Stepwise Refinement! Top Down Design!

Similar documents
Top Down Design. Gunnar Gotshalks 03-1

Dynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics

5. Program Correctness: Mechanics

Proving Programs Correct

Loop Invariants and Binary Search. Chapter 4.4, 5.1

C241 Homework Assignment 7

Loop Convergence. CS 536: Science of Programming, Fall 2018

Foundations of Computation

Proofs of Correctness: Introduction to Axiomatic Verification

Multiplying and dividing integers Student Activity Sheet 2; use with Exploring Patterns of multiplying and dividing integers

CSE20: Discrete Mathematics

CS156: The Calculus of Computation

Hoare Logic: Part II

Central Algorithmic Techniques. Iterative Algorithms

Program verification using Hoare Logic¹

MAT 243 Test 2 SOLUTIONS, FORM A

Input Decidable Language -- Program Halts on all Input Encoding of Input -- Natural Numbers Encoded in Binary or Decimal, Not Unary

Decision Procedures. Jochen Hoenicke. Software Engineering Albert-Ludwigs-University Freiburg. Winter Term 2016/17

Downloaded from

Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions

Answers (1) A) 36 = - - = Now, we can divide the numbers as shown below. For example : 4 = 2, 2 4 = -2, -2-4 = -2, 2-4 = 2.

EDULABZ INTERNATIONAL NUMBER SYSTEM

SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION

Problem One: Order Relations i. What three properties does a binary relation have to have to be a partial order?

Roots of Equations Roots of Polynomials

Axiomatic Semantics: Verification Conditions. Review of Soundness of Axiomatic Semantics. Questions? Announcements

Introduction to Computer Science Lecture 5: Algorithms

Hoare Logic (I): Axiomatic Semantics and Program Correctness

Outline. 1 Introduction. Merging and MergeSort. 3 Analysis. 4 Reference

Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE

Algorithms CMSC Basic algorithms in Number Theory: Euclid s algorithm and multiplicative inverse

Long division for integers

Accelerated Math. Class work 3. Algebra.

Discrete Mathematics and Probability Theory Summer 2014 James Cook Note 5

Program verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program

CSC 7101: Programming Language Structures 1. Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11.

Standard forms for writing numbers

Hoare Logic I. Introduction to Deductive Program Verification. Simple Imperative Programming Language. Hoare Logic. Meaning of Hoare Triples

Intermediate Math Circles February 29, 2012 Linear Diophantine Equations I

Class 7 Integers. Answer the questions. Choose correct answer(s) from the given choices. Fill in the blanks

A number that can be written as, where p and q are integers and q Number.

3 - Induction and Recursion

Section 4.3. Polynomial Division; The Remainder Theorem and the Factor Theorem

More Polynomial Equations Section 6.4

In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and

Axiomatic Semantics: Verification Conditions. Review of Soundness and Completeness of Axiomatic Semantics. Announcements

Intermediate Math Circles February 26, 2014 Diophantine Equations I

not to be republished NCERT REAL NUMBERS CHAPTER 1 (A) Main Concepts and Results

The goal differs from prime factorization. Prime factorization would initialize all divisors to be prime numbers instead of integers*

Axiomatic Semantics. Lecture 9 CS 565 2/12/08

Ch 4.2 Divisibility Properties

Hoare Logic: Reasoning About Imperative Programs

Notes 6: Polynomials in One Variable

Program Analysis Part I : Sequential Programs

Hoare Examples & Proof Theory. COS 441 Slides 11

Polynomial and Synthetic Division

Math /Foundations of Algebra/Fall 2017 Foundations of the Foundations: Proofs

Chapter 1A -- Real Numbers. iff. Math Symbols: Sets of Numbers

What happens to the value of the expression x + y every time we execute this loop? while x>0 do ( y := y+z ; x := x:= x z )

COM S 330 Homework 08 Solutions. Type your answers to the following questions and submit a PDF file to Blackboard. One page per problem.

Induction and recursion. Chapter 5

Some Facts from Number Theory

Linear Feedback Shift Registers (LFSRs) 4-bit LFSR

Chapter Summary. Mathematical Induction Strong Induction Well-Ordering Recursive Definitions Structural Induction Recursive Algorithms

Algorithms 2/6/2018. Algorithms. Enough Mathematical Appetizers! Algorithm Examples. Algorithms. Algorithm Examples. Algorithm Examples

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

Induction and Recursion

Dividing Polynomials

that shows the semi-decidability of the problem (i.e. a semi-decision procedure for EXISTS-HALTING) and argue that it is correct.

CS325: Analysis of Algorithms, Fall Final Exam

Math Circles - Lesson 2 Linear Diophantine Equations cont.

Outline. policies for the first part. with some potential answers... MCS 260 Lecture 10.0 Introduction to Computer Science Jan Verschelde, 9 July 2014

Numbers. 2.1 Integers. P(n) = n(n 4 5n 2 + 4) = n(n 2 1)(n 2 4) = (n 2)(n 1)n(n + 1)(n + 2); 120 =

, a 1. , a 2. ,..., a n

CS 336. We use the principle of inclusion and exclusion. Let B. = {five digit decimal numbers ending with a 5}, and

Discrete Math in Computer Science Solutions to Practice Problems for Midterm 2

Semantics and Verification of Software

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

Topic Contents. Factoring Methods. Unit 3: Factoring Methods. Finding the square root of a number

Introduction to Number Theory

Deductive Verification

The Assignment Axiom (Hoare)

COP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen

Chapter 5. Number Theory. 5.1 Base b representations

Introduction to Number Theory. The study of the integers

Tute 10. Liam O'Connor. May 23, 2017

Computational Problem Solving

5 + 9(10) + 3(100) + 0(1000) + 2(10000) =

8. More on Iteration with For

Quiz 1 Solutions. Problem 2. Asymptotics & Recurrences [20 points] (3 parts)

Axiomatic Verification II

Mathematical Induction. How does discrete math help us. How does discrete math help (CS160)? How does discrete math help (CS161)?

CPSC 467: Cryptography and Computer Security

L1 2.1 Long Division of Polynomials and The Remainder Theorem Lesson MHF4U Jensen

8 Primes and Modular Arithmetic

Lecture 25. Designing Sequence Algorithms

Data Structures and Algorithms Chapter 2

ELEMENTARY NUMBER THEORY AND METHODS OF PROOF

Elementary Properties of the Integers

Reasoning About Imperative Programs. COS 441 Slides 10b

Transcription:

Stepwise Refinement Top Down Design 11-1

On Top Down Design Useful in creating a function or algorithm when the input and output data structures correspond» If the input and output data structures do not correspond then one needs communicating processes to correctly design an implementation Program function NOT USEFUL for designing programs Real systems have no top 11-2

On Mathematics I saw a high wall and as I had a premonition of an enigma, something that might be hidden behind the wall, I climbed over it with some difficulty.... On the other side I landed in a wilderness and had to cut my way through with a great effort until by a circuitous route I came to the open gate, the open gate of mathematics. M.C. Escher 11-3

Escher Circle Limit 1 (1958) 11-4

Escher Plane Filling 1 (1951) 11-5

Escher Waterfall 1961 11-6

Stepwise Refinement Also known as functional decomposition and top down design Given an operation, there are only the following three choices for refinement» Sequence of sub-operations > OP OP1 ; OP2 ;... ; OPn» Choice of sub-operations > OP if COND then OP1 else OP2» Loop over a sub-operation > OP OP1 while COND do OP2 11-7

Stepwise Refinement Is an recursive process of applying one of the previous three choices (with variations) to sub-operations until program text can be written 11-8

Stepwise Refinement Procedure Problem Op an OP Unrefined Operations Exists? Can code? No Yes Done Add to program OP OP1 ; OP2 ;... ; OPn OP1, OP2,..., Opn OP if COND then OP1 else OP2 COND, OP1, OP2 OP OP1 while COND do OP2 COND, OP1, OP2 11-9

Sequence Questions OP OP1 ; OP2 ;... ; Opn Does the sequence of operations OP1 followed by OP2 followed by... followed by OPn accomplish the upper level operation OP precondition OP postcondition OP1 postcondition OP2... postcondition OPn-1 postcondition Opn precondition OP1 precondition OP2 precondition OP3 precondition OPn postcondition OP 11-10

Choice Questions OP if COND then OP1 else OP2 Does the operation OP1 accomplish the operation OP when the condition COND is true COND precondition OP precondition OP1 and postcondition OP1 postcondition OP Does the operation OP2 accomplish the operation OP when the condition COND is false not COND precondition OP precondition OP2 and postcondition OP2 postcondition OP 11-11

Loop Questions 1 of 4 OP 0 Ask verification question - i - OP1 1 while COND { OP2 2 } 3 Let LI be a loop invariant, which must always be true after OP1 is executed except temporarily within OP2 11-12

Loop Questions 2 of 4 Question 0 What is the LI?» In general it is an extremely difficult question to answer. It contains the essential difficulty in programming» Fundamentally it is the following LI totalwork = worktodo + workdone 11-13

Loop Questions 3 of 4 OP 0 OP1 1 while COND { OP2 2 } 3 Question 1 Is LI true after OP1? precondition(op) + execution(op1) LI Question 2 Is LI true after OP2? (LIbefore COND) + execution(op2) LIafter 11-14

Loop Questions 4 of 4 OP 0 OP1 1 while COND { OP2 2 } 3 Question 3a Does the loop terminate? Does COND eventually become false? Question 3b Is postcondition of OP true at loop end? (LI (not COND) ) postcondition OP 11-15

Example Loop Design Consider a program loop which calculates the division of positive integers.» D is the divisor and D > 0 Q Q is the quotient D DV R is the remainder... DV is the dividend and DV > 0 R We are to compute Q and R from D and DV such that the following is true. 0 R < D DV = D * Q + R 11-16

Loop Design 1 Question 0 Find the loop invariant» After consulting an oracle we have determined that the following is an appropriate loop invariant > This is the creative part of programming LI DV = D * Q + R R 0 11-17

Loop Design 2 OP 0 LI DV = D * Q + R R 0 OP1 1 while COND { OP2 2 } 3 What we have to do is to determine COND, OP1, and OP2 while checking that the verification questions are satisfied» In practice we iterate between loop invariant and the program until we have a match that solves the problem 11-18

Loop Design 3 LI DV = D * Q + R R 0 Question 1 Make LI true at the start OP1 Q 0 ; R DV LI is true DV = D * 0 + DV DV > 0 from the precondition R 0 11-19

Loop Design 4 LI DV = D * Q + R R 0 while COND { OP2 2 } Question 2 Is LI still true after OP2 is executed? COND R D True before OP2 exec OP2 Q Q + 1 ; R R D Therefore Q = Q + 1 R = R D» After OP2 show LI first part is true > DV = D * Q + R LI first part = D * (Q + 1) + (R D) Substitute equality = D * Q + D + R D Rearrange = D * Q + R True before OP2, still true» See effect of moving data from worktodo (D & DV) to workdone (Q & R) while maintaining the invariant. 11-20

Loop Design 5 LI DV = D * Q + R R 0 while COND { OP2 2 } Question 2 Is LI still true after OP2 is executed? COND R D True before OP2 exec OP2 Q Q + 1 ; R R D Therefore Q = Q + 1 R = R D» After OP2 show second part of LI is still true > R 0 LI second part (R D) 0 Substitute equality R D Rearrangement is true from COND Therefore R 0 is true 11-21

Loop Design 6 LI DV = D * Q + R R 0 while R D { Q Q + 1 R R D } Question 3a Does COND eventually become false?» Every time around the loop OP2 reduces the size of R by D > 0.» In a finite number of iterations R must become less than D. 11-22

Loop Design 7 LI DV = D * Q + R R 0 COND = R D Question 3b Does ~ COND and LI postcondition for OP?» ~ COND R < D» LI DV = D * Q + R R 0» Together DV = D * Q + R 0 R < D» Equals Problem specification 0 R < D DV = D*Q + R 11-23

Loop Invariant Example 1a Copy a sequence of characters from input to output read achar from input while achar EOF write achar to output read achar from input end while The loop invariant is the following In[ 1.. N ] = Out[ 1.. j 1 ] + achar + In [ j + 1.. N ] totalwork = workdone + worktodo 11-24

Loop Invariant Example 1b The loop invariant is the following In[ 1.. N ] = Out[ 1.. j 1 ] + achar + In [ j + 1.. N ] The loop invariant can be simplified by removing Input[ i + 1.. N ] from each side of the relationship In[ 1.. j ] = Out[ 1.. j 1 ] + achar It is the simplified form that one sees most often 11-25

Loop Invariant Example 2a Compute the sum of the integers 1 to N sum 0 ; p 0 loop exit when p = N p += 1 ; sum += p end loop The loop invariant is the following n n j = sum + j 1 p+1 totalwork = workdone + worktodo 11-26

Loop Invariant Example 2b The loop invariant is the following n 1 j = sum + n p+1 Simplify by removing the following expression from each side of the relationship n j To get p+1 p 1 j = sum j 11-27

Loop Invariant Example 3a Compare string A [ 1.. p ] with string B [ 1.. p ]. Last character in string must be EOS J 1 loop exit when A[ j ] B[ j ] or A[ j ] = EOS j += 1 end loop A[ 1.. p ]? B[ 1.. p ] totalwork = A[ 1.. j 1 ] = B[ 1.. j 1 ] workdone + A[ j.. n ]? B[ j.. n ] worktodo j p A[ p ] = B[ p ] = EOS Support conditions 11-28

Loop Invariant Example 3b The loop invariant is the following. A [ 1.. p ]? B [ 1.. p ] = A [ 1.. j 1 ] = B [ 1.. j 1 ] j p + A[ j.. p ]? B[ j.. p ] A[ p ] = B[ p ] = EOS The simplified loop invariant A[ 1.. j 1 ] = B[ 1.. j 1 ] j p A[ p ] = B[ p ] = EOS 11-29

Context for loop inductive step 11-30

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback