CS 456 (Fall 2018) Scribe Notes: 2

Similar documents
Now that we have keys defined for the maps, we can start talking about maps. The first of these are Total Maps. Total Maps are defined as follows:

c constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms

Coq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=

Introduction to dependent types in Coq

CIS 500: Software Foundations

Expr_annotated.v. Expr_annotated.v. Printed by Zach Tatlock

Inductive Definitions, continued

CIS 500: Software Foundations

Inductive data types

Infinite Objects and Proofs 1

CIS 500: Software Foundations

Induction in Coq. Nate Foster Spring 2018

CIS 500 Software Foundations. Midterm I. (Standard and advanced versions together) October 1, 2013 Answer key

Certified Programming with Dependent Types

Analysis of dependent types in Coq through the deletion of the largest node of a binary search tree

4 Programming with Types

Coq in a Hurry. Yves Bertot

Coq in a Hurry. Yves Bertot. To cite this version: HAL Id: inria v6

LASER 2011 Summerschool Elba Island, Italy Basics of COQ

Programming with (co-)inductive types in Coq

3 Pairs and Lists. 3.1 Formal vs. Informal Proofs

(a) (4 pts) Prove that if a and b are rational, then ab is rational. Since a and b are rational they can be written as the ratio of integers a 1

L04_in_class.v. L04_in_class.v. Printed by Zach Tatlock

The Coq Proof Assistant A Tutorial

Mathematics for Computer Scientists 2 (G52MC2)

Verification in Coq. Prof. Clarkson Fall Today s music: Check Yo Self by Ice Cube

Coq in a Hurry. Yves Bertot. October 2008

Logical Verification Course Notes. Femke van Raamsdonk Vrije Universiteit Amsterdam

STABILITY AND PARADOX IN ALGORITHMIC LOGIC

Formalizing inference systems in Coq by means of type systems for Curry

CIS 194: Homework 8. Due Wednesday, 8 April. Propositional Logic. Implication

Lean 2 Quick Reference

L06_exercise.v. L06_exercise.v

Proofs are Programs. Prof. Clarkson Fall Today s music: Proof by Paul Simon

Coq projects for type theory 2018

Printed by Zach Tatlock Dec 08, 15 22:18 Page 1/11. Lemma subst_only_free: forall e1 e2 x e3, Subst e1 e2 x e3 > ~ free e1 x > e1 = e3. Proof.

AXIOMS FOR THE INTEGERS

Fall Recursion and induction. Stephen Brookes. Lecture 4

Introduction to Co-Induction in Coq

Mathematics for Computer Scientists 2 (G52MC2)

Programming Languages Third Edition

Equations: a tool for dependent pattern-matching

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter 11 p. 1/38

Inductive prod (A B : Set) : Set := pair : A -> B -> prod A B. Inductive sum (A B : Set) : Set := inl : A -> sum A B inr : B -> sum A B.

MoreIntro_annotated.v. MoreIntro_annotated.v. Printed by Zach Tatlock. Oct 04, 16 21:55 Page 1/10

Treewidth and graph minors

The Coq Proof Assistant A Tutorial

MoreIntro.v. MoreIntro.v. Printed by Zach Tatlock. Oct 07, 16 18:11 Page 1/10. Oct 07, 16 18:11 Page 2/10. Monday October 10, 2016 lec02/moreintro.

4.5 Pure Linear Functional Programming

CIS 500 Software Foundations. Final Exam. May 3, Answer key

The Coq Proof Assistant A Tutorial

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

Autosubst Manual. May 20, 2016

A Coq tutorial for confirmed Proof system users

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Sections p.

Answer Key #1 Phil 414 JL Shaheen Fall 2010

Proving Properties on Programs From the Coq Tutorial at ITP 2015

Repetition Through Recursion

Automated Reasoning. Natural Deduction in First-Order Logic

Lee Pike. June 3, 2005

Introduction to Homotopy Type Theory

Lesson 4 Typed Arithmetic Typed Lambda Calculus

Induction and Semantics in Dafny

An experiment with variable binding, denotational semantics, and logical relations in Coq. Adam Chlipala University of California, Berkeley

An Introduction to Programming and Proving in Agda (incomplete draft)

Coq, a formal proof development environment combining logic and programming. Hugo Herbelin

Lecture 13: Subtyping

Foundations of Computer Science Spring Mathematical Preliminaries

Outline Mousavi: ADT

Solutions to In-Class Problems Week 4, Fri

implementing the breadth-first search algorithm implementing the depth-first search algorithm

The pitfalls of protocol design

AXIOMS OF AN IMPERATIVE LANGUAGE PARTIAL CORRECTNESS WEAK AND STRONG CONDITIONS. THE AXIOM FOR nop

CS40-S13: Functional Completeness

CS 395T Computational Learning Theory. Scribe: Wei Tang

Inductive data types (I)

On Meaning Preservation of a Calculus of Records

Propositional Calculus: Boolean Algebra and Simplification. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

Preuves Interactives et Applications

Lecture 20 : Trees DRAFT

Intrinsically Typed Reflection of a Gallina Subset Supporting Dependent Types for Non-structural Recursion of Coq

Coq in a Hurry. Yves Bertot. HAL Id: inria v5

CS 3512, Spring Instructor: Doug Dunham. Textbook: James L. Hein, Discrete Structures, Logic, and Computability, 3rd Ed. Jones and Barlett, 2010

Recursion and Induction

Programming Languages Fall 2014

Introduction to Coq Proof Assistant

An Ssreflect Tutorial

To prove something about all Boolean expressions, we will need the following induction principle: Axiom 7.1 (Induction over Boolean expressions):

Numerical Computations and Formal Methods

Resolution (14A) Young W. Lim 6/14/14

Solutions to In Class Problems Week 5, Wed.

Heq: a Coq library for Heterogeneous Equality

Last time. Reasoning about programs. Coming up. Project Final Presentations. This Thursday, Nov 30: 4 th in-class exercise

Reasoning about programs

type classes & locales

Proving Theorems with Athena

Lecture Notes on Induction and Recursion

Handout 9: Imperative Programs and State

On Agda JAIST/AIST WS CVS/AIST Yoshiki Kinoshita, Yoriyuki Yamagata. Agenda

Topic 3: Propositions as types

Transcription:

CS 456 (Fall 2018) Scribe Notes: 2 Albert Yu, Adam Johnston Lists Bags Maps Inductive data type that has an infinite collection of elements Not through enumeration but inductive type definition allowing us to build up from smaller elements These are simply Lists with set operations If Bag is just a List, why do we need to define a Bag? If we hide the implementation through abstraction, we can change the implementation for Bag, and it should not affect clients of Bag. The interface of Bag is defined through the operations, the implementation should not matter, and can be hidden away. Instead of using lists of keys and values, we use functions such that given the function F and an input key, F(key) will be the value associated with key. Total Maps Definition total_map ( A : Type ) := string A. Given a type A, we can give our total map any string and receive a value of type A. Definition t_empty { A : Type } ( v : A ) : total_map A := ( fun _ v ). Defines a total map function that given any key value returns a default value v Definition t_update { A : Type } ( m : total_map A ) ( x : string ) ( v : A ) := fun x' if beq_string x x' then v else m x'. Given a map and a key value pair (x and v), essentially wraps the map in another map whose function takes in input x and checks if x is equal to the key x,. If so it returns v, otherwise calls the input map with argument x. This means that if none of the t_update maps contain x, the function will eventually reach the t_empty default map, which returns v regardless of what x is.

Partial Maps It is like a total map, except the values are all option types. If the key is found in the map, it returns a value of (Some v) otherwise it goes down to the empty map and returns a None value. In other words, the v above is replaced with (Some v), and the default value is now None. Definition partial_map ( A : Type ) := total_map ( option A ). Definition empty { A : Type } : partial_map A := t_empty None. Definition update { A : Type } ( m : partial_map A ) ( x : string ) ( v : A ) := m & { x --> ( Some v ) }. Curry-Howard Correspondence This shows how algorithmic proofs are directly related to computer programs. This can be shown in how propositions and types both use the Inductive keyword to build cases. Programs transform (e.g. call functions on) inductive data types such as nat Proofs transform propositions into other propositions (e.g. A -> B) Propositions are essentially types in the same way nat is a type Implication There are two values with implication (->) in their types (e.g. nat -> Prop) Inductive Constructors Example : determining if a number is even: Inductive ev : nat -> Prop := ev_0 : ev 0 ev_ss : forall n, ev n -> ev (S (S n)). Functions Polymorphic Data Types Theorem ev_plus4 : n, ev n ev (4 + n ). Proof. intros n H. simpl. apply ev_ss. apply ev_ss. apply H. Qed. The function takes in ev n and returns ev (4 + n)

Types (sets) can be viewed at the same level as values. Therefore, we can supply them to constructors. Coq is powerful enough that we can often omit stuff, such as omitting that X:Type. If we use Argument Const {X}. The curly brackets say that there should be that argument, but it doesn't necessarily have to be specified, and Coq will try to figure out what it is. We can also do it in the argument of a function, like repeat''' {X: Type} which says that the user doesn't necessarily have to specify what X is. polymorphic functions work on the structure of the object, not the nature of the object. A function that adds 1 to each value of the list cannot be polymorphic. When we work on only the structure and not the actual values, we can use polymorphism. In Java, polymorphism works in a very different way. Since java is object oriented and has classes, polymorphism is closely related to classes. Polymorphism is only possible when two classes inherit the same parent class. In Java, it is the class hierarchy that determines whether polymorphism is possible or not, instead of the structure of the variable as is done in coq. In Python, polymorphism works in a way that s similar to coq, since variables aren t explicitly given types, polymorphism works very naturally. You can write a function that takes an input without specifying the type of the input, and the function could work over multiple different data types. This is very similar to polymorphism in coq, where the Type variable is implicit. The structure of the variables determines whether or not polymorphism is possible. Proof Topics Proof Tactics Apply Prove a goal using a hypothesis, lemma, or constructor Assume the hypothesis space and goal looks like: Hab: A -> B Ha: A ---------Goal------------ B --------------------------- You can either [apply Hab] to the goal to end up with Hab: A -> B Ha: A

---------Goal------------ A --------------------------- This uses backwards reasoning to show that, if we know B, and A implies B, then if we prove A, then B is true by Hab. Alternatively, we can [apply Hab in Ha], resulting in: Hab: A -> B Ha: B ---------Goal------------ B --------------------------- This uses forward reasoning to show that, since we know A is true (via Ha), and A implies B (Hab), we know B must be true. With either approach, all that is left is to apply Ha to the goal. Assert Used to define a lemma within a proof. This has the benefit of having access to any information we have in our hypothesis prior to the assert. Assumption Used to solve a goal given that it is already in the hypothesis Constructor Given an inductive definition Inductive mydef: nat -> Prop := base: mydef 0 buildingup: forall n, mydef n -> mydef (S(n)) If your goal matches the right side of the inductive definition, such as mydef (S(S(n)), you can use constructor to transform the goal to the left side of the definition (mydef (S(n)) until it reaches the base. Contradiction Looks for False in the hypothesis, or two hypothesis that contradict each other. If it finds a False or contradictory hypothesis, then the goal is resolved. Destruction Destruct something into its various possible forms, typically generating one case for each constructor. In a sense, it is induction without the inductive hypothesis. If we have a conjunction as one of our hypothesis, we can use Destruct to break it into 2 hypothesis

H: A /\ B Destruct H as {HA HB}. HA: A HB: B If we have a disjunction as one of our hypothesis, we can use Destruct to break it into 2 hypothesis. This would generate two sub goals, each identical to our goal. One would have the left part of the disjunction as one of the hypothesis, and the other sub goal would have the right part of the disjunction as one of the hypothesis. Destructing, like induction, breaks things into cases. However each case does not provide any information to the others. For example, destructing over a boolean b would yield two cases in the goal where b is replaced with true in one, and false in the other. Destructing using eqn (destruct b eqn: eq) gives you a hypothesis with the value of b at each case. For example destructing a boolean function boolfun(x) would yield H: boolfun(x)= true, and in the second case H: boolfun(x) = false. It is used to preserve information that is usually lost when destruct is called. Discriminate Similar to part of inversion. If there is an equality where the two sides are structurally different (based on properties of inductive types, such as having different constructors), then discriminate will discharge the goal. Exact If our goal is exactly the same as one of our hypothesis, we can use exact to discharge the goal. Generalize Dependent Generalize Dependent is basically the inversion of intros.generalized Dependent takes a variable out of the hypothesis and back into the context. Induction Given an inductive constructor, with a base case and inductive cases, will split the goal cases corresponding to each case of the constructor. Once the base case is proven, an inductive hypothesis is available for use.

For example induction on a natural number n will result in two cases, n being 0 and n being one plus another number (S(n )). Induction can also be performed on a hypothesis with multiple induction definitions in it (e.g. H: n <= m), which allows the relationships between them to be maintained in each case. Intuition Intuition will try to find false hypothesis and discharge the goal. Intros Introduces known variables and relations into the hypothesis Inversion Inversion looks at properties inherent to inductive types. when in our hypothesis we have a statement, and we know that it is the consequence of a property of the inductive type, the inversion tactic will add such property into the hypothesis. For example, constructors of inductive types are injective. If constructor(x) = constructor(y), then x = y. H: Const(x) = Const(y) We can call inversion H, and we ll get. H: Const(x) = Const(y) H1: n = m Additionally, inversion also does some other things. For example, it will also substitute variables in the goal with the new hypothesis. If the hypothesis we call inversion on contradicts the properties of induction, inversion will also discharge the goal. For example: every constructor is disjoint. H: Const1(x) = Const2(y) We can call inversion H, and the goal will be discharged. Left/Right If we have a disjunction as our goal, we can use left/right to select which one of the parts we want to pick as our goal. Omega Given a set of equalities and inequalities in the goal and hypotheses, omega attempts to solve the goal by determining the relationships between the inequalities. Omega uses Presburger arithmetic. Reflexivity

Reflexivity performs some basic simplification and checks to see if both sides of the goal equate to the same value, and if so, solves the goal. If it cannot solve the goal, the tactic fails. Repeat Repeat is used to repeatedly use another tactic. Rewrite If we have a equality in our hypothesis, we can rewrite one side of it into the other side, both inside other hypothesis and in our goals Simpl Simpl does some basic simplifications. Split If we have a conjunction as our goal, split will split the goal into two sub goals. Subst If we have two variables that are equal to each other, we can call subst with the variable name to substitute all occurance of one variable with the other, and remove the other variable. Simply calling Subst will cause coq to automatically find all such variables that are equal to each other, and substitute all occurrences of all pairs of equal variables. Symmetry Symmetry switches the two sides of a equality. Unfold Given a definition add2(n) = n + 2, unfold takes a call to add2 and replaces it with the right hand side of the definition (n+2). Usually used to unfold a function. It will often unfold a function and replace the function call with the actual code of the function

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback