higher order functions and recursive types in pvs higher
play

Higher-Order Functions and Recursive Types in PVS - PowerPoint PPT Presentation

Nov 04, 2022 •266 likes •594 views

Higher-Order Functions and Recursive Types in PVS Higher-Order functions and Recursive Types in PVS Sam Owre owre@csl.sri.com URL: http://www.csl.sri.com/owre/ Computer Science Laboratory SRI International

  1. ✬ ✩ Higher-Order Functions and Recursive Types in PVS ✫ ✪

  2. ✬ ✩ Higher-Order functions and Recursive Types in PVS Sam Owre owre@csl.sri.com URL: http://www.csl.sri.com/˜owre/ Computer Science Laboratory SRI International Menlo Park, CA ✫ ✪ 1

  3. ✬ ✩ Higher Order Logic ✫ ✪ 2

  4. ✬ ✩ Overview • Variables and quantification in first-order logic range over ordinary datatypes such as numbers, and functions and predicates are fixed (constants). • Higher order logic allows variables to range over functions and predicates as well. • Higher order logic requires strong typing for consistency, otherwise, we could define R ( x ) = ¬ x ( x ) , and derive R ( R ) = ¬ R ( R ) . • Higher order logic can express a number of interesting concepts and datatypes that are not expressible within first-order logic. ✫ ✪ 3

  5. ✬ ✩ Higher Order Summation hsummation : THEORY BEGIN n: VAR nat f : VAR [nat -> nat] hsum(f)(n): RECURSIVE nat = (IF n = 0 THEN f(0) ELSE f(n-1) + hsum(f)(n - 1) ENDIF) MEASURE n hsum_id: LEMMA hsum(id)(n+1) = (n * (n+1))/2 . . . hsum id proved by induct-and-simplify . ✫ ✪ 4

  6. ✬ ✩ Variations on Summation square(n): nat = n*n sum_of_squares: LEMMA 6 * hsum(square)(n+1) = n * (n + 1) * (2*n + 1) cube(n): nat = n*n*n sum_of_cubes: LEMMA 4 * hsum(cube)(n+1) = n*n*(n+1)*(n+1) END hsummation Both lemmas proved by induct-and-simplify . ✫ ✪ 5

  7. ✬ ✩ Parametric Summation Theory parameters can also be used for schematic definition. psummation [f : [nat -> nat] ] : THEORY BEGIN n: VAR nat psum(n): RECURSIVE nat = (IF n = 0 THEN f(0) ELSE f(n-1) + psum(n - 1) ENDIF) MEASURE n END psummation ✫ ✪ 6

  8. ✬ ✩ Using Parametric Summation The parametric theory can be imported either with specific parameters or generically. check_psummation: THEORY BEGIN IMPORTING psummation n : VAR nat check: LEMMA psum[id[nat]](n + 1) = (n * (n + 1))/2 END check_psummation check proved by induct-and-simplify . ✫ ✪ 7

  9. ✬ ✩ Induction in Higher Order Logic p: VAR [nat -> bool] nat_induction: LEMMA (p(0) AND (FORALL j: p(j) IMPLIES p(j+1))) IMPLIES (FORALL i: p(i)) nat induction is derived from well-founded induction, as are other variants like structural recursion, measure induction. ✫ ✪ 8

  10. ✬ ✩ Higher-Order Specification: Functions functions [D, R: TYPE]: THEORY BEGIN f, g: VAR [D -> R] x, x1, x2: VAR D extensionality_postulate: POSTULATE (FORALL (x: D): f(x) = g(x)) IFF f = g congruence: POSTULATE f = g AND x1 = x2 IMPLIES f(x1) = g(x2) eta: LEMMA (LAMBDA (x: D): f(x)) = f injective?(f): bool = (FORALL x1, x2: (f(x1) = f(x2) => (x1 = x2))) surjective?(f): bool = (FORALL y: (EXISTS x: f(x) = y)) bijective?(f): bool = injective?(f) & surjective?(f) . . . END functions ✫ ✪ 9

  11. ✬ ✩ Sets are Predicates sets [T: TYPE]: THEORY BEGIN set: TYPE = [t -> bool] x, y: VAR T a, b, c: VAR set member(x, a): bool = a(x) empty?(a): bool = (FORALL x: NOT member(x, a)) emptyset: set = { x | false } subset?(a, b): bool = (FORALL x: member(x, a) => member(x, b)) union(a, b): set = { x | member(x, a) OR member(x, b) } . . . END sets ✫ ✪ 10

  12. ✬ ✩ Useful Higher Order Datatypes: Finite Sets Finite sets: Predicate subtypes of sets that have an injective map to some initial segment of nat. finite_sets_def[T: TYPE]: THEORY BEGIN x, y, z: VAR T S: VAR set[T] N: VAR nat is_finite(S): bool = (EXISTS N, (f: [(S) -> below[N]]): injective?(f)) finite_set: TYPE = (is_finite) CONTAINING emptyset[T] . . . END finite_sets_def ✫ ✪ 11

  13. ✬ ✩ Recursive Datatypes ✫ ✪ 12

  14. ✬ ✩ Overview • Recursive datatypes like lists, stacks, queues, binary trees, and abstract syntax trees, are commonly used in specification. • Manual axiomatizations for datatypes can be error-prone. • Verification systems should (and many do) automatically generate datatype theories. • The PVS DATATYPE construct introduces recursive datatypes that are freely generated by given constructors, including lists, binary trees, abstract syntax trees, but excluding bags and queues. • The PVS proof checker automates various datatype simplifications. ✫ ✪ 13

  15. ✬ ✩ The list Datatype The type list is parametric in its element type T . There are two constructors null and cons with corresponding recognizers null? and cons? . cons has two fields corresponding to the accessors car of type T and cdr which is recursively of type list[T] . list[T: TYPE] : DATATYPE BEGIN null: null? cons (car: T, cdr: list): cons? END list ✫ ✪ 14

  16. ✬ ✩ Binary Trees Parametic in value type T . Constructors: leaf and node . Recognizers: leaf? and node? . node accessors: val , left , and right . binary_tree[T: TYPE] : DATATYPE BEGIN leaf: leaf? node(val: T, left: binary_tree, right: binary_tree): node? END binary_tree ✫ ✪ 15

  17. ✬ ✩ Theories Axiomatizing Binary Trees The binary tree declaration generates three theories axiomatizing the binary tree data structure: • binary tree adt : Declares the constructors, accessors, and recognizers, and contains the basic axioms for extensionality and induction, and some basic operators. • binary tree adt map : Defines map operations over the datatype. • binary tree adt reduce : Defines a recursion scheme over the datatype. Datatype axioms are already built into the relevant proof ✫ ✪ rules, but the defined operations are useful. 16

  18. ✬ ✩ binary_tree_adt[T: TYPE]: THEORY BEGIN binary_tree: TYPE leaf?, node?: [binary_tree -> boolean] leaf: (leaf?) node: [[T, binary_tree, binary_tree] -> (node?)] val: [(node?) -> T] left: [(node?) -> binary_tree] right: [(node?) -> binary_tree] . . . END binary_tree_adt Predicate subtyping is used to precisely type constructor terms and avoid misapplied accessors. ✫ ✪ 17

  19. ✬ ✩ An Extensionality Axiom per Constructor Extensionality states that a node is uniquely determined by its accessor fields. binary_tree_node_extensionality: AXIOM (FORALL (node?_var: (node?)), (node?_var2: (node?)): val(node?_var) = val(node?_var2) AND left(node?_var) = left(node?_var2) AND right(node?_var) = right(node?_var2) IMPLIES node?_var = node?_var2) ✫ ✪ 18

  20. ✬ ✩ Accessor/Constructor Axioms Asserts that val(node(v, A, B)) = v . binary_tree_val_node: AXIOM (FORALL (node1_var: T), (node2_var: binary_tree), (node3_var: binary_tree): val(node(node1_var, node2_var, node3_var)) = node1_var) ✫ ✪ 19

  21. ✬ ✩ An Induction Axiom Conclude FORALL A: p(A) from p(leaf) and p ( A ) ∧ p ( B ) ⊃ p ( node ( v , A , B )) . binary_tree_induction: AXIOM (FORALL (p: [binary_tree -> boolean]): p(leaf) AND (FORALL (node1_var: T), (node2_var: binary_tree), (node3_var: binary_tree): p(node2_var) AND p(node3_var) IMPLIES p(node(node1_var, node2_var, node3_var))) IMPLIES (FORALL (binary_tree_var: binary_tree): p(binary_tree_var))) ✫ ✪ 20

  22. ✬ ✩ Pattern-matching Branching The CASES construct is used to branch on the outermost constructor of a datatype expression. We implicitly assume the disjointness of (node?) and (leaf?) : = CASES leaf OF u leaf : u , node ( a , y , z ) : v ( a , y , z ) ENDCASES node ( b , w , x ) OF = v ( b , w , x ) CASES leaf : u , node ( a , y , z ) : v ( a , y , z ) ENDCASES ✫ ✪ 21

  23. ✬ ✩ Useful Generated Combinators reduce_nat(leaf?_fun:nat, node?_fun:[[T, nat, nat] -> nat]): [binary_tree -> nat] = ... every(p: PRED[T])(a: binary_tree): boolean = ... some(p: PRED[T])(a: binary_tree): boolean = ... subterm(x, y: binary_tree): boolean = ... map(f: [T -> T1])(a: binary_tree[T]): binary_tree[T1] = ... ✫ ✪ 22

  24. ✬ ✩ Ordered Binary Trees Ordered binary trees can be introduced by a theory that is parametric in the value type as well as the ordering relation. The ordering relation is subtyped to be a total order. total_order?(<=): bool = partial_order?(<=) & dichotomous?(<=) obt [T : TYPE, <= : (total_order?[T])] : THEORY BEGIN IMPORTING binary_tree[T] A, B, C: VAR binary_tree x, y, z: VAR T pp: VAR pred[T] i, j, k: VAR nat . . . END obt ✫ ✪ 23

  25. ✬ ✩ The size Function The number of nodes in a binary tree can be computed by the size function which is defined using reduce nat . size(A) : nat = reduce_nat(0, (LAMBDA x, i, j: i + j + 1))(A) ✫ ✪ 24

  26. ✬ ✩ The Ordering Predicate Recursively checks that the left and right subtrees are ordered, and that the left (right) subtree values lie below (above) the root value. ordered?(A) : RECURSIVE bool = (IF node?(A) THEN (every((LAMBDA y: y<=val(A)), left(A)) AND every((LAMBDA y: val(A)<=y), right(A)) AND ordered?(left(A)) AND ordered?(right(A))) ELSE TRUE ENDIF) MEASURE size ✫ ✪ 25

  27. ✬ ✩ Insertion Compares x against root value and recursively inserts into the left or right subtree. insert(x, A): RECURSIVE binary_tree[T] = (CASES A OF leaf: node(x, leaf, leaf), node(y, B, C): (IF x<=y THEN node(y, insert(x, B), C) ELSE node(y, B, insert(x, C)) ENDIF) ENDCASES) MEASURE (LAMBDA x, A: size(A)) ✫ ✪ 26

  28. ✬ ✩ Insertion Property The following is a very simple property of insert . ordered?_insert_step: LEMMA pp(x) AND every(pp, A) IMPLIES every(pp, insert(x, A)) Proved by induct-and-simplify ✫ ✪ 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

York University www.cs.york.ac.uk/~ndm First order vs Higher order Higher order:

York University www.cs.york.ac.uk/~ndm First order vs Higher order Higher order:

First Order Haskell Neil Mitchell York University www.cs.york.ac.uk/~ndm First order vs Higher order Higher order: functions are values Can be passed around Stored in data structure Harder for reasoning and analysis More

483 views • 15 slides
More JavaScript! Higher-Order Functions, Callbacks, and Array Methods Higher-Order Functions

More JavaScript! Higher-Order Functions, Callbacks, and Array Methods Higher-Order Functions

More JavaScript! Higher-Order Functions, Callbacks, and Array Methods Higher-Order Functions A Higher-Order Function is any function that operates on any other function, either by taking them in as arguments or returning them. In

308 views • 9 slides
CS 61A Discussion 2 Environments and Higher Order Functions Albert Xu Kaavya Shah Attendance:

CS 61A Discussion 2 Environments and Higher Order Functions Albert Xu Kaavya Shah Attendance:

CS 61A Discussion 2 Environments and Higher Order Functions Albert Xu Kaavya Shah Attendance: links.cs61a.org/albert-disc Slides: albertxu.xyz/teaching/cs61a/ Announcements Higher order functions! Higher order functions! just kidding i hate

358 views • 21 slides
Recursion and Induction: Higher Order Functions Greg Plaxton Theory in Programming Practice,

Recursion and Induction: Higher Order Functions Greg Plaxton Theory in Programming Practice,

Recursion and Induction: Higher Order Functions Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Higher Order Functions A higher order function is a function that takes a

290 views • 13 slides
Higher Order Functions 1 Shell CSCE 314 TAMU Higher-order Functions A function is called

Higher Order Functions 1 Shell CSCE 314 TAMU Higher-order Functions A function is called

Shell CSCE 314 TAMU CSCE 314: Programming Languages Dr. Dylan Shell Higher Order Functions 1 Shell CSCE 314 TAMU Higher-order Functions A function is called higher-order if it takes a function as an argument or returns a function as a

262 views • 23 slides
15-150 Fall 2020 Lecture 9 Higher-order functions Stephen Brookes Transforming We focus first

15-150 Fall 2020 Lecture 9 Higher-order functions Stephen Brookes Transforming We focus first

15-150 Fall 2020 Lecture 9 Higher-order functions Stephen Brookes Transforming We focus first and on lists. combining Ideas adapt data to trees , etc. Functions as values Higher-order functions The power of polymorphism

1.07k views • 60 slides
On the Multiplicative Complexity of Boolean Functions and Bitsliced Higher-Order Masking Dahmun

On the Multiplicative Complexity of Boolean Functions and Bitsliced Higher-Order Masking Dahmun

On the Multiplicative Complexity of Boolean Functions and Bitsliced Higher-Order Masking Dahmun Goudarzi and Matthieu Rivain CHES 2016, Santa-Barbara Higher-Order Masking x = x 1 + x 2 + + x d 2/28 Higher-Order Masking x = x 1 + x 2 +

855 views • 42 slides
Dependent Type Theory of Stateful Higher-Order Functions Aleksandar Nanevski Harvard University

Dependent Type Theory of Stateful Higher-Order Functions Aleksandar Nanevski Harvard University

Dependent Type Theory of Stateful Higher-Order Functions Aleksandar Nanevski Harvard University joint with Greg Morrisett and Lars Birkedal TYPES 2006, Nottingham April 20, 2006 Dependent Type Theory of Stateful Higher-Order Functions p.

625 views • 44 slides
Environments Announcements Environments for Higher-Order Functions Environments Enable

Environments Announcements Environments for Higher-Order Functions Environments Enable

Environments Announcements Environments for Higher-Order Functions Environments Enable Higher-Order Functions 4 Environments Enable Higher-Order Functions Functions are first-class: Functions are values in our programming language 4

962 views • 95 slides
Closure Conversion Higher-order functions Michel Schinz Advanced Compiler Construction

Closure Conversion Higher-order functions Michel Schinz Advanced Compiler Construction

Closure Conversion Higher-order functions Michel Schinz Advanced Compiler Construction 2009-03-20 Higher-order functions HOFs in C In C, it is possible to pass a function as an argument, and to A higher-order function ( HOF ) is a

382 views • 7 slides
Computational Concepts Toolbox Data type: values, literals, Higher Order Functions

Computational Concepts Toolbox Data type: values, literals, Higher Order Functions

Computational Concepts Toolbox Data type: values, literals, Higher Order Functions operations, Functions as Values Expressions, Call Functions with functions as Abstract Data Types argument expression Assignment of

261 views • 9 slides
One-Slide Summary List Recursion Examples &amp; Recursive Procedures Recursive functions

One-Slide Summary List Recursion Examples &amp; Recursive Procedures Recursive functions

One-Slide Summary List Recursion Examples &amp; Recursive Procedures Recursive functions that operate on lists have a similar structure. list-cruncher is a higher-order function that can be used to implement many others. Decisions in a

331 views • 9 slides
Lecture 4. Higher-order functions Functional Programming 0 function call and return as only

Lecture 4. Higher-order functions Functional Programming 0 function call and return as only

[Faculty of Science Information and Computing Sciences] Lecture 4. Higher-order functions Functional Programming 0 function call and return as only control-fmow primitive no loops, break , continue , goto (almost) unique types no inheritance

976 views • 85 slides
Higher-Order Functions Original slides by Koen Lindstrm Claessen What is a Higher Order

Higher-Order Functions Original slides by Koen Lindstrm Claessen What is a Higher Order

Higher-Order Functions Original slides by Koen Lindstrm Claessen What is a Higher Order Function? A function which takes another function as a argument, and/or returns a function even :: Int -&gt; Bool even n = n`mod` 2 == 0 Examples

817 views • 53 slides
Polyvariant Flow Analysis with Higher-ranked Polymorphic Types and Higher-order Effect Operators

Polyvariant Flow Analysis with Higher-ranked Polymorphic Types and Higher-order Effect Operators

[ Faculty of Science Information and Computing Sciences] Polyvariant Flow Analysis with Higher-ranked Polymorphic Types and Higher-order Effect Operators Jurriaan Hage Joint work with Stefan Holdermans (Vector Fabrics) Dept. of Information

454 views • 32 slides
LECTURE 16 HIGHER-ORDER FUNCTIONS &amp; EXCEPTIONS MCS 260 Fall 2020 David Dumas / REMINDERS

LECTURE 16 HIGHER-ORDER FUNCTIONS &amp; EXCEPTIONS MCS 260 Fall 2020 David Dumas / REMINDERS

LECTURE 16 HIGHER-ORDER FUNCTIONS &amp; EXCEPTIONS MCS 260 Fall 2020 David Dumas / REMINDERS Work on Project 2, due Oct 9 Project 2 autograder now open! / HIGHER-ORDER FUNCTIONS Last time: Functions can be values Functions can take other

209 views • 16 slides
Partial wave analysis of eta meson photoproduction using fixed-t dispersion relations Kirill

Partial wave analysis of eta meson photoproduction using fixed-t dispersion relations Kirill

Partial wave analysis of eta meson photoproduction using fixed-t dispersion relations 30th August 2017, Boppard Partial wave analysis of eta meson photoproduction using fixed-t dispersion relations Kirill Nikonov Johannes Gutenberg

391 views • 21 slides
Inhomogeneous Continuity Equation With Application to Hamiltonian ODE Helen K. Lei December 7,

Inhomogeneous Continuity Equation With Application to Hamiltonian ODE Helen K. Lei December 7,

Inhomogeneous Continuity Equation With Application to Hamiltonian ODE Helen K. Lei December 7, 2009 This talk represents joint work with L. Chayes (UCLA) and W. Gangbo (Georgia Tech). We are mainly interested in Hamiltonian dynamics where mass

173 views • 3 slides
QCD Symmetries in eta and etaprime mesic nuclei Steven Bass Chiral symmetry, eta and eta

QCD Symmetries in eta and etaprime mesic nuclei Steven Bass Chiral symmetry, eta and eta

QCD Symmetries in eta and etaprime mesic nuclei Steven Bass Chiral symmetry, eta and eta physics: the masses of these mesons are 300-400 MeV too big for them to be pure Goldstone bosons Famous axial U(1) problem of QCD Additional mass is

453 views • 21 slides
Transparency CS 6965 Fall 2011 Transparency Light is an electromagnetic wave Some

Transparency CS 6965 Fall 2011 Transparency Light is an electromagnetic wave Some

Transparency CS 6965 Fall 2011 Transparency Light is an electromagnetic wave Some materials conduct energy at visible frequencies CS 6965 Fall 2011 2 Transmitted rays plane of incidence i n r 1 1 1 boundary 2 t

736 views • 38 slides
Pairings I Michael Naehrig Eindhoven Institute for the Protection of Systems and Information

Pairings I Michael Naehrig Eindhoven Institute for the Protection of Systems and Information

Pairings I Michael Naehrig Eindhoven Institute for the Protection of Systems and Information Technische Universiteit Eindhoven rtr ECC Summer School 2008, Eindhoven 18 September 2008

336 views • 32 slides
Arithmetic aspects of short random walks Number Theory Seminar Armin Straub September 27, 2012

Arithmetic aspects of short random walks Number Theory Seminar Armin Straub September 27, 2012

Arithmetic aspects of short random walks Number Theory Seminar Armin Straub September 27, 2012 University of Illinois at UrbanaChampaign Based on joint work with : Jon Borwein James Wan Wadim Zudilin University of Newcastle, Australia

1.57k views • 120 slides
Midterm review Dr. Jarad Niemi Iowa State University March 6, 2018 Jarad Niemi (Iowa State)

Midterm review Dr. Jarad Niemi Iowa State University March 6, 2018 Jarad Niemi (Iowa State)

Midterm review Dr. Jarad Niemi Iowa State University March 6, 2018 Jarad Niemi (Iowa State) Midterm review March 6, 2018 1 / 14 What we have covered What we have covered Chapters Probability and inference (Ch 1) Jarad Niemi (Iowa State)

1.01k views • 72 slides
Computer Graphics - Programmable Shading in OpenGL - Arsne Prard-Gayot History Pre-GPU

Computer Graphics - Programmable Shading in OpenGL - Arsne Prard-Gayot History Pre-GPU

Computer Graphics - Programmable Shading in OpenGL - Arsne Prard-Gayot History Pre-GPU graphics acceleration SGI, Evans &amp; Sutherland Introduced concepts like vertex transformation and texture mapping First-generation

913 views • 35 slides

More recommend