System Validation
Mohammad Mousavi
3. Abstract Data Types
Abstract Data Types
Mohammad Mousavi
TU/Eindhoven
System Validation, 2012-2013
TU Delft
Mousavi: ADT
TU/e
Overview
I
Motivation
I
Generic Concepts
Other facilities
I
1.
2.
3.
4.
Mousavi: ADT
built-in types,
structured types,
function types,
constructed.
TU/e
Motivating Example
Advanced coffee machine!
coin(50ct)
s1
coin(1euro)
coin(50ct)
tea
s3
s0
τ
s1
tea
coffee
s2
s3
return(50ct)
s4
Mousavi: ADT
tea
s5
TU/e
Generic Concepts
Data types
I
Mousavi: ADT
Classes: sorts,
TU/e
Generic Concepts
Data types
I
Classes: sorts,
I
Elements: constructors,
Mousavi: ADT
TU/e
Generic Concepts
Data types
I
Classes: sorts,
I
Elements: constructors,
I
Operations: maps, and
I
Rules governing operations: equations.
Mousavi: ADT
TU/e
Euro Sort
sort
Mousavi: ADT
Euro;
TU/e
Euro Sort
sort
cons
Mousavi: ADT
Euro;
zero, fifty cents, one euro, more: Euro;
% constants: constructors with no parameter
TU/e
Euro Sort
sort
cons
Euro;
zero, fifty cents, one euro, more: Euro;
map
eq: Euro × Euro → Bool;
plus: Euro × Euro → Euro;
Mousavi: ADT
TU/e
Euro Sort
sort
cons
Euro;
zero, fifty cents, one euro, more: Euro;
map
eq: Euro × Euro → Bool;
plus: Euro × Euro → Euro;
e:Euro;
eq(e, e)= true;
eq(zero, one euro)= false;
eq(one euro, zero)= false;
...
var
eqn
Mousavi: ADT
(1)
(2)
(3)
TU/e
Euro Sort
sort
cons
Euro;
zero, fifty cents, one euro, more: Euro;
map
eq: Euro × Euro → Bool;
plus: Euro × Euro → Euro;
e:Euro;
eq(e, e)= true;
eq(zero, one euro)= false;
eq(one euro, zero)= false;
...
var
eqn
(1)
(2)
(3)
Theorem. zero 6= one euro.
Mousavi: ADT
TU/e
Euro Sort
sort
cons
Euro;
zero, fifty cents, one euro, more: Euro;
map
eq: Euro × Euro → Bool;
plus: Euro × Euro → Euro;
e:Euro;
eq(e, e)= true;
eq(zero, one euro)= false;
eq(one euro, zero)= false;
...
var
eqn
(1)
(2)
(3)
Theorem. zero 6= one euro.
Proof by contradiction.
Mousavi: ADT
TU/e
Euro Sort (Cont’d)
sort
Mousavi: ADT
Euro;
TU/e
Euro Sort (Cont’d)
sort
var
eqn
Mousavi: ADT
Euro;
e: Euro;
plus(e,zero)= e;
plus(zero,e)= e;
TU/e
Euro Sort (Cont’d)
sort
var
eqn
Mousavi: ADT
Euro;
e: Euro;
plus(e,zero)= e;
plus(zero,e)= e;
plus(fifty cents,fifty cents)= one euro;
TU/e
iNatural
sort
Mousavi: ADT
iNatural;
TU/e
iNatural
sort
cons
Mousavi: ADT
iNatural;
zero: iNatural;
succ: iNatural → iNatural;
TU/e
iNatural
sort
cons
map
Mousavi: ADT
iNatural;
zero: iNatural;
succ: iNatural → iNatural;
eq: iNatural × iNatural → Bool;
TU/e
iNatural
sort
cons
map
var
eqn
Mousavi: ADT
iNatural;
zero: iNatural;
succ: iNatural → iNatural;
eq: iNatural × iNatural → Bool;
i, j: iNatural;
eq(i, i)= true;
eq(zero, succ(i))= false;
eq(succ(i), zero)= false;
eq(succ(i), succ(j))= eq(i,j);
(1)
(2)
(3)
(4)
TU/e
iNatural
sort
cons
map
var
eqn
iNatural;
zero: iNatural;
succ: iNatural → iNatural;
eq: iNatural × iNatural → Bool;
i, j: iNatural;
eq(i, i)= true;
eq(zero, succ(i))= false;
eq(succ(i), zero)= false;
eq(succ(i), succ(j))= eq(i,j);
(1)
(2)
(3)
(4)
Theorem. zero 6= succ(i), for each iNatural i.
Mousavi: ADT
TU/e
iNatural
sort
cons
map
var
eqn
iNatural;
zero: iNatural;
succ: iNatural → iNatural;
eq: iNatural × iNatural → Bool;
i, j: iNatural;
eq(i, i)= true;
eq(zero, succ(i))= false;
eq(succ(i), zero)= false;
eq(succ(i), succ(j))= eq(i,j);
(1)
(2)
(3)
(4)
Theorem. zero 6= succ(i), for each iNatural i.
Proof by contradiction (see the next slide).
Mousavi: ADT
TU/e
Proof of zero 6= succ(i)
Assume towards contradiction that for some iNatural n, zero =
succ(n). Then, we have:
true
= (1)
eq(zero, zero)
= (assump.)
eq(zero, succ(n)) = (2)
false
Mousavi: ADT
TU/e
Induction
Proof Rule
Thesis: P(s) for each s of a given sort S.
Rule:
I
prove P(c) for each constant c of sort S.
I
assuming that P(xi ) holds (induction hypothesis, for each
0 ≤ i < n), prove P(f (x0 , . . . , xn−1 )) for each n-ary
constructor of sort S.
Mousavi: ADT
TU/e
Another Theorem
Theorem. eq(i, succ(i)) = false, for each i.
Proof. By induction on i.
Mousavi: ADT
TU/e
Another Theorem
Theorem. eq(i, succ(i)) = false, for each i.
Proof. By induction on i.
Induction basis: i = zero. It follows from axiom (1) that eq(zero,
succ(zero)) = false.
Induction hypothesis, i = n: assume that n 6= succ(n);
Induction step, i = succ(n): prove that succ(n) 6= succ(succ(n)):
eq(succ(n), succ(succ(n)))
eq(n, succ(n))
false
Mousavi: ADT
=
=
(4)
(ind. hyp.)
TU/e
iNatural
sort
Mousavi: ADT
iNatural
TU/e
iNatural
sort
cons
Mousavi: ADT
iNatural
zero : iNatural;
succ: iNatural → iNatural;
TU/e
iNatural
sort
cons
map
Mousavi: ADT
iNatural
zero : iNatural;
succ: iNatural → iNatural;
plus: iNatural × iNatural → iNatural;
TU/e
iNatural
sort
cons
map
var
eqn
Mousavi: ADT
iNatural
zero : iNatural;
succ: iNatural → iNatural;
plus: iNatural × iNatural → iNatural;
i,j :iNatural;
plus(zero, i)= i;
plus(i, zero)= i;
plus(i, succ(j))= succ(plus(i, j));
(1)
(2)
(3)
TU/e
iNatural
sort
cons
map
var
eqn
iNatural
zero : iNatural;
succ: iNatural → iNatural;
plus: iNatural × iNatural → iNatural;
i,j :iNatural;
plus(zero, i)= i;
plus(i, zero)= i;
plus(i, succ(j))= succ(plus(i, j));
(1)
(2)
(3)
Theorem. plus(succ(i), j) = succ(plus(i,j)), for each i.
Mousavi: ADT
TU/e
iNatural
sort
cons
map
var
eqn
iNatural
zero : iNatural;
succ: iNatural → iNatural;
plus: iNatural × iNatural → iNatural;
i,j :iNatural;
plus(zero, i)= i;
plus(i, zero)= i;
plus(i, succ(j))= succ(plus(i, j));
(1)
(2)
(3)
Theorem. plus(succ(i), j) = succ(plus(i,j)), for each i.
Proof by induction on j (see the next slide).
Mousavi: ADT
TU/e
plus(succ(i), j) = succ(plus(i,j)
Proof. By induction on j.
Mousavi: ADT
TU/e
plus(succ(i), j) = succ(plus(i,j)
Proof. By induction on j.
Induction basis: j = zero:
plus(succ(i), zero) = (2)
succ(i)
= (3, from right to left)
succ(plus(i, zero))
Induction hypothesis, j = n: assume that plus(succ(i), n) =
succ(plus(i,n);
Induction step, j = succ(n): prove that plus(succ(i), succ(n)) =
succ(plus(i, succ(n)):
plus(succ(i), succ(n))
succ(plus(succ(i), n))
succ(succ(plus(i, n)))
succ(plus(i, succ(n)))
Mousavi: ADT
=
=
=
(3)
(ind. hyp.)
(3, from right to left)
TU/e
ADT Facilities
Built-In Types
I
Mousavi: ADT
Booleans: true, false, conjunction (&&), disjunction (||),
negation (!), implication (=>), equality (==), quantifiers and
much more.
TU/e
ADT Facilities
Built-In Types
I
Booleans: true, false, conjunction (&&), disjunction (||),
negation (!), implication (=>), equality (==), quantifiers and
much more.
I
(Positive) Natural numbers : successor (succ), equality (==),
maximum and minimum (max and min), addition (+),
multiplication (*), division (div), modulo (mod) and much
more.
Mousavi: ADT
TU/e
ADT Facilities
Built-In Types
I
Booleans: true, false, conjunction (&&), disjunction (||),
negation (!), implication (=>), equality (==), quantifiers and
much more.
I
(Positive) Natural numbers : successor (succ), equality (==),
maximum and minimum (max and min), addition (+),
multiplication (*), division (div), modulo (mod) and much
more.
I
Integers: similar to above, predecessor (pred), minus (-),
absolute (abs) and much more.
Mousavi: ADT
TU/e
ADT Facilities
Built-In Types
I
Booleans: true, false, conjunction (&&), disjunction (||),
negation (!), implication (=>), equality (==), quantifiers and
much more.
I
(Positive) Natural numbers : successor (succ), equality (==),
maximum and minimum (max and min), addition (+),
multiplication (*), division (div), modulo (mod) and much
more.
I
Integers: similar to above, predecessor (pred), minus (-),
absolute (abs) and much more.
I
Reals
Mousavi: ADT
TU/e
ADT Facilities
Built-In Types
I
Booleans: true, false, conjunction (&&), disjunction (||),
negation (!), implication (=>), equality (==), quantifiers and
much more.
I
(Positive) Natural numbers : successor (succ), equality (==),
maximum and minimum (max and min), addition (+),
multiplication (*), division (div), modulo (mod) and much
more.
I
Integers: similar to above, predecessor (pred), minus (-),
absolute (abs) and much more.
I
Reals
I
Typecast: Pos2Nat, Nat2Pos, Int2Nat, etc.
Mousavi: ADT
TU/e
ADT Facilities
Structured Types
I
Mousavi: ADT
Syntax:
sort St = struct elm a
| elm b
| f(s : S)
TU/e
ADT Facilities
Structured Types
I
Syntax:
sort St = struct elm a?is a | elm b?is b | f(s : S)?is f
I
Built-in recognizers: provably different constructors
Mousavi: ADT
TU/e
ADT Facilities
Structured Types
I
Syntax:
sort St = struct elm a?is a | elm b?is b | f(s : S)?is f
I
Built-in recognizers: provably different constructors
sort
cons
map
Mousavi: ADT
St
elm a, elm b: St;
f: St → St;
is a, is b, is f: St → Bool;
TU/e
ADT Facilities
Structured Types
I
Syntax:
sort St = struct elm a?is a | elm b?is b | f(s : S)?is f
I
Built-in recognizers: provably different constructors
sort
cons
map
var
eqn
Mousavi: ADT
St
elm a, elm b: St;
f: St → St;
is a, is b, is f: St → Bool;
s :St;
is a(elm a)= true;
is a(elm b)= false;
is a(f(s))= false;
...
TU/e
ADT Facilities
Structured Types
I
Syntax:
sort St = struct elm a?is a | elm b?is b | f(s : S)?is f
I
Built-in equations for recognizers: provably different
constructors
I
Built-in equality, inequality and if-then-else maps
Mousavi: ADT
TU/e
ADT Facilities
Constructed Types: Lists
I
Mousavi: ADT
Syntax: sort lst = List(St);
TU/e
ADT Facilities
Constructed Types: Lists
I
Syntax: sort lst = List(St);
I
List enumeration: [elements] (comma separated)
Mousavi: ADT
TU/e
ADT Facilities
Constructed Types: Lists
I
Syntax: sort lst = List(St);
I
List enumeration: [elements] (comma separated)
I
Built-in equality and inequality, i-th element (l.i).
Mousavi: ADT
TU/e
ADT Facilities
Constructed Types: Lists
I
Syntax: sort lst = List(St);
I
List enumeration: [elements] (comma separated)
I
Built-in equality and inequality, i-th element (l.i).
I
Several built-in constructs and maps: cons (| >),
concatenation (++), length (#), member (in), head (head),
tail (tail) and many more.
Mousavi: ADT
TU/e
ADT Facilities
Constructed Types: Sets and Bags
I
Mousavi: ADT
Syntax: sort lst = Set(St);
TU/e
ADT Facilities
Constructed Types: Sets and Bags
I
Syntax: sort lst = Set(St);
I
Set enumeration: {a, b, . . .}
Mousavi: ADT
TU/e
ADT Facilities
Constructed Types: Sets and Bags
I
Syntax: sort lst =
I
Set enumeration: {a, b, . . .}
I
Bag enumeration: {a : 3, b : 2, . . .}
Mousavi: ADT
Bag(St)
TU/e
ADT Facilities
Constructed Types: Sets and Bags
I
Syntax: sort lst =
I
Set enumeration: {a, b, . . .}
I
Bag enumeration: {a : 3, b : 2, . . .}
I
Several built-in constructs and maps
Mousavi: ADT
Bag(St)
TU/e
ADT Facilities
Constructed Types: Sets and Bags
I
Syntax: sort lst =
I
Set enumeration: {a, b, . . .}
I
Bag enumeration: {a : 3, b : 2, . . .}
I
Several built-in constructs and maps
I
Type casts: Set2Bag and Bag2Set
Mousavi: ADT
Bag(St)
TU/e
Announcements
I
The reader is available and can be ordered.
I
Next lecture will be given by Jan Friso Groote.
Mousavi: ADT
TU/e
© Copyright 2026 Paperzz