Induction Strong Induction Recursive Defs and Structural Induction Program Correctness

Induction and Recursion

Lucia Moura
Winter 2010
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Mathematical Induction
Mathematical Induction
Principle (of Mathematical Induction)
Suppose you want to prove that a statement about an integer n is true for
every positive integer n.
Dene a propositional function P(n) that describes the statement to
be proven about n.
To prove that P(n) is true for all n 1, do the following two steps:

Basis Step: Prove that P(1) is true.

Inductive Step: Let k 1. Assume P(k) is true, and prove that

P(k + 1) is true.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Mathematical Induction
Types of statements that can be proven by induction
1
Summation formulas
Prove that 1 + 2 + 2
2
+ + 2
n
= 2
n+1
1, for all integers n 0.
2
Inequalities
Prove that 2
n
< n! for every positive integer n with n 4.
3
Divisibility results
Prove that n
3
n is divisible by 3 for every positive integer n.
4
Results about sets
Prove that if S is a set with n elements where n is a nonnegative
integer, then S has 2
n
subsets.
5
Creative use of mathematical induction
Show that for n a positive integer, every 2
n
2
n
checkerboard with
one square removed can be tiled using right triominoes (L shape).
6
Results about algorithms
Prove that procedure fac(n) returns n! for all nonnegative integers
n 0.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Mathematical Induction
Prove that algorithm fac(n) returns n! for all nonnegative integers n 0.
procedure fac(n: nonnegative integer)
if (n = 0) then return 1
else return nfac(n 1)
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Strong Induction or Complete Induction
Strong Induction
Principle (of Strong Induction)
Suppose you want to prove that a statement about an integer n is true for
every positive integer n.
Dene a propositional function P(n) that describes the statement to
be proven about n.
To prove that P(n) is true for all n 1, do the following two steps:

Basis Step: Prove that P(1) is true.

Inductive Step: Let k 1. Assume P(1), P(2), . . . , P(k) are all true,
and prove that P(k + 1) is true.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Strong Induction or Complete Induction
Use strong induction to prove:
Theorem (The Fundamental Theorem of Arithmetic)
Every positive integer greater than 1 can be written uniquely as a prime or
as the product of two or more primes where the prime factors are written
in order of nondecreasing size.
Proof:
Part 1: Every positive integer greater than 1 can be written as a prime
or as the product of two or more primes.
Part 2: Show uniqueness, when the primes are written in nondecreasing
order.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Strong Induction or Complete Induction
Proof of Part 1: Consider P(n) the statement n can be written as a
prime or as the product of two or more primes.. We will use strong
induction to show that P(n) is true for every integer n 1.
Basis Step: P(2) is true, since 2 can be written as a prime, itself.
Induction Step: Let k 2. Assume P(1), P(2), . . . , P(k) are true. We
will prove that P(k + 1) is true, i.e. that k + 1 can be written as a prime
or the product of two or more primes.
Case 1: k + 1 is prime.
If k + 1 is prime, then the statement is true as k + 1 can be written as
itself, a prime.
Case 2: k + 1 is composite.
By denition, there exist two positive integers a and b with
2 a b < k + 1, such that k + 1 = ab. Since a, b < k + 1, we know by
induction hypothesis that a and b can each be written as a prime or the
product of two or more primes. Thus, k + 1 = ab can be written as a
product of two or more primes, namely those primes in the prime
factorization of a and those in the prime factorization of b.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Strong Induction or Complete Induction
We want to prove Part 2. The following Lemma has been proven.
Lemma (A)
If a, b, and c are positive integers such that gcd(a, b) = 1 and a[bc, then
a[c.
We prove the following lemma using induction.
Lemma (B)
If p is a prime and p[a
1
a
2
a
n
, where each a
i
is an integer and n 1,
then p[a
i
for some i, 1 i n.
Proof: Let P(n) be the statement If a
1
, a
2
, . . . , a
n
are integers and p is
a prime number such that p[a
1
a
2
a
n
, then p[a
i
for some i, 1 i n.
We will prove P(n) is true for all n 1.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Strong Induction or Complete Induction
Let P(n) be the statement If a
1
, a
2
, . . . , a
n
are integers and p is a prime
number such that p[a
1
a
2
a
n
, then p[a
i
for some i, 1 i n.
We will prove P(n) is true for all n 1.
Basis: Prove that P(1) is true.
The statement is trivially true, since for n = 1, p[a
1
already gives that p[a
i
for some i, 1 i 1.
Induction step: Let n 2. Assume P(n 1) is true. Prove P(n) is true.
Let p be a prime such that p[a
1
a
2
a
n
. In the case that p[a
n
, we are
done. So, consider the case p ,[ a
n
. Since p is prime, we have
gcd(p, a
n
) = 1, thus, by Lemma A, p[a
1
. . . a
n1
. By induction hypothesis,
we have that p[a
i
for some i, 1 i n 1. Combining both cases, we
get that p[a
i
for some i, 1 i n.

CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Strong Induction or Complete Induction
Proof of Part 2: (uniqueness of the prime
factorization of a positive integer).
Suppose by contradiction that n can be written as a product of primes in
two dierent ways, say n = p
1
p
2
. . . p
s
and n = q
1
q
2
. . . q
t
, where each p
i
and q
j
are primes such that p
1
p
2
p
s
and q
1
q
2
q
t
.
When we remove all common primes from the two factorizations, we have:
p
i
1
p
i
2
p
i
u
= q
j
1
q
j
2
q
j
v
, where no primes occur on both sides of this
equations and u and v are positive integers.
By Lemma B, p
i
1
must divide q
j
k
for some k, 1 k v. Since p
i
1
and
q
j
k
are primes we must have p
i
1
= q
j
k
, which contradicts the fact that no
primes appear on both sides of the given equation.

CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Strong Induction or Complete Induction
Examples of statements that can be proven by strong
induction
1
Consider a game with 2 players that take turns removing any positive
number of matches they want from one of two piles of matches. The
player that removes the last match wins the game. Prove that if both
piles contains the same number of matches initially, the second player
can always guarantee a win.
2
Prove that every amount of 12 cents or more can be formed with
4-cent and 5-cent stamps. (also try to prove it in a dierent way
using mathematical induction)
3
Prove that algorithm gcd(a, b) (given in page 313 of the textbook)
returns the gcd(a, b) for all integers a, b, a < b.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Strong Induction or Complete Induction
Prove that procedure gcd(a, b) returns the gcd(a, b) for all integers a, b,
a < b.
procedure gcd(a, b: nonnegative integers with a < b)
if (a = 0) then return b
else return gcd(b mod a, a)
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Recursive Denitions
Recursive Denitions
We can use recursion to dene:
functions,
sequences,
sets.
Mathematical induction and strong induction can be used to prove results
about recursively dened sequences and functions.
Structural induction is used to prove results about recursively dened sets.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Recursive Denitions
Recursively Dened Functions
Examples:
Dening the factorial function recursively:
F(0) = 1,
F(n) = n F(n 1), for n 1.
Dening the maximum number of comparisons for the Mergesort
algorithm (given in page 318):
T(1) = 0,
T(n) = T(n/2|) + T(n/2|) + n 1, for n 2.
Number of moves needed to solve the Hanoi tower problem:
H(1) = 1,
H(n) = 2H(n 1) + 1, for n 2.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Recursive Denitions
Recursively Dened Sequences
Consider the Fibonacci numbers, recursively dened by:
f
0
= 0,
f
1
= 1,
f
n
= f
n1
+ f
n2
, for n 2.
Prove that whenever n 3, f
n
>
n2
where = (1 +

5)/2.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Recursive Denitions
Let P(n) be the statement f
n
>
n2
. We will show that P(n) is true
for n 3 using strong induction.
Basis: We show that P(3) and P(4) are true:
= (1 +

5)/2 < (1 + 3)/2 = 2 = f

3
.

2
= ((1+

5)/2)
2
= (1
2
+2

5+5)/4 = (3+

5)/2 < (3+3)/2 = 3 = f

4
.
Inductive step: Let k 4. Assume P(j) is true for all integers j with
3 j k. Prove that P(k + 1) is true.
We have:
f
k+1
= f
k
+ f
k1
, (by the denition of the Fibonacci sequence)
>
k2
+
k3
, (by induction hypothesis)
=
k3
( + 1) =
k3
((1 +

5)/2 + 1) =
k3
((3 +

5)/2)
=
k3

2
=
k1
.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Recursive Denitions
Recursively Dened Sets and Structures
Denition (Set of strings over an alphabet)
The set

of strings over the alphabet can be dened recursively by:

Basis Step:

(where is the empty string)

Recursive Step: If w

and x , then wx

.
Example: If = 0, 1, then

= , 0, 1, 00, 01, 10, 11, 000, 001, 010, 011, . . ..

Denition (Well-formed formulas of Operators and Operands)
Basis Step: x is a well-formed formula if x is a numeral or variable.
Recursive Step: If F and G are well-formed formulas, then (F + G),
(F G), (F G), (F/G) and (F G) are well-formed formulas.
Example: The following are well-formed formulas:
(x 3), (3/0), ((x + 2) y), ((2 + 3) (x/y)), etc.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Structural Induction
Structural Induction
Structural induction is used to show results about recursively dened sets.
Principle (of Structural Induction)
To show that a statement holds for all elements of a recursively dened
set, use the following steps:
Basis Step: Prove that the statement holds for all elements
specied in the basis step of the set denition.
Recursive Step: Prove that if the statement is true for each of the
elements used to construct elements in the recursive step of the set
denition, then the result holds for these new elements.
The validity of this principle comes from the validity of mathematical
induction, as we can transform the above argument on an induction on n
where n is the number of applications of the recursive step of the set
denition needed to obtain the element we are analysing.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Structural Induction
Example of Structural Induction I
Prove that every well-formed formula of Operators and Operands contains
an equal number of left and right parentheses.
Proof by structural induction:
Basis Step: A numeral or a variable, each contains 0 parentheses, so
clearly they contain an equal number of right and left parentheses.
Recursive Step: Assume F and G are well-formed formulas each
containing an equal number of left and right parentheses. That is, if l
F
and l
G
are the number of left parentheses in F and G, respectively, and
r
F
and r
G
are the number of right parentheses in F and G, respectively,
then l
F
= r
F
and l
G
= r
G
. We need to show that (F + G), (F G),
(F G), (F/G) and (F G) also contain an equal number of left and
right parenthesis. For each of these well-formed formulas, the number of
left parentheses is L = l
F
+ l
G
+ 1 and the number of right parentheses is
R = r
F
+ r
G
+ 1. Since l
F
= r
F
and l
G
= r
G
, it follows that
L = l
F
+l
G
+1 = r
F
+r
G
+1 = R. This concludes the inductive proof.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Structural Induction
Example of Structural Induction II
Recall the denition of a set of strings.
Denition (Set of strings over an alphabet)
The set

of strings over the alphabet can be dened recursively by:

Basis Step:

(where is the empty string)

Recursive Step: If w

and x , then wx

.
We now give a denition of concatenation of two strings.
Note how this denition is built on the denition of string.
Denition (Concatenation of two strings)
Basis Step: If w

, then w = w.
Recursive Step: If w
1

, w
2

and x , then
w
1
(w
2
x) = (w
1
w
2
)x.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Structural Induction
We now give a recursive denition of the reversal of a string.
Denition (Reversal of a string)
Basis Step:
R
=
Recursive Step: If w

and x , then (wx)

R
= x (w)
R
.
Exercise: Use structural induction to prove that if w
1
and w
2
are strings,
then (w
1
w
2
)
R
= w
R
2
w
R
1
.
Note that this proof needs to use the 3 denitions given above.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Correctness of recursive algorithms
Proving the correctness of recursive programs
Mathematical induction (and strong induction) can be used to prove that
a recursive algorithm is correct:
to prove that the algorithm produces the desired output for all possible
input values.
We will see some examples next.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Correctness of recursive algorithms
Recursive algorithm for computing a
n
procedure power(a: nonzero real number, n: nonnegative integer)
if (n = 0) then return 1
else return apower(a, n 1)
We will prove by mathematical induction on n that the algorithm above is
correct.
We will show P(n) is true for all n 0, for
P(n): For all nonzero real numbers a, power(a, n) correctly computes a
n
.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Correctness of recursive algorithms
Proving power(a, n) is correct
Basis: If n = 0, the rst step of the algorithm tells us that power(a,0)=1.
This is correct because a
0
= 1 for every nonzero real number a, so P(0) is
true.
Inductive step:
Let k 0.
Inductive hypothesis: power(a, k) = a
k
, for all a ,= 0.
We must show next that power(a, k + 1) = a
k+1
.
Since k + 1 > 0 the algorithm sets power(a, k + 1) = apower(a, k).
By inductive hypotheses power(a, k) = a
k
, so
power(a, k + 1) = apower(a, k) = a a
k
= a
k+1
.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Correctness of recursive algorithms
Recursive algorithm for computing b
n
mod m
procedure mpower(b, n, m: integers with m 2, n 0)
if n = 0 then return 1;
else if n is even then return mpower(b, n/2, m)
2
mod m
else return ((mpower(b, n/2|, m)
2
mod m) (b mod m)) mod m
Examples:
power(2, 5, 6) =
= ((power(2, 2, 6)
2
mod 6) (2 mod 6)) mod 6
= (((power(2, 1, 6)
2
mod 6)
2
mod 6) (2)) mod 6
= ((((power(2, 0, 6)
2
mod 6) (2 mod 6)) mod 6)
2
mod 6)
2
mod 6)
2) mod 6
= ((((1
2
mod 6) 2) mod 6)
2
mod 6)
2
mod 6) 2) mod 6
= 2.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Correctness of recursive algorithms
Proving mpower(a, n, m) is correct, using induction on n
Basis: Let b and m be integers with m 2, and n = 0. In this case, the
algorithm returns 1. This is correct because b
0
mod m = 1.
Inductive step:
Induction hypothesis: Let k 1. Assume power(b, j, m) = b
j
mod m for
all integers j with 0 j k 1, whenever b is a positive integer and m is
an integer with m 2.
We must show next that power(b, k, m) = b
k
mod m. There are two
cases to consider.
Case 1: k is even. In this case, the algorithm returns
mpower(b, k/2, m)
2
mod m = (i.h.)(b
k/2
mod m)
2
mod m = b
k
mod m.
Case 2: k is odd. In this case, the algorithm returns
((mpower(b, k/2|, m)
2
mod m) (b mod m)) mod m
= (i.h.)(b
k/2
mod m)
2
mod m) (b mod m)) mod m
= (b
2k/2+1
mod m) = b
k
mod m.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Program verication
Program verication
We want to be able to prove that a given program meets the intended
specications.
This can often be done manually, or even by automated program
verication tools. One example is PVS (Peoples Verication System).
A program is correct if it produces the correct output for every possible
input.
A program has partial correctness if it produces the correct output for
every input for which the program eventually halts.
Therefore, a program is correct if and only if it has partial correctnes and
terminates.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Program verication
Hoares triple notation
A programs I/O specication can be given using initial and nal
assertions.

The initial assertion p is the condition that the programs input (its
initial state) is guaranteed (by its user) to satisfy.

The nal assertion q is the condition that the output produced by the
program (its nal state) is required to satisfy.
Hoare triple notation:

The notation pSq means that, for all inputs I such that p(I) is true,
if program S (given input I) halts and produces output O = S(I),
then q(O) is true.

That is, S is partially correct with respect to specication p, q.

CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Program verication
A simple example
Let S be the program fragment
y:= 2; z:= x+y
Let p be the initial assertion x=1.
The variable x will hold 1 in all initial states.
Let q be the nal assertion z= 3.
The variable z must hold 3 in all nal states.
Prove pSq.
Proof: If x=1 in the programs input state, then after running
y:=2 and z:=x+y, then z will be 1 + 2 = 3.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Program verication
Rules of inference for Hoare triples
The composition rule:
pS
1
q
qS
2
r
pS
1
; S
2
r
It says: If program S
1
given condition p produces condition q,
and S
2
given q produces r,
then the program S
1
followed by S
2
, if given p, yields r.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Program verication
Inference rule for if-then statements
(p cond)Sq
(p cond) q
pif cond then Sq
Example: Show that: Tif x > y then y := x(y x).
Proof:
When initially T is true, if x > y, then the if-body is executed, setting
y = x, and so afterwards y x is true. Otherwise, x y and so y x.
In either case, the nal assertion y x is true. So the rule applies, and so
the fragment meets the specication.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Program verication
Inference rule for if-then-else statements
(p cond)S
1
q
(p cond)S
2
q
pif cond then S
1
else S
2
q
Example: Prove that
Tif x < 0 then abs := x else abs := x(abs = [x[)
Proof:
If the initial assertion is true and x < 0 then after the if-body, abs will be
x = [x[.
If the initial assertion is true, but (x < 0) is true, i.e., x 0, then after
the else-body, abs = x, which is [x[.
So using the above rule, we get that this segment is true with respect to
the nal assertion.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Program verication
Loop Invariants
For a while-loop while cond S, we say that p is a loop invariant of this
loop if (p cond)Sp.
If p (and the continuation condition cond) is true before executing the
body, then p remains true afterwards.
And so p stays true through all subsequent iterations.
This leads to the inference rule:
(p cond)Sp
pwhile cond S(cond p)
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Program verication
Example1: loop invariant
Prove that the following Hoare triple holds:
Ti := 1; fact := 1; while i < ni + +; fact = fact i(fact = n!)
Proof:
Let p be the assertion fact = i! i n. We will show tht p is a loop
invariant.
Assume that at the beginning of the while-loop p is true and the condition
of the while-loop holds, in other words, assume that fact = i! and i < n.
The new values i
new
and fact
new
of i and fact are
i
new
= i + 1 and
fact
new
= fact (i + 1) = (i!) (i + 1) = (i + 1)! = i
new
!.
Since i < n, we also have i
new
= i + 1 n.
Thus p is true at the end of the execution of the loop. This shows p is a
loop invariant.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Program verication
Final example: combining all rules
procedure multiply(m, n : integers)
p := (m, n Z)
if n < 0 then a := n (segment S
1
)
else a := n
q := (p (a = [n[))
k := 0; x := 0 (segment S
2
)
r := q (k = 0) (x = 0)
(x = mk k a)
while k < a (segment S
3
)
x = x + m; k = k + 1;
Maintains loop invariant: (x = mk k a)
(x = mk k = a) s := (x = ma) a = [n[)
s (n < 0 x = mn) (n 0 x = mn)
if n < 0 then prod := x (segment S
4
)
else prod := x t = (prod = mn)
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Program verication
Correctness of multiply(m, n)
The proof is structured as follows, by using propositions p, q, r, s, t as
dened in the previous page.
Prove pS
1
q by using if-then-else inference rule.
Prove qS
2
r by examining this trivial segment.
Prove rS
3
s by using while-loop inference rule.
Prove sS
4
t by using if-then-else inference rule.
Use the rule of composition to show that pS
1
; S
2
; S
3
; S
4
t;
recall that p := (m, n Z) and t = (prod = mn), which is what
we wanted to show for the partial correctness.
To complete the proof of correctness, given the partial correctness, we
must verify that each segment terminates.
Termination is trivial for segments S
1
, S
2
and S
4
; for the while-loop (S
4
)
it is easy to see that it runs for a iterations.
(See general rule for proving termination of loops in the next page)
We leave the details of each step above as an exercise.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Program verication
Proving termination of a loop
Associate with each iteration i a natural number k
i
, such that
< k
0
, k
1
, k
2
, . . . > is a decreasing sequence.
Using the well-ordering principle, every decreasing sequence of natural
numbers is nite.
Find a decreasing sequence of natural numbers for the while-loop in
the previous example:
Dene k
i
= a k
< k
0
, k
1
, k
2
, . . . > is decreasing as a is constant and k increases by 1
at each iteration.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Program verication
Proving termination of a loop
Associate with each iteration i a natural number k
i
, such that
< k
0
, k
1
, k
2
, . . . > is a decreasing sequence.
Using the well-ordering principle, every decreasing sequence of natural
numbers is nite.
Find a decreasing sequence of natural numbers for the while-loop in
the previous example:
Dene k
i
= a k
< k
0
, k
1
, k
2
, . . . > is decreasing as a is constant and k increases by 1
at each iteration.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura
Induction Strong Induction Recursive Defs and Structural Induction Program Correctness
Program verication
Proving termination of a loop
Associate with each iteration i a natural number k
i
, such that
< k
0
, k
1
, k
2
, . . . > is a decreasing sequence.
Using the well-ordering principle, every decreasing sequence of natural
numbers is nite.
Find a decreasing sequence of natural numbers for the while-loop in
the previous example:
Dene k
i
= a k
< k
0
, k
1
, k
2
, . . . > is decreasing as a is constant and k increases by 1
at each iteration.
CSI2101 Discrete Structures Winter 2010: Induction and Recursion Lucia Moura