Program Correctness By Justin Reschke 10 5 04

Program Correctness By Justin Reschke 10 -5 -04

Overview Levels of Correctness n Deadly Sins of Programming n Importance of Correctness n Proof By Induction n Conclusion n

Levels of Correction n n 1) No syntax errors 2) No errors that can be detected at compile or run time 3) There exists a set of test data for which the program will yield proper results 4) For a typical set of test data the program will yield proper results 5) For deliberately difficult sets of test data the program will yield proper results

Levels of Correctness n n n 6) For all possible sets of test data that are valid according to the problem specification, the program will yields the correct answer. 7) For all possible sets of valid test data, and for all likely conditions of erroneous input, the program gives a correct (or at least reasonable) answer 8) For all possible input, the program gives correct or reasonable answers

Levels of Correctness Most programmers never mature beyond level 3 n Level of correctness is in the hands of the programmer n Ideally, the user would like level 8 n

Deadly Sins of Programming n n n Debugging the program instead of the algorithm Insufficient documentation Using an inappropriate language Relying on default conditions Insufficient verification assertions at critical points Not paying attention to input operations

Importance of Correctness Saves Time n Time = Money n Critical Applications n ¨ Could mean life or death.

$Proving By Induction Square function: sq(n) = n^2 sq(n) { S <- 0 i$

Proving By Induction Square function: sq(n) = n^2 sq(n) { S <- 0 i <- 0 while(i < n) { S <- S + n i <- i + 1 } return S } In general, n is added n times producing n^2 To prove, we must show that after going through the loop k times, S = k*n and i = k must hold.

$Proving By Induction Square function: sq(n) = n^2 n n sq(n) { S <-$

Proving By Induction Square function: sq(n) = n^2 n n sq(n) { S <- 0 i <- 0 while(i < n) { S <- S + n i <- i + 1 } return S } n n Basis Step: k = 0 This means the loop is never entered. S = 0 and i = 0 S = k*n and i = k hold true.

$Proving By Induction Square function: sq(n) = n^2 sq(n) { S <- 0 i$

Proving By Induction Square function: sq(n) = n^2 sq(n) { S <- 0 i <- 0 while(i < n) { S <- S + n i <- i + 1 } return S } n Induction Hypothesis: For an arbitrary value m of k, S = m * n and i = m hold after going through the loop m times n Inductive Step: When the loop is entered the m+1 -th time, currently, S = m * n and i = m (The Induction Hypothesis). After the next loop: S = m*n+n = (m+1)*n, i = m+1 Thus S = k*n and i = k hold for any natural number k.

$Proving By Induction Square function: sq(n) = n^2 n n sq(n) { S <-$

Proving By Induction Square function: sq(n) = n^2 n n sq(n) { S <- 0 i <- 0 while(i < n) { S <- S + n i <- i + 1 } return S } n One more thing We must prove the algorithm will terminate for any input. Easy, i begins at 0 and increases by 1 each iteration of the loop and n is a natural number. Thus i will eventually be equal to n in a finite number of steps.

Proof By Induction Factorial: fact(n)=n! i <- 1 F <- 1 while i <= n { F <- F * i i <- i + 1 } return F Calculates factorial starting from 1. 1 * 2 * 3 * 4…. * n = n! To prove, we must show that after going through the loop k times, F = k! and i = k + 1 must hold.

Proof By Induction Factorial: fact(n)=n! n i <- 1 F <- 1 n while i <= n { F <- F * i i <- i + 1 } n return F n Basis Step: k = 1 The loop is entered once. F = 1 * 1=1 and i = 1+1=2 F = k! and i = k hold true.

Proof By Induction Factorial: fact(n)=n! n Induction Hypothesis: For an arbitrary value m of k, F = m! and i = m + 1 hold after going through the loop m times. n Inductive Step: When the loop is entered (m + 1)-st time, F = m! and i = (m+1) at the beginning of the loop. i <- 1 F <- 1 while i <= n { F <- F * i i <- i + 1 } return F After the next loop: F = m! * (m+1) = F = (m+1)! i = (m+1)+1

Proof By Induction Factorial: fact(n)=n! n n i <- 1 F <- 1 while i <= n { F <- F * i i <- i + 1 } return F n Don’t forget. We must prove the algorithm terminates after a finite number of steps. Easy again, i increases by one starting from 1 until it is 1 greater than positive integer n.

Conclusion Its good to be more correct. n Program errors can mean death n Induction is a useful way to prove correctness. n An algorithm is only as good as the programmer. n

References n n Mathematical theory of program correctness, J. W. de Bakker The New Turing Omnibus, A. K. Dewdney Program Correctness using Induction, http: //www. cs. odu. edu/~toida/nerzic/content/i nduction/use_of_induction_loop. html Program Correctness, http: //courses. cs. vt. edu/~cs 2704/sum 02/note s/A 01. Prog. Correctness. pdf