Isabelle/HOL Exercises

Isabelle/HOL Exercises

Isabelle/HOL Exercises Gertrud Bauer, Gerwin Klein, Tobias Nipkow, Michael Wahler, Markus Wenzel September 3, 2002 This document presents a collection of exercises for getting acquainted with the proof assistant Isabelle/HOL [1]. The exercises come out of an annual Isabelle/HOL course taught at the Technical University of Munich. They are arranged in chronological order, and in each year in ascending order of difficulty. Contents 1 2000 2 1.1 Lists ....................................... 2 1.2 Arithmetic .................................... 2 1.3 The towers of Hanoi .............................. 3 2 2001 4 2.1 Lists ....................................... 4 2.2 Trees ....................................... 4 2.3 Tries ....................................... 5 2.4 Interval lists ................................... 7 3 2002 10 3.1 Lists ....................................... 10 3.2 Sorting ..................................... 10 3.3 Compilation ................................... 12 3.4 Merge sort .................................... 13 3.5 The towers of Hanoi .............................. 13 1 1 2000 1.1 Lists Define a primitive recursive function snoc that appends an element at the right end of a list. Do not use @ itself. consts snoc :: "'a list => 'a => 'a list" Prove the following theorem: theorem rev_cons: "rev (x # xs) = snoc (rev xs) x" Hint: you need to prove a suitable lemma first. 1.2 Arithmetic Power Define a primitive recursive function pow x n that computes xn on natural numbers. consts pow :: "nat => nat => nat" m n m n Prove the well known equation x · = (x ) : theorem pow_mult: "pow x (m * n) = pow (pow x m) n" Hint: prove a suitable lemma first. If you need to appeal to associativity and commutativity of multiplication: the corresponding simplification rules are named mult_ac. Summation Define a (primitive recursive) function sum ns that sums a list of natural numbers: sum[n1; : : : ; nk] = n1 + + nk. ··· consts sum :: "nat list => nat" Show that sum is compatible with rev. You may need a lemma. theorem sum_rev: "sum (rev ns) = sum ns" Define a function Sum f k that sums f from 0 up to k 1: Sum f k = f 0+ +f(k 1). − ··· − consts Sum :: "(nat => nat) => nat => nat" Show the following equations for the pointwise summation of functions. Determine first what the expression whatever should be. 2 theorem "Sum (%i. f i + g i) k = Sum f k + Sum g k" theorem "Sum f (k + l) = Sum f k + Sum whatever l" What is the relationship between sum and Sum? Prove the following equation, suitably instantiated. theorem "Sum f k = sum whatever" Hint: familiarize yourself with the predefined functions map and [i..j(] on lists in theory List. 1.3 The towers of Hanoi We are given 3 pegs A, B and C, and n disks with a hole, such that no two disks have the same diameter. Initially all n disks rest on peg A, ordered according to their size, with the largest one at the bottom. The aim is to transfer all n disks from A to C by a sequence of single-disk moves such that we never place a larger disk on top of a smaller one. Peg B may be used for intermediate storage. The pegs and moves can be modelled as follows: datatype peg = A | B | C types move = "peg * peg" Define a primitive recursive function consts moves :: "nat => peg => peg => peg => move list" such that moves n a b c returns a list of (legal) moves that transfer n disks from peg a via b to c. Show that this requires 2n 1 moves: − theorem "length (moves n a b c) = 2^n - 1" Hint: You need to strengthen the theorem for the induction to go through. Beware: subtraction on natural numbers behaves oddly: n m = 0 if n m. − ≤ 3 2 2001 2.1 Lists Define a function replace, such that replace x y zs yields zs with every occurrence of x replaced by y. consts replace :: "'a 'a 'a list 'a list" ) ) ) Prove or disprove (by counter example) the following theorems. You may have to prove some lemmas first. theorem "rev(replace x y zs) = replace x y (rev zs)" theorem "replace x y (replace u v zs) = replace u v (replace x y zs)" theorem "replace y z (replace x y zs) = replace x z zs" Define two functions for removing elements from a list: del1 x xs deletes the first occur- rence (from the left) of x in xs, delall x xs all of them. consts del1 :: "'a 'a list 'a list" ) ) delall :: "'a 'a list 'a list" ) ) Prove or disprove (by counter example) the following theorems. theorem "del1 x (delall x xs) = delall x xs" theorem "delall x (delall x xs) = delall x xs" theorem "delall x (del1 x xs) = delall x xs" theorem "del1 x (del1 y zs) = del1 y (del1 x zs)" theorem "delall x (del1 y zs) = del1 y (delall x zs)" theorem "delall x (delall y zs) = delall y (delall x zs)" theorem "del1 y (replace x y xs) = del1 x xs" theorem "delall y (replace x y xs) = delall x xs" theorem "replace x y (delall x zs) = delall x zs" theorem "replace x y (delall z zs) = delall z (replace x y zs)" theorem "rev(del1 x xs) = del1 x (rev xs)" theorem "rev(delall x xs) = delall x (rev xs)" 2.2 Trees In the sequel we work with skeletons of binary trees where neither the leaves (\tip") nor the nodes contain any information: datatype tree = Tp | Nd tree tree Define a function tips that counts the tips of a tree, and a function height that computes the height of a tree. Complete binary trees of a given height are generated as follows: consts cbt :: "nat tree" ) primrec 4 "cbt 0 = Tp" "cbt(Suc n) = Nd (cbt n) (cbt n)" We will now focus on these complete binary trees. Instead of generating complete binary trees, we can also test if a binary tree is complete. Define a function iscbt f (where f is a function on trees) that checks for completeness: Tp is complete and Nd l r ist complete iff l and r are complete and f l = f r. We now have 3 functions on trees, namely tips, height und size. The latter is defined automatically | look it up in the tutorial. Thus we also have 3 kinds of completeness: complete wrt. tips, complete wrt. height and complete wrt. size. Show that the 3 notions are the same (e.g. iscbt tips t = iscbt size t), and • the 3 notions describe exactly the trees generated by cbt: the result of cbt is complete • (in the sense of iscbt, wrt. any function on trees), and if a tree is complete in the sense of iscbt, it is the result of cbt (applied to a suitable number | which one?) Find a function f such that iscbt f is different from iscbt size. Hints: Work out and prove suitable relationships between tips, height und size. • If you need lemmas dealing only with the basic arithmetic operations (+, *, ^ etc), • you can \prove" them with the command sorry, if neither arith nor you can find a proof. Not apply sorry, just sorry. You do not need to show that every notion is equal to every other notion. It suffices • to show that A = C und B = C | A = B is a trivial consequence. However, the difficulty of the proof will depend on which of the equivalences you prove. There is and . • ^ −! 2.3 Tries Section 3.4.4 of [1] is a case study about so-called tries, a data structure for fast indexing with strings. Read that section. The data type of tries over the alphabet type 'a und the value type 'v is defined as follows: datatype ('a, 'v) trie = Trie "'v option" "('a * ('a,'v) trie) list" A trie consists of an optional value and an association list that maps letters of the alphabet to subtrees. Type 'a option is defined in section 2.5.3 of [1]. There are also two selector functions value and alist: 5 consts value :: "('a, 'v) trie 'v option" ) primrec "value (Trie ov al) = ov" consts alist :: "('a, 'v) trie ('a * ('a,'v) trie) list" ) primrec "alist (Trie ov al) = al" Furthermore there is a function lookup on tries defined with the help of the generic search function assoc on association lists: consts assoc :: "('key * 'val)list 'key 'val option" ) ) primrec "assoc [] x = None" "assoc (p#ps) x = (let (a, b) = p in if a = x then Some b else assoc ps x)" consts lookup :: "('a, 'v) trie 'a list 'v option" ) ) primrec "lookup t [] = value t" "lookup t (a#as) = (case assoc (alist t) a of None None ) | Some at lookup at as)" ) Finally, update updates the value associated with some string with a new value, overwriting the old one: consts update :: "('a, 'v) trie 'a list 'v ('a, 'v) trie" ) ) ) primrec "update t [] v = Trie (Some v) (alist t)" "update t (a#as) v = (let tt = (case assoc (alist t) a of None Trie None [] ) | Some at at) ) in Trie (value t) ((a, update tt as v) # alist t))" The following theorem tells us that update behaves as expected: theorem " t v bs. lookup (update t as v) bs = 8 (if as = bs then Some v else lookup t bs)" As a warming up exercise, define a function consts modify :: "('a, 'v) trie 'a list 'v option ('a, 'v) trie" ) ) ) for inserting as well as deleting elements from a trie. Show that modify satisfies a suitably modified version of the correctness theorem for update. Die above definition of update has the disadvantage that it often creates junk: each as- sociation list it passes through is extended at the left end with a new (letter,value) pair without removing any old association of that letter which may already be present.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    14 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us