C ONTENT A PPLYING A R EWRITE R ULE l Intro & motivation, - PowerPoint PPT Presentation

L AST T IME ➜ Introducing new Types ➜ Equations and Term Rewriting ➜ Confluence and Termination of reduction systems NICTA Advanced Course ➜ Term Rewriting in Isabelle Slide 1 Slide 3 Theorem Proving Principles, Techniques, Applications ➜ First structured proofs (Isar) − → C ONTENT A PPLYING A R EWRITE R ULE ➜ l − ➜ Intro & motivation, getting started with Isabelle → r applicable to term t [ s ] if there is substitution σ such that σ l = s ➜ Foundations & Principles ➜ Result: t [ σ r ] • Lambda Calculus ➜ Equationally: t [ s ] = t [ σ r ] • Higher Order Logic, natural deduction • Term rewriting Slide 2 Slide 4 Example: ➜ Proof & Specification Techniques Rule: 0 + n − → n • Inductively defined sets, rule induction • Datatypes, recursion, induction Term: a + (0 + ( b + c )) • Calculational reasoning, mathematics style proofs Substitution: σ = { n �→ b + c } • Hoare logic, proofs about programs Result: a + ( b + c ) L AST T IME 1 C ONDITIONAL T ERM R EWRITING 2

C ONDITIONAL T ERM R EWRITING P REPROCESSING Preprocessing (recursive) for maximal simplification power: Rewrite rules can be conditional: ¬ A �→ A = False [ [ P 1 . . . P n ] ] = ⇒ l = r A − → B �→ A = ⇒ B A ∧ B �→ is applicable to term t [ s ] with σ if A , B ∀ x. A x �→ A ? x ➜ σ l = s and Slide 5 Slide 7 A �→ A = True ➜ σ P 1 , . . . , σ P n are provable by rewriting. Example: ( p − → q ∧ ¬ r ) ∧ s �→ p = ⇒ q = True r = False s = True R EWRITING WITH A SSUMPTIONS Last time: Isabelle uses assumptions in rewriting. Can lead to non-termination. Example: lemma ” f x = g x ∧ g x = f x = ⇒ f x = 2 ¨ Slide 6 Slide 8 D EMO simp use and simplify assumptions (simp (no asm)) ignore assumptions (simp (no asm use)) simplify , but do not use assumptions (simp (no asm simp)) use , but do not simplify assumptions P REPROCESSING 3 C ASE SPLITTING WITH SIMP 4

C ASE SPLITTING WITH SIMP M ORE C ONGRUENCE Sometimes useful, but not used automatically (slowdown): P ( if A then s else t ) [ P = P ′ ; P ′ = ⇒ ( P ∧ Q ) = ( P ′ ∧ Q ′ ) = conj cong : [ ⇒ Q = Q ′ ] ] = ( A − → P s ) ∧ ( ¬ A − → P t ) Context for if-then-else: Automatic if cong : [ [ b = c ; c = ⇒ x = u ; ¬ c = ⇒ y = v ] ] = ⇒ Slide 9 Slide 11 ( if b then x else y ) = ( if c then u else v ) P ( case e of 0 ⇒ a | Suc n ⇒ b ) = ( e = 0 − → P a ) ∧ ( ∀ n. e = Suc n − → P b ) Prevent rewriting inside then-else (default): if weak cong : b = c = ⇒ ( if b then x else y ) = ( if c then x else y ) Manually: apply (simp split: nat.split) ➜ declare own congruence rules with [cong] attribute Similar for any data type t: t.split ➜ delete with [cong del] C ONGRUENCE R ULES O RDERED REWRITING Problem: x + y − → y + x does not terminate congruence rules are about using context Solution: use permutative rules only if term becomes Example : in P − → Q we could use P to simplify terms in Q lexicographically smaller. For = ⇒ hardwired (assumptions used in rewriting) Example: b + a ❀ a + b but not a + b ❀ b + a . Slide 10 For other operators expressed with conditional rewriting. Slide 12 For types nat, int etc: [ P = P ′ ; P ′ = → Q ) = ( P ′ − Example : [ ⇒ Q = Q ′ ] ] = ⇒ ( P − → Q ′ ) • lemmas add ac sort any sum ( + ) Read : to simplify P − → Q • lemmas times ac sort any product ( ∗ ) ➜ first simplify P to P ′ ➜ then simplify Q to Q ′ using P ′ as assumption Example: apply (simp add: add ac) yields ➜ the result is P ′ − → Q ′ ( b + c ) + a ❀ · · · ❀ a + ( b + c ) M ORE C ONGRUENCE 5 AC R ULES 6

AC R ULES B ACK TO C ONFLUENCE Example for associative-commutative rules: Last time: confluence in general is undecidable. Associative : ( x ⊙ y ) ⊙ z = x ⊙ ( y ⊙ z ) But: confluence for terminating systems is decidable! Problem: overlapping lhs of rules. Commutative : x ⊙ y = y ⊙ x Definition: These 2 rules alone get stuck too early (not confluent). Let l 1 − → r 1 and l 2 − → r 2 be two rules with disjoint variables. Slide 13 Slide 15 Example: ( z ⊙ x ) ⊙ ( y ⊙ v ) They form a critical pair if a non-variable subterm of l 1 unifies with l 2 . We want: ( z ⊙ x ) ⊙ ( y ⊙ v ) = v ⊙ ( x ⊙ ( y ⊙ z )) Example: We get: ( z ⊙ x ) ⊙ ( y ⊙ v ) = v ⊙ ( y ⊙ ( x ⊙ z )) Rules: (1) f x − → a (2) g y − → b (3) f ( g z ) − → b Critical pairs: We need: AC rule x ⊙ ( y ⊙ z ) = y ⊙ ( x ⊙ z ) (1) (3) (1)+(3) { x �→ g z } a ← − f g t − → b (3) (2) If these 3 rules are present for an AC operator (3)+(2) { z �→ y } b ← − f g t − → b Isabelle will order terms correctly C OMPLETION (1) f x − → a (2) g y − → b (3) f ( g z ) − → b is not confluent But it can be made confluent by adding rules! How: join all critical pairs Slide 14 Slide 16 D EMO Example: (1) (3) (1)+(3) { x �→ g z } a ← − f g t − → b ∗ shows that a = b (because a ← → b ), so we add a − → b as a rule This is the main idea of the Knuth-Bendix completion algorithm. B ACK TO C ONFLUENCE 7 8

L AST T IME ON I SAR ➜ basic syntax ➜ proof and qed ➜ assume and show ➜ from and have Slide 17 Slide 19 D EMO : W ALDMEISTER ➜ the three modes of Isar O RTHOGONAL R EWRITING S YSTEMS B ACKWARD AND F ORWARD Backward reasoning: . . . have ” A ∧ B ” proof Definitions: ➜ proof picks an intro rule automatically A rule l − → r is left-linear if no variable occurs twice in l . ➜ conclusion of rule must unify with A ∧ B A rewrite system is left-linear if all rules are. Forward reasoning: . . . A system is orthogonal if it is left-linear and has no critical pairs. assume AB: ” A ∧ B ” Slide 18 Slide 20 from AB have ” . . . ” proof Orthogonal rewrite systems are confluent ➜ now proof picks an elim rule automatically ➜ triggered by from Application: functional programming languages ➜ first assumption of rule must unify with AB General case: from A 1 . . . A n have R proof ➜ first n assumptions of rule must unify with A 1 . . . A n ➜ conclusion of rule must unify with R L AST T IME ON I SAR 9 F IX AND O BTAIN 10

F IX AND O BTAIN F ANCY A BBREVIATIONS fix v 1 . . . v n this = the previous fact proved or assumed Introduces new arbitrary but fixed variables then = from this ( ∼ parameters, � ) thus = then show Slide 21 Slide 23 hence = then have with A 1 . . . A n = from A 1 . . . A n this obtain v 1 . . . v n where < prop > < proof > ?thesis = the last enclosing goal statement Introduces new variables together with property M OREOVER AND U LTIMATELY have X 1 : P 1 . . . have P 1 . . . have X 2 : P 2 . . . moreover have P 2 . . . . . . . . . have X n : P n . . . moreover have P n . . . Slide 22 Slide 24 D EMO from X 1 . . . X n show . . . ultimately show . . . wastes lots of brain power on names X 1 . . . X n F ANCY A BBREVIATIONS 11 G ENERAL C ASE D ISTINCTIONS 12

G ENERAL C ASE D ISTINCTIONS show formula proof - have P 1 ∨ P 2 ∨ P 3 < proof > moreover { assume P 1 . . . have ?thesis < proof > } { assume P 2 . . . have ?thesis < proof > } moreover Slide 25 Slide 27 D EMO moreover { assume P 3 . . . have ?thesis < proof > } ultimately show ?thesis by blast qed { . . . } is a proof block similar to proof ... qed { assume P 1 . . . have P < proof > } stands for P 1 = ⇒ P M IXING PROOF STYLES W E HAVE LEARNED TODAY ... from . . . ➜ Conditional term rewriting have . . . ➜ Congruence and AC rules apply - make incoming facts assumptions ➜ More on confluence apply (. . . ) . . ➜ Completion . Slide 26 Slide 28 apply (. . . ) ➜ Isar: fix, obtain, abbreviations, moreover, ultimately done 13 E XERCISES 14

E XERCISES ➜ Find critical pairs for your DNF solution from last time ➜ Complete rules to a terminating, confluent system ➜ Add AC rules for ∧ and ∨ ➜ Decide (( C ∨ B ) ∧ A ) = ( ¬ ( A ∧ B ) − → C ∧ A ) with these simp-rules Slide 29 ➜ Give an Isar proof of the rich grandmother theorem (automated methods allowed, but proof must be explaining) E XERCISES 15