the values a and b, respectively. Swap the values of the two variables.
P: {x=a, y=b}Q: {x=b,y=a}
Variant 1: {x=a,y=b, aux undefined}aux:=x {x=a, y=b, aux=a}x:=y {x=b, y=b, aux=a}y:=aux {x=b, y=a, aux=a} Q
Variant 2 (a and b are numbers): {x=a,y=b}x:=x+y {x=a+b, y=b}y:=x-y {x=a+b, y=a}x:=x-y {x=b, y=a} Q
![Page 25: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/25.jpg)
Algorithmics - Lecture 3 25
Sequential statement rule
What about this variant ?
{x=a,y=b}x:=y {x=b, y=b}y:=x {x=b, y=b} Q
This structure doesn’t meet the
specification !
![Page 26: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/26.jpg)
Algorithmics - Lecture 3 26
Conditional statement rule
StructureA:
{P0}IF c THEN
{c,P0}
A1
{P1} ELSE
{NOTc,P0}
A2
{P2}
Rule:
If • c is well defined
• c AND P0 →P1
• P1 Q
• NOT c AND P0 →P2
• P2 Q
then
P → Q
What does it mean ?
The condition c can be evaluated
Both branches lead to
the postconditions
A
A1
A2
![Page 27: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/27.jpg)
Algorithmics - Lecture 3 27
Conditional statement ruleProblem: compute the minimum of two distinct valuesPreconditions: a<>bPostconditions: m=min{a,b} {a<>b}IF a<b THEN {a<b} m:=a {a<b, m=a} ELSE {b<a} m:=b {b<a, m=b}
Since
{a<b, m=a} implies m=min{a,b}
and
{b<a, m=b} implies m=min{a,b}
the algorithm meets the specification
![Page 28: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/28.jpg)
Algorithmics - Lecture 3 28
Loop statement ruleVerifying the correctness of sequential and conditional statements is
easy…
Verifying loops is not so easy …
Informally speaking, a loop is correct when:• If it finishes it leads to postconditions• It finishes after a finite number of steps
If only the first property is satisfied then the loop is partially correct
Partial correctness can be proved by using mathematical induction or by using loop invariants
Full correctness needs that the algorithm terminates
![Page 29: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/29.jpg)
Algorithmics - Lecture 3 29
Loop invariantsLet us consider the WHILE loop:
P {I}WHILE c DO
{c,I}
A
{I}
ENDWHILE
{NOT c, I} Q
Definition:
A loop invariant is an assertion which satisfies:
1. It is true at the beginning of the loop
2. As long as c is true it remains true after each execution of the loop body
3. When c is false it implies the postconditions
If we can find a loop invariant then that loop is partially correct
![Page 30: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/30.jpg)
Algorithmics - Lecture 3 30
Loop invariants
Preconditions:
x[1..n] non-empty array (n>=1)
Postconditions:
m=min{x[i]|1<=i<=n}
m←x[1]
FOR i ← 2,n DO
IF x[i]<m THEN m ← x[i]
ENDFOR
m ← x[1]
i ← 2
WHILE i<=n DO
IF x[i]<m THEN m ← x[i]
ENDIF
i ← i+1
ENDWHILE
![Page 31: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/31.jpg)
Algorithmics - Lecture 3 31
Loop invariants
Preconditions:
x[1..n] non-empty array (n>=1)
Postconditions:
m=min{x[i]|1<=i<=n}
i ← 1
m ← x[i]
WHILE i<n DO
i ← i+1
IF x[i]<m THEN m ← x[i]
ENDIF
ENDWHILE
m ← x[1]
i ← 2
WHILE i<=n DO
IF x[i]<m THEN m ← x[i]
ENDIF
i ← i+1
ENDWHILE
![Page 32: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/32.jpg)
Algorithmics - Lecture 3 32
Loop invariants
P: n>=1 Q: m=min{x[i]; i=1..n}
m ← x[1]
i ← 2
{m=min{x[j]; j=1..i-1}}
WHILE i<=n DO {i<=n}
IF x[i]<m THEN m ← x[i]
{m=min{x[j]; j=1..i}}
ENDIF
i ← i+1
{m=min{x[j]; j=1..i-1}}
ENDWHILE
Loop invariant:
m=min{x[j]; j=1..i-1}
Why ? Because …• when i=2 and m=x[1] it holds• while i<=n after the execution
of the loop body it still holds• finally, when i=n+1 it implies
m=min{x[j]; j=1..n} which is exactly the postcondition
![Page 33: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/33.jpg)
Algorithmics - Lecture 3 33
Loop invariants
P: n>=1 Q: m=min{x[i]; i=1..n}
i ← 1
m ← x[i]
{m=min{x[j]; j=1..i}}
WHILE i<n DO {i<n}
i ← i+1
{m=min{x[j]; j=1..i-1}}
IF x[i]<m THEN m ← x[i]
{m=min{x[j]; j=1..i}}
ENDIF
ENDWHILE
Loop invariant:
m=min{x[j]; j=1..i}
Why ? Because …• when i=1 and m=x[1] the
invariant is true• while i<n after the execution of
the loop body it still remains true• finally, when i=n it implies
m=min{x[j]; j=1..n} which is exactly the postcondition
![Page 34: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/34.jpg)
Algorithmics - Lecture 3 34
Loop invariantsProblem: Let x[1..n] be an array which contains x0. Find the smallest
index i for which x[i]=x0
P: n>=1 and there exists 1<= k <= n such that x[k]=x0
Q: x[i]=x0 and x[j]<>x0 for j=1..i-1
i ← 1
WHILE x[i]<>x0 DO
i ← i+1
ENDWHILE
![Page 35: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/35.jpg)
Algorithmics - Lecture 3 35
Loop invariantsProblem: Let x[1..n] be an array which contains x0. Find the smallest
index i for which x[i]=x0
P: n>=1 and there exists 1<= k <= n such that x[k]=x0
Q: x[i]=x0 and x[j]<>x0 for j=1..i-1
i ← 1
{x[j]<>x0 for j=1..0}
WHILE x[i]<>x0 DO
{x[i]<>x0, x[j]<>x0 for j=1..i-1}
i ← i+1
{x[j]<>x0 for j=1..i-1}
ENDWHILE
Loop invariant:
x[j]<>x0 for j=1..i-1
Why ? Because …• for i=1 the range j=1..0 is empty
thus the assertion is satisfied• Let us suppose that x[i]<>x0 and the
invariant is true
Then x[j]<>x0 for j=1..i • After i:=i+1 we obtain again x[j]<>x0
for j=1..i-1• Finally, when x[i]=x0 we obtain Q
![Page 36: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/36.jpg)
Algorithmics - Lecture 3 36
Loop invariants
Loop invariants are useful not only for correctness proving but also for loop’s design
Ideally would be to – find first the loop invariant – then design the algorithm
Problem: compute the sum of the first n natural valuesPrecondition: n>=1 Postcondition: S=1+2+…+n
What is the property S should satisfy after the execution of the n-th loop ?Invariant: S=1+2+…+i
Idea for loop design: – first prepare the term– then add the term to the sum
![Page 37: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/37.jpg)
Algorithmics - Lecture 3 37
Loop invariantsAlgorithm:
i ← 1S ← 1 {S=1+2+…+i}WHILE i<n DO {S=1+2+…+i} i ← i+1 {S=1+2+…+i-1} S ← S+i {S=1+2+…+i}ENDWHILE-----------{i=n, S=1+2+…+i} S=1+…+n
Algorithm:
S ← 0i ← 1 {S=1+2+…+i-1}WHILE i<=n DO {S=1+2+…+i-1} S ← S+i {S=1+2+…+i} i ← i+1 {S=1+2+…+i-1}ENDWHILE-----------{i=n+1, S=1+2+…+i-1} S=1+…
+n
![Page 38: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/38.jpg)
Algorithmics - Lecture 3 38
Termination functionsTo prove that a loop finishes after a finite number of iterations it suffices
to find a termination function
Definition:A function F:N→N is a termination function if it satisfies the following
properties:1. F is strictly decreasing2. If c is true then F(p)>0 and if F(p)=0 then c is false
Remarks:• F depends on the loop counter p (at the first execution of the loop body p is 1, at the second it is 2
and so on …)• The loop counter is not necessarily an explicit variable (it can be
just a formal variable useful to analyze the loop correctness)• F reaches 0 because it is strictly decreasing; when F becomes 0
then c becomes false, thus the loop finishes.
![Page 39: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/39.jpg)
Algorithmics - Lecture 3 39
Termination functions
Example: S=1+…+n
First variant:
i ← 1S ← 1WHILE i<n DO i ← i+1
{ip=ip-1+1} S ← S+iENDWHILE
F(p)=n-ip
F(p)=n-ip-1-1=F(p-1)-1<F(p-1)i<n => F(p)>0
F(p)=0 => ip=n
Second variant:
S ← 0 i ← 1WHILE i<=n DO S ← S+i; i ← i+1
{ip=ip-1+1}ENDWHILE
F(p)=n+1-ip
F(p)=n+1-ip-1-1=F(p-1)-1<F(p-1)i<=n => F(p)>0
F(p)=0 => ip=n+1
![Page 40: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/40.jpg)
Algorithmics - Lecture 3 40
Termination functions
Example: find the first occurrence of x0 in x[1..n]
i ← 1
WHILE x[i]<>x0 DO
i ← i+1
{ip=ip-1+1}
ENDWHILE
Let k be the first occurrence of x0 in x[1..n]
F(p)=k-ip
F(p)=k-ip-1-1=F(p-1)-1<F(p-1)
x[i]<>x0 => ip<k => F(p)>0
F(p)=0 => ip=k => x[i]=x0
![Page 41: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/41.jpg)
Algorithmics - Lecture 3 41
Example: greatest common divisor
Analyze the correctness of the Euclid’s algorithm (variant 1)
gcd(a,b)d ← ai ← br ← d MOD i
WHILE r<>0 DO
d ← i
i ← r
r ← d MOD i
ENDWHILE
RETURN i
P: a=a0, b=b0Q: i=gcd(a0,b0)
Loop invariant: gcd(d,i)=gcd(a0,b0)
1. d=a=a0, i=b=b0 => gcd(d,i)=gcd(a0,b0)
2. gcd(dp,ip)=gcd(ip,dp MOD ip)=
gcd(dp+1,ip+1)3. r=0 => i|d => gcd(d,i)=i
Termination function: F(p)=rp
![Page 42: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/42.jpg)
Algorithmics - Lecture 3 42
Example: greatest common divisor
Analyze the correctness of the Euclid’s algorithm (variant 2)
gcd(a,b)
WHILE a<>0 AND b<>0 DO
a ← a MOD b
IF a<>0 THEN
b ← b MOD a
ENDIF
ENDWHILE
IF a<>0 THEN RETURN a
ELSE RETURN b
ENDIF
Loop invariant: gcd(a,b)=gcd(a0,b0)
1. p=0=> a=a0,b=b0=>gcd(a,b)=gcd(a0,b0)
2. gcd(a0,b0)=gcd(ap-1,bp-1)=>
gcd(ap-1,bp-1)=gcd(bp-1,ap)=gcd(ap,bp)
3. ap=0 => gcd(a,b)=bp
bp=0 => gcd(a,b)=ap
Termination function: F(p)=min{ap,bp}
![Page 43: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/43.jpg)
Algorithmics - Lecture 3 43
Example: greatest common divisor
Analyze the correctness of the Euclid’s algorithm (variant 3)
gcd(a,b)
WHILE a<>b
IF a>b THEN a ← a-b
ELSE b ← b-a
ENDIF
ENDWHILE
RETURN a
Loop invariant: gcd(a,b)=gcd(ap,bp)
1. p=0=> ap=a,bp=b=>gcd(a,b)=gcd(ap,bp)
2. gcd(a,b)=gcd(ap-1,bp-1)=>
If ap-1 >bp-1
gcd(ap-1,bp-1)=gcd(ap-1-bp-1,bp-1) =gcd(ap,bp)else
gcd(ap-1,bp-1)=gcd(ap-1,bp-1-ap-1) =gcd(ap,bp)
3. ap=bp => gcd(a,b)=gcd(ap,bp)=ap
![Page 44: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/44.jpg)
Algorithmics - Lecture 3 44
Example: successor problem (back to Lecture 2)
Reminder: find the successor of an element in the strictly increasing sequence of natural values containing n distinct digits
Successor(integer x[1..n])integer i, k i ← Identify(x[1..n])IF i=1 THEN write “There is no successor !"ELSE k ← Minimum(x[i-1..n]) x[i-1]↔x[k] x[i..n] ← Reverse(x[i..n]) write x[1..n]ENDIF
Subalgorithms to be verified:Identify (x[1..n])P: n>1, there exists i such that x[i-1]<x[i]Q: x[i-1]<x[i] and x[j-1]>x[j], j=i+1..n
Minimum (x[i-1..n])P: x[i-1]<x[i]Q: x[k]<=x[j], j=1..n, x[k]>x[i-1]
Reverse(x[i..n])P: x[j]=x0[j], j=1..nQ: x[j]=x0[n+i-j], j=1..n
![Page 45: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/45.jpg)
Algorithmics - Lecture 3 45
Example: successor problem (back to Lecture 2)
Identify the rightmost element, x[i], which is larger than its left neighbour (x[i-1])
Identify(integer x[1..n])Integer ii ← nWHILE (i>1) and (x[i]<x[i-1]) do i ← i-1ENDWHILERETURN i
P: n>1, there exists i such that x[i-1]<x[i]Q: x[i-1]<x[i] and x[j-1]>x[j], j=i+1..n
Loop invariant:x[j-1]>x[j], j=i+1..n
Termination function:
F(p)= (ip-1) H(x[ip]-x[ip-1])
H(u)=0 if u>0 1 if u<0
![Page 46: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/46.jpg)
Algorithmics - Lecture 3 46
Example: successor problem (back to Lecture 2)
Find the index of the smallest value in the subarray x[i..n] which is larger than x[i-1]
Minimum(integer x[i..n])
Integer j
k ← i
j ← i+1
WHILE j<=n do
IFx[j]<x[k] and x[j]>x[i-1] THEN k ← j
ENDIF
j ← j+1
RETURN k
P: x[i-1]<x[i]Q: x[k]<=x[j], j=1..n, x[k]>x[i-1]
Loop invariant:x[k]<=x[r], r=i..j-1x[k]>x[i-1]
Termination function:
F(p)= n+1-ip
![Page 47: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/47.jpg)
Algorithmics - Lecture 3 47
Example: successor problem (back to Lecture 2)
Reverse the order of elements of of x[left..right]
reverse (INTEGER x[left..right]) INTEGER j1,j2 j1 ← left j2 ← right WHILE j1<j2 DO x[j1]↔x[j2] j1 ← j1+1 j2 ← j2-1 ENDWHILE RETURN x[left..right]
P: x[j]=x0[j], j=left..rightQ: x[j]=x0[left+right-j], j=left..right
Loop invariant:x[j]=x0[left+right-j], j=left..j1-1x[j]>x0[j], j=left..rightx[j]=x0[left+right-j], j=j2+1..right
Termination function:
F(p)=H( j2p-j1p)H(u)=u u>0 0 u<=0
![Page 48: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/48.jpg)
Algorithmics - Lecture 3 48
Summary
Proving the correctness of an algorithm means:
• To prove that it leads from the preconditions to postconditions (partial correctness)
• To prove that it is finite
A loop invariant is a property which• Is true before the loop• Remains true by the execution of the loop body• At the end of the loop it implies the postconditions
![Page 49: LECTURE 3: Verification of algorithms correctness](https://reader035.fdocuments.us/reader035/viewer/2022062803/56814889550346895db59f19/html5/thumbnails/49.jpg)
Algorithmics - Lecture 3 49
Next lecture will be on …
• how to estimate the cost of an algorithm
• growth orders of execution times