Presentation is loading. Please wait.

Presentation is loading. Please wait.

Recursion and Induction

Published byAubrey Newton Modified over 5 years ago

Similar presentations

Presentation on theme: "Recursion and Induction"— Presentation transcript:

1 Recursion and Induction
Illustrates foundations of theorem proving Kinds of activity that systems like HOL, NQTHM, LARCH, PVS indulge in. Handware Verification. cs776 (Prasad) L13Induction

2 Define sets by induction n  N  succ(n)  N
zero  N n  N  succ(n)  N Define functions on sets by recursion  n  N : plus(zero, n) = n  m, n  N : plus(succ(m), n) = succ(plus(m,n)) Prove properties about the defined functions using principle of structural induction. Data structures are usually defined using seed elements and constructor functions (closure operations). E.g., Lists, Trees, etc. In the context of imperative programming, we introduce pre-post conditions to formalize the intent of the program and use loop invariants and induction on the number of iterations to prove properties of iterative code. Measure of complexity : structure cs776 (Prasad) L13Induction

3 Example 0 + n = n (obvious) n + 0 = n (not so obvious!) Prove that the two rules for “+” are adequate to rewrite (n+0) to n. (Induction on the structure of the first argument) Show that “+” is commutative, that is, (x + y) = (y + x). Motivation To ensure that sufficient relevant information has been encoded for automated reasoning. Have we encoded relevant and sufficient information for the symbol manipulation system to run and for us to rely on the conclusions generated by the automated system? Even though + is commutative, the amount of computation necessary for evaluating 5+1 is not the same as that for 1+5. This asymmetry becomes explicit in the proof. cs776 (Prasad) L13Induction

4 Induction Proof Definition of “+”
0 + m = m s(n) + m = s(n+m) Proof that 0 is the identity w.r.t. + 0+m = m+0 = m Basis: = 0 Induction Hypothesis:  k >= 0: k + 0 = k Induction Step: Show s(k) + 0 = s(k) s(k) + 0 = s(k + 0) (*rule 2*) = s(k) (*ind hyp*) Conclusion: By principle of mathematical induction m N: m + 0 = m sound and complete ; termination Commutativity dependence: 0 + 2 = : Axiom 2 + 0 = s(1 + 0) = Dependence requires etc previous row, which is the induction hypothesis cs776 (Prasad) L13Induction

5 Induction Hypothesis: Induction Step: s(k)+n = n+s(k) s(k)+n
Basis: n : n + 0 = n n : 0 + n = n n: n + 0 = n + 0 Induction Hypothesis:  k >= 0, n : k + n = n + k Induction Step: s(k)+n = n+s(k) s(k)+n = (*rule2*) s(k+n) = (*ind. hyp.*) s(n+k) = (*rule2*) s(n)+k (* STUCK!!! our goal: n+s(k) *) So prove the auxiliary result. s(k)+n = k+s(n) n The proof does not strictly proceed row by row because the problem does not simplify that way. However, the auxiliary result captures the precise dependence. rule1 and rule2 refer to the definition of “+”. 2 + 2 = s(1 + 2) = s(s(0 + 2)) = s(3) = Dependence: requires 1 + 2, 0 + 2, etc = s(1 + 10) = s(10+1) induction hypothesis creates a sub-problem with large row number. Moving one … Proof proceeds row by row m cs776 (Prasad) L13Induction

6 =(*ind.hyp.*) s(j+s(m)) =(*rule2*) s(j)+s(m) Overall result s(k) + n
Auxiliary result s(i)+ m = i+s(m) Basis: s(0) + m = (*rule2*) s(0 + m) = (*rule1*) s(m) = (*rule1*) 0 + s(m) Induction step: s(s(j)) + m =(*rule2*) s(s(j)+m) =(*ind.hyp.*) s(j+s(m)) =(*rule2*) s(j)+s(m) Overall result s(k) + n =(*auxiliary result*) k + s(n) =(*induction hyp.*) s(n) + k n + s(k) (* End of proof of commutativity *) Semi-automatic approach to theorem proving: manual generation of hypothesis automation of mundane labor intensive, monotonous steps cs776 (Prasad) L13Induction

7 Motivation for formal proofs
In mathematics, proving theorems enhances our understanding of the domain of discourse and our faith in the formalization. In automated theorem proving, these results demonstrate the adequacy of the formal description and the symbol manipulation system. These properties also guide the design of canonical forms for (optimal) representation of expressions and for proving equivalence. associativity: parenthesis unnecessary (lists) commutativity: permutation invariant (sort) identity: delete elements zero : collapse Ensure that formalization faithfully captures the relevant aspects of the domain of discourse. cs776 (Prasad) L13Induction

8 Semantic Equivalence vs Syntactic Identity
Machines can directly test only syntactic identity. Several distinct expressions can have the same meaning (value) in the domain of discourse. To formally establish their equivalence, the domain is first axiomatized, by providing axioms (equations) that characterize (are satisfied by) the operations. In practice, an equational specification is transformed into a set of rewrite rules, to normalize expressions (into a canonical form). (Cf. Arithmetic Expression Evaluation) cs776 (Prasad) L13Induction

9 Induction Principle for Lists
P(xs) holds for any finite list xs if: P([]) holds, and Whenever P(xs) holds, it implies that for every x, P(x::xs) also holds. Prove: filter p (map f xs) = map f (filter (p o f) xs) Structural Induction on lists is related to traditional Mathematical Induction on the length of the list. cs776 (Prasad) L13Induction

10 Basis: Induction Step: then x:: (filter (p o f) xs)
filter p (map f []) = filter p [] = [] map f(filter (p o f) []) = map f []= [] Induction Step: map f (filter (p o f) (x::xs)) = map f (if ((p o f) x) then x:: (filter (p o f) xs) else filter (p o f) xs ) case 1: (p o f) x = true case 2: (p o f) x = false cs776 (Prasad) L13Induction

11 case 1: case 2: map f ( x:: (filter (p o f) xs) )
= f x :: map f (filter (p o f) xs) = f x :: filter p (map f xs) (* induction hypothesis *) = filter p (f x :: map f xs) (* p (f x) holds *) = filter p (map f (x::xs)) case 2: filter p (map f (x::xs)) (* p (f x) does not hold *) = filter p (map f xs) = map f ( filter (p o f) xs ) cs776 (Prasad) L13Induction

12 Tailoring Induction Principle
fun interval m n = if m > n then [] else m:: interval (m+1) n (* Quantity (n-m) reduces at each recursive call. *) Basis: P(m,n) holds for m > n Induction step: P(m,n) holds for m <= n, given that P(m+1,n) holds. cs776 (Prasad) L13Induction

13 Induction Proof with Auxiliaries
fun xs = xs | xs = y:: fun rev [] = [] | rev (x::xs) = (rev [x]; Prove : rev (rev xs) = xs Basis: rev (rev []) = rev [] = [] Induction step: rev(rev (y::ys)) = rev ( (rev [y] ) = (* via auxiliary result *) y :: ( rev (rev ys) ) = y :: ys (* ind. hyp. *) cs776 (Prasad) L13Induction

14 Auxiliary result rev ( zs @ [z] ) = z:: rev zs Induction Step:
rev [z]) = rev ( u :: [z])) def *) = (rev [u] (* rev def*) = (z :: (rev [u] (* ind hyp *) = z :: ((rev [u]) def *) = z :: rev (u::us) (* rev def*) (*Creativity required in guessing a suitable auxiliary result.*) Use grid to better appreciate how the computation simplifies expression. cs776 (Prasad) L13Induction

15 Weak Induction vs Strong Induction
datatype exp = Var of string | Op of exp * exp; Prove that the number of occurrences of the constructors in a legal exp are related thus: #Var(e) = #Op(e) + 1 To show this result, we need the result on all smaller exps, not just the exps whose “node count” or “height” is one less. Motivates Strong/Complete Induction Principle. cs776 (Prasad) L13Induction

16 McCarthy’s 91-function fun f x = if x > 100 then x - 10
else f(f(x+11)) else 91 Need well-founded induction; To show the equivalence of the two definitions, we need to understand how the recursion unwinds. (In a typical definition, the complexity of a definition (in terms of the number of steps to rewrite a call to the primitive values) is obvious from the structure. In this example, that ordering is unintuitive.) cs776 (Prasad) L13Induction

17 Is f total? fun f x = if (x mod 2) = 0 then x div 2 else f(f(3*x+1))
View integers as (2i + 1) 2^k - 1?? That is, ODD*2^k - 1 let x = (2i + 1) 2^k - 1 f(f(3*x + 1)) = f(f(3*(2i+1)*2^k -3 +1)) = f(3*(2i+1)*2^{k-1}-1) That is, OTHER_ODD*2^(k-1) - 1 (ind. hyp.) (basis) k=0: even numbers (2*i+1)-1 => terminates View int x as (2i + 1) 2^k - 1 cs776 (Prasad) L13Induction

Download ppt "Recursion and Induction"

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Functional Programming Lecture 13 - induction on lists.

Functional Programming Lecture 13 - induction on lists.
Cs7120 (Prasad)L22-MetaPgm1 Meta-Programming

Cs7120 (Prasad)L22-MetaPgm1 Meta-Programming
Computing Fundamentals 2 Introduction to CafeOBJ Lecturer: Patrick Browne Lecture Room: K408 Lab Room: A308 Based on work by: Nakamura Masaki, João Pascoal.

Computing Fundamentals 2 Introduction to CafeOBJ Lecturer: Patrick Browne Lecture Room: K408 Lab Room: A308 Based on work by: Nakamura Masaki, João Pascoal.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
© M. Winter COSC 4P41 – Functional Programming 10. 1 Testing vs Proving Testing –uses a set of “typical” examples, –symbolic testing, –may find errors,

© M. Winter COSC 4P41 – Functional Programming Testing vs Proving Testing –uses a set of “typical” examples, –symbolic testing, –may find errors,
Chapter 11 Proof by Induction. Induction and Recursion Two sides of the same coin.  Induction usually starts with small things, and then generalizes.

Chapter 11 Proof by Induction. Induction and Recursion Two sides of the same coin.  Induction usually starts with small things, and then generalizes.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Predicate Transformers

Predicate Transformers
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CS 355 – Programming Languages

CS 355 – Programming Languages
CS466 (Prasad)L1Sets1 Introduction Language: Set of Strings.

CS466 (Prasad)L1Sets1 Introduction Language: Set of Strings.
Describing Syntax and Semantics

Describing Syntax and Semantics
Programming Language Semantics Denotational Semantics Chapter 5 Part III Based on a lecture by Martin Abadi.

Programming Language Semantics Denotational Semantics Chapter 5 Part III Based on a lecture by Martin Abadi.
Induction and recursion

Induction and recursion
The ACL2 Proof Assistant Formal Methods Jeremy Johnson.

The ACL2 Proof Assistant Formal Methods Jeremy Johnson.
Reading and Writing Mathematical Proofs

Reading and Writing Mathematical Proofs
Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 2: Operational Semantics I Roman Manevich Ben-Gurion University.

Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 2: Operational Semantics I Roman Manevich Ben-Gurion University.

Similar presentations

Ads by Google