Proving Properties of Recursive Functions and Data Structures. CS 270 Math Foundations of CS Jeremy Johnson

Similar documents
Propositional Calculus. Math Foundations of Computer Science

Propositional Calculus: Boolean Functions and Expressions. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

Recursive Data Structures and Grammars

Building a system for symbolic differentiation

Propositional Calculus. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

Recursion and Structural Induction

1.3. Conditional expressions To express case distinctions like

CS115 - Module 8 - Binary trees

Building a system for symbolic differentiation

Summer 2017 Discussion 10: July 25, Introduction. 2 Primitives and Define

Module 9: Binary trees

Streams, Delayed Evaluation and a Normal Order Interpreter. CS 550 Programming Languages Jeremy Johnson

Module 9: Trees. If you have not already, make sure you. Read How to Design Programs Sections 14, 15, CS 115 Module 9: Trees

CS115 - Module 10 - General Trees

Properties of red-black trees

CS 61A Interpreters, Tail Calls, Macros, Streams, Iterators. Spring 2019 Guerrilla Section 5: April 20, Interpreters.

Module 10: General trees

Problem Set CVO 103, Spring 2018

An Explicit-Continuation Metacircular Evaluator

Foundations of Computation

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Section 17.2

CS 173 [A]: Discrete Structures, Fall 2012 Homework 8 Solutions

Algorithms and Data Structures

Fall 2018 Discussion 8: October 24, 2018 Solutions. 1 Introduction. 2 Primitives

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Section 17.1

Lab Exercise 8 Binary Search Trees

Inductive Data Types

Algorithms. AVL Tree

Induction Schemes. Math Foundations of Computer Science

Foundations of Computer Science Spring Mathematical Preliminaries

Structure and Interpretation of Computer Programs

Structure and Interpretation of Computer Programs

CMPSCI 250: Introduction to Computation. Lecture #14: Induction and Recursion (Still More Induction) David Mix Barrington 14 March 2013

Module 8: Binary trees

Outline. Definition. 2 Height-Balance. 3 Searches. 4 Rotations. 5 Insertion. 6 Deletions. 7 Reference. 1 Every node is either red or black.

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter 11 p. 1/38

Fall 2017 Discussion 7: October 25, 2017 Solutions. 1 Introduction. 2 Primitives

TREES. Trees - Introduction

Programming II (CS300)

SCHEME 7. 1 Introduction. 2 Primitives COMPUTER SCIENCE 61A. October 29, 2015

Trees (Part 1, Theoretical) CSE 2320 Algorithms and Data Structures University of Texas at Arlington

Introduction to ACL2. CS 680 Formal Methods for Computer Verification. Jeremy Johnson Drexel University

1KOd17RMoURxjn2 CSE 20 DISCRETE MATH Fall

Exercise 1 ( = 24 points)

DATA STRUCTURES USING C

CMSC 330: Organization of Programming Languages

Fall Recursion and induction. Stephen Brookes. Lecture 4

(b) int count = 0; int i = 1; while (i<m) { for (int j=i; j<n; j++) { count = count + 1; i = i + 1; O(M + N 2 ) (c) int count = 0; int i,j,k; for (i=1

Fall 2018 Lecture 7. Stephen Brookes

Binary Heaps in Dynamic Arrays

CE 221 Data Structures and Algorithms

Introduction to Functional Programming in Racket. CS 550 Programming Languages Jeremy Johnson

Propositional Calculus: Boolean Algebra and Simplification. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

Non-context-Free Languages. CS215, Lecture 5 c

CS 380 ALGORITHM DESIGN AND ANALYSIS

(add1 3) 4 (check-expect (add1 3) 4)

Chapter 1. Fundamentals of Higher Order Programming

Balanced search trees. DS 2017/2018

Why do we need an interpreter? SICP Interpretation part 1. Role of each part of the interpreter. 1. Arithmetic calculator.

Functional Programming. Pure Functional Programming

SCHEME 8. 1 Introduction. 2 Primitives COMPUTER SCIENCE 61A. March 23, 2017

V Advanced Data Structures

SCHEME AND CALCULATOR 5b

Chapter Summary. Recursively defined Functions. Recursively defined sets and Structures Structural Induction

Compilers. Compiler Construction Tutorial The Front-end

Week 2. TA Lab Consulting - See schedule (cs400 home pages) Peer Mentoring available - Friday 8am-12pm, 12:15-1:30pm in 1289CS

Figure 1: A complete binary tree.

Binary Trees, Binary Search Trees

CMPSCI 250: Introduction to Computation. Lecture #22: Graphs, Paths, and Trees David Mix Barrington 12 March 2014

CS 3410 Ch 7 Recursion

(2,4) Trees. 2/22/2006 (2,4) Trees 1

Verifying pattern matching with guards in Scala

Data Abstraction. An Abstraction for Inductive Data Types. Philip W. L. Fong.

V Advanced Data Structures

Chapter 4: Trees. 4.2 For node B :

Search Trees. Undirected graph Directed graph Tree Binary search tree

SCHEME 10 COMPUTER SCIENCE 61A. July 26, Warm Up: Conditional Expressions. 1. What does Scheme print? scm> (if (or #t (/ 1 0)) 1 (/ 1 0))

We will show that the height of a RB tree on n vertices is approximately 2*log n. In class I presented a simple structural proof of this claim:

COMP 250 Fall Solution - Homework #4

Here is a recursive algorithm that solves this problem, given a pointer to the root of T : MaxWtSubtree [r]

Lecture 34. Wednesday, April 6 CS 215 Fundamentals of Programming II - Lecture 34 1

Note that in this definition, n + m denotes the syntactic expression with three symbols n, +, and m, not to the number that is the sum of n and m.

Graph Algorithms. Chromatic Polynomials. Graph Algorithms

Inductive data types

Outline. An Application: A Binary Search Tree. 1 Chapter 7: Trees. favicon. CSI33 Data Structures

Programming Languages

Proving Properties on Programs From the Coq Tutorial at ITP 2015

Spring 2018 Discussion 7: March 21, Introduction. 2 Primitives

Programming with (co-)inductive types in Coq

Principles of Programming Languages

These notes are intended exclusively for the personal usage of the students of CS352 at Cal Poly Pomona. Any other usage is prohibited without

10/9/17. Using recursion to define objects. CS 220: Discrete Structures and their Applications

We assume uniform hashing (UH):

Abstract Interpretation

Cisc320 Homework 3 Solutions. Question 1: Original. Insert 170. Insert 34. TA: Matt Saponaro

Balanced search trees

CS134 Spring 2005 Final Exam Mon. June. 20, 2005 Signature: Question # Out Of Marks Marker Total

How many leaves on the decision tree? There are n! leaves, because every permutation appears at least once.

Introduction to Denotational Semantics. Class Likes/Dislikes Survey. Dueling Semantics. Denotational Semantics Learning Goals. You re On Jeopardy!

CS 135 Winter 2018 Tutorial 7: Accumulative Recursion and Binary Trees. CS 135 Winter 2018 Tutorial 7: Accumulative Recursion and Binary Trees 1

Transcription:

Proving Properties of Recursive Functions and Data Structures CS 270 Math Foundations of CS Jeremy Johnson 1

Objective To implement and verify recursive functions for processing recursive data structures. To use structural induction to prove properties of recursive functions and recursive data structures. To study a non-trivial example involving arithmetic expressions 2

Outline Binary Trees Definition Height and IPL Complete binary trees Call trees and number of internal and leaf nodes Arithmetic Expressions Evaluation Differentiation Simplification

Recursive Definition Binary Trees Either empty or consists of value, and recursively a left and a right binary tree BinTree := null (Any BinTree BinTree) Constructor (define (BinTree value left right) (list value left right)) (BinTree 1 (BinTree 2 null null) (BinTree 3 (BinTree 4 null null) ( BinTree 5 null null))) '(1 (2 null null) (3 (4 null null) (5 null null)))

Height of Binary Trees Height of tree T, H(T), is the max length of the paths from the root all of the leaves ; Input: T a binary tree ; Output: a non-negative integer = height of T (define (Height BT) (if (null? BT) -1 (+ (max (Height (left BT)) (Height (right BT))) 1)))

Correctness of Height Show (Height BT) = length of the longest path in BT Prove by structural induction Base case. -1 for null is needed to obtain the correct height of a tree with a single node. Assume (Height (left BT)) and (Height (right BT)) compute the lengths of the longest paths in the left and right subtrees The longest path in BT is one more than the longest path in either the left or right subtrees which by induction is one more than the maximum of (Height (left BT)) and (Height (right BT))

Internal Path Length (IPL) The sum of the length of the paths from the root to every node in the tree Recursive definition ; Input: T a binary tree ; Output: a non-negative integer = internal path length of T (define (IPL (BT) (if (null? null) 0 (+ (IPL (left BT)) (IPL (right BT)) (- (Nnodes BT) 1))))

IPL Verification (check= (IPL nil) 0) (check= (let ((BT (consbintree 1 (consbintree 2 nil nil) (consbintree 3 (consbintree 4 nil nil) (consbintree 5 nil nil))))) (IPL BT)) 6) 1 2 3 4 5 IPL = 6 = 0 + 2 + 4 Nnodes = 5 IPL((left BT)) = 0 IPL((right BT)) = 2

Correctness of IPL Show (ipl BT) = sum of the lengths of the paths from the root to all nodes in the tree. Prove by structural induction Base case. 0 since there are no paths in empty tree Assume (ipl (left BT)) and (ipl (right BT)) compute the sum of the lengths of paths in the left and right subtrees The length of each path in BT is one more than the lengths of the paths in the left and right subtrees. Thus one has to be added for each node in the left and right subtrees and since there are (- (Nnodes BT) 1) such nodes this must be added to the sum of (ipl (left BT)) and (ipl (right BT))

Call Tree Nodes for each instance of a function call Parent corresponds to function that made the call Children correspond to the calls that instance makes Leaf nodes correspond to base cases 3 (define (fib n) (cond [(= n 0) 0] [(= n 1) 1] 2 [else (+ (fib (- n 1)) (fib (- n 2))) ])) 1 Number of leaf nodes L = (fib n) Number of internal nodes = L 1 Exponential number of nodes for (fib n) 1 0

Complete Binary Trees Binary tree where every node has either 0 or 2 children. CBTree := null (All CBTree CBTree) L = I + 1

Complete Binary Trees The number of leaf nodes is one more than the number of internal nodes. Proof by structural induction on T Base case. T has one node. Induction. Assume the property for all smaller trees, and Remove two leaf nodes L = 3 I = 2

Complete Binary Trees The number of leaf nodes is one more than the number of internal nodes. Proof by structural induction on T Base case. T has one node. Induction. Assume the property for all smaller trees, and Remove two leaf nodes L = L-2+1 = L-1 = 2 I = I-1 = 1

Arithmetic Expressions AExp:= Number Variable (+ AExp AExp) (* Aexp AExp) E.G. x*(x + 5) * x + x 5

Predicate ; Input: Any ; Output: (boolean (arith-expr? expr) #t if expr is an arithmetic expression (define (arith-expr? expr) (cond [ (constant? expr) #t ] [ (variable? expr) #t ] [ (plus? expr) (and (arith-expr? (op1 expr)) (arith-expr? (op2 expr))) ] [ (mult? expr) (and (arith-expr? (op1 expr)) (arith-expr? (op2 expr))) ] [else #f ] ))

Evaluation ; Input: (and (arith-expr? expr) (environment? env)) ; all variables in expr are bound in env ; Output: a number = to the evaluation of expr with values of vars in env (define (arith-eval expr env) (cond [ (constant? expr) expr ] [ (variable? expr) (lookup expr env) ] [ (plus? expr) (+ (arith-eval (op1 expr) env) (arith-eval (op2 expr) env)) ] [ (mult? expr) (* (arith-eval (op1 expr) env) (arith-eval (op2 expr) env)) ] ))

Properties of Differentiation Definition dd ff xx + Δxx ff xx ff xx = lim dddd Δxx 0 Δxx Derivative of xx and xx 2 dd xx + Δxx xx xx = lim dddd Δxx 0 Δxx = 1 dd dddd xx2 = lim Δxx 0 xx + Δxx 2 xx 2 Δxx = 2xx

Properties of Differentiation Linearity of derivative dd dddd (ff xx + gg xx ) = dd dddd ff xx + dd dddd gg(xx) Product rule dd (ff xx gg xx ) dddd = ff(xx) dd dddd gg xx + gg(xx) dd dddd ff(xx)

Properties of Differentiation Linearity of derivative Proof follows from definition Product rule Proof follows from definition using f(x+ x) = f(x) + f (x) x + O( x 2 ) g(x+ x) = g(x) + g (x) x + O( x 2 )

Properties of Differentiation Derivative of powers dd dddd xxnn = nnnn nn 1 Proof by induction on n Base case n=1 Assume true for smaller powers dd dddd xxnn = dd dddd xx xxnn 1 = xx dd dddd xxnn 1 +xx nn 1 dd dddd xx = nn 1 xx nn 1 + xx nn 1 = nnxx nn 1

Differentiation ; Input: (and (arith-expr? expr) (variable? var)) ; Output:(arith-expr? (diff expr var)) equal to derivative of expr wrt var (define (diff expr var) (cond [(constant? expr) 0] [(variable? expr) (if (equal? expr var) 1 0)] [(plus? expr) (make-plus (diff (op1 expr) var) (diff (op2 expr) var))] [(mult? expr) (make-plus (make-mult (op1 expr) (diff (op2 expr) var)) (make-mult (diff (op1 expr) var) (op2 expr)))] ))

Differentiation Example d/dx x*(x + 5) = 1*(x+5) + x*(1 + 0) * x + x 5 d/dx + * x + 1 0 * 1 + x 5

Simplification of Plus ; Input: (and (arith-expr? expr1) (arith-expr? expr2)) ; Output: (arith-expr? (plus-simp expr1 expr2)) ; which is equivalent to expr (define (plus-simp expr1 expr2) (cond [ (and (constant? expr1) (constant? expr2)) (+ expr1 expr2) ] [ (equal? expr1 0) expr2 ] [ (equal? expr2 0) expr1 ] [ (make-plus expr1 expr2) ] ) )

Simplification of Mult ; Input: (and (arith-expr? expr1) (arith-expr? expr2)) ; Output: (arith-expr? (mult-simp expr1 expr2)) ; which is equivalent to expr (define (mult-simp expr1 expr2) (cond [ (and (constant? expr1) (constant? expr2)) (* expr1 expr2) ] [ (equal? expr1 0) 0 ] [ (equal? expr2 0) 0 ] [ (equal? expr1 1) expr2 ] [ (equal? expr2 1) expr1 ] [ else (make-mult expr1 expr2) ] ) )

Recursive Simplification ; Input: (arith-expr? expr) ; Output: (arith-expr? (arith-simp expr))equivalent to expr (define (arith-simp expr) (cond [ (constant? expr) expr ] [ (variable? expr) expr ] [ (plus? expr) (let ([simpexpr1 (arith-simp (op1 expr))] [simpexpr2 (arith-simp (op2 expr))]) (plus-simp simpexpr1 simpexpr2)) ] [ (mult? expr) (let ([simpexpr1 (arith-simp (op1 expr))] [simpexpr2 (arith-simp (op2 expr))]) (mult-simp simpexpr1 simpexpr2)) ] ) )

Simplification Example 1*(x+5) + x*(1 + 0) = (x+5) + x + + simplify * * x + x + 1 + x 5 1 0 x 5

Properties 1. (diff expr var) = d/dvar expr 2. (arith-eval (arith-simp expr) env) = (arith-eval expr env) 3. (is-simplified (arith-simp expr))

Is-Simplified? ; Input: (arith-expr expr) ; Output: (boolean? (is-simplified? expr). ; #t if expr is simplified (define (is-simplified? expr) (if (constant? expr) #t (and (noconstant-arith? expr) (nozeros? expr) (nomult1? expr))))

Check for Nozeros ; Input: (arith-expr expr) ; Output: (boolean? (nozeros? expr). #t if expr contains any zeros. (define (nozeros? expr) (cond [ (constant? expr) (not (equal? expr 0)) ] [ (variable? expr) #t ] [ (plus? expr) (and (nozeros? (op1 expr)) (nozeros? (op2 expr))) ] [ (mult? expr) (and (nozeros? (op1 expr)) (nozeros? (op2 expr))) ] ) )

Check for No Multiplications by 1 ; Input: (arith-expr expr) ; Output: (boolean? (nomult1? expr). #t if expr contains no mults by 1. (define (nomult1? expr) (cond [ (constant? expr) #t ] [ (variable? expr) #t ] [ (plus? expr) (and (nomult1? (op1 expr)) (nomult1? (op2 expr))) ] [ (mult? expr) (if (or (equal? (op1 expr) 1) (equal? (op2 expr) 1)) #f (and (nomult1? (op1 expr)) (nomult1? (op2 expr)))) ] ) )

No Constant Arithmetic ; Input: (arith-expr expr) ; Output: (boolean? (constant-arith? expr). ; #t if expr contains + or * with both operands constants (define (noconstant-arith? expr) (cond [ (constant? expr) #f ] [ (variable? expr) #f ] [ (plus? expr) (if (not (and (constant? (op1 expr)) (constant? (op2 expr)))) #t (and (noconstant-arith? (op1 expr)) (noconstant-arith? (op2 expr)))) ] [ (mult? expr) (if (not (and (constant? (op1 expr)) (constant? (op2 expr)))) #t (and (noconstant-arith? (op1 expr)) (noconstant-arith? (op2 expr)))) ] [else #f ] ))

Proof of Property 1 By induction on expr (structural induction) Base cases 1. expr = constant (diff expr var) = 0 = d/dvar expr 2. expr a variable (diff expr var) = 1 if expr = var

Proof of Property 1 Expr = (+ E 1 E 2 ) Assume (diff E i var) = d E i /dvar [IH] (diff (+ E1 E2) var) = (+ (diff E1 var) (diff E2 var)) [By def of diff] = d E 1 /dvar + d E 2 /dvar [by IH ] = d expr/dvar [by linearity of the derivative]

Proof of Property 1 Expr = (* E 1 E 2 ) Assume (diff E i var) = d E i /dvar [IH] (diff (* E1 E2) var) = (+ (* E1 (diff E2 var)) (* (diff E1 var) E2)) [By def of diff] = E 1 d E 2 /dvar + d E 1 /dvar E 2 [by IH ] = d expr/dvar [by product rule]

Proof of Property 2 Lemma 1. (arith-eval (plus-simp E1 E2) env) = (arith-eval (+ E1 E2) env) Proof by case analysis 1. E1 and E2 constants 2. E1 = 0 3. E2 = 0 4. General case

Proof of Property 2 Lemma 1. (arith-eval (plus-simp E1 E2) env) = (arith-eval (+ E1 E2) env) Proof by case analysis 1. E1 and E2 constants (arith-eval (plus-simp E1 E2) env) = (arith-eval (+ E1 E2) env) [by def of plus-simp] = (+ (arith-eval E1 env) (arith-eval E2 env)) [by def of arith-eval applied to constants] = (arith-eval (+ E1 E2) env) [by def of arith-eval]

Proof of Property 2 Lemma 1. (arith-eval (plus-simp E1 E2) env) = (arith-eval (+ E1 E2) env) Proof by case analysis 1. E1 = 0 (arith-eval (plus-simp E1 E2) env) = (arith-eval E2 env) [by def of plus-simp] = (+ (arith-eval E1 env) (arith-eval E2 env)) [by def of arith-eval and arithmetic since E1 = 0] = (arith-eval (+ E1 E2) env) [by def of arith-eval]

Proof of Property 2 By induction on expr (structural induction) Base cases 1. expr = constant (arith-eval (arith-simp expr) env) = (arith-eval expr env) [by def of arith-simp] 2. expr a variable (arith-eval (arith-simp expr) env) = (arith-eval expr env) [by def of arith-simp]

Proof of Property 2 Expr = (+ E1 E2) Assume (arith-eval (arith-simp Ei) env) = (aritheval Ei env) (arith-eval (arith-simp (+ E1 E2)) env) = (arith-eval (plus-simp (arith-simp E1) (arithsimp E2)) env) [by def of arith-simp] = (arith-eval (+ (arith-simp E1) (arith-simp E2)) env) [by Lemma 1]

Proof of Property 2 Expr = (+ E1 E2) = (+ (arith-eval (arith-simp E1) env) (arith-eval (arith-simp E2) env) [by def of arith-eval] = (+ (arith-eval E1 env) (arith-eval E2 env)) [by IH] = (arith-eval (+ E1 E2) env) [by def of arith-eval]

Proof of Property 2 Lemma 2. (arith-eval (mult-simp E1 E2) env) = (arith-eval (* E1 E2) env) Proof by case analysis 1. E1 and E2 constants 2. E1 = 0 3. E2 = 0 4. E1 = 1 5. E2 = 1 6. General case

Exercise Prove Lemma 2 using case analysis and equational reasoning. Prove (arith-eval (arith-simp expr) env) = (arith-eval expr env) when expr = (* E1 E2) Prove property 3

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback