Coq Summer School, Session 2 : Basic programming with numbers and lists. Pierre Letouzey

Similar documents
Coq Summer School. Yves Bertot

CIS 500: Software Foundations

CIS 500 Software Foundations. Midterm I. (Standard and advanced versions together) October 1, 2013 Answer key

SOFTWARE VERIFICATION AND COMPUTER PROOF (lesson 1) Enrico Tassi Inria Sophia-Antipolis

4 Programming with Types

August 5-10, 2013, Tsinghua University, Beijing, China. Polymorphic types

Vector Clocks in Coq

CIS 500: Software Foundations

Inductive data types

CIS 500: Software Foundations

Infinite Objects and Proofs 1

Programming with (co-)inductive types in Coq

CS 320: Concepts of Programming Languages

MoreIntro_annotated.v. MoreIntro_annotated.v. Printed by Zach Tatlock. Oct 04, 16 21:55 Page 1/10

Booleans (aka Truth Values) Programming Languages and Compilers (CS 421) Booleans and Short-Circuit Evaluation. Tuples as Values.

MoreIntro.v. MoreIntro.v. Printed by Zach Tatlock. Oct 07, 16 18:11 Page 1/10. Oct 07, 16 18:11 Page 2/10. Monday October 10, 2016 lec02/moreintro.

Inductive prod (A B : Set) : Set := pair : A -> B -> prod A B. Inductive sum (A B : Set) : Set := inl : A -> sum A B inr : B -> sum A B.

Introduction to Co-Induction in Coq

Inductive Definitions, continued

# true;; - : bool = true. # false;; - : bool = false 9/10/ // = {s (5, "hi", 3.2), c 4, a 1, b 5} 9/10/2017 4

Coq Summer School, Session 9 : Dependent programs with logical parts. Pierre Letouzey

CSCI-GA Scripting Languages

Inductive data types (I)

Ideas over terms generalization in Coq

Exercises on ML. Programming Languages. Chanseok Oh

Lecture 5: Declarative Programming. The Declarative Kernel Language Machine. September 12th, 2011

A Simple Supercompiler Formally Verified in Coq

The University of Nottingham

Exercise 1 (2+2+2 points)

Lecture #13: Type Inference and Unification. Typing In the Language ML. Type Inference. Doing Type Inference

Exercise 1 ( = 18 points)

Induction in Coq. Nate Foster Spring 2018

Datatype declarations

Exercise 1 ( = 22 points)

CIS 500 Software Foundations Midterm II

c constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms

Coq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=

3 Pairs and Lists. 3.1 Formal vs. Informal Proofs

Exercise 1 ( = 24 points)

CS 320: Concepts of Programming Languages

A Coq tutorial for confirmed Proof system users

Isabelle s meta-logic. p.1

Programming Language Concepts, cs2104 Lecture 04 ( )

Summer 2017 Discussion 10: July 25, Introduction. 2 Primitives and Define

Programming Languages and Compilers (CS 421)

Lecture #23: Conversion and Type Inference

Conversion vs. Subtyping. Lecture #23: Conversion and Type Inference. Integer Conversions. Conversions: Implicit vs. Explicit. Object x = "Hello";

Pattern Matching and Abstract Data Types

INF121: Functional Algorithmic and Programming

Introduction to Scheme

Scheme. Functional Programming. Lambda Calculus. CSC 4101: Programming Languages 1. Textbook, Sections , 13.7

Chapter 3 Linear Structures: Lists

Coq. LASER 2011 Summerschool Elba Island, Italy. Christine Paulin-Mohring

FUNCTIONAL PROGRAMMING

Metaprogramming assignment 3

Programming Languages Fall 2014

Introduction to lambda calculus Part 3

List Functions, and Higher-Order Functions

CS Lecture 6: Map and Fold. Prof. Clarkson Spring Today s music: Selections from the soundtrack to 2001: A Space Odyssey

L3 Programming September 19, OCaml Cheatsheet

Structures in Coq January 27th 2014

Standard ML. Data types. ML Datatypes.1

Programming Language Concepts, CS2104 Lecture 7

Functional Programming in Haskell Part I : Basics

Theorem Proving Principles, Techniques, Applications Recursion

CMSC 330: Organization of Programming Languages. Functional Programming with Lists

Inductive datatypes in HOL. lessons learned in Formal-Logic Engineering

GADTs. Alejandro Serrano. AFP Summer School. [Faculty of Science Information and Computing Sciences]

Expr_annotated.v. Expr_annotated.v. Printed by Zach Tatlock

An Algebra of Dependent Data Types

Lecture 14: Recursive Types

Cornell University 12 Oct Solutions. (a) [9 pts] For each of the 3 functions below, pick an appropriate type for it from the list below.

CS 321 Programming Languages

Programming Languages Fall 2013

CS3110 Spring 2017 Lecture 7 Specifications using types continued

Handout 2 August 25, 2008

CMSC 330: Organization of Programming Languages. Functional Programming with Lists

The type checker will complain that the two branches have different types, one is string and the other is int

Tracing Ambiguity in GADT Type Inference

Lesson 4 Typed Arithmetic Typed Lambda Calculus

Advanced Features: Type Classes and Relations

A Second Look At ML. Chapter Seven Modern Programming Languages, 2nd ed. 1

Programming Languages Lecture 15: Recursive Types & Subtyping

Coq in a Hurry. Yves Bertot. HAL Id: inria v5

COS 320. Compiling Techniques

Type families and data kinds

First-Class Type Classes

CS Lecture 6: Map and Fold. Prof. Clarkson Fall Today s music: Selections from the soundtrack to 2001: A Space Odyssey

CIS 500 Software Foundations Midterm I Answer key October 8, 2003

CS 4110 Programming Languages & Logics. Lecture 17 Programming in the λ-calculus

Introduction to the Coq proof assistant First part

Principles of Programming Languages

CS558 Programming Languages

A Small Interpreted Language

PROGRAMMING IN HASKELL. Chapter 2 - First Steps

Principles of Programming Languages Topic: Functional Programming Professor L. Thorne McCarty Spring 2003

Calculus of Inductive Constructions

Advanced Type System Features Tom Schrijvers. Leuven Haskell User Group

INTERPRETERS 8. 1 Calculator COMPUTER SCIENCE 61A. November 3, 2016

CSE341 Section 3. Standard-Library Docs, First-Class Functions, & More

Transcription:

Coq Summer School, Session 2 : Basic programming with numbers and lists Pierre Letouzey

Predened data structures Predened types are actually declared to Coq at load time 1 : Inductive bool := true false. Inductive nat := O : nat S : nat -> nat. Inductive list A := nil : list A cons : A -> list A -> list A. Nota: a::b is a notation for (cons a b). 1 see Init/Datatypes.v

Pattern matching We can analyse an expression and handle all possible cases: Definition negb b := match b with true => false false => true Most common situation: one pattern for each constructor. NB: for bool, an alternative syntactic sugar is if b then false else true.

Pattern matching Similarly, for numbers: Definition pred x := match x with S x => x O => O Definition iszero x := match x with O => true S _ => false

More complex pattern matching We can use deeper patterns, combined matchings, as well as wildcards: Definition istwo x := match x with S (S O) => true _ => false Definition andb b1 b2 := match b1, b2 with true, true => true _, _ => false These matchings are not atomic, but rather expansed internally into nested matchings (use Print to see how many).

Recursion When using Fixpoint instead of Definition, recursive sub-calls are allowed (at least some of them). Fixpoint div2 n := match n with S (S n') => S (div2 n') _ => O Here, n' is indeed a structural sub-term of the inductive argument n. This way, termination of computations is (syntactically) ensured. Example of rejected recursive functions: Fixpoint loop n := loop (S n). Fixpoint div2_ko n := if leb n 1 then 0 else S (div2_ko (n-2)).

Some other recursive functions over nat Fixpoint plus n m := match n with O => m S n' => S (plus n' m) Fixpoint minus n m := match n, m with S n', S m' => minus n' m' _, _ => n Fixpoint beq_nat n m := match n, m with S n', S m' => beq_nat n' m' O, O => true _, _ => false

Recursion over lists With recursive functions over lists, the main novelty is polymorphism : Fixpoint length A (l : list A) := match l with nil => O _ :: l' => S (length l') Fixpoint app A (l1 l2 : list A) : list A := match l1 with nil => l2 a :: l1' => a :: (app l1' l2) NB: (app l1 l2) is noted l1++l2. NB: we use here Implicit Arguments to avoid writing type parameters such as A again and again when applying functions.

Fold on the right With fold_right, computation starts at the end of the list: fold_right f init (a::b::nil) = (f a (f b init)) The code: Fixpoint fold_right A B (f:b->a->a)(init:a)(l:list B) : A := match l with nil => init x :: l' => f x (fold_right f init l') Eval vm_compute in fold_right plus 0 (1::2::3::nil). ==> (1+(2+(3+0))) ==> 6 Eval vm_compute in fold_right (fun x l => x::l) nil (1::2::3::nil). ==> 1::2::3::nil

Fold on the left With fold_left, computation starts at the top of the list: fold_left f (a::b::nil) init = (f (f init a) b) The code: Fixpoint fold_left A B (f:a->b->a)(l:list B)(init:A) : A := match l with nil => init x :: l' => fold_left f l' (f init x) Eval vm_compute in fold_left plus (1::2::3::nil) 0. ==> (((0+1)+2)+3) ==> 6 Eval vm_compute in fold_left (fun l x => x::l) nil (1::2::3::nil). ==> 3::2::1::nil

A complete example: mergesort Part I: splitting a list in two Part II: merging two sorted lists into one Part III: iterating the process...

Mergesort I : splitting Fixpoint split A (l : list A) : list A * list A := match l with nil => (nil, nil) a::nil => (a::nil, nil) a::b::l' => let (l1, l2) := split l' in (a::l1, b::l2) Eval vm_compute in split (1::2::3::4::5::nil). ==> (1::3::5::nil, 2::4::nil)

Mergesort II : merging A new syntax construct: fix for local xpoints

Mergesort II : merging A new syntax construct: fix for local xpoints Definition merge A (less:a->a->bool) : list A -> list A -> list A := fix merge l1 := match l1 with nil => (fun l2 => l2) x1::l1' => (fun l2 => match l2 with nil => l1 x2::l2' => if less x1 x2 then x1 :: merge l1' l2 else x2 :: merge l1 l2' end)

Mergesort II : merging A new syntax construct: fix for local xpoints Definition merge A (less:a->a->bool) : list A -> list A -> list A := fix merge l1 := match l1 with nil => (fun l2 => l2) x1::l1' => (fun l2 => match l2 with nil => l1 x2::l2' => if less x1 x2 then x1 :: merge l1' l2 else x2 :: merge l1 l2' end) No structurally decreasing argument: Rejected!

Mergesort II : merging A new syntax construct: fix for local xpoints Definition merge A (less:a->a->bool) : list A -> list A -> list A := fix merge l1 := match l1 with nil => (fun l2 => l2) x1::l1' => (fix merge_l1 l2 := match l2 with nil => l1 x2::l2' => if less x1 x2 then x1 :: merge l1' l2 else x2 :: merge_l1 l2' end) Trick of the specialized internal x: Accepted!

Mergesort III : iterating We need to recursively sort sub-lists produced by split. No direct solution, we use here a auxiliary counter n,

Mergesort III : iterating We need to recursively sort sub-lists produced by split. No direct solution, we use here a auxiliary counter n, Definition mergeloop A (less:a->a->bool) := fix loop (l:list A) (n:nat) := match n with O => nil S n => match l with nil => l _::nil => l _ => let (l1,l2) := split l in merge less (loop l1 n) (loop l2 n) end

Mergesort III : iterating We need to recursively sort sub-lists produced by split. No direct solution, we use here a auxiliary counter n, Definition mergeloop A (less:a->a->bool) := fix loop (l:list A) (n:nat) := match n with O => nil S n => match l with nil => l _::nil => l _ => let (l1,l2) := split l in merge less (loop l1 n) (loop l2 n) end Invariant: n length l

Mergesort III : iterating We need to recursively sort sub-lists produced by split. No direct solution, we use here a auxiliary counter n, Definition mergeloop A (less:a->a->bool) := fix loop (l:list A) (n:nat) := match n with O => nil S n => match l with nil => l _::nil => l _ => let (l1,l2) := split l in merge less (loop l1 n) (loop l2 n) end Invariant: n length l Definition mergesort A less (l:list A) := mergeloop less l (length l).

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback