Mathematical Reasoning
description
Transcript of Mathematical Reasoning
![Page 1: Mathematical Reasoning](https://reader036.fdocuments.in/reader036/viewer/2022062323/56815ffa550346895dcef9bb/html5/thumbnails/1.jpg)
School of Computing Clemson University
Mathematical Reasoning Goal: To prove correctness Method: Use a reasoning table Prove correctness on all valid inputs
![Page 2: Mathematical Reasoning](https://reader036.fdocuments.in/reader036/viewer/2022062323/56815ffa550346895dcef9bb/html5/thumbnails/2.jpg)
School of Computing Clemson University
Example: Prove CorrectnessSpec: Operation Do_Nothing (i: Integer);
requires min_int <= i and i + 1 <= max_int;
ensures i = #i;
Code:Increment(i);Decrement(i);
![Page 3: Mathematical Reasoning](https://reader036.fdocuments.in/reader036/viewer/2022062323/56815ffa550346895dcef9bb/html5/thumbnails/3.jpg)
School of Computing Clemson University
Design by Contract Requirements and guarantees
Requires clauses are preconditions Ensures clauses are postconditions
Caller is responsible for requirements
Postcondition holds only if caller meets operation’s requirements
![Page 4: Mathematical Reasoning](https://reader036.fdocuments.in/reader036/viewer/2022062323/56815ffa550346895dcef9bb/html5/thumbnails/4.jpg)
School of Computing Clemson University
Basics of Mathematical Reasoning Suppose you are proving the correctness
for some operation P Confirm P’s ensures clause at the last state Assume P’s requires clause in state 0
![Page 5: Mathematical Reasoning](https://reader036.fdocuments.in/reader036/viewer/2022062323/56815ffa550346895dcef9bb/html5/thumbnails/5.jpg)
School of Computing Clemson University
In State 2 – Establish Goal ofDo_Nothing’s Ensures Clause
Assume Confirm0
Increment(i);1
Decrement(i)
2 i2 = i0
![Page 6: Mathematical Reasoning](https://reader036.fdocuments.in/reader036/viewer/2022062323/56815ffa550346895dcef9bb/html5/thumbnails/6.jpg)
School of Computing Clemson University
In State 0Assume Do_Nothing’s Requires Clause
Assume Confirm0 min_int <= i0 and
i0 + 1 <= max_int
Increment(i);1
Decrement(i)
2 i2 = i0
![Page 7: Mathematical Reasoning](https://reader036.fdocuments.in/reader036/viewer/2022062323/56815ffa550346895dcef9bb/html5/thumbnails/7.jpg)
School of Computing Clemson University
More Basics Now, suppose that P calls Q
Confirm Q’s requires clause in the state before Q is called
Assume Q’s ensures clause in the state after Q is called
![Page 8: Mathematical Reasoning](https://reader036.fdocuments.in/reader036/viewer/2022062323/56815ffa550346895dcef9bb/html5/thumbnails/8.jpg)
School of Computing Clemson University
Specification of Integer Operations
Operation Increment (i: Integer); requires i + 1 <= max_int; ensures i = #i + 1;
Operation Decrement (i: Integer); requires min_int <= i - 1; ensures i = #i – 1;
![Page 9: Mathematical Reasoning](https://reader036.fdocuments.in/reader036/viewer/2022062323/56815ffa550346895dcef9bb/html5/thumbnails/9.jpg)
School of Computing Clemson University
Assume Calls Work as AdvertisedAssume Confirm
0 min_int <= i0 and i0 + 1 <= max_int
Increment(i);1 i1 = i0 + 1
Decrement(i)
2 i2 = i1 - 1 i2 = i0
![Page 10: Mathematical Reasoning](https://reader036.fdocuments.in/reader036/viewer/2022062323/56815ffa550346895dcef9bb/html5/thumbnails/10.jpg)
School of Computing Clemson University
More Preconditions Must Be ConfirmedAssume Confirm
0 min_int <= i0 and i0 + 1 <= max_int i0 + 1 <=
max_int
Increment(i);1 i1 = i0 + 1 min_int <= i1 - 1
Decrement(i)
2 i2 = i1 - 1 i2 = i0
![Page 11: Mathematical Reasoning](https://reader036.fdocuments.in/reader036/viewer/2022062323/56815ffa550346895dcef9bb/html5/thumbnails/11.jpg)
School of Computing Clemson University
Write Down Verification Conditions(VCs) Verification Condition for State 0
(min_int <= i0) ^ (i0 + 1 <= max_int) i0 + 1 <= max_int
![Page 12: Mathematical Reasoning](https://reader036.fdocuments.in/reader036/viewer/2022062323/56815ffa550346895dcef9bb/html5/thumbnails/12.jpg)
School of Computing Clemson University
Write Down Verification Conditions(VCs) VC for State 1
P1: min_int <= i0 (from State 0)
P2: i0 + 1 <= max_int (from State 0)
P3: i1 = i0 + 1 VC: P1 ^ P2 ^ P3 min_int <= i1 - 1
VC for State 2 P4: i2 = i1 - 1 VC: P1 ^ P2 ^ P3 ^ P4 i2 = i0
![Page 13: Mathematical Reasoning](https://reader036.fdocuments.in/reader036/viewer/2022062323/56815ffa550346895dcef9bb/html5/thumbnails/13.jpg)
School of Computing Clemson University
Use Direct Proof Method For p q Assume premise ‘p’ Show conclusion ‘q’ is true
Prove VC for State 0 Assume P1: min_int <= i0 Assume P2: i0 + 1 <= max_int Show: i0 + 1 <= max_int
![Page 14: Mathematical Reasoning](https://reader036.fdocuments.in/reader036/viewer/2022062323/56815ffa550346895dcef9bb/html5/thumbnails/14.jpg)
School of Computing Clemson University
Prove VCs for State 1 & State 2 Prove VC for State 1
Assume P1: min_int <= i0 Assume P2: i0 + 1 <= max_int Assume P3: i1 = i0 + 1 Show: min_int <= i1 - 1
Prove VC for State 2 Assume P1 ^ P2 ^ P3 Assume P4: i2 = i1 – 1 Show: i2 = i0