Given:
|
The only movement is repeated as far as it is possible and what we are asked:
InfDef 1
Bound Function\oversetdef = a map from a set of a variables (of
a process) to a well ordered set (one that can be put into an
order that has no infinetely decreasing chain.)
InfDef 2
Invariant \oversetdef = a property that does not change whatever
the movement.
In opposition, the number of black beans in coffe can is always odd is a property that does not always hold because the number of black beans is either decreased or increased by one at every movement.
The parity of the white beans is not affected by any movement: the number of white beans doesn't change when beans taken from the can are either of different colors or they are both black, and it is decreased by two white beans are taken out of the can.
Thus, of the final state of the can, it can be said that ot will zero beans if at the beginning the number of white beans in it is even; there will one white bean in the can otherwise.
Definition 1
A finite state machine is a tuple , where:
In a pair (a,b), the a could represent the state of the 3-units jug, while b would represent the other one. The transition relation d should reflect the fact that the only allowable movement are either completely filling or emptying one jug.
Definition 2
An execution of a finite state machine is a sequence of
states q0,q1,q2,¼,qn, such that for any 0 £ i < n
(qi,qi+1) Î d.
|
In a variation over the same game (also proposed by Professor Leighton), we are given 3 units and 6 units jugs, and this time demanded to produce a proof that it is not possible to end up one jug containing with 4 units of water.
This time Q = {(a,b): 0 £ a £ 3 and 0 £ b £ 6}. The transition relation d would allow the following movements:
We can prove that it is not possible to produce a jug with 4 units of
water by defining a property that is both an invariant of any
execution of this machine and that excludes the possibility of any
jug having 4 units of water. Our property will be a predicate P
over Q:
|
If we prove that P is true for any state of any execution of our machine (P is satisfied by any execution of the machine), then, because 4 is not multiple of 3, we'll have proved that it is not possible to obtain a jug with 4 units of water with this set of movements.
Definition 3
Axiom of induction: Let P be a predicate over \mathbbN. If
P(0) and for any n Î \mathbbN P(n) implies P(n+1) then P(n),
for any n Î \mathbbN.
Definition 4
A partial order on a set S is a relation \prec over S
that is transitive, i.e., if x,y,z S, x\prec y and y\prec z
then \prec z.
An order on a set S is a partial order where, for every two element
x,y Î S either x = y, x\prec y, or y\prec x. (set S is
ordered if well-ordered set
A set S is well-ordered if it is ordered, and for any nonempty
A Í S there is an element s Î A such that x\preceq y
(x\prec y or x = y), for all y Î A.
Theorem 2
"n\mathbbN: 1+2+¼+n = n(n+1)/2.
Let P(n) be our conjecture that 1+2+...+n = n(n+1)/2. It can
easily be checked P(1): 1 = 1(1+1)/2.
Assuming that P(n), for (n+1):
that is easily reduced to (n+1)(n+2)/2, proving P(n+1).
1+2+...+n+(n+1) = [n(n+1)/2]+(n+1)
Theorem 3
Invariant Theorem: Let M = \tupleQ,Q0,d be a finite
state machine and P a predicate on Q such that P(q0) for all
q0 Î Q0, and let P(q) imply P(q¢) for any pair (q,q¢) such
that (q,q¢) Î d. Then P is an invariant for M.
The proof is performed by induction on the length of executions of
M. We assume that \mathfrakP(n) be the predicate that P(q) is
true for any state q contained in an exectution of length n.
\mathfrakP(1) is true because any execution with length 1
contains just an initial state, and the hipothesis of the theorem
states P(q0) for all q0 Î Q0. Assuming that \mathfrakP(n),
for an execution of length n+1 and one of its states q¢ we have:
if q¢ is its initial state, the P(q¢); otherwise q¢ is preceded
by another state q that is part of an execution of length n and as
such P(q). But, also (by the definition of execution of a
finite state machine) (q,q¢) Î d and, because P(q), by the
hipothesis of the theorem, P(q¢). Thus, P(q) for any q in an
execution of M.
This is true for initial state when they are both empty. It can
easily be proved that the property is preserved for each of the
allowed transitions. For example, for the transition
|
Algorithm 1
Naïve multiplication.
int¯
loop: //Invariant: x*y+z = a*b
naive(int a,int b){
l1: int x=a, y=b,z=0;
l2: if¯ (x==0)
l3: return z;
l4: z+=y;
l5: x-;
l6: goto loop;
}
Partial correctness. It is not difficult to check that the invariant holds after each cycle of the loop. It After the initial step (l2), the invariant because z = 0, x = a,y = b. If, at any time, the program is executing l2, and invariant holds, at the end of cycle (step l6), we have: z'=z+y
Termination. It is easy to see that if a ³ 0 the algorithm
terminates: x is initialized with a, and is decremented in every each of
the loop. When it reaches 0 the loop terminates, and z = a*b, given
our loop invariant that states:
|
Algorithm's complexity. The following invariant can be easily proved:
|
|
Algorithm 2
Russian peasant.
int¯
russian(int a,int b){
l1: int x=a,y=b,z=0;
loop: // Invariant: x*y+z = a*b
l2:if¯ (x = = 0)
l3: return z;
l4:if¯ (1 = = x%2)
l5: z+ = y;
l6:y << = 1;
l7:x >> = 1;
l8:goto loop;
}
Partial correctness. The invariant is same as in the previous algorithm. For the same reasons, it holds step l1, that initializes variables. The proof that invariant is mantained by the loop is has two cases. when x is odd, we have:
Program termination. It is possible to define a bound function mapping the variables of the program to the value of x. Every time around the loop, the value of x is shifted one bit to right. When it becomes 0, the loop is finished, and, given the invariant above is mantained, z = a*b.
Algorithm's complexity.
We can prove the following invariant, where |n2| represents the number
of bits necessary to represent n, and k is the number of times around the
loop:
|
This is a recurrence relation. Recurrence relations have the nice property
that they can be easily obtained from the code of our algorithms. They
present an obstacle that is the fact that they don't give a closed formula:
T(a) is defined in terms of T(a >> 1), which is in the end T(a/2). But,
the intuition behind the relation above seems clear enough: we are counting
the number of times we can divide a by 2, and that would be log2a,
more exactly:
|
Thus, the time for that algorithm is given by:
|
|
Given:
|
Algorithm 3
Horner's algorithm.
dou¯ble
horner(const double a[],const int n,const double x){
l1: double v=0;
l2: int i=n;
l3: // Invariant: -1 £ i £ n Ùv = åj = 0n-i-1an-j xn-i-1-j
loop:¯
l4: if¯ (i < 0)
l5: return v;
l6: v = (v*x)+a[i];
l7: i-;
l8: goto loop;
}
Partial correctness. It is not difficult to check that invariant defined at line l3 holds for each cycle of the loop. The invariant holds (trivially) after l2, when i = n and (åj = 0n-i-1an-j xn-i-1-j) equals 0 (0 being the identity of the sum.) Let us assume that the property holds for some i = h, (0 £ h £ n). _j=0^n-h-1a_n-jx^n-h-1-j,
Loop termination. To understand why the loop terminates, we just have to notice that values of i for a well-ordered set, with least element always equal to -1, the value of i for which the loop finishes.
But, if the loop finishes with i = -1, then it finishes with
|
1Even though, this game has been played in brazilian bars for the last 50 years, Leighton detected that the game was presented in the film ``Die Hard 3'' as a hard puzzle for Bruce Willis to solve in order avoid a bomb to explode.