1 / 9

Proving Facts About Programs With a Proof Assistant

Proving Facts About Programs With a Proof Assistant. John Wallerius An Example From: Isabelle/HOL, A Proof Assistant for Higher Order Logic, By T. Nipkow, L Paulson and M. Wenzel. A Simple Example Using Lists. Specify data types (e.g. polymorphic lists, trees) using ML- like syntax:

moriah
Download Presentation

Proving Facts About Programs With a Proof Assistant

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Proving Facts About ProgramsWith a Proof Assistant John Wallerius An Example From: Isabelle/HOL, A Proof Assistant for Higher Order Logic, By T. Nipkow, L Paulson and M. Wenzel

  2. A Simple Example Using Lists • Specify data types (e.g. polymorphic lists, trees) using ML-like syntax: datatype 'a list = Nil ("[]") | Cons 'a “ 'a list " (infixr "#" 65)

  3. Specify functions:Append and Reverse consts app :: “ 'a list => 'a list => 'a list" (infixr "@" 65) rev :: “ 'a list => 'a list" primrec "[] @ ys = ys" "(x # xs) @ ys = x # (xs @ ys)" primrec "rev [] = []" "rev (x # xs) = (rev xs) @ (x # [])"

  4. State a Theorem to Prove • Simple Example: Reversing the reverse of a list gives back the original list: • theorem rev_rev [simp]: "rev(rev xs) = xs“ • This command names and states a theorem. • When proved, future proofs will use it for simplifications

  5. Try a Proof Procedure: Induction • theorem rev_rev [simp]: "rev(rev xs) = xs“ • Try induction on variable xs: • apply(induct_tac xs) • System responds with new proof state subgoals: • 1. rev (rev []) = [] • 2.  a list. rev (rev list) = list  rev (rev(a # list)) = a # list

  6. Simplify • Current state • 1. rev (rev []) = [] • 2.  a list. rev (rev list) = list  rev (rev(a # list)) = a # list • Invoke Simplifier: • apply(auto) • New state after first subgoal is completely solved • 1.  a list. rev (rev list) = list  rev (rev(a # list)) = a # list

  7. A Simpler Lemma is Needed • lemma rev_app [simp]: "rev(xs @ ys) = (rev ys) @ (rev xs)“ • Actually, this can’t be proved immediately either. We first need to prove a yet simpler lemma: • lemma app_Nil2 [simp]: "xs @ [] = xs“ • This one is proved by: • apply(induct_tac xs); apply(auto)

  8. The Final Proof lemma app_Nil2 [simp]: "xs @ [] = xs" lemma app_assoc [simp]: "(xs @ ys) @ zs = xs @ (ys @ zs)" lemma rev_app [simp]: "rev(xs @ ys) = (rev ys) @ (rev xs)" theorem rev_rev [simp]: "rev(rev xs) = xs"

  9. Review • Standard proof procedure: • State a goal • Proceed until lemma is needed • Prove lemma • Return to original • Good strategy for functional programs: • Induction, then • All out simplification

More Related