test.org

1. # -*- mode: org; coding: utf-8 -*-
2.  
3. #+TITLE: Example Correctness Proofs
4. #+AUTHOR: Marko Schütz-Schmuck
5. \include{extra-setup}
6.  
7. * linear search
8. - sought: smallest index \(i\) with \(a_i = x\)
9. - precondition: \(V \equiv n \in \naturals_0\)
10. - postcondition:
11. \begin{align*}
12. P \equiv & n \in \naturals_0 \land k \in \naturals \land k \le n+1
13. \land \textmath{found} \in \booleans \\
14. & \land \forall 1 \le i < k.a_i \neq x \\
15. & \land (k \le n \land a_k = x \land \textmath{found} \lor k = n+1 \land \neg \textmath{found})
16. \end{align*}
17.  
18. ** verify :BMCOL:B_block:
19. :PROPERTIES:
20. :BEAMER_env: block
21. :BEAMER_col: 0.44
22. :END:
23.  
24. \begin{minipage}{.9\linewidth}
25. \(
26. \begin{Condition}
27. V
28. \end{Condition}\)\endgraf
29. \begin{Pseudocode}
30. \STATE \(k \isassigned 1\)
31. \WHILE{\(k \le n \land a_k \neq x\)} \STATE \(k \isassigned k+1\) \ENDWHILE
32. \STATE \(\textmath{found} \isassigned k \le n\)
33. \end{Pseudocode}
34. \(
35. \begin{Condition}
36. P
37. \end{Condition}\)
38. \end{minipage}
39.  
40. ** invariant :B_block:BMCOL:
41. :PROPERTIES:
42. :BEAMER_env: block
43. :BEAMER_col: 0.52
44. :END:
45. \begin{align*}
46. & n \in \naturals_0 \land k \in \naturals_0 \land k \le n+1 \\
47. & \land \forall 1\le i<k. a_i
48. \neq x
49. \end{align*}
50.  
51. * proof overview
52. #+BEGIN_LaTeX
53. \(
54. \begin{Condition}
55. V
56. \end{Condition}\)\endgraf
57. \begin{Pseudocode}
58. \STATE \(k \isassigned 1\)
59. \WHILE{\(k \le n \land a_k \neq x\)} \STATE \(k \isassigned k+1\) \ENDWHILE
60. \STATE \(\textmath{found} \isassigned k \le n\)
61. \end{Pseudocode}
62. \(
63. \begin{Condition}
64. P
65. \end{Condition}\)
66. #+END_LaTeX
67.  
68. #+LaTeX: {\tiny
69. \begin{prooftree}
70. \AxiomC{\(V \implies I\substitute{1}{k}\)}
71. \RightLabel{A2}
72. \UnaryInfC{\hoareTriple{V}{\(S_i\)}{I}}
73. \AxiomC{\(I \land B \implies I\substitute{k+1}{k}\)}
74. \RightLabel{A2}
75. \UnaryInfC{\hoareTriple{I \land B}{\(S_W\)}{I}}
76. \AxiomC{\(I \land \neg B \implies P_1\)}
77. \RightLabel{W2}
78. \TrinaryInfC{\hoareTriple{V}{\(S_i\ \algorithmicseq\ W\)}{P_1}}
79. \AxiomC{\hoareTriple{P\substitute{k\le n}{\textmath{found}}}{\(S_f\)}{P}}
80. \RightLabel{A1}
81. \UnaryInfC{\hoareTriple{P_1}{\(S_f\)}{P}}
82. \RightLabel{S1}
83. \BinaryInfC{\hoareTriple{V}{\(S_i\ \algorithmicseq\ W\ \algorithmicseq\ S_f\)}{P}}
84. \end{prooftree}
85. #+LaTeX: }
86.  
87. termination: distance \(n+1 - k\)
88.  
89. * strengthen postcondition of loop body
90. - rule (P1) allows strengthening postcondition
91. - may make proving easier
92. * merge sorted sub-sequences
93. - given: arrays \(a, b, c\) with \(a, b\) sorted by value
94. - merge the sorted sequences of values into a sorted sequence of values in \(c\)
95. - precondition:
96. \begin{align*}
97. V \equiv & n_a \in \naturals_0 \land \forall 1 \le i < n_a . a_i \le a_{i+1} \\
98. \land & n_b \in \naturals_0\land \forall 1 \le i < n_b . b_i \le b_{i+1}
99. \end{align*}
100. - predicate for permutations: \([] \perm []\), \(a \& b \& c \perm d \& b \& e \iff a \&
101. c \perm d \& e\) where \(\&\) has precedence over \(\perm\)
102. - postcondition:
103. \begin{align*}
104. P \equiv & \appendop_{i=1}^{n_a+n_b} [c_{i}] \perm \appendop_{i=1}^{n_a} [a_i] \&
105. \appendop_{i=1}^{n_b} [b_i]\\
106. \land & \forall 1 \le i < n_a+n_b . c_i \le c_{i+1}
107. \end{align*}
108. * proof obligations: black-box view
109. 1. \hoareTriple{V}{\(\textmath{merge}\)}{P}
110. 2. \(\textmath{merge}(d)\) is structurally like \(d\)
111. 3. \(\textmath{merge}\) will not modify any program variables other than \(c_i\) where
112. \(1 \le i \le n_a+n_b\)
113. 4. \(\textmath{merge}\) terminates
114. * merge subprogram
115. \begin{algorithmic}
116. \DECLARE \((i_a, \naturals, 1), (i_b, \naturals, 1), (i_c, \naturals, 1)\)
117. \WHILE{\(i_a \le n_a \lor i_b \le n_b\)}
118. \IF{\(i_b > n_b \lor i_a \le n_a \land a_{i_a} \le b_{i_b}\)}
119. \STATE \(c_{i_c} \isassigned a_{i_a}\)
120. \STATE \(i_a \isassigned i_a + 1\)
121. \ELSE
122. \STATE \(c_{i_c} \isassigned b_{i_b}\)
123. \STATE \(i_b \isassigned i_b + 1\)
124. \ENDIF
125. \STATE \(i_c \isassigned i_c +1\)
126. \ENDWHILE
127. \RELEASE \(i_a, i_b, i_c\)
128. \end{algorithmic}
129.  
130. * proof obligations: looking under the hood
131. 1.
132.  
133. \(
134. \begin{Condition}
135. V
136. \end{Condition}\)
137. \begin{Pseudocode}
138. \DECLARE \((i_a, \naturals, 1), (i_b, \naturals, 1), (i_c, \naturals,
139. 1)\)
140. \WHILE{\(i_a \le n_a \lor i_b \le n_b\)}
141. \IF{\(i_b > n_b \lor i_a \le n_a \land a_{i_a} \le b_{i_b}\)}
142. \STATE \(c_{i_c} \isassigned a_{i_a}\)
143. \STATE \(i_a \isassigned i_a + 1\)
144. \ELSE
145. \STATE \(c_{i_c} \isassigned b_{i_b}\)
146. \STATE \(i_b \isassigned i_b + 1\)
147. \ENDIF
148. \STATE \(i_c \isassigned i_c +1\)
149. \ENDWHILE
150. \RELEASE \(i_a, i_b, i_c\)
151. \end{Pseudocode}
152. \(
153. \begin{Condition}
154. P
155. \end{Condition}\)
156.  
157. 2. maintains structure
158.  
159. 3. only modifies \(c_i\) where \(1 \le i \le n_a+n_b\)
160.  
161. * proving \hoareTriple{V}{\(\textmath{merge}\)}{P}
162. - invariant: \(I \equiv \bigvee_{i=0}^8 I_i\) where
163. - \(I_0 \equiv\) :: \(n_a \in \naturals_0 \land n_b \in \naturals_0\)
164. - \(I_1 \equiv\) :: \(i_a \in \naturals_0 \land 1\le i_a\le n_a+1\)
165. - \(I_2 \equiv\) :: \(i_b \in \naturals_0 \land 1\le i_b\le n_b+1\)
166. - \(I_3 \equiv\) :: \(i_c-1 = i_a - 1 + i_b - 1\)
167. - \(I_4 \equiv\) :: \(\appendop_{i=1}^{i_c-1} [c_{i}] \perm \appendop_{i=1}^{i_a-1} [a_i] \&
168. \appendop_{i=1}^{i_b - 1} [b_i]\)
169. - \(I_5 \equiv\) :: \((1 < i_c \land i_a \le n_a) \implies c_{i_c-1} \le a_{i_a}\)
170. - \(I_6 \equiv\) :: \((1 < i_c \land i_b \le n_b) \implies c_{i_c-1} \le b_{i_b}\)
171. - \(I_7 \equiv\) :: \(\forall 1 \le i < i_c-1 . c_i \le c_{i+1}\)
172. - \(I_8 \equiv\) :: \(\forall 1 \le i < n_a . a_i \le a_{i+1} \land \forall 1
173. \le i < n_b . b_i \le b_{i+1}\)
174. - symmetric wrt. renaming \(a \leftrightarrow b\)
175.  
176. * proof overview
177. #+LaTeX: {\tiny
178. \begin{prooftree}
179. \AxiomC{\(V \implies I\substitute{1,1,1}{i_c,i_b,i_a}\)}
180. \RightLabel{S1\(^+\), D1}
181. \UnaryInfC{\hoareTriple{V}{\(\textmath{init}\)}{I}}
182. \end{prooftree}
183. #+LaTeX: }
184. - \(B_1 \land B_2 \iff i_a\le n_a \land (i_b > n_b \lor a_{i_a}\le b_{i_b})\) and \(B_1
185. \land \neg B_2 \iff i_b\le n_b \land (i_a > n_a \lor b_{i_b} < a_{i_a})\)
186. #+LaTeX: {\tiny
187. \begin{prooftree}
188. \AxiomC{\(\vdots\)}
189. \UnaryInfC{\hoareTriple{I \land B_1 \land B_2}{\(S_1\)}{I\substitute{i_c+1}{i_c}}}
190. \AxiomC{\(I \land i_b\le n_b \land (i_a > n_a \lor b_{i_b} \le a_{i_a}) \implies I\substitute{i_c+1,i_b+1,b_{i_b}}{i_c,i_b,c_{i_c}}\)}
191. \RightLabel{S1, A1, A2}
192. \UnaryInfC{\hoareTriple{I \land i_b\le n_b \land (i_a > n_a \lor b_{i_b} \le a_{i_a})}{\(S_1\)}{I\substitute{i_c+1}{i_c}}}
193. \RightLabel{P1}
194. \UnaryInfC{\hoareTriple{I \land i_b\le n_b \land (i_a > n_a \lor b_{i_b} < a_{i_a})}{\(S_1\)}{I\substitute{i_c+1}{i_c}}}
195. \UnaryInfC{\hoareTriple{I \land B_1 \land \neg B_2}{\(S_2\)}{I\substitute{i_c+1}{i_c}}}
196. \RightLabel{IF1}
197. \BinaryInfC{\hoareTriple{I \land B_1}{\(S\)}{I\substitute{i_c+1}{i_c}}}
198. \end{prooftree}
199. #+LaTeX: }
200. #+LaTeX: {\tiny
201. \begin{prooftree}
202. \AxiomC{\hoareTriple{V}{\(\textmath{init}\)}{I}}
203. \AxiomC{\hoareTriple{I \land B_1}{\(S\)}{I\substitute{i_c+1}{i_c}}}
204. \RightLabel{S1, A1}
205. \UnaryInfC{\hoareTriple{I \land B_1}{\(S\ \algorithmicseq\ i_c \isassigned i_c + 1\)}{I}}
206. \AxiomC{\(I \land \neg B_1 \implies P\)}
207. \RightLabel{W2}
208. \TrinaryInfC{\hoareTriple{V}{\(\textmath{init}\ \algorithmicseq\ W\)}{P}}
209. \AxiomC{}
210. \RightLabel{SP1}
211. \UnaryInfC{\hoareTriple{P}{\(R\)}{P}}
212. \RightLabel{S1}
213. \BinaryInfC{\hoareTriple{V}{\(\textmath{init}\ \algorithmicseq\ W\ \algorithmicseq\ R\)}{P}}
214. \end{prooftree}
215. #+LaTeX: }
216.  
217.  
218. * Setup :noexport:
219. #+startup: beamer
220. #+EMAIL: marko dot schutz at uprm dot edu
221. #+DESCRIPTION:
222. #+KEYWORDS:
223. #+LANGUAGE: en
224. #+OPTIONS: H:1 num:t toc:nil \n:nil @:t ::t |:t ^:t -:t f:t *:t <:t
225. #+OPTIONS: TeX:t LaTeX:nil skip:nil d:nil todo:t pri:nil tags:not-in-toc
226. #+INFOJS_OPT: view:nil toc:nil ltoc:t mouse:underline buttons:0 path:http://orgmode.org/org-info.js
227. #+EXPORT_SELECT_TAGS: export
228. #+EXPORT_EXCLUDE_TAGS: noexport
229. #+LINK_UP:
230. #+LINK_HOME:
231. #+LaTeX_CLASS: beamer
232. #+LaTeX_HEADER: \usepackage{colonequals}
233. #+LaTeX_HEADER: \usepackage[noend]{algorithmic}
234. #+LaTeX_HEADER: \usepackage{bussproofs}
235. #+LaTeX_HEADER: \usepackage{nicefrac}
236. #+LaTeX_HEADER: \institute{Department of Mathematical Sciences\\University of Puerto Rico at Mayagüez\\Mayagüez, PR}
237. #+BEAMER_FRAME_LEVEL: 1
238. #+COLUMNS: %40ITEM %10BEAMER_env(Env) %9BEAMER_envargs(Env Args) %4BEAMER_col(Col) %10BEAMER_extra(Extra)