CISC 403/603 Program Validation
Midterm Exam takehome revision opportunity, Due Thursday, Apr 28

On each question (except #2) you may submit a revised answer. If your original answer is satisfactory, just resubmit it. Every answer is being returned in the interest of a level playing field. If you wish to write a new solution, write each one on a separate piece of paper with problem number clearly marked. Return the original exam along with such new answers.

Note that the postcondition on the first problem is amended to include the precondition (and in the precondition the names of some bound variables are changed to avoid confusion with program variables - technically there is no ambiguity between i,j as bound variables in Q and program variables i,j. but we humans may inadvertently confuse bound and unbound instances.)

  1. Double Dipper. Suppose it is known that there is a person on the welfare rolls in both Maryland and Delaware. Let f[0:?] be the sequence of welfare recipients in Delaware, listed in increasing order. Let g[0:?] the corresponding list for Maryland, also in ascending order. The upperbounds for both arrays are not known, but it is certain that there is at least one name on both lists. The goal is to find the indices iv and jv of the first such person. Thus the data satisfies, for some as yet unknown constants iv and jv,
    {Q: f[iv] = g[jv] // unknown indices iv, jv index a double dipper
    ^ (A m,n: 0 ≤ m < iv, 0 ≤ n < jv: f[m] ≠ g[n]) // first such
    ^ (Ak: 0 < k: f[k-1] < f[k] ^ g[k-1] < g[k]) // ascending order.
    }

    and the goal is to compute with indices i and j until they reach the first double dipper. With that background we may write the postcondition simply as <
    {R: (i = iv) ^ (j = jv) ^ Q} Design a loop with invariant and bound to meet this specification. 

    {Q}
i,j := 0,0;
{inv P: ??}
{bound t: ??}
do ?? od
{R}
    1. First design P. Which did you use: deleting a conjunct, converting a constant to a variable, extending the range of a constant?
    2. Choose guards. How chosen?
    3. Write complete loop and bound t.

Each of the following programs purports to be do partitioning (as in quicksort) of a given array of integers b[0:n-1] with respect to a given value x. Each contains one or more bugs, Give a state (a specific array b and an x) satisfying the initial precondition, but for which, after program execution, the postcondition fails to hold. Explain which of the 5 checklist points fails to hold (any one of them, if more than one fail). If your original answer does the job, just return it. If it does the job but contains extra info such as proofs of checkpoint items that do hold, clearly mark the essential part: the counterexample state and it's explanation. 

  1. // program A: partition given array b[0:n-1] with respect to value x.
{Q: (E i: 0 ≤ i < n: b[i] = x}
i,j:= 0, n-1;
{inv P: (A k: 0 ≤ k < i: b[k] ≤ x) 
^ (A k: j < k ≤ n: b[k] ≥ x) 
{bound t: j - i}
do b[i] &le x → i := i+1 
 [] b[j] &ge x → j := j-1
 [] b[j] ≤ x ^ x ≤ b[i] → i,j,b[i],b[j] := i+1, j-1, b[j],b[i]
od
{R: (A k: 0 ≤ k ≤ i: b[k] ≤ x) 
^ (A k: i < k < n: b[k] ≥ x) 


  2. 

    // program B: partition given array b[0:n-1] with respect to value x.
{Q: (E i: 0 ≤ i < n: b[i] = x}
i,j:= 0, n-1;
{inv P: (A k: 0 ≤ k < i: b[k] ≤ x) 
^ (A k: j < k ≤ n: b[k] ≥ x) 
{bound t: j - i}
do i < j ^ b[i] &le x → i := i+1 
 [] i ≤ j ^ b[j] &ge x → j := j-1
 [] b[j] ≤ x ^ x ≤ b[i] → i,j,b[i],b[j] := i+1, j-1, b[j],b[i]
od
{R: (A k: 0 ≤ k ≤ i: b[k] ≤ x) 
^ (A k: i < k < n: b[k] ≥ x) 

    


  3. 

    // program C: partition given array b[0:n-1] with respect to value x.
{Q: T}
i,j:= -1, n-1;
{inv P: (A k: 0 ≤ k ≤ i: b[k] ≤ x) 
^ (A k: j < k ≤ n: b[k] ≥ x) 
{bound t: j - i}
do i < j ^ b[i+1] &le x → i := i+1 
 [] i < j ^ b[j] &ge x → j := j-1
 [] b[j] ≤ x ^ x ≤ b[i+1] → i,j,b[i+1],b[j] := i+1, j-1, b[j],b[i+1]
od
{R: (A k: 0 ≤ k ≤ i: b[k] ≤ x) 
^ (A k: i < k < n: b[k] ≥ x)