CIS 301: Logical Foundations of Programming Module: Program Logic Lecture: Conditionals Copyright 2015, Dave Schmidt, John Hatcliff, Torben Amtoft, Robby. The syllabus and all lectures for this course are copyrighted materials and may not be used in other course settings outside of Kansas State University in their current form or modified form without the express written permission of one of the copyright holders. During this course, students are prohibited from selling notes to or being paid for taking notes by any person or commercial firm without the express written permission of one of the copyright holders.

CIS 301 --- Program Logic - Conditionals

Objectives n

n

Understand how the meaning of the conditional statement gives rise to rules for transforming claims about program variables Apply the program logic to reason about programs with assignment and conditional statements

CIS 301 --- Program Logic - Conditionals

The Domain In our last lecture, we began the study of a logic for reasoning about programs. A key concept was that the logic included rules that described how our knowledge about the values of program variables was transformed by commands.

Last lecture -- Assignments Computer memory (program variable values) before command

x = e Computer memory (program variable values) after command

This lecture -- Conditionals Computer memory (program variable values) before command

if e: … else: … Computer memory (program variable values) after command

CIS 301 --- Program Logic - Conditionals

Claim Transformer -- Conditional Conditionals (first attempt) – let’s consider the knowledge that we gain in each branch by applying the rules that we already know. if x > y : max = x """{ 1. max == x premise }""" else : max = y """{ 1. max == y premise }""" # # what do we know at this point? # """{ (max == y) or (max == x) }""" Concept #1: The knowledge produced by the command is the disjunction (or) of the knowledge produced by each branch. CIS 301 --- Program Logic - Conditionals

Apply the assignment rule to each branch We don’t have any knowledge about the values of x and y. So we don’t have any knowledge about which branch as taken. The knowledge gained must be based on the fact that the program will follow the then branch or the else branch.

Claim Transformer -- Conditional Consider: the test expression of the conditional “asks a question”: “is the test expression true or is the test expression false?” if x > y : """{ 1. (x > y) max = x """{ 1. max == x else : …

premise }""" premise }"""

Concept #2: When we move past the evaluation of the test expression into a branch, we pick up knowledge regarding the outcome of the test. CIS 301 --- Program Logic - Conditionals

What knowledge do we have about x and y if execution reaches the beginning of the then branch? We know that the test expression is true. Therefore, at the beginning of the then branch, we know x > y is true

Claim Transformer -- Conditional Consider: the test expression of the conditional “asks a question”: “is the test expression true or is the test expression false?” if x > y : """{ 1. max = x """{ 1. else : """{ 1. max = y """{ 1.

(x > y)

premise }"""

max == x

premise }"""

not (x > y)

premise }"""

max == y

premise }"""

Concept #2: When we move past the evaluation of the test expression into a branch, we pick up knowledge regarding the outcome of the test. CIS 301 --- Program Logic - Conditionals

What knowledge do we have about x and y if execution reaches the beginning of the else branch? We know that the test expression is false. Therefore, at the beginning of the else branch, we know !(x > y) is true

Claim Transformer – Conditional Forward Rule for Conditionals

{ ... P } if B : { 1. B premise 2. P premise ... } C1 {... Q1 } else : { 1. not B premise 2. P premise ... } C2 {... Q2 } {1. Q1 or Q2 premise ...}

Knowledge we gain from test outcome Knowledge we carry over from before "if" Stuff we prove using knowledge above plus knowledge of then branch Knowledge we gain from test outcome Knowledge we carry over from before "if" Stuff we prove using knowledge above plus knowledge of then branch Combine knowledge from both branches

CIS 301 --- Program Logic - Conditionals

Or Elimination (ore) The ore rule corresponds to proof by case analysis… m. P or Q … n. R

If P or Q holds we know either P or Q holds, but we don’t know which one (note they both may hold).

ore m

Case 1: Assume P and prove R

When we apply the ore rule, the checker automatically analyzes both cases. It assumes P and tries to prove R; it assumes Q and tries to prove R. If it can prove R in both cases, then we know R is true.

Case 2: Assume Q and prove R

P

Q

R

R

…if the proofs in both cases above can be completed, we know that R holds. Note: our program logic checker’s behavior for ore is much more automatic than for other rules. CIS 301 --- Program Logic - Conditionals

Or Elimination (ore) Additional premises can be used. The checker will add them to its assumptions. j. k. m. … n.

S T P or Q R

ore m j k

Case 1: Assume P, S,T and prove R

Case 2: Assume Q,S,T and prove R

P, S, T

Q, S, T

R

R

…if the proofs in both cases above can be completed, we know that R holds.

CIS 301 --- Program Logic - Conditionals

Demo

Demo of the Program Logic Checker applied to the development of proofs for the Max example

CIS 301 --- Program Logic - Conditionals

Example Computing the max of two integers (we will now get into details)… x = readInt() y = readInt() if x > y : max = x else : max = y # prove: # (max >= x) and (max >= y) # (max == x) or (max == y)

CIS 301 --- Program Logic - Conditionals

This is what we want to prove.

Example Let’s treat the then branch first… x = readInt() y = readInt() if x > y : """{ 1. }""" max = x """{ 1. 2. 3. 4. 5. 6. 7. }"""

x > y

Knowledge that we gain due to test outcome Knowledge that we gain due to assignment statement.

max == x max >= x x > y max > y max >= y (max >= x) and (max >= y) ((max >= x) and (max >= y)) and (max == x)

CIS 301 --- Program Logic - Conditionals

premise

premise algebra 1 premise subst 1 3 algebra 4 andi 2 5 andi 6 1

Example Let’s treat the else branch first…

Knowledge that we gain due to test outcome

else : """{ 1. not (x > y) premise }""" Knowledge that we gain due max = y to assignment statement. """{ 1. max == y premise 2. max >= y algebra 1 3. not (x > y) premise 4. y >= x algebra 3 5. max >= x subst 1 4 6. (max >= x) and (max >= y) andi 5 2 7. ((max >= x) and (max >= y)) and (max == y) andi 6 1 }""" Merge knowledge from """{ then and else branches 1. (((max >= x) and (max >= y)) and (max == x)) or (((max >= x) and (max >= y)) and (max == y)) premise 2. (max >= x) and (max >= y) ore 1 3. (max == x) or (max == y) ore 1 }"""

CIS 301 --- Program Logic - Conditionals

For You To Do Consider the program fragment below that simulates what might be found in a program that successively reads in integers, counts the total read in, as well as the number of positive and the number of non-positives (in the “eqneg”) variable. Prove that the invariant relating the counter holds both after initialization and after processing an integer.

total = 0 pos = 0 eqneg = 0 # prove that desired invariant # total == pos + eqneg # holds after variable initialization x = readInt() if x > 0 : pos = pos + 1 total = total + 1 else : eqneg = eqneg + 1 total = total + 1 # prove invariant property: CIS 301 --- Program Logic - Conditionals

total == pos + eqneg

Conclusions n

There are two concepts reflected in the claim transformation rule for conditional statements… n

n

n

The knowledge that we gain from the command is the disjunction (or) of the knowledge produced by each branch. When we move past the evaluation of the test expression into a branch, we pick up knowledge regarding the outcome of the test.

The rule for the conditional introduces a claim that contains an “or” connective as the top-level construct. If we want to use the knowledge in the claim to make further deductions, we need to apply the or-elimination (ore) rule. n

The ore rule corresponds to “proof by case analysis”

CIS 301 --- Program Logic - Conditionals

Acknowledgements n

The material in this lecture is based on n

The chapter on Programming Logic for Assignments and Conditionals, by Dr. David A. Schmidt

CIS 301 --- Program Logic - Conditionals

20-cis301-program-logic-conditionals.pdf

Page 2 of 16. Objectives. n Understand how the meaning of the. conditional statement gives rise to rules. for transforming claims about program. variables.
Download PDF
2MB Sizes 0 Downloads 98 Views
Report

Recommend Documents

No documents