Theorem Proving Principles, Techniques, Applications Recursion
|
|
- Clarence Perry
- 5 years ago
- Views:
Transcription
1 NICTA Advanced Course Theorem Proving Principles, Techniques, Applications Recursion 1
2 CONTENT Intro & motivation, getting started with Isabelle Foundations & Principles Lambda Calculus Higher Order Logic, natural deduction Term rewriting Proof & Specification Techniques Inductively defined sets, rule induction Datatypes, recursion, induction Calculational reasoning, mathematics style proofs Hoare logic, proofs about programs CONTENT 2
3 LAST TIME Sets in Isabelle LAST TIME 3
4 LAST TIME Sets in Isabelle Inductive Definitions LAST TIME 3-A
5 LAST TIME Sets in Isabelle Inductive Definitions Rule induction LAST TIME 3-B
6 LAST TIME Sets in Isabelle Inductive Definitions Rule induction Fixpoints LAST TIME 3-C
7 LAST TIME Sets in Isabelle Inductive Definitions Rule induction Fixpoints Isar: induct and cases LAST TIME 3-D
8 DATATYPES Example: datatype a list = Nil Cons a a list Properties: DATATYPES 4
9 DATATYPES Example: datatype a list = Nil Cons a a list Properties: Constructors: Nil :: a list Cons :: a a list a list DATATYPES 4-A
10 DATATYPES Example: datatype a list = Nil Cons a a list Properties: Constructors: Nil :: a list Cons :: a a list a list Distinctness: Nil Cons x xs DATATYPES 4-B
11 DATATYPES Example: datatype a list = Nil Cons a a list Properties: Constructors: Nil :: a list Cons :: a a list a list Distinctness: Injectivity: Nil Cons x xs (Cons x xs = Cons y ys) = (x = y xs = ys) DATATYPES 4-C
12 THE GENERAL CASE datatype (α 1,..., α n ) τ = C 1 τ 1,1... τ 1,n1... C k τ k,1... τ k,nk THE GENERAL CASE 5
13 THE GENERAL CASE datatype (α 1,..., α n ) τ = C 1 τ 1,1... τ 1,n1... C k τ k,1... τ k,nk Constructors: C i :: τ i,1... τ i,ni (α 1,..., α n ) τ THE GENERAL CASE 5-A
14 THE GENERAL CASE datatype (α 1,..., α n ) τ = C 1 τ 1,1... τ 1,n1... C k τ k,1... τ k,nk Constructors: C i :: τ i,1... τ i,ni (α 1,..., α n ) τ Distinctness: C i... C j... if i j THE GENERAL CASE 5-B
15 THE GENERAL CASE datatype (α 1,..., α n ) τ = C 1 τ 1,1... τ 1,n1... C k τ k,1... τ k,nk Constructors: C i :: τ i,1... τ i,ni (α 1,..., α n ) τ Distinctness: C i... C j... if i j Injectivity: (C i x 1... x ni = C i y 1... y ni ) = (x 1 = y 1... x ni = y ni ) THE GENERAL CASE 5-C
16 THE GENERAL CASE datatype (α 1,..., α n ) τ = C 1 τ 1,1... τ 1,n1... C k τ k,1... τ k,nk Constructors: C i :: τ i,1... τ i,ni (α 1,..., α n ) τ Distinctness: C i... C j... if i j Injectivity: (C i x 1... x ni = C i y 1... y ni ) = (x 1 = y 1... x ni = y ni ) Distinctness and Injectivity applied automatically THE GENERAL CASE 5-D
17 HOW IS THIS TYPE DEFINED? datatype a list = Nil Cons a a list internally defined using typedef HOW IS THIS TYPE DEFINED? 6
18 HOW IS THIS TYPE DEFINED? datatype a list = Nil Cons a a list internally defined using typedef hence: describes a set HOW IS THIS TYPE DEFINED? 6-A
19 HOW IS THIS TYPE DEFINED? datatype a list = Nil Cons a a list internally defined using typedef hence: describes a set set = trees with constructors as nodes HOW IS THIS TYPE DEFINED? 6-B
20 HOW IS THIS TYPE DEFINED? datatype a list = Nil Cons a a list internally defined using typedef hence: describes a set set = trees with constructors as nodes inductive definition to characterize which trees belong to datatype HOW IS THIS TYPE DEFINED? 6-C
21 HOW IS THIS TYPE DEFINED? datatype a list = Nil Cons a a list internally defined using typedef hence: describes a set set = trees with constructors as nodes inductive definition to characterize which trees belong to datatype More detail: Datatype Universe.thy HOW IS THIS TYPE DEFINED? 6-D
22 DATATYPE LIMITATIONS Must be definable as set. DATATYPE LIMITATIONS 7
23 DATATYPE LIMITATIONS Must be definable as set. Infinitely branching ok. DATATYPE LIMITATIONS 7-A
24 DATATYPE LIMITATIONS Must be definable as set. Infinitely branching ok. Mutually recursive ok. DATATYPE LIMITATIONS 7-B
25 DATATYPE LIMITATIONS Must be definable as set. Infinitely branching ok. Mutually recursive ok. Stricly positive (left of function arrow) occurence ok. DATATYPE LIMITATIONS 7-C
26 DATATYPE LIMITATIONS Must be definable as set. Infinitely branching ok. Mutually recursive ok. Stricly positive (left of function arrow) occurence ok. Not ok: datatype t = C (t bool) DATATYPE LIMITATIONS 7-D
27 DATATYPE LIMITATIONS Must be definable as set. Infinitely branching ok. Mutually recursive ok. Stricly positive (left of function arrow) occurence ok. Not ok: datatype t = C (t bool) D ((bool t) bool) DATATYPE LIMITATIONS 7-E
28 DATATYPE LIMITATIONS Must be definable as set. Infinitely branching ok. Mutually recursive ok. Stricly positive (left of function arrow) occurence ok. Not ok: datatype t = C (t bool) D ((bool t) bool) E ((t bool) bool) Because: Cantor s theorem (α set is larger than α) DATATYPE LIMITATIONS 7-F
29 CASE Every datatype introduces a case construct, e.g. (case xs of []... y #ys... y... ys...) CASE 8
30 CASE Every datatype introduces a case construct, e.g. (case xs of []... y #ys... y... ys...) In general: one case per constructor CASE 8-A
31 CASE Every datatype introduces a case construct, e.g. (case xs of []... y #ys... y... ys...) In general: one case per constructor Same order of cases as in datatype CASE 8-B
32 CASE Every datatype introduces a case construct, e.g. (case xs of []... y #ys... y... ys...) In general: one case per constructor Same order of cases as in datatype No nested patterns (e.g. x#y#zs) CASE 8-C
33 CASE Every datatype introduces a case construct, e.g. (case xs of []... y #ys... y... ys...) In general: one case per constructor Same order of cases as in datatype No nested patterns (e.g. x#y#zs) (But nested cases) CASE 8-D
34 CASE Every datatype introduces a case construct, e.g. (case xs of []... y #ys... y... ys...) In general: one case per constructor Same order of cases as in datatype No nested patterns (e.g. x#y#zs) (But nested cases) Needs () in context CASE 8-E
35 CASES apply (case tac t) CASES 9
36 CASES apply (case tac t) creates k subgoals [t = C i x 1... x p ;... ] =... one for each constructor C i CASES 9-A
37 DEMO 10
38 RECURSION 11
39 WHY NONTERMINATION CAN BE HARMFUL How about f x = f x + 1? WHY NONTERMINATION CAN BE HARMFUL 12
40 WHY NONTERMINATION CAN BE HARMFUL How about f x = f x + 1? Subtract f x on both sides. WHY NONTERMINATION CAN BE HARMFUL 12-A
41 WHY NONTERMINATION CAN BE HARMFUL How about f x = f x + 1? Subtract f x on both sides. = 0 = 1 WHY NONTERMINATION CAN BE HARMFUL 12-B
42 WHY NONTERMINATION CAN BE HARMFUL How about f x = f x + 1? Subtract f x on both sides. = 0 = 1! All functions in HOL must be total! WHY NONTERMINATION CAN BE HARMFUL 12-C
43 PRIMITIVE RECURSION primrec guarantees termination structurally Example primrec def: PRIMITIVE RECURSION 13
44 PRIMITIVE RECURSION primrec guarantees termination structurally Example primrec def: consts app :: a list a list a list primrec app Nil ys = ys app (Cons x xs) ys = Cons x (app xs ys) PRIMITIVE RECURSION 13-A
45 THE GENERAL CASE If τ is a datatype (with constructors C 1,..., C k ) then f :: τ τ can be defined by primitive recursion: f (C 1 y 1,1... y 1,n1 ) = r 1. f (C k y k,1... y k,nk ) = r k THE GENERAL CASE 14
46 THE GENERAL CASE If τ is a datatype (with constructors C 1,..., C k ) then f :: τ τ can be defined by primitive recursion: f (C 1 y 1,1... y 1,n1 ) = r 1. f (C k y k,1... y k,nk ) = r k The recursive calls in r i must be structurally smaller (of the form f a 1... y i,j... a p ) THE GENERAL CASE 14-A
47 Example: HOW DOES THIS WORK? primrec just fancy syntax for a recursion operator HOW DOES THIS WORK? 15
48 Example: HOW DOES THIS WORK? primrec just fancy syntax for a recursion operator list rec :: b ( a a list b b) a list b list rec f 1 f 2 Nil = f 1 list rec f 1 f 2 (Cons x xs) = f 2 x xs (list rec f 1 f 2 xs) HOW DOES THIS WORK? 15-A
49 Example: HOW DOES THIS WORK? primrec just fancy syntax for a recursion operator list rec :: b ( a a list b b) a list b list rec f 1 f 2 Nil = f 1 list rec f 1 f 2 (Cons x xs) = f 2 x xs (list rec f 1 f 2 xs) app list rec (λys. ys) (λx xs xs. λys. Cons x (xs ys)) HOW DOES THIS WORK? 15-B
50 Example: HOW DOES THIS WORK? primrec just fancy syntax for a recursion operator list rec :: b ( a a list b b) a list b list rec f 1 f 2 Nil = f 1 list rec f 1 f 2 (Cons x xs) = f 2 x xs (list rec f 1 f 2 xs) app list rec (λys. ys) (λx xs xs. λys. Cons x (xs ys)) Defined: automatically, first inductively (set), then by epsilon HOW DOES THIS WORK? 15-C
51 Example: HOW DOES THIS WORK? primrec just fancy syntax for a recursion operator list rec :: b ( a a list b b) a list b list rec f 1 f 2 Nil = f 1 list rec f 1 f 2 (Cons x xs) = f 2 x xs (list rec f 1 f 2 xs) app list rec (λys. ys) (λx xs xs. λys. Cons x (xs ys)) Defined: automatically, first inductively (set), then by epsilon (Nil, f 1 ) list rel f 1 f 2 (xs, xs ) list rel f 1 f 2 (Cons x xs, f 2 x xs xs ) list rel f 1 f 2 list rec f 1 f 2 xs SOME y. (xs, y) list rel f 1 f 2 HOW DOES THIS WORK? 15-D
52 PREDEFINED DATATYPES 16
53 NAT IS A DATATYPE datatype nat = 0 Suc nat NAT IS A DATATYPE 17
54 NAT IS A DATATYPE datatype nat = 0 Suc nat Functions on nat definable by primrec! primrec f 0 =... f (Suc n) =... f n... NAT IS A DATATYPE 17-A
55 OPTION datatype a option = None Some a Important application: b a option partial function: OPTION 18
56 OPTION datatype a option = None Some a Important application: b a option partial function: None no result Some a result a Example: consts lookup :: k ( k v) list v option primrec OPTION 18-A
57 OPTION datatype a option = None Some a Important application: b a option partial function: None no result Some a result a Example: consts lookup :: k ( k v) list v option primrec lookup k [] = None lookup k (x #xs) = OPTION 18-B
58 OPTION datatype a option = None Some a Important application: b a option partial function: None no result Some a result a Example: consts lookup :: k ( k v) list v option primrec lookup k [] = None lookup k (x #xs) = (if fst x = k then Some (snd x) else lookup k xs) OPTION 18-C
59 DEMO: PRIMREC 19
60 INDUCTION 20
61 STRUCTURAL INDUCTION P xs holds for all lists xs if P Nil and for arbitrary x and xs, P xs = P (x#xs) STRUCTURAL INDUCTION 21
62 STRUCTURAL INDUCTION P xs holds for all lists xs if P Nil and for arbitrary x and xs, P xs = P (x#xs) Induction theorem list.induct: [P []; V a list. P list = P (a#list)] = P list STRUCTURAL INDUCTION 21-A
63 STRUCTURAL INDUCTION P xs holds for all lists xs if P Nil and for arbitrary x and xs, P xs = P (x#xs) Induction theorem list.induct: [P []; V a list. P list = P (a#list)] = P list General proof method for induction: (induct x) x must be a free variable in the first subgoal. type of x must be a datatype. STRUCTURAL INDUCTION 21-B
64 BASIC HEURISTICS Theorems about recursive functions are proved by induction Induction on argument number i of f if f is defined by recursion on argument number i BASIC HEURISTICS 22
65 EXAMPLE A tail recursive list reverse: consts itrev :: a list a list a list primrec itrev [] ys = EXAMPLE 23
66 EXAMPLE A tail recursive list reverse: consts itrev :: a list a list a list primrec itrev [] ys = ys itrev (x#xs) ys = EXAMPLE 23-A
67 EXAMPLE A tail recursive list reverse: consts itrev :: a list a list a list primrec itrev [] ys = ys itrev (x#xs) ys = itrev xs (x#ys) EXAMPLE 23-B
68 EXAMPLE A tail recursive list reverse: consts itrev :: a list a list a list primrec itrev [] ys = ys itrev (x#xs) ys = itrev xs (x#ys) lemma itrev xs [] = rev xs EXAMPLE 23-C
69 DEMO: PROOF ATTEMPT 24
70 GENERALISATION Replace constants by variables lemma itrev xs ys = rev xs@ys GENERALISATION 25
71 GENERALISATION Replace constants by variables lemma itrev xs ys = rev xs@ys Quantify free variables by (except the induction variable) GENERALISATION 25-A
72 GENERALISATION Replace constants by variables lemma itrev xs ys = rev xs@ys Quantify free variables by (except the induction variable) lemma ys. itrev xs ys = rev xs@ys GENERALISATION 25-B
73 ISAR 26
74 proof (cases term) case Constructor 1. next. next case (Constructor k x) x qed DATATYPE CASE DISTINCTION DATATYPE CASE DISTINCTION 27
75 proof (cases term) case Constructor 1. next. next case (Constructor k x) x qed DATATYPE CASE DISTINCTION case (Constructor i x) fix x assume Constructor i : term = Constructor i x DATATYPE CASE DISTINCTION 27-A
76 STRUCTURAL INDUCTION FOR TYPE NAT show P n proof (induct n) case 0 let?case = P 0... show?case next case (Suc n) fix n assume Suc: P n... let?case = P (Suc n) n show?case qed STRUCTURAL INDUCTION FOR TYPE NAT 28
77 STRUCTURAL INDUCTION WITH = AND show x. A n = P n proof (induct n) case 0 fix x assume 0: A 0... let?case = P 0 show?case next case (Suc n) fix n and x... assume Suc: x. A n = P n n A (Suc n)... let?case = P (Suc n) show?case qed STRUCTURAL INDUCTION WITH = AND V 29
78 DEMO 30
79 WE HAVE SEEN TODAY... Datatypes WE HAVE SEEN TODAY... 31
80 WE HAVE SEEN TODAY... Datatypes Primite Recursion WE HAVE SEEN TODAY A
81 WE HAVE SEEN TODAY... Datatypes Primite Recursion Case distinction WE HAVE SEEN TODAY B
82 WE HAVE SEEN TODAY... Datatypes Primite Recursion Case distinction Induction WE HAVE SEEN TODAY C
83 EXERCISES look at Datatype_Universe.html define a primitive recursive function listsum :: nat list nat that returns the sum of the elements in a list. show 2 listsum [0..n] = n (n + 1) show listsum (replicate n a) = n a define a function listsumt using a tail recursive version of listsum. show that the two functions are equivalent: listsum xs = listsumt xs EXERCISES 32
84 NEXT LECTURE Nicolas Magaud on The Coq System Monday 15:00 16:30 NEXT LECTURE 33
Isabelle s meta-logic. p.1
Isabelle s meta-logic p.1 Basic constructs Implication = (==>) For separating premises and conclusion of theorems p.2 Basic constructs Implication = (==>) For separating premises and conclusion of theorems
More informationOverview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL
Overview A Compact Introduction to Isabelle/HOL Tobias Nipkow TU München 1. Introduction 2. Datatypes 3. Logic 4. Sets p.1 p.2 System Architecture Overview of Isabelle/HOL ProofGeneral Isabelle/HOL Isabelle
More informationCOMP4161: Advanced Topics in Software Verification. fun. Gerwin Klein, June Andronick, Ramana Kumar S2/2016. data61.csiro.au
COMP4161: Advanced Topics in Software Verification fun Gerwin Klein, June Andronick, Ramana Kumar S2/2016 data61.csiro.au Content Intro & motivation, getting started [1] Foundations & Principles Lambda
More informationProgramming and Proving in
Programming and Proving in = λ β Isabelle HOL α Tobias Nipkow Fakultät für Informatik Technische Universität München 1 Notation Implication associates to the right: A = B = C means A = (B = C) Similarly
More informationInductive datatypes in HOL. lessons learned in Formal-Logic Engineering
Inductive datatypes in HOL lessons learned in Formal-Logic Engineering Stefan Berghofer and Markus Wenzel Institut für Informatik TU München = Isabelle λ β HOL α 1 Introduction Applications of inductive
More informationλ calculus is inconsistent
Content Rough timeline COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Toby Murray λ Intro & motivation, getting started [1] Foundations & Principles
More informationHOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1
LAST TIME ON HOL Proof rules for propositional and predicate logic Safe and unsafe rules NICTA Advanced Course Forward Proof Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 The Epsilon
More informationConcrete Semantics. A Proof Assistant Approach. Tobias Nipkow Fakultät für Informatik Technische Universität München
Concrete Semantics A Proof Assistant Approach Tobias Nipkow Fakultät für Informatik Technische Universität München 2014-1-26 1 Part I Isabelle 2 Chapter 2 Programming and Proving 3 1 Overview of Isabelle/HOL
More informationProgramming and Proving in Isabelle/HOL
Programming and Proving in Isabelle/HOL Tobias Nipkow Fakultät für Informatik Technische Universität München 2013 MOD Summer School 1 Notation Implication associates to the right: A = B = C means A = (B
More informationFunctional Programming and Modeling
Chapter 2 2. Functional Programming and Modeling 2.0 2. Functional Programming and Modeling 2.0 Overview of Chapter Functional Programming and Modeling 2. Functional Programming and Modeling 2.1 Overview
More informationCOMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein
COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Toby Murray, June Andronick, Gerwin Klein λ 1 Last time... λ calculus syntax free variables, substitution β reduction α and η conversion
More informationA CRASH COURSE IN SEMANTICS
LAST TIME Recdef More induction NICTA Advanced Course Well founded orders Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 Well founded recursion Calculations: also/finally {P}... {Q}
More informationtype classes & locales
Content Rough timeline Intro & motivation, getting started [1] COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Toby Murray type classes & locales
More information2 Programming and Proving
2 Programming and Proving This chapter introduces HOL as a functional programming language and shows how to prove properties of functional programs by induction. 2.1 Basics 2.1.1 Types, Terms and Formulas
More informationAn Introduction to Isabelle/HOL 2008
An Introduction to Isabelle/HOL 2008 Tobias Nipkow TU München p.1 Overview of Isabelle/HOL p.2 System Architecture ProofGeneral Isabelle/HOL Isabelle Standard ML (X)Emacs based interface Isabelle instance
More informationMoreIntro_annotated.v. MoreIntro_annotated.v. Printed by Zach Tatlock. Oct 04, 16 21:55 Page 1/10
Oct 04, 16 21:55 Page 1/10 * Lecture 02 Infer some type arguments automatically. Set Implicit Arguments. Note that the type constructor for functions (arrow " >") associates to the right: A > B > C = A
More informationBasic Foundations of Isabelle/HOL
Basic Foundations of Isabelle/HOL Peter Wullinger May 16th 2007 1 / 29 1 Introduction into Isabelle s HOL Why Type Theory Basic Type Syntax 2 More HOL Typed λ Calculus HOL Rules 3 Example proof 2 / 29
More informationlocales ISAR IS BASED ON CONTEXTS CONTENT Slide 3 Slide 1 proof - fix x assume Ass: A. x and Ass are visible Slide 2 Slide 4 inside this context
LAST TIME Syntax and semantics of IMP Hoare logic rules NICTA Advanced Course Soundness of Hoare logic Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 Verification conditions Example
More informationFunctional Programming with Isabelle/HOL
Functional Programming with Isabelle/HOL = Isabelle λ β HOL α Florian Haftmann Technische Universität München January 2009 Overview Viewing Isabelle/HOL as a functional programming language: 1. Isabelle/HOL
More informationInduction in Coq. Nate Foster Spring 2018
Induction in Coq Nate Foster Spring 2018 Review Previously in 3110: Functional programming in Coq Logic in Coq Curry-Howard correspondence (proofs are programs) Today: Induction in Coq REVIEW: INDUCTION
More informationInductive Definitions, continued
1 / 27 Inductive Definitions, continued Assia Mahboubi Jan 7th, 2016 2 / 27 Last lecture Introduction to Coq s inductive types: Introduction, elimination and computation rules; Twofold implementation :
More informationInductive data types
Inductive data types Assia Mahboubi 9 juin 2010 In this class, we shall present how Coq s type system allows us to define data types using inductive declarations. Generalities Inductive declarations An
More informationProgramming and Proving in Isabelle/HOL
Tobias Nipkow Programming and Proving in Isabelle/HOL = Isabelle λ β HOL α October 8, 2017 Contents 1 Introduction............................................... 1 2 Programming and Proving.................................
More informationMoreIntro.v. MoreIntro.v. Printed by Zach Tatlock. Oct 07, 16 18:11 Page 1/10. Oct 07, 16 18:11 Page 2/10. Monday October 10, 2016 lec02/moreintro.
Oct 07, 16 18:11 Page 1/10 * Lecture 02 Set Implicit Arguments. Inductive list (A: Type) : Type := nil : list A cons : A > list A > list A. Fixpoint length (A: Type) (l: list A) : nat := nil _ => O cons
More informationTobias Nipkow, Gerwin Klein. Concrete Semantics. with Isabelle/HOL. October 16, Springer-Verlag
Tobias Nipkow, Gerwin Klein Concrete Semantics with Isabelle/HOL October 16, 2017 Springer-Verlag I will not allow books to prove anything. Jane Austen, Persuasion Preface This book is two books. Part
More informationInteractive Proof: Introduction to Isabelle/HOL
Interactive Proof: Introduction to Isabelle/HOL Tobias NIPKOW Technische Universität München Abstract This paper introduces interactive theorem proving with the Isabelle/HOL system [3] The following topics
More informationFall 2013 Midterm Exam 10/22/13. This is a closed-book, closed-notes exam. Problem Points Score. Various definitions are provided in the exam.
Programming Languages Fall 2013 Midterm Exam 10/22/13 Time Limit: 100 Minutes Name (Print): Graduate Center I.D. This is a closed-book, closed-notes exam. Various definitions are provided in the exam.
More informationCS 4110 Programming Languages & Logics. Lecture 28 Recursive Types
CS 4110 Programming Languages & Logics Lecture 28 Recursive Types 7 November 2014 Announcements 2 Foster office hours 11-12pm Guest lecture by Fran on Monday Recursive Types 3 Many languages support recursive
More informationFormalising FinFuns Generating Code for Functions as Data from Isabelle/HOL
Formalising FinFuns Generating Code for Functions as Data from Isabelle/HOL Andreas Lochbihler Universität Karlsruhe (TH) 17.8.2009, TPHOLs 2009 Motivation I Quickcheck Andreas Lochbihler (Univ. Karlsruhe
More informationWeek 5 Tutorial Structural Induction
Department of Computer Science, Australian National University COMP2600 / COMP6260 Formal Methods in Software Engineering Semester 2, 2016 Week 5 Tutorial Structural Induction You should hand in attempts
More informationProgramming and Proving in Isabelle/HOL
Tobias Nipkow Programming and Proving in Isabelle/HOL = Isabelle λ β α February 12, 2013 Contents 1 Introduction 1 2 Programming and Proving 3 21 Basics 3 22 Types bool, nat and list 5 23 Type and function
More informationFunctional Programming. Overview. Topics. Definition n-th Fibonacci Number. Graph
Topics Functional Programming Christian Sternagel Harald Zankl Evgeny Zuenko Department of Computer Science University of Innsbruck WS 2017/2018 abstract data types, algebraic data types, binary search
More informationProgramming with (co-)inductive types in Coq
Programming with (co-)inductive types in Coq Matthieu Sozeau February 3rd 2014 Programming with (co-)inductive types in Coq Matthieu Sozeau February 3rd 2014 Last time 1. Record Types 2. Mathematical Structures
More informationSOFTWARE VERIFICATION AND COMPUTER PROOF (lesson 1) Enrico Tassi Inria Sophia-Antipolis
SOFTWARE VERIFICATION AND COMPUTER PROOF (lesson 1) Enrico Tassi Inria Sophia-Antipolis Who am I? 1. I'm a researcher at Inria 2. I work on proof assistants, the kind of tools that we will be using for
More informationEfficient Mergesort. Christian Sternagel. October 11, 2017
Efficient Mergesort Christian Sternagel October 11, 2017 Abstract We provide a formalization of the mergesort algorithm as used in GHC s Data.List module, proving correctness and stability. Furthermore,
More informationProvably Correct Software
Provably Correct Software Max Schäfer Institute of Information Science/Academia Sinica September 17, 2007 1 / 48 The Need for Provably Correct Software BUT bugs are annoying, embarrassing, and cost gazillions
More informationOrganisatorials. About us. Binary Search (java.util.arrays) When Tue 9:00 10:30 Thu 9:00 10:30. COMP 4161 NICTA Advanced Course
Organisatorials COMP 4161 NICTA Advanced Course When Tue 9:00 10:30 Thu 9:00 10:30 Where Tue: Law 163 (F8-163) Thu: Australian School Business 205 (E12-205) Advanced Topics in Software Verification Rafal
More informationExercise 1 ( = 24 points)
1 Exercise 1 (4 + 5 + 4 + 6 + 5 = 24 points) The following data structure represents polymorphic binary trees that contain values only in special Value nodes that have a single successor: data Tree a =
More informationIntegration of SMT Solvers with ITPs There and Back Again
Integration of SMT Solvers with ITPs There and Back Again Sascha Böhme and University of Sheffield 7 May 2010 1 2 Features: SMT-LIB vs. Yices Translation Techniques Caveats 3 4 Motivation Motivation System
More information10 Years of Partiality and General Recursion in Type Theory
10 Years of Partiality and General Recursion in Type Theory Ana Bove Chalmers University of Technology DTP 10 July 9th 2010 Claims and Disclaims I know that I know nothing Socrates Ana Bove DTP 10 July
More informationCOMP 4161 Data61 Advanced Course. Advanced Topics in Software Verification. Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka
COMP 4161 Data61 Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka 1 COMP4161 c Data61, CSIRO: provided under Creative Commons Attribution
More informationExercise 1 (2+2+2 points)
1 Exercise 1 (2+2+2 points) The following data structure represents binary trees only containing values in the inner nodes: data Tree a = Leaf Node (Tree a) a (Tree a) 1 Consider the tree t of integers
More informationλ calculus Function application Untyped λ-calculus - Basic Idea Terms, Variables, Syntax β reduction Advanced Formal Methods
Course 2D1453, 2006-07 Advanced Formal Methods Lecture 2: Lambda calculus Mads Dam KTH/CSC Some material from B. Pierce: TAPL + some from G. Klein, NICTA Alonzo Church, 1903-1995 Church-Turing thesis First
More informationCSE505, Fall 2012, Midterm Examination October 30, 2012
CSE505, Fall 2012, Midterm Examination October 30, 2012 Rules: The exam is closed-book, closed-notes, except for one side of one 8.5x11in piece of paper. Please stop promptly at Noon. You can rip apart
More informationInduction Schemes. Math Foundations of Computer Science
Induction Schemes Math Foundations of Computer Science Topics Induction Example Induction scheme over the naturals Termination Reduction to equational reasoning ACL2 proof General Induction Schemes Induction
More informationMLW. Henk Barendregt and Freek Wiedijk assisted by Andrew Polonsky. March 26, Radboud University Nijmegen
1 MLW Henk Barendregt and Freek Wiedijk assisted by Andrew Polonsky Radboud University Nijmegen March 26, 2012 inductive types 2 3 inductive types = types consisting of closed terms built from constructors
More information3 Pairs and Lists. 3.1 Formal vs. Informal Proofs
3 Pairs and Lists 3.1 Formal vs. Informal Proofs The question of what, exactly, constitutes a proof of a mathematical claim has challenged philosophers throughout the ages. A rough and ready definition,
More informationVerification in Coq. Prof. Clarkson Fall Today s music: Check Yo Self by Ice Cube
Verification in Coq Prof. Clarkson Fall 2017 Today s music: Check Yo Self by Ice Cube Review Previously in 3110: Functional programming in Coq Logic in Coq Curry-Howard correspondence (proofs are programs)
More informationExercise 1 ( = 18 points)
1 Exercise 1 (4 + 5 + 4 + 5 = 18 points) The following data structure represents polymorphic binary trees that contain values only in special Value nodes that have a single successor: data Tree a = Leaf
More informationIntroduction to Co-Induction in Coq
August 2005 Motivation Reason about infinite data-structures, Reason about lazy computation strategies, Reason about infinite processes, abstracting away from dates. Finite state automata, Temporal logic,
More informationInductive data types (I)
5th Asian-Pacific Summer School on Formal Methods August 5-10, 2013, Tsinghua University, Beijing, China Inductive data types (I) jean-jacques.levy@inria.fr 2013-8-6 http://sts.thss.tsinghua.edu.cn/coqschool2013
More informationMPRI course 2-4 Functional programming languages Exercises
MPRI course 2-4 Functional programming languages Exercises Xavier Leroy October 13, 2016 Part I: Interpreters and operational semantics Exercise I.1 (**) Prove theorem 2 (the unique decomposition theorem).
More informationProgramming Languages Lecture 14: Sum, Product, Recursive Types
CSE 230: Winter 200 Principles of Programming Languages Lecture 4: Sum, Product, Recursive Types The end is nigh HW 3 No HW 4 (= Final) Project (Meeting + Talk) Ranjit Jhala UC San Diego Recap Goal: Relate
More informationCSE-321 Programming Languages 2010 Midterm
Name: Hemos ID: CSE-321 Programming Languages 2010 Midterm Score Prob 1 Prob 2 Prob 3 Prob 4 Total Max 15 30 35 20 100 1 1 SML Programming [15 pts] Question 1. [5 pts] Give a tail recursive implementation
More informationReasoning about programs. Chapter 9 of Thompson
Reasoning about programs Chapter 9 of Thompson Proof versus testing A proof will state some property of a program that holds for all inputs. Testing shows only that a property holds for a particular set
More informationShell CSCE 314 TAMU. Haskell Functions
1 CSCE 314: Programming Languages Dr. Dylan Shell Haskell Functions 2 Outline Defining Functions List Comprehensions Recursion 3 Conditional Expressions As in most programming languages, functions can
More informationAugust 5-10, 2013, Tsinghua University, Beijing, China. Polymorphic types
5th Asian-Pacific Summer School on Formal Methods August 5-10, 2013, Tsinghua University, Beijing, China Polymorphic types jean-jacques.levy@inria.fr 2013-8-8 http://sts.thss.tsinghua.edu.cn/coqschool2013
More informationPreuves Interactives et Applications
Preuves Interactives et Applications Christine Paulin & Burkhart Wolff http://www.lri.fr/ paulin/preuvesinteractives Université Paris-Saclay HOL and its Specification Constructs 10/12/16 B. Wolff - M2
More informationInfinite Objects and Proofs 1
Infinite Objects and Proofs 1 Pierre Castéran Beijing, August 2009 1 This lecture corresponds to the chapter 13 : Infinite Objects and Proofs of the book. In this lecture, we shall see how to represent
More informationPROGRAMMING IN HASKELL. CS Chapter 6 - Recursive Functions
PROGRAMMING IN HASKELL CS-205 - Chapter 6 - Recursive Functions 0 Introduction As we have seen, many functions can naturally be defined in terms of other functions. factorial :: Int Int factorial n product
More informationExpr_annotated.v. Expr_annotated.v. Printed by Zach Tatlock
Oct 05, 16 8:02 Page 1/14 * Lecture 03 Include some useful libraries. Require Import Bool. Require Import List. Require Import String. Require Import ZArith. Require Import Omega. List provides the cons
More informationCSCE 314 TAMU Fall CSCE 314: Programming Languages Dr. Flemming Andersen. Haskell Functions
1 CSCE 314: Programming Languages Dr. Flemming Andersen Haskell Functions 2 Outline Defining Functions List Comprehensions Recursion 3 Conditional Expressions As in most programming languages, functions
More informationPolymorphic lambda calculus Princ. of Progr. Languages (and Extended ) The University of Birmingham. c Uday Reddy
06-02552 Princ. of Progr. Languages (and Extended ) The University of Birmingham Spring Semester 2016-17 School of Computer Science c Uday Reddy2016-17 Handout 6: Polymorphic Type Systems 1. Polymorphic
More informationAnalysis of dependent types in Coq through the deletion of the largest node of a binary search tree
Analysis of dependent types in Coq through the deletion of the largest node of a binary search tree Sneha Popley and Stephanie Weirich August 14, 2008 Abstract Coq reflects some significant differences
More informationCS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Dan Grossman Spring 2011
CS152: Programming Languages Lecture 11 STLC Extensions and Related Topics Dan Grossman Spring 2011 Review e ::= λx. e x e e c v ::= λx. e c τ ::= int τ τ Γ ::= Γ, x : τ (λx. e) v e[v/x] e 1 e 1 e 1 e
More informationVectors are records, too!
Vectors are records, too! Jesper Cockx 1 Gaëtan Gilbert 2 Nicolas Tabareau 2 Matthieu Sozeau 2 1 Gothenburg University, Sweden 2 INRIA, France 21 June 2018 types most popular example 1 data V (A : Set)
More informationCIS 500: Software Foundations
CIS 500: Software Foundations Midterm I October 4, 2016 Name (printed): Username (PennKey login id): My signature below certifies that I have complied with the University of Pennsylvania s Code of Academic
More information1 The language χ. Models of Computation
Bengt Nordström, 1 2017-10-13 Department of Computing Science, Chalmers and University of Göteborg, Göteborg, Sweden 1 The language χ The main purpose of the language χ is to illustrate some basic results
More informationCoq with Classes. Matthieu Sozeau. Journées PPS 2011 September 5th 2011 Trouville, France. Project Team πr 2 INRIA Paris
Coq with Classes Matthieu Sozeau Project Team πr 2 INRIA Paris Journées PPS 2011 September 5th 2011 Trouville, France This talk A quick overview of Coq Elaboration Type Classes Matthieu Sozeau - Coq with
More informationExercise 1 ( = 22 points)
1 Exercise 1 (4 + 3 + 4 + 5 + 6 = 22 points) The following data structure represents polymorphic lists that can contain values of two types in arbitrary order: data DuoList a b = C a (DuoList a b) D b
More informationProgramming with dependent types: passing fad or useful tool?
Programming with dependent types: passing fad or useful tool? Xavier Leroy INRIA Paris-Rocquencourt IFIP WG 2.8, 2009-06 X. Leroy (INRIA) Dependently-typed programming 2009-06 1 / 22 Dependent types In
More informationLambda Calculus and Extensions as Foundation of Functional Programming
Lambda Calculus and Extensions as Foundation of Functional Programming David Sabel and Manfred Schmidt-Schauß 29. September 2015 Lehrerbildungsforum Informatik Last update: 30. September 2015 Overview
More informationProgramming Languages 3. Definition and Proof by Induction
Programming Languages 3. Definition and Proof by Induction Shin-Cheng Mu Oct. 22, 2015 Total Functional Programming The next few lectures concerns inductive definitions and proofs of datatypes and programs.
More informationReview. CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Let bindings (CBV) Adding Stuff. Booleans and Conditionals
Review CS152: Programming Languages Lecture 11 STLC Extensions and Related Topics e ::= λx. e x ee c v ::= λx. e c (λx. e) v e[v/x] e 1 e 2 e 1 e 2 τ ::= int τ τ Γ ::= Γ,x : τ e 2 e 2 ve 2 ve 2 e[e /x]:
More informationThe University of Nottingham
The University of Nottingham SCHOOL OF COMPUTER SCIENCE A LEVEL 2 MODULE, SPRING SEMESTER 2013-2014 G54FOP FOUNDATIONS OF PROGRAMMING Time allowed 2 hours Candidates may complete the front cover of their
More informationImperative languages
Imperative languages Von Neumann model: store with addressable locations machine code: effect achieved by changing contents of store locations instructions executed in sequence, flow of control altered
More informationProcessadors de Llenguatge II. Functional Paradigm. Pratt A.7 Robert Harper s SML tutorial (Sec II)
Processadors de Llenguatge II Functional Paradigm Pratt A.7 Robert Harper s SML tutorial (Sec II) Rafael Ramirez Dep Tecnologia Universitat Pompeu Fabra Paradigm Shift Imperative Paradigm State Machine
More informationFirst-Class Type Classes
First-Class Type Classes Matthieu Sozeau Joint work with Nicolas Oury LRI, Univ. Paris-Sud - Démons Team & INRIA Saclay - ProVal Project Gallium Seminar November 3rd 2008 INRIA Rocquencourt Solutions for
More informationLecture 14: Recursive Types
Lecture 14: Recursive Types Polyvios Pratikakis Computer Science Department, University of Crete Type Systems and Programming Languages Pratikakis (CSD) Recursive Types CS546, 2018-2019 1 / 11 Motivation
More informationCSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Sections p.
CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Sections 10.1-10.3 p. 1/106 CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer
More information4 Programming with Types
4 Programming with Types 4.1 Polymorphism We ve been working a lot with lists of numbers, but clearly programs also need to be able to manipulate lists whose elements are drawn from other types lists of
More informationWe defined congruence rules that determine the order of evaluation, using the following evaluation
CS 4110 Programming Languages and Logics Lectures #21: Advanced Types 1 Overview In this lecture we will extend the simply-typed λ-calculus with several features we saw earlier in the course, including
More informationHaskell Overview II (2A) Young Won Lim 8/9/16
(2A) Copyright (c) 2016 Young W. Lim. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published
More informationLecture 5: Lazy Evaluation and Infinite Data Structures
Lecture 5: Lazy Evaluation and Infinite Data Structures Søren Haagerup Department of Mathematics and Computer Science University of Southern Denmark, Odense October 3, 2017 How does Haskell evaluate a
More informationLogic and Computation Lecture 20 CSU 290 Spring 2009 (Pucella) Thursday, Mar 12, 2009
Logic and Computation Lecture 20 CSU 290 Spring 2009 (Pucella) Thursday, Mar 12, 2009 Note that I change the name of the functions slightly in these notes from what I used in class, to be consistent with
More informationc constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms
Coq quick reference Meta variables Usage Meta variables Usage c constructor P, Q terms used as propositions db identifier for a hint database s string G, H hypotheses scope identifier for a notation scope
More informationCoq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=
Coq quick reference Category Example Description Meta variables Usage Meta variables Usage c constructor P, Q terms used as propositions db identifier for a hint database s string G, H hypotheses scope
More informationLecture Notes on Program Equivalence
Lecture Notes on Program Equivalence 15-312: Foundations of Programming Languages Frank Pfenning Lecture 24 November 30, 2004 When are two programs equal? Without much reflection one might say that two
More informationCMSC 330: Organization of Programming Languages. Functional Programming with Lists
CMSC 330: Organization of Programming Languages Functional Programming with Lists CMSC330 Spring 2018 1 Lists in OCaml The basic data structure in OCaml Lists can be of arbitrary length Implemented as
More informationType Systems. Parametric Polymorphism. 1. Recall Let-Polymorphism. 1. Recall Let-Polymorphism. Lecture 9 Dec. 15th, 2004 Sebastian Maneth
Today Parametric Polymorphism Type Systems Lecture 9 Dec. 15th, 2004 Sebastian Maneth 1. Recall Let-Polymorphism 4. System F-sub 5. Properties of F-sub http://lampwww.epfl.ch/teaching/typesystems/2004
More informationGeneric Constructors and Eliminators from Descriptions
DRAFT Generic Constructors and Eliminators from Descriptions Type Theory as a Dependently Typed Internal DSL Larry Diehl Tim Sheard Portland State University {ldiehl,sheard}@cs.pdx.edu Abstract Dependently
More informationCMSC 330: Organization of Programming Languages. Operational Semantics
CMSC 330: Organization of Programming Languages Operational Semantics Notes about Project 4, Parts 1 & 2 Still due today (7/2) Will not be graded until 7/11 (along with Part 3) You are strongly encouraged
More informationCS Lecture 6: Map and Fold. Prof. Clarkson Spring Today s music: Selections from the soundtrack to 2001: A Space Odyssey
CS 3110 Lecture 6: Map and Fold Prof. Clarkson Spring 2015 Today s music: Selections from the soundtrack to 2001: A Space Odyssey Review Course so far: Syntax and semantics of (most of) OCaml Today: No
More informationCS 4110 Programming Languages & Logics. Lecture 27 Recursive Types
CS 4110 Programming Languages & Logics Lecture 27 Recursive Types 4 November 2016 Announcements 2 My office hours are at the normal time today but canceled on Monday Guest lecture by Seung Hee Han on Monday
More informationWhat s in Main. Tobias Nipkow. December 5, Abstract
What s in Main Tobias Nipkow December 5, 2013 Abstract This document lists the main types, functions and syntax provided by theory Main. It is meant as a quick overview of what is available. For infix
More informationLecture 19: Functions, Types and Data Structures in Haskell
The University of North Carolina at Chapel Hill Spring 2002 Lecture 19: Functions, Types and Data Structures in Haskell Feb 25 1 Functions Functions are the most important kind of value in functional programming
More informationThe Isar Proof Language in 2016
The Isar Proof Language in 2016 Makarius Wenzel sketis.net August 2016 = Isabelle λ β Isar α Introduction History of Isar 1999: first usable version primary notion of proof document (not proof script )
More informationCS 320: Concepts of Programming Languages
CS 320: Concepts of Programming Languages Wayne Snyder Computer Science Department Boston University Lecture 06: Useful Haskell Syntax, HO Programming Continued o Goodbye to Bare Bones Haskell: Built-in
More informationCMSC 336: Type Systems for Programming Languages Lecture 5: Simply Typed Lambda Calculus Acar & Ahmed January 24, 2008
CMSC 336: Type Systems for Programming Languages Lecture 5: Simply Typed Lambda Calculus Acar & Ahmed January 24, 2008 Contents 1 Solution to the Exercise 1 1.1 Semantics for lambda calculus.......................
More informationFormal Systems and their Applications
Formal Systems and their Applications Dave Clarke (Dave.Clarke@cs.kuleuven.be) Acknowledgment: these slides are based in part on slides from Benjamin Pierce and Frank Piessens 1 Course Overview Introduction
More information