Ordinals II: Some applications and a functorial approach

The first part of this paper is a presentation of some common applications of ordinals: definition of a system of ordinal notations for ordinals less than ₀, direct connection between Kruskal's theorem and ₀, consistency proofs in proof theory (such as the consistency of Peano arithmetic by means of transfinite induction up to ₀). In the second part of the paper, a functorial construction of ordinals and in particular of the Veblen hierarchy is explained. This approach, introduced by Girard (theory of dilators), allows the construction of ordinals greater than ₀ to be pursued in a more natural way than if the Bachmann hierarchy is used.     

A Formalization of Powerlist Algebra in ACL2

In Misra (ACM Trans Program Lang Syst 16(6):1737–1767, 1994), Misra introduced the powerlist data structure, which is well suited to express recursive, data-parallel algorithms. Moreover, Misra and other researchers have shown how powerlists can be used to prove the correctness of several algorithms. This success has encouraged some researchers to pursue automated proofs of theorems about powerlists (Kapur 1997; Kapur and Subramaniam 1995, Form Methods Syst Des 13(2):127–158, 1998). In this paper, we show how ACL2 can be used to verify theorems about powerlists. We depart from previous approaches in two significant ways. First, the powerlists we use are not the regular structures defined by Misra; that is, we do not require powerlists to be balanced trees. As we will see, this complicates some of the proofs, but on the other hand it allows us to state theorems that are otherwise beyond the language of powerlists. Second, we wish to prove the correctness of powerlist algorithms as much as possible within the logic of powerlists. Previous approaches have relied on intermediate lemmas which are unproven (indeed unstated) within the powerlist logic. However, we believe these lemmas must be formalized if the final theorems are to be used as a foundation for subsequent work, e.g., in the verification of system libraries. In our experience, some of these unproven lemmas presented the biggest obstacle to finding an automated proof. We illustrate our approach with two case studies involving Batcher sorting and prefix sums.     

Nonstandard Analysis in ACL2

ACL2 refers to a mathematical logic based on applicative Common Lisp, as well as to an automated theorem prover for this logic. The numeric system of ACL2 reflects that of Common Lisp, including the rational and complex-rational numbers and excluding the real and complex irrationals. In conjunction with the arithmetic completion axioms, this numeric type system makes it possible to prove the nonexistence of specific irrational numbers, such as 2. This paper describes ACL2(r), a version of ACL2 with support for the real and complex numbers. The modifications are based on nonstandard analysis, which interacts better with the discrete flavor of ACL2 than does traditional analysis.     

Formal proof of integer adders using all-prefix-sums operation

Addition of two binary numbers is a fundamental operation in electronic circuits.Several integer adder architectures have been proposed.Their formal properties are well known,but the proofs are either incomplete or difficult to find.In this paper,we present a formal proof for the correctness of prefix adders.Both sequential and parallel algorithms are formalized and proved.In contrast to previous proofs using higher order functions and rewriting systems,our work is based on first order recursive equations,which are familiar to the computer arithmetic community and are therefore understandable by people working on VLSI circuit design.This study sets up a basis for further work on formal proofs of computer arithmetic algorithms.     

On Computer-Assisted Proofs in Ordinal Number Theory

Some basic theorems about ordinal numbers were proved using McCunes computer program OTTER, building on Quaifes modification of Gödels class theory. Our theorems are based on Isbells elegant definition of ordinals. Neither the axiom of regularity nor the axiom of choice is used.     

Theory Extension in ACL2(r)

ACL2(r) is a modified version of the theorem prover ACL2 that adds support for the irrational numbers using nonstandard analysis. It has been used to prove basic theorems of analysis, as well as the correctness of the implementation of transcendental functions in hardware. This paper presents the logical foundations of ACL2(r). These foundations are also used to justify significant enhancements to ACL2(r).      

Ordinals I: Basic notions

At the end of the last century, Cantor generalized the notion of natural integer by considering the order structure of integers. According to the idea of counting more and more, he introduced transfinite numbers over natural numbers. Thus an ordinal may be simply defined as a natural number or a transfinite number, and ordinal arithmetic extends usual one. The ordinals up to ₀ can be described in an intuitive way (with 0, 1, and the sum, product and exponentiation operations). In contrast, it cannot be done for ordinals beyond ₀. In order to describe greater ordinals, Veblen introduced a normal functions hierarchy (i.e. strictly increasing and continuous) from ordinals into ordinals. This construction allows us to describe ordinals until ₀, using ordinals preceding ₀. Therefore, ₀ and ₀ have a similar role if Veblen functions are used for ₀ in addition to the previous operations.     

Coq Formalization of ZFC Set Theory for Teaching Scenarios

Discrete mathematics is a foundation course for computer-related majors, and propositional logic, first-order logic, and the axiomatic set theory are important parts of this course. Teaching practice shows that beginners find it difficult to accurately understand abstract concepts, such as syntax, semantics, and reasoning system. In recent years, some scholars have begun introducing interactive theorem provers into teaching to help students construct formal proofs so that they can understand logic systems more thoroughly. However, directly employing the existing theorem provers will increase students'' learning burden since these tools have a high threshold for getting started with them. To address this problem, we develop a prover for the Zermelo-Fraenkel set theory with the axiom of Choice (ZFC) in Coq for teaching scenarios. Specifically, the first-order logical reasoning system and the axiomatic set theory ZFC are formalized, and several automated proof tactics specific to reasoning rules are then developed. Students can utilize these automated proof tactics to construct formal proofs of theorems in a textbook-style concise proving environment. This tool has been introduced into the teaching of the course of discrete mathematics for freshmen. Students with no prior theorem-proving experience can quickly construct formal proofs of theorems including mathematical induction and Peano arithmetic with this tool, which verifies the practical effectiveness of this tool.     

Formalization of Shannon’s Theorems

The most fundamental results of information theory are Shannon’s theorems. These theorems express the bounds for (1) reliable data compression and (2) data transmission over a noisy channel. Their proofs are non-trivial but are rarely detailed, even in the introductory literature. This lack of formal foundations is all the more unfortunate that crucial results in computer security rely solely on information theory: this is the so-called “unconditional security”. In this article, we report on the formalization of a library for information theory in the SSReflect extension of the Coq proof-assistant. In particular, we produce the first formal proofs of the source coding theorem, that introduces the entropy as the bound for lossless compression, and of the channel coding theorem, that introduces the capacity as the bound for reliable communication over a noisy channel.     

Using PVS to validate the algorithms of an exact arithmetic

The whole point of exact arithmetic is to generate answers to numeric problems, within some user-specified error. An implementation of exact arithmetic is therefore of questionable value, if it cannot be shown that it is generating correct answers. In this paper, we show that the algorithms used in an exact real arithmetic are correct. A program using the functions defined in this paper has been implemented in ‘C’ (a HASKELL version of which we provide as an appendix), and we are now convinced of its correctness. The table presented at the end of the paper shows that performing these proofs found three logical errors which had not been discovered by testing. One of these errors was only detected when the theorems were validated with PVS.     

New uses of linear arithmetic in automated theorem proving by induction

Zhang, Kapur, and Krishnamoorthy introduced a cover set method for designing induction schemes for automating proofs by induction from specifications expressed as equations and conditional equations. This method has been implemented in the theorem prover Rewrite Rule Laboratory (RRL) and a proof management system Tecton built on top of RRL, and it has been used to prove many nontrivial theorems and reason about sequential as well as parallel programs. The cover set method is based on the assumption that a function symbol is defined by using a finite set of terminating (conditional or unconditional) rewrite rules. The termination ordering employed in orienting the rules is used to perform proofs by well-founded induction. The left sides of the rules are used to design different cases of an induction sheme, and recursive calls to the function made in the right side can be used to design appropriate instantiations for generating induction hypotheses. A weakness of this method is that it relies on syntactic unification for generating an induction scheme for a conjecture. This paper goes a step further by proposing semantic analysis for generating an induction scheme for a conjecture from a cover set. We discuss the use of a decision procedure for Presburger arithmetic (quantifier-free theory of numbers with the addition operation and relational predicates >, <, ≠, =, ⩾, ⩽) for performing semantic analysis about numbers. The decision procedure is used to generate appropriate induction schemes for a conjecture by using cover sets of function taking numbers as arguments. This extension of the cover set method automates proofs of many theorems that otherwise require human guidance and hints. The effectiveness of the method is demonstrated by using some examples that commonly arise in reasoning about specifications and programs. It is also shown how semantic analysis using a Presburger arithmetic decision procedure can be used for checking the completeness of a cover set of a function defined by using operations such as + and — on numbers. With this check, many function definitions used in a proof of the prime factorization theorem stating that every number can be factored uniquely into prime factors, which had to be checked manually, an now be checked automatically in RRL. The use of the decision procedure for guiding generalization for generating conjectures and merging induction schemes is also illustrated. Partially supported by the National Science Foundation Grant No. CCR-9303394 and subcontract CB0249 of SRI contract MDA904-92-C-5186 with The Maryland Procurement Office.     

The design of the Boost interval arithmetic library

We present the design of the Boost interval arithmetic library, a C++$++$ library designed to handle mathematical intervals efficiently and in a generic way. Interval computations are an essential tool for reliable computing. Increasingly a number of mathematical proofs have relied on global optimization problems solved using branch-and-bound algorithms with interval computations; it is therefore extremely important to have a mathematically correct implementation of interval arithmetic. Various implementations exist with diverse semantics. Our design is unique in that it uses policies to specify three independent variable behaviors: rounding, checking, and comparisons. As a result, with the proper policies, our interval library is able to emulate almost any of the specialized libraries available for interval arithmetic, without any loss of performance nor sacrificing the ease of use. This library is openly available at www.boost.org.     

Finding Proofs in Tarskian Geometry

We report on a project to use a theorem prover to find proofs of the theorems in Tarskian geometry. These theorems start with fundamental properties of betweenness, proceed through the derivations of several famous theorems due to Gupta and end with the derivation from Tarski’s axioms of Hilbert’s 1899 axioms for geometry. They include the four challenge problems left unsolved by Quaife, who two decades ago found some OTTER proofs in Tarskian geometry (solving challenges issued in Wos’s 1998 book). There are 212 theorems in this collection. We were able to find OTTER proofs of all these theorems. We developed a methodology for the automated preparation and checking of the input files for those theorems, to ensure that no human error has corrupted the formal development of an entire theory as embodied in two hundred input files and proofs. We distinguish between proofs that were found completely mechanically (without reference to the steps of a book proof) and proofs that were constructed by some technique that involved a human knowing the steps of a book proof. Proofs of length 40–100, roughly speaking, are difficult exercises for a human, and proofs of 100–250 steps belong in a Ph.D. thesis or publication. 29 of the proofs in our collection are longer than 40 steps, and ten are longer than 90 steps. We were able to derive completely mechanically all but 26 of the 183 theorems that have “short” proofs (40 or fewer deduction steps). We found proofs of the rest, as well as the 29 “hard” theorems, using a method that requires consulting the book proof at the outset. Our “subformula strategy” enabled us to prove four of the 29 hard theorems completely mechanically. These are Ph.D. level proofs, of length up to 108.     

Formal Proofs About Rewriting Using ACL2

We present an application of the ACL2 theorem prover to reason about rewrite systems theory. We describe the formalization and representation aspects of our work using the first-order, quantifier-free logic of ACL2 and we sketch some of the main points of the proof effort. First, we present a formalization of abstract reduction systems and then we show how this abstraction can be instantiated to establish results about term rewriting. The main theorems we mechanically proved are Newman's lemma (for abstract reductions) and Knuth–Bendix critical pair theorem (for term rewriting).     

Determinization of ordinal automata

It is proved that for each nondeterministic ordinal automaton there exists a deterministic ordinal automaton which is equivalent to the original one for all countable ordinals. An upper bound for the number of states of the deterministic automaton is double exponential in the number of states of the nondeterministic automaton.     

Stochastic approximation with dependent disturbances—I

A generalization of Robbins-Monro stochastic approximation is presented in the paper. It is shown that, if disturbances satisfy a sort of generalized law of large numbers then an appropriate stochastic approximation procedure converges almost surely or only in probability, depending on what kind of law of large numbers (strong or weak) is satisfied by disturbances. In that sense theorems presented in the paper generalize Robbins-Monro stochastic approximation schemes, because the law of large numbers can be satisfied, as is well-known, by sequences of dependent random variables.

On the other hand, as theorem of Gladishev (a generalized version of Robbins-Monro theorem) can be obtained from the results presented in the paper (see Theorem 10), one can consider this paper as the one providing new proofs for different versions of stochastic approximation. The proofs of the theorems of the paper are different than usual proofs of stochastic approximation procedure. In particular, they are not based on the Martingale convergence theorem. Roughly speaking the proofs exploit the analogy between the stochastic approximation procedures of Robbins-Monro versions and deterministic numerical iterative procedures seeking zeros of the system of nonliner equations.

As the results of the paper were thought to be applied to estimation of parameters of discrete stochastic processes (so called identification) special notation has been introduced. This notation is believed to be useful for the above purpose.     

Proofs, Programs, Processes

The objective of this paper is to provide a theoretical foundation for program extraction from inductive and coinductive proofs geared to practical applications. The novelties consist in the addition of inductive and coinductive definitions to a realizability interpretation for first-order proofs, a soundness proof for this system, and applications to the synthesis of non-trivial provably correct programs in the area of exact real number computation. We show that realizers, although per se untyped, can be assigned polymorphic recursive types and hence represent valid programs in a lazy functional programming language such as Haskell. Programs extracted from proofs using coinduction can be understood as perpetual processes producing infinite streams of data. Typical applications of such processes are computations in exact real arithmetic. As an example we show how to extract a program computing the average of two real numbers w.r.t. the binary signed digit representation.     

On converse Lyapunov theorems for ISS and iISS switched nonlinear systems

In this paper we present converse Lyapunov theorems for ISS and integral input to state stable (iISS) switched nonlinear systems. Their proofs are based on existing converse Lyapunov theorems for input–output to state stable and iISS nonlinear systems, and on the association of the switched system with a nonlinear system with inputs and disturbances that take values in a compact set.     

Partial Functions in ACL2

We describe a method for introducing “partial functions” into ACL2, that is, functions not defined everywhere. The function “definitions” are actually admitted via the encapsulation principle: the new function symbol is constrained to satisfy the appropriate equation. This is permitted only when a witness function can be exhibited, establishing that the constraint is satisfiable. Of particular interest is the observation that every tail recursive definition can be witnessed in ACL2. We describe a macro that allows the convenient introduction of arbitrary tail recursive functions, and we discuss how such functions can be used to prove theorems about state machine models without reasoning about “clocks” or counting the number of steps until termination. Our macro for introducing “partial functions” also permits a variety of other recursive schemes, and we briefly illustrate some of them. This revised version was published online in August 2006 with corrections to the Cover Date.