Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Proving Properties of Recursive List Functions CS 270 Math Foundations of CS Jeremy Johnson.

Published byImogen Summers Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Proving Properties of Recursive List Functions CS 270 Math Foundations of CS Jeremy Johnson."— Presentation transcript:

1 1 Proving Properties of Recursive List Functions CS 270 Math Foundations of CS Jeremy Johnson

2 2 Objective  To provide simple semantics for a purely functional subset of racket and to use this semantics to prove properties of racket programs.  To use structural induction to prove properties of recursive list functions (append, reverse)

3 Outline  Substitution semantics Basic axioms Definitional axiom Equational reasoning  Structural induction Proving properties of recursive functions of lists

4 4 Substitution Model of Computation  function application corresponds to substituting the argument expressions into the formal parameters of the function body  Order of evaluation Applicative vs. normal order Termination Church-Rosser

5 5 Substitution Example  (define (sqr x) (* x x))  (define (sum-of-squares x y) (+ (sqr x) (sqr y)))  (define (f a) (sum-of-squares (+ a 1) (* a 2))) [applicative order]  (f 5)  (sum-of-squares (+ 5 1) (* 5 2))  (+ (square 6) (square 10))  (+ (* 6 6) (* 10 10))  (+ 36 100)  136 [normal order]  (f 5)  (sum-of-squares (+ 5 1) (* 5 2))  (+ (square (+ 5 1)) (square (* 5 2)) )  (+ (* (+ 5 1) (+ 5 1)) (* (* 5 2) (* 5 2)))  (+ (* 6 6) (* 10 10))  (+ 36 100)

6 6 Order Matters (define (p) (p)) (define (test x y) (if (= x 0) 0 y)) (test 0 (p))

7 7 Equational Reasoning  Prove equivalence of racket expressions by repeatedly replacing subexpressions by equivalent subexpressions until the two expressions are equal  Axioms for built-in functions  Definitional axiom  Properties of equality

8 Equality  x = y ⇒ (equal? x y) = #t  x  y ⇒ (equal? x y) = #f  = is an equivalence relation  Reflexive x = x  Symmetric x = y  y = x  Transitive x = y  y = z  x = z (chain together a sequence of equations)  Equality Axiom Schema for Functions  (x 1 = y 1 ∧  ∧ x n = y n ) ⇒ (f x 1  x n ) = (f y 1  y n )  To reason about constants, we can use evaluation

9 Axioms  (first (cons x y)) = x  (rest (cons x y)) = y Otherwise null  (cons? (cons x y)) = #t Otherwise #f  (null? null) = #t Otherwise #f  x = #f ⇒ (if x y z) = z  x  #f ⇒ (if x y z) = y

10 Contracts ; input-contract ic ; output-contract oc (define (f x 1... x n ) body)  Input contract – input assumptions  Output contract – guarantees provided by outputs  Body contracts – input contracts must be satisfied for all function calls

11 Definitional Axiom ; input-contract ic ; output-contract oc (define (f x 1... x n ) body)  If the function f is admissible Add definitional axiom for f: ic  [(f x 1... x n ) = body] Add contract theorem for f: ic  oc

12 Definitional Principle ; input-contract ic ; output-contract oc (define (f x 1... x n ) body)  The function f is admissible f is a new function (no other axioms about f) x i ’s are distinct body is a term, possibly using f, but with no free variables other than x i ’s f is terminating ic  oc is a theorem body contracts hold under assumption of ic

13 Soundness and Termination (define (f x) ;input-contract (natural? x) ;output-contract (natural? (f x)) (+ 1 (f x)))  The definitional axiom for f leads to unsound logic (natural? x)  x  x+1 [property of natural numbers] (natural? (f x))  (f x)  (+ 1 (f x)) [instantiate above] (natural? x)  (f x)  (+ 1 (f x)) [from ic  oc] (natural x)  (f x) = (+ 1 (f x)) [from def axiom] (natural x)  #f [from p  p = #f]

14 Structural Induction  When using induction on recursively defined data structures like lists you can induct on the size of the data structure = to the number of calls to the constructors.  When trying to show a property for a data structure of a given size, you can assume that the property holds when making a recursive call on a smaller data structure. You must make sure that the property holds for all constructors including base cases.  With lists (rest …) will return a smaller data structure (at least one fewer cons)  Structural induction allows you to induct on the recursive data structure without being explicit about the size provided the IH is applied to smaller objects.

15 Length ; Input: l is a list ; Output: a non-negative integer = length of l (define (length l) (if (null? l) 0 (+ 1 (length (rest l))) ))  Properties 1.(length null) = 0 2.(length (cons x y)) = (+ 1 (length y)) 15

16 Proof of Properties of Length  Proof (length null) =  (if (null? null) 0 (+ 1 (length (rest null))))  (if #t 0 (+ (length (rest null))))  0 (length (cons x y))  (if (null? (cons x y)) 0 (+ 1 (length (rest (cons x y)))))  (if #f 0 (+ 1 (length (rest (cons x y)))))  (+ 1 (length (rest (cons x y))))  (+ 1 (length y)) 16

17 Output Contract  (define (natural? x) (if (integer? x) (or (> x 0) (= x 0)) #f))  (list? x)  (natural? (length x)) Proof by induction. Base case x = null. (length x) = 0 Assume (list? (rest x))  (natural? (length (rest x))) (natural? (length x))  (natural? (+ 1 (length (rest x))))  (and (natural? 1) (natural? (length (rest x)))) [(rest x) is a list since x is a list, hence, by IH and sum of two natural numbers is natural] 17

18 Append ; inputs: x, y are lists ; output: a list whose elements are those of x followed by y (define (append x y) (if (null? x) y (cons (first x) (append (rest x) y))))  Properties 1.(and (list? x) (list? y))  (list? (append x y)) 2.(append null y) = y 3.x  null  (first (append x y)) = (first x) 4.(append x null) = x 5.(length (append x y)) = (+ (length x) (length y)) 6.(append x (append y z)) = (append (append x y) z) 18

19 Proof of Property 2 (append null y)  (if (null? null) y (cons (first x) (append (rest x) y))))  (if #t y (cons (first x) (append (rest x) y))))  y

20 Proof of Property 3  (null? x)  (first (append x y)) = (first x)  (first (append x y))  (first (if (null? x) y (cons (first x) (append (rest x) y))))  (first (if #f y (cons (first x) (append (rest x) y))))  (first (cons (first x) (append (rest x) y)))  (first x)

21 Proof of Property 4  Show (append x null) = x using structural induction  Base case. x = null. In this case, (append null null) returns null = x.  By induction assume recursive call satisfies the property [note (rest x) is smaller than x] I.E. (append (rest x) null) = (rest x)  Thus (append x null) returns (cons (first x) (rest x)) = x

22 Proof of Property 5  Show (length (append x y) = (+ (length x) (length y)) using structural induction on x Base case. x = null. (append null y) = y and (length y) = (+ (length null) (length y)) By induction assume recursive call satisfies the property  (length (append (rest x) y) = (+ (length (rest x)) (length y)) Thus (length (append x y)) = (length (cons (first x) (append (rest x) y)) = (+ 1 (length (rest x)) + (length y)) = (+ (length x) (length y))

23 Proof of Property 6  Show (append x (append y z)) = (append (append x y) z) Base case. x = null. (append null (append y z)) = (append y z) = (append (append null y) z) Assume property holds for (rest x)  (append (append x y) z)  (append (cons (first x) (append (rest x) y)) z) [by def]  (cons (first x) (append (append (rest x) y) z)) [by def]  (cons (first x) (append (rest x) (append y z))) [by IH]  (append (cons (first x) (rest x)) (append y z)) [by def]  (append x (append y z)) [by property of cons]

24 Reverse (define (reverse l) (if (null? l) null (append (reverse (rest l)) (cons (first l) null))))  Properties 1.(list? l)  (list? (reverse l)) 2.(length (reverse x)) = (length x) 3.(reverse (append x y)) = (append (reverse y) (reverse x)) 4.(reverse (reverse x)) = x 24

25 Proof of Property 2  Show (length (rev x)) = (length x) Base case. x = null. (length (rev null))  (length null) Assume property holds for (rest x)  (length (rev x))  (length (append (rev (rest x)) (cons (first x) null))) [def rev]  (length (rev (rest x)) + (length (cons (first x) null)) [prop 5 of app]  (length (rest x)) + (length (cons (first x) null)) [IH]  (length (rest x)) + 1 [evaluation]  (length (cons (first x) (rest x)) [prop 2 of length]  (length x) [axiom for cons]

26 Proof of Property 3  Show (rev (append x y)) = (append (rev y) (rev x))  Base case. x = null. (rev (append null y)) = (rev y) = (append (rev y) null) = (append (rev y) (rev null))  Assume property holds for (rest x)  (rev (append x y))  (rev (cons (first x) (append (rest x) y)) [def apppend]  (append (rev (append (rest x) y)) (cons (first x) null)) [def rev]  (append (append (rev y) (rev (rest x))) (cons (first x) null)) [IH]  (append (rev y) (append (rev (rest x)) (cons (first x) null))) [prop app]  (append (rev y) (rev x)) [def of rev]

27 Proof of Property 4  Show (rev (rev x)) = x  Base case. x = null. (rev (rev null)) = (rev null) = null  Assume property holds for (rest x)  (rev (rev x))  (rev (append (rev (rest x)) (cons (first x) null))) [def rev]  (append (rev (cons (first x) null)) (rev (rev (rest x)))) [property 2 of rev]  (append (cons (first x) null) (rev (rev (rest x)))) [def of rev]  (append (cons (first x) null) (rest x)) [IH]  (cons (first x) (append null (rest x))) [def of app]  (cons (first x) (rest x)) = x [def of app and prop of cons]

Download ppt "1 Proving Properties of Recursive List Functions CS 270 Math Foundations of CS Jeremy Johnson."

Similar presentations

Introduction to Proofs

Introduction to Proofs
1 Programming Languages (CS 550) Mini Language Interpreter Jeremy R. Johnson.

1 Programming Languages (CS 550) Mini Language Interpreter Jeremy R. Johnson.
Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.

Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.
Types of Logic Circuits

Types of Logic Circuits
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
1 Programming Languages (CS 550) Lecture Summary Functional Programming and Operational Semantics for Scheme Jeremy R. Johnson.

1 Programming Languages (CS 550) Lecture Summary Functional Programming and Operational Semantics for Scheme Jeremy R. Johnson.
Copyright © Cengage Learning. All rights reserved. CHAPTER 5 SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION.

Copyright © Cengage Learning. All rights reserved. CHAPTER 5 SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION.
Induction and recursion

Induction and recursion
Termination Analysis Math Foundations of Computer Science.

Termination Analysis Math Foundations of Computer Science.
0 PROGRAMMING IN HASKELL Chapter 7 - Higher-Order Functions.

0 PROGRAMMING IN HASKELL Chapter 7 - Higher-Order Functions.
Catriel Beeri Pls/Winter 2004/5 inductive-revisited 1 Inductive definitions revisited  Generated and Freely generated sets oPattern match, unification.

Catriel Beeri Pls/Winter 2004/5 inductive-revisited 1 Inductive definitions revisited  Generated and Freely generated sets oPattern match, unification.
Sequence A list of objects arranged in a particular order.

Sequence A list of objects arranged in a particular order.
Induction and recursion

Induction and recursion
1.3 – AXIOMS FOR THE REAL NUMBERS. Goals  SWBAT apply basic properties of real numbers  SWBAT simplify algebraic expressions.

1.3 – AXIOMS FOR THE REAL NUMBERS. Goals  SWBAT apply basic properties of real numbers  SWBAT simplify algebraic expressions.
Propositional Calculus CS 680: Formal Methods in Verification Computer Systems Jeremy Johnson.

Propositional Calculus CS 680: Formal Methods in Verification Computer Systems Jeremy Johnson.
Equational Reasoning Math Foundations of Computer Science.

Equational Reasoning Math Foundations of Computer Science.
MATH 224 – Discrete Mathematics

MATH 224 – Discrete Mathematics
The ACL2 Proof Assistant Formal Methods Jeremy Johnson.

The ACL2 Proof Assistant Formal Methods Jeremy Johnson.
 2003 Prentice Hall, Inc. All rights reserved. 1 Functions and Recursion Outline Function Templates Recursion Example Using Recursion: The Fibonacci Series.

 2003 Prentice Hall, Inc. All rights reserved. 1 Functions and Recursion Outline Function Templates Recursion Example Using Recursion: The Fibonacci Series.
Introduction to Proofs

Introduction to Proofs

Similar presentations

Ads by Google