Few remarks 1. Binding priorities (Ozaki san) Use parenthesis if you do not know or not sure about the binding priorities of operators/functions Alternatively, you can check the binding priorities with Isabelle e.g. term “((i + j) mod 2) = 0” 2. The simp method (Ozawa san) An internal automated prover Can we trust simp? Add using [[simp trace new mode = full]] after the statement of a lemma to trace all the steps taken by the simplifier Isabelle is open source 1 / 20 Few remarks 1. Binding priorities (Ozaki san) Use parenthesis if you do not know or not sure about the binding priorities of operators/functions Alternatively, you can check the binding priorities with Isabelle e.g. term “((i + j) mod 2) = 0” 2. The simp method (Ozawa san) An internal automated prover Can we trust simp? Add using [[simp trace new mode = full]] after the statement of a lemma to trace all the steps taken by the simplifier Isabelle is open source 1 / 20 Types and Functions (I) Fadoua Ghourabi Ochanomizu University [email protected] December 14, 2016 2 / 20 Introduction Isabelle is a typed logic Equality predicate enforces type checking: å two equal variables/terms should have the same type lemma ”∃y. ¬(x0 = y) =⇒ ∃x. ∃y. ¬(x = y)” apply (rule exI) apply assumption (* fails! *) oops lemma ”∃y. ¬(P x0 y) =⇒ ∃x. ∃y. ¬(P x y)” apply (rule exI) apply assumption done lemma ”∃y::nat. ¬(x0 = y) =⇒ ∃x y::nat. ¬(x = y)” apply (rule exI) apply assumption done x::τ is a type constraint. We say: “x is of type τ ” x can be a variable, a term, a function name, a formula, a constant 3 / 20 Introduction Isabelle is a typed logic Equality predicate enforces type checking: å two equal variables/terms should have the same type lemma ”∃y. ¬(x0 = y) =⇒ ∃x. ∃y. ¬(x = y)” apply (rule exI) apply assumption (* fails! *) oops lemma ”∃y. ¬(P x0 y) =⇒ ∃x. ∃y. ¬(P x y)” apply (rule exI) apply assumption done lemma ”∃y::nat. ¬(x0 = y) =⇒ ∃x y::nat. ¬(x = y)” apply (rule exI) apply assumption done x::τ is a type constraint. We say: “x is of type τ ” x can be a variable, a term, a function name, a formula, a constant 3 / 20 Types in Isabelle Base types: nat type of natural numbers (N), int type of integers (Z), bool type of truth values, i.e. False, True Type constructors: sets and lists are data-structure that have type constructors. In particular, nat set is the type of sets of natural numbers, nat list is the type of lists of natural numbers Function types: a function f is of type τ1 ⇒ τ2 means that if t::τ1 , then (f t)::τ2 , e.g. f ::nat⇒nat, f ::nat⇒nat⇒nat Type variables: denoted by ’a, ’b, ’c, etc. 4 / 20 Types in Isabelle Base types: nat type of natural numbers (N), int type of integers (Z), bool type of truth values, i.e. False, True Type constructors: sets and lists are data-structure that have type constructors. In particular, nat set is the type of sets of natural numbers, nat list is the type of lists of natural numbers Function types: a function f is of type τ1 ⇒ τ2 means that if t::τ1 , then (f t)::τ2 , e.g. f ::nat⇒nat, f ::nat⇒nat⇒nat Type variables: denoted by ’a, ’b, ’c, etc. 4 / 20 Types in Isabelle: Examples Equality predicate is of type ’a ⇒ ’a ⇒ bool t1 = t2 : Isabelle checks the type constraints t1 ::0 a and t2 ::0 a ∃x y :: nat. ¬(x = y): type nat is substituted for type variable ’a in ’a ⇒ ’a ⇒ bool lemma ”∃y::nat. ¬(x0 = y) =⇒ ∃x y::nat. ¬(x = y)” apply (rule exI) apply assumption done 5 / 20 Types in Isabelle: Examples In Isabelle, use keyword term to display the types of the following terms. term term term term term ”0” ”0::nat” ”(0::nat) + (0::nat)” ”0 + (0::nat)” ”0 + 0” term term term term term term ”p ∧ q” ”f t” ”f x y” term ”(f::nat ⇒ nat) t” ”(f::nat ⇒ nat ⇒ bool) x y” ”{x. ∃y. x = 2*y}” ”{x::int. ∃y. x = 2*y}” What do you notice about constant 0, function + ? 6 / 20 Type nat datatype nat = 0 | Suc nat Natural numbers are generated by the constructors 0 and Suc Suc stands for “Successor” Guess the values of 0, Suc 0, Suc (Suc 0), Suc (Suc (Suc 0) ? 7 / 20 Peano arithmetic (PA) Calculate basic functions on natural numbers Use mathematical induction Basic axioms (i) (ii) (iii) (iv) (v) (vi) (vii) 0∈N ∀n. ¬(Suc n = 0) ∀n m. (Suc m = Suc n −→ m = n) ∀n. (0 + n = n) ∀m n. ((Suc m) + n = Suc (m + n))) ∀n. (0 × n = 0) ∀m n. ((Suc m) × n = m × n + n) thm Suc not Zero Suc inject add 0 add Suc mult 0 mult Suc 8 / 20 Mathematica induction Mathematical induction allows us to prove that every natural number satisfies a certain property 1 + 2 + 3 + ··· + n = n(n+1) , 2 where n is a natural number Definition (i) P 0 holds (ii) For arbitrary n ∈ N, if P n holds then so P (Suc n) (iii) From (i) and (ii) we deduce that P n holds for any n ∈ N n P (n) .. .. P (0) P (Suc n)) ∀ n. P (n) V nat induct: ?P 0 =⇒ ( n. ?P n =⇒ ?P (Suc n)) =⇒ ?P ?n 9 / 20 n P (n) .. .. P (0) P (Suc n)) ∀ n. P (n) V nat induct: ?P 0 =⇒ ( n. ?P n =⇒ ?P (Suc n)) =⇒ ?P ?n Prove ` ¬(Suc n ≤ n) å Use method simp only to prove the intermediate proof steps. lemma “¬ (Suc n ≤ n)” proof have a:“¬ (Suc 0 ≤ 0)” by simp {fix n assume “¬ (Suc n ≤ n)” hence “¬ (Suc (Suc n) ≤ Suc n)” by simp } with a show ?thesis by (rule nat induct) qed 10 / 20 lemma “¬ (Suc n ≤ n)” proof (induction n) case 0 show ?case by simp case (Suc n) show ?case by simp qed “induction n” instructs Isabelle to start a proof by induction on n. It will show two subgoals: 1. ¬ V Suc 0 ≤ 0 2. n. ¬ Suc n ≤ n =⇒ ¬ Suc (Suc n) ≤ Suc n case 0 : base case, i.e. subgoal 1. case (Suc n) : induction step, i.e. subgoal 2. ?case is a pointer to the current subgoal of the induction. Prove ` n ≤ (Suc (Suc n)) × n 11 / 20 Proof by induction Isabelle variables: 0 is the hypothesis of the base case, i.e. n = 0 Suc.IH is the hypothesis of the inductive step, i.e. P (n) n P (n) .. .. P (0) P (S(n)) ∀n. P (n) Suc.prems is the premise of the lemma, if any. 12 / 20 Further examples... Prove the following and do not use simp: ` n+0=n ` ∀m n :: nat. (m = n −→ Suc m = Suc n) Remember: thm Suc not Zero Suc inject add 0 add Suc mult 0 mult Suc apply (subst theorem) apply (subst (asm) theorem) apply (subst theorem[THEN sym]) apply (subst (asm) theorem[THEN sym]) Other properties: thm mult.commute add.commute distrib left distrib right 13 / 20 Further examples... Prove the following and do not use simp: ` n+0=n ` ∀m n :: nat. (m = n −→ Suc m = Suc n) Remember: thm Suc not Zero Suc inject add 0 add Suc mult 0 mult Suc apply (subst theorem) apply (subst (asm) theorem) apply (subst theorem[THEN sym]) apply (subst (asm) theorem[THEN sym]) Other properties: thm mult.commute add.commute distrib left distrib right Search for Isabelle theorems: find theorems ”(?a + ?b) mod ?a” Query tab in jEdit Prove ` n*Suc (Suc 0) mod Suc (Suc 0) = 0, å use simp and search for useful theorems if not possible 13 / 20 Further examples... Prove the following and do not use simp: ` n+0=n ` ∀m n :: nat. (m = n −→ Suc m = Suc n) Remember: thm Suc not Zero Suc inject add 0 add Suc mult 0 mult Suc apply (subst theorem) apply (subst (asm) theorem) apply (subst theorem[THEN sym]) apply (subst (asm) theorem[THEN sym]) Other properties: thm mult.commute add.commute distrib left distrib right Search for Isabelle theorems: find theorems ”(?a + ?b) mod ?a” Query tab in jEdit Prove ` n*Suc (Suc 0) mod Suc (Suc 0) = 0, å use simp and search for useful theorems if not possible 13 / 20 Function Sum 0+ 1 + 2 + 3 + · · · + n = n(n+1) , 2 where n is a natural number The sum of the n natural numbers can be defined as a recursive function fun Sum::“nat ⇒ nat” where “Sum 0 = 0” | “Sum (Suc n) = (Suc n) + (Sum n)” Sum (Suc (Suc (Suc 0))) = Suc (Suc (Suc 0)) + Sum (Suc (Suc 0)) = Suc (Suc (Suc 0)) + Suc (Suc 0) + Sum (Suc 0) = Suc (Suc (Suc 0)) + Suc (Suc 0) + Suc 0 + 0 (= 3 +2 +1 + 0) å The call “Sum n” computes the sum of all the natural numbers from 0 to n. å Base case (Sum 0 = 0) ensures the termination Function Sum 0+ 1 + 2 + 3 + · · · + n = n(n+1) , 2 where n is a natural number The sum of the n natural numbers can be defined as a recursive function fun Sum::“nat ⇒ nat” where “Sum 0 = 0” | “Sum (Suc n) = (Suc n) + (Sum n)” Sum (Suc (Suc (Suc 0))) = Suc (Suc (Suc 0)) + Sum (Suc (Suc 0)) = Suc (Suc (Suc 0)) + Suc (Suc 0) + Sum (Suc 0) (= 3 +2 +1 + 0) å The call “Sum n” computes the sum of all the natural numbers from 0 to n. å Base case (Sum 0 = 0) ensures the termination Function Sum 0+ 1 + 2 + 3 + · · · + n = n(n+1) , 2 where n is a natural number The sum of the n natural numbers can be defined as a recursive function fun Sum::“nat ⇒ nat” where “Sum 0 = 0” | “Sum (Suc n) = (Suc n) + (Sum n)” Sum (Suc (Suc (Suc 0))) = Suc (Suc (Suc 0)) + Sum (Suc (Suc 0)) = Suc (Suc (Suc 0)) + Suc (Suc 0) + Sum (Suc 0) = Suc (Suc (Suc 0)) + Suc (Suc 0) + Suc 0 + Sum 0 = Suc (Suc (Suc 0)) + Suc (Suc 0) + Suc 0 + 0 (= 3 +2 +1 + 0) 14 / 20 Function Sum 0+ 1 + 2 + 3 + · · · + n = n(n+1) , 2 where n is a natural number The sum of the n natural numbers can be defined as a recursive function fun Sum::“nat ⇒ nat” where “Sum 0 = 0” | “Sum (Suc n) = (Suc n) + (Sum n)” Sum (Suc (Suc (Suc 0))) = Suc (Suc (Suc 0)) + Sum (Suc (Suc 0)) = Suc (Suc (Suc 0)) + Suc (Suc 0) + Sum (Suc 0) = Suc (Suc (Suc 0)) + Suc (Suc 0) + Suc 0 + Sum 0 = Suc (Suc (Suc 0)) + Suc (Suc 0) + Suc 0 + 0 (= 3 +2 +1 + 0) å The call “Sum n” computes the sum of all the natural numbers from 0 to n. å Base case (Sum 0 = 0) ensures the termination 14 / 20 Function Sum 0+ 1 + 2 + 3 + · · · + n = n(n+1) , 2 where n is a natural number The sum of the n natural numbers can be defined as a recursive function fun Sum::“nat ⇒ nat” where “Sum 0 = 0” | “Sum (Suc n) = (Suc n) + (Sum n)” Sum (Suc (Suc (Suc 0))) = Suc (Suc (Suc 0)) + Sum (Suc (Suc 0)) = Suc (Suc (Suc 0)) + Suc (Suc 0) + Sum (Suc 0) = Suc (Suc (Suc 0)) + Suc (Suc 0) + Suc 0 + Sum 0 = Suc (Suc (Suc 0)) + Suc (Suc 0) + Suc 0 + 0 (= 3 +2 +1 + 0) å The call “Sum n” computes the sum of all the natural numbers from 0 to n. å Base case (Sum 0 = 0) ensures the termination 14 / 20 Function Sum fun Sum::“nat ⇒ nat” where “Sum 0 = 0” | “Sum (Suc n) = (Suc n) + (Sum n)” Isabelle generates rules from the definition of recursive functions Sum.simps(1): Sum 0 = 0 Sum.simps(2): Sum (Suc ?n) = Suc ?n + Sum ?n Only constructors are allowed in the left side of the equations Sum.simps(1) and Sum.simps(2) are also called by the method simp Isabelle also generate a rule V for induction Sum.induct: ?P 0 =⇒ ( n. ?P n =⇒?P (Suc n)) =⇒?P ?a 15 / 20 Function Sum Prove ` (Suc (Suc 0))*(Sum n) = n ∗ (Suc n), where n is a natural number case 0: (Suc (Suc 0))*(Sum 0) = 0*(Suc 0), trivial! case (Suc n): For arbitrary n assume (Suc (Suc 0))*(Sum n) = n ∗ (Suc n) then show (Suc (Suc 0))*(Sum (Suc n)) = (Suc n) ∗ (Suc (Suc n)) (Suc (Suc 0)) ∗ (Sum (Suc n))= (Suc (Suc 0)) ∗ (Suc n + Sum n) = (Suc (Suc 0)) ∗ (Suc n) + (Suc (Suc 0)) ∗ (Sum n) = (Suc (Suc 0)) ∗ (Suc n) + n ∗ (Suc n) = (Suc (Suc 0) + n) ∗ (Suc n) = (Suc (Suc 0 + n)) ∗ (Suc n) = (Suc (Suc (0 + n))) ∗ (Suc n) = (Suc (Suc n)) ∗ (Suc n) = (Suc n) ∗ (Suc (Suc n)) 16 / 20 Complete the proof lemma “(Suc (Suc 0)) * Sum n = n*(Suc n)” proof (induction n) case 0 show ?case by simp next case (Suc n) show ?case apply (subst Sum.simps(2)) ... done qed 17 / 20 Function Fibonacci Fibonacci sequence: Fn = Fn−1 + Fn−2 , with F0 = F1 = 1 F4 = F3 + F2 = F2 + F1 + F1 + F0 = F1 + F0 + F1 + F1 + F0 = 5 fun Fib::”nat ⇒ nat” where ”Fib 0 = 1” | ”Fib (Suc 0) = 1” | ”Fib (Suc (Suc n)) = Fib (Suc n) + Fib n” Only type constructors are allowed in the left side. 18 / 20 Function Fibonacci Fib.induct: V ?P 0 =⇒?P (Suc 0) =⇒ ( n. ?P (Suc n) =⇒?P n =⇒?P (Suc (Suc n))) =⇒?P ?a In a proof by induction on n, there are three subgoals Example. Prove ` 0 < Fib (Suc n) lemma ”0 < Fib (Suc n)” proof (induction n rule: Fib.induct) show ”0 < Fib (Suc 0)” by simp show ”0 < Fib (Suc (Suc 0))” by simp {fix n assume a1:”0 < Fib (Suc (Suc n))” and a2:”0 < Fib (Suc n)” from a1 a2 show ”0 < Fib (Suc (Suc (Suc n))) ” by simp } qed 19 / 20 Quiz 211216 1. Define the functions factorial: n! = n ∗ (n − 1) ∗ . . . ∗ 1, with 0! = 1. Ackermann: y + 1 A(x, y) = A(x − 1, 1) A(x − 1, A(x, y − 1)) if x = 0 if y = 0 otherwise 20 / 20
© Copyright 2024 Paperzz