Isabelle s meta-logic. p.1

Similar documents
Theorem Proving Principles, Techniques, Applications Recursion

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL

An Introduction to Isabelle/HOL 2008

Programming and Proving in

Programming and Proving in Isabelle/HOL

Concrete Semantics. A Proof Assistant Approach. Tobias Nipkow Fakultät für Informatik Technische Universität München

COMP4161: Advanced Topics in Software Verification. fun. Gerwin Klein, June Andronick, Ramana Kumar S2/2016. data61.csiro.au

2 Programming and Proving

Functional Programming and Modeling

Programming and Proving in Isabelle/HOL

Programming and Proving in Isabelle/HOL

Interactive Proof: Introduction to Isabelle/HOL

Basic Foundations of Isabelle/HOL

Inductive datatypes in HOL. lessons learned in Formal-Logic Engineering

Functional Programming with Isabelle/HOL

Tobias Nipkow, Gerwin Klein. Concrete Semantics. with Isabelle/HOL. October 16, Springer-Verlag

Reasoning about programs. Chapter 9 of Thompson

Inductive data types

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

Efficient Mergesort. Christian Sternagel. October 11, 2017

CS 457/557: Functional Languages

Integration of SMT Solvers with ITPs There and Back Again

10 Years of Partiality and General Recursion in Type Theory

Isabelle. A Proof Assistant for Higher-Order Logic HOL. Markus Wenzel. Springer-Verlag

Provably Correct Software

Pattern Matching and Abstract Data Types

Preuves Interactives et Applications

Turning inductive into equational specifications

MoreIntro_annotated.v. MoreIntro_annotated.v. Printed by Zach Tatlock. Oct 04, 16 21:55 Page 1/10

Datatype declarations

Chapter 3 Linear Structures: Lists

Recursion. Tjark Weber. Functional Programming 1. Based on notes by Sven-Olof Nyström. Tjark Weber (UU) Recursion 1 / 37

MoreIntro.v. MoreIntro.v. Printed by Zach Tatlock. Oct 07, 16 18:11 Page 1/10. Oct 07, 16 18:11 Page 2/10. Monday October 10, 2016 lec02/moreintro.

Combining Proofs and Programs in a Dependently Typed Language. Certification of High-level and Low-level Programs

Exercise 1 ( = 24 points)

4 Programming with Types

Programming Languages 3. Definition and Proof by Induction

A Verified Compiler from Isabelle/HOL to CakeML

Chapter 3 Linear Structures: Lists

Data types for mcrl2

Programming with Universes, Generically

Booleans (aka Truth Values) Programming Languages and Compilers (CS 421) Booleans and Short-Circuit Evaluation. Tuples as Values.

COMP 4161 Data61 Advanced Course. Advanced Topics in Software Verification. Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka

Programming Languages Lecture 14: Sum, Product, Recursive Types

Typed Lambda Calculus

Fall 2018 Lecture N

Flang typechecker Due: February 27, 2015

Programs and Proofs in Isabelle/HOL

Haskell 98 in short! CPSC 449 Principles of Programming Languages

Efficient Mergesort. Christian Sternagel. August 28, 2014

General Bindings and Alpha-Equivalence in Nominal Isabelle

Programming Up-to-Congruence, Again. WG 2.8 Estes Park

Haskell: From Basic to Advanced. Part 2 Type Classes, Laziness, IO, Modules

Programming with dependent types: passing fad or useful tool?

1 The language χ. Models of Computation

Recursion. Lars-Henrik Eriksson. Functional Programming 1. Based on a presentation by Tjark Weber and notes by Sven-Olof Nyström

CS 320: Concepts of Programming Languages

15 212: Principles of Programming. Some Notes on Continuations

CS 320 Homework One Due 2/5 11:59pm

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Sections p.

Specification and Verification in Higher Order Logic

ATS: a language to make typeful programming real and fun

# true;; - : bool = true. # false;; - : bool = false 9/10/ // = {s (5, "hi", 3.2), c 4, a 1, b 5} 9/10/2017 4

Lambda Calculus and Type Inference

A Verified Simple Prover for First-Order Logic

Lambda Calculus and Type Inference

Processadors de Llenguatge II. Functional Paradigm. Pratt A.7 Robert Harper s SML tutorial (Sec II)

Inference rule for Induction

Coq Summer School, Session 2 : Basic programming with numbers and lists. Pierre Letouzey

SOFTWARE VERIFICATION AND COMPUTER PROOF (lesson 1) Enrico Tassi Inria Sophia-Antipolis

Exercise 1 ( = 18 points)

The Worker/Wrapper Transformation

Haske k ll An introduction to Functional functional programming using Haskell Purely Lazy Example: QuickSort in Java Example: QuickSort in Haskell

MLW. Henk Barendregt and Freek Wiedijk assisted by Andrew Polonsky. March 26, Radboud University Nijmegen

Unit- and Sequence Test Generation with HOL-TestGen

An introduction introduction to functional functional programming programming using usin Haskell

1.3 Primitive Recursive Predicates and Bounded Minimalization

Lecture #13: Type Inference and Unification. Typing In the Language ML. Type Inference. Doing Type Inference

Computability via Recursive Functions

Computing Fundamentals 2 Introduction to CafeOBJ

Automated Reasoning. Natural Deduction in First-Order Logic

CIS 500: Software Foundations

Programming in Omega Part 1. Tim Sheard Portland State University

CIS 500: Software Foundations

Handout 2 August 25, 2008

Exercise 1 (2+2+2 points)

Rippling: Heuristic Guidance for Inductive Proof (I) Alan Bundy. Automated Reasoning Rippling

1.3. Conditional expressions To express case distinctions like

c constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms

Coq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=

A Case Study of Co-induction in Isabelle 1

The List Datatype. CSc 372. Comparative Programming Languages. 6 : Haskell Lists. Department of Computer Science University of Arizona

4.5 Pure Linear Functional Programming

CMSC 330: Organization of Programming Languages. Functional Programming with Lists

A general introduction to Functional Programming using Haskell

Induction in Coq. Nate Foster Spring 2018

Programming Language Concepts, CS2104 Lecture 7

COMPUTER SCIENCE TRIPOS

Foundational Nonuniform (Co)datatypes for Higher-Order Logic

Embedding Cryptol in Higher Order Logic

Transcription:

Isabelle s meta-logic p.1

Basic constructs Implication = (==>) For separating premises and conclusion of theorems p.2

Basic constructs Implication = (==>) For separating premises and conclusion of theorems Equality (==) For definitions p.2

Basic constructs Implication = (==>) For separating premises and conclusion of theorems Equality (==) For definitions Universal quantifier (!!) For binding local variables p.2

Basic constructs Implication = (==>) For separating premises and conclusion of theorems Equality (==) For definitions Universal quantifier (!!) For binding local variables Do not use inside HOL formulae p.2

Notation [ A 1 ;... ; A n ] = B abbreviates A 1 =... = A n = B p.3

Notation [ A 1 ;... ; A n ] = B abbreviates A 1 =... = A n = B ; and p.3

The proof state 1. x 1... x p. [ A 1 ;... ; A n ] = B x 1... x p A 1... A n B Local constants Local assumptions Actual (sub)goal p.4

Type and function definition in Isabelle/HOL p.5

Type definition in Isabelle/HOL p.6

Introducing new types Keywords: typedecl: pure declaration types: abbreviation datatype: recursive datatype p.7

typedecl typedecl name Introduces new opaque type name without definition p.8

typedecl typedecl name Introduces new opaque type name without definition Example: typedecl addr An abstract type of addresses p.8

types types name = τ Introduces an abbreviation name for type τ p.9

types types name = τ Introduces an abbreviation name for type τ Examples: types name = string ( a, b)foo = a list b list p.9

types types name = τ Introduces an abbreviation name for type τ Examples: types name = string ( a, b)foo = a list b list Type abbreviations are expanded immediately after parsing Not present in internal representation and Isabelle output p.9

datatype p.10

The example datatype a list = Nil Cons a ( a list) Properties: Types: Nil :: a list Cons :: a a list a list Distinctness: Nil Cons x xs Injectivity: (Cons x xs = Cons y ys) = (x = y xs = ys) p.11

The general case datatype (α 1,...,α n )τ = C 1 τ 1,1...τ 1,n1... C k τ k,1...τ k,nk Types: C i :: τ i,1 τ i,ni (α 1,...,α n )τ Distinctness: C i... C j... if i j Injectivity: (C i x 1...x ni = C i y 1...y ni ) = (x 1 = y 1... x ni = y ni ) p.12

The general case datatype (α 1,...,α n )τ = C 1 τ 1,1...τ 1,n1... C k τ k,1...τ k,nk Types: C i :: τ i,1 τ i,ni (α 1,...,α n )τ Distinctness: C i... C j... if i j Injectivity: (C i x 1...x ni = C i y 1...y ni ) = (x 1 = y 1... x ni = y ni ) Distinctness and Injectivity are applied automatically Induction must be applied explicitly p.12

Function definition in Isabelle/HOL p.13

Why nontermination can be harmful How about f x = f x + 1? p.14

Why nontermination can be harmful How about f x = f x + 1? Subtract f x on both sides. = 0 = 1 p.14

Why nontermination can be harmful How about f x = f x + 1? Subtract f x on both sides. = 0 = 1! All functions in HOL must be total! p.14

Function definition schemas in Isabelle/HOL Non-recursive with definition No problem p.15

Function definition schemas in Isabelle/HOL Non-recursive with definition No problem Primitive-recursive with primrec Terminating by construction p.15

Function definition schemas in Isabelle/HOL Non-recursive with definition No problem Primitive-recursive with primrec Terminating by construction Well-founded recursion with fun Automatic termination proof p.15

Function definition schemas in Isabelle/HOL Non-recursive with definition No problem Primitive-recursive with primrec Terminating by construction Well-founded recursion with fun Automatic termination proof Well-founded recursion with function User-supplied termination proof p.15

definition p.16

Definition (non-recursive) by example definition sq :: nat nat where sq n = n * n p.17

Definitions: pitfalls definition prime :: nat bool where prime p = (1 < p (m dvd p m = 1 m = p)) p.18

Definitions: pitfalls definition prime :: nat bool where prime p = (1 < p (m dvd p m = 1 m = p)) Not a definition: free m not on left-hand side p.18

Definitions: pitfalls definition prime :: nat bool where prime p = (1 < p (m dvd p m = 1 m = p)) Not a definition: free m not on left-hand side! Every free variable on the rhs must occur on the lhs! p.18

Definitions: pitfalls definition prime :: nat bool where prime p = (1 < p (m dvd p m = 1 m = p)) Not a definition: free m not on left-hand side! Every free variable on the rhs must occur on the lhs! prime p = (1 < p ( m. m dvd p m = 1 m = p)) p.18

Using definitions Definitions are not used automatically p.19

Using definitions Definitions are not used automatically Unfolding the definition of sq: apply(unfold sq_def) p.19

primrec p.20

The example primrec app :: a list a list a list where app Nil ys = ys app (Cons x xs) ys = Cons x (app xs ys) p.21

The general case If τ is a datatype (with constructors C 1,...,C k ) then f :: τ τ can be defined by primitive recursion: f x 1...(C 1 y 1,1...y 1,n1 )...x p = r 1. f x 1...(C k y k,1...y k,nk )...x p = r k p.22

The general case If τ is a datatype (with constructors C 1,...,C k ) then f :: τ τ can be defined by primitive recursion: f x 1...(C 1 y 1,1...y 1,n1 )...x p = r 1. f x 1...(C k y k,1...y k,nk )...x p = r k The recursive calls in r i must be structurally smaller, i.e. of the form f a 1...y i,j...a p p.22

nat is a datatype datatype nat = 0 Suc nat p.23

nat is a datatype datatype nat = 0 Suc nat Functions on nat definable by primrec! primrec f :: nat... f 0 =... f(suc n) =... f n... p.23

More predefined types and functions p.24

Type option datatype a option = None Some a p.25

Type option datatype a option = None Some a Important application:... a option partial function: None no result Some a result a p.25

Type option datatype a option = None Some a Important application:... a option partial function: None no result Some a result a Example: consts lookup :: k ( k v) list v option p.25

Type option datatype a option = None Some a Important application:... a option partial function: None no result Some a result a Example: consts lookup :: k ( k v) list v option primrec lookup k [] = None p.25

Type option datatype a option = None Some a Important application:... a option partial function: None no result Some a result a Example: consts lookup :: k ( k v) list v option primrec lookup k [] = None lookup k (x#xs) = (if fst x = k then Some(snd x) else lookup k xs) p.25

case Datatype values can be taken apart with case expressions: (case xs of []... y#ys... y... ys...) p.26

case Datatype values can be taken apart with case expressions: (case xs of []... y#ys... y... ys...) Wildcards: (case xs of [] [] y#_ [y]) p.26

case Datatype values can be taken apart with case expressions: (case xs of []... y#ys... y... ys...) Wildcards: (case xs of [] [] y#_ [y]) Nested patterns: (case xs of [0] 0 [Suc n] n _ 2) p.26

case Datatype values can be taken apart with case expressions: (case xs of []... y#ys... y... ys...) Wildcards: (case xs of [] [] y#_ [y]) Nested patterns: (case xs of [0] 0 [Suc n] n _ 2) Complicated patterns mean complicated proofs! p.26

case Datatype values can be taken apart with case expressions: (case xs of []... y#ys... y... ys...) Wildcards: (case xs of [] [] y#_ [y]) Nested patterns: (case xs of [0] 0 [Suc n] n _ 2) Complicated patterns mean complicated proofs! Needs ( ) in context p.26

Proof by case distinction If t :: τ and τ is a datatype apply( case_tac t) p.27

Proof by case distinction If t :: τ and τ is a datatype apply( case_tac t) creates k subgoals t = C i x 1...x p =... one for each constructor C i of type τ. p.27

Demo: trees p.28

fun From primitive recursion to arbitrary pattern matching p.29

Example: Fibonacchi fun fib :: nat nat where fib 0 = 0 fib (Suc 0) = 1 fib (Suc(Suc n)) = fib (n+1) + fib n p.30

Example: Separation fun sep :: a a list a list where sep a [] = [] sep a [x] = [x] sep a (x#y#zs) = x # a # sep a (y#zs) p.31

Example: Ackermann fun ack :: nat nat nat where ack 0 n = Suc n ack (Suc m) 0 = ack m (Suc 0) ack (Suc m) (Suc n) = ack m (ack (Suc m) n) p.32

Key features of fun Arbitrary pattern matching p.33

Key features of fun Arbitrary pattern matching Order of equations matters p.33

Key features of fun Arbitrary pattern matching Order of equations matters Termination must be provable by lexicographic combination of size measures p.33

Size size(n::nat) = n p.34

Size size(n::nat) = n size(xs) = length xs p.34

Size size(n::nat) = n size(xs) = length xs size counts number of (non-nullary) constructors p.34

Lexicographic ordering Either the first component decreases, or it stays unchanged and the second component decreases: p.35

Lexicographic ordering Either the first component decreases, or it stays unchanged and the second component decreases: (5, 3) > (4, 7) > (4, 6) > (4, 0) > (3, 42) > p.35

Lexicographic ordering Either the first component decreases, or it stays unchanged and the second component decreases: Similar for tuples: (5, 3) > (4, 7) > (4, 6) > (4, 0) > (3, 42) > (5, 6, 3) > (4, 12, 5) > (4, 11, 9) > (4, 11, 8) > p.35

Lexicographic ordering Either the first component decreases, or it stays unchanged and the second component decreases: Similar for tuples: (5, 3) > (4, 7) > (4, 6) > (4, 0) > (3, 42) > (5, 6, 3) > (4, 12, 5) > (4, 11, 9) > (4, 11, 8) > Theorem If each component ordering terminates, then their lexicographic product terminates, too. p.35

Ackermann terminates ack 0 n = Suc n ack (Suc m) 0 = ack m (Suc 0) ack (Suc m) (Suc n) = ack m (ack (Suc m) n) p.36

Ackermann terminates ack 0 n = Suc n ack (Suc m) 0 = ack m (Suc 0) ack (Suc m) (Suc n) = ack m (ack (Suc m) n) because the arguments of each recursive call are lexicographically smaller than the arguments on the lhs. p.36

Ackermann terminates ack 0 n = Suc n ack (Suc m) 0 = ack m (Suc 0) ack (Suc m) (Suc n) = ack m (ack (Suc m) n) because the arguments of each recursive call are lexicographically smaller than the arguments on the lhs. Note: order of arguments not important for Isabelle! p.36

Computation Induction If f :: τ τ is defined by fun, a special induction schema is provided to prove P(x) for all x :: τ: p.37

Computation Induction If f :: τ τ is defined by fun, a special induction schema is provided to prove P(x) for all x :: τ: for each equation f(e) = t, prove P(e) assuming P(r) for all recursive calls f(r) in t. p.37

Computation Induction If f :: τ τ is defined by fun, a special induction schema is provided to prove P(x) for all x :: τ: for each equation f(e) = t, prove P(e) assuming P(r) for all recursive calls f(r) in t. Induction follows course of (terminating!) computation p.37

Computation Induction: Example fun div2 :: nat nat where div2 0 = 0 div2 (Suc 0) = 0 div2(suc(suc n)) = Suc(div2 n) p.38

Computation Induction: Example fun div2 :: nat nat where div2 0 = 0 div2 (Suc 0) = 0 div2(suc(suc n)) = Suc(div2 n) induction rule div2.induct: P(0) P(Suc 0) P(n) = P(Suc(Suc n)) P(m) p.38

Demo: fun p.39

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback