Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
sav08:proving_correctness_of_some_small_examples [2008/02/17 18:56] vkuncak |
sav08:proving_correctness_of_some_small_examples [2008/02/17 19:21] vkuncak |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Proving Correctness of Some Small Examples ====== | ====== Proving Correctness of Some Small Examples ====== | ||
- | In this demo we go through several examples and prove them correct using Jahob. | + | In this demo we go through several examples and prove them correct using the [[:Jahob system]]. |
==== A Recursive Function ==== | ==== A Recursive Function ==== | ||
Line 27: | Line 27: | ||
* [[Proof of first lecture01 example]] | * [[Proof of first lecture01 example]] | ||
- | {{sav08:integerdemo.java.txt|Examples of Functions with Specifications}} | + | === An Iterative Example |
- | For homework, you will have more such examples. | + | <code> |
+ | private static int fi(int x, int y) | ||
+ | { | ||
+ | int r = 0; | ||
+ | int i = 0; | ||
+ | while | ||
+ | (i < y) { | ||
+ | i = i + 1; | ||
+ | r = r + x; | ||
+ | } | ||
+ | return r; | ||
+ | } | ||
+ | </code> | ||
+ | * How can we prove it? | ||
+ | * [[Notion of inductive loop invariant]] | ||
+ | * What is and is not inductive loop invariant in this example | ||
+ | |||
+ | === Transforming iterative version === | ||
+ | |||
+ | * changing initial condition | ||
+ | |||
+ | === Summary === | ||
+ | |||
+ | {{sav08:integerdemo.java.txt|Examples of Functions with Specifications}} | ||
+ | As part of homework, you will have another such example. |