Verifying Correctness of Algorithm

Design and Analysis of Algorithms
Lecture 3:
Verification of the correctness of algorithms
Tauseef Iftikhar
Department of Computer Science
Government College University, Lahore.
Todays Agenda
Algorithm Analysis
Basic Notions
Precondition and Postcondition
Algorithm State
Assertions and Annotation
Basic Steps in Correctness Verification
Rule for Correctness Verification
Sequential Statements Rule
Conditional Statements Rule
Loop Statements Rule
Loop Invariant
Termination Function
Algorithm Analysis
While designing an algorithm we have to take care of two aspects:
Algorithm Analysis

I
Algorithm Correctness: Algorithm must give desired output

within finite time.
Algorithm Analysis

I
Algorithm Correctness: Algorithm must give desired output

within finite time.
Algorithm Efficiency: Algorithms must use minimum

resources while executing on a machine.
Algorithm Correctness
How to verify that algorithm is correct?
I
Empirical method: Correctness can be verified by testing

different instances of the problem
I

Advantage:
I
I
Simple
Easy to apply
I

Advantage:
I
I
Simple
Easy to apply
Disadvantage:
I
It doesnt guarantee the correctness
I

Advantage:
I
I
Disadvantage:
I
Simple
Easy to apply
Formal method: Mathematically it is proved that algorithm

will produce the required output for all the instances of the
problem within finite time.
I

Advantage:
I
I
Disadvantage:
I
Simple
Easy to apply

Advantage:
I
guarantees the correctness
I

Advantage:
I
I
Disadvantage:
I

Advantage:
I
Simple
Easy to apply
guarantees the correctness
Disadvantage:
I
I
Difficult
Not possible for complex algorithms
Basic Notions
Preconditions and Postconditions
Algorithm State
Assertions
Annotation
Todays Agenda
Algorithm Analysis
Basic Notions
Algorithm State
Loop Invariant

I
Preconditions:Properties that must be satisfied by the input

I
Postconditions:Properties that must be satisfied by the result

I
Example: Find the minimum, m, of a non-empty array, x[1..n]

I

Precondition: n 1 (array should be non empty)

I

Postcondition: m = min{x[i]|1 i n}

I

Partial correctness verification: prove that if an algorithm

terminates it leads to postcondition starting from precondition.

I


Intermediate steps in correctness verification:

I


I
analyze the algorithm state

I


I
I
analyze the algorithm state

the effect of each processing step on the algorithm state
Todays Agenda
Algorithm Analysis
Basic Notions
Algorithm State
Loop Invariant
Algorithm State
I
Algorithm state: set of values corresponding to all variables

used in the algorithm
Algorithm State
I

During the execution of an algorithm its state changes (since

the variables change their values)
Algorithm State
I


The algorithm is correct if at the end of the algorithm its

state implies the postconditions
Algorithm State
I



Example: Solving the equation ax = b, a <> 0
Algorithm State
I




input: a,b
output: x
Algorithm State
I




input: a,b
output: x
precondition: a <> 0
Algorithm State
I




input: a,b
output: x
postcondition: x satisfies ax = b
Algorithm State
I




input: a,b
output: x
postcondition: x satisfies ax = b
Algorithm 8 Solve ax = b
procedure MyProcedure(real a, b)
real x
. a = a0 , b = b0 , x = undefined
3:
x b/a
. a = a0 , b = b0 , x = b0 /a0
4: return x
1:
2:
Todays Agenda
Algorithm Analysis
Basic Notions
Algorithm State
Loop Invariant
Assertions:statement (asserted to be true) about the

algorithm state
Assertions are used to annotate the algorithms
Assertions:statement (asserted to be true) about the

algorithm state
Assertions are used to annotate the algorithms

Annotation: is useful both in
I
I
correctness verification
documentation tool
Example: Assertions and Annotation

Find the minimum of the three distinct real numbers a, b, b

input: a,b,c
output: minimum real number

input: a,b,c
precondition: a 6= b 6= c

input: a,b,c
postcondition: m = min{a, b, c}

input: a,b,c
postcondition: m = min{a, b, c}
Algorithm 13 Minimum1
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
procedure minimum(real a, b, c) . a <> b, b <> c, c <> a

if a < b then
.a<b
if a < c then
m a . a < b, a < c, m = a, m = min(a, b, c)
else
m c . a < b, c < a, m = c, m = min(a, b, c)
else
.b<a
if b < c then
mb
. b < a, b < c, m = b m = min(a, b, c)
else
mc
. b < a, c < b, m = c m = min(a, b, c)
return m
A variant of previous Example:
A variant of previous Example:

Algorithm 15 Minimum2
1:
2:
3:
4:
5:
6:
7:
procedure minimum(real a, b, c)
ma
if m > b then
mb
if m > c then
mc
return m
. a <> b, b <> c, c <> a

.m=a
. m a, m b
. m a, m b, m c
Basic steps in correctness verification
I
I
Identify the preconditions and postconditions

Annotate the algorithm with assertions concerning its state
such that
I
I
the preconditions are satisfied

the final assertion implies the postconditions
Prove that by each processing step one arrives from the

previous assertion to the next assertion
Some Notation
P: the precondition
Q: the postcondition
A: the algorithm
The triple (P, A, Q) denote a correct algorithm if for input data

which satisfy the preconditions P the algorithm will:
I
lead to postconditions Q
stop after a finite number of processing steps

A
P
Q
Rules for correctness verification
To prove that an algorithm is correct it can be useful to know rules

corresponding to the usual statements:
I
Sequential statement
Conditional statement
Loop statement
Todays Agenda
Algorithm Analysis
Basic Notions
Algorithm State
Loop Invariant

Let we have algorithm A with sequence of actions A1 , A2 , . . . , An

Structure
A:
{P0 }
A1
{P1 }
..
.

Structure
A:
{P0 }
A1
{P1 }
..
.
{Pi1 }
Ai
{Pi }
..
.

Structure
A:
{P0 }
A1
{P1 }
..
.
{Pi1 }
Ai
{Pi }
..
.
{Pn1 }
An
{Pn }

Structure
A:
{P0 }
A1
{P1 }
..
.
{Pi1 }
Ai
{Pi }
..
.
{Pn1 }
An
{Pn }
Rule
If
P P0

Structure
A:
{P0 }
A1
{P1 }
..
.
{Pi1 }
Ai
{Pi }
..
.
{Pn1 }
An
{Pn }
Rule
If
P P0
Ai
Pi1
Pi ,
wherei = 1, . . . , n

Structure
A:
{P0 }
A1
{P1 }
..
.
{Pi1 }
Ai
{Pi }
..
.
{Pn1 }
An
{Pn }
Rule
If
P P0
Ai
Pi1
Pi ,
wherei = 1, . . . , n
Pn Q
then

Explanation
If
Structure
A:
I the precondition
Rule
{P0 }
implies the initial
If
A1
assertion,
{P1 }
I
P P0
each action
..
Ai
.
implies the next
Pi1
Pi ,
{Pi1 }
assertion
wherei = 1, . . . , n
Ai
Pn Q
I the final
{Pi }
assertion implies
..
then
the
.
post-condition
{Pn1 }
A
P
Q
An
then
{Pn }
the sequence is
correct
Example of Sequential Statement Rules

Problem: Let x and y be two variables having the values a and b,
respectively. Swap the values of the two variables.
precondition P : x = a, y = b
postcondition Q : x = b, y = a
variant 1
{x = a, y = b, aux = undefined}

variant 1
aux x

variant 1
aux x
{x = a, y = b, aux = a}
x y

variant 1
aux x
{x = a, y = b, aux = a}
x y
{x = b, y = b, aux = a}
y aux

variant 1
{x = a, y = b, aux
aux x
{x = a, y = b, aux
x y
{x = b, y = b, aux
y aux
{x = b, y = a, aux
= undefined}
= a}
= a}
= a} Q

variant 1
{x = a, y = b, aux
aux x
{x = a, y = b, aux
x y
{x = b, y = b, aux
y aux
{x = b, y = a, aux
= undefined}
= a}
= a}
= a} Q
variant 2
{x = a, y = b}
x x +y
{x = a + b, y = b}
y x y
{x = a + b, y = a}
x x y
{x = b, y = a} Q
Todays Agenda
Algorithm Analysis
Basic Notions
Algorithm State
Loop Invariant
Conditional Statement Rule
Structure
A:
{P0 }
If c then
{c, P0 }
A1
{P1 }
Structure
A:
{P0 }
If c then
{c, P0 }
A1
{P1 }
Else
{NOTc, P0 }
A2
{P2 }
EndIf
Structure
A:
{P0 }
If c then
{c, P0 }
A1
{P1 }
Else
{NOTc, P0 }
A2
{P2 }
EndIf
Rule
If
I
c is well defined
c AND
A1
P0
P1
P1 Q
OR
Structure
A:
{P0 }
If c then
{c, P0 }
A1
{P1 }
Else
{NOTc, P0 }
A2
{P2 }
EndIf
Rule
If
I
c is well defined
c AND
A1
P0
P1
P1 Q
OR
I
NOT c AND
A2
P0
P2
P2 Q
then
A
P
Q
Structure
A:
{P0 }
If c then
{c, P0 }
A1
{P1 }
Else
{NOTc, P0 }
A2
{P2 }
EndIf
Rule
If
I
c is well defined
c AND
A1
P0
P1
P1 Q
OR
I
NOT c AND
A2
P0
P2
P2 Q
then
A
P
Q
Explanation
I
The condition c
can be evaluated
Both branches
lead to the
postconditions
Example Conditional Statement Rules
Problem: Find the minimum of two distinct numbers a and b

precondition P : a <> b
precondition Q : m = mina, b
Algorithm 16 Minimum of two numbers
1: procedure Minimum
2:
if a < b then
3:
ma
4:
else
5:
mb
return m
. {a <> b}
. {a < b}
. {a < b, m = a} Q
. {b < a}
. {b < a, m = b} Q
Todays Agenda
Algorithm Analysis
Basic Notions
Algorithm State
Loop Invariant
Loop Statement Rules
Not so easy task...
Not so easy task...

I a loop is correct when:
Not so easy task...

I
I
If it finishes it leads to postconditions

It finishes after a finite number of steps
Not so easy task...

I
I

If only the first property is satisfied then the loop is partially

correct
Not so easy task...

I
I


correct
Partial correctness can be proved by using mathematical

induction or by using loop invariants
Not so easy task...

I
I


correct
Partial correctness can be proved by using mathematical

induction or by using loop invariants
Full correctness needs that the algorithm terminates
Let us consider while loop

{P P0 }
While c Do
{c, P0 }
A
{P1 }
EndWhile
{NOTc, P1 } Q

{P P0 }
While c Do
{c, P0 }
A
{P1 }
EndWhile
{NOTc, P1 } Q
Definition:
A loop invariant is an assertion
which satisfies:

{P P0 }
While c Do
{c, P0 }
A
{P1 }
EndWhile
{NOTc, P1 } Q
Definition:
which satisfies:
1. It is true at the beginning of
the loop

{P P0 }
While c Do
{c, P0 }
A
{P1 }
EndWhile
{NOTc, P1 } Q
Definition:
which satisfies:
the loop
2. As long as c is true it
remains true after each
execution of the loop body

{P P0 }
While c Do
{c, P0 }
A
{P1 }
EndWhile
{NOTc, P1 } Q
Definition:
which satisfies:
the loop
3. When c is false it implies the
postconditions

{P P0 }
While c Do
{c, P0 }
A
{P1 }
EndWhile
{NOTc, P1 } Q
Definition:
which satisfies:
the loop
3. When c is false it implies the

postconditions
If we can find a loop invariant then that loop is partially correct
Loop Invariant
P: n 1
Q: m = min{x[i]|1 i n}
Algorithm 17 Minimum
1: m x[1]
2: i 2
.
m = min{x[j]|j = 1 . . . i 1}
3: while i n do
.i n
4:
if x[i] < m then m x[i]
. {m = minx[j]|j = 1 . . . i}
5:
i i +1
.
{m = minx[j]|j = 1 . . . i 1}
Loop Invariant
P: n 1
Loop Invariant:
m = min{x[j]|j = 1 . . . i 1}
1: m x[1]
2: i 2
.
m = min{x[j]|j = 1 . . . i 1}
3: while i n do
.i n
4:
. {m = minx[j]|j = 1 . . . i}
5:
i i +1
.
{m = minx[j]|j = 1 . . . i 1}
Loop Invariant
P: n 1
Loop Invariant:
m = min{x[j]|j = 1 . . . i 1}
Why?
1: m x[1]
2: i 2
.
m = min{x[j]|j = 1 . . . i 1}
3: while i n do
.i n
4:
. {m = minx[j]|j = 1 . . . i}
5:
i i +1
.
{m = minx[j]|j = 1 . . . i 1}
Loop Invariant
P: n 1
Loop Invariant:
m = min{x[j]|j = 1 . . . i 1}
Why? Because..
I when i = 2 and m = x[1] it
1: m x[1]
holds
2: i 2
.
I while i n after the
m = min{x[j]|j = 1 . . . i 1}
3: while i n do
.i n
it still holds
4:
. {m = minx[j]|j = 1 . . . i}
I finally, when i = n + 1 it
implies
5:
i i +1
.
m = min{x[j]|j = 1 . . . n}
{m = minx[j]|j = 1 . . . i 1}
which is exactly the
postcondition
Loop Invariant
P: n 1
1: i 1
2: m x[1]
.
{m = minx[j]|j = 1 . . . i}
3: while i < n do
.i <n
4:
i i +1
.
{m = minx[j]|j = 1 . . . i 1}
5:
if x[i] < m then
6:
m x[i]
.
{m = minx[j]|j = 1 . . . i}
Loop Invariant
P: n 1
Loop Invariant:
m = min{x[j]|j = 1 . . . i}
1: i 1
2: m x[1]
.
{m = minx[j]|j = 1 . . . i}
3: while i < n do
.i <n
4:
i i +1
.
{m = minx[j]|j = 1 . . . i 1}
5:
if x[i] < m then
6:
m x[i]
.
{m = minx[j]|j = 1 . . . i}
Loop Invariant
P: n 1
Loop Invariant:
m = min{x[j]|j = 1 . . . i} Why?
1: i 1
2: m x[1]
.
{m = minx[j]|j = 1 . . . i}
3: while i < n do
.i <n
4:
i i +1
.
{m = minx[j]|j = 1 . . . i 1}
5:
if x[i] < m then
6:
m x[i]
.
{m = minx[j]|j = 1 . . . i}
Loop Invariant
P: n 1
Loop Invariant:
m = min{x[j]|j = 1 . . . i} Why?
Because..
1: i 1
I when i = 1 and m = x[1]
2: m x[1]
.
the invariant is true
{m = minx[j]|j = 1 . . . i}
I while i < n after the
3: while i < n do
.i <n
4:
i i +1
.
it still holds
{m = minx[j]|j = 1 . . . i 1}
I finally, when i = n it implies
5:
if x[i] < m then
6:
m x[i]
.
m = min{x[j]|j = 1 . . . n}
{m = minx[j]|j = 1 . . . i}
which is exactly the
postcondition
Loop Invariant
Example:Let x[1..n]be an array which contains x0 . Find the
smallest index for which x[i] = x0
P: n 1 and there exist 1 k n such thta x[k] = x0
Loop Invariant
Q: x[i] = x0 and x[j] 6= x0 for j = 1 . . . i 1
Loop Invariant
Algorithm
mum
1: i 1
27 Mini.
{x[j] <> x0 , j = 1 . . . i 1}
2:
while x[i] <> x0

do . {x[i] <> x0 , x[j] <>
x0 forj = 1 . . . i}
3:
i i +1
{x[i] <> x0 , x[j] <> x0 forj =

1 . . . i 1}
Loop Invariant
Loop Invariant:
x[j] 6= x0 for j = 1 . . . i 1
1: i 1
.
{x[j] <> x0 , j = 1 . . . i 1}
2:
while x[i] <> x0

do . {x[i] <> x0 , x[j] <>
x0 forj = 1 . . . i}
3:
i i +1
{x[i] <> x0 , x[j] <> x0 forj =

1 . . . i 1}
Loop Invariant
Loop Invariant:
x[j] 6= x0 for j = 1 . . . i 1 Why?
1: i 1
.
{x[j] <> x0 , j = 1 . . . i 1}
2:
while x[i] <> x0

do . {x[i] <> x0 , x[j] <>
x0 forj = 1 . . . i}
3:
i i +1
{x[i] <> x0 , x[j] <> x0 forj =

1 . . . i 1}
Loop Invariant
Loop Invariant:
x[j] 6= x0 for j = 1 . . . i 1 Why? Because..
Algorithm 30 MiniI when i = 1 the range j = 1 . . . 0 is
mum
empty thus the assertion is satisfied
1: i 1
.
{x[j] <> x0 , j = 1 . . . i 1}
2:
while x[i] <> x0

do . {x[i] <> x0 , x[j] <>
x0 forj = 1 . . . i}
3:
i i +1
{x[i] <> x0 , x[j] <> x0 forj =

1 . . . i 1}
Loop Invariant
Loop Invariant:
mum
1: i 1
.
{x[j] <> x0 , j = 1 . . . i 1}
2:
while x[i] <> x0

do . {x[i] <> x0 , x[j] <>
x0 forj = 1 . . . i}
3:
i i +1
{x[i] <> x0 , x[j] <> x0 forj =

1 . . . i 1}
Let us suppose that x[i] <> x0 and

the invariant is true. Then x[j] <> x0
for j = 1 . . . i
Loop Invariant
Loop Invariant:
mum
1: i 1
.
{x[j] <> x0 , j = 1 . . . i 1}
2:
x0 forj = 1 . . . i}
3:

for j = 1 . . . i
After i = i + 1 we obtain again

x[j] <> x0 for j = 1 . . . i which is
exactly the postcondition
while x[i] <> x0

do . {x[i] <> x0 , x[j] <>
i i +1
{x[i] <> x0 , x[j] <> x0 forj =

1 . . . i 1}
Loop Invariant
Loop Invariant:
mum
1: i 1
.
{x[j] <> x0 , j = 1 . . . i 1}
2:
x0 forj = 1 . . . i}
3:

for j = 1 . . . i
After i = i + 1 we obtain again

x[j] <> x0 for j = 1 . . . i which is
exactly the postcondition
Finally, when x[i] = x0 we obtain Q
while x[i] <> x0

do . {x[i] <> x0 , x[j] <>
i i +1
{x[i] <> x0 , x[j] <> x0 forj =

1 . . . i 1}
To prove that a loop finishes after a finite number of iterations it
suffices to find a termination function
Definition:
A function F : N N is a termination function if it satisfies the
following properties:
1. F is strictly decreasing
2. if c is true then F (p) > 0 and if F (p) = 0 then c is false
Definition:
A function F : N N is a termination function if it satisfies the
following properties:
1. F is strictly decreasing
2. if c is true then F (p) > 0 and if F (p) = 0 then c is false
Remarks:
I
F depends on the loop counter p (at the first execution of the

loop body p is 1, at the second it is 2 and so on )
The loop counter is not necessarily an explicit variable (it can

be just a formal variable useful to analyze the loop
correctness)
F reaches 0 because it is strictly decreasing; when F becomes

0 then c becomes false, thus the loop finishes.
Example:S = 1 + 2 + . . . + n
Variant 1:
Algorithm 34 Sum of Series
1: i 1
2: S 1
3: while i < n do
4:
i i + 1 . ip = ip1 + 1
5:
S i +1
Example:S = 1 + 2 + . . . + n
Variant 1:
1: i 1
2: S 1
3: while i < n do
4:
i i + 1 . ip = ip1 + 1
5:
S i +1
F (p) = n ip
Example:S = 1 + 2 + . . . + n
Variant 1:
1: i 1
2: S 1
3: while i < n do
4:
i i + 1 . ip = ip1 + 1
5:
S i +1
F (p) = n ip
F (p) = n ip1 1
Example:S = 1 + 2 + . . . + n
Variant 1:
1: i 1
2: S 1
3: while i < n do
4:
i i + 1 . ip = ip1 + 1
5:
S i +1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
Example:S = 1 + 2 + . . . + n
Variant 1:
1: i 1
2: S 1
3: while i < n do
4:
i i + 1 . ip = ip1 + 1
5:
S i +1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
Example:S = 1 + 2 + . . . + n
Variant 1:
1: i 1
2: S 1
3: while i < n do
4:
i i + 1 . ip = ip1 + 1
5:
S i +1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
Example:S = 1 + 2 + . . . + n
Variant 1:
1: i 1
2: S 1
3: while i < n do
4:
i i + 1 . ip = ip1 + 1
5:
S i +1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
F (p) = 0 ip = n
Example:S = 1 + 2 + . . . + n
Variant 1:
Variant 2:

1: i 1
2: S 1
3: while i < n do
4:
i i + 1 . ip = ip1 + 1
5:
S i +1

1: S 0
2: i 1
3: while i n do
4:
S i +1
5:
i i + 1 . ip = ip1 + 1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
F (p) = 0 ip = n
Example:S = 1 + 2 + . . . + n
Variant 1:
Variant 2:

1: i 1
2: S 1
3: while i < n do
4:
i i + 1 . ip = ip1 + 1
5:
S i +1

1: S 0
2: i 1
3: while i n do
4:
S i +1
5:
i i + 1 . ip = ip1 + 1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
F (p) = 0 ip = n
F (p) = n + 1 ip
Example:S = 1 + 2 + . . . + n
Variant 1:
Variant 2:

1: i 1
2: S 1
3: while i < n do
4:
i i + 1 . ip = ip1 + 1
5:
S i +1

1: S 0
2: i 1
3: while i n do
4:
S i +1
5:
i i + 1 . ip = ip1 + 1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
F (p) = 0 ip = n
F (p) = n + 1 ip
F (p) = n + 1 ip1 1
Example:S = 1 + 2 + . . . + n
Variant 1:
Variant 2:

1: i 1
2: S 1
3: while i < n do
4:
i i + 1 . ip = ip1 + 1
5:
S i +1

1: S 0
2: i 1
3: while i n do
4:
S i +1
5:
i i + 1 . ip = ip1 + 1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
F (p) = 0 ip = n
F (p) = n + 1 ip
F (p) = n + 1 ip1 1
F (p) = F (p 1) 1
Example:S = 1 + 2 + . . . + n
Variant 1:
Variant 2:

1: i 1
2: S 1
3: while i < n do
4:
i i + 1 . ip = ip1 + 1
5:
S i +1

1: S 0
2: i 1
3: while i n do
4:
S i +1
5:
i i + 1 . ip = ip1 + 1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
F (p) = 0 ip = n
F (p) = n + 1 ip
F (p) = n + 1 ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
Example:S = 1 + 2 + . . . + n
Variant 1:
Variant 2:

1: i 1
2: S 1
3: while i < n do
4:
i i + 1 . ip = ip1 + 1
5:
S i +1

1: S 0
2: i 1
3: while i n do
4:
S i +1
5:
i i + 1 . ip = ip1 + 1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
F (p) = 0 ip = n
F (p) = n + 1 ip
F (p) = n + 1 ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
i < n F (p) > 0
Example:S = 1 + 2 + . . . + n
Variant 1:
Variant 2:

1: i 1
2: S 1
3: while i < n do
4:
i i + 1 . ip = ip1 + 1
5:
S i +1

1: S 0
2: i 1
3: while i n do
4:
S i +1
5:
i i + 1 . ip = ip1 + 1
F (p) = n ip
F (p) = n ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
ip < n F (p) > 0
F (p) = 0 ip = n
F (p) = n + 1 ip
F (p) = n + 1 ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
i < n F (p) > 0
F (p) = 0 ip = n + 1
Example:find the first occurrence of x0 in x[1 . . . n]

Algorithm 62 Find the
occurrence
1: i 1
2: while x[i] <> x0
do
3:
i i +1
.
{ip = ip1 + 1}

occurrence
1: i 1
2: while x[i] <> x0
do
3:
i i +1
.
{ip = ip1 + 1}
Let k be the first occurrence of x0 in

x[1 . . . n]

occurrence
1: i 1
2: while x[i] <> x0
do
3:
i i +1
.
{ip = ip1 + 1}

x[1 . . . n] F (p) = k ip

occurrence
1: i 1
2: while x[i] <> x0
do
3:
i i +1
.
{ip = ip1 + 1}

x[1 . . . n] F (p) = k ip
F (p) = k ip1 1

occurrence
1: i 1
2: while x[i] <> x0
do
3:
i i +1
.
{ip = ip1 + 1}

x[1 . . . n] F (p) = k ip
F (p) = k ip1 1
F (p) = F (p 1) 1

occurrence
1: i 1
2: while x[i] <> x0
do
3:
i i +1
.
{ip = ip1 + 1}

x[1 . . . n] F (p) = k ip
F (p) = k ip1 1
F (p) = F (p 1) 1
F (p) < F (p 1)
x[i] <> x0 ip < k F (p) > 0
F (p) = 0 ip = k x[i] = x0
Greatest Common Divisor

Analyze the correctness of the Euclids Algorithm P: a = a0 , b = b0
Q: i = gcd(a0 , b0 )
Algorithm 68 Find GCD
1: procedure gcd(a,b)
2:
d a
3:
i b
4:
r dMODi
5:
while r <> 0 do
6:
d i
7:
i r
8:
r d MOD i
return

Q: i = gcd(a0 , b0 )
2:
d a
3:
i b
4:
r dMODi
5:
while r <> 0 do
6:
d i
7:
i r
8:
r d MOD i
return
Loop invariant: gcd(d,i)=

gcd(a0 , b0 )

Q: i = gcd(a0 , b0 )
2:
d a
3:
i b
4:
r dMODi
5:
while r <> 0 do
6:
d i
7:
i r
8:
r d MOD i
return

gcd(a0 , b0 )
1. d = a = a0 , i = b = b0
gcd(d,i) = gcd(a0 , b0 )

Q: i = gcd(a0 , b0 )
2:
d a
3:
i b
4:
r dMODi
5:
while r <> 0 do
6:
d i
7:
i r
8:
r d MOD i
return

gcd(a0 , b0 )
1. d = a = a0 , i = b = b0
2. gcd(dp , ip )=gcd(ip , dp MOD ip )
= gcd(dp+1 , ip+1 )

Q: i = gcd(a0 , b0 )
2:
d a
3:
i b
4:
r dMODi
5:
while r <> 0 do
6:
d i
7:
i r
8:
r d MOD i
return

gcd(a0 , b0 )
1. d = a = a0 , i = b = b0
= gcd(dp+1 , ip+1 )
3. r = 0 i d gcd(d, i) = i

Q: i = gcd(a0 , b0 )
2:
d a
3:
i b
4:
r dMODi
5:
while r <> 0 do
6:
d i
7:
i r
8:
r d MOD i
return

gcd(a0 , b0 )
1. d = a = a0 , i = b = b0
= gcd(dp+1 , ip+1 )
3. r = 0 i d gcd(d, i) = i
Termination Function: F (p) = rp

Verifying Correctness of Algorithm

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Verifying Correctness of Algorithm

Caricato da

Copyright:

Formati disponibili

Design and Analysis of Algorithms

While designing an algorithm we have to take care of two aspects:

While designing an algorithm we have to take care of two aspects:

Algorithm Correctness: Algorithm must give desired output

While designing an algorithm we have to take care of two aspects:

Algorithm Correctness: Algorithm must give desired output

Algorithm Efficiency: Algorithms must use minimum

Empirical method: Correctness can be verified by testing

Empirical method: Correctness can be verified by testing

Empirical method: Correctness can be verified by testing

It doesnt guarantee the correctness

Empirical method: Correctness can be verified by testing

Formal method: Mathematically it is proved that algorithm

Empirical method: Correctness can be verified by testing

Formal method: Mathematically it is proved that algorithm

guarantees the correctness

Empirical method: Correctness can be verified by testing

It doesnt guarantee the correctness

Formal method: Mathematically it is proved that algorithm

guarantees the correctness

Preconditions and Postconditions

Preconditions and Postconditions

Preconditions:Properties that must be satisfied by the input

Preconditions and Postconditions

Preconditions:Properties that must be satisfied by the input

Postconditions:Properties that must be satisfied by the result

Preconditions and Postconditions

Preconditions:Properties that must be satisfied by the input

Postconditions:Properties that must be satisfied by the result

Example: Find the minimum, m, of a non-empty array, x[1..n]

Preconditions and Postconditions

Preconditions:Properties that must be satisfied by the input

Postconditions:Properties that must be satisfied by the result

Example: Find the minimum, m, of a non-empty array, x[1..n]

Preconditions and Postconditions

Preconditions:Properties that must be satisfied by the input

Postconditions:Properties that must be satisfied by the result

Example: Find the minimum, m, of a non-empty array, x[1..n]

Preconditions and Postconditions

Preconditions:Properties that must be satisfied by the input

Postconditions:Properties that must be satisfied by the result

Example: Find the minimum, m, of a non-empty array, x[1..n]

Partial correctness verification: prove that if an algorithm

Preconditions and Postconditions

Preconditions:Properties that must be satisfied by the input

Postconditions:Properties that must be satisfied by the result

Example: Find the minimum, m, of a non-empty array, x[1..n]

Partial correctness verification: prove that if an algorithm

Preconditions and Postconditions

Preconditions:Properties that must be satisfied by the input

Postconditions:Properties that must be satisfied by the result

Example: Find the minimum, m, of a non-empty array, x[1..n]

Partial correctness verification: prove that if an algorithm

analyze the algorithm state

Preconditions and Postconditions

Preconditions:Properties that must be satisfied by the input

Postconditions:Properties that must be satisfied by the result

Example: Find the minimum, m, of a non-empty array, x[1..n]

Partial correctness verification: prove that if an algorithm

analyze the algorithm state

Algorithm state: set of values corresponding to all variables

Algorithm state: set of values corresponding to all variables

During the execution of an algorithm its state changes (since

Algorithm state: set of values corresponding to all variables