## CSCI 2041

### ADVANCED PROGRAMMING PRINCIPLES

### Reasoning about programs:

### Induction (Review)

## Correctness

How can we convince ourselves (and others) that a program is correct?

```
let sum_to n =
let rec tr_sum i acc =
if i=0 then acc
else tr_sum i-1 acc+i in
tr_sum n 0
```

```
let fib n =
let rec tr_fib i f0 f1 =
if i=0 then f0
else tr_fib (i-1) f1 (f1+f0) in
tr_fib n 0 1
```

How can we convince ourselves that `sum_to`

and `fib`

are correct?

We can test any specific input, but for many programs, there are infinitely many possible inputs…

**Principle of Natural Induction**: Let `P(n)`

be a property of natural numbers. (i.e. for each natural number `n`

, either `P(n)`

is true or `P(n)`

is false.) If the following hold:

`P(0)`

and `∀𝓃, P(𝓃) ⇒ P(𝓃+1)`

Then it must be true that for all `n`

, `P(n)`

.

Review: when proving a theorem by induction on ℕ, we have:

A **Property** `P(n)`

: e.g. `P(n)`

≡ ∑_{i≤n} i = n(n+1)/2, and

a **Theorem**: That for every n, `P(n)`

is true: ∀`n`

.`P(n)`

.

A **Base Case**: Prove that `P(0)`

is true. (e.g. ∑_{i≤0} i = 0 = 0(0+1)/2, ✓)

An **Inductive Case**: Prove that if `P(k)`

is true, then so is `P(k+1)`

: ∀`k`

. [`P(k)`

⇒ `P(k+1)`

]. In this step:

`P(k)`

is the *inductive hypothesis*: let ∑_{i≤k} i = k(k+1)/2; it is used to prove

`P(k+1)`

, the *inductive conclusion*: that ∑_{i≤k+1} i = (k+1)(k+2)/2:

- ∑
_{i≤k+1}i = ∑_{i≤k}i + (k+1) **[algebra]**
- = k(k+1)/2 + (k+1)
**[I.H.]**
- = (k
^{2} + k + 2k + 2)/2 = (k^{2} + 3k +2)/2 = (k+1)(k+2)/2 ✓

**Theorem.** For every n, 5^{n}-1 is a multiple of 4. Here, we have:

P(n) : ∃m . 5^{n}-1 = 4m

**Base Case:** 5^{0}-1 = 0 = 4×0. ✓

**Inductive Case:** Assume IH: ∃m. 5^{k}-1 = 4m. Need to show IC: ∃a.5^{k+1}-1 = 4a.

5^{k+1}-1 = 5×5^{k} - 1 **[defn of 5**^{n}]

= (4+1)×5^{k} - 1 **[5=4+1]**

= (4×5^{k} + 5^{k})-1 **[distributivity]**

= 4×5^{k} + (5^{k}-1) **[associativity ]**

= 4×5^{k} + 4m **[I.H.]**

= 4(5^{k}+m) **[distributivity, ✓]**

# mistakes

(don’t do any of the things on the next 3 slides)

## Wrong induction variable

**Theorem**: ∀a∀k. ∑_{i≤k}a^{i} = (a^{k+1}-1)/(a-1).

**Base Case:** a=0 : ∀k. ∑_{i≤k}0^{i} = 0^{0} + 0 = 1, and (0^{k+1}-1)/(0-1) = (-1)/(-1) = 1. ✓

**Inductive Case:** (Can’t step from 0 to 1)

a is the wrong variable to use for induction. (Use k instead)

This makes proofs hard, but doesn’t usually allow you to “prove” false statements

## Circular inductive case

**Theorem:** ∀n.n is even. P(n) = ∀n.n is even.

**Base Case:** 0 = 2×0, so 0 is even. ✓

**Inductive Case:** Assume ∀k, k is even. In this case, P(k) is true for all k, so P(k+1) must also be true.

You can “prove” obviously false statements with this mistake. so **don’t do it!**

## Incorrect step case

**Theorem:** ∀n.∀i≤n.∀ƒ.ƒ(i)=ƒ(n).

**Base Case:** ∀i≤0.∀ƒ.ƒ(i)=ƒ(0). **[✓, only 0 ≤ 0]**.

**Inductive Case:** Assume IH: ∀i≤k.∀ƒ.ƒ(i)=ƒ(k).

Suppose that for some g, and some i≤k, g(k+1) ≠ g(i).

Then there exists some function ƒ(x) = g(x+1) such that

ƒ(k) = g(k+1) ≠ g(i) = ƒ(i-1), contrary to the IH.

Thus ∀i≤k+1,∀ƒ.ƒ(i)=ƒ(k+1), ✓

(For k = 0, g(0-1) is not covered by the IH)