Presentation is loading. Please wait.

Presentation is loading. Please wait.

Functional Programming in ACL2 Jeremy Johnson Kurt Schmidt Drexel University.

Published byEugenia Kathleen McCormick Modified over 7 years ago

Similar presentations

Presentation on theme: "Functional Programming in ACL2 Jeremy Johnson Kurt Schmidt Drexel University."— Presentation transcript:

1 Functional Programming in ACL2 Jeremy Johnson Kurt Schmidt Drexel University

2 ACL2 www.cs.utexas.edu/~moore/acl2 ACL2 is a programming language, logic, and theorem prover/checker based on Common Lisp. ACL2 is a powerful system for integrated modeling, simulation, and inductive reasoning. Under expert control, it has been used to verify some of the most complex theorems to have undergone mechanical verification. 1

3 ACL2s (acl2s.ccs.neu.edu) Eclipse plugin (sedan version) Pure functional subset Ensure valid input Different operational modes Termination analysis Random testing and bug generation Install and test and read (ACL2s Programming Language) 2

4 Read-Eval-Print-Loop (REPL) ACL2s reads inputs, evaluates them and prints the result ACL2S BB !>VALUE (* 2 3) 6 ACL2S BB !> 2/11/2009Goldwasser3

5 A Pure Functional Language x 1 = y 1,…,x n =y n  f(x 1,…,x n ) = f(y 1,…,y n ) No side-effects, no assignments, no state, no loops Use recursion instead of iteration Still Turing complete Makes reasoning about programs easier 4

6 C++ Function with Side-Effects #include using namespace std; int cc() { static int x = 0; return ++x; } int main() { cout << "cc() = " << cc() << endl; } 5 % g++ count.c %./a.out cc() = 1 cc() = 2 cc() = 3

7 ACL2 Syntax and Semantics Atoms (symbols, booleans, rationals, strings) predicates Lists ((1 2) 3) nil, cons, first and rest Functions and function application (* 2 (+ 1 2)) if expressions (if test then else) 6

8 ACL2 Atoms Rationals: For example, 11,−7, 3/2,−14/15 Symbols: For example, x, var, lst, t, nil Booleans: There are two Booleans, t, denoting true and nil, denoting false Strings: For example, “hello”, “good bye” 7

9 Function Application (* 2 3) 6 (* 2 (+ 1 2)) 6 (numerator 2/3) 2 (f x 1 … x n ) [applicative order – evaluate all arguments and then apply f] 8

10 if expressions if : Boolean × All × All → All (if test then else) (if test then else) = then, when test = t (if test then else) = else, when test = nil 9

11 Example if expressions (if t nil t) (if nil 3 4) (if (if t nil t) 1 2) 10

12 Equal equal : All × All → Boolean (equal x y) is t if x = y and nil otherwise. (equal 3 nil) = nil (equal 0 0) = t (equal (if t nil t) nil) = t 11

13 Predicates All → Boolean booleanp symbolp integerp rationalp 12

14 Defining Functions (defun booleanp (x) (if (equal x t) t (equal x nil))) 13

15 Applying Functions (booleanp nil)  (if (equal nil t) t (equal nil nil)))  (equal nil nil)  t 14

16 Input/Output Contracts (defunc booleanp (x) :input-contract t :output-contract (booleanp (booleanp x)) (if (equal x t) t (equal x nil))) 15

17 Input/Output Contracts ic ⇒ oc For booleanp (type checking) ∀ x :: t ⇒ (booleanp (booleanp x)) ∀ x :: (if t (booleanp (booleanp x)) t) ∀ x :: (booleanp (booleanp x)) 16

18 Contract Checking ACL2s will not admit a function unless it can prove that every function call in its body satisfies its contract (body contract checking) and can show that it satisfies its contract (contract checking) 17

19 Contract Violations ACL2S BB !>VALUE (unary-/ 0) ACL2 Error in ACL2::TOP-LEVEL: The guard for the function call (UNARY-/ X), which is (COMMON-LISP::AND (RATIONALP X) (COMMON-LISP::NOT (EQUAL X 0))), is violated by the arguments in the call (UNARY-/ 0). 18

20 Contract Checking Example (defunc foo (a) :input-contract (integerp a) :output-contract (booleanp (foo a)) (if (posp a) (foo (- a 1)) (rest a))) 19

21 Boolean Functions And : Boolean × Boolean → Boolean (defunc and (a b) :input-contract (if (booleanp a) (booleanp b) nil) :output-contract (booleanp (and a b)) (if a b nil)) Verify that this implements and (if nil nil nil) = nil (if nil t nil) = nil (if t nil nil) = nil (if t t nil) = t 20

22 Exercise Define or using (if exp then else) Or : Boolean × Boolean → Boolean (defunc or (a b) :input-contract (and (booleanp a) (booleanp b)) :output-contract (booleanp (or a b)) ) Verify your function is correct 21

23 Boolean Functions Or : Boolean × Boolean → Boolean (defunc or (a b) :input-contract (and (booleanp a) (booleanp b)) :output-contract (booleanp (or a b)) (if a t b)) Verify (if nil t nil) = nil (if nil t t) = t (if t t nil) = t (if t t t) = t 22

24 Boolean Functions Similarly define or, not, implies, iff, and xor This shows that all boolean functions can be implemented using (if exp then else) 23

25 Numbers *, +, <, unary--, unary-/ (defunc unary-/ (a) :input-contract (and (rationalp a) (not (equal a 0)))...) Numerator, Denominator Exercise: Subtraction and Division 24

26 posp (defunc posp (a) :input-contract t :output-contract (booleanp (posp a)) (if (integerp a) (< 0 a) nil)) 25

27 Incorrect posp (defunc posp (a) :input-contract t :output-contract (booleanp (posp a)) (and (integerp a) (< 0 a))) 26

28 Recursive Function Definition ;; Given integer n, return 0+1+2+...+n (defun sum-n (n) (if (equal n 0) 0 (+ n (sum-n (- n 1))))) 27

29 Recursive Function Application (sum-n 3)  (if (equal 3 0) 0 (+ 3 (sum-n (- 3 1)))))  (if nil 0 (+ 3 (sum-n (- 3 1))))  (+ 3 (sum-n (- 3 1)))  (+ 3 (sum-n 2)) 28

30 Recursive Function Application  (+ 3 (if (equal 2 0) 0 (+ 2 (sum-n (- 2 1))))))  (+ 3 (if nil 0 (+ 2 (sum-n (- 2 1)))))  (+ 3 (+ 2 (sum-n (- 2 1))))  (+ 3 (+ 2 (sum-n 1))) 29

31 Recursive Function Application  (+ 3 (+ 2 (sum-n 1)))  (+ 3 (+ 2 (if (equal 1 0) 0 (+ 1 (sum-n (- 1 1))))))  (+ 3 (+ 2 (if nil 0 (+ 1 (sum-n (- 1 1))))))  (+ 3 (+ 2 (+ 1 (sum-n (- 1 1)))))  (+ 3 (+ 2 (+ 1 (sum-n 0)))) 30

32 Recursive Function Application  (+ 3 (+ 2 (+ 1 (sum-n 0))))  (+ 3 (+ 2 (+ 1 (if (equal 0 0) 0 (+ 0 (sum-n (- 0 1)))))))  (+ 3 (+ 2 (+ 1 (if t 0 (+ 0 (sum-n (- 0 1)))))))  (+ 3 (+ 2 (+ 1 0)))  (+ 3 (+ 2 1)) = (+ 3 3) = 6 31

33 Termination? ACL2 will only accept functions that it can prove terminate for all inputs Does the following always terminate? ;; Given integer n, return 0+1+2+...+n (defunc sum-n (n) :input-contract (integerp n) :output-contract (integerp (sum-n n)) (if (equal n 0) 0 (+ n (sum-n (- n 1))))) 32

34 Termination? Modify the input-contract so that sum-n does terminate for all inputs ;; Given integer n, return 0+1+2+...+n (defunc sum-n (n) :input-contract (integerp n) :output-contract (integerp (sum-n n)) (if (equal n 0) 0 (+ n (sum-n (- n 1))))) 33

35 Termination? Modify the input-contract so that sum-n does terminate for all inputs ;; Given integer n, return 0+1+2+...+n (defunc sum-n (n) :input-contract (natp n) :output-contract (integerp (sum-n n)) (if (equal n 0) 0 (+ n (sum-n (- n 1))))) 34

36 natp ;; Test whether the input is a natural number (integer  0) (defunc natp (a) :input-contract t :output-contract (booleanp (natp a)) (if (integerp a) (or (< 0 a) (equal a 0)) nil)) 35

Download ppt "Functional Programming in ACL2 Jeremy Johnson Kurt Schmidt Drexel University."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Lisp. Versions of LISP Lisp is an old language with many variants Lisp is alive and well today Most modern versions are based on Common Lisp LispWorks.

Lisp. Versions of LISP Lisp is an old language with many variants Lisp is alive and well today Most modern versions are based on Common Lisp LispWorks.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
1 Programming Languages and Paradigms Lisp Programming.

1 Programming Languages and Paradigms Lisp Programming.
Lambda Calculus and Lisp PZ03J. Lambda Calculus The lambda calculus is a model for functional programming like Turing machines are models for imperative.

Lambda Calculus and Lisp PZ03J. Lambda Calculus The lambda calculus is a model for functional programming like Turing machines are models for imperative.
Chapter 3 Functional Programming. Outline Introduction to functional programming Scheme: an untyped functional programming language.

Chapter 3 Functional Programming. Outline Introduction to functional programming Scheme: an untyped functional programming language.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Fall 20021 Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.

Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.
Termination Analysis Math Foundations of Computer Science.

Termination Analysis Math Foundations of Computer Science.
True or false A variable of type char can hold the value 301. ( F )

True or false A variable of type char can hold the value 301. ( F )
Slide 1 Summary Two basic concepts: variables and assignments Some C++ practical issues: division rule, operator precedence  Sequential structure of a.

Slide 1 Summary Two basic concepts: variables and assignments Some C++ practical issues: division rule, operator precedence  Sequential structure of a.
C++ Programming: From Problem Analysis to Program Design, Third Edition Chapter 4: Control Structures I (Selection)

C++ Programming: From Problem Analysis to Program Design, Third Edition Chapter 4: Control Structures I (Selection)
Describing Syntax and Semantics

Describing Syntax and Semantics
LISP A brief overview. Lisp stands for “LISt Process” –Invented by John McCarthy (1958) –Simple data structure (atoms and lists) –Heavy use of recursion.

LISP A brief overview. Lisp stands for “LISt Process” –Invented by John McCarthy (1958) –Simple data structure (atoms and lists) –Heavy use of recursion.
COMP 205 – Week 11 Dr. Chunbo Chu. Intro Lisp stands for “LISt Process” Invented by John McCarthy (1958) Simple data structure (atoms and lists) Heavy.

COMP 205 – Week 11 Dr. Chunbo Chu. Intro Lisp stands for “LISt Process” Invented by John McCarthy (1958) Simple data structure (atoms and lists) Heavy.
Propositional Calculus CS 680: Formal Methods in Verification Computer Systems Jeremy Johnson.

Propositional Calculus CS 680: Formal Methods in Verification Computer Systems Jeremy Johnson.
Equational Reasoning Math Foundations of Computer Science.

Equational Reasoning Math Foundations of Computer Science.
High-Level Programming Languages: C++

High-Level Programming Languages: C++
The ACL2 Proof Assistant Formal Methods Jeremy Johnson.

The ACL2 Proof Assistant Formal Methods Jeremy Johnson.

Similar presentations

Ads by Google