Design and Analysis of Algorithms Loop Correctness

Ade Azurat - Fasilkom UI March 10, 2011

Exercise
1. Which invariant would be sucient to prove the validity of this program: i:= n; while i > 0 do i := i - 1

The input is a positive number. The output is the given number becomes 0. (a) False (b) 0 i (c) 0 i < n (d) True 2. Below is an algorithm to check whether all element in an array are having the same value. Input: an array Output: the elements of the array having the same value. i:=0; s:=T; while i < n - 1 do { s := s /\ (a[i] = a[i + 1]) ; i := i+1 }

Choose the correct invariant: (a) (s = (k : 0 k < i : a[k] = a[k + 1])) 0 i < n (b) 0 i < n (c) (s = (k : 0 k < i : a[k])) 0 i < n (d) (s = (k : 0 k < i : a[k])) 0 i < n 2

3. Which of the facts below is the most acceptable statement about algorithm correctness ? (a) a correct algorithm should eventually stop (b) a correct algorithm will always have trivial invariant (c) a correct algorithm solves the given problem (d) a correct algorithm may not terminate 4. Which of the following is not relevant in proving the correctness of an algorithm: (a) The invariant should show that the expected result is achieved when the loop terminate (b) The initialisation of the loop should maintain the invariant. (c) The invariant should always be correct within the execution of the loop. (d) The invariant should show that the loop will terminate 5. Below is an algorithm to nd GCD (Greatest Common Divisor - FPB: Faktor Persekutuan terBesar) Input: Given two positive numbers. Output: the GCD of those numbers. int GCD(int a, int b){ int a0, a1, temp; a0 := a; a1 := b; while a1 != 0 do { temp := a1; a1 := a0 mod a1; a0 := temp } return a0; } Find the correct invariant and prove the algorithm! 3

6. Consider the example to sum the elements of an array. Input: an array aa[0..N-1] Output: the sum of all elements in array aa. We would like to have less iterations; we modify the algorithm as follows: i := 0; total = 0; while i < N/2 { total := total + aa[i] + aa[N-1-i]; i := i + 1; } Is the algorithm still correct? If yes, prove it. If not, x it and prove that your revised version is correct.

Solution
1. Answer: b Explanation: Predicate f alse is not an invariant. Predicate true is the weakest invariant, it cannot tell much about the program and cannot help us on verifying an algorithm. An incorrect algorithm will be proven correct with this invariant. Predicate 0 i < n is not valid in the initialisation. 2. Answer: a Explanation: The expected P (post condition) of the algorithm is : s = (k : 0 k < n : a[k] = a[k + 1] by the exit condition requirement I E P . We nd the invariant by weakening the post condition with substitution on constant N with i. Predicate 0 i < n is also fullled by the algorithm. Adding this predicate will strengthen the invariant. 3. Answer: c Explanation: In other models of computation such as in reactive systems (e.g. web service, control system), we might not expect our algorithm to terminate (answer: a). However, in imperative programming, to justify the correctness, we require our algorithm to terminate (answer: d). Finding invariant is a hard problem. There is no standard procedure to nd an invariant. It may require some creativity. Most of algorithms, especially the complex ones, have non-trivial invariant (answer b). 4. Answer: d Explanation: Answer (a) is the exit condition requirement of invariant. Answer (b) is the initialization requirement of invariant. Answer (c) is the maintanance requirement of invariant especially in atomic action model. Answer (d) is not the requirement of invariant. A metric function (variant) should show the termination of the loop not invariant.

5. GCD algorithm Constraint: a0 a1 a0 > 0. Invariant: GCD(a0 , a1 ) = GCD(a, b) Initialization: (a0 , a1 ) = (a, b) I Exit Condition: Denition of GCD : X : X = 0 : GCD(X, 0) = X. The expected post condition: a0 = GCD(a, b). The E : a1 = 0. We will have : I E P . Maintenance: We need to show that the invariant holds in every iteration. We know from the initialisation, the invariant hold initially, we need to prove that the invariant will hold in the next iteration. Formally, we have to prove I I where I is the invariant in the next state of iteration. In the next iteration state, variable a0 := a1 and a1 := a0 mod a1 . We have GCD denition saying : GCD(x, y) = GCD(y, x mod y) where x y. Hence, we have I I . 6. Sum of Array The given algorithm is not correct. The N/2 th element will be counted twice if the N is odd. The simplest x is to constraint the algorithm with N is even problem. Constraint: N is even Invariant: total = (k : 0 k < i : a[k] + a[N 1 k]) Initialitation: Empty range in the quantier equal to 0. Variable i = 0 and total = 0, hence we have I. Exit Condition: The expected post condition: total = (k : 0 k < N/2 : a[k] + a[N 1 k]). The E : i = N/2 within the constrain N is even. By subtituting I with i = N/2, we will have : I E P . Maintenance: In the next iteration state, variable i = i + 1 and total = total + a[i] + a[N 1 i] The I is total = (k : 0 k < i : a[k] + a[N 1 k])

Equational Proof:
I < Denition of I > total = (k : 0 k < i : a[k] + a[N 1 k]) <Substitution: i = i + 1 > total = (k : 0 k < i + 1 : a[k] + a[N 1 k]) <range splitting> total = (k : 0 k < i : a[k] + a[N 1 k]) + a[i] + a[N 1 i] <Substitution: total = total + a[i] + a[N 1 i)] > total + a[i] + a[N 1 i] = (k : 0 k < i : a[k] + a[N 1 k]) + a[i] + a[N 1 i] <arithmatics> total = (k : 0 k < i : a[k] + a[N 1 k]) < Denition of I > I

Since we have I I and I holds initially, we have I I . Notes: The proof is not completely formal. Notice that we actually need additional predicate 0 i < N/2 in the invariant.

Correction and suggestion are welcome. Please send feedback to: [email protected]. Thank you. Happy Studying