| Sponsor | Pete Manolios |
| Area | Formal Methods |
Problem
This exercise is intended to give you some experience with proving programs correct. You will be required to define functions for manipulating sets and to prove that they are correct. Detailed hand proofs will be accepted, but you are encouraged to use the ACL2 system to produce mechanically-checked proofs.
The ACL2 system consists of a programming language (based on applicative Common Lisp), a logic, and a theorem prover. Extensive documentation is available from the ACL2 home page.
ACL2 provides functions, similar to the functions found in Common Lisp, for dealing with "sets." Sets are represented as lists and functions for manipulating such sets are provided. For example, (subsetp '(0 1) '(1 0)) returns T, indicating that {0, 1} is a subset of {1, 0}. However, the functions work only on "flat" sets. By this I mean that elements of a set are treated as atomic objects, e.g., (subsetp '((0 1)) '((1 0))) evaluates to Nil (false) even though {{0, 1}} is a subset of {{1, 0}}. The reason is that (0 1) of ((0 1)) is treated as an atomic object instead of as a set.
You will be required to define functions that manipulate general sets (as opposed to flat sets) and to prove that they are correct. To simplify things a little, you can assume that sets are built out of integers. Your job is to define the notions of element-of, subset, and set-equality for general sets. In addition you must prove that subset is a transitive relation and that set-equality is an equivalence relation. See me for the details.
BackgroundTo undertake this project, it would help if one has a basic understanding of recursion and induction. A familiarity with Lisp is also useful.
Deliverables
The evaluation will be based on the report. Late reports will not be accepted. Given that students have different backgrounds, if it is clear that the project was given serious consideration, I will assign an A. One way that I can determine that the project was considered seriously is if you talk to me.