Add to collection(s) Add to saved
  1. Math

Lecture Note 5 (Verification with Induction 1)

advertisement 
Verification with Induction 1
CafeOBJ Team of JAIST
Topics
♦ Induction over natural numbers again
- recursive/inductive definition and
- mathematical induction
♦ Several examples of inductive proofs
- lemma introduction
- generalization of goalsa
- proof score in CafeOBJ for inductive proofs
LectureNote5, i613-0712
2
1
An Example of simple inductive proof
Goal: All natural numbers are either even or odd, that is
∀n∈N (Even(n)∨Odd(n))
proof: induction with respect to n
(base step)
Even(0)∨Odd(0) is true because Even(0) is true
(induction step)
1. Assume Even(k)∨Odd(k) is true
2. Because (Even(k)=>Odd(k+1)) and
(Odd(k)=>Even(k+1)) is true and the assumption 1.
is true, Even(k+1)∨Odd(k+1) is true
Hence,Even(n)∨Odd(n) for all natural number n.■
exercise: Proof by induction that “for every natural number n, n
can be expressed as 2m or 2m+1 for some natural number
m”.
3
LectureNote5, i613-0712
Mathematical Induction over Natural Numbers
[Nat] op 0: -> Nat . op s_:
Nat -> Nat .
This recursive definition of Nat induces the following induction scheme!
Goal: Prove that for any natural number n ∈ {0,
s 0, s s 0,…} P(n) is true
Induction Scheme:
P(0)
∀n∈N.[P(n) => P(s n)]
∀n∈N.P(n)
Concrete Procedure: (induction with respect to n)
1. Prove P(0) is true
2. Assume that P(n) holds, and prove that
P(s n) is true
LectureNote5, i613-0712
4
2
CafeOBJ Proof Score for ∀n∈N (Even(n)∨Odd(n))
evenOddProof
mod! BASIC-NAT {
[ Nat ]
op 0 : -> Nat {constr}
op s_ : Nat -> Nat {constr}
}
mod! EVEN-ODD { pr(BASIC-NAT)
pred even : Nat
pred odd : Nat
-eq even(0) = true .
eq even(s N:Nat) = odd(N) .
-eq odd(0) = false .
eq odd(s N:Nat) = even(N) .
}
open (EVEN-ODD)
-- arbitrary natural number
op n : -> Nat .
-- induction base (I.B.)
red even(0) or odd(0) .
-- induction step (I.S.)
-- induction hypothesis (I.H.)
eq even(n) or odd(n) = true .
-- conclusion of I.S.
red even(s n) or odd(s n) .
close
LectureNote5, i613-0712
5
Proof Score for associativity and commutativity
of addition (_+_)
natPlusAssocPS natPlusCommPS
-- opening module NATplus and EQL
open (NATplus + EQL)
--> declaring constants for arbitrary values
ops i j k : -> Nat .
**> Prove associativity: (i + j) + k = i +(j + k)
**> by induction on i
mod! NATplus {
**> induction base case proof for 0:
protecting (BASIC-NAT)
red 0 + (j + k) = (0 + j) + k .
op _+_ : Nat Nat -> Nat
**> induction step
vars M N : Nat .
**> induction hypothesis:
eq
0 + N = N .
eq (i + J:Nat) + K:Nat = i + (J + K) . eq (s M) + N = s(M + N) . }
**> conclusion of induction step for (s k):
red ((s i) + J:Nat) + K:Nat = (s i) + (J + K) .
**> QED {end of proof for associativity of (_+_)}
close
LectureNote5, i613-0712
6
3
A typical recursively defined function:
Power function
Recursive definition of power function:
For any natural number n and x,
x0 = 1
power.1
n+1
n
x =x×x
power.2
The following property hold for the power function.
For any natural numbers m, n, x,
xm+n = xm × xn
7
LectureNote5, i613-0712
Inductive proof of
a property of the power function
The property to be verified:
xm+n = xm × xn
1. Inductive base: m = 0 ,
X0+n = xn
= 1 × xn
= x0 × xn
def. of +
def. of×
powr.1
2. Induction Step
(induction hypothesis) asume that xm+n = xm × xn is ture
(proof of induction step)
assoc. of +
x(m+1)+n = x(m+n)+1
m+n
power.2
=x×x
hypothesis
= x × (xm × xn)
assoc. of ×
= (x × xm) × xn
power.2
= xm+1 × xn
LectureNote5, i613-0712
8
4
Natural numbers with + and *: NAT*dist natDist.mod
mod! NAT*ac {
[ Nat ]
op 0 : -> Nat
op s_ : Nat -> Nat
op _+_ : Nat Nat -> Nat {assoc comm}
eq M:Nat + 0 = M .
eq M:Nat + s N:Nat = s(M + N) .
op _*_ : Nat Nat -> Nat {assoc comm}
eq M:Nat * 0 = 0 .
eq M:Nat * s N:Nat = (M * N) + M . }
mod! NAT*dist { protecting(NAT*ac)
eq L:Nat * (M:Nat + N:Nat) = (L * M) + (L * N) . }
Be careful that the CafeOBJ’s built-in natural numbers defined in the
module NAT is deferent from the natural numbers defined here.
9
LectureNote5, i613-0712
CafeOBJ code for power function
mod!
op
eq
eq
POWER
_^_ :
X:Nat
X:Nat
{ protecting(NAT*ac)
Nat Nat -> Nat
^ 0
= s 0 .
^ (s I:Nat) = X * (X ^ I) .
}
LectureNote5, i613-0712
10
5
Proof Score for the property of power function
power.mod
open (POWER + EQL)
ops x m n : -> Nat .
**> notice that x m n are any elements of sort Nat
**> the proof of
**> (for all X M N : Nat
**> by induction on M
X ^ (M + N) = (X ^ M) + (X ^ N)
**> base case (M = 0) : x * (0 + n) = (x * 0) + (x * n)
reduce x ^ (0 + n) = (x ^ 0) * (x ^ n) .
**> assume induction hypothesis for M = m
eq X:Nat ^ (m + N:Nat) = (X ^ m) * (X ^ N) .
**> proof of induction step for m = s m
reduce x ^ ((s m) + n) = (x ^ (s m)) * (x ^ n) .
**> QED
close
11
LectureNote5, i613-0712
Two definition of factorial function
fact
mod!
op
eq
eq
}
FACT { protecting(NAT*ac)
fact : Nat -> Nat
fact(0) = s 0 .
fact(s N:Nat) = (s N) * fact(N) .
mod!
op
eq
eq
}
FACT2 { protecting(NAT*ac)
fact2 : Nat Nat -> Nat
fact2(0, A:Nat) = A .
fact2((s N:Nat), A:Nat) = fact2(N, (s N) * A) .
LectureNote5, i613-0712
12
6
Inductive proof of equivalence of
the two factorial functions (1)
Goal:
To prove
∀n.[fact2(n,1) = fact(n)]
Proof: induction with respect to n
(induction base)
fact2(0, 1)
= 1
(fact2)
= fact(0)
(fact)
(induction step)
fact2(k+1,1)
= fact2(k,1×(k+1)) (fact2)
= ?
(stuck!)
=> generalize the goal so that the second argument is not
restricted to 1; generalization sometimes solve the
problems!
LectureNote5, i613-0712
13
Inductive proof of equivalence of
the two factorial functions (2)
Generalized goal:
∀n.∀p.[fact2(n,p) = p×fact(n)]
Inductive proof w.r.t n
(base)
fact2(0,p)
= p
(fact2)
= p × 1
(×)
= p × fact(0) (fact)
(step)
fact2(k+1,p)
= fact2(k, p×(k+1)) (fact2)
= p×(k+1)×(fact(k)) (I.H.)
= p×fact(k+1)
Q.E.D
LectureNote5, i613-0712
14
7
Proof Score for proving equivalence of
two factorial functions
open (FACT + FACT2 + NAT*dist + EQL)
-- i,j,k stand for any natural numbers
–- i,j,k should be fresh names
ops i j k : -> Nat .
--> proving: fact2(i, j) = j * fact(i)
--> by induction on i
--> proof of induction base for 0:
red fact2(0,j) = j * fact(0) .
--> induction hypothesis:
eq fact2(i,N:Nat) = N * fact(i) .
--> proof of induction step for (s i):
red fact2(s i, j) = j * fact(s i) .
--> QED (end of proof)
close
15
LectureNote5, i613-0712
Constant v.s. variable
constVsVar
♦ Using a variable in an equation instead of a
constant makes a drastic change of meaning of the
proof score. Be careful!
• The scope of a constant is to the end of a open-close
session assuming that the declared constants are fresh.
• The scope of a variable is inside of the equation.
open (NAT+ + EQL)
op n : -> Nat .
eq +(n, 0) = n .
red +(s(n), 0) = s(n) .
close
open (NAT+ + EQL)
op n : -> Nat .
eq +(N:Nat, 0) = N .
red +(s(n), 0) = s(n) .
close
Constant: ∀n:Nat.[+(n,0)=n ⇒ (+(s(n),0)=s(n))]
Variable: ∀n:Nat.[∀N:Nat.[+(N,0)=N ]⇒(+(s(n),0)=s(n))]
LectureNote5, i613-0712
16
8
What has been proved
by (red fact2(0,j) = j * fact(0).)?
(red fact2(0,j) = j * fact(0).) returns true
means that by using equations of the context (FACT +
FACT2 + NAT*dist + EQL) as rewriting rules
fact2(0,j) and (j * fact(0)) is reduced to the
same term. This implies that for any element j of Nat,
fact(0,j) is equal to (j*fact(0)) if all the equations
of this context are assumed.
This can be written:
(FACT + FACT2 + NAT*dist + EQL)
|= ∀j∈Nat.(fact(0,j)=j*fact(0))
This is what we want to prove as the induction base.
LectureNote5, i613-0712
17
What has been proved
by (red fact2(s i,j) = j * fact(s i).)?
(red fact2(s i,j) = j * fact(s i).) returns true means
that by using equations of the context (FACT + FACT2 + NAT*dist
+ EQL) and the equation (fact2(i,N:Nat) = N * fact(i)) as rewriting rules
fact2(s i,j) and (j * fact(s i)) is reduced to the same term.
This implies that for any element i and j of Nat, fact(s i,j) is
equal to (j * fact(s i)) if all the equations of this context and the
added equation are assumed.
This can be written:
(FACT + FACT2 + NAT*dist + EQL)|=
∀i,j∈Nat.(∀N∈Nat.(fact2(i,N)=N*fact(i)))
=>(fact2(s i,j)=j*fact(s i)))
This is what we want to prove as the induction step.
LectureNote5, i613-0712
18
9
Two definition of Fibonacci function
mod!
op
eq
eq
eq
}
FIB { protecting(NAT*dist)
fib : Nat -> Nat
fib(0)
= 0 .
fib(s 0) = s 0 .
fib(s s N:Nat) = fib(s N) + fib(N) .
mod!
op
eq
eq
eq
FIBI { protecting(NAT*dist)
fibi : Nat Nat Nat -> Nat
fibi(0,
Prev:Nat, Curr:Nat) = Prev .
fibi(s 0, Prev:Nat, Curr:Nat) = Curr .
fibi(s N:Nat, Prev:Nat, Curr:Nat)
= fibi(N, Curr, Prev + Curr) .
}
LectureNote5, i613-0712
19
Proof of equivalence – Fibonacci (1)
Try to find out the right goal to be proved:
compute the fibi for small arguments for understanding what
are computed
fibi (6, 0, 1) = fibi (5, 1, 1)
= fibi (4, 1, 2)
= fibi (3, 2, 3)
= fibi (2, 3, 5)
= fibi (1, 5, 8)
= 8
The second and third arguments of fibi may be 2 successive
fibonacci numbers:
fibi (4, Fn, Fn+1) = fibi (3, Fn+1, Fn+2)
= fibi (2, Fn+2, Fn+3)
= fibi (1, Fn+3, Fn+4)
= Fn+4
Where Fn = fib n
LectureNote5, i613-0712
20
10
Proof of equivalence – Fibonacci (2)
Goal: (n,m are natural numbers)
∀n.∀m.[fibi (n, Fm, Fm+1) = Fm+n]
Inductive proof w.r.t. n:
(base1)n=0,clear by the definition of fibi
(base2)n=1,clear by the definition of fibi
(step) assume that ∀m.[fibi (k, Fm, Fm+1] = Fm+k]
fibi(k+1, Fm, Fm+1)
(fibi)
= fibi(k, Fm+1, Fm+Fm+1)
(fib)
= fibi(k ,Fm+1, Fm+2)
(hypothesis)
= Fm+1+k
(+)
= Fm+(k+1)
Q.E.D
m=0 gives the desired assertion
21
LectureNote5, i613-0712
Proof Score for
the equivalence of two Fibonacci functions
fibonacci
open (FIB + FIBI + EQL)
ops i j k : -> Nat .
--> induction base i = 0
red fibi(0, fib(j), fib(s j)) = fib(0 + j) .
--> induction base = s 0
red fibi(s 0, fib(j), fib(s j)) = fib((s 0) + j) .
--> induction step
--> induction hypothesis
--> (1) eq fibi(i,fib(J:Nat), fib(s J)) = fib(i + J) .
eq fibi(i,fib(J:Nat), fib(s J)) = fib(i + J) .
--> putting J = s K in (1)
--> (2) eq fibi(i,fib(s K:Nat), fib(s s K)) = fib(i + (s K)) .
--> making fib(s s K) => fib(s K) + fib(K)
--> (2)' eq fibi(i,fib(s K:Nat), fib(s K) + fib(K))
-->
= fib(i + (s K)) .
eq fibi(i,fib(s K:Nat), fib(s K) + fib(K)) = fib(i + (s K)) .
--> conclusion of induction step
red fibi((s i), fib(j), fib(s j)) = fib((s i) + j) .
--> QED
close
LectureNote5, i613-0712
22
11
Bad usage of the inductive argument
An inductive argument of “any person is bald”
[Induction Base] A person who has zero hair is
bald.
[Induction Step] If we assume that a person with
n hairs is bald, then it is clear that a person with
n+1 hairs is also bald.
[Conclusion] Hence, a person with k hairs is
bald for any k. This implies that any person is
bald.
LectureNote5, i613-0712
23
12
Related documents
File - DIVISION OF MALABON CITY
File - DIVISION OF MALABON CITY
Chapter 8
Chapter 8
Department of Computing Studies
Department of Computing Studies
Causes of the Civil War
Causes of the Civil War
Types of Computer - Shawlands Academy
Types of Computer - Shawlands Academy
function f(n: nat): nat
function f(n: nat): nat
File
File
January 2015 Monitoring Report
January 2015 Monitoring Report
File
File
Download
advertisement