Ari TH Lists

Logic and Computation:
From Arithmetic to Programs

J. Buss
with formatting assistance from D. Maftuleac
Arithmetic, Lists, and Programs
247/468
Contents
Arithmetic
Lists
Programs
248/468
Axioms
Thus far, we have used symbols for functions, relations, etc., without
a fixed meaning. An interpretation can specify them arbitrarily.
Often, however, we want to use one or more symbols in a specific
way. The usual approach to this is to use axioms.
Definition: An axiom is a formula that is assumed as a
premise in any proof. An axiom schema is a set of axioms,
defined by a pattern or rule.
Axioms often behave like additional inference rules.
249/468
Example: Axioms for equality

Recall the axioms of equality:
EQ1: ( = ) is an axiom.

EQ2: 1 2 1 = 2 [1 / z] [2 / z] is an axiom,
for any choice of formula and variable z.
We shall keep these, and add new ones.
Notation: in place of writing

k. ( = )
k+1. t = t
Axiom EQ1
we shall simply write

k. t = t
EQ1 + e
e[t]: k
and similarly for other axioms.
250/468
Natural Numbers
Fix the domain as N, the natural numbers. Interpret the constant
symbol 0 as zero and the unary function symbol s as successor.
Thus each number in N has a term: 0, s(0), s(s(0)), s(s(s(0))), . . . .
Zero and successor satisfy the following axioms.
PA1: s() 6= 0.
Zero is not a successor.

PA2: y s() = s(y) = y .
Nothing has two predecessors.
(PA stands for Peano Axioms, named for Giuseppe Peano.)
Arithmetic
251/468
Addition and Multiplication
Further axioms characterize + (addition) and (multiplication).

PA3: ( + 0 = ).
Adding zero to any number yields the same number.

PA4: y + s(y) = s( + y) .
Adding a successor yields the successor of adding the number.
PA5: ( 0 = 0) .
Multiplying by zero yields zero.
PA6: y( s(y) = y + ).
Multiplication by a successor.
Arithmetic
252/468
Induction in Peano Arithmetic

The six axioms above define + and for any particular numbers.
They do not, however, allow us to reason adequately about all
numbers.
For that, we use an additional axiom: induction.
PA7: For each formula and variable ,

[0/ ] [s()/ ]
is an axiom.
The formula represents the property to be proved.
To prove for every , we can prove the base case [0/ ]
and the inductive case ( [s()/ ]).
Arithmetic
253/468
Properties from the Peano Axioms

These axioms imply all of the familiar properties of the natural
numbers.
For example, addition is commutative.
Theorem: Addition in Peano Arithmetic is commutative; that is,

`PA y( + y = y + ) .
(Notation `PA means provable [in ND] using the EQ and PA axioms.)
How can we find such a proof?

We must use induction (PA7). The key first step: choose a good
formula for the induction property.
Arithmetic
254/468
Setting Up the Induction

Recall Axiom PA7: [0/ ] [s()/ ]
Choosing to be y( + y = y + ) yields the instance

y(0 + y = y + 0)

y( + y = y + ) y(s() + y = y + s())
y( + y = y + )
Thus we must prove the base case
and the inductive case
y(0 + y = y + 0)

y( + y = y + ) y(s() + y = y + s()) .
Arithmetic
255/468
The Base Case for Commutativity

To prove: y(0 + y = y + 0).
How?
Arithmetic
256/468
The Base Case for Commutativity

To prove: y(0 + y = y + 0).
How?
We must use induction, in order to prove the base case.
To control the complication, lets make it a lemma:
Lemma
Peano Arithmetic has a proof of y(0 + y = y + 0).
Plan, to prove lemma: induction (PA7) with 0 + y = y + 0 for .
Target 0 + 0 = 0 + 0: from EQ1.
Arithmetic
256/468
Lemma, continued

Target y (0 + y = y + 0) (0 + s(y) = s(y) + 0) :
On the assumption 0 + y 0 = y 0 + 0, we get

0 + s(y 0 ) = s(0 + y 0 )
PA4
assumption + EQsubs(s())
PA3 .
= s(y + 0)
= s(y ) + 0
Then i and generalization (i) yield the target.

Using PA7 and e (twice) completes the proof of the lemma.
The full proof of the base case appears next.
Arithmetic
257/468
Commutativity of Addition: The base case

1.
0+0=0+0
EQ1 + e
2.
y fresh
3.
0+y=y+0
Assumption
4.
0 + s(y) = s(0 + y)
PA4 + e
5.
s(0 + y) = s(y + 0)
EQsubs(s()): 3
6.
y+0=y
PA3 + e
7.
s(y + 0) = s(y)
EQsubs(s()): 6
8.
s(y) + 0 = s(y)
PA3 + e
9.
0 + s(y) = s(y) + 0
EQtrans(3): 4, 5, 7, 8
10.
0 + y = y + 0 0 + s(y) = s(y) + 0 i: 39
11.
y 0 + y = y + 0

0 + s(y) = s(y) + 0
i: 10
12.
y(0 + y = y + 0)
PA7 + e + e (2):
1, 11
Arithmetic
258/468
Inductive Case for Commutativity

Lemma. For each free variable ,
y( + y = y + ) `PA y(s() + y = y + s()) .
Plan of proof: induction on variable y for formula s() + y = y + s().
Target s() + 0 = 0 + s(): as before.

Target z (s() + z = z + s()) (s() + s(z) = s(z) + s()) :
Assuming s() + z 0 = z 0 + s() yields

s() + s(z 0 ) = s(s() + z 0 )
0
= s(z + s())
0
= s(s(z + ))
Arithmetic
PA4
assumption + EQsubs(s())
PA4 + EQsubs(s()) .
259/468
Inductive Case, continued

The premise of the lemma implies + s(z 0 ) = s(z 0 ) + ; thus
s(z 0 ) + s() = s(s(z 0 ) + )
PA4
premise + EQsubs(s())
PA4 + EQsubs(s()) .
= s( + s(z ))
= s(s( + z ))
Since + z 0 = z 0 + by the premise, EQsubs(s(s())) yields

s() + s(z 0 ) = s(z 0 ) + s() ,
as required.
Using PA7 and e (twice) completes the proof of the lemma.
(Note that we used e on the premise twice, with different terms.)
Arithmetic
260/468
1.
y + y = y +
Premise
2.
s() + 0 = 0 + s()
Lemma, p. 256, + e
3.
+ z = z + , z fresh
e: 1
4.
s() + z = z + s()
Assumption
5.
+ s(z) = s(z) +
e: 1
6.
10.
(Uses of PA4 omitted)

(Uses of EQsubs on 37 omitted)
15.
s() + s(z) = s(z) + s()
EQtrans(6): 814
16.
s() + z = z + s()
s() + s(z) = s(z) + s()
z (s() + z = z + s())

(s() + s(z) = s(z) + s())
i: 415
y s() + y = y + s()
PA7 + e + e (2): 2, 17
17.
18.
Arithmetic
i: 16
261/468
Putting It All Together

1.
2.
0+0 = 0
PA3 + e
Lemma, p. 256
14.
y 0 + y = y + 0
PA7 + e (2): 1, 12
15.
y + y = y +
Assumption
16.
33.
34.
Lemma, p. 259
y + y = y +
y s() + y = y + s()
y + y = y +
i: 1532
PA7 + e + e (2): 14, 33
The other familiar properties of addition and multiplication have

similar proofs. One can continue: divisibility, primeness, etc.
Arithmetic
262/468
Definability
Let formula have free variables 1 ,. . . ,k .
Given an interpretation I, a formula defines the k-ary relation of
tuples that make true that is, the relation
R = a1 , . . . , ak dom()k | (I ,[1 7a1 ][k 7ak ]) = T .
A relation R is definable (in I) iff R = R for some formula .

Example: in Peano Arithmetic, the relation is defined by the
formula
z(1 + z = 2 ) .
Arithmetic
263/468
Properties of Defined Relations
The PA axioms allow one to show that the defined relation has the
usual properties.
y and y z imply z (transitivity).
If y and y then = y.
We can also define further relations using ; e.g.,

<y
iff
( y) 6= y .
Arithmetic
264/468
Transitivity of Less-or-Equal
To show: y, y z ` z.
1.
+ = y
Premise
2.
y + = z
Premise
3.
+ = y, fresh
Assumption
4.
y + = z, fresh
Assumption
5.
+ ( + ) = ( + ) +
Associativity of +
6.
( + ) + = y +
EQsubs( + ): 3
7.
+ ( + ) = z
EQtrans(2): 5, 6, 4
8.
+ = z
i: 7
9.
+ = z
e: 2, 48
10.
+ = z
e: 1, 39
Arithmetic
265/468
Defining Functions
To define a k-ary function, use its (k + 1)-ary relation.
Example: Let Rsq (square-of) be defined by 1 1 = 2 .
Then we can get the effect of having the squaring function:
if contains a free variable , but is fresh, then the
formula
(Rsq (t, ) [/ ])
expresses the square of t satisfies .
We must, however, ensure that Rsq really does define a function;
that is, every number has exactly one square:

(y Rsq (, y)) y z (Rsq (, y) Rsq (, z)) y = z .
We leave this proof as an exercise.
Arithmetic
266/468
Lists
Lists
267/468
Lists
Lists are a basic structure in computer science. We shall

Give axioms for lists, similar to the PA axioms.
Use lists to describe Scheme programs.
Vocabulary for lists:

a constant symbol e, for the empty list, and
a binary function symbol cons.
The term cons(, b) will denote the list with as its first element
and b as the remainder of the list.
Lists
268/468
Lists and Natural Numbers

We define lists by an analogy to the natural numbers.
Recall that the natural numbers start with the constant 0 N and
use the successor function s to generate any natural number.
0, s(0), s(s(0)), s(s(s(0))), s(s(s(s(0)))), . . . .
Similarly, lists start with the empty list e, and the cons function
generates new lists out of previous ones.
e, cons(e, e), cons(e, cons(e, e)), cons(e, cons(e, cons(e, e))), . . . .
We also get other objects, when the first argument to cons is not e.
Lists
Basic lists
269/468
Whats a List?
A domain of lists must contain the empty list e.
It must also contain cons(e, e), and so on:
cons(e, cons(e, e)),
cons(e, cons(e, cons(e, e))), . . .
We shall regard the above objects as lists whose elements are all e.
In general, if we want a list containing 1 , 2 , . . . , k we use the
object formed as
cons(1 , cons(2 , cons(. . . cons(k , e) . . .))) .
The values can be anything in the domain.
For now, the values on a list will themselves be lists.
Lists
Basic lists
270/468
Examples
For example, the list containing the three objects cons(e, e), e and
cons(cons(e, e), e), in that order, is

cons cons(e, e), cons e, cons(cons(cons(e, e), e), e)
.
A short-hand notation: angle brackets.

denotes the empty list e.
For any term , denotes the list whose single item is , i.e.,
the object cons(, e) (which is also cons(, )).

Suppose that is an expression such that denotes a
non-empty list. For a term , , denotes the list whose first
item is and whose remaining items are the items on the
list . That is, , denotes the list cons(, ).

Note: , is NOT the same as , !
Lists
Basic lists
271/468
Examplecises
1. What is the angle bracket form of the list

cons(cons(e, e), cons(cons(e, e), e))?
Lists
Basic lists
272/468
Examplecises

The sub-term cons(e, e) is the one-element list e.

The whole term contains that list twice, yielding e , e .
Lists
Basic lists
272/468
Examplecises


2. What is the explicit term denoted by e, e, e?
Lists
Basic lists
272/468
Examplecises


The list cons(e, cons(e, cons(e, e))) that we saw previously.
Lists
Basic lists
272/468
Examplecises



3. Which list is longer: e, e, e or e, e, e, e ?
Lists
Basic lists
272/468
Examplecises



3. Which list is longer: e, e, e or e, e, e, e ?
The first list is longer. It has three items; the second only two.
Lists
Basic lists
272/468
Axioms of Basic Lists

We take the following set of axioms for basic lists.
List1: y cons(, y) 6= e.

List2: y z cons(, y) = cons(z, ) ( = z y = ) .
List3: For each formula () and each variable y not free in ,

[e/ ] y [cons(y, )/ ]
Note the close analogy to natural numbers!

e corresponds to 0.
cons is a binary analogue of s.
An induction axiom applies.
Lists
Basic lists
273/468
Exercise: Reasoning about lists
Exercise:
Prove that every non-e object is a cons; that is, show that

`List 6= e y z cons(y, z) = .
(Hint: the corresponding statement for natural numbers is that

every non-zero number is a successor:

`PA 6= 0 z s(z) = .)
Lists
Basic lists
274/468
Relations on Lists
We can define relations and functions on lists.
Example: the function first(), where the first item on list is first().
BUT: Thats not a function! The list e has no first.
Lists
Relations and Functions on Lists
275/468
Relations on Lists
Solution: use the relation

Rfirst = cons(, b), a | a and b are lists .

Rfirst (, y) is definable by the formula z = cons(y, z) .
Lists
275/468
Relations on Lists
Solution: use the relation

Rfirst = cons(, b), a | a and b are lists .

Rfirst (, y) is definable by the formula z = cons(y, z) .

Similarly, formula z = cons(z, y) defines
Rrest (, y) =

cons(a, b), b | a and b are lists .
Lists
275/468
Properties of First and Rest

Lemma
Any object has at most one first:

y z (Rfirst (, y) Rfirst (, z)) y = z .
Sketch of proof: Assume Rfirst (, y) Rfirst (, z); that is,

= cons(y, )
and
= cons(z, ) .
Thus there are items 1 and 2 (rule e) for which

= cons(y, 1 )
and
= cons(z, 2 ) .
Then List2 yields y = z.
Lists
276/468
Length of Lists
Example: Constrain a relation EqLen so that EqLen(, y) means that

and y have the same length.
Lists
277/468
Length of Lists

The empty list has the same length as itself:
Lists
EqLen(e, e).
277/468
Length of Lists

EqLen(e, e).
A non-empty list does not have the same length as the empty
list:

6= e (EqLen(, e) EqLen(e, ) .
Lists
277/468
Length of Lists

EqLen(e, e).
A non-empty list does not have the same length as the empty
list:

6= e (EqLen(, e) EqLen(e, ) .
Adding an element to each of two lists preserves (in)equality of
length :

y EqLen(, y) EqLen(cons(, ), cons(, y)) .
Lists
277/468
Length of Lists, continued
To show:
Every list has the same length as itself; that is, EqLen(, ).
Lists
278/468
Length of Lists, continued
To show:
Every list has the same length as itself; that is, EqLen(, ).
We prove this using induction, via List3.
Basis: `List EqLen(e, e). Given.
Inductive step: Need to prove, for arbitrary (fresh) , that

EqLen(, ) `List y EqLen(cons(y, ), cons(y, )) .
This follows directly from the third formula for EqLen.
Lists
278/468
Exercise on Defined Relations
Similarly to EqLen, we can characterize UnEqLen, unequal

lengths, by
UnEqLen(e, e) ,

6= e UnEqLen(e, ) UnEqLen(, e)
,
and

y UnEqLen(, y) UnEqLen(cons(, ), cons(, y)) .

Exercise: Show that `List y UnEqLen(, y) EqLen(, y) .
Lists
279/468
Programs Using Lists
Computer programs often use lists.

We can analyze such programs via predicate logic.
Scheme Via Lists
280/468
A Scheme Function Using Lists

Suppose we have a Scheme function:
( define (Append x y) . . . )
Our goal: to describe, in FOL, a function (, y) that yields the
result of (Append x y). We can then reason about .
Approach: Let S be an interpretation whose domain is the set of
Scheme values (i.e., lists). It interprets the constants, relations, etc.,
as specified for Scheme.
A call to function Append, with value for and b for y, creates an
environment E with E() = and E(y) = b. Thus we want the value
(, y)(S ,E) to be the return value of Append.
However, there is a small-but-significant problem. . . .
Scheme Via Lists
Introduction
281/468
Partial Vs. Total Functions

When discussing Scheme programs, we use the word function to
include partial functionsones that lack a value for some
arguments.
Example. first is partial: (first empty) yields an error.
In FOL, we must use only total functions, which have a value
(exactly one!) for every possible tuple of arguments.
Example. Interpretation S cannot interpret a function
symbol g as

gS = x, (first x) | x is a non-empty list .
This does NOT describe a total function!

(Recall: for any unary g, the formula z g() = z is valid.)
Scheme Via Lists
Introduction
282/468
Representing Functions That May Be Partial
To describe a Scheme function that is, or may be, partial, we use a

relation. For example, first corresponds to the relation Rfirst ,
which we have already seen.
Thus we revise our goal:
To describe, in FOL, the ternary relation RAppend , so that
RAppend (, y, z)(S ,E)
is true if and only if calling Append with arguments E() and
E(y) produces the result E(z).
Scheme Via Lists
Introduction
283/468
The Program for Append

The full program for Append:
( define (Append x y)
( cond ( (equal? x empty) y )
( #t (cons (first x) (Append (rest x) y) ) )
) )
We have many of the parts we need:
Scheme construct
Logical analogue
constant or variable (empty, x, . . . ) constant or variable (e, , . . . )
unnamed values
fresh variable (z, . . . )
relation (equal?, . . . )
relation (=, . . . )
function (cons, first, . . . )
function OR relation
(cons, Rfirst , . . . )
But what to do with cond?
Scheme Via Lists
Analyzing Append
284/468
Control Stuctures: cond
What does (cond (a b) C...) mean?

If a evaluates to #t, the cond has the same evaluation as b.
If a evaluates to #f, the cond has the same evaluation as
(cond C...). (Remove the (a b) and try again.)

If we run out of conditions, getting simply (cond), then the
expression has no meaningful value.
In the case of Append, we have (equal? x empty) for a and y for b.
Scheme Via Lists
Analyzing Append
285/468
Append, line 1
The first line:
( cond ( ( equal? x empty) y ) ...)
Corresponding formula:
= e RAppend (, y, y)
Simplified:
Remaining:
RAppend (e, y, y) .
6= e 2 ,
where 2 comes from the rest of the cond.

Scheme Via Lists
Analyzing Append
286/468
Append, line 2
cond ( #t (cons ( first x ) ( Append (rest x) y ) ) )
Introduce new variables for the anonymous values:
: the value of first x
r : the value of rest x
: the value of (Append ...).
The formula 2 :

Rfirst (, ) Rrest (, r )
RAppend (r , y, ) RAppend (, y, cons( , ))

The formula 6= e 2 , simplified (using List1 and List2):

RAppend (r , y, ) RAppend cons( , r ), y, cons( , )
Scheme Via Lists
Analyzing Append

287/468
Formulas describing Append

Thus the following formulas apply to RAppend .
App1: y RAppend (e, y, y)
App2: y z

RAppend (, y, z) RAppend cons (, ) , y, cons (, z)
Exercise:
Prove that Append is total; that is, prove
{App1, App2} `List y z RAppend (, y, z)
Scheme Via Lists
Analyzing Append
288/468
Properties of Append
Exercise:
Show that the function Append is associative; that is, for all x, y
and z, the programs (Append x (Append y z) ) and
(Append (Append x y) z) produce the same result.
Give a formula, using the relation RAppend , that states the
required property.
Show that your formula has a proof from the list axioms and
App1 and App2.
Scheme Via Lists
Analyzing Append
289/468
Where Have We Been, and Where Next?

We have seen an exampleAppendof translating a Scheme
program into logic.
In principle, one can do the same for any program. (It can, of
course, get very complicated. Proving properties from the result can
be even more complicated.)
Instead, however, we shall consider some even-more-general

issues:
How can we represent a program itself in logic?
What does such a representation imply about programs?
Scheme Via Lists
Analyzing Append
290/468
Formulas for general Scheme programs
Interpreting Scheme Programs
291/468
Formulas for Scheme Programs
Goal: To describe, in FOL, how a program executes.

We have to accomplish two main tasks.
1. Represent a program.
2. Describe the execution of a program.
This is much like producing an interpreter or compiler.
But we shall focus on analysis, rather than on actually computing.
292/468
Representing Scheme expressions and

programs
We shall represent a Scheme program as a list.
Recall the Scheme function Append:
(define (Append x y)
( cond
( (equal? x empty) y)
( #t ( cons (first x) (Append (rest x) y) ) )
)
)
Lets recall how we treated the parts of this program before. . . .
Representing Scheme programs
293/468
Remembering Append
We analyzed the program for Append as follows.
We introduced variables for the values used in the program,
whether named (like x and y) or unnamed.

We used FOL constants and relations for the built-in constants,
functions and relations (empty, equal?, first, etc.).
We did not directly represent control structures, such as cond.
Instead, we used cond to determine how to link FOL formulas

together.
For a general treatment, we need to handle

arbitrary names, and
control structures.
294/468
Whats in a Name?
For an arbitrary program, we must represent everything uniformly.

We need the concept of a name of a value, function, and a way to
represent names so that formulas can refer to them.
We need the capability to
compare names with one another, to determine whether or not
they are the same, and

have a dictionary of the meanings of names, so that we can
look up a name and replace it with its meaning.
295/468
Whats in a Name?II
To do these, we introduce an FOL constant symbol name, and adopt

the following convention.
A name is a list whose first item is the constant name.
Thus, we may express the concept is a name by the formula
y( = cons (name, y)) .
296/468
Whats in a Name?III
We assume a canonical way to transcribe text strings into names,

and use the notation s to mean the name corresponding to the
string s.
If s1 and s2 are different strings, then the corresponding names s1
and s2 are also different.
Exceptions: we shall represent the keywords cond, define, and
lambda by their own FOL constants, respectively cond, define, and .
297/468
Aside: Interpreting the Constants
We have decided to have several FOL constants: name, cond, , etc.

They will need values in an interpretation. We proved earlier that
every value in the domain is a list (either e or a cons).
Thus, an intepretation must specify a list for the value of each
constant symbol. Which lists?
Actually, we hardly care. They must be all different from one
another, and from e, but otherwise can be almost anything.
Thus we wont bother to specify their precise values.
298/468
Program Append, as a Term of FOL

With these conventions, any Scheme expression can be translated
into a term in the language of lists.
Example. The program Append becomes the term
D
define, Append, x, y,
cond, equal?, x, e, y,
#t, first, x, Append, rest, x, y
This yields a representation of a program.

What can we do with this representation?
299/468
Evaluation of Programs
Evaluation is the process of converting expressions to values.
In Scheme, the basic step of evaluation is a substitution step: a
replacement of one part of the expression by something else.
If no substitution is possible, then evaluation has ended.
We shall describe two predicates, Step and Eval.
Step will describe a single substitution step.
Eval will describe the result of a complete evaluation.
The formulas for Step will take some time to cover, since it has
many cases.
After that, Eval is rather simpler to characterize.
However, its apparent simplicity does mask some subtleties.
Evaluation: Basics
300/468
The Step Relation
We use a relation Step to describe the substitution process.

It takes three arguments:
a list representing the current state of execution,
a list representing the dictionary of definitions of names,
a list representing a potential next state.
We want a term Step(, D, y) to have the value true iff the

expression converts to expression y in one step, given
dictionary D.
For this we specify axioms, where each part of the definition of
Scheme becomes one or more axiom schemata.
Evaluation: Basics
301/468
Simplifying Assumptions
For now, we shall make two assumptions about programs.
All define statements come at the start of the program, with no
two defining the same variable.

The program does not use set!, nor any other form of mutation.
What about a program that uses local variables?
Answer: simply re-name local variables so that they all have
distinct names, and then make them global. This does not
affect the execution of the program.
Also, set! is not actually needed. (Its really define in disguise!)
Evaluation: Basics
302/468
Various Kinds of Steps

There are several ways to take a step of evaluation.
Simple steps:
Apply a built-in function of Scheme.
Replace a user-defined name by its definition.
More-complex steps:
Apply a control element.
Apply a user-defined function.
Take a step in a sub-expression.
If none of the above applies, evaluation stops.
Evaluation: Basics
303/468
Built-In Functions
If a name denotes a built-in function fun, then we assume that

the function is definable by a FOL relation. That is, there is a formula
fun (1 , . . . , k , y) that is true iff (fun x1 ... xk) produces value y.
Example:
The formula first for the built-in function first is
Rfirst (, y).
Evaluation: Basics
304/468
Applying a Built-In Function

This leads to our first axiom schema for Step:

~ , y) Step fun,
~ , D, y ,
Step1: fun (
for each built-in function fun.
Example: Since Rfirst (cons(, y), ) holds, Step1 implies

Step first, cons (, y) , D, .
(For brevity, we shall write the axioms without quantifiers.

All variables are assumed to have a universal quantifier.)
Evaluation: Basics
305/468
The Dictionary of Other Names
If a name does not have a fixed definition specified by the language,

we need to look it up in the dictionary.
In terms of FOL, this means that we need a relation LookUp such
that LookUp(, D, y) evaluates to true iff dictionary D specifies
value y for name .
Questions:
What is a dictionary?
How do we specify the relation LookUp?
Evaluation: Basics
306/468
The Structure of a Dictionary
Abstractly, a dictionary is a mapping from names to values.

Concretely, we shall use the standard data structure of an
association listimplemented in FOL.
An association is simply a pair (list of two elements),
whose first element is a name [a.k.a. key, or index] and whose
second element is the corresponding value [definition].
An association list is a list of associations.
Evaluation: Basics
307/468
Looking Up a Name, I
If we have a dictionary and a name to look up, there are a few

possibilities.
If the first pair in the dictionary has the given name as its first
element, then the desired value is the second element of the

pair.
This gives the axiom

Step2: LookUp , cons (, y, z) , y
...
Evaluation: Basics
308/468
Looking Up a Name, II
If the first pair in the dictionary has something else as its first
element, then the desired value is found by looking up the name

in the rest of the dictionary. This gives the axiom
Step3:

6= LookUp(, D, y) LookUp , cons (, , D) , y .
If the dictionary has no first pair (it is the empty list),
then no name has a value in the dictionary.

(No axiom.)
Exercise: What happens if a dictionary defines a name twice?

Evaluation: Basics
309/468
Stepping Via LookUp
Once we have LookUp characterized, we can use it for Step.

Step4: name() LookUp(, D, y) Step(, D, y)
This completes the simple cases of taking a step.

Next, we discuss the concept of a value, since we need it for the
more-complex steps.
Evaluation: Basics
310/468
What Is a Value?
Intuitively, a value is the result of a computationi.e., when we

obtain a value, were done computing.
If we start a sub-computation, then when it produces a value, we
return the value to the main computation to evaluate further.
In other words, a value is an expression whose evaluation is
complete.
Scheme has many kinds of values: numbers, text strings, etc. Also,
functions are values.
When we have a list structure, we must look more closely. If v and w
are values, then (v w) may or may not be a value. . . .
Values
311/468
Lists of Values
Suppose that v and w are values.

The expression (v w) may or may not be a value:
Example 1. If v is a number, then (v w) is a valuea list of two
values.
Example 2. If v is a function of one argument, then (v w) is not a
value. One needs to apply the function in order to evaluate the
expression.
We need a relation IsValue, that allows a distinction.
Values
312/468
Defining Relation IsValue
Each Scheme constant c is a valueempty, #t, etc.
Also, (list ...) is a value.

Step5: IsValue(c), for each defined constant c,
and y IsValue(cons(list, y)).
A lambda-expression is a value:

Step6: y IsValue , , y .
If and y are values, and is not a function, then cons (, y) is a
value:
Step7:
IsValue() IsValue(y) Rfirst (, )

IsValue cons (, y) .
Values
313/468
Evaluate the First Expression, If Possible
We now return to evaluation of complex expressions.

There are several possible ways to take a step in evaluating an
expression. One starts by looking at the first element of the
expression.
If the first element can be evaluated by itself,
then take a step in that expression, leaving the rest unchanged.

As an axiom, we get

Step8: Step(, D, y) Step cons (, z) , D, cons (y, z) .
Evaluation of Complex Expressions
314/468
A Simple Complex Expression

Example.The definition
(define Foo foodef )
yields the dictionary Foo, foodef .
Thus one step of the evaluation of (Foo a b) is described by

Step Foo, a, b , cons Foo, foodef , z , foodef, a, b .
(Hopefully, the result will make sense for further steps!)
315/468
Control Elements: cond
The element cond exemplifies control elements.

Notation: We shall write cons3(, y, z) to mean
cons(, cons(y, z))a list whose first two items are and y.
Recall the definition of (cond (a b) c...):
(cond (#t b) c...) has the same evaluation as b.

Step9: Step cons3(cond, #t, , y), D, .
(cond (#f b) c...) has the same evaluation as (cond c...):

Step10: Step cons3(cond, #f, , y), D, cons (cond, y) .
316/468
cond, Continued
Finally, in (cond (a b) c...), if a is not yet evaluated, we must

evaluate it first.
Step11: Step(z, D, )
Step cons3(cond, z, , y), D, cons3(cond, , , y)
317/468
Applying Functions
The final case of stepping: evaluating an expression which is the
application of a function. Scheme defines application as follows.
To apply a function (lambda (x) y) to a value u, substitute
u for the name x everywhere that x occurs in the
expression y, and evaluate the result.
If Subst(, , y, ) means substituting for name in term y
yields term , then we get
Step12: IsValue()

Subst , , y, Step
, , y , , D,
.
Why the IsValue?

We require a definition of Subst.
318/468
Applying Functions, II
The implicant IsValue() appeared in the previous axiom because

Scheme specifies that functions may only be applied to evaluated
arguments.
To handle unevaluated arguments, we simply evaluate them:

Step13: Step(, D, ) Step , , y, , D, , , y, .
319/468
Defining Substitution
This leaves us with the substitution itself, which we characterize
inductively. We have base cases
Step14:
Subst (, , e, e) ,
(, , , ) , and
Subst

y 0 (y = cons (name, y 0 )) (y 6= ) Subst (, , y, y) .
and the inductive case

Step15:

Subst (, , y, ) (y 6= name)

Subst (, , z, ) Subst , , cons (y, z) , cons (, )
.
(Note that names are taken literallyno substitution should occur.)

320/468
Full Evaluation
Lastly, we have the cases where no step applies; that is, we have
and D for which

y (Step(, D, y)) .
In this case, evaluation is complete, and is the final result.
We want the Eval(, D, y) to mean the final result of evaluation of

(with dictionary D) is y. Thus we can write

y (Step(, D, y)) Eval(, D, )
and

Step(, D, y) Eval(y, D, z) Eval(, D, z) .
321/468
Summary of Evaluation
We can write axioms such that the following holds.
Let P be a Scheme program, with corresponding term P.

If P eventually produces result z, then the formula
e, z)
Eval(P,

e, z 0 ) (z 0 = z) .
is provable, as is z 0 Eval(P,
If P produces any final result, then

e, z)
z Eval(P,
is provable.
A question for the future:
What if program P does not produce a result?
322/468

Ari TH Lists

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Ari TH Lists

Transféré par

Droits d'auteur :

Formats disponibles

Logic and Computation:

From Arithmetic to Programs

Arithmetic, Lists, and Programs

Arithmetic, Lists, and Programs

Arithmetic, Lists, and Programs

Example: Axioms for equality

Notation: in place of writing

we shall simply write

Arithmetic, Lists, and Programs

(PA stands for Peano Axioms, named for Giuseppe Peano.)

Addition and Multiplication

Further axioms characterize + (addition) and (multiplication).

Induction in Peano Arithmetic

PA7: For each formula and variable ,

Properties from the Peano Axioms

Theorem: Addition in Peano Arithmetic is commutative; that is,

How can we find such a proof?

Setting Up the Induction

Choosing to be y( + y = y + ) yields the instance

The Base Case for Commutativity

The Base Case for Commutativity

On the assumption 0 + y 0 = y 0 + 0, we get

Then i and generalization (i) yield the target.

The full proof of the base case appears next.

Commutativity of Addition: The base case

Inductive Case for Commutativity

Assuming s() + z 0 = z 0 + s() yields

Inductive Case, continued

Since + z 0 = z 0 + by the premise, EQsubs(s(s())) yields

(Uses of PA4 omitted)

s() + s(z) = s(z) + s()

Putting It All Together

The other familiar properties of addition and multiplication have

R = a1 , . . . , ak dom()k | (I ,[1 7a1 ][k 7ak ]) = T .

A relation R is definable (in I) iff R = R for some formula .

Properties of Defined Relations

We can also define further relations using ; e.g.,

Lists are a basic structure in computer science. We shall

Vocabulary for lists:

Lists and Natural Numbers

A short-hand notation: angle brackets.

the object cons(, e) (which is also cons(, )).

1. What is the angle bracket form of the list

1. What is the angle bracket form of the list

1. What is the angle bracket form of the list

1. What is the angle bracket form of the list

1. What is the angle bracket form of the list

1. What is the angle bracket form of the list

Axioms of Basic Lists

List3: For each formula () and each variable y not free in ,

Note the close analogy to natural numbers!

Exercise: Reasoning about lists

(Hint: the corresponding statement for natural numbers is that

Relations and Functions on Lists

Relations and Functions on Lists

Relations and Functions on Lists

Properties of First and Rest

Sketch of proof: Assume Rfirst (, y) Rfirst (, z); that is,

Thus there are items 1 and 2 (rule e) for which

Then List2 yields y = z.

Relations and Functions on Lists

Example: Constrain a relation EqLen so that EqLen(, y) means that

Relations and Functions on Lists