Recursion C ONTENT D ATATYPES Intro & motivation, getting - PowerPoint PPT Presentation

L AST T IME ➜ Sets in Isabelle ➜ Inductive Definitions ➜ Rule induction NICTA Advanced Course ➜ Fixpoints Slide 1 Theorem Proving Slide 3 Principles, Techniques, Applications ➜ Isar: induct and cases Recursion C ONTENT D ATATYPES ➜ Intro & motivation, getting started with Isabelle Example: datatype ’a list = Nil | Cons ’a ”’a list” ➜ Foundations & Principles • Lambda Calculus • Higher Order Logic, natural deduction Properties: • Term rewriting Slide 2 Slide 4 ➜ Constructors: ➜ Proof & Specification Techniques Nil :: ’a list • Inductively defined sets, rule induction Cons :: ’a ⇒ ’a list ⇒ ’a list • Datatypes, recursion, induction ➜ Distinctness: Nil � = Cons x xs • Calculational reasoning, mathematics style proofs ➜ Injectivity: (Cons x xs = Cons y ys) = (x = y ∧ xs = ys) • Hoare logic, proofs about programs L AST T IME 1 T HE G ENERAL C ASE 2

T HE G ENERAL C ASE D ATATYPE L IMITATIONS Must be definable as set. datatype ( α 1 , . . . , α n ) τ = C 1 τ 1 , 1 . . . τ 1 ,n 1 | . . . ➜ Infinitely branching ok. | C k τ k, 1 . . . τ k,n k ➜ Mutually recursive ok. ➜ Stricly positive (left of function arrow) occurence ok. ➜ Constructors: C i :: τ i, 1 ⇒ . . . ⇒ τ i,n i ⇒ ( α 1 , . . . , α n ) τ Slide 5 Slide 7 ➜ Distinctness: C i . . . � = C j . . . if i � = j Not ok: ➜ Injectivity: ( C i x 1 . . . x n i = C i y 1 . . . y n i ) = ( x 1 = y 1 ∧ . . . ∧ x n i = y n i ) datatype t = C (t ⇒ bool) | D ((bool ⇒ t) ⇒ bool) | E ((t ⇒ bool) ⇒ bool) Distinctness and Injectivity applied automatically Because: Cantor’s theorem ( α set is larger than α ) H OW IS THIS T YPE D EFINED ? C ASE Every datatype introduces a case construct, e.g. datatype ’a list = Nil | Cons ’a ”’a list” ( case xs of [] ⇒ . . . | y # ys ⇒ ... y ... ys ... ) ➜ internally defined using typedef ➜ hence: describes a set In general: one case per constructor Slide 6 Slide 8 ➜ set = trees with constructors as nodes ➜ inductive definition to characterize which trees belong to datatype ➜ Same order of cases as in datatype ➜ No nested patterns (e.g. x # y # zs ) More detail: Datatype Universe.thy (But nested cases) ➜ Needs () in context D ATATYPE L IMITATIONS 3 C ASES 4

C ASES apply (case tac t ) creates k subgoals Slide 9 Slide 11 R ECURSION [ [ t = C i x 1 . . . x p ; . . . ] ] = ⇒ . . . one for each constructor C i W HY NONTERMINATION CAN BE HARMFUL How about f x = f x + 1 ? Subtract f x on both sides. Slide 10 Slide 12 D EMO = ⇒ 0 = 1 All functions in HOL must be total ! ! 5 P RIMITIVE R ECURSION 6

P RIMITIVE R ECURSION H OW DOES THIS W ORK ? primrec just fancy syntax for a recursion operator Example: primrec guarantees termination structurally list rec :: ”’b ⇒ (’a ⇒ ’a list ⇒ ’b ⇒ ’b) ⇒ ’a list ⇒ ’b” list rec f 1 f 2 Nil = f 1 Example primrec def: list rec f 1 f 2 (Cons x xs ) = f 2 x xs ( list rec f 1 f 2 xs ) app ≡ list rec ( λys. ys ) ( λx xs xs ′ . λys. Cons x ( xs ′ ys )) Slide 13 Slide 15 consts app :: ”’a list ⇒ ’a list ⇒ ’a list” primrec Defined: automatically, first inductively (set), then by epsilon ”app Nil ys = ys” ”app (Cons x xs) ys = Cons x (app xs ys)” ( xs, xs ′ ) ∈ list rel f 1 f 2 ( Nil , f 1 ) ∈ list rel f 1 f 2 ( Cons x xs, f 2 x xs xs ′ ) ∈ list rel f 1 f 2 list rec f 1 f 2 xs ≡ SOME y. ( xs, y ) ∈ list rel f 1 f 2 T HE G ENERAL C ASE If τ is a datatype (with constructors C 1 , . . . , C k ) then f :: τ ⇒ τ ′ can be defined by primitive recursion : f ( C 1 y 1 , 1 . . . y 1 ,n 1 ) = r 1 . Slide 14 . Slide 16 P REDEFINED D ATATYPES . f ( C k y k, 1 . . . y k,n k ) = r k The recursive calls in r i must be structurally smaller (of the form f a 1 . . . y i,j . . . a p ) H OW DOES THIS W ORK ? 7 8 NAT IS A DATATYPE

NAT IS A DATATYPE datatype nat = 0 | Suc nat Functions on nat definable by primrec! Slide 17 Slide 19 primrec D EMO : PRIMREC f 0 = ... f ( Suc n ) = ... f n ... O PTION datatype ’a option = None | Some ’a Important application: ’b ⇒ ’a option ∼ partial function: None ∼ no result Slide 18 Slide 20 Some a ∼ result a I NDUCTION Example: consts lookup :: ’k ⇒ (’k × ’v) list ⇒ ’v option primrec lookup k [] = None lookup k (x #xs) = (if fst x = k then Some (snd x) else lookup k xs) 9 S TRUCTURAL INDUCTION 10

S TRUCTURAL INDUCTION E XAMPLE P xs holds for all lists xs if A tail recursive list reverse: ➜ P Nil ➜ and for arbitrary x and xs , P xs = ⇒ P ( x # xs ) consts itrev :: ’a list ⇒ ’a list ⇒ ’a list primrec Induction theorem list.induct: Slide 21 Slide 23 itrev [] ys = ys [ P []; V a list. P list = [ ⇒ P ( a # list )] ] = ⇒ P list itrev ( x # xs ) ys = itrev xs ( x # ys ) ➜ General proof method for induction: (induct x) • x must be a free variable in the first subgoal. lemma itrev xs [] = rev xs • type of x must be a datatype. B ASIC HEURISTICS Theorems about recursive functions are proved by induction Induction on argument number i of f Slide 22 Slide 24 D EMO : P ROOF A TTEMPT if f is defined by recursion on argument number i E XAMPLE 11 G ENERALISATION 12

G ENERALISATION D ATATYPE CASE DISTINCTION proof (cases term ) case Constructor 1 Replace constants by variables . . . next lemma itrev xs ys = rev xs @ ys . . . next Slide 25 Slide 27 case (Constructor k � x ) Quantify free variables by ∀ · · · � x · · · (except the induction variable) qed lemma ∀ ys. itrev xs ys = rev xs @ ys case (Constructor i � x ) ≡ fix � x assume Constructor i : ” term = Constructor i � x ” S TRUCTURAL INDUCTION FOR TYPE NAT show P n proof (induct n ) case 0 ≡ let ? case = P 0 . . . show ? case Slide 26 Slide 28 I SAR next case (Suc n ) ≡ fix n assume Suc: P n . . . let ? case = P ( Suc n ) · · · n · · · show ? case qed D ATATYPE CASE DISTINCTION 13 S TRUCTURAL INDUCTION WITH = ⇒ AND � 14

W E HAVE SEEN TODAY ... S TRUCTURAL INDUCTION WITH = ⇒ AND � show ” � x. A n = ⇒ P n ” ➜ Datatypes proof (induct n ) case 0 ≡ fix x assume 0: ” A 0 ” ➜ Primite Recursion . . . let ? case = ” P 0 ” ➜ Case distinction show ? case ➜ Induction Slide 29 Slide 31 next case (Suc n ) ≡ fix n and x assume Suc: ” � x. A n = . . . ⇒ P n ” · · · n · · · ” A ( Suc n ) ” . . . let ? case = ” P ( Suc n ) ” show ? case qed E XERCISES ➜ look at http://isabelle.in.tum.de/library/HOL/ Datatype_Universe.html ➜ define a primitive recursive function listsum :: nat list ⇒ nat that returns the sum of the elements in a list. Slide 30 Slide 32 ➜ show ” 2 ∗ listsum [0 ..n ] = n ∗ ( n + 1) ” D EMO ➜ show ” listsum ( replicate n a ) = n ∗ a ” ➜ define a function listsumT using a tail recursive version of listsum. ➜ show that the two functions are equivalent: listsum xs = listsumT xs W E HAVE SEEN TODAY ... 15 N EXT L ECTURE 16

N EXT L ECTURE Nicolas Magaud on Slide 33 The Coq System Monday 15:00 – 16:30 N EXT L ECTURE 17