Functional Programming in ACL2 Jeremy Johnson Kurt Schmidt Drexel University.

Slides:



Advertisements
Similar presentations
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Advertisements

Lisp. Versions of LISP Lisp is an old language with many variants Lisp is alive and well today Most modern versions are based on Common Lisp LispWorks.
Semantics Static semantics Dynamic semantics attribute grammars
1 Programming Languages and Paradigms Lisp Programming.
Lambda Calculus and Lisp PZ03J. Lambda Calculus The lambda calculus is a model for functional programming like Turing machines are models for imperative.
Chapter 3 Functional Programming. Outline Introduction to functional programming Scheme: an untyped functional programming language.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN Chapter 3 Describing Syntax and Semantics.
Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.
Termination Analysis Math Foundations of Computer Science.
True or false A variable of type char can hold the value 301. ( F )
Slide 1 Summary Two basic concepts: variables and assignments Some C++ practical issues: division rule, operator precedence  Sequential structure of a.
C++ Programming: From Problem Analysis to Program Design, Third Edition Chapter 4: Control Structures I (Selection)
Describing Syntax and Semantics
LISP A brief overview. Lisp stands for “LISt Process” –Invented by John McCarthy (1958) –Simple data structure (atoms and lists) –Heavy use of recursion.
COMP 205 – Week 11 Dr. Chunbo Chu. Intro Lisp stands for “LISt Process” Invented by John McCarthy (1958) Simple data structure (atoms and lists) Heavy.
Propositional Calculus CS 680: Formal Methods in Verification Computer Systems Jeremy Johnson.
Equational Reasoning Math Foundations of Computer Science.
High-Level Programming Languages: C++
The ACL2 Proof Assistant Formal Methods Jeremy Johnson.
Induction Schemes Math Foundations of Computer Science.
1 Lisp Functions –Built-in functions –Defining functions –Function Evaluation and Special Forms defun, if Control statements –Conditional if, cond –Repetition.
Common lisp A functional programming language. Useful URL:
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
CS 363 Comparative Programming Languages Semantics.
# ACS 168 Structured Programming Using the Computer Chapter 2 Spring 2002 Prepared by Shirley White.
Basic LISP Programming Common LISP follows the algorithm below when interacting with users: loop read in an expression from the console; evaluate the expression;
Chapter 5: Sequences, Mathematical Induction, and Recursion 5.5 Application: Correctness of Algorithms 1 [P]rogramming reliability – must be an activity.
Introduction to ACL2 CS 680 Formal Methods for Computer Verification Jeremy Johnson Drexel University.
Predicates, Functions and Files "I suppose I should learn Lisp, but it seems so foreign." - Paul Graham, Nov 1983.
CSC1201: Programming Language 2 Lecture 1 Level 2 Course Nouf Aljaffan (C) CSC 1201 Course at KSU1.
Chapter 3 Part II Describing Syntax and Semantics.
UMBC CMSC Common Lisp II. UMBC CMSC Input and Output Print is the most primitive output function > (print (list 'foo 'bar)) (FOO BAR) The.
Milos Hauskrecht (PDF) Hieu D. Vu (PPT) LISP PROGARMMING LANGUAGE.
If Statements Programming. COMP104 Lecture 7 / Slide 2 Review: Rules for Division l C++ treats integers different than doubles. 100 is an int. l 100.0,
/ PSWLAB Evidence-Based Analysis and Inferring Preconditions for Bug Detection By D. Brand, M. Buss, V. C. Sreedhar published in ICSM 2007.
CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University
Boolean Expression Evaluation CS 270: Math Foundations of CS Jeremy Johnson.
CS Class 04 Topics  Selection statement – IF  Expressions  More practice writing simple C++ programs Announcements  Read pages for next.
Software Engineering Algorithms, Compilers, & Lifecycle.
1 Introduction to Functional Programming in Racket CS 270 Math Foundations of CS Jeremy Johnson.
1 Proving Properties of Recursive List Functions CS 270 Math Foundations of CS Jeremy Johnson.
1 Interactive Computer Theorem Proving CS294-9 October 19, 2006 Adam Chlipala UC Berkeley Lecture 9: Beyond Primitive Recursion.
Copyright © 2014 Pearson Addison-Wesley. All rights reserved. 4 Simple Flow of Control.
Artificial Intelligence and Lisp Lecture 6 LiU Course TDDC65 Autumn Semester,
Functional Programming
Lecture #5 מבוא מורחב.
Basic concepts of C++ Presented by Prof. Satyajit De
CS 550 Programming Languages Jeremy Johnson
CS 550 Programming Languages Jeremy Johnson
Propositional Calculus: Boolean Functions and Expressions
CS 326 Programming Languages, Concepts and Implementation
Modern Programming Languages Lecture 20 Fakhar Lodhi
LISP A brief overview.
Introduction to Functional Programming in Racket
Proving Properties of Recursive List Functions
Lecture #5 מבוא מורחב.
First Lecture on Introductory Lisp
Semantics In Text: Chapter 3.
Summary Two basic concepts: variables and assignments Basic types:
If Statements.
Chapter 4: Control Structures I (Selection)
LISP A brief overview.
Control Structures Part 1
Introduction to Functional Programming in Racket
Program correctness Axiomatic semantics
Common Lisp II.
Programming Languages
Lisp.
Programming Languages
Presentation transcript:

Functional Programming in ACL2 Jeremy Johnson Kurt Schmidt Drexel University

ACL2 ACL2 is a programming language, logic, and theorem prover/checker based on Common Lisp. ACL2 is a powerful system for integrated modeling, simulation, and inductive reasoning. Under expert control, it has been used to verify some of the most complex theorems to have undergone mechanical verification. 1

ACL2s (acl2s.ccs.neu.edu) Eclipse plugin (sedan version) Pure functional subset Ensure valid input Different operational modes Termination analysis Random testing and bug generation Install and test and read (ACL2s Programming Language) 2

Read-Eval-Print-Loop (REPL) ACL2s reads inputs, evaluates them and prints the result ACL2S BB !>VALUE (* 2 3) 6 ACL2S BB !> 2/11/2009Goldwasser3

A Pure Functional Language x 1 = y 1,…,x n =y n  f(x 1,…,x n ) = f(y 1,…,y n ) No side-effects, no assignments, no state, no loops Use recursion instead of iteration Still Turing complete Makes reasoning about programs easier 4

C++ Function with Side-Effects #include using namespace std; int cc() { static int x = 0; return ++x; } int main() { cout << "cc() = " << cc() << endl; } 5 % g++ count.c %./a.out cc() = 1 cc() = 2 cc() = 3

ACL2 Syntax and Semantics Atoms (symbols, booleans, rationals, strings) predicates Lists ((1 2) 3) nil, cons, first and rest Functions and function application (* 2 (+ 1 2)) if expressions (if test then else) 6

ACL2 Atoms Rationals: For example, 11,−7, 3/2,−14/15 Symbols: For example, x, var, lst, t, nil Booleans: There are two Booleans, t, denoting true and nil, denoting false Strings: For example, “hello”, “good bye” 7

Function Application (* 2 3) 6 (* 2 (+ 1 2)) 6 (numerator 2/3) 2 (f x 1 … x n ) [applicative order – evaluate all arguments and then apply f] 8

if expressions if : Boolean × All × All → All (if test then else) (if test then else) = then, when test = t (if test then else) = else, when test = nil 9

Example if expressions (if t nil t) (if nil 3 4) (if (if t nil t) 1 2) 10

Equal equal : All × All → Boolean (equal x y) is t if x = y and nil otherwise. (equal 3 nil) = nil (equal 0 0) = t (equal (if t nil t) nil) = t 11

Predicates All → Boolean booleanp symbolp integerp rationalp 12

Defining Functions (defun booleanp (x) (if (equal x t) t (equal x nil))) 13

Applying Functions (booleanp nil)  (if (equal nil t) t (equal nil nil)))  (equal nil nil)  t 14

Input/Output Contracts (defunc booleanp (x) :input-contract t :output-contract (booleanp (booleanp x)) (if (equal x t) t (equal x nil))) 15

Input/Output Contracts ic ⇒ oc For booleanp (type checking) ∀ x :: t ⇒ (booleanp (booleanp x)) ∀ x :: (if t (booleanp (booleanp x)) t) ∀ x :: (booleanp (booleanp x)) 16

Contract Checking ACL2s will not admit a function unless it can prove that every function call in its body satisfies its contract (body contract checking) and can show that it satisfies its contract (contract checking) 17

Contract Violations ACL2S BB !>VALUE (unary-/ 0) ACL2 Error in ACL2::TOP-LEVEL: The guard for the function call (UNARY-/ X), which is (COMMON-LISP::AND (RATIONALP X) (COMMON-LISP::NOT (EQUAL X 0))), is violated by the arguments in the call (UNARY-/ 0). 18

Contract Checking Example (defunc foo (a) :input-contract (integerp a) :output-contract (booleanp (foo a)) (if (posp a) (foo (- a 1)) (rest a))) 19

Boolean Functions And : Boolean × Boolean → Boolean (defunc and (a b) :input-contract (if (booleanp a) (booleanp b) nil) :output-contract (booleanp (and a b)) (if a b nil)) Verify that this implements and (if nil nil nil) = nil (if nil t nil) = nil (if t nil nil) = nil (if t t nil) = t 20

Exercise Define or using (if exp then else) Or : Boolean × Boolean → Boolean (defunc or (a b) :input-contract (and (booleanp a) (booleanp b)) :output-contract (booleanp (or a b)) ) Verify your function is correct 21

Boolean Functions Or : Boolean × Boolean → Boolean (defunc or (a b) :input-contract (and (booleanp a) (booleanp b)) :output-contract (booleanp (or a b)) (if a t b)) Verify (if nil t nil) = nil (if nil t t) = t (if t t nil) = t (if t t t) = t 22

Boolean Functions Similarly define or, not, implies, iff, and xor This shows that all boolean functions can be implemented using (if exp then else) 23

Numbers *, +, <, unary--, unary-/ (defunc unary-/ (a) :input-contract (and (rationalp a) (not (equal a 0)))...) Numerator, Denominator Exercise: Subtraction and Division 24

posp (defunc posp (a) :input-contract t :output-contract (booleanp (posp a)) (if (integerp a) (< 0 a) nil)) 25

Incorrect posp (defunc posp (a) :input-contract t :output-contract (booleanp (posp a)) (and (integerp a) (< 0 a))) 26

Recursive Function Definition ;; Given integer n, return n (defun sum-n (n) (if (equal n 0) 0 (+ n (sum-n (- n 1))))) 27

Recursive Function Application (sum-n 3)  (if (equal 3 0) 0 (+ 3 (sum-n (- 3 1)))))  (if nil 0 (+ 3 (sum-n (- 3 1))))  (+ 3 (sum-n (- 3 1)))  (+ 3 (sum-n 2)) 28

Recursive Function Application  (+ 3 (if (equal 2 0) 0 (+ 2 (sum-n (- 2 1))))))  (+ 3 (if nil 0 (+ 2 (sum-n (- 2 1)))))  (+ 3 (+ 2 (sum-n (- 2 1))))  (+ 3 (+ 2 (sum-n 1))) 29

Recursive Function Application  (+ 3 (+ 2 (sum-n 1)))  (+ 3 (+ 2 (if (equal 1 0) 0 (+ 1 (sum-n (- 1 1))))))  (+ 3 (+ 2 (if nil 0 (+ 1 (sum-n (- 1 1))))))  (+ 3 (+ 2 (+ 1 (sum-n (- 1 1)))))  (+ 3 (+ 2 (+ 1 (sum-n 0)))) 30

Recursive Function Application  (+ 3 (+ 2 (+ 1 (sum-n 0))))  (+ 3 (+ 2 (+ 1 (if (equal 0 0) 0 (+ 0 (sum-n (- 0 1)))))))  (+ 3 (+ 2 (+ 1 (if t 0 (+ 0 (sum-n (- 0 1)))))))  (+ 3 (+ 2 (+ 1 0)))  (+ 3 (+ 2 1)) = (+ 3 3) = 6 31

Termination? ACL2 will only accept functions that it can prove terminate for all inputs Does the following always terminate? ;; Given integer n, return n (defunc sum-n (n) :input-contract (integerp n) :output-contract (integerp (sum-n n)) (if (equal n 0) 0 (+ n (sum-n (- n 1))))) 32

Termination? Modify the input-contract so that sum-n does terminate for all inputs ;; Given integer n, return n (defunc sum-n (n) :input-contract (integerp n) :output-contract (integerp (sum-n n)) (if (equal n 0) 0 (+ n (sum-n (- n 1))))) 33

Termination? Modify the input-contract so that sum-n does terminate for all inputs ;; Given integer n, return n (defunc sum-n (n) :input-contract (natp n) :output-contract (integerp (sum-n n)) (if (equal n 0) 0 (+ n (sum-n (- n 1))))) 34

natp ;; Test whether the input is a natural number (integer  0) (defunc natp (a) :input-contract t :output-contract (booleanp (natp a)) (if (integerp a) (or (< 0 a) (equal a 0)) nil)) 35

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.