© 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.

Slides:



Advertisements
Similar presentations
Programmed Strategies for Program Verification Richard B. Kieburtz OHSU/OGI School of Science and Engineering and Portland State University.
Advertisements

ANSI Common Lisp 3. Lists 20 June Lists Conses List Functions Trees Sets Stacks Dotted Lists Assoc-lists.
Tom Schrijvers K.U.Leuven, Belgium with Manuel Chakravarty, Martin Sulzmann and Simon Peyton Jones.
Lisp. Versions of LISP Lisp is an old language with many variants Lisp is alive and well today Most modern versions are based on Common Lisp LispWorks.
Cs7120 (Prasad)L22-MetaPgm1 Meta-Programming
A university for the world real R © 2009, Chapter 3 Advanced Synchronization Moe Wynn Wil van der Aalst Arthur ter Hofstede.
Lists in Lisp and Scheme a. Lists are Lisp’s fundamental data structures, but there are others – Arrays, characters, strings, etc. – Common Lisp has moved.
Scheme in Scheme. Why implement Scheme in Scheme  Implementing a language is a good way to learn more about programming languages  Interpreters are.
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
1 Programming Languages and Paradigms Lisp Programming.
A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
Functional programming: LISP Originally developed for symbolic computing Main motivation: include recursion (see McCarthy biographical excerpt on web site).
Type Inference David Walker COS 441. Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs useful.
Functional programming: LISP Originally developed for symbolic computing First interactive, interpreted language Dynamic typing: values have types, variables.
Introduction to Logic for Artificial Intelligence Lecture 1 Erik Sandewall 2010.
After today Week 9 –Tu: Pat Rondon –Th: Ravi/Nathan Week 10 –Tu: Nathan/Ravi –Th: Class canceled Finals week –Th: Zach, John.
Rahman Lavaee Mashhadi Mohammad Shadravan. Conditional expressions LISP was the first language to contain a conditional expression In Fortran and Pascal.
Ofer Strichman, Technion 1 Decision Procedures in First Order Logic Part II – Equality Logic and Uninterpreted Functions.
Propositional Calculus CS 680: Formal Methods in Verification Computer Systems Jeremy Johnson.
Equational Reasoning Math Foundations of Computer Science.
Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila
Array.
The ACL2 Proof Assistant Formal Methods Jeremy Johnson.
Boolean Algebra – the ‘Lingua Franca’ of the Digital World The goal of developing an automata is based on the following (loosely described) ‘ideal’: if.
Induction Schemes Math Foundations of Computer Science.
Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.
Natural deduction of logical proofs Kalish & Montegue: a set of heuristics for doing logical proofs Introduction rules –not introduction, and introduction,
Basic Lisp CIS 479/579 Bruce R. Maxim UM-Dearborn.
1 Lisp Functions –Built-in functions –Defining functions –Function Evaluation and Special Forms defun, if Control statements –Conditional if, cond –Repetition.
Functional Programming in Scheme and Lisp. Overview In a functional programming language, functions are first class objects. You can create them, put.
Cs7120 (Prasad)L9-RECUR-IND1 Recursion and Induction.
© Kenneth C. Louden, Chapter 11 - Functional Programming, Part III: Theory Programming Languages: Principles and Practice, 2nd Ed. Kenneth C. Louden.
2012: J Paul GibsonTSP: MSC SAI Mathematical FoundationsMAT7003.ProofsWithRodin.1 MAT 7003 : Mathematical Foundations (for Software Engineering) J Paul.
Functional Programming and Lisp. Overview In a functional programming language, functions are first class objects. In a functional programming language,
TSC Workshop, May 2008, U Oklahoma 1 Teaching Software Correctness May 13-15, 2008, University of Oklahoma Rex Page, U Assistants Carl.
 Architecture and Description Of Module Architecture and Description Of Module  KNOWLEDGE BASE KNOWLEDGE BASE  PRODUCTION RULES PRODUCTION RULES 
Second-Order Functions and Theorems in ACL2 Alessandro Coglio Workshop 2015 Kestrel Institute.
COP4020 Programming Languages Functional Programming Prof. Xin Yuan.
Basic LISP Programming Common LISP follows the algorithm below when interacting with users: loop read in an expression from the console; evaluate the expression;
Page 1 Advanced Technology Center HCSS 03 – April 2003 vFaat: von Neumann Formal Analysis and Annotation Tool David Greve Dr. Matthew Wilding Rockwell.
© Kenneth C. Louden, Chapter 11 - Functional Programming, Part III: Theory Programming Languages: Principles and Practice, 2nd Ed. Kenneth C. Louden.
Software Synthesis with ACL2 Eric Smith Kestrel Institute ACL2 Workshop 2015.
Introduction to ACL2 CS 680 Formal Methods for Computer Verification Jeremy Johnson Drexel University.
Ceg860 (Prasad)LADT1 Specification and Implementation of Abstract Data Types Algebraic Techniques.
LISP Data Types Functional Programming Academic Year Alessandro Cimatti
CSE Winter 2008 Introduction to Program Verification January 31 proofs through simplification.
Ch. 13 Ch. 131 jcmt CSE 3302 Programming Languages CSE3302 Programming Languages (notes?) Dr. Carter Tiernan.
Concepts and Realization of a Diagram Editor Generator Based on Hypergraph Transformation Author: Mark Minas Presenter: Song Gu.
Daniel Kroening and Ofer Strichman Decision Procedures An Algorithmic Point of View Deciding Combined Theories.
Functional Programming: Lisp MacLennan Chapter 10.
CS104:Discrete Structures Chapter 2: Proof Techniques.
EEL 5937 Content languages EEL 5937 Multi Agent Systems Lecture 10, Feb. 6, 2003 Lotzi Bölöni.
Boolean Expression Evaluation CS 270: Math Foundations of CS Jeremy Johnson.
An ACL2 Library for Bags (Multisets) Eric Smith*, Serita Nelesen*, David Greve, Matthew Wilding, and Raymond Richards Rockwell Collins Advanced Technology.
Ch Ch jcmt CSE 3302 Programming Languages CSE3302 Programming Languages (n-n-n-notes) Summer 2003 Dr. Carter Tiernan.
1 Interactive Computer Theorem Proving CS294-9 October 19, 2006 Adam Chlipala UC Berkeley Lecture 9: Beyond Primitive Recursion.
Functional Programming in ACL2 Jeremy Johnson Kurt Schmidt Drexel University.
Modular Decomposition, Abstraction and Specifications
CS 550 Programming Languages Jeremy Johnson
Introduction to Logic for Artificial Intelligence Lecture 2
Example of formula (defun roots (a b c) (list
The DE Language Erik Reeber 6/30/04.
Introduction to Logic for Artificial Intelligence Lecture 1
Relatively Complete Refinement Type System for Verification of Higher-Order Non-deterministic Programs Hiroshi Unno (University of Tsukuba) Yuki Satake.
The Metacircular Evaluator (Continued)
John McCarthy Pioneer in AI Also Lisp Formalize common-sense reasoning
6.001 SICP Data Mutation Primitive and Compound Data Mutators
Functional Programming: Lisp
Lisp.
Presentation transcript:

© 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006

2 Rockwell Collins, Inc. Congruences (Unplumbed) Congruence-based Rewriting –Built-In to ACL2 –Treats Certain Predicate Relations “just like equality” –Use Relations to Define Rewrite Rules What is the “Big Deal”? –Provides Strong Normalization (Near) Minimal Representations –Scalable Defined Locally Used Globally –Context Sensitive Simple Rules Rule-Chaining

3 Rockwell Collins, Inc. Normalizing list-Based Set Expressions (defthm member-cons-duplicates (iff (member a (cons x (cons x y))) (member a (cons x y)))) (defthm member-cons-duplicates-2 (iff (member a (cons z (cons x (cons x y)))) (member a (cons z (cons x y))))) Removing Duplicate Updates.. But What About..

4 Rockwell Collins, Inc. Normalizing list-Based Set Expressions (cont) Rewrite Rules Are not Sufficiently Powerful –Infinite number of rules Syntactic Simplification –:meta and bind-free –A Better Solution –Don’t Scale well Specific to a set of functions (Defined Globally) Difficult to extend to user defined functions Congruence-based Rewriting –More powerful than rewrite rules –More scalable than syntactic techniques

5 Rockwell Collins, Inc. 3 Steps to Using Congruence-based Rewriting Defining Rewriting Contexts –defequiv Proving Driver Rules –Using equivalence relations Establishing Congruences –defcong

6 Rockwell Collins, Inc. Rewriting Context Obviously (cons x (cons x y)) is not equal to (cons x y), But they are equivalent in “the second argument of member” So we can replace one with the other in that context (defthm member-cons-duplicates (iff (member a (cons x (cons x y))) (member a (cons x y)))) (cons x (cons x y)) (cons x y)

7 Rockwell Collins, Inc. Defining a Rewriting Context ACL2 Generalizes this notion –“the second argument of member” Uses Equivalence Relations –Formalize essential properties of “the second argument of member” Formally Introduced in ACL2 via defequiv –(defequiv set-equiv) –Associates equivalence relation with a rewriting context (and (booleanp (set-equiv x y)) (set-equiv x x) (implies (set-equiv x y) (set-equiv y x)) (implies (and (set-equiv x y) (set-equiv y z)) (set-equiv x z)))

8 Rockwell Collins, Inc. Driver Rules Rewrite rules employing equivalence relations –Does not rewrite set-equiv to true –Replaces (cons x (cons x y)) with (cons x y) –In a set-equiv rewriting context Driver Rules –Concise, Automatic, Unconstrained –Enhanced Normalization (defthm set-equiv-cons-cons-driver (set-equiv (cons x (cons x y)) (cons x y)))

9 Rockwell Collins, Inc. Congruences Driver Rules –Only Applied in specific rewriting contexts Congruence Rules –Establish rewriting contexts –Indicate when it is sound to use specified equivalence relations Restricted –No hypotheses, Single function instance (defthm set-equiv-implies-iff-in-2 (implies (set-equiv x y) (iff (member a x) (member a y))) :rule-classes (:congruence)) (defcong set-equiv iff (member a x) 2) (defcong set-equiv set-equiv (cons a x) 2)

10 Rockwell Collins, Inc. Congruence-based Rewriting: Synopsys Rewriting contexts –Characterized by equivalence relations Driver Rules –Apply context-sensitive simplifications Congruence Rules –Chain from one context to another Congruence-based Rewriting –More powerful than rewrite rules –More scalable than syntactic techniques (defequiv set-equiv) (defthm set-equiv-cons-cons-driver (set-equiv (cons x (cons x y)) (cons x y))) (defcong set-equiv iff (member a x) 2) (defcong set-equiv set-equiv (cons a x) 2)

11 Rockwell Collins, Inc. Removing Nested mod.. But What About.. Normalizing modular Arithmetic Expressions (defthm mod-+-mod-1 (equal (mod (+ (mod x N) y) N) (mod (+ x y) N))) (defthm mod-+-mod-nest (equal (mod (+ x (mod y N) z) N) (mod (+ x y z) N)))

12 Rockwell Collins, Inc. Normalizing Modular Arithmetic Expressions (cont) Rewrite Rules Are not Sufficiently Powerful –Infinite number of rules Syntactic Simplification (arithmetic-3) –:meta and bind-free –A Better Solution –Don’t Scale well Specific to a set of functions (Defined Globally) Difficult to extend to user defined functions Congruence-based Rewriting (?) –More powerful than rewrite rules –More scalable than syntactic techniques

13 Rockwell Collins, Inc. 3 Steps to Using Congruence-based Rewriting Defining Rewriting Contexts –defequiv Proving Driver Rules –Using equivalence relations Establishing Congruences –defcong

14 Rockwell Collins, Inc. Our equivalence relations is parameterized by N: ALC2 doesn’t support parameterized equivalances (!) –Genequiv defines currently active rewriting context Argument to rewriter Identifies “active” equivalence relations Driver rules can fire if their equivalence relation is in genequiv Congruence rules program genequiv –Could be extended Equivalence relation + parameter terms Substantial change to ACL2 Defining the Rewriting Context (defun mod-equiv (x y N) (equal (mod x N) (mod y N)))

15 Rockwell Collins, Inc. Parameterized Congruences with nary The nary Library –Developed to Address this Shortcoming –Emulates Parameterized Congruences –Provides Convenient Macros Three Steps to using nary –Defining Parameterized Rewriting Contexts defcontext –Proving Parameterized Driver Rules Using context functions –Establishing Parameterized Congruences defcong+

16 Rockwell Collins, Inc. Parameterized Rewriting Context –Implemented using Parameterized Context (Fixing) Functions –“mod” is one such function Context Functions Serve two primary purposes –Method for imposing context on a term To simplify x in a “mod N” context, we simplify (mod x N) –Act as Triggers for Driver rules Any rule matching (mod x N) is a “mod N” driver rule Parameterized Equivalence Reduction Assumption –Context Function Captures Interaction between equated terms and parameters –Equivalence Relation Captures Interaction between “fixed” values Parameterized Rewriting Context (equal (nary-equiv x y a1 a2 a3) (equiv (nary-ctx x a1 a2 a3) (nary-ctx y a1 a2 a3)))

17 Rockwell Collins, Inc. Parameterized Driver Rules Rewrite rules employing parameterized context function (defthm mod-N-N (implies (and (integerp N) (not (equal N 0))) (equal (mod N N) 0))

18 Rockwell Collins, Inc. Parameterized Congruences Parameterized Congruence Rules –Cause terms to be reduced in Parameterized Rewriting Contexts –Heart of nary Library –Binding Hypotheses –Bind-Free (defthm nary-cong-rule (implies (equal x (mod a N)) (equal (mod (+ a b) N) (mod (+ x b) N))) (defthm set-equiv-implies-iff-in-2 (implies (set-equiv x y) (iff (member a x) (member a y))) :rule-classes (:congruence))

19 Rockwell Collins, Inc. nary Parameterized Congruence Rules (defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N)))) Guard Hypotheses

20 Rockwell Collins, Inc. nary Parameterized Congruence Rules (defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N)))) Binding Hypotheses

21 Rockwell Collins, Inc. nary Parameterized Congruence Rules (defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N)))) Produced by Defcontext Macro. Searching for terms like (mod x N) (defcontext (mod x N) 1) (defun mod_unfix (wrap N wrap? X) (if (and (consp wrap) (equal (car wrap) ‘mod) (equal (caddr wrap) N)) (list (cons wrap? ‘(quote t)) (cons x (cadr wrap))) (list (cons wrap? ‘(quote nil)) (cons x wrap)))

22 Rockwell Collins, Inc. nary Parameterized Congruence Rules (defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N)))) wrap? Tells us if wrap was of the form (mod Q N). If it was, x is bound to Q and wrap? Is bound to true. Otherwise, x is bound to the value of wrap and wrap? Is false.

23 Rockwell Collins, Inc. nary Parameterized Congruence Rules (defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N)))) Logical test to ensure correctness of syntactic transformation.

24 Rockwell Collins, Inc. nary Parameterized Congruence Rules (defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N)))) Make sure we have actually simplified something.

25 Rockwell Collins, Inc. nary Parameterized Congruence Rules (defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N)))) Check the type of the result.

26 Rockwell Collins, Inc. nary Parameterized Congruence Rules (defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N)))) Replace “a” with the value obtained by simplifying “a” in a “mod N” context.

27 Rockwell Collins, Inc. Congruence-based Rewriting: Synopsys Parameterized Rewriting contexts –Characterized by context functions Parameterized Driver Rules –Trigger on context functions Parameterized Congruence Rules –Simplify terms in selected context. Parameterized Congruence-based Rewriting –Extends Standard Congruence- baed Rewriting to parameterized equivalences. (defcontext (mod x N) 1) (defthm mod-N-N (equal (mod (mod x N) N) (mod x N))) (defcong+ mod-+-cong (mod (+ a b) N) :hyps (and (rationalp-guard a b N) (not (equal N 0))) :cong ((a (equal x (mod a N))) (b (equal y (mod b N)))) :check (rationalp-guard x y))

28 Rockwell Collins, Inc. Example Application (defcontext (mod x N) 1) (defthm mod-N-N (equal (mod (mod x N) N) (mod x N))) (defcong+ mod-+-cong (mod (+ a b) N) :hyps (and (rationalp-guard a b N) (not (equal N 0))) :cong ((a (equal x (mod a N))) (b (equal y (mod b N)))) :check (rationalp-guard x y)) (defthm foo1-prop (equal (mod (foo1 x n) n) (mod x n))) (defcong+ foo2-cong (mod (foo2 x) n) :cong ((x (equal a (mod x n))))) (defthm mod-+-normalization (implies (and (rationalp-guard a b c d e N) (not (equal n 0))) (equal (mod (+ a (mod b n) (foo1 c n) (foo2 (+ (mod d n) (mod e n)))) n) (mod (+ a b c (foo2 (+ d e))) n))))

29 Rockwell Collins, Inc. Definition/Use Analysis (defun copy-nth* (list st1 st2) (if (null list) st2 (update-nth (car list) (nth (car list) st1) (copy-nth* (cdr list) st1 st2))) (defun use (list st) (copy-nth* list st nil)) (defthm use-over-update-nth (implies (not (member (nfix b) list)) (equal (use list (update-nth b v st)) (use list st)))) (defcontext (use list st) 2) (defcong+ use-update-nth-cong (use list (update-nth a v x)) :cong ((x (equal z (use list x))))) (defcong+ nth-foo-use (nth a (foo st)) :cong ((st (equal z (use (foo-use) st)))) :hyps (member (nfix a) (foo-def))) (defthm du-properties (and (member 0 (foo-def)) (not (member 3 (foo-use))))) (defthm test-nth-foo (equal (nth 0 (foo (update-nth a w (update-nth 3 v st)))) (nth 0 (foo (update-nth a w st)))))

30 Rockwell Collins, Inc. Conclusion Congruence-based Rewriting –Built In to ACL2 –More powerful than rewrite rules –More scalable than syntactic techniques –Unplumbed Parameterized Congruence-based Rewriting –Enabled (Emulated) via nary Library –Applicable to variety of Domains Modular Arithmetic Definition/Use Analysis

31 Rockwell Collins, Inc. A Challenge Problem For every function satisfying the properties of an equivalance relation: There exists a fixing function such that: (defthm equiv-reduction (equal (equiv x y) (equal (fix x) (fix y)))) (and (booleanp (equiv x y)) (equiv x x) (implies (equiv x y) (equiv y x)) (implies (and (equiv x y) (equiv y z)) (equiv x z)))

32 Rockwell Collins, Inc. Generalized (Parameterized) Congruences (defthm generalized-cong-rule (implies (< x a) (equal (foo x) (foo a))))

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.