Proving the Correctness of Program g: How to Determine a Loop Invariant?

In summary: I think it is superfluous since it is already implied by the first part of the post condition.In summary, the program iteratively computes a=bm and k=cl where cl is the length of the list formed by combining m and n.
  • #1
NATURE.M
301
0

Homework Statement



Here is the program given:
Python: 
# PRE-condition: m and n are positive natural numbers.
# POST-condition: returns a tuple of natural numbers (k, l, b) such that k*m = l*n = b,
# and if natural number c is a positive multiple of both m and n then b <= c.
def g(m, n):
a=m
b=n
k=1
l=1

while a != b:
    if   a < b:
       a += m
       k += 1
   else:
       b += n
       l += 1

return (k, l, b)
The question asks to prove g is correct.

Homework Equations



Iterative Method of Proving Program Correctness

The Attempt at a Solution



Now I understand how to prove the correctness of an iterative program, but am confused on how to determine a proper Loop Invariant LI for this proof. I believe the if else condition in the while loop is confusing me, as I'm not sure if I should have two loop invariants or two cases for the LI.

Now consider the loop to iterate at least i times.
If I take the contents of the if statement ONLY I could easily write a = (1 + i)m and k = i + 1, as a rough start for the LI.
Likewise considering the contents of the else statement I have b = (1 + i)n and l = i + 1.

Now obviously this isn't true. But with the absence of the if/else statements I think I would know how to proceed. My issue is I don't know how many iterations occur where the if statement executes and how many occur where the else statement occurs. Also trying to relate it to the number of iterations of the loop, and post condition seems tricky. Any advice would be greatly appreciated.
 
Last edited by a moderator:
Physics news on Phys.org
  • #2
You can find statements that are true independent of how often the two cases are hit. Hint: consider sums and differences.
 
  • #3
mfb said:
You can find statements that are true independent of how often the two cases are hit. Hint: consider sums and differences.

Okay so I'm able to see the relationship i = k + l - 2 where i is the number of iterations but I'm still having difficulty trying to relate a and b to i, m and n.
 
  • #4
a=km, or k=a/m, and similar for l. You can plug that into the equation i=k+l-2 and simplify to get another equation.
 
  • #5
mfb said:
a=km, or k=a/m, and similar for l. You can plug that into the equation i=k+l-2 and simplify to get another equation.

Okay so if I just substitute we have i = a/m + b/n - 2. I'm not sure what you mean by simplify (or how this equation can be simplified). I'm sure that a and b should be written in terms of i but don't know how to do so. Otherwise the above statement is equivalent to i = k + l -2.
 
  • #6
That is probably a matter of taste, I would multiply it with mn to get rid of fractions.
 
  • #7
Okay so here is what I have:

For i∈N, we define P(i): If there are at least i iterations, then i = k + l - 2 and mn(i+2) = na + mb.

Proof of LI:
Base Case: From the code when i=0 we see a=m, b=n, k=1, l=1. Then, k+l-2 = 1 + 1 -2 = 2-2 = 0 = i and mn(0+2) = 2mn = nm + mn = na + mb, as desired. So P(0) holds.
Inductive Step: Let i∈N. Assume P(i). Then, if there is an (i+1)th iteration of the loop then we have:
i + 1 = k + l - 2 + 1 = k + l - 1 (by IH) and mn(i+1+2) = mn(i + 3) = mni + 3mn = mni + 2mn + mn = mn(i+2) + mn = na + mb + mn (By IH). Now during the (i+1) iteration two cases can occur.
Case 0 : a<b Then a' = a + m (from the code). So na' + mb = n(a+m) + mb = na + mb + mn, as desired.
Case 1: a>=b Then b' = b + n (from the code). So na + mb' = na + m(b+n) = na + mb + mn, as desired.
Thus P(i+1) holds.

Now the next part is proving termination. Naturally one would think that ei = ai - bi would work given the end condition is a = b. However, this will not work since the sequence formed will not be decreasing and will probably contain negative numbers.

Also I'm wondering if the second part of the post condition "if natural number c is a positive multiple of both m and n then b <= c" should also be incorporated into the Loop invariant.
 
  • #8
If you just want to show that it terminates at some point: the difference (a-b) is limited and the loop making a new difference value out of the old one is an injective function operating in this limited range. That makes this difference (a-b) some repeating sequence, and you can also show that 0 is in the loop (which means your loop stops at some point).
 
  • #9
mfb said:
If you just want to show that it terminates at some point: the difference (a-b) is limited and the loop making a new difference value out of the old one is an injective function operating in this limited range. That makes this difference (a-b) some repeating sequence, and you can also show that 0 is in the loop (which means your loop stops at some point).

I feel like it would be better to use a decreasing sequence of natural numbers and use a corollary from well ordering principle that states any decreasing sequence of natural number is finite. At least, that's what I've typically seen looking through many proofs of correctness on iterative programs. The issue becomes finding an expression in terms of i that is decreasing. (a-b) is a sequence but not of the kind specified above.

Also I'm wondering about the second part of the post condition. Does my loop variant look thorough enough ? When I go to prove the post condition I assume termination of the loop (a=b end condition), so the first part of the post condition should be simple to show. But the second part worries me, and I don't see a direct relationship between the LI and "if natural number c is a positive multiple of both m and n then b <= c". Any thoughts ?
 
  • #10
I don't see something that would always decrease, apart from the distance to the smallest common multiple - but you have to show that you reach it.

NATURE.M said:
and I don't see a direct relationship between the LI and "if natural number c is a positive multiple of both m and n then b <= c". Any thoughts ?
That is basically the smallest common multiple that will lead to that condition.
 
  • #11
mfb said:
I don't see something that would always decrease, apart from the distance to the smallest common multiple - but you have to show that you reach it.

That is basically the smallest common multiple that will lead to that condition.

So what I take is that: for some t, s∈N, we have tm = sn = c. This would express any multiple of c. I'm wondering how to express the smallest common multiple.

And in the larger scheme of things, I feel the loop invariant condition isn't particularly helpful as I don't see any uses of it. Is this just me, or do you feel the same way? (we can totally prove first part of post condition from loop terminating condition, and the second part of the post condition doesn't really seem to relate to the LI).
 
  • #12
Even better if you don't need it. You can use it for k*m = l*n = b in some way I think.
 

FAQ: Proving the Correctness of Program g: How to Determine a Loop Invariant?

What is "Proof of Program Correctness"?

Proof of Program Correctness is a method used in computer science to formally prove that a computer program or algorithm meets its intended specifications and will always produce the desired output for all possible inputs.

Why is "Proof of Program Correctness" important?

Proof of Program Correctness is important because it provides a rigorous and mathematical way to verify that a program works correctly. This can help prevent errors and bugs in software, leading to more reliable and secure systems.

How is "Proof of Program Correctness" achieved?

"Proof of Program Correctness" is achieved through the use of formal methods, such as mathematical logic and computer-aided verification, to analyze and prove the correctness of a program. This involves breaking down the program into smaller components and proving their correctness individually, and then combining these proofs to show the correctness of the entire program.

What are the challenges of "Proof of Program Correctness"?

One of the main challenges of "Proof of Program Correctness" is the complexity and time-consuming nature of the process. It requires a high level of expertise and specialized tools, making it difficult for non-experts to use. Additionally, it can be challenging to formalize real-world problems and specifications in a way that is amenable to formal methods.

What are the potential benefits of using "Proof of Program Correctness"?

The potential benefits of using "Proof of Program Correctness" include increased confidence in the correctness of software, improved reliability and security, and cost savings by catching and fixing errors early in the development process. It can also help improve the maintainability and understandability of code, as the formal proofs provide a clear and unambiguous description of the program's behavior.

Similar threads

Pynative while loop tutorial -- confused
Replies
10
Views
2K
Comp Sci Validating Braces Placement for Expression Evaluation
Replies
10
Views
2K
How to write a program to transfer any number to hexadecimal?
Replies
22
Views
4K
Engineering Closed Loop Stability Criterion: Find the values for closed loop stability
Replies
2
Views
1K
Engineering MIPS - Fibonacci Series: Main and fib function
Replies
4
Views
4K
MIPS Number of Instructions Executed and Memory Accessed
Replies
2
Views
5K
An array problem involving a recursive binary search
Replies
18
Views
2K
Engineering HL Programming: Mini-Assembler in Java
Replies
7
Views
2K
Matlab coding issue with solving PDEs
Replies
1
Views
1K
Comp Sci Expected number of collisions for hashing with chaining
Replies
1
Views
2K

Hot Threads

Recent Insights

Back
Top