© 2006 rockwell collins, inc. all rights reserved. parameterized congruences in acl2 david greve...

© 2006 Rockwell Collins, Inc. All rights reserved.

Parameterized Congruences in ACL2

David GreveAugust, 2006

2 Rockwell Collins, Inc.

Congruences (Unplumbed)

• Congruence-based Rewriting– Built-In to ACL2– Treats Certain Predicate Relations “just like equality”– Use Relations to Define Rewrite Rules

• What is the “Big Deal”?– Provides Strong Normalization

• (Near) Minimal Representations

– Scalable• Defined Locally• Used Globally

– Context Sensitive• Simple Rules• Rule-Chaining


Normalizing list-Based Set Expressions

(defthm member-cons-duplicates (iff (member a (cons x (cons x y))) (member a (cons x y))))

(defthm member-cons-duplicates-2 (iff (member a (cons z (cons x (cons x y)))) (member a (cons z (cons x y)))))

• Removing Duplicate Updates ..

• But What About ..


Normalizing list-Based Set Expressions (cont)

• Rewrite Rules Are not Sufficiently Powerful– Infinite number of rules

• Syntactic Simplification– :meta and bind-free– A Better Solution– Don’t Scale well

• Specific to a set of functions (Defined Globally)• Difficult to extend to user defined functions

• Congruence-based Rewriting– More powerful than rewrite rules– More scalable than syntactic techniques


3 Steps to Using Congruence-based Rewriting

• Defining Rewriting Contexts– defequiv

• Proving Driver Rules– Using equivalence relations

• Establishing Congruences– defcong


Rewriting Context

• Obviously (cons x (cons x y)) is not equal to (cons x y),

• But they are equivalent in “the second argument of member”

• So we can replace one with the other in that context

(defthm member-cons-duplicates (iff (member a (cons x (cons x y))) (member a (cons x y))))

(cons x (cons x y))(cons x y)


Defining a Rewriting Context

• ACL2 Generalizes this notion– “the second argument of member”

• Uses Equivalence Relations– Formalize essential properties of “the second argument of member”

• Formally Introduced in ACL2 via defequiv– (defequiv set-equiv)– Associates equivalence relation with a rewriting context

(and (booleanp (set-equiv x y)) (set-equiv x x) (implies (set-equiv x y) (set-equiv y x)) (implies (and (set-equiv x y) (set-equiv y z)) (set-equiv x z)))


Driver Rules

• Rewrite rules employing equivalence relations

– Does not rewrite set-equiv to true– Replaces (cons x (cons x y)) with (cons x y)– In a set-equiv rewriting context

• Driver Rules– Concise, Automatic, Unconstrained– Enhanced Normalization

(defthm set-equiv-cons-cons-driver (set-equiv (cons x (cons x y)) (cons x y)))


Congruences

• Driver Rules– Only Applied in specific rewriting contexts

• Congruence Rules– Establish rewriting contexts– Indicate when it is sound to use specified equivalence relations

• Restricted– No hypotheses, Single function instance

(defthm set-equiv-implies-iff-in-2 (implies (set-equiv x y) (iff (member a x) (member a y))) :rule-classes (:congruence))

(defcong set-equiv iff (member a x) 2)(defcong set-equiv set-equiv (cons a x) 2)


Congruence-based Rewriting: Synopsys

• Rewriting contexts– Characterized by equivalence

relations

• Driver Rules– Apply context-sensitive

simplifications

• Congruence Rules– Chain from one context to

another

• Congruence-based Rewriting– More powerful than rewrite

rules– More scalable than syntactic

techniques

(defequiv set-equiv)

(defthm set-equiv-cons-cons-driver (set-equiv (cons x (cons x y)) (cons x y)))

(defcong set-equiv iff (member a x) 2)

(defcong set-equiv set-equiv (cons a x) 2)


• Removing Nested mod ..

• But What About ..

Normalizing modular Arithmetic Expressions

(defthm mod-+-mod-1 (equal (mod (+ (mod x N) y) N) (mod (+ x y) N)))

(defthm mod-+-mod-nest (equal (mod (+ x (mod y N) z) N) (mod (+ x y z) N)))


Normalizing Modular Arithmetic Expressions (cont)

• Rewrite Rules Are not Sufficiently Powerful– Infinite number of rules

• Syntactic Simplification (arithmetic-3)– :meta and bind-free– A Better Solution– Don’t Scale well

• Specific to a set of functions (Defined Globally)• Difficult to extend to user defined functions

• Congruence-based Rewriting (?)– More powerful than rewrite rules– More scalable than syntactic techniques


3 Steps to Using Congruence-based Rewriting

• Defining Rewriting Contexts– defequiv

• Proving Driver Rules– Using equivalence relations

• Establishing Congruences– defcong


• Our equivalence relations is parameterized by N:

• ALC2 doesn’t support parameterized equivalances (!)– Genequiv defines currently active rewriting context

• Argument to rewriter• Identifies “active” equivalence relations• Driver rules can fire if their equivalence relation is in genequiv• Congruence rules program genequiv

– Could be extended• Equivalence relation + parameter terms• Substantial change to ACL2

Defining the Rewriting Context

(defun mod-equiv (x y N) (equal (mod x N) (mod y N)))


Parameterized Congruences with nary

• The nary Library– Developed to Address this Shortcoming– Emulates Parameterized Congruences– Provides Convenient Macros

• Three Steps to using nary– Defining Parameterized Rewriting Contexts

• defcontext

– Proving Parameterized Driver Rules• Using context functions

– Establishing Parameterized Congruences• defcong+


• Parameterized Rewriting Context– Implemented using Parameterized Context (Fixing) Functions– “mod” is one such function

• Context Functions Serve two primary purposes– Method for imposing context on a term

• To simplify x in a “mod N” context, we simplify (mod x N)

– Act as Triggers for Driver rules• Any rule matching (mod x N) is a “mod N” driver rule

• Parameterized Equivalence Reduction Assumption– Context Function

• Captures Interaction between equated terms and parameters

– Equivalence Relation• Captures Interaction between “fixed” values

Parameterized Rewriting Context

(equal (nary-equiv x y a1 a2 a3) (equiv (nary-ctx x a1 a2 a3) (nary-ctx y a1 a2 a3)))


Parameterized Driver Rules

• Rewrite rules employing parameterized context function

(defthm mod-N-N (implies (and (integerp N) (not (equal N 0))) (equal (mod N N) 0))


Parameterized Congruences

• Parameterized Congruence Rules– Cause terms to be reduced in Parameterized Rewriting Contexts– Heart of nary Library– Binding Hypotheses– Bind-Free

(defthm nary-cong-rule (implies (equal x (mod a N)) (equal (mod (+ a b) N) (mod (+ x b) N)))

(defthm set-equiv-implies-iff-in-2 (implies (set-equiv x y) (iff (member a x) (member a y))) :rule-classes (:congruence))


nary Parameterized Congruence Rules

(defthm mod-+-cong-1 (implies (and (integerp N) (not (equal N 0)) (integerp a) (integerp b) (equal wrap (mod a N)) (bind-free (mod_unfix wrap N ‘wrap? ‘x) (wrap? x)) (if wrap? (equal wrap (mod x N)) (equal wrap x)) (syntaxp (not (equal a x))) (integerp x)) (equal (mod (+ a b) N) (mod (+ x b) N))))

GuardHypotheses




BindingHypotheses




Produced byDefcontext Macro. Searching for terms like (mod x N)

(defcontext (mod x N) 1)

(defun mod_unfix (wrap N wrap? X) (if (and (consp wrap) (equal (car wrap) ‘mod) (equal (caddr wrap) N)) (list (cons wrap? ‘(quote t)) (cons x (cadr wrap))) (list (cons wrap? ‘(quote nil)) (cons x wrap)))




wrap? Tells us if wrap was of the form (mod Q N). If it was, x is bound to Q and wrap? Is bound to true. Otherwise, x is bound to the value of wrap and wrap? Is false.




Logical test to ensure correctnessof syntactic transformation.




Make sure we have actually simplifiedsomething.




Check the type of the result.




Replace “a” with the value obtained by simplifying “a” in a “mod N” context.


Congruence-based Rewriting: Synopsys

• Parameterized Rewriting contexts– Characterized by context

functions

• Parameterized Driver Rules– Trigger on context functions

• Parameterized Congruence Rules– Simplify terms in selected

context.

• Parameterized Congruence-based Rewriting– Extends Standard Congruence-

baed Rewriting to parameterized equivalences.

(defcontext (mod x N) 1)

(defthm mod-N-N (equal (mod (mod x N) N) (mod x N)))

(defcong+ mod-+-cong (mod (+ a b) N) :hyps (and (rationalp-guard a b N) (not (equal N 0))) :cong ((a (equal x (mod a N))) (b (equal y (mod b N)))) :check (rationalp-guard x y))


Example Application(defcontext (mod x N) 1)

(defthm mod-N-N (equal (mod (mod x N) N) (mod x N)))

(defcong+ mod-+-cong (mod (+ a b) N) :hyps (and (rationalp-guard a b N) (not (equal N 0))) :cong ((a (equal x (mod a N))) (b (equal y (mod b N)))) :check (rationalp-guard x y))

(defthm foo1-prop (equal (mod (foo1 x n) n) (mod x n)))

(defcong+ foo2-cong (mod (foo2 x) n) :cong ((x (equal a (mod x n)))))

(defthm mod-+-normalization (implies (and (rationalp-guard a b c d e N) (not (equal n 0))) (equal (mod (+ a (mod b n) (foo1 c n) (foo2 (+ (mod d n) (mod e n)))) n) (mod (+ a b c (foo2 (+ d e))) n))))


Definition/Use Analysis

(defun copy-nth* (list st1 st2) (if (null list) st2 (update-nth (car list) (nth (car list) st1) (copy-nth* (cdr list) st1 st2)))

(defun use (list st) (copy-nth* list st nil))

(defthm use-over-update-nth (implies (not (member (nfix b) list)) (equal (use list (update-nth b v st)) (use list st))))

(defcontext (use list st) 2)

(defcong+ use-update-nth-cong (use list (update-nth a v x)) :cong ((x (equal z (use list x)))))

(defcong+ nth-foo-use (nth a (foo st)) :cong ((st (equal z (use (foo-use) st)))) :hyps (member (nfix a) (foo-def)))

(defthm du-properties (and (member 0 (foo-def)) (not (member 3 (foo-use)))))

(defthm test-nth-foo (equal (nth 0 (foo (update-nth a w (update-nth 3 v st)))) (nth 0 (foo (update-nth a w st)))))


Conclusion

• Congruence-based Rewriting– Built In to ACL2– More powerful than rewrite rules– More scalable than syntactic techniques– Unplumbed

• Parameterized Congruence-based Rewriting – Enabled (Emulated) via nary Library– Applicable to variety of Domains

• Modular Arithmetic• Definition/Use Analysis


A Challenge Problem

• For every function satisfying the properties of an equivalance relation:

• There exists a fixing function such that:

(defthm equiv-reduction (equal (equiv x y) (equal (fix x) (fix y))))

(and (booleanp (equiv x y)) (equiv x x) (implies (equiv x y) (equiv y x)) (implies (and (equiv x y) (equiv y z)) (equiv x z)))


Generalized (Parameterized) Congruences

(defthm generalized-cong-rule (implies (< x a) (equal (foo x) (foo a))))

© 2006 rockwell collins, inc. all rights reserved. parameterized congruences in acl2 david greve...

Documents

truereplaces cons x

cons z cons x cons x

x member

setequiv x y setequiv

cons x yin

cons x ydefthm membercons

setequiv x y iff member

defcong setequiv setequiv