Computing Fundamentals 1 Equations and Reduction in CafeOBJ

1
Computing Fundamentals 1 Equations and Reduction
in CafeOBJ

• Lecturer Patrick Browne

2
Why a specification language?

• High level programming languages (HLP), like
  Python or Java, can be considered formal
  specifications. They specify what the machine
  should do.
• However, HLP are not good at expressing our
  understanding of a domain. They are too low level
  and contain too much detail. Using HLP it is
  difficult to identify design errors, assumptions
  are not made explicit, they are implementation
  dependent. HLP focus on how system tasks are
  performed. They dont allow us to reason about
  the system or describe what the system does.
• Domains of interest include a theory of sets, a
  theory of integers, a theory of bank accounts, a
  theory of a hospital records, a theory of traffic
  flow.

3
Why a specification language?

• CafeOBJ allows us to reason about what a system
  does rather than about the detailed algorithms .
• CafeOBJ is based on rigorous mathematic
  (equational logic, a lattice of types, functions,
  equations, axioms, syntactic and semantic
  domains). This makes CafeOBJ useful for teaching
  mathematics.
• CafeOBJ is executable. Even though it allows us
  to focus the what a program should do (i.e.
  specification), CafeOBJ also allows to run
  specifications and produce results. Thus we can
  check our work (prototype) and get a result
  (compute). In sort we can
• Specify
• Prototype
• Reason and study proofs
• Compute

4
Why a specification language?

• CafeOBJ has conceptual semantics based on the
  logic of equations.
• CafeOBJ has operational semantics based based on
  term rewriting.
• These two interpretations are closely related.
  Usually we talk about syntactic 'terms' and
  semantic 'expressions'.
• A good specification should be written in such a
  way that it can be used to predict how the system
  will behave.

5
Computing lt Maths lt World

• The role of CafeOBJ on this course is to provide
  a functional and logic based language that can be
  used to represent the mathematical concepts such
  as logic, sets, and functions. Which in turn can
  be used to model real world systems. Programming
  language. We use it as a specification

6
Predefined Modules1
Module Type Operators Constants
BOOL Bool not and and-also xor or or-else implies iff true, false
NAT Nat NzNatZero gt gt lt lt quo rem divides s p 0 1 2 3 ...
INT Int Idem, mais - e -2 ...
FLOAT Float / - lt lt gt gt exp log sqrt abs sin atan etc. 1.2 ...pi
STRING String string stringgt stringlt stringgt stringltlength substring upcase downcase etc. a string"
...
7
CafeOBJ Equational Logic

• Equational calculus derives (proves) a term
  equation from a conditional-equational axiom set.
  The deduction rules in this calculus are
• Reflexivity Any term is provably equal to itself
  (t t).
• Transitivity If t1 is provably equal to t2 and
  t2 is provably equal to t3, then t1 is provably
  equal to t3.
• Symmetry If t1 is provably equal to t2, then t2
  is provably equal to t1.
• Congruence If t1 is provably equal to t2, then
  any two terms are provably equal which consist of
  some context built around t1 and t2. e.g.
  f(t1)f(t2).

8
Writing equations in CafeOBJ

• CafeOBJ statements are equations in which
  instances of the LHS pattern are replaced by
  corresponding instances of the RHS if the LHS
  matches the input expression. The matching
  process occurs "top-down, left-to-right. The
  first equation that matches is used.
• The definition of a function can be broken into
  several equations, giving us a multi-line
  definition e.g.
• eq fact(0) s(0) .
• eq fact(s(N)) s(N) fact(N) .
• Variables in CafeOBJ equations are universally
  quantified (?N) equations Variables

9
Variables in CafeOBJ

• Variables in CafeOBJ equations are universally
  quantified (?N) equations
• Terms with variables, are instantiated by
  substituting the variables with ground terms.
• Here is an example from Jose Meseguers CC373
  lecture notes.

10
Writing equations in CafeOBJ

• In CafeOBJ computation is reduction of a
  well-formed term (or expression) to a normal
  form. An expression in normal form cannot be
  reduced any further.
• An expression is a ground if it contains no
  variables.
• If a term is normal form and is ground we say it
  is in ground normal form.
• The ground normal form can be considered as a
  value.
• Reduction can be viewed as a sequence of term
  rewrites, that treat the equation 0 N N as a
  left to right rewrite rule 0 N -gt N. This
  replaces (0 N) with N. Reduction rewrites a
  term into a simpler form.

11
Writing equations in CafeOBJ

• In general when writing equations we should
  follow the following rules
• The RHS should not be a single variable.
• All variables in the RHS must appear in the LHS.
• The scope of a constant is the module it is
  declared in (or a proof score or interactive
  session).
• The scope of a variable is only inside of the
  equation. So, during evaluation a variable, say
  X, will have the same value in a given equation,
  but it may have different values in different
  equations in the same module.

12
Reducing an Expressionin CafeOBJ

• An equation LHSRHS is applicable to a given
  expression X, if we can substitute the variables
  occurring in some LHS with the values in
  expression X. This is also expressed as "LHS
  matches X. Then we can replace X by Y, where Y
  is the expression obtained from RHS by replacing
  the variables occurring in LHS by their
  corresponding values. Such a replacement step a
  is called a reduction. For instance, given the
  equation and a reduction
• eq sqr X XX . A definition
• red sqr 2 -- Reduction gives 22 4
• The expression sqr 2 matches the left-hand side
  sqr X, with 2 being substituted for the variable
  X.

13
Reduction

• Reduction is a sequence of rewrites.
• open BOOL .
• red true and (not(false) or (not true))
• The diagram shows 4 rewrites CafeOBJ actually
  does 6 rewrites.

gt1 rule eq (not ABool) (A xor true)
ABool -gt false lt1 (not false)Bool --gt
(false xor true)Bool gt2 rule eq (false xor
ABool) A ABool -gt true lt2 (false xor
true)Bool --gt (true)Bool gt3 rule eq (not
ABool) (A xor true) ABool -gt true lt3
(not true)Bool --gt (true xor true)Bool gt4
rule eq (ABool xor A) false ABool -gt true
lt4 (true xor true)Bool --gt (false)Bool gt5
rule eq (false or ABool) A ABool -gt true
lt5 (true or false)Bool --gt (true)Bool gt6
rule eq (true and ABool) A ABool -gt true
lt6 (true and true)Bool --gt (true)Bool
14
Reduction

• Reduction with variables in term and result.
  Result is normal form, not ground. Uses
  rightmost-innermost reduction.
• red TBool and ((not FBool) or (not T)) .
• CafeOBJ uses 14 rewrites
• We simplify to 4
• Rgt represents rewrite.

Term-1 (not F) Rgt (F xor true) Term-2 (not T)
Rgt (T xor true) Term-3 (T xor true) or (F xor
true) Rgt ((T and F) xor true) Term-4 T and ((T
xor true) or (F xor true)) Rgt ((F and T)xor T)
15
Reduction

• Reduction with variables in term and ground
  normal form result.
• open BOOL
• red (aBool or (not a)) .
• Gives true
• As an intermediate step (not a) Rgt (a xor
  true)

16
Trace of Reduction (a ? a)

• Because we have (a xor true) we can write
• red aBool or (a xor true) .
• 1gt1 rule eq (A or B) ((A and B) xor (A xor
  B)) A -gt (a xor true), B -gt a
• 1lt1 (a or (a xor true)) --gt (((a xor true) and
  a) xor ((a xor true) xor a))
• 1gt2 rule eq (A and (B xor C)) ((A and B) xor
  (A and C)) A -gt a, B -gt true, C -gt a
• 1lt2 ((a xor true) and a) --gt ((a and true) xor
  (a and a))
• 1gt3 rule eq (true and A) A A -gt a
• 1lt3 (a and true) --gt a
• 1gt4 rule eq (A and A) A A -gt a
• 1lt4 (a and a) --gt a
• 1gt5 rule eq (A xor A) false A -gt a
• 1lt5 (a xor a) --gt (false)
• 1gt6 rule eq (AC xor (A xor A)) (AC xor false)
  AC -gt true, A -gt a

17
Reduction(a ? a)

• 1gt7 rule eq (false xor A) A A -gt true
• 1lt7 (true xor false) --gt (true)
• 1gt8 rule eq (false xor A) A A -gt true
• 1lt8 (false xor true) --gt (true)
• (true)Bool
• Everywhere you see rule it means that the
  reduction found a matching equation in the BOOL
  module.
• The square brackets indicate the rule number in
  the this particular reduction 1..8
• The grater-than sign gt indicates starting a
  rewrite with the curled brackets showing a
  substitution.
• The variables in capitals are from the BOOL
  module.
• The less-than sign lt indicates ending a rewrite
  replacing the LHS with the RHS.
• Using the commutativity property, the system may
  changed the order of the arguments.
• The commutative rule is applied.

18
Automatic Theorem Proving
The CafeOBJ environment includes automatic
theorem proving (ATP) software. The ATP will try
to show that some statements (often called a
conjecture, goal, conclusion) is a logical
consequence of a set of statements (often called
hypothesis, assumptions or axioms). The ATP in
CafeOBJ is based on (Prover9). Most of the logic
problems on this course use the ATP. We set up
problems such as Portia, Superman, and Family
using a different1 logical notation than the
normal CafeOBJ equations.
19
Automatic Theorem Proving

• The basic steps in our examples are
• Declare some predicates (sister).
• Define the axioms using the logical notation1 (-gt
  , lt-gt, , , , ax)
• Write the conjecture to be proved (goal).
• If the ATP can prove a goal we can examine the
  proof. We may compare it to other proof methods
  such as ordinary reduction, truth table, or a
  manual proof.

20
Half-Adder

• eq halfAdder(x,y) pair(x xor y, x and y) .
• eq sum(pair(x,y)) x .
• eq carry(pair(x,y)) y .
• red halfAdder(true,true) .
• red sum(halfAdder(true,true)) .
• red carry(halfAdder(true,true)) .

21
Full-adder

• fullAdder(A,B,C-IN)
• pair(sum.., carry.. OR carry)
• http//www.doctronics.co.uk/4008.htm
• Will need nested functions e.g.
  sum(HA(sum(HA(A,B)),C-IN))

22
Checking Signatures
mod SIGNATURE A B C D E op a A -gt B op b B -gt C op c C -gt A gt When a function has 2 arguments they can be considered as the cross-product of two domains. op d A C -gt D op e B B -gt E var u A var w B var x C var y D var z E gt Why are some of these reduction OK while others cause error. open SIGNATURE . red e(a(u), w) . red e(a(c(x)),a(u)) . red b(x) . red a(c(b(a(y)))) . red d(c(x),x) .
23
Equivalence Class

• Let r be an equivalence relation on B. Then br
  , the equivalence class of b, is the subset of
  elements of B that are equivalent (under r) to b.
  The equivalence classes of an equivalence
  relation R partition the set A into disjoint
  nonempty subsets whose union is the entire set.
  CafeOBJ reduction can show s s 0.
• red s s 0 s 0 s 0 .

24
Equivalence Class
25

• mod! NATURAL
• Natural
• op 0 -gt Natural
• op __ Natural Natural -gt Natural
• ops (s_) (p_) Natural -gt Natural
• vars M N Natural
• eq s p N N .
• eq p s N N .
• eq N 0 N .
• eq N s M s (N M) .

26
Peano In CafeOBJ Python
mod! PEANO Nat op 0 -gt Nat op __ Nat Nat
-gt Nat op p_ Nat -gt Nat op s_ Nat -gt
Nat vars M N Nat eq s p N N . eq p s N N .
eq N 0 N . eq N s M s(N M) .
def add(a, b) if a 0 return b
return add(a-1, b1)
Similarity addition defined recursively. The
base cases are quit similar. Differences
Syntax. Python version uses existing types and
type inference. CafeOBJ defines addition it does
not depend on pre-existing types and operations.
Proofs are possible in CafeOBJ but not in Python.
27
Peano.py