Download PDF

Intro to Formal Methods
CS 5860 Fall 2014
Lecture 16
Weds. Oct. 29, 2014
Lecture 16
Topics
• More on integer square root, using whole induction.
• A look at real square roots.
Defining constructive
real numbers.
√
Noting that 2 is not a rational number, it is a real algebraic number. Proof of not
rational uses LNP.
• Discussion of topics for projects.
Formalizing an interesting theorem in mathematics.
Programming data structures with proofs.
–Lists, bags, binary search trees, real analysis, e.g. mean value theorem
Nuprl as a functional programming language.
Coq as a functional programming language.
Programming with functional distributed processes.
Integer Square Root
1. By iteration:
while (r + i)2 ≤ n
do {(r + 1)2 ≤ n} r := r + 1 {r2 ≤ n}
od r2 ≤ n & n < (r + 1)2
wh(x, r) = if (r + 1)2 ≤ x then wh(x, r + 1) else r
wh(x, 0) is the start
Can we render this as a while-induction principle? It is called a tail recursive function
since it does not build nested recursive calls, e.g. a stack.
1
2. By induction:
` ∀n : N. ∃r : N.{r2 ≤ n < (r + 1)2 }
n : N ` ∃r : N.{r2 ≤ n < (r + 1)2 } by ind(n;
)
` ∃r : N.{r2 ≤ 0 < (r + 1)2 } by r = 0
i : N, h : r2 ≤ i − 1 < (r + 1)2 ` ∃r : N.{
} by decide (r + 1)2 ≤ i
y : (r + 1)2 ≤ i ` ∃r : N{(r + 1)2 ≤ i < ((r + 1) + 1)2 } by (r + 1)
(yes)
(can increase)
no : i < (r + 1)2 ` ∃r : N.{r2 ≤ i < (r + 1)2 since r2 ≤ i − 1 < i < (r + 1)2 } by r
(no, stop-got what we needed)
Approaches to the real numbers
Differential and Integral Calculus, R. Courant 1934 (Used into the 1960’s!).
We take 1,2,3.. as given, along with calculation on them. Also the rational numbers “because
the rational operations of calculus apply: +, −, ∗, ÷.” We relate reals to points on the line.
But there are “holes” as the Greeks knew
a
c
b
√
has an irrational hypotenuse. c2 = a2 + b2 , i.e. c2 = 2, c = 2. Thus, must add irrational
numbers. The reals are the totality of all finite and infinite decimal numbers. Def. page 8
in Courant.
On functions, y = f (x) if f is any law of correspondence whatsoever. Sequences a0 , a1 , a2 , ...
are determined by any law whatsoever.
Do these formal decimal numbers “fill up the line”? What does that mean? (Bishop made
mathematics out of what Courant called philosophy).
Courant p.10: “We can calculate in the usual way with real numbers, and hence with decimals. It is possible to prove this using only the properties of the integers as a starting point.
But this is no light task; and rather than let it bar our progress at this early stage, we regard
the fact that the ordinary rules of calculation apply to the real numbers as an axiom, on
which we shall base the whole differential and integral calculus.”
2
H.L Royden Real Analysis 1963
1. Axioms for the real numbers p.21
A. The Field Axioms
A1. x + y = y + x
A2. (x + y) + z = x + (y + z)
A3. x + 0 = x for all x ∈ R
A4. ∀x : R ∃w : R.(x + w = 0)
A5. xy = yx
A6. (xy)z = x(yz)
A7. 1 6= 0 & x ∗ 1 = x for all x ∈ R
A8. ∀x : R.x 6= 0 ⇒ ∃w : R.xw = 1
A9. x(y + z) = xy + xz
B. Axioms of Order. The subset of positive reals, R+ satisfies:
B1. ∀x, y : R+ .x + y ∈ R+
B2. ∀x, y : R+ .x ∗ y ∈ R+
B3. ∀x : R+ (−x) ∈
/ R+
B4. ∀x : R.(x = 0 ∨ x ∈ R+ ∨ (−x) ∈ R+ )
We get an ordered field
C. Completeness Axiom
∀s : Set(R).∃b : R.∀x : S.(x < b ⇒ ∃lb : R. lb least among all bounds).
Note: C ⇒ Archimedes Principle. ∀x : R.∃n : N.(x < n).
Constructive Analysis à la Bishop
√
So what is 2? What are the rules of computation in “Courant’s Axioms”.
Bishop’s 1967 definition:
Def 1. A sequence of rational numbers {xn } is regular iff |xm − xn | ≤ m−1 + n−1
A real number (generated) is a regular sequence of rationals. (Same definition as
Markov, 1963).
Two reals {xn }{yn } are equal iff
|xn − yn | ≤ 2n−1
(yn + yn )
Proposition 1. Equality of real numbers is an equivalence relation. Transitivity
requires work.
3
Exercise for PS5: Prove reflexivity and symmetry.
Definition: The canonical bound of {xn }, kx , is the least integer greater than x1 + 2.
The Algebra of R
Definition 2. Let x = {xn }, y = {yn } be reals with kx , ky the respective canonical
bounds, let k = max{kx , ky }. Let α be any rational number. Define +, −, ∗, max as
follows:
a. x + y = {x2n + y2n }
b. x ∗ y = {x2kn ∗ y2kn }
c. max(x, y) = {max{xn , yn }}
d. −x = {−x}
e. α∗ = {α, α, α....}
Proposition 2. The sequences x + y, x ∗ y, max{x, y}, −x, α∗ are real numbers.
Corollary. λ(x, y.x + y), λ(x, y.x ∗ y), λ(x, y.max{x, y}) are functions R × R → R.
λ(z.z ∗ ) is a function Q → R. λ(x.|x|) is a function R → R.
Define min{x, y} = −max{−x, −y}
Proposition 3. Algebraic properties
a. +, ∗ are commutative
b. +, ∗ are associative
c. x(y + z) = xy + xz distributive law
d. x − x = 0
e. |xy| = |x| ∗ |y|
4