This preview shows pages 1–6. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: CS2603 Applied Logic for Hardware and Software Rex Page University of Oklahoma 1 Lecture 14 CS 2603 Applied Logic for Hardware and Software Induction and Mechanical Logic 9 Proved: L(0) 9 Proved: n. (L(n) L(n+1)) 9 Conclusion: n. L(n) by the principle of induction qed Theorem {++ additive}. n. L(n) where L(n) ((length([x 1 , x 2 x n ] ++ ys) = (n + (length ys))) Additive Property of Concatenation proven by the principle of induction (x: xs) ++ ys = x: (xs ++ ys) (++) : [ ] ++ ys = ys (++) [ ] ( + + ) a x i o m s r e v i e w Proof of this theorems confirms that this equation is always true TESTING COULD NEVER CONFIRM THIS FACT Another way to say it: xs. ys.((length(xs ++ ys) = ((length xs) + (length ys))) CS2603 Applied Logic for Hardware and Software Rex Page University of Oklahoma 2 An Engineering Strategy for defectfree hardware/software 1. Design 2. Test 3. Certify concurrent activities based on logic formulas that specify expectations prove logic formulas (pred calc + induction) additive length for (++) xs. ys.((length(xs ++ ys) = ((length xs) + (length ys))) How can we be sure proofs are correct? like Stdm proof checker, but better must use mechanical logic CS2603 Applied Logic for Hardware and Software Rex Page University of Oklahoma 3 CS2603 Applied Logic for Hardware and Software Rex Page University of Oklahoma 4 Mechanical Logic Our proofs (by hand) attempt to be formal But, are actually on a level referred to as rigorous Our formulamatching is sometimes flawed When steps are obvious, we sometimes skip them Mechanical logic: matches formulas exactly Never skips steps Untouched by human hands essential : people slip up often ACL2 is a mechanical logic embedded in Lisp (defun cat (xs ys) (if (endp xs) ; Haskell equivalents ys ; [ ] ++ ys = ys (cons (car xs) (cat (cdr xs) ys)))) ; (x: xs)++ys = x:(xs++ys) ( + + ) a x i o m s i n L i s p Theorem: xs. ys. length(xs ++ ys) = ((length xs) + (length ys))) (defthm lengthofxs++ys=lengthofxs+lengthofys (implies (and (truelistp xs) (truelistp ys)) (equal (length (cat xs ys)) (+ (length xs) (length ys))))) ( + + ) a d d i t i v e t h e o r e m i n A C L 2 CS2603 Applied Logic for Hardware and Software Rex Page University of Oklahoma 5 Mechanical Logic Our proofs (by hand) attempt to be formal But, are more on the level of rigorous Our formulamatching is sometimes flawed When steps are obvious, we sometimes skip them Mechanical logic: matches formulas exactly Never skips steps Untouched by human hands essential : people slip up often Theorem: xs. ys. length(xs ++ ys) = ((length xs) + (length ys))) (defthm lengthofxs++ys=lengthofxs+lengthofys (implies (and (truelistp xs) (truelistp ys)) (equal (length (cat xs ys)) (+ (length xs) (length ys))))) ( + + ) a d d i t i v e t h e o r e m i n A C L 2...
View Full
Document
 Spring '08
 RexPage

Click to edit the document details