Algo - Lec3 - Verifying Correctness of Algorithm PDF

Design and Analysis of Algorithms
Lecture 3:
Verification of the correctness of algorithms
Tauseef Iftikhar
Department of Computer Science

Government College University, Lahore.
Todays Agenda
Algorithm Analysis
Basic Notions
Precondition and Postcondition
Algorithm State
Assertions and Annotation
Basic Steps in Correctness Verification
Rule for Correctness Verification

Sequential Statements Rule
Conditional Statements Rule
Loop Statements Rule
Loop Invariant
Termination Function
Algorithm Analysis
While designing an algorithm we have to take care of two aspects:

Algorithm Analysis

I Algorithm Correctness: Algorithm must give desired output
within finite time.
Algorithm Analysis

I Algorithm Correctness: Algorithm must give desired output
within finite time.
I Algorithm Efficiency: Algorithms must use minimum
resources while executing on a machine.
Algorithm Correctness
How to verify that algorithm is correct?
I Empirical method: Correctness can be verified by testing
different instances of the problem
I Advantage:
I Simple
I Easy to apply
I Advantage:
I Simple
I Easy to apply
I Disadvantage:
I It doesnt guarantee the correctness
I Advantage:
I Simple
I Easy to apply
I Disadvantage:
I Formal method: Mathematically it is proved that algorithm
will produce the required output for all the instances of the
problem within finite time.
I Advantage:
I Simple
I Easy to apply
I Disadvantage:
I Advantage:
I guarantees the correctness
I Advantage:
I Simple
I Easy to apply
I Disadvantage:
I Advantage:
I guarantees the correctness
I Disadvantage:
I Difficult
I Not possible for complex algorithms
Basic Notions
I Preconditions and Postconditions

I Algorithm State
I Assertions
I Annotation
Todays Agenda
Algorithm Analysis
Basic Notions
Algorithm State

Loop Invariant
Preconditions and Postconditions
I Preconditions:Properties that must be satisfied by the input


I Postconditions:Properties that must be satisfied by the result

I Example: Find the minimum, m, of a non-empty array, x[1..n]

Precondition: n 1 (array should be non empty)



Postcondition: m = min{x[i]|1 i n}


I Partial correctness verification: prove that if an algorithm

terminates it leads to postcondition starting from precondition.



I Intermediate steps in correctness verification:



I analyze the algorithm state



I analyze the algorithm state
I the effect of each processing step on the algorithm state
Todays Agenda
Algorithm Analysis
Basic Notions
Algorithm State

Loop Invariant
Algorithm State
I Algorithm state: set of values corresponding to all variables
used in the algorithm
Algorithm State
I During the execution of an algorithm its state changes (since
the variables change their values)
Algorithm State
I The algorithm is correct if at the end of the algorithm its
state implies the postconditions
Algorithm State
Example: Solving the equation ax = b, a <> 0
Algorithm State
input: a,b output: x
Algorithm State
precondition: a <> 0
Algorithm State
precondition: a <> 0 postcondition: x satisfies ax = b
Algorithm State
precondition: a <> 0 postcondition: x satisfies ax = b
Algorithm 8 Solve ax = b
1: procedure MyProcedure(real a, b)
2: real x . a = a0 , b = b0 , x = undefined
3: x b/a . a = a0 , b = b0 , x = b0 /a0
4: return x
Todays Agenda
Algorithm Analysis
Basic Notions
Algorithm State

Loop Invariant
I Assertions:statement (asserted to be true) about the

algorithm state
I Assertions are used to annotate the algorithms
I Assertions:statement (asserted to be true) about the

algorithm state
I Assertions are used to annotate the algorithms
I Annotation: is useful both in
I correctness verification
I documentation tool
Example: Assertions and Annotation
Find the minimum of the three distinct real numbers a, b, b
input: a,b,c output: minimum real number
precondition: a 6= b 6= c
precondition: a 6= b 6= c postcondition: m = min{a, b, c}
precondition: a 6= b 6= c postcondition: m = min{a, b, c}
Algorithm 13 Minimum1
1: procedure minimum(real a, b, c) . a <> b, b <> c, c <> a
2: if a < b then .a<b
3: if a < c then
4: m a . a < b, a < c, m = a, m = min(a, b, c)
5: else
6: m c . a < b, c < a, m = c, m = min(a, b, c)
7: else .b<a
8: if b < c then
9: mb . b < a, b < c, m = b m = min(a, b, c)
10: else
11: mc . b < a, c < b, m = c m = min(a, b, c)
return m
A variant of previous Example:

A variant of previous Example:
Algorithm 15 Minimum2
1: procedure minimum(real a, b, c) . a <> b, b <> c, c <> a
2: ma .m=a
3: if m > b then
4: mb . m a, m b
5: if m > c then
6: mc . m a, m b, m c
7:
return m
Basic steps in correctness verification
I Identify the preconditions and postconditions

I Annotate the algorithm with assertions concerning its state
such that
I the preconditions are satisfied
I the final assertion implies the postconditions
I Prove that by each processing step one arrives from the
previous assertion to the next assertion
Some Notation
I P: the precondition
I Q: the postcondition
I A: the algorithm
The triple (P, A, Q) denote a correct algorithm if for input data
which satisfy the preconditions P the algorithm will:
I lead to postconditions Q
I stop after a finite number of processing steps
A
P
Q
Rules for correctness verification
To prove that an algorithm is correct it can be useful to know rules

corresponding to the usual statements:
I Sequential statement
I Conditional statement
I Loop statement
Todays Agenda
Algorithm Analysis
Basic Notions
Algorithm State

Loop Invariant
Let we have algorithm A with sequence of actions A1 , A2 , . . . , An
Structure
A:
{P0 }
A1
{P1 }
..
.
Structure
A:
{P0 }
A1
{P1 }
..
.
{Pi1 }
Ai
{Pi }
..
.
Structure
A:
{P0 }
A1
{P1 }
..
.
{Pi1 }
Ai
{Pi }
..
.
{Pn1 }
An
{Pn }
Structure
A:
Rule
{P0 }
If
A1
{P1 } P P0
..
.
{Pi1 }
Ai
{Pi }
..
.
{Pn1 }
An
{Pn }
Structure
A:
Rule
{P0 }
If
A1
{P1 } P P0
.. Ai
. Pi1 Pi ,
{Pi1 } wherei = 1, . . . , n
Ai
{Pi }
..
.
{Pn1 }
An
{Pn }
Structure
A:
Rule
{P0 }
If
A1
{P1 } P P0
.. Ai
. Pi1 Pi ,
{Pi1 } wherei = 1, . . . , n
Ai Pn Q
{Pi }
.. then
.
{Pn1 }
An
{Pn }
Explanation
Structure If
A: I the precondition
Rule
{P0 } implies the initial
If
A1 assertion,
{P1 } P P0
..
I each action
. Ai
Pi1 Pi , implies the next
{Pi1 } wherei = 1, . . . , n assertion
Ai Pn Q I the final
{Pi } assertion implies
.. then
. the
{Pn1 } A post-condition
P Q
An then
{Pn } the sequence is
correct
Example of Sequential Statement Rules
Problem: Let x and y be two variables having the values a and b,

respectively. Swap the values of the two variables.
precondition P : x = a, y = b
postcondition Q : x = b, y = a
variant 1
{x = a, y = b, aux = undefined}

variant 1
aux x

variant 1
aux x
{x = a, y = b, aux = a}
x y

variant 1
aux x
{x = a, y = b, aux = a}
x y
{x = b, y = b, aux = a}
y aux

variant 1
aux x
{x = a, y = b, aux = a}
x y
{x = b, y = b, aux = a}
y aux
{x = b, y = a, aux = a} Q

variant 1 variant 2
{x = a, y = b, aux = undefined} {x = a, y = b}
aux x x x +y
{x = a, y = b, aux = a} {x = a + b, y = b}
x y y x y
{x = b, y = b, aux = a} {x = a + b, y = a}
y aux x x y
{x = b, y = a, aux = a} Q {x = b, y = a} Q
Todays Agenda
Algorithm Analysis
Basic Notions
Algorithm State

Loop Invariant
Conditional Statement Rule
Structure
A:
{P0 }
If c then
{c, P0 }
A1
{P1 }
Structure
A:
{P0 }
If c then
{c, P0 }
A1
{P1 }
Else
{NOTc, P0 }
A2
{P2 }
EndIf
Rule
If
Structure
A: I c is well defined
{P0 } I c AND
If c then A1
P0 P1
{c, P0 } I P1 Q
A1
{P1 } OR
Else
{NOTc, P0 }
A2
{P2 }
EndIf
Rule
If
Structure
{P0 } I c AND
If c then A1
P0 P1
{c, P0 } I P1 Q
A1
{P1 } OR
Else I NOT c AND
A2
{NOTc, P0 } P0 P2
A2 I P2 Q
{P2 }
then
EndIf
A
P
Q
Rule
If
Structure
{P0 } I c AND
A1 Explanation
If c then P0 P1
{c, P0 } I P1 Q
I The condition c
A1 can be evaluated
{P1 } OR I Both branches
Else I NOT c AND lead to the
A2
{NOTc, P0 } P0 P2 postconditions
A2 I P2 Q
{P2 }
then
EndIf
A
P
Q
Example Conditional Statement Rules
Problem: Find the minimum of two distinct numbers a and b

precondition P : a <> b
precondition Q : m = mina, b
Algorithm 16 Minimum of two numbers

1: procedure Minimum . {a <> b}
2: if a < b then . {a < b}
3: ma . {a < b, m = a} Q
4: else . {b < a}
5: mb . {b < a, m = b} Q
return m
Todays Agenda
Algorithm Analysis
Basic Notions
Algorithm State

Loop Invariant
Loop Statement Rules
Not so easy task...

Not so easy task...

I a loop is correct when:
Not so easy task...

I If it finishes it leads to postconditions
I It finishes after a finite number of steps
Not so easy task...

I If only the first property is satisfied then the loop is partially
correct
Not so easy task...

correct
I Partial correctness can be proved by using mathematical
induction or by using loop invariants
Not so easy task...

correct
I Partial correctness can be proved by using mathematical
induction or by using loop invariants
I Full correctness needs that the algorithm terminates
Let us consider while loop
{P P0 }
While c Do
{c, P0 }
A
{P1 }
EndWhile
{NOTc, P1 } Q

Definition:
A loop invariant is an assertion
{P P0 } which satisfies:
While c Do
{c, P0 }
A
{P1 }
EndWhile
{NOTc, P1 } Q

Definition:
While c Do 1. It is true at the beginning of
{c, P0 } the loop
A
{P1 }
EndWhile
{NOTc, P1 } Q

Definition:
{c, P0 } the loop
A
{P1 } 2. As long as c is true it
EndWhile remains true after each
{NOTc, P1 } Q execution of the loop body

Definition:
{c, P0 } the loop
A
3. When c is false it implies the
postconditions

Definition:
{c, P0 } the loop
A
3. When c is false it implies the
postconditions
If we can find a loop invariant then that loop is partially correct
Loop Invariant
Example: Find the minimum, m, of a non-empty array, x[1..n]
P: n 1
Q: m = min{x[i]|1 i n}
Algorithm 17 Minimum
1: m x[1]
2: i 2 .
m = min{x[j]|j = 1 . . . i 1}
3: while i n do .i n
4: if x[i] < m then m x[i]
. {m = minx[j]|j = 1 . . . i}
5: i i +1 .
{m = minx[j]|j = 1 . . . i 1}
Loop Invariant
P: n 1
Loop Invariant:
m = min{x[j]|j = 1 . . . i 1}
1: m x[1]
2: i 2 .
m = min{x[j]|j = 1 . . . i 1}
. {m = minx[j]|j = 1 . . . i}
5: i i +1 .
{m = minx[j]|j = 1 . . . i 1}
Loop Invariant
P: n 1
Loop Invariant:
m = min{x[j]|j = 1 . . . i 1}
Why?
1: m x[1]
2: i 2 .
m = min{x[j]|j = 1 . . . i 1}
. {m = minx[j]|j = 1 . . . i}
5: i i +1 .
{m = minx[j]|j = 1 . . . i 1}
Loop Invariant
P: n 1
Loop Invariant:
m = min{x[j]|j = 1 . . . i 1}
Why? Because..
I when i = 2 and m = x[1] it
1: m x[1]
2: i 2 . holds
m = min{x[j]|j = 1 . . . i 1} I while i n after the
3: while i n do .i n execution of the loop body

4: if x[i] < m then m x[i] it still holds
. {m = minx[j]|j = 1 . . . i} I finally, when i = n + 1 it
5: i i +1 . implies
{m = minx[j]|j = 1 . . . i 1} m = min{x[j]|j = 1 . . . n}
which is exactly the
postcondition
Loop Invariant
P: n 1
1: i 1
2: m x[1] .
{m = minx[j]|j = 1 . . . i}
3: while i < n do .i <n
4: i i +1 .
{m = minx[j]|j = 1 . . . i 1}
5: if x[i] < m then
6: m x[i] .
{m = minx[j]|j = 1 . . . i}
Loop Invariant
P: n 1
Loop Invariant:
m = min{x[j]|j = 1 . . . i}
1: i 1
2: m x[1] .
{m = minx[j]|j = 1 . . . i}
4: i i +1 .
{m = minx[j]|j = 1 . . . i 1}
5: if x[i] < m then
6: m x[i] .
{m = minx[j]|j = 1 . . . i}
Loop Invariant
P: n 1
Loop Invariant:
m = min{x[j]|j = 1 . . . i} Why?
1: i 1
2: m x[1] .
{m = minx[j]|j = 1 . . . i}
4: i i +1 .
{m = minx[j]|j = 1 . . . i 1}
5: if x[i] < m then
6: m x[i] .
{m = minx[j]|j = 1 . . . i}
Loop Invariant
P: n 1
Loop Invariant:
m = min{x[j]|j = 1 . . . i} Why?
Algorithm 24 Minimum Because..
1: i 1
I when i = 1 and m = x[1]
2: m x[1] .
the invariant is true
{m = minx[j]|j = 1 . . . i}
3: while i < n do .i <n I while i < n after the
4: i i +1 . execution of the loop body

{m = minx[j]|j = 1 . . . i 1} it still holds
5: if x[i] < m then I finally, when i = n it implies
6: m x[i] . m = min{x[j]|j = 1 . . . n}
{m = minx[j]|j = 1 . . . i} which is exactly the
postcondition
Loop Invariant
Example:Let x[1..n]be an array which contains x0 . Find the
smallest index for which x[i] = x0
P: n 1 and there exist 1 k n such thta x[k] = x0
Loop Invariant
Q: x[i] = x0 and x[j] 6= x0 for j = 1 . . . i 1
Loop Invariant
Algorithm 27 Mini-
mum
1: i 1 .
{x[j] <> x0 , j = 1 . . . i 1}
2: while x[i] <> x0

do . {x[i] <> x0 , x[j] <>
x0 forj = 1 . . . i}
3: i i +1 .
{x[i] <> x0 , x[j] <> x0 forj =
1 . . . i 1}
Loop Invariant
Loop Invariant:
x[j] 6= x0 for j = 1 . . . i 1
Algorithm 28 Mini-
mum
1: i 1 .
{x[j] <> x0 , j = 1 . . . i 1}
2: while x[i] <> x0

do . {x[i] <> x0 , x[j] <>
x0 forj = 1 . . . i}
3: i i +1 .
{x[i] <> x0 , x[j] <> x0 forj =
1 . . . i 1}
Loop Invariant
Loop Invariant:
x[j] 6= x0 for j = 1 . . . i 1 Why?
Algorithm 29 Mini-
mum
1: i 1 .
{x[j] <> x0 , j = 1 . . . i 1}
2: while x[i] <> x0

do . {x[i] <> x0 , x[j] <>
x0 forj = 1 . . . i}
3: i i +1 .
{x[i] <> x0 , x[j] <> x0 forj =
1 . . . i 1}
Loop Invariant
Loop Invariant:
x[j] 6= x0 for j = 1 . . . i 1 Why? Because..
Algorithm 30 Mini-
mum I when i = 1 the range j = 1 . . . 0 is
1: i 1 . empty thus the assertion is satisfied
{x[j] <> x0 , j = 1 . . . i 1}
2: while x[i] <> x0

do . {x[i] <> x0 , x[j] <>
x0 forj = 1 . . . i}
3: i i +1 .
{x[i] <> x0 , x[j] <> x0 forj =
1 . . . i 1}
Loop Invariant
Loop Invariant:
Algorithm 31 Mini-
{x[j] <> x0 , j = 1 . . . i 1} I Let us suppose that x[i] <> x0 and
2: while x[i] <> x0 the invariant is true. Then x[j] <> x0
do . {x[i] <> x0 , x[j] <> for j = 1 . . . i
x0 forj = 1 . . . i}
3: i i +1 .
{x[i] <> x0 , x[j] <> x0 forj =
1 . . . i 1}
Loop Invariant
Loop Invariant:
Algorithm 32 Mini-
do . {x[i] <> x0 , x[j] <> for j = 1 . . . i
x0 forj = 1 . . . i}
I After i = i + 1 we obtain again
3: i i +1 .
x[j] <> x0 for j = 1 . . . i which is
{x[i] <> x0 , x[j] <> x0 forj =
exactly the postcondition
1 . . . i 1}
Loop Invariant
Loop Invariant:
Algorithm 33 Mini-
do . {x[i] <> x0 , x[j] <> for j = 1 . . . i
x0 forj = 1 . . . i}
I After i = i + 1 we obtain again
3: i i +1 .
x[j] <> x0 for j = 1 . . . i which is
{x[i] <> x0 , x[j] <> x0 forj =
exactly the postcondition
1 . . . i 1}
I Finally, when x[i] = x0 we obtain Q
To prove that a loop finishes after a finite number of iterations it
suffices to find a termination function
Definition:
A function F : N N is a termination function if it satisfies the
following properties:
1. F is strictly decreasing
2. if c is true then F (p) > 0 and if F (p) = 0 then c is false
Definition:
A function F : N N is a termination function if it satisfies the
following properties:
1. F is strictly decreasing
2. if c is true then F (p) > 0 and if F (p) = 0 then c is false
Remarks:
I F depends on the loop counter p (at the first execution of the
loop body p is 1, at the second it is 2 and so on )
I The loop counter is not necessarily an explicit variable (it can
be just a formal variable useful to analyze the loop
correctness)
I F reaches 0 because it is strictly decreasing; when F becomes
0 then c becomes false, thus the loop finishes.
Example:S = 1 + 2 + . . . + n
Variant 1:
Algorithm 34 Sum of Series

1: i 1
2: S 1
3: while i < n do
4: i i + 1 . ip = ip1 + 1
5: S i +1
Example:S = 1 + 2 + . . . + n
Variant 1:

1: i 1
2: S 1
3: while i < n do
4: i i + 1 . ip = ip1 + 1
5: S i +1
F (p) = n ip
Example:S = 1 + 2 + . . . + n
Variant 1:

1: i 1
2: S 1
3: while i < n do
4: i i + 1 . ip = ip1 + 1
5: S i +1
F (p) = n ip
F (p) = n ip1 1
Example:S = 1 + 2 + . . . + n
Variant 1:

1: i 1
2: S 1
3: while i < n do
4: i i + 1 . ip = ip1 + 1
5: S i +1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
Example:S = 1 + 2 + . . . + n
Variant 1:

1: i 1
2: S 1
3: while i < n do
4: i i + 1 . ip = ip1 + 1
5: S i +1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
Example:S = 1 + 2 + . . . + n
Variant 1:

1: i 1
2: S 1
3: while i < n do
4: i i + 1 . ip = ip1 + 1
5: S i +1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
Example:S = 1 + 2 + . . . + n
Variant 1:

1: i 1
2: S 1
3: while i < n do
4: i i + 1 . ip = ip1 + 1
5: S i +1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
F (p) = 0 ip = n
Example:S = 1 + 2 + . . . + n
Variant 1: Variant 2:
Algorithm 48 Sum of Series Algorithm 49 Sum of Series

1: i 1 1: S 0
2: S 1 2: i 1
3: while i < n do 3: while i n do
4: i i + 1 . ip = ip1 + 1 4: S i +1
5: S i +1 5: i i + 1 . ip = ip1 + 1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
F (p) = 0 ip = n
Example:S = 1 + 2 + . . . + n

1: i 1 1: S 0
2: S 1 2: i 1
4: i i + 1 . ip = ip1 + 1 4: S i +1
5: S i +1 5: i i + 1 . ip = ip1 + 1
F (p) = n ip F (p) = n + 1 ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
F (p) = 0 ip = n
Example:S = 1 + 2 + . . . + n

1: i 1 1: S 0
2: S 1 2: i 1
4: i i + 1 . ip = ip1 + 1 4: S i +1
5: S i +1 5: i i + 1 . ip = ip1 + 1
F (p) = n ip F (p) = n + 1 ip
F (p) = n ip1 1 F (p) = n + 1 ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
F (p) = 0 ip = n
Example:S = 1 + 2 + . . . + n

1: i 1 1: S 0
2: S 1 2: i 1
4: i i + 1 . ip = ip1 + 1 4: S i +1
5: S i +1 5: i i + 1 . ip = ip1 + 1
F (p) = n ip F (p) = n + 1 ip
F (p) = n ip1 1 F (p) = n + 1 ip1 1
F (p) = F (p 1) 1 F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
F (p) = 0 ip = n
Example:S = 1 + 2 + . . . + n

1: i 1 1: S 0
2: S 1 2: i 1
4: i i + 1 . ip = ip1 + 1 4: S i +1
5: S i +1 5: i i + 1 . ip = ip1 + 1
F (p) = n ip F (p) = n + 1 ip
F (p) = n ip1 1 F (p) = n + 1 ip1 1
F (p) = F (p 1) 1 F (p) = F (p 1) 1
F (p) < F (p 1) F (p) < F (p 1)
ip < n F (p) > 0
F (p) = 0 ip = n
Example:S = 1 + 2 + . . . + n

1: i 1 1: S 0
2: S 1 2: i 1
4: i i + 1 . ip = ip1 + 1 4: S i +1
5: S i +1 5: i i + 1 . ip = ip1 + 1
F (p) = n ip F (p) = n + 1 ip
F (p) = n ip1 1 F (p) = n + 1 ip1 1
F (p) = F (p 1) 1 F (p) = F (p 1) 1
F (p) < F (p 1) F (p) < F (p 1)
ip < n F (p) > 0 i < n F (p) > 0
F (p) = 0 ip = n
Example:S = 1 + 2 + . . . + n

1: i 1 1: S 0
2: S 1 2: i 1
4: i i + 1 . ip = ip1 + 1 4: S i +1
5: S i +1 5: i i + 1 . ip = ip1 + 1
F (p) = n ip F (p) = n + 1 ip
F (p) = n ip1 1 F (p) = n + 1 ip1 1
F (p) = F (p 1) 1 F (p) = F (p 1) 1
F (p) < F (p 1) F (p) < F (p 1)
ip < n F (p) > 0 i < n F (p) > 0
F (p) = 0 ip = n F (p) = 0 ip = n + 1
Example:find the first occurrence of x0 in x[1 . . . n]
Algorithm 62 Find the

occurrence
1: i 1
2: while x[i] <> x0
do
3: i i +1 .
{ip = ip1 + 1}

Let k be the first occurrence of x0 in
Algorithm 63 Find the x[1 . . . n]
occurrence
1: i 1
2: while x[i] <> x0
do
3: i i +1 .
{ip = ip1 + 1}

Algorithm 64 Find the x[1 . . . n] F (p) = k ip
occurrence
1: i 1
2: while x[i] <> x0
do
3: i i +1 .
{ip = ip1 + 1}

occurrence F (p) = k ip1 1
1: i 1
2: while x[i] <> x0
do
3: i i +1 .
{ip = ip1 + 1}

1: i 1
F (p) = F (p 1) 1
2: while x[i] <> x0
do
3: i i +1 .
{ip = ip1 + 1}

1: i 1
F (p) = F (p 1) 1
2: while x[i] <> x0
F (p) < F (p 1)
do
3: i i +1 . x[i] <> x0 ip < k F (p) > 0
{ip = ip1 + 1} F (p) = 0 ip = k x[i] = x0
Greatest Common Divisor
Analyze the correctness of the Euclids Algorithm P: a = a0 , b = b0

Q: i = gcd(a0 , b0 )
Algorithm 68 Find GCD

1: procedure gcd(a,b)
2: d a
3: i b
4: r dMODi
5: while r <> 0 do
6: d i
7: i r
8: r d MOD i
return

Q: i = gcd(a0 , b0 )
Algorithm 69 Find GCD Loop invariant: gcd(d,i)=

1: procedure gcd(a,b) gcd(a0 , b0 )
2: d a
3: i b
4: r dMODi
5: while r <> 0 do
6: d i
7: i r
8: r d MOD i
return

Q: i = gcd(a0 , b0 )

2: d a 1. d = a = a0 , i = b = b0
3: i b gcd(d,i) = gcd(a0 , b0 )
4: r dMODi
5: while r <> 0 do
6: d i
7: i r
8: r d MOD i
return

Q: i = gcd(a0 , b0 )

2: d a 1. d = a = a0 , i = b = b0
3: i b gcd(d,i) = gcd(a0 , b0 )
4: r dMODi 2. gcd(dp , ip )=gcd(ip , dp MOD ip )
5: while r <> 0 do = gcd(dp+1 , ip+1 )
6: d i
7: i r
8: r d MOD i
return

Q: i = gcd(a0 , b0 )

2: d a 1. d = a = a0 , i = b = b0
3: i b gcd(d,i) = gcd(a0 , b0 )
6: d i
3. r = 0 i d gcd(d, i) = i
7: i r
8: r d MOD i
return

Q: i = gcd(a0 , b0 )

2: d a 1. d = a = a0 , i = b = b0
3: i b gcd(d,i) = gcd(a0 , b0 )
6: d i
3. r = 0 i d gcd(d, i) = i
7: i r
8: r d MOD i Termination Function: F (p) = rp
return

Algo - Lec3 - Verifying Correctness of Algorithm PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Algo - Lec3 - Verifying Correctness of Algorithm PDF

Загружено:

Авторское право:

Доступные форматы

Design and Analysis of Algorithms

Department of Computer Science

Basic Steps in Correctness Verification

Rule for Correctness Verification

While designing an algorithm we have to take care of two aspects:

While designing an algorithm we have to take care of two aspects:

While designing an algorithm we have to take care of two aspects:

I Preconditions and Postconditions

Basic Steps in Correctness Verification

Rule for Correctness Verification

I Preconditions:Properties that must be satisfied by the input

I Preconditions:Properties that must be satisfied by the input

I Preconditions:Properties that must be satisfied by the input

I Preconditions:Properties that must be satisfied by the input

Precondition: n 1 (array should be non empty)

I Preconditions:Properties that must be satisfied by the input

Precondition: n 1 (array should be non empty)

I Preconditions:Properties that must be satisfied by the input

Precondition: n 1 (array should be non empty)

I Partial correctness verification: prove that if an algorithm

I Preconditions:Properties that must be satisfied by the input

Precondition: n 1 (array should be non empty)

I Partial correctness verification: prove that if an algorithm

I Preconditions:Properties that must be satisfied by the input

Precondition: n 1 (array should be non empty)

I Partial correctness verification: prove that if an algorithm

I Preconditions:Properties that must be satisfied by the input

Precondition: n 1 (array should be non empty)

I Partial correctness verification: prove that if an algorithm

Basic Steps in Correctness Verification

Rule for Correctness Verification

Basic Steps in Correctness Verification

Rule for Correctness Verification

I Assertions:statement (asserted to be true) about the

I Assertions:statement (asserted to be true) about the

A variant of previous Example:

A variant of previous Example:

I Identify the preconditions and postconditions

To prove that an algorithm is correct it can be useful to know rules

Basic Steps in Correctness Verification

Rule for Correctness Verification

Problem: Let x and y be two variables having the values a and b,

Problem: Let x and y be two variables having the values a and b,

Problem: Let x and y be two variables having the values a and b,

Problem: Let x and y be two variables having the values a and b,

Problem: Let x and y be two variables having the values a and b,

Problem: Let x and y be two variables having the values a and b,

Basic Steps in Correctness Verification

Rule for Correctness Verification

Problem: Find the minimum of two distinct numbers a and b

Algorithm 16 Minimum of two numbers

Basic Steps in Correctness Verification

Rule for Correctness Verification

Not so easy task...

Not so easy task...

Not so easy task...

Not so easy task...

Not so easy task...

Not so easy task...

Let us consider while loop

Let us consider while loop

Let us consider while loop

Let us consider while loop