Download ppt

Discrete
formal
logic
Mathematics
mathematical preliminaries
Chapter 3
Mathematical Reasoning
? Transparency
Transparency
No.No.
3-12-0
Contents










Discrete Mathematics Ch 3
Mathematical reasoning
First-order theory
Common rules of inferences
Fallacies
Proof methods
Mathematical Inductions
Recursive defined sets
Recursive definitions
Structural Induction
Recursive algorithms
Program correctness
Transparency No. 3-2
First-order theory
Discrete Mathematics Ch 3
Mathematical reasoning
 S : a (first-order) signature[I.e., a set of function and
predicate symbols]
 A (first-order) S-theory T is a collection of sentences
of S.
 For each T, let Th(T) =def {A | T |= A }.
 Ie., Th(T) is the collection of all logical consequences of T.
 T is closed iff it is closed under logical consequence.
 I.e., all logical consequences of T are in T.
 namely, T = Th(T).
 T is consistent iff $ sentences A  Th(T).
 <=> ~$ sentence A s.t., {A,~A}  T.
 T is complete iff for all sentence A, exactly one of A
and ~A Th(T).
Transparency No. 3-3
Discrete Mathematics Ch 3
Mathematical reasoning
Example First-order theory
 S: any signature {p1,...}
 {} is a first order S-theory
 Th({}) = {A | |= A} = the set of all valid (S-)sentences
 {} is consistent.
 since the sentence $x p(x)  Th({}).
 {} is not complete.
 since neither $x p(x) nor ~$x p(x)  Th({}).
 N = {0, +1, +, *, <, =} : (natural) number signature.
 MN : number structure = {{0,1,2,...}, ... }
 NT (Number-theory) = {A is a N-sentence | MN |= A.}
 I.e., Number-theory is the collection of all sentences true
in the number structure.
 NT is a closed, consistent and complete theory.
Transparency No. 3-4
Other First-order theories
Discrete Mathematics Ch 3
Mathematical reasoning
 Total Order theory: S = {, =}
 OT = {











xx
x y /\ y  z -> x z
x y /\ y /\ z -> x = z
x y /\ y z -> x  z
x  y \/ y  x
x=x
x = y -> y = x
x = y /\ y = z -> x = z
x = y -> ((y  z) -> (x z))
x = z -> ((y  z) -> (y  x))
}
 OT is consistent but not complete.
 Existence of least element: $x"y x y neither can be proved
nor can be disproved.
Transparency No. 3-5
More notions about theories
Discrete Mathematics Ch 3
Mathematical reasoning
 T: a S-theory;
A: a (S-)sentence
 Ax: a set of sentences
 If Th(Ax) = Th(T), then Ax is a set of axioms of T.
 Ex:
 T is a set of axioms of T
 {} is a set of axioms of T if T is a set of valid sentences.
 T is said to be finitely axiomatizable iff it has a finite set of
axioms.
 The natural number theory is not finitely axiomatizable.
 Ax : a set of axioms of a theory T;
 A : a formulas of Ax.
 A is a logical axiom if it is true in all theories
 A is a proper axiom if it is not true in all theories.
 Note: Ax: a set of axioms of T => Ax /{A | A is a logical axiom
(of T) } is also a set of axioms of T.
Transparency No. 3-6
Proofs of theorems from axioms of a theory
Discrete Mathematics Ch 3
Mathematical reasoning
 T: a theory, A : a formula,
Ax: a set of axioms of T
 If T |= A. (i.e., A in Th(T)), then say A is a theorem (定
理) of theory(理論) T.
 Problem: How to show that a formula A is a theorem
of T ? ==> give a proof.
 But what is a proof ?
Transparency No. 3-7
What is a proof
Discrete Mathematics Ch 3
Mathematical reasoning
 what is a proof ?
 ==> a sequence of formulas
 A1,
 ...
 An [=A]
generated according to some ( valid inference) rules
Transparency No. 3-8
Inference rules
Discrete Mathematics Ch 3
Mathematical reasoning
 A rule of inference is a pattern of formulas of the
form:
 P1,P2,...,Pm (m  0) // C.
 Meaning that if P1,..,Pm have been produced (proved,
generated, etc) before then we can add C to the proof
sequence (now).
 P1,..,Pm : premises of the rule;
 C: Conclusion of the rule.
Transparency No. 3-9
Discrete Mathematics Ch 3
Mathematical reasoning
Example Rules of inferences and proof
 Rules : where A, B are any formulas.
 r1: // A->(B->A)
 r2: // (A ->(B->C)) ->((A->B)->(A->C))
 r3: A, A->B // B
 A proof of p  p from rules, where p is any
formula:





1. (p -> ((p->p)->p)) -> (p->(p->p)) ->(p->p)) : r2
2. p -> ((p->p) ->p)
:r1
3. (p->(p->p))->(p->p)
:r3, 1, 2.
4. p->(p->p)
:r1
5. p->p
:r3,3,4
Transparency No. 3-10
Formal definition of proofs




Discrete Mathematics Ch 3
Mathematical reasoning
Ax: a set of axioms [of a theory T]
R: a set of inference rules
A: a formula
A proof of A (according to axioms Ax and rules R) is a
nonempty sequence of formulas A1,A2,...,An s.t.,
 1. An = A.
 2. For i = 1,.., n
 Either Ai is an axiom (i.e., a member of Ax) or
 there is an inference rule r: P1,..,Pm / C in R s.t.
1. C = Ai
2. {p1,..,Pm} {A1,...,Ai-1}
 Note:
 1. each Ai (i <n) is called a lemma.
 2. If B can be inferred from A directly, it is called a
corollary of theorem A.
 3. Both lemmas and corollaries are theorems.
Transparency No. 3-11
Soundness of inference rules
Discrete Mathematics Ch 3
Mathematical reasoning
 An inference rule: P1,..,Pm // C is said to be sound(可靠) (or
correct[正確], valid[有效]) in theory T iff
 C is a logical T-consequence of the conjunction of all
premises P1 /\ P2.../\Pm (P1,...,Pm |=T A)
 Fact1 : If P1,..,Pm // C is sound in T, and all premises are
theorem of T then so is the conclusion C.
Pf: M: any model of T, => M |= {P1,..,Pm}
Since the rule is sound, M |= {P1,..,Pm} => M|= C.
Hence M |= C. => C in Th(T).
 Fact2: If A= P1/\P2../\Pn  C is tautology, then r: P1,..,Pn //C
is a correct inference rule of all theories.
Pf: M: any interpretation. A is a tautology => M |= A.
If M|= P1 /\P2../\Pn then M|= C. Hence r is correct. QED
Transparency No. 3-12
Discrete Mathematics Ch 3
Mathematical reasoning
Example inference rules
1. Modus Ponus(MP) : AB, A // B
2. abduction (ABD) : AB, B // A
3. denying premise : AB, ~A // ~B
4. Math. ind.: (let P be any formula )
P(0)
"x P(x)  P(x +1)
-------------------------"x P(x)
Notes:
1. rule 1 is correct for all theories.
2. rule 2,3 are in general not correct for any theory.
3. Rule 4 is correct for natural number(NT) theory, but not
correct for integer theory(ZT) and real number theory(RT).
Transparency No. 3-13
Theorem:
Discrete Mathematics Ch 3
Mathematical reasoning
 Ax: a set of axioms of a theory T
 R: a set of inference rules, each correct in T
 A: a formula
 Theorem: If there is a proof of A from Ax and R, then A is
a theorem of T. (i.e, A in Th(T)).
Pf: By ind. on the length n of proof of A.
Case 1. n = 1. then A is either in Ax or is a conclusion C of a
rule: // C from R. In both cases, we have A in Th(T).
Case 2. n > 1 and the proof is A1,..,An =A.
 Case 2.1. A in Ax => A in Th(T).
 Case 2.2. there is rule: P1,..Pm // A in R, and each Pi in
{A1,..,An-1}. By ind. hyp. each Pi in Th(T). By soundess
of the rule, A in Th(T). QED
 Conclusion: 用正確的推論法則所證明的結論總是正確
的;用非正確的推論法則所證明的結論雖未必錯誤但卻是
不可信的.
Transparency No. 3-14
Discrete Mathematics Ch 3
Mathematical reasoning
Some commonly used inference rules
Rules of
inferences
Tautologies
Name
p // p\/q
p->(p\/q)
Addition
p/\q // p
p/\q->p
Simplication
p, p->q//q
p/\(p->q) -> q
Modus ponens
~q, p->q //~p
~q /\ (p->q) ->~p Modus Tollens
p->q,q->r//p->r ((p->q) /\ (q->r)) Hypothetical
-> (p->r)
syllogism
p\/q,~p //q
~p /\ (p \/q) -> q Disjunctive
syllogism
Transparency No. 3-15
Discrete Mathematics Ch 3
Mathematical reasoning
Some commonly used fallacies
 Affirming the conclusion [abduction]:
 From p->q, q infer p
 Ex: Do all exercises => learn discrete math.
Since have learned D.M., hence have done all exercises.
 note: p is a possible reason (explanation) of q, instead of a
(necessary) consequence of q.
 Denying the hypothesis:
 from ~p and p->q infer ~p.
 Ex: rain => wet, since not rain, hence not wet.
 Circular reasoning
 Assume n2 is even.
 n2 = 2k for some k.
 Hence n2 is even
Transparency No. 3-16
Techniques for proving theorems
Discrete Mathematics Ch 3
Mathematical reasoning
 Different ways of proving a theorem: p implies q.
 Vacuous proof: Prove that ~p. [~p //p->q]
 Trivial proof: Prove that q. [q // p->q ]
 Direct proof: Prove that if p then q. [p->q //p->q]
 suppose p, then ..., q
 Indirect proof: (proof by contraposition)
 Prove that "~q implies ~P" [~q->~p // p->q]
 Proof by contradiction:
 To prove P, it suffices to show that ~P -> F (false)
 [~p ->F // p]
 Proof by cases:
 To prove that "p \/ q implies r " it suffices to show that p->r
and q -> r.
 [p->r, q->r // (p\/ q) ->r.]
Transparency No. 3-17
Proving existence theorem
Discrete Mathematics Ch 3
Mathematical reasoning
Methods for proving $x p(x):
 Constructive proof: find an object (or term) a, s.t.
P(a).
 [p(a) // $x p(x) ]
 Nonconstructive proof: a proof of $x P(x) w/o
knowing what object satisfies p.
 ex:proof by contradiction: Show that ~$x p(x) ->F.
Transparency No. 3-18
Example of existence proofs
Discrete Mathematics Ch 3
Mathematical reasoning
Ex 20: [constructive proof] Show that there are n consecutive
composite integers for every integer n >0. (I.e. for all n $x
(x+1,x+2,...x+n) are all composite.
Sol: Let x = (n+1)! +1.
=> x+i = (n+1)! + (i+1) = (i+1)( (n+1)!/(i+1) +1) is composite for
i = 1,..,n. QED.
Ex 21: [nonconstructive proof] For all n >0 $ prime number > n.
Sol: by contradiction. Assume $n s.t. all prime number < n.
Let m = n! +1. ==> (k, m) = 1 for all k ≤ n.
=> all prime cannot divide m
=> m is a prime > n
=> a contradiction. QED.
Note: We cannot know a prime > n from the proof.
Transparency No. 3-19
Adequacy of inference rules [omitted]
Discrete Mathematics Ch 3
Mathematical reasoning
 T: a theory
 Ax: a set of formulas
 R: a set of inference rules:
 [soundness of proof system]
 The pair (Ax, R) is called a proof(or axiom) system.
 If every formula provable from (Ax,R) is a theorem of T,
( |-(Ax,R) A => A in Th(T) ), we say the proof system is sound
for T.
 If Ax are theorems of T and all rule of R are sound in T =>
(Ax,R) is sound for T.
 Completeness:
 But can we assure that all theorems of T can be proved
from (AX,R) ?
 (Ax,R) is said to be complete for T if it satisfies such
property.
Transparency No. 3-20
Discrete Mathematics Ch 3
Mathematical reasoning
Completeness of axiom systems [omitted]
 Benefit of a complete axiom system:
 No need of other innovative methods to prove or disprove
any existing conjecture in the theory.
 Issues:
 How to find a complete axiom system for various theories.
 Will we be able to find a complete axiom system for any
theory ?
 Facts:
 There are complete axiom systems for the empty first
order theory Th({}).
 There is no sound and complete axiom system for the
natural number theory.(Goedel incompleteness theorem)
Transparency No. 3-21
3.2 Mathematical Induction
Discrete Mathematics Ch 3
Mathematical reasoning
 To show that a property p hold for all nonnegative integer
n, it suffices to show that
1. Basis step: P(0) is true
2. Ind. step: P(n)  P(n+1) is true for all nonnegative
integer.
 P(n) in 2. is called the inductive hypothesis.
 Note: Math. Ind. is exactly the inference rule:
 P(0), "n p(n)P(n+1) // "n P(n) for any property P
 The second form of MI
 Basis: P(0) holds
 Ind. step: P(0) /\ P(1) /\ ...,/\p(n-1)  P(n) holds for all n.
 P(0) /\ P(1) /\ ...,/\p(n-1) (or for all k k<n => P(k)) is the
ind. hyp.
Transparency No. 3-22
Correctness of Math. Ind.
Discrete Mathematics Ch 3
Mathematical reasoning
 Correctness of MI.
Pf: Assume MI is incorrect. i.e. the set NP = {k | P(k) is false} is
not empty.
Let m be the least number of NP.
Since p(0), 0  NP and m >0.
=> m-1 exists and P(0),P(1),…,P(m-1) hold
 P(m) holds [by MI I or II]=> m  NP => a contradiction.
QED.
Transparency No. 3-23
Examples :
Discrete Mathematics Ch 3
Mathematical reasoning
2: Si=1,n 2i-1 = n2
3. n < 2n
4. 3 | n3 - n if n > 0
5.Si=1,n 2i = 2(n+1) -1
6. Sj=1,n arj = arn+1 - a / (r -1)
7. Let Hk = 1 + 1/2 +...+ 1/k => H2n  1 + n/2
8. |S| = n => |2S| = 2n.
9. 1 + 2+...+ n = n(n+1)/2
10. If n > 3 => 2n < n!
11. ~(S1 ...Sn) = ~S1 U ... U ~Sn.
Transparency No. 3-24
More examples:
Discrete Mathematics Ch 3
Mathematical reasoning
13: n >1 => n can be written as a product of primes.
[hint: use 2nd form of MI]
14. for every k >11, there are m,n s.t. k = 4m + 5n.
Transparency No. 3-25
Discrete Mathematics Ch 3
Mathematical reasoning
3.3 Recursive definitions
 Different ways of defining sets of objects
 Explicit listing
 Suitable for finite objects only.
 Define by giving an explicit expression
Ex: F(n) = 2n
 recursive (or inductive ) definition
Define value of objects (sequences, functions, sets, ...)
in terms of values of smaller similar ones.
Ex: the sequence 1,2,4,... (an = 2n) can be defined
recursively as follows:
1. a0 = 1;
2. an+1 = 2 x an for n > 0.
Transparency No. 3-26
Recursively defined functions
Discrete Mathematics Ch 3
Mathematical reasoning
 To define a function over natural numbers:
 specify the value of f at 0 (i.e., f(0))
 Given a rule for finding f(n) from f(n-1),..., f(0).
 i.e., f(n) = some expression in terms of n, f(n), ..., f(0).
 Ex1:
 f(n) = 3 if n = 0

= 2f(n-1) +3 if n >0
 => f(0) = 3,

f(1) = 2f(0) +3 = 9

f(2) = 2f(1)+3 = 21,...
 This guarantees f be defined for all numbers.
Transparency No. 3-27
Discrete Mathematics Ch 3
Mathematical reasoning
More examples functions
 Ex2: The factorial function f(n) = n!
 f(0) = 1
 f(n) = n f(n-1) for all n > 0.
 Recursively defined functions (over N) are well
defined
Pf: Let P(n) = "there is at least one value assigned to f(n)".
Q(n) = "there are at most one value assigned to f(n)".
We show P(n) hold for all n by MI..
basis: P(0) holds.
Ind. : assume p(k) holds for all k ≤ n
=> since f(n+1) can be assigned a value by evaluating the
expr(n,f(0),..,f(n)), where by ind. hyp. all f(i)s (i<n) have been assigned a
value.
The fact that Q(n) holds for all n is trivial, since each f(k) appear at the left
hand side of the definition exactly once. QED
Transparency No. 3-28
More examples:
Discrete Mathematics Ch 3
Mathematical reasoning
Ex5: The Fibonacci number:
 f(0) = 0; f(1) = 1;
 f(n) = f(n-1) + f(n-2) for n > 1.
 ==> 0,1,1,2,3,5,8,...
Ex6: Show that f(n) > a n-2 where a = (1+ sqrt(5))/2 whenever
n ≥ 3.
Pf: (by MI). Let P(n) = "f(n) > a n-2 ".
Basis: P(3), P(4) holds. An easy check.
Ind.step: (for n >= 3)
If n ≥ 3 => an-1 = a2 an-3 = (a+1) an-3 = an-2 + a n-3.
If n ≥ 4 => by ind. hyp., f(n-1) >an-3, f(n) >an-2
Hence f(n+1) = f(n)+f(n-1) > a n-2 + a n-3 = a n-1. QED
Transparency No. 3-29
Lame's theorem
Discrete Mathematics Ch 3
Mathematical reasoning
 a,b: positive integer with a  b.
=> #divisions used by the Euclidean algorithm to find gcd(a,b) 
5 x #decimal digits in b.
Pf: seq of equations used for finding gcd(a,b)
where r0 = a, r1 = b.
r2 = ro mod r1  0
r3 = r1 mod r2  0
...
rn = rn-2 mod rn-1  0
rn+1 = rn-1 mod rn = 0
i.e., until rn | rn-1 and then gcd(a,b) = rn.
#division used = n. rn  1 = f2
rn-1  2rn  2f2 = f3; rn-2  rn+rn-1 = f2 + f3 = f4
...r2 r3 + r4 fn-1+fn-2=fn; b = r1 r2+r3fn+fn-1 = fn+1.> an-1.
logb > (n-1) log a ~ 0.208 (n-1) > (n-1)/5
n < 1 + 5 log b < 1 + 5 #digit(b). => n  5#digit(b).
Transparency No. 3-30
Recursively defined sets
Discrete Mathematics Ch 3
Mathematical reasoning
 Given a universal set U, a subset V of U and a set
of operations OP on U, we often define a subset D
of U as follows:
 1. Init: Every element of V is an element of D.
 2. Closure: For each operation f in OP, if f:Un->U and
t1,..,tn are objects already known to be in the set D, then
f(t1,..,tn) is also an object of D.
 Example: The set S = {3n | n >0} N can be defined
recursively as follows:
 1. Init: 3 ∈ S (i.e., V = { 3 } )
 2. closure: S is closed under +.
 i.e., If a,b ∈ S then so are a+b . (OP = {+})
Transparency No. 3-31
Notes about recursively defined sets
Discrete Mathematics Ch 3
Mathematical reasoning
1. The definition of D is not complete (in the sense that there
are multiple subsets of U satisfying both conditions.
Ex: the universe U satisfies (1) and (2), but it is not
Our intended D.
2. In fact the intended defined set
3': D is the least of all subsets of U satisfying 1 & 2, or
3'': D is the intersection of all subsets of U satisfying 1 & 2
or
3''': Only objects obtained by a finite number of applications
of rule 1 & 2 are elements of D.
3. It can be proven that 3',3'',and 3''' are equivalent.
4. Hence, to be complete, one of 3',3'' or 3''' should be
appended to condition 1 & 2, though it can always be
omitted(or replaced by the adv. inductively, recursively) with
such understanding in mind.
Transparency No. 3-32
Proof of the equivalence of 3',3'' and 3'''
Discrete Mathematics Ch 3
Mathematical reasoning
 D1: the set obtained by 1,2,3'
 D1 satisfies 1&2 and any S satisfies 1&2 is a superset of
D1.
 D2: the set obtained by 1,2,3''.
 D2 = the intersection of all subsets Sk of U satisfying 1&2.
 D3: the set obtained by 1,2,3'''.
 For any x ∈ U, x ∈ D3 iff there is a sequence
x1,...,xm = x, such that for each xi (i = 1.m) either
 (init: ) xi ∈ V or
 (closure:) there are f in OP and t1,...tn in {x1,..,xi-1} s.t.
 xi = f(t1,..,tn).
pf: 1. D2 satisfies 1&2 and is the least of all sets satisfying
1&2 , Hence D1 exists and equals to D2.
2.1 D3 satisfies 1 & 2.[ by ind.]
2.2 D3 is contained in all sets satisfying 1 & 2 [by ind.]
Hence D3 = D2.
Transparency No. 3-33
Example:
Discrete Mathematics Ch 3
Mathematical reasoning
 Ex 7': The set of natural numbers can be defined
inductively as follows:
 Init: 0 in N.
 closure: If x in N, then x' in N.
 => 0, 0',0'',0''',... are natural numbers

(unary representation of natural numbers)
Transparency No. 3-34
Induction principles III (structural induction)
Discrete Mathematics Ch 3
Mathematical reasoning
 D: a recursively defined set
 P; a property about objects of D.
 To show that P(t) holds for all t in D, it suffices to show that
 1. basis step: P(t) holds for all t in V.
 2. Ind. step: For each f in OP and t1,..,tn in D, if P(t1),...,P(tn)
holds, then P(f(t1,..,tn)) holds, too.
 Show the correctness of structural induction.
Pf: assume not correct. => NP = {t ∈ D | P(t) does not hold} is
not empty. => ∃ x ∈ NP s.t. ∃ a derivation x1,..xn of x and all
xi (i<n) ∉ NP.
=> If n =1, then x1 = x ∈ V (impossible)
Else either n > 1 and x ∈ V (impossible, like n=1)
or n > 1, and x=f(t1,.,tn) for some {t1,..,tn} in {x1,..xn-1}
and P holds for all tks => P(x) holds too => x ∉ NP, a
contradiction. QED.
Transparency No. 3-35
MI is a specialization of SI
Discrete Mathematics Ch 3
Mathematical reasoning
 Rephrase the SI to the domain N, we have:




To show P(t) holds for all t ∈ N, it suffices to show that
Init: P(0) holds
Ind. step: [OP={ ‘ }]
for any x in N, If P(x) holds than P(x') holds.
 Notes:
 1. The above is just MI.
 2. MI is only suitable for proving properties of natural
numbers; whereas SI is suitable for proving properties of
all recursively defined sets.
 3. The common variant of MI starting from a value c ≠ 0 ,1
is also a special case of SI with the domain
 D = {c, c+1, c + 2, … }
Transparency No. 3-36
well-formed arithmetic expressions
Discrete Mathematics Ch 3
Mathematical reasoning
Ex: (2 +x), (x + (y/3)),... (ok)
x2+, xy*/3 ... (no)
Let Vr = {x,y,..,} be the set of variables,
M = numerals = finite representations of numbers
OP = {+,-,x,/,^}
U = the set of all finite strings over Vr U M U OP U {(,)}.
The set of all well-formed arithmetic expressions (wfe) can be
defined inductively as follows:
1. Init: every variable x in Vr and every numeral n in M is a wfe.
2. closure: If A, B are wfe, then so are (x+y), (x-y), (x * y),
(x / y) and (x ^ y).
Note: "1 + x " is not a wfe. Why ?
Transparency No. 3-37
More examples:
Discrete Mathematics Ch 3
Mathematical reasoning
 Ex9: Wff (well-formed propositional formulas)






PV: {p1,p2,.. } a set of propositional symbols.
OP = {/\, \/, ~, -> }
U = the set of all finite strings over PV U OP U {(,)}
Init: every pi in PV is a wff
closure: If A and B are wffs, then so are
(A/\B), (A \/B), (A->B), ~A.
 Ex10: [strings]
 S: an alphabet
 S*: the set of finite strings over S is defined inductively
as follows:
1. Init: e is a string.
2. closure: If x is a string and a a symbol in S, then a·x is a
string.
Transparency No. 3-38
Discrete Mathematics Ch 3
Mathematical reasoning
 Ex11: Recursively define two functions on S*.






len : S* -> N s.t. len(x) = the length of the string x.
basis: i(e) = 0
Ind. step: for any x in S and a in S, len(ax) = len(x) + 1.
· : S* x S*  S* s.t. x · y = the concatenation of x and y.
Basis: e · y = y for all string y.
recursive step: (a · z) · y = a · (z · y) for all symbols a and
strings z,y.
 Prove properties of len(-) on S*:
Ex12: show that len(x · y) = len(x) +len(y) for any x,y ∈ S*.





By SI on x. Let P(x) = "len(xy) = len(x) +len(y)".
Basis: x = e. => x · y = y => len(x · y) = len(y) = len(e) + len(y).
Ind. step: x = az
len(x · y) = len((a · z) · y) = len((a · (z · y)) = 1 + len(zy)
= 1+ len(z) + len(y) =l(x) +l(y).
Transparency No. 3-39
Where we use Recursion
Discrete Mathematics Ch 3
Mathematical reasoning
 Define a domain
 numbers, lists, trees, formulas, strings,...
 Define functions on recursively defined domains
 Prove properties of functions or domains by
structural induction.
 compute recursive functions
 --> recursive algorithm
 Ex:
len(x){ // x : a string
if x = e then return(0)
else return(1+ l(tl(x))) }
Transparency No. 3-40
3.4 Recursive algorithm
Discrete Mathematics Ch 3
Mathematical reasoning
 Definition: an algorithm is recursive if it solve a
problem by reducing it to an instance of the same
problem with smaller inputs.
 Ex1: compute an where a ∈ R and n ∈ N.
 Ex2: gcd(a,b) a, b ∈ N, a > b
 gcd(a,b) =def if b = 0 then a
else gcd(b, a mod b).
 Ex: show that gcd(a,b) will always terminate.
 Comparison b/t recursion and iteration
 Recursion: easy to read, understand and devise.
 Iteration: use much less computation time.
 Result: programmer --> recursive program -->
 compiler --> iterative program --> machine.
Transparency No. 3-41
3.5 Program correctness
Discrete Mathematics Ch 3
Mathematical reasoning
 After designing a program to solve a problem, how can
we assure that the program always produce correct
output?
 Types of errors in a program:
 syntax error --> easy to detect by the help of compiler
 semantic error --> test or verify
 Program testing can only increase our confidence about
the correctness of a program; it can never guarantee that
the program passing test always produce correct output.
 A program is said to be correct if it produces the correct
output for every possible input.
 Correctness proof generally consists of two steps:
 Termination proof :
 Partial correctness: whenever the program terminates,
it will produce the correct output.
Transparency No. 3-42
Discrete Mathematics Ch 3
Mathematical reasoning
Program verification
 Problem:
 what does it mean that a program produce the
correct output (or results)?
By specifying assertions (or descriptions) about the
expected outcome of the program.
 Input to program verifications:
 Pr : the program to be verified.
 Q : final assertions (postconditions), giving
the properties that the output of the program
should have
 P : initial assertions(preconditions) , giving
the properties that the initial input values are
required to have.
Transparency No. 3-43
Hoare triple:
Discrete Mathematics Ch 3
Mathematical reasoning
 P,Q; assertions
 S: a program or program segment.
 P {S} Q is called a Hoare triple, meaning that
S is partially correct (p.c.) w.r.t P,Q,i.e., whenever P
is true for I/P value of S and terminates, then Q is
true for the O/P values of S.
Ex1: x=1 {y := 2; z := x+ y} z = 3 is true. Why ?
Ex 2: x = 1 { while x > 0 x++ } x = 0 is true. why?
Transparency No. 3-44
Discrete Mathematics Ch 3
Mathematical reasoning
Typical program constructs:
1. assignment: x := expr
 x := x+y-3
2. composition: S1;S2
 Execute S1 first, after termination, then execute S2.
3. Conditional:
 3.1 If <cond> then S
 3.2 If <cond> then S1 else S2.
4. Loop:
 4.1 while <cond> do S
 4.2 repeat S until <cond>
// 4.3 do S while <cond> …
 Other constructs possible, But it can be shown that
any program can be converted into an equivalent
one using only 1,2,3.1 and 4.1
Transparency No. 3-45
Assignment rule
Discrete Mathematics Ch 3
Mathematical reasoning
 P[x/expr] {x := expr } P
 P[x/expr] is the result of replacing every x in P by the
expression expr.
 ex: P = "y < x /\ x + z = 5" => P[x/3] = “y < 3 /\ 3+z = 5".
 Why correct?
 consider the variable spaces
 (...,x,...) == x := expr ==> (..., expr,...) |= P
 Hence if P[x/expr] holds before execution, P will hold after
execution.
 Example: Q {y := x+y} x > 2y + 1 => Q = ?
 (xb,yb) ==>{ya := xb+yb} ==>(xb,xb+yb) = (xa,ya) |= P(xa,ya) =def
‘’xa > 2ya +1’’
 => (xb,yb) |= Q = P(xa,ya)[xa/xb;ya/xb+yb]
 = P(xb,xb+yb)  “xb > 2(xb+yb) +1”
Transparency No. 3-46
Composition rules:
Discrete Mathematics Ch 3
Mathematical reasoning
 Splitting programs into subprograms and then show that
each subprogram is correct.
 The composition rule:
P {S1} Q
x = 0 { x:= x+2} ?
Q {S2} R
? { x := x-1} x > 0
--------------------------------------------------------P {S1;S2} R
x=0 {x:= x+2; x:= x -1} x > 0
 Meaning:
 Forward reading:
 Backward reading: to prove P{S1;S2}Q, it suffices to find
an assertion Q s.t. P{S1}Q and Q {S2}R.
 Problem: How to find Q ?
Transparency No. 3-47
Example:
Discrete Mathematics Ch 3
Mathematical reasoning
 Show that x =1 {y := 2; z := x +y} z = 3
 x = 1 {y := 2; z := x+y} z = 3
 ------------------------------------------------------- x=1 {y := 2} ?
? {z := x+y} z = 3
Transparency No. 3-48
Discrete Mathematics Ch 3
Mathematical reasoning
Classical rules
Classical rules:
P => P1
P1 {S} Q
---------------------P {S} Q
P {S} Q1
Q1 => Q
----------------------P{S} Q
P => P1
P1 {S} Q1
Q1 => Q
------------------------P {S} Q
Examples:
x = 1 => x+1>1
x+1>0 {x := x + 1} x > 0
x+1>1 { x := x + 1 } x > 1
x > 0 => x ≠ 0
----------------------------------- ----------------------------------x = 1 { x := x + 1} x > 1
x+1 > 0 {x := x+1 } x ≠ 0
Transparency No. 3-49
Conditional rules
Discrete Mathematics Ch 3
Mathematical reasoning
P /\ <cond> {S1} Q
P /\~ <cond> {S2} Q
-----------------------------------------------P {if <cond> then S1 else S2 } Q
T /\ x > y => x  x x x {y:=x} y  x
-----------------------------------------------P /\ <cond> {S} Q
T /\ x>y {y := x} y  x
P /\~<cond> => Q
~ x > y =>
yx
---------------------------------------------------------------P {if <cond> then S} Q
T {if x > y then y := x} y  x
Transparency No. 3-50
Discrete Mathematics Ch 3
Mathematical reasoning
While-loop rules
 Loop invariant:
 A statement P is said to be a loop invariant of a while
program: While <cond> do S, if it remains true after each
iteration of the loop body S.
 I.e., P /\ <cond> {S} P is true.
 While rule:
 P /\ <cond> {S} P
 ---------------------------------------------------- P {while <cond> do S} P /\ ~<cond>
 Issues:
 How to find loop invariant P?
 Most difficulty of program verification lies in the finding of
appropriate loop invariants.
Transparency No. 3-51
While loop example
Discrete Mathematics Ch 3
Mathematical reasoning
Show that
n>0 { i:= 1; f := 1;
while i < n do (i := i+1 ; f := f x i ) } f = n!
To prove the program terminates with f = n!, a loop invariant is
needed.
Let p = "i ≤ n /\ f = i!"
First show that p is a loop invariant of the while program
i.e., i  n /\ f = i! /\ i < n { i:= i+1; f:= f x i} i n /\ f=i!
Transparency No. 3-52
Discrete Mathematics Ch 3
Mathematical reasoning
while loop example(cont'd)
n > 0 ---
i:= 1;
------ i ≤ n
f := 1; ------ p = "i ≤ n /\ f = i! “
while i < n do (i := i+1 ; f := f x i )
------ p /\ ~ i < n ==> i=n /\ f = i!
==> f = n!
Transparency No. 3-53
Another example:
Discrete Mathematics Ch 3
Mathematical reasoning
Ex5:Show that the following program is correct:
Procedure prod(m,n: integer) : integer
1. If n < 0 then a := -n
else a := n ; ------ a = |n|
2. k := 0 ; x := 0
3. while k < a do
--- p = "x = mk /\ k ≤ a" is a loop
x := x + m;
invariant.
k := k+1
enddo
--- x = mk /\ k ≤ a /\ ~k<a => k=a /\ x=ma
=> x = m |n|
4. If n < 0 then prod := -x => prod = - m |n| = mn
else prod := x
=> Prod = m |n| = mn
---- prod = mn. Hence the program is [partially] correct !
Note: to be really correct, we need to show that the program
will eventually terminates.
Transparency No. 3-54