CS 2800 Homework 8 - Spring 2013 This homework does not require ACL2s. Instructions for using this file: - Open this file with your editor of choice. Make sure that you save your modified file as plain ASCII text. For example, handing in a file in Microsoft Word format is not allowed. You can use ACL2s if you wish, in which case you can also use it check your answers (using acl2::test? for example). - Insert your solutions into this file where indicated (for instance as "..."). This includes equational proofs, explanations, and formulas. - To turn in your solution, check out the directory at svn://dell-server-wahl-1.ccs.neu.edu/cs2800-2013-spring/08/ where groupname is the name of the group as it was emailed to you. Your username and password remain as before. Place your file hw08.txt in this directory, add it, and commit. - Whenever convenient, we will use F and T to represent false and true, and the following character combinations to represent the Boolean connectives: NOT ~ AND /\ OR \/ IMPLIES => EQUIVALENT = XOR <> The binding powers of these connectives are as in class: they are listed in the above table from highest to lowest. Within one group (no blank line), the binding power is the same. Preliminaries ============= Definitions ----------- We will use the following definitions throughout this homework. You have seen most of them already. (defunc atom (a) :input-contract t :output-contract (booleanp (atom a)) (not (consp a))) (defunc len (a) :input-contract t :output-contract (natp (len a)) (if (atom a) 0 (+ 1 (len (rest a))))) (defunc app (a b) :input-contract (and (listp a) (listp b)) :output-contract (and (listp (app a b)) (equal (len (app a b)) (+ (len a) (len b)))) (if (endp a) b (cons (first a) (app (rest a) b)))) (defunc in (a X) :input-contract (listp x) :output-contract (booleanp (in a X)) (if (endp x) nil (or (equal a (first X)) (in a (rest X))))) (defunc rotate-left (x n) :input-contract (and (listp x) (natp n)) :output-contract (listp (rotate-left x n)) (cond ((equal n 0) x) ((endp x) x) (t (rotate-left (app (rest x) (list (first x))) (- n 1))))) (defunc exp (n k) :input-contract (and (natp n) (natp k)) :output-contract (natp (exp n k)) (if (equal k 0) 1 (* n (exp n (- k 1))))) Recall that for each of the defunc's above we have both a definitional axiom, and a contract theorem. For example for len, we have the definitional axiom: (implies t (equal (len a) (if (atom a) 0 (+ 1 (len (rest a)))))) which is equivalent to (by propositional logic) (equal (len a) (if (atom a) 0 (+ 1 (len (rest a))))) The contract theorem is: (implies t (natp (len a))) which is equivalent to (natp (len a)) Recall that you get to use definitional axioms and contract theorems for free, i.e., you don't have to prove anything to use them. Trees ----- We will use the same definition of trees as in the previous homework: (defdata tree (oneof nil (list tree all tree))) The definition above gives raise to a recognizer called treep. To prove facts about trees, you can rely on the fact that if both (treep r) and (consp r) hold, then r is a list with exactly three elements. Also, the following theorems hold (by construction): 1. (treep r) /\ (consp r) => (treep (first r)) 2. (treep r) /\ (consp r) => (treep (third r)) 3. (treep r) => (listp r) We will use the following functions that operate on trees: (defunc tree-size (r) :input-contract (treep r) :output-contract (natp (tree-size r)) (if (endp r) 0 (+ 1 (+ (tree-size (first r)) (tree-size (third r)))))) (defunc tree-depth (r) :input-contract (treep r) :output-contract (natp (tree-depth r)) (if (endp r) 0 (+ 1 (if (> (tree-depth (first r)) (tree-depth (third r))) (tree-depth (first r)) (tree-depth (third r)))))) 1. Equational Reasoning ======================== A. Prove the following conjecture using equational reasoning: (implies (treep r) (and (implies (endp r) (<= (tree-depth r) (tree-size r))) (implies (and (consp r) (<= (tree-depth (first r)) (tree-size (first r))) (<= (tree-depth (third r)) (tree-size (third r)))) (<= (tree-depth r) (tree-size r))))) ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... B. Prove the following conjecture using equational reasoning: (implies (and (natp a) (natp b) (natp n)) (and (implies (equal n 0) (equal (exp (* a b) n) (* (exp a n) (exp b n)))) (implies (and (not (equal n 0)) (equal (exp (* a b) (- n 1)) (* (exp a (- n 1)) (exp b (- n 1))))) (equal (exp (* a b) n) (* (exp a n) (exp b n)))))) ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... C1. Prove the following conjecture using equational reasoning: (implies (and (listp x) (listp y)) (and (implies (endp x) (iff (in a (app x y)) (or (in a x) (in a y)))) (implies (and (not (endp x)) (not (equal a (first x))) (iff (in a (app (rest x) y)) (or (in a (rest x)) (in a y)))) (iff (in a (app x y)) (or (in a x) (in a y)))) (implies (and (not (endp x)) (equal a (first x)) (iff (in a (app (rest x) y)) (or (in a (rest x)) (in a y)))) (iff (in a (app x y)) (or (in a x) (in a y)))))) ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... C2. As we will see in class soon, the conjecture in part [C1], which is now a theorem, corresponds to our proof obligation when proving the following theorem by induction: (implies (and (listp x) (listp y)) (iff (in a (app x y)) (or (in a x) (in a y)))) Assume you have proved the theorem above. Prove the following conjecture using equational reasoning: (implies (and (listp x) (natp n)) (and (implies (equal n 0) (equal (in a (rotate-left x n)) (in a x))) (implies (and (not (equal n 0)) (iff (in a (rotate-left (app (rest x) (list (first x))) (- n 1))) (in a (app (rest x) (list (first x)))))) (iff (in a (rotate-left x n)) (in a x))))) ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... 2. Definitional Principle ========================= Preliminaries ------------- Recall the "Definitional Principle": The definition (defunc f (x1 ... xn) :input-contract ic :output-contract oc body) is _admissible_ provided: I. f is a new function symbol, i.e., there are currently no theorems or axioms about the function f. Note that this happens in the context of a history of function definitions. II. The xi are pairwise distinct variable symbols. III. body is a term mentioning no free variables other than the xi. Note that body may use f recursively as a function symbol with the correct number of arguments. It goes without saying that the xi cannot be used as function symbols. Also, no undefined function symbols should be used. IV. The function is "terminating", i.e., it terminates on all valid inputs. V. ic => oc is a theorem. VI. The body contracts hold under the assumption that ic holds. If admissible, the logical effect of the definition is to add two new axioms: - definitional axiom for f: ic => [(f x1 ... xn) = body]. - contract axiom for f: ic => oc. Exercise -------- For each of the definitions below, check whether it is admissible, i.e., it satisfies the definitional principle. You can assume that f is a new function symbol in each case. If yes, 1. Provide a measure function that can be used to show termination. 2. Explain in English why the contract axiom holds. 3. Explain in English why the body contracts hold. If no, 1. Identify which of the 6 conditions above are violated. 2. If IV is satisfied, provide a measure function. If IV is violated, provide a valid input on which the function does not terminate. Note that some of the conditions of admissibility make no sense if certain others are violated. For example, if the function does not terminate on all inputs (IV is violated), there is no point checking the contract axiom (V). Similarly, if the body contains free variable symbols other than the xi, it cannot be evaluated, so the remaining conditions make no sense. Assume that all the functions mentioned in this homework are already defined (search for the text "defunc" above this line). The history of function definitions additionally contains standard ACL2s definitions, e.g., listp , natp , endp , first , and rest . (defunc f (l) :input-contract (listp l) :output-contract (listp (f l)) (if (endp l) nil (g (rest l) (list (first l))))) ... (defunc f (n a n) :input-contract (and (natp n) (listp a)) :output-contract (natp (f n a n)) (if (endp a) 0 (f n (rest a) n))) ... (defunc app (x y) :input-contract (and (listp x) (listp y)) :output-contract (listp (app x y)) (if (endp x) y (cons (first x) (app (rest x) y)))) ... (defunc f (x y) :input-contract (and (listp x) (listp y)) :output-contract (natp (f x y)) (if (endp x) -1 (f (rest x) (cons 1 y)))) ... (defunc f (x a) :input-contract (and (listp x) (natp a)) :output-contract (natp (f x a)) (if (endp x) a (f (rest x) (+ a 1)))) ... (defunc f (x y) :input-contract (and (integerp x) (integerp y)) :output-contract (integerp (f x y)) (if (equal x 0) 0 (+ (* 2 y) (f (- x 1) y)))) ... (defunc f (x a) :input-contract (and (integerp x) (listp a)) :output-contract (natp (f x a)) (cond ((< x 0) (f (len a) (app a a))) ((endp a) 0) (t (+ 1 (f x (rest a)))))) ... ... ... ... ... (defunc f (a n) :input-contract (and (listp a) (natp n)) :output-contract (listp (f a n)) (if (equal n 0) (list n) (f (cons (rest a) (first a)) (- n 1)))) ... (defunc f (x a) :input-contract (and (integerp x) (listp a)) :output-contract (integerp (f x a)) (cond ((endp a) 68) ((equal (len a) x) 71) ((equal (len a) (+ x 1)) 74) ((< x (len a)) (f (+ x 1) (rest a))) (t (f (- x 1) (cons 1 a))))) ... ... ... ... ... ... ... (defunc f (a b) :input-contract (and (natp a) (natp b)) :output-contract (natp (f a b)) (cond ((and (equal a 0) (equal b 0)) 0) ((< a b) (f b a)) (t (f b (- a 1))))) ... ... ... ... ... ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; Feedback ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; #| Please fill out the following form. https://docs.google.com/spreadsheet/viewform?formkey=dEZ5aE5jTXd6TGVZRkJOaDFJMkF2MGc6MA Confirm here whom of the team members filled out the form: Name 1 ... Name 2 ... (Name 3 ...) Everyone who filled out the form gets credit worth 1 quiz. The form is anonymous, to encourage you to write what you think about this class. (If you want to stay anonymous, do not reveal your name on the feedback form.) On the other hand, we must rely on your honesty in stating whether you filled out the form or not, and in NOT filling out the form several times (why would you do that??). We do not want to find discrepancies in the number of entries on the form, and the number of people claiming to have filled out the form. |#