Software Synthesis with ACL2 Eric Smith Kestrel Institute ACL2 Workshop 2015.
© 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve...
-
Upload
emily-foss -
Category
Documents
-
view
219 -
download
1
Transcript of © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve...
![Page 1: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/1.jpg)
© 2006 Rockwell Collins, Inc. All rights reserved.
Parameterized Congruences in ACL2
David GreveAugust, 2006
![Page 2: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/2.jpg)
2 Rockwell Collins, Inc.
Congruences (Unplumbed)
• Congruence-based Rewriting– Built-In to ACL2– Treats Certain Predicate Relations “just like equality”– Use Relations to Define Rewrite Rules
• What is the “Big Deal”?– Provides Strong Normalization
• (Near) Minimal Representations
– Scalable• Defined Locally• Used Globally
– Context Sensitive• Simple Rules• Rule-Chaining
![Page 3: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/3.jpg)
3 Rockwell Collins, Inc.
Normalizing list-Based Set Expressions
(defthm member-cons-duplicates (iff (member a (cons x (cons x y))) (member a (cons x y))))
(defthm member-cons-duplicates-2 (iff (member a (cons z (cons x (cons x y)))) (member a (cons z (cons x y)))))
• Removing Duplicate Updates ..
• But What About ..
![Page 4: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/4.jpg)
4 Rockwell Collins, Inc.
Normalizing list-Based Set Expressions (cont)
• Rewrite Rules Are not Sufficiently Powerful– Infinite number of rules
• Syntactic Simplification– :meta and bind-free– A Better Solution– Don’t Scale well
• Specific to a set of functions (Defined Globally)• Difficult to extend to user defined functions
• Congruence-based Rewriting– More powerful than rewrite rules– More scalable than syntactic techniques
![Page 5: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/5.jpg)
5 Rockwell Collins, Inc.
3 Steps to Using Congruence-based Rewriting
• Defining Rewriting Contexts– defequiv
• Proving Driver Rules– Using equivalence relations
• Establishing Congruences– defcong
![Page 6: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/6.jpg)
6 Rockwell Collins, Inc.
Rewriting Context
• Obviously (cons x (cons x y)) is not equal to (cons x y),
• But they are equivalent in “the second argument of member”
• So we can replace one with the other in that context
(defthm member-cons-duplicates (iff (member a (cons x (cons x y))) (member a (cons x y))))
(cons x (cons x y))(cons x y)
![Page 7: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/7.jpg)
7 Rockwell Collins, Inc.
Defining a Rewriting Context
• ACL2 Generalizes this notion– “the second argument of member”
• Uses Equivalence Relations– Formalize essential properties of “the second argument of member”
• Formally Introduced in ACL2 via defequiv– (defequiv set-equiv)– Associates equivalence relation with a rewriting context
(and (booleanp (set-equiv x y)) (set-equiv x x) (implies (set-equiv x y) (set-equiv y x)) (implies (and (set-equiv x y) (set-equiv y z)) (set-equiv x z)))
![Page 8: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/8.jpg)
8 Rockwell Collins, Inc.
Driver Rules
• Rewrite rules employing equivalence relations
– Does not rewrite set-equiv to true– Replaces (cons x (cons x y)) with (cons x y)– In a set-equiv rewriting context
• Driver Rules– Concise, Automatic, Unconstrained– Enhanced Normalization
(defthm set-equiv-cons-cons-driver (set-equiv (cons x (cons x y)) (cons x y)))
![Page 9: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/9.jpg)
9 Rockwell Collins, Inc.
Congruences
• Driver Rules– Only Applied in specific rewriting contexts
• Congruence Rules– Establish rewriting contexts– Indicate when it is sound to use specified equivalence relations
• Restricted– No hypotheses, Single function instance
(defthm set-equiv-implies-iff-in-2 (implies (set-equiv x y) (iff (member a x) (member a y))) :rule-classes (:congruence))
(defcong set-equiv iff (member a x) 2)(defcong set-equiv set-equiv (cons a x) 2)
![Page 10: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/10.jpg)
10 Rockwell Collins, Inc.
Congruence-based Rewriting: Synopsys
• Rewriting contexts– Characterized by equivalence
relations
• Driver Rules– Apply context-sensitive
simplifications
• Congruence Rules– Chain from one context to
another
• Congruence-based Rewriting– More powerful than rewrite
rules– More scalable than syntactic
techniques
(defequiv set-equiv)
(defthm set-equiv-cons-cons-driver (set-equiv (cons x (cons x y)) (cons x y)))
(defcong set-equiv iff (member a x) 2)
(defcong set-equiv set-equiv (cons a x) 2)
![Page 11: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/11.jpg)
11 Rockwell Collins, Inc.
• Removing Nested mod ..
• But What About ..
Normalizing modular Arithmetic Expressions
(defthm mod-+-mod-1 (equal (mod (+ (mod x N) y) N) (mod (+ x y) N)))
(defthm mod-+-mod-nest (equal (mod (+ x (mod y N) z) N) (mod (+ x y z) N)))
![Page 12: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/12.jpg)
12 Rockwell Collins, Inc.
Normalizing Modular Arithmetic Expressions (cont)
• Rewrite Rules Are not Sufficiently Powerful– Infinite number of rules
• Syntactic Simplification (arithmetic-3)– :meta and bind-free– A Better Solution– Don’t Scale well
• Specific to a set of functions (Defined Globally)• Difficult to extend to user defined functions
• Congruence-based Rewriting (?)– More powerful than rewrite rules– More scalable than syntactic techniques
![Page 13: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/13.jpg)
13 Rockwell Collins, Inc.
3 Steps to Using Congruence-based Rewriting
• Defining Rewriting Contexts– defequiv
• Proving Driver Rules– Using equivalence relations
• Establishing Congruences– defcong
![Page 14: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/14.jpg)
14 Rockwell Collins, Inc.
• Our equivalence relations is parameterized by N:
• ALC2 doesn’t support parameterized equivalances (!)– Genequiv defines currently active rewriting context
• Argument to rewriter• Identifies “active” equivalence relations• Driver rules can fire if their equivalence relation is in genequiv• Congruence rules program genequiv
– Could be extended• Equivalence relation + parameter terms• Substantial change to ACL2
Defining the Rewriting Context
(defun mod-equiv (x y N) (equal (mod x N) (mod y N)))
![Page 15: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/15.jpg)
15 Rockwell Collins, Inc.
Parameterized Congruences with nary
• The nary Library– Developed to Address this Shortcoming– Emulates Parameterized Congruences– Provides Convenient Macros
• Three Steps to using nary– Defining Parameterized Rewriting Contexts
• defcontext
– Proving Parameterized Driver Rules• Using context functions
– Establishing Parameterized Congruences• defcong+
![Page 16: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/16.jpg)
16 Rockwell Collins, Inc.
• Parameterized Rewriting Context– Implemented using Parameterized Context (Fixing) Functions– “mod” is one such function
• Context Functions Serve two primary purposes– Method for imposing context on a term
• To simplify x in a “mod N” context, we simplify (mod x N)
– Act as Triggers for Driver rules• Any rule matching (mod x N) is a “mod N” driver rule
• Parameterized Equivalence Reduction Assumption– Context Function
• Captures Interaction between equated terms and parameters
– Equivalence Relation• Captures Interaction between “fixed” values
Parameterized Rewriting Context
(equal (nary-equiv x y a1 a2 a3) (equiv (nary-ctx x a1 a2 a3) (nary-ctx y a1 a2 a3)))
![Page 17: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/17.jpg)
17 Rockwell Collins, Inc.
Parameterized Driver Rules
• Rewrite rules employing parameterized context function
(defthm mod-N-N (implies (and (integerp N) (not (equal N 0))) (equal (mod N N) 0))
![Page 18: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/18.jpg)
18 Rockwell Collins, Inc.
Parameterized Congruences
• Parameterized Congruence Rules– Cause terms to be reduced in Parameterized Rewriting Contexts– Heart of nary Library– Binding Hypotheses– Bind-Free
(defthm nary-cong-rule (implies (equal x (mod a N)) (equal (mod (+ a b) N) (mod (+ x b) N)))
(defthm set-equiv-implies-iff-in-2 (implies (set-equiv x y) (iff (member a x) (member a y))) :rule-classes (:congruence))
![Page 19: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/19.jpg)
19 Rockwell Collins, Inc.
nary Parameterized Congruence Rules
(defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N))))
GuardHypotheses
![Page 20: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/20.jpg)
20 Rockwell Collins, Inc.
nary Parameterized Congruence Rules
(defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N))))
BindingHypotheses
![Page 21: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/21.jpg)
21 Rockwell Collins, Inc.
nary Parameterized Congruence Rules
(defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N))))
Produced byDefcontext Macro. Searching for terms like (mod x N)
(defcontext (mod x N) 1)
(defun mod_unfix (wrap N wrap? X) (if (and (consp wrap) (equal (car wrap) ‘mod) (equal (caddr wrap) N)) (list (cons wrap? ‘(quote t)) (cons x (cadr wrap))) (list (cons wrap? ‘(quote nil)) (cons x wrap)))
![Page 22: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/22.jpg)
22 Rockwell Collins, Inc.
nary Parameterized Congruence Rules
(defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N))))
wrap? Tells us if wrap was of the form (mod Q N). If it was, x is bound to Q and wrap? Is bound to true. Otherwise, x is bound to the value of wrap and wrap? Is false.
![Page 23: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/23.jpg)
23 Rockwell Collins, Inc.
nary Parameterized Congruence Rules
(defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N))))
Logical test to ensure correctnessof syntactic transformation.
![Page 24: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/24.jpg)
24 Rockwell Collins, Inc.
nary Parameterized Congruence Rules
(defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N))))
Make sure we have actually simplifiedsomething.
![Page 25: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/25.jpg)
25 Rockwell Collins, Inc.
nary Parameterized Congruence Rules
(defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N))))
Check the type of the result.
![Page 26: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/26.jpg)
26 Rockwell Collins, Inc.
nary Parameterized Congruence Rules
(defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N))))
Replace “a” with the value obtained by simplifying “a” in a “mod N” context.
![Page 27: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/27.jpg)
27 Rockwell Collins, Inc.
Congruence-based Rewriting: Synopsys
• Parameterized Rewriting contexts– Characterized by context
functions
• Parameterized Driver Rules– Trigger on context functions
• Parameterized Congruence Rules– Simplify terms in selected
context.
• Parameterized Congruence-based Rewriting– Extends Standard Congruence-
baed Rewriting to parameterized equivalences.
(defcontext (mod x N) 1)
(defthm mod-N-N (equal (mod (mod x N) N) (mod x N)))
(defcong+ mod-+-cong (mod (+ a b) N) :hyps (and (rationalp-guard a b N) (not (equal N 0))) :cong ((a (equal x (mod a N))) (b (equal y (mod b N)))) :check (rationalp-guard x y))
![Page 28: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/28.jpg)
28 Rockwell Collins, Inc.
Example Application(defcontext (mod x N) 1)
(defthm mod-N-N (equal (mod (mod x N) N) (mod x N)))
(defcong+ mod-+-cong (mod (+ a b) N) :hyps (and (rationalp-guard a b N) (not (equal N 0))) :cong ((a (equal x (mod a N))) (b (equal y (mod b N)))) :check (rationalp-guard x y))
(defthm foo1-prop (equal (mod (foo1 x n) n) (mod x n)))
(defcong+ foo2-cong (mod (foo2 x) n) :cong ((x (equal a (mod x n)))))
(defthm mod-+-normalization (implies (and (rationalp-guard a b c d e N) (not (equal n 0))) (equal (mod (+ a (mod b n) (foo1 c n) (foo2 (+ (mod d n) (mod e n)))) n) (mod (+ a b c (foo2 (+ d e))) n))))
![Page 29: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/29.jpg)
29 Rockwell Collins, Inc.
Definition/Use Analysis
(defun copy-nth* (list st1 st2) (if (null list) st2 (update-nth (car list) (nth (car list) st1) (copy-nth* (cdr list) st1 st2)))
(defun use (list st) (copy-nth* list st nil))
(defthm use-over-update-nth (implies (not (member (nfix b) list)) (equal (use list (update-nth b v st)) (use list st))))
(defcontext (use list st) 2)
(defcong+ use-update-nth-cong (use list (update-nth a v x)) :cong ((x (equal z (use list x)))))
(defcong+ nth-foo-use (nth a (foo st)) :cong ((st (equal z (use (foo-use) st)))) :hyps (member (nfix a) (foo-def)))
(defthm du-properties (and (member 0 (foo-def)) (not (member 3 (foo-use)))))
(defthm test-nth-foo (equal (nth 0 (foo (update-nth a w (update-nth 3 v st)))) (nth 0 (foo (update-nth a w st)))))
![Page 30: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/30.jpg)
30 Rockwell Collins, Inc.
Conclusion
• Congruence-based Rewriting– Built In to ACL2– More powerful than rewrite rules– More scalable than syntactic techniques– Unplumbed
• Parameterized Congruence-based Rewriting – Enabled (Emulated) via nary Library– Applicable to variety of Domains
• Modular Arithmetic• Definition/Use Analysis
![Page 31: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/31.jpg)
31 Rockwell Collins, Inc.
A Challenge Problem
• For every function satisfying the properties of an equivalance relation:
• There exists a fixing function such that:
(defthm equiv-reduction (equal (equiv x y) (equal (fix x) (fix y))))
(and (booleanp (equiv x y)) (equiv x x) (implies (equiv x y) (equiv y x)) (implies (and (equiv x y) (equiv y z)) (equiv x z)))
![Page 32: © 2006 Rockwell Collins, Inc. All rights reserved. Parameterized Congruences in ACL2 David Greve August, 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062519/56649cb55503460f94978ea6/html5/thumbnails/32.jpg)
32 Rockwell Collins, Inc.
Generalized (Parameterized) Congruences
(defthm generalized-cong-rule (implies (< x a) (equal (foo x) (foo a))))