Presentation is loading. Please wait.

Presentation is loading. Please wait.

Induction Schemes Math Foundations of Computer Science.

Published byHarvey Bates Modified over 8 years ago

Similar presentations

Presentation on theme: "Induction Schemes Math Foundations of Computer Science."— Presentation transcript:

1 Induction Schemes Math Foundations of Computer Science

2 Topics  Induction Example  Induction scheme over the naturals  Termination  Reduction to equational reasoning  ACL2 proof  General Induction Schemes  Induction scheme over lists  Induction over recursively defined data structures

3 nind (defunc nind (n) :input-contract (natp n) :output-contract t (if (equal n 0) 0 (nind (- n 1))))  This function is admissible. Given a natural number n it counts down to 0 and returns, therefore it is terminating.

4 Induction Scheme over Naturals  Every terminating function gives rise to an induction scheme 1.(not (natp n)) ⇒  2.(natp n) ∧ (equal n 0) ⇒  3.(natp n) ∧ (not (equal n 0)) ∧  | ((n n-1)) ⇒   (1) and (2) are base cases and (3) is the induction hypothesis  More powerful than case analysis since you can use assume the induction hypothesis

5 Why does Induction Work?  By (1)  holds for (not (natp n))  By (2)  | ((n 0))  By (3)  (natp 1) ∧ (not (equal 1 0)) ∧  | ((n 0)) ⇒  | ((n 1))  (natp 2) ∧ (not (equal 2 0)) ∧  | ((n 1)) ⇒  | ((n 2))  (natp 3) ∧ (not (equal 3 0)) ∧  | ((n 2)) ⇒  | ((n 3))  …

6 sum (defunc sum (n) :input-contract (natp n) :output-contract (integerp (sum n)) (if (equal n 0) 0 (+ n (sum (- n 1)))))  Conjecture. (sum n) = n*(n+1)/2

7 Induction Scheme for sum  Theorem. (natp n) ⇒ (equal (sum n) (/ (* n (+ n 1)) 2)) {contract check} 1.(not (natp n)) ⇒ (natp n) ⇒ (equal (sum n) (/ (* n (+ n 1)) 2)) 2.(natp n) ∧ (equal n 0) ⇒ (natp n) ⇒ (equal (sum n) (/ (* n (+ n 1)) 2)) 3.(natp n) ∧ (not (equal n 0)) ∧ [(natp (- n 1) ⇒ (equal (sum (- n 1) (/ (* (- n 1) n) 2))] ⇒ [(natp n) ⇒ (equal (sum n) (/ (* n (+ n 1)) 2))]

8 Base Cases 1.(not (natp n)) ⇒ (natp n) ⇒ (equal (sum n) (/ (* n (+ n 1)) 2))   A  (A  B)  T  False implies anything  (  A  A)  B  F  B   F  B  T  B  T

9 Base Case  Use equational reasoning for case 2. 2. (natp 0) ⇒ (equal (sum 0) (/ (* 0 (+ 0 1)) 2))  (sum 0)  (if (equal 0 0) 0 (+ n (sum (- n 1))))) {def of sum and (natp 0)}  (if t 0 (+ n (sum (- n 1))))) {equal axiom}  0 {if axiom}  (/ (* 0 (+ 0 1)) 2)) = 0 {arithmetic}

10 General Case (IH) 3. (natp n) ∧ (not (equal n 0)) ∧ [(natp (- n 1) ⇒ (equal (sum (- n 1)) (/ (* (- n 1) n) 2))] ⇒ [(natp n) ⇒ (equal (sum n) (/ (* n (+ n 1)) 2))]  (natp n) ∧ (not (equal n 0)) ∧ [(natp (- n 1) ⇒ (equal (sum (- n 1)) (/ (* (- n 1) n) 2))] ⇒ (equal (sum n) (/ (* n (+ n 1)) 2))

11 Context (natp n) ∧ (not (equal n 0)) ∧ [(natp (- n 1) ⇒ (equal (sum (- n 1)) (/ (* (- n 1) n) 2))] ⇒ (equal (sum n) (/ (* n (+ n 1)) 2)) C1. (natp n) C2. (not (equal n 0)) C3. (natp (- n 1)) ⇒ (equal (sum (- n 1)) (/ (* (- n 1) n) 2)) C4. (natp (- n 1)) {C1, C2} C5. (equal (sum (- n 1)) (/ (* (- n 1) n) 2)) {C3, C4, MP}

12 Proof of General Case Theorem. (natp n) ∧ (not (equal n 0)) ∧ [(natp (- n 1) ⇒ (equal (sum (- n 1) (/ (* (- n 1) n) 2))] ⇒ (equal (sum n) (/ (* n (+ n 1)) 2)) Proof. (sum n) = (if (equal n 0) 0 (+ n (sum (- n 1))))) {by def of sum and C1} = (if nil 0 (+ n (sum (- n 1))))) {by C2 and equal axiom} = (+ n (sum (- n 1))) {by if axiom} = (+ n (/ (* - n 1) n) 2) {by C5} = (2n + (n-1)n)/2 = (n*n + n)/2 = n(n+1)/2 {arithmetic}

13 Induction in ACL2 ACL2S B !>QUERY (thm (implies (natp n) (equal (sum n) (/ (* n (+ n 1)) 2)))) > Goal' Goal'' ^^^ Checkpoint Goal'' ^^^ ([ A key checkpoint: Goal'' (IMPLIES (AND (INTEGERP N) (<= 0 N)) (EQUAL (SUM N) (COMMON-LISP::+ (COMMON-LISP::* 1/2 N) (COMMON-LISP::* 1/2 (COMMON-LISP::EXPT N 2))))) *1 (Goal'') is pushed for proof by induction. ]) Perhaps we can prove *1 by induction. One induction scheme is suggested by this conjecture. We will induct according to a scheme suggested by (SUM N). This suggestion was produced using the :induction rules SUM-INDUCTION-SCHEME and SUM-INDUCTION-SCHEME-FROM-DEFINITION. If we let (:P N) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (NATP N)) (:P N)) (IMPLIES (AND (NATP N) (NOT (EQUAL N 0)) (:P (COMMON-LISP::+ -1 N))) (:P N)) (IMPLIES (AND (NATP N) (EQUAL N 0)) (:P N))). This induction is justified by the same argument used to admit SUM. When applied to the goal at hand the above induction scheme produces five nontautological subgoals. ^^^ Checkpoint *1 ^^^ Subgoal *1/5 Subgoal *1/4 Subgoal *1/4' Subgoal *1/3 Subgoal *1/2 Subgoal *1/1 Subgoal *1/1' *1 is COMPLETED! Thus key checkpoint Goal'' is COMPLETED! Q.E.D. Summary Form: ( THM...) Rules: ((:COMPOUND-RECOGNIZER ACL2::NATP-COMPOUND- RECOGNIZER) (:DEFINITION *-DEFINITION-RULE) (:DEFINITION +-DEFINITION-RULE) (:DEFINITION NATP) (:DEFINITION NOT) (:DEFINITION SUM-DEFINITION-RULE) (:DEFINITION ACL2::SYNP) (:EXECUTABLE-COUNTERPART COMMON-LISP::<) (:EXECUTABLE-COUNTERPART ACL2S-BB-IDENTITY-BOOL-GUARD) (:EXECUTABLE-COUNTERPART ACL2::BINARY-*) (:EXECUTABLE-COUNTERPART ACL2::BINARY-+) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART COMMON-LISP::EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART SUM) (:EXECUTABLE-COUNTERPART ACL2::UNARY--) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION SUM-INDUCTION-SCHEME) (:INDUCTION SUM-INDUCTION-SCHEME-FROM-DEFINITION) (:REWRITE ACL2::|(* -1 x)|) (:REWRITE ACL2::|(* 0 x)|) (:REWRITE ACL2::|(* 1 x)|) (:REWRITE ACL2::|(* c (* d x))|) (:REWRITE ACL2::|(* x (+ y z))|) (:REWRITE ACL2::|(* x (- y))|) (:REWRITE ACL2::|(* x x)|) (:REWRITE ACL2::|(* y (* x z))|) (:REWRITE ACL2::|(* y x)|) (:REWRITE ACL2::|(+ (* c x) (* d x))|) (:REWRITE ACL2::|(+ (+ x y) z)|) (:REWRITE ACL2::|(+ (- x) (* c x))|) (:REWRITE ACL2::|(+ 0 x)|) (:REWRITE ACL2::|(+ c (+ d x))|) (:REWRITE ACL2::|(+ x (- x))|) (:REWRITE ACL2::|(+ y (+ x z))|) (:REWRITE ACL2::|(+ y x)|) (:REWRITE ACL2::|(- (* c x))|) (:REWRITE ACL2::|(expt (+ x y) 2)|) (:REWRITE ACL2S-BB-IDENTITY-BOOL-GUARD-EQUAL) (:REWRITE ACL2::BUBBLE-DOWN-*-MATCH-1) (:REWRITE ACL2::BUBBLE-DOWN-+-MATCH-3) (:REWRITE ACL2::NORMALIZE-ADDENDS) (:REWRITE ACL2::NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE ACL2::PREFER-POSITIVE-ADDENDS-EQUAL) (:REWRITE ACL2::SIMPLIFY-SUMS-EQUAL) (:TYPE-PRESCRIPTION ACL2S-BB-IDENTITY-BOOL-GUARD) (:TYPE-PRESCRIPTION ACL2::EXPT-TYPE-PRESCRIPTION-INTEGERP- BASE) (:TYPE-PRESCRIPTION ACL2::EXPT-TYPE-PRESCRIPTION- NONNEGATIVE-BASE) (:TYPE-PRESCRIPTION ACL2::EXPT-TYPE-PRESCRIPTION-POSITIVE- BASE) (:TYPE-PRESCRIPTION SUM-CONTRACT-TYPE-PRESCRIPTION)) Time: 0.30 seconds (prove: 0.16, print: 0.00, proof tree: 0.00, other: 0.14) Prover steps counted: 1129 Proof succeeded.

14 Induction in ACL2 *1 (Goal'') is pushed for proof by induction. ]) Perhaps we can prove *1 by induction. One induction scheme is suggested by this conjecture. We will induct according to a scheme suggested by (SUM N). This suggestion was produced using the :induction rules SUM-INDUCTION- SCHEME and SUM-INDUCTION-SCHEME-FROM-DEFINITION. If we let (:P N) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (NATP N)) (:P N)) (IMPLIES (AND (NATP N) (NOT (EQUAL N 0)) (:P (COMMON-LISP::+ -1 N))) (:P N)) (IMPLIES (AND (NATP N) (EQUAL N 0)) (:P N))).

15 Induction in ACL2 This induction is justified by the same argument used to admit SUM. When applied to the goal at hand the above induction scheme produces five nontautological subgoals. ^^^ Checkpoint *1 ^^^ Subgoal *1/5 Subgoal *1/4 Subgoal *1/4' Subgoal *1/3 Subgoal *1/2 Subgoal *1/1 Subgoal *1/1' *1 is COMPLETED! Thus key checkpoint Goal'' is COMPLETED! Q.E.D.

16 Induction in ACL2 Summary Form: ( THM...) Rules: ((:COMPOUND-RECOGNIZER ACL2::NATP-COMPOUND- RECOGNIZER) (:DEFINITION *-DEFINITION-RULE) (:DEFINITION +-DEFINITION-RULE) (:DEFINITION NATP) (:DEFINITION NOT) (:DEFINITION SUM-DEFINITION-RULE) (:DEFINITION ACL2::SYNP) (:EXECUTABLE-COUNTERPART COMMON-LISP::<) (:EXECUTABLE-COUNTERPART ACL2S-BB-IDENTITY-BOOL-GUARD) (:EXECUTABLE-COUNTERPART ACL2::BINARY-*) (:EXECUTABLE-COUNTERPART ACL2::BINARY-+) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART COMMON-LISP::EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART NOT)

17 Induction in ACL2 (:EXECUTABLE-COUNTERPART SUM) (:EXECUTABLE-COUNTERPART ACL2::UNARY--) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION SUM-INDUCTION-SCHEME) (:INDUCTION SUM-INDUCTION-SCHEME-FROM-DEFINITION) (:REWRITE ACL2::|(* -1 x)|) (:REWRITE ACL2::|(* 0 x)|) (:REWRITE ACL2::|(* 1 x)|) (:REWRITE ACL2::|(* c (* d x))|) (:REWRITE ACL2::|(* x (+ y z))|) (:REWRITE ACL2::|(* x (- y))|) (:REWRITE ACL2::|(* x x)|) (:REWRITE ACL2::|(* y (* x z))|) (:REWRITE ACL2::|(* y x)|) (:REWRITE ACL2::|(+ (* c x) (* d x))|) (:REWRITE ACL2::|(+ (+ x y) z)|) (:REWRITE ACL2::|(+ (- x) (* c x))|) (:REWRITE ACL2::|(+ 0 x)|)

18 Induction in ACL2 (:REWRITE ACL2::|(+ c (+ d x))|) (:REWRITE ACL2::|(+ x (- x))|) (:REWRITE ACL2::|(+ y (+ x z))|) (:REWRITE ACL2::|(+ y x)|) (:REWRITE ACL2::|(- (* c x))|) (:REWRITE ACL2::|(expt (+ x y) 2)|) (:REWRITE ACL2S-BB-IDENTITY-BOOL-GUARD-EQUAL) (:REWRITE ACL2::BUBBLE-DOWN-*-MATCH-1) (:REWRITE ACL2::BUBBLE-DOWN-+-MATCH-3) (:REWRITE ACL2::NORMALIZE-ADDENDS) (:REWRITE ACL2::NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE ACL2::PREFER-POSITIVE-ADDENDS-EQUAL) (:REWRITE ACL2::SIMPLIFY-SUMS-EQUAL) (:TYPE-PRESCRIPTION ACL2S-BB-IDENTITY-BOOL-GUARD) (:TYPE-PRESCRIPTION ACL2::EXPT-TYPE-PRESCRIPTION-INTEGERP- BASE) (:TYPE-PRESCRIPTION ACL2::EXPT-TYPE-PRESCRIPTION- NONNEGATIVE-BASE).

19 Induction in ACL2 (:TYPE-PRESCRIPTION ACL2::EXPT-TYPE-PRESCRIPTION-POSITIVE- BASE) (:TYPE-PRESCRIPTION SUM-CONTRACT-TYPE-PRESCRIPTION)) Time: 0.30 seconds (prove: 0.16, print: 0.00, proof tree: 0.00, other: 0.14) Prover steps counted: 1129 Proof succeeded.

20 General Induction Scheme (defunc foo (x 1... x n ) :input-contract ic :output-contract oc (cond (t 1 c 1 ) (t 2 c 2 )... (t m c m ) (t c m+1 )))  None of the c i ’s should have ifs in them  If c i has a recursive call to foo, it is called a recursive case otherwise a base case.

21 General Induction Scheme  Case 1 = t 1  Case 2 = t 2   t 1  …  Case i = t i   t 1     t i-1  …  Case m+1 = t   t 1     t m  If c i is a recursive case with R i calls to foo with the jth call, 1  j  R i, obtained by the substitution (foo x 1... x n )| s ij

22 General Induction Scheme  To prove  prove the following   ic    [ic  Case i ]    For all c i ’s that are base cases  [ic  Case i   1  i  R i  | s ij ]    For all c i ’s that are recursive cases

23 listp (defunc listp (l) :input-contract t :output-contract (booleanp (listp l)) (if (consp l) (listp (rest l)) (equal l ())))  This function is admissible.

24 app (defunc app (a b) :input-contract (and (listp a) (listp b)) :output-contract (listp (app a b)) (if (endp a) b (cons (first a) (app (rest a) b))))

25 rev (defunc rev (a) :input-contract (listp a) :output-contract (listp (rev a)) (if (endp a) nil (app (rev (rest a)) (cons (first a) nil))))

26 Conjecture  After contract checking 1.(implies (and (listp a) (listp b) (listp c)) (equal (app a (app b c)) (app (app a b) c))) 2.(implies (and (listp a) (listp b)) (equal (len (app a b)) (+ (len a) (len b)))) 3.(implies (listp a) (equal (rev (rev a)) a))

27 Induction Scheme  Base Case   [(listp x)  (listp y)  (listp z)] ⇒ (app (app x y) z) = (app x (app y z))  (endp x)  (listp x)  (listp y)  (listp z) ⇒ (app (app x y) z) = (app x (app y z))  Induction Step  [(consp x)  (listp x) ∧ (listp y) ∧ (listp z)  [(listp (rest x)) ∧ (listp y) ∧ (listp z) ⇒ (app (app (rest x) y) z) = (app (rest x) (app y z))]] ⇒ (app (app x y) z) = (app x (app y z))  Conclude  (app (app x y) z) = (app x (app y z))

28 Failed Proof  Proof failure  (implies (listp a) (equal (rev (rev x)) x))  Proof gets stuck - Try it!  When proof gets stuck, it may suggest a lemma which should be proved before proceeding  Need two additional lemmas  (implies (and (listp a) (listp b)) (equal (rev (app a b)) (app (rev b) (rev a))))  (implies (listp a) (equal (app a nil) a))

29 Exercise 1.Write down the induction schemes for conjectures (2) and (3). 2.Use equational reasoning and the above induction scheme to prove (2). 3.Use ACL2s to prove (2). 4.Try to prove (3) by hand and using ACL2s.  Where do you get stuck 5.Write down induction schemes and prove the lemmas needed for (3). 6.Complete the proof by hand and using ACL2s of (3)

30 Data Function Trinity 1.Data definitions give rise to predicates recognizing such definitions. These predicates must be shown to terminate. Their bodies give rise to a recursion scheme 2.Functions over these data types are defined by using the recursion scheme as a template. Templates allow us to define correct functions by assuming that the function we are defining works correctly in the recursive case.

31 Data Function Trinity 3. Proofs by induction involving such functions and data definitions should use the same recursion scheme to generate proof obligations. Nonrecursive cases are proven directly. For each recursive case, we assume the theorem under any substitutions that map the formals to arguments in that recursive call.

Download ppt "Induction Schemes Math Foundations of Computer Science."

Similar presentations

Types and Programming Languages Lecture 4 Simon Gay Department of Computing Science University of Glasgow 2006/07.

Types and Programming Languages Lecture 4 Simon Gay Department of Computing Science University of Glasgow 2006/07.
Introduction to Proofs

Introduction to Proofs
Prof. Shachar Lovett http://cseweb.ucsd.edu/classes/wi15/cse20-a/ Clicker frequency: CA CSE 20 Discrete math Prof. Shachar Lovett http://cseweb.ucsd.edu/classes/wi15/cse20-a/

Prof. Shachar Lovett Clicker frequency: CA CSE 20 Discrete math Prof. Shachar Lovett
Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.

Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.
Discrete Mathematics Math 6A Homework 9 Solution.

Discrete Mathematics Math 6A Homework 9 Solution.
© 2003, Yishai Feldman Proving Sufficient Completeness Example: Set ADT.

© 2003, Yishai Feldman Proving Sufficient Completeness Example: Set ADT.
Chapter 11 Proof by Induction. Induction and Recursion Two sides of the same coin.  Induction usually starts with small things, and then generalizes.

Chapter 11 Proof by Induction. Induction and Recursion Two sides of the same coin.  Induction usually starts with small things, and then generalizes.
Proofs, Recursion and Analysis of Algorithms Mathematical Structures for Computer Science Chapter 2 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesProofs,

Proofs, Recursion and Analysis of Algorithms Mathematical Structures for Computer Science Chapter 2 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesProofs,
Induction and recursion

Induction and recursion
Termination Analysis Math Foundations of Computer Science.

Termination Analysis Math Foundations of Computer Science.
Introduction to Computability Theory

Introduction to Computability Theory
Fall 2007CS 2251 Proof by Induction. Fall 2007CS 2252 Proof by Induction There are two forms of induction Standard Induction –Prove the theorem is true.

Fall 2007CS 2251 Proof by Induction. Fall 2007CS 2252 Proof by Induction There are two forms of induction Standard Induction –Prove the theorem is true.
Self-Reference - Induction Cmput 115 - Lecture 7 Department of Computing Science University of Alberta ©Duane Szafron 1999 Some code in this lecture is.

Self-Reference - Induction Cmput Lecture 7 Department of Computing Science University of Alberta ©Duane Szafron 1999 Some code in this lecture is.
So far we have learned about:

So far we have learned about:
Type Inference David Walker COS 441. Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs useful.

Type Inference David Walker COS 441. Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs useful.
After today Week 9 –Tu: Pat Rondon –Th: Ravi/Nathan Week 10 –Tu: Nathan/Ravi –Th: Class canceled Finals week –Th: Zach, John.

After today Week 9 –Tu: Pat Rondon –Th: Ravi/Nathan Week 10 –Tu: Nathan/Ravi –Th: Class canceled Finals week –Th: Zach, John.
Discrete Structures Chapter 5: Sequences, Mathematical Induction, and Recursion 5.2 Mathematical Induction I [Mathematical induction is] the standard proof.

Discrete Structures Chapter 5: Sequences, Mathematical Induction, and Recursion 5.2 Mathematical Induction I [Mathematical induction is] the standard proof.
1 Section 3.3 Mathematical Induction. 2 Technique used extensively to prove results about large variety of discrete objects Can only be used to prove.

1 Section 3.3 Mathematical Induction. 2 Technique used extensively to prove results about large variety of discrete objects Can only be used to prove.
Copyright © 2007 Pearson Education, Inc. Slide 8-1.

Copyright © 2007 Pearson Education, Inc. Slide 8-1.
Propositional Calculus Math Foundations of Computer Science.

Propositional Calculus Math Foundations of Computer Science.

Similar presentations

Ads by Google