Invariant proof
We got almost where we needed to be on Monday with respect to our invariant proof. Remember that we are going backwards from:
{X! * Y =n! /\ X>=0 /\ X > 0} Y:=Y*X; X:=X-1; {X! * Y = n! /\ X>=0}
Note that the loop condition is included with I in the precondition on the sequence. This is required by the while rule.
The only rule we can apply is the sequence rule. Thus, we have to find A, B and C from {A}c0{C} and {C}c1{B}. We know that B is the invariant and can thus find C by working backwards over c1. Thus, the first thing to deal with is the assignment rule and X:=X-1:
{X! * Y = n! /\ X>=0}[X-1/X]
Replacing X by X-1 gives us C:
{(X-1)! * Y = n! /\ X-1>=0}
Now we can push C backwards through c0 again using the assignment rule to get A:
{(X-1)! * Y = n! /\ X-1>=0}[X*Y/Y]
Replacing Y with X*Y gives us A:
{(X-1)! * X * Y = n! /\ X-1>=0}
Unfortunately, this is not what we want. But if we can show that:
X! * Y = n! /\ X >=0 /\ X > 0 => (X-1)! * X * Y = n! /\ X-1 >= 0
we're in business because of the consequence rule. This is just a bit of mathematical manipulation:
X! * Y = n! /\ X >= 0 /\ X > 0
=> X! * Y = n! /\ X >= 1 (By X>0 and X>=0)
=> X! * Y = n! /\ (X-1) >= 0 (By subtracting 1 from each side of the inequality)
=> X * (X-1)! * Y = n! (X-1) >= 0 (By unrolling the factorial once)
Since A => A' and {A'}c{B} and B=>B the consequence rule gives us {A}c{B} which is exactly what we want if A = X! * Y = n! /\ X >= 0 /\ X > 0
Q.E.D.
Cool, but we still have some work to do in class Wednesday to show that the factorial calculation really is a factorial. All we've done here is show that our invariant is an invariant over the body of the loop.
{X! * Y =n! /\ X>=0 /\ X > 0} Y:=Y*X; X:=X-1; {X! * Y = n! /\ X>=0}
Note that the loop condition is included with I in the precondition on the sequence. This is required by the while rule.
The only rule we can apply is the sequence rule. Thus, we have to find A, B and C from {A}c0{C} and {C}c1{B}. We know that B is the invariant and can thus find C by working backwards over c1. Thus, the first thing to deal with is the assignment rule and X:=X-1:
{X! * Y = n! /\ X>=0}[X-1/X]
Replacing X by X-1 gives us C:
{(X-1)! * Y = n! /\ X-1>=0}
Now we can push C backwards through c0 again using the assignment rule to get A:
{(X-1)! * Y = n! /\ X-1>=0}[X*Y/Y]
Replacing Y with X*Y gives us A:
{(X-1)! * X * Y = n! /\ X-1>=0}
Unfortunately, this is not what we want. But if we can show that:
X! * Y = n! /\ X >=0 /\ X > 0 => (X-1)! * X * Y = n! /\ X-1 >= 0
we're in business because of the consequence rule. This is just a bit of mathematical manipulation:
X! * Y = n! /\ X >= 0 /\ X > 0
=> X! * Y = n! /\ X >= 1 (By X>0 and X>=0)
=> X! * Y = n! /\ (X-1) >= 0 (By subtracting 1 from each side of the inequality)
=> X * (X-1)! * Y = n! (X-1) >= 0 (By unrolling the factorial once)
Since A => A' and {A'}c{B} and B=>B the consequence rule gives us {A}c{B} which is exactly what we want if A = X! * Y = n! /\ X >= 0 /\ X > 0
Q.E.D.
Cool, but we still have some work to do in class Wednesday to show that the factorial calculation really is a factorial. All we've done here is show that our invariant is an invariant over the body of the loop.
Comments