computing fundamentals 1 equations and reduction in cafeobj lecturer: patrick browne
TRANSCRIPT
Computing Fundamentals 1 Equations and Reduction in
CafeOBJ
Lecturer: Patrick Browne
• High level programming languages (HLP), like Python or Java, can be considered formal specifications. They specify what the machine should do.
• However, HLP are not good at expressing our understanding of a domain. They are too low level and contain too much detail. Using HLP it is difficult to identify design errors, assumptions are not made explicit, they are implementation dependent. HLP focus on how system tasks are performed. They don’t allow us to reason about the system or describe what the system does.
• Domains of interest include: a theory of sets, a theory of integers, a theory of bank accounts, a theory of a hospital records, a theory of traffic flow.
Why a specification language?
• CafeOBJ allows us to reason about what a system does rather than about the detailed algorithms .
• CafeOBJ is based on rigorous mathematic (equational logic, a lattice of types, functions, equations, axioms, syntactic and semantic domains). This makes CafeOBJ useful for teaching mathematics.
• CafeOBJ is executable. Even though it allows us to focus the what a program should do (i.e. specification), CafeOBJ also allows to run ‘specifications’ and produce results. Thus we can check our work (prototype) and get a result (compute). In sort we can:– Specify– Prototype – Reason and study proofs– Compute
Why a specification language?
• CafeOBJ has conceptual semantics based on the logic of equations.
• CafeOBJ has operational semantics based based on term rewriting.
• These two interpretations are closely related. Usually we talk about syntactic 'terms' and semantic 'expressions'.
• A good specification should be written in such a way that it can be used to predict how the system will behave.
Why a specification language?
• The role of CafeOBJ on this course is to provide a functional and logic based language that can be used to represent the mathematical concepts such as logic, sets, and functions. Which in turn can be used to model real world systems. Programming language. We use it as a specification &
Computing < Maths < World
Predefined Modules1
Module Type Operators Constants
BOOL Bool not and and-also xor or or-else implies iff
true, false
NAT Nat NzNatZero
* + >= > <= < quo rem divides s p
0 1 2 3 ...
INT Int Idem, mais - e – -2 ... FLOAT Float * / + - < <= > >=
exp log sqrt abs sin atan etc.1.2 ...pi
STRING String string= string> string< string>= string<=length substring ++ upcase downcase etc.
“a string"
...
• Equational calculus derives (proves) a term equation from a conditional-equational axiom set. The deduction rules in this calculus are:
• Reflexivity: Any term is provably equal to itself (t = t).• Transitivity: If t1 is provably equal to t2 and t2 is
provably equal to t3, then t1 is provably equal to t3.• Symmetry: If t1 is provably equal to t2, then t2 is
provably equal to t1.• Congruence: If t1 is provably equal to t2, then any two
terms are provably equal which consist of some context built around t1 and t2. e.g. f(t1)=f(t2).
CafeOBJ Equational Logic
• CafeOBJ statements are equations in which instances of the LHS pattern are replaced by corresponding instances of the RHS if the LHS matches the input expression. The matching process occurs "top-down, left-to-right.“ The first equation that matches is used.
• The definition of a function can be broken into several equations, giving us a multi-line definition: e.g.
• eq fact(0) = s(0) .• eq fact(s(N)) = s(N) * fact(N) .• Variables in CafeOBJ equations are universally
quantified ( N)∀ equations Variables
Writing equations in CafeOBJ
• Variables in CafeOBJ equations are universally quantified ( N)∀ equations
• Terms with variables, are instantiated by substituting the variables with ground terms.
• Here is an example from Jose Meseguer’s CC373 lecture notes.
Variables in CafeOBJ
• In CafeOBJ computation is reduction of a well-formed term (or expression) to a normal form. An expression in normal form cannot be reduced any further.
• An expression is a ground if it contains no variables.• If a term is normal form and is ground we say it is in
ground normal form.• The ground normal form can be considered as a value.• Reduction can be viewed as a sequence of term
rewrites, that treat the equation 0 + N = N as a left to right rewrite rule 0 + N -> N. This replaces (0 + N) with N. Reduction rewrites a term into a simpler form.
Writing equations in CafeOBJ
• In general when writing equations we should follow the following rules:– The RHS should not be a single variable.– All variables in the RHS must appear in the LHS.– The scope of a constant is the module it is declared in (or a
proof score or interactive session).– The scope of a variable is only inside of the equation. So, during
evaluation a variable, say X, will have the same value in a given equation, but it may have different values in different equations in the same module.
Writing equations in CafeOBJ
• An equation LHS=RHS is applicable to a given expression X, if we can substitute the variables occurring in some LHS with the values in expression X. This is also expressed as "LHS matches X“. Then we can replace X by Y, where Y is the expression obtained from RHS by replacing the variables occurring in LHS by their corresponding values. Such a replacement step a is called a reduction. For instance, given the equation and a reduction – eq sqr X = X*X . – A definition– red sqr 2 -- Reduction gives 2*2 = 4
• The expression sqr 2 matches the left-hand side sqr X, with 2 being substituted for the variable X.
Reducing an Expressionin CafeOBJ
Reduction
• Reduction is a sequence of rewrites. • open BOOL .• red true and (not(false) or (not true))
• The diagram shows 4 rewrites CafeOBJ actually does 6 rewrites.
>[1] rule: eq (not A:Bool) = (A xor true) { A:Bool |-> false }<[1] (not false):Bool --> (false xor true):Bool>[2] rule: eq (false xor A:Bool) = A { A:Bool |-> true }<[2] (false xor true):Bool --> (true):Bool>[3] rule: eq (not A:Bool) = (A xor true) { A:Bool |-> true }<[3] (not true):Bool --> (true xor true):Bool>[4] rule: eq (A:Bool xor A) = false { A:Bool |-> true }<[4] (true xor true):Bool --> (false):Bool>[5] rule: eq (false or A:Bool) = A { A:Bool |-> true }<[5] (true or false):Bool --> (true):Bool>[6] rule: eq (true and A:Bool) = A { A:Bool |-> true }<[6] (true and true):Bool --> (true):Bool
Reduction
• Reduction with variables in term and result. Result is normal form, not ground. Uses rightmost-innermost reduction.
• red T:Bool and ((not F:Bool) or (not T)) .
• CafeOBJ uses 14 rewrites• We simplify to 4 • =R=> represents rewrite.
Term-1 (not F) =R=> (F xor true)Term-2 (not T) =R=> (T xor true)Term-3 (T xor true) or (F xor true) =R=> ((T and F) xor true)Term-4 T and ((T xor true) or (F xor true)) =R=> ((F and T)xor T)
Reduction
• Reduction with variables in term and ground normal form result.
• open BOOL• red (a:Bool or (not a)) .• Gives: true
• As an intermediate step: (not a) =R=> (a xor true)
Trace of Reduction (a ˅ ~a) • Because we have (a xor true) we can write:• red a:Bool or (a xor true) .
• 1>[1] rule: eq (A or B) = ((A and B) xor (A xor B)) { A: |-> (a xor true), B |-> a }• 1<[1] (a or (a xor true)) --> (((a xor true) and a) xor ((a xor true) xor a))
• 1>[2] rule: eq (A and (B xor C)) = ((A and B) xor (A and C)){ A |-> a, B |-> true, C |-> a }• 1<[2] ((a xor true) and a) --> ((a and true) xor (a and a))
• 1>[3] rule: eq (true and A) = A { A |-> a }• 1<[3] (a and true) --> a
• 1>[4] rule: eq (A and A) = A {A |-> a }• 1<[4] (a and a) --> a
• 1>[5] rule: eq (A xor A) = false { A |-> a }• 1<[5] (a xor a) --> (false)
• 1>[6] rule: eq (AC xor (A xor A))= (AC xor false) { AC |-> true, A |-> a }• 1<[6] ((a xor true) xor a)--> (true xor false)
Reduction(a ˅ ~a) • 1>[7] rule: eq (false xor A) = A { A |-> true }• 1<[7] (true xor false) --> (true)
• 1>[8] rule: eq (false xor A) = A { A |-> true }• 1<[8] (false xor true) --> (true)
• (true):Bool• Everywhere you see rule: it means that the reduction found a matching equation in the BOOL module.• The square brackets indicate the rule number in the this particular reduction [1]..[8]• The grater-than sign > indicates starting a rewrite with the curled brackets {} showing a substitution. • The variables in capitals are from the BOOL module.• The less-than sign < indicates ending a rewrite replacing the LHS with the RHS. • Using the commutativity property, the system may changed the order of the arguments.• The commutative rule is applied.
Automatic Theorem Proving
The CafeOBJ environment includes automatic theorem proving (ATP) software. The ATP will try to show that some statements (often called a conjecture, goal, conclusion) is a logical consequence of a set of statements (often called hypothesis, assumptions or axioms). The ATP in CafeOBJ is based on (Prover9). Most of the logic problems on this course use the ATP. We set up problems such as Portia, Superman, and Family using a different1 logical notation than the normal CafeOBJ equations.
Automatic Theorem Proving
The basic steps in our examples are:
1)Declare some predicates (sister).
2)Define the axioms using the logical notation1 (-> , <->, |, &, ~, ax)
3)Write the conjecture to be proved (goal).
4)If the ATP can prove a goal we can examine the proof. We may compare it to other proof methods such as ordinary reduction, truth table, or a manual proof.
Half-Adder
eq halfAdder(x,y) = pair(x xor y, x and y) .
eq sum(pair(x,y)) = x .
eq carry(pair(x,y)) = y .
red halfAdder(true,true) .
red sum(halfAdder(true,true)) .
red carry(halfAdder(true,true)) .
Full-adder
fullAdder(A,B,C-IN) =
pair(sum.., carry.. OR carry)
http://www.doctronics.co.uk/4008.htm
•Will need nested functions e.g. sum(HA(sum(HA(A,B)),C-IN))
Checking Signatures
mod SIGNATURE {[ A B C D E]op a : A -> B op b : B -> Cop c : C -> A**> When a function has 2 arguments they can be considered as the cross-product of two domains.op d : A C -> Dop e : B B -> Evar u : Avar w : Bvar x : Cvar y : Dvar z : E}
**> Why are some of these reduction OK while others cause error.open SIGNATURE .red e(a(u), w) .red e(a(c(x)),a(u)) .red b(x) .red a(c(b(a(y)))) .red d(c(x),x) .
Equivalence Class
• Let r be an equivalence relation on B. Then [b]r , the equivalence class of b, is the subset of elements of B that are equivalent (under r) to b. The equivalence classes of an equivalence relation R partition the set A into disjoint nonempty subsets whose union is the entire set. CafeOBJ reduction can show [s s 0].
• red s s 0 == s 0 + s 0 .
Equivalence Class
mod! NATURAL {
[Natural]
op 0 : -> Natural
op _+_ : Natural Natural -> Natural
ops (s_) (p_) : Natural -> Natural
vars M N : Natural
eq s p N = N .
eq p s N = N .
eq N + 0 = N .
eq N + s M = s (N + M) .}
Peano In CafeOBJ & Python
mod! PEANO{ [Nat]op 0 : -> Natop _+_ : Nat Nat -> Natop p_ : Nat -> Natop s_ : Nat -> Nat
vars M N : Nateq s p N = N .eq p s N = N .
eq N + 0 = N .eq N + s M = s(N + M) .}
def add(a, b): if a == 0: return b return add(a-1, b+1)
Similarity: addition defined recursively. The base cases are quit similar.Differences: Syntax. Python version uses existing types and type inference. CafeOBJ defines addition it does not depend on pre-existing types and operations. Proofs are possible in CafeOBJ but not in Python.
Peano.py