## Correctness

How can we convince ourselves (and others) that a program is correct?

``````let sum_to n =
let rec tr_sum i acc =
if i=0 then acc
else tr_sum i-1 acc+i in
tr_sum n 0``````
``````let fib n =
let rec tr_fib i f0 f1 =
if i=0 then f0
else tr_fib (i-1) f1 (f1+f0) in
tr_fib n 0 1``````

How can we convince ourselves that `sum_to` and `fib` are correct?

We can test any specific input, but for many programs, there are infinitely many possible inputs…

Principle of Natural Induction: Let `P(n)` be a property of natural numbers. (i.e. for each natural number `n`, either `P(n)` is true or `P(n)` is false.) If the following hold:

`P(0)` and `∀𝓃, P(𝓃) ⇒ P(𝓃+1)`

Then it must be true that for all `n`, `P(n)`.

# induction

Review: when proving a theorem by induction on ℕ, we have:

1. A Property `P(n)`: e.g. `P(n)` ≡ ∑i≤n i = n(n+1)/2, and
a Theorem: That for every n, `P(n)` is true: ∀`n`.`P(n)`.

2. A Base Case: Prove that `P(0)` is true. (e.g. ∑i≤0 i = 0 = 0(0+1)/2, ✓)

3. An Inductive Case: Prove that if `P(k)` is true, then so is `P(k+1)`: ∀`k`. [`P(k)``P(k+1)`]. In this step:

• `P(k)` is the inductive hypothesis: let ∑i≤k i = k(k+1)/2; it is used to prove

• `P(k+1)`, the inductive conclusion: that ∑i≤k+1 i = (k+1)(k+2)/2:

• i≤k+1i = ∑i≤ki + (k+1) [algebra]
• = k(k+1)/2 + (k+1) [I.H.]
• = (k2 + k + 2k + 2)/2 = (k2 + 3k +2)/2 = (k+1)(k+2)/2 ✓

Theorem. For every n, 5n-1 is a multiple of 4. Here, we have:

1. P(n) : ∃m . 5n-1 = 4m

2. Base Case: 50-1 = 0 = 4×0. ✓

3. Inductive Case: Assume IH: ∃m. 5k-1 = 4m. Need to show IC: ∃a.5k+1-1 = 4a.

5k+1-1 = 5×5k - 1         [defn of 5n]
= (4+1)×5k - 1     [5=4+1]
= (4×5k + 5k)-1   [distributivity]
= 4×5k + (5k-1)   [associativity ]
= 4×5k + 4m        [I.H.]
= 4(5k+m)           [distributivity, ✓]

# mistakes

(don’t do any of the things on the next 3 slides)

## Wrong induction variable

Theorem: ∀a∀k. ∑i≤kai = (ak+1-1)/(a-1).

Base Case: a=0 : ∀k. ∑i≤k0i = 00 + 0 = 1, and (0k+1-1)/(0-1) = (-1)/(-1) = 1. ✓

Inductive Case: (Can’t step from 0 to 1)

a is the wrong variable to use for induction. (Use k instead)

This makes proofs hard, but doesn’t usually allow you to “prove” false statements

## Circular inductive case

Theorem: ∀n.n is even. P(n) = ∀n.n is even.

Base Case: 0 = 2×0, so 0 is even. ✓

Inductive Case: Assume ∀k, k is even. In this case, P(k) is true for all k, so P(k+1) must also be true.

You can “prove” obviously false statements with this mistake. so don’t do it!

## Incorrect step case

Theorem: ∀n.∀i≤n.∀ƒ.ƒ(i)=ƒ(n).

Base Case: ∀i≤0.∀ƒ.ƒ(i)=ƒ(0). [✓, only 0 ≤ 0].

Inductive Case: Assume IH: ∀i≤k.∀ƒ.ƒ(i)=ƒ(k).

Suppose that for some g, and some i≤k, g(k+1) ≠ g(i).
Then there exists some function ƒ(x) = g(x+1) such that
ƒ(k) = g(k+1) ≠ g(i) = ƒ(i-1), contrary to the IH.

Thus ∀i≤k+1,∀ƒ.ƒ(i)=ƒ(k+1), ✓

(For k = 0, g(0-1) is not covered by the IH)

# `cs2041.org`

// reveal.js plugins