Case-Analysis for Rippling and Inductive Proof

Similar documents
Case-Analysis for Rippling and Inductive Proof

Backtracking and Induction in ACL2

A Calculus for Conjecture Synthesis

The Use of Proof Planning Critics to Diagnose Errors in the Base Cases of Recursive Programs

DPLL(Γ+T): a new style of reasoning for program checking

Theorem Proving Principles, Techniques, Applications Recursion

Rippling: Heuristic Guidance for Inductive Proof (I) Alan Bundy. Automated Reasoning Rippling

Logic and Computation Lecture 20 CSU 290 Spring 2009 (Pucella) Thursday, Mar 12, 2009

Induction Schemes. Math Foundations of Computer Science

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

Algebraic Processors

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214

Foundations of Computation

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Section 17.1

An Industrially Useful Prover

type classes & locales

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL

Induction in Coq. Nate Foster Spring 2018

On the Comparison of Proof Planning Systems

λ calculus is inconsistent

Improving Eliminate-Irrelevance for ACL2

Automatic Synthesis of Decision Procedures: a Case Study of Ground and Linear Arithmetic

Meta-programming with Names and Necessity p.1

Isabelle s meta-logic. p.1

Programming Languages Fall 2014

Isabelle Tutorial: System, HOL and Proofs

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Sections p.

Evaluation of a new recursion induction principle for automated induction

A CRASH COURSE IN SEMANTICS

Reasoning About Programs Panagiotis Manolios

Provably Correct Software

A Tool for Simplifying ACL2 Definitions

Program Calculus Calculational Programming

Induction and Semantics in Dafny

7.9 Automatic Annotation Ripple Analysis The Productive Use of Fa

How many leaves on the decision tree? There are n! leaves, because every permutation appears at least once.

Proof-Pattern Recognition and Lemma Discovery in ACL2

Limited Automata and Unary Languages

Programs and Proofs in Isabelle/HOL

Theory Exploration on Infinite Structures. Master s thesis in Computer Science Algorithms, Languages, and Logic SÓLRÚN HALLA EINARSDÓTTIR

Problem. Input: An array A = (A[1],..., A[n]) with length n. Output: a permutation A of A, that is sorted: A [i] A [j] for all. 1 i j n.

Integration of SMT Solvers with ITPs There and Back Again

Functional Programming with Isabelle/HOL

The use of AI to support top-down formal system development

Automated Discovery of Conditional Lemmas in Hipster!

Mathematics for Computer Scientists 2 (G52MC2)

Equations: a tool for dependent pattern-matching

Week 5 Tutorial Structural Induction

Verification Condition Generation via Theorem Proving

System Description: Twelf A Meta-Logical Framework for Deductive Systems

Automatic inductive equational reasoning

Boolean Functional Synthesis via Self-Substitution

Programming with Universes, Generically

Programming and Proving in

Discrete planning (an introduction)

Introduction to dependent types in Coq

Assistant for Language Theory. SASyLF: An Educational Proof. Corporation. Microsoft. Key Shin. Workshop on Mechanizing Metatheory

VS 3 : SMT Solvers for Program Verification

Programming and Proving in Isabelle/HOL

Basic Elements of Logical Graphs

Formally Certified Satisfiability Solving

Computer-supported Modeling and Reasoning. First-Order Logic. 1 More on Isabelle. 1.1 Isabelle System Architecture

An Explicit-Continuation Metacircular Evaluator

An ACL2 Tutorial. Matt Kaufmann and J Strother Moore

Computer Science 236 Fall Nov. 11, 2010

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Section 17.2

The Milawa Rewriter and an ACL2 Proof of its Soundness

Infinite Objects and Proofs 1

Proof-Pattern Recognition and Lemma Discovery in ACL2

Isabelle/HOL:Selected Features and Recent Improvements

Milawa an extensible proof checker

Today. Types of graphs. Complete Graphs. Trees. Hypercubes.

Finite Set Theory. based on Fully Ordered Lists. Jared Davis UT Austin. ACL2 Workshop 2004

Edinburgh Research Explorer

Name: Entry: Gp: 1. CSL 102: Introduction to Computer Science. Minor 2 Mon 21 Mar 2005 VI 301(Gps 1-6)& VI 401(Gps 7-8) 9:30-10:30 Max Marks 40

Theoretical Computer Science

Functional Programming

ALGEBRAIC PROCESSORS

Lee Pike. June 3, 2005

Progress Report: Term Dags Using Stobjs

c constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms

Coq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=

Polygon Triangulation. (slides partially by Daniel Vlasic )

Congruence Closure in Intensional Type Theory

Static Analysis of Dynamically Typed Languages made Easy

Algorithms. Red-Black Trees

10/9/17. Using recursion to define objects. CS 220: Discrete Structures and their Applications

Formal Verification in Industry

The Prototype Verification System PVS

15 212: Principles of Programming. Some Notes on Induction

MoreIntro_annotated.v. MoreIntro_annotated.v. Printed by Zach Tatlock. Oct 04, 16 21:55 Page 1/10

2 Programming and Proving

Implicit Computational Complexity

J. Barkley Rosser, 81, a professor emeritus of mathematics and computer science at the University of Wisconsin who had served in government, died

CS 671 Automated Reasoning

Propositional Calculus. Math Foundations of Computer Science

Chapter 3: Paths and Cycles

Inductive Beluga: Programming Proofs

Computing Fundamentals 2 Introduction to CafeOBJ

Termination of Isabelle Functions via Termination of Rewriting

Transcription:

Case-Analysis for Rippling and Inductive Proof Moa Johansson 1 Joint work with Lucas Dixon 2 and Alan Bundy 2 Dipartimento di Informatica, Università degli Studi di Verona, Italy. 1 School of Informatics, University of Edinburgh, UK. 2 Interactive Theorem Proving Conference 12 July 2010

Introduction: Automating Inductive Proofs Induction: reasoning about recursion. Programs, data-structures... Automation difficult. Guidance needed: e.g. case-splitting for inductively defined datatypes. Aim: Automation of theorems involving conditional definitions. Half of the functions in Isabelle s list library involve conditional statements. e.g. member, delete, subtraction.

Proof Planning and Rippling Proof Planning: Families of proofs with similar structure. e.g. inductive proofs. Rippling: Heuristic for guiding rewriting in step cases. Annotate differences between induction hypothesis and conclusion. Rewrites must reduce differences. Top of term tree: Get instance of IH. Position of quantified variable in IH. Fully automatic and guarantees termination. Does not require rewrite rules to be oriented.

Case Analysis for Rippling IsaPlanner: Higher-order proof-planner for Isabelle. Extend rippling in IsaPlanner to cover case analysis for: If-statements. Case-statements over datatypes. Retain termination: Ripple-step becomes: rewriting + case-splitting.

A Simple Example Definition of max: max 0 y = y (1) max (Suc x) y = case y of 0 Suc x (2) Suc z Suc(max x z) Commutativity of max: Inductive hypothesis (IH): b. max a b = max b a Step-case goal: max Suc a b = max b Suc a

A Simple Example Definition of max: max 0 y = y (1) max (Suc x) y = case y of 0 Suc x (2) Suc z Suc(max x z) Commutativity of max: Inductive hypothesis (IH): b. max a b = max b a Step-case goal: max Suc a b = max b Suc a Apply (2): case b of 0 Suc a Suc z Suc(max a z ) = max b Suc a

Applying the Split Isabelle automatically derives splitting rules for case-statements for each datatype:?n = 0 =?P(?f 1 ); x. (?n = Suc x) =?P(?f 2 x) =?P matches context of case-statement. Case-split as resolution step.?p(case?n of 0?f 1 (Suc x) (?f 2 x)) Interactive setting: User gives instantiation of?p. Automatic proof:?p in head position - match any term, many trivial unifiers, large search space.

Restricted Unification?P(case?n of 0?f 1 (Suc x) (?f 2 x) ) }{{} meta-variable argument case b of 0 Suc a Suc z Suc(max a z) = max b Suc a }{{} subterm of interest Only apply to terms containing argument of meta-variable?p. Find instantiation for?p, then safe to apply regular resolution. Algorithm using Zippers. Traverse term, find matching subterm. Zipper keeps track of its context. Use context of subterm to provide instantiation of?p: λv. v = max b Suc a

Example cont. A ripple step with case-analysis: max Suc a b = max b Suc a Rewrite using: max def. case b of 0 Suc a Suc z Suc(max a z) = max b Suc a Apply case-split. b = 0 = Suc a = max 0 (Suc a) (3) b = Suc z = Suc(max a z ) = max Suc z Suc a (4) Goal 3 is solved by simplification (no rippling embedding). Rippling continues on goal 4.

Evaluation Case-statements common, not previously covered by rippling. Implementation in IsaPlanner: Rippling + Case Analysis + Lemma Calculation Corpus of 87 inductive theorems. If- and case statements. Lists, natural numbers, binary trees. Isabelle library, inductive TP literature, dependently typed programming. Prover given only function definitions. No extra lemmas supplied.

Evaluation 47/87 new theorems proved automatically. Remaining theorems: More sophisticated reasoning about side-conditions. Conjecturing of conditional lemmas. Example failed proof: sorted(insertionsort(l)) Need lemma with assumption: sorted m = sorted(insert x m).

Comparison to Simplification-Based Technique Isabelle s simplifier allows splitting on if-statements. Case-statements not attempted: may cause non-termination. Coverage: Proved by Induction+Simp technique: 37 Proved by Rippling: 47 Termination: Rippling terminates on all examples. Induction+Simp often fails to terminate: Proofs it cannot solve. When asked for alternative proofs. Stuck trying to conjecture increasingly complex lemmas.

Other Approaches Recursion Analysis: Choose induction scheme avoiding need for case-splits. ACL2, VeriFun: No datatypes, destructor style, recursion on several arguments instead of case statements. Isabelle: HO, datatypes, constructor style. Want to work directly with these. Further Work: Automatic construction/selection of induction schemes in IsaPlanner. May still need case-analysis even with more elaborate induction schemes. Case-statement introduced by auxiliary lemma, rewrite from other conditional function definition.

Summary Case-analysis needed for inductive proofs about conditional functions. Fully automatic technique implemented in IsaPlanner. Incorporated with rippling. Ensures termination also in presence of case-statements over datatypes. Proves 47/87 theorems in evaluation corpus. Further work: More sophisticated reasoning with assumptions Conditional lemma discovery.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback