Skip to content
/ INFODTP Public

Verification of the algorithm described in "On building trees of minimal height" by Richard S. Bird, using Coq

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ltbinsbe/INFODTP

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
coq
coq
 
 
hs
hs
 
 
presentation
presentation
 
 
reading
reading
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
REPORT.md
REPORT.md
 
 
REPORT.pdf
REPORT.pdf
 
 

Repository files navigation

Verification Challenge - Dependently-typed Programming

Verification of the algorithm described in "On building trees of minimum height" by Richard S. Bird, using Coq

TODO

Prove Lemma 1 (join builds minimum height from combining lmps):

  • Given that pair is a lmp (local minimum pair) in a sequence of trees bounds
  • Then there is a tree T of minimum height in which pair are siblings

Prove auxiliary facts about lmp (local minimum pair):

  1. Proof that in an strictly increasing list, the leftmost pair is always an lmp.

  2. Proof that in a non-strictly decreasing list, the rightmost pair is always an lmp.

  3. Proof that in a list that is not non-strictly decreasing there is always a pair (a, b) for which it holds that alessb. This is a strictly increasing sequence.

From these facts we should be able to conclude that every sequence has an lmp (Thomas: I'm not sure whether we actually need this proof)

Invariants about order on lists:

Lemma 2, 3:

  1. Given list [..,x, a, b, y, ..] a >= b ^ y > a -> (a, b) lmp
  2. Given list [..,x, a, b, y, ..] a < b ^ b < y ^ x >= a -> (a, b) lmp

Prove that step produces a strictly increasing list (sequence of lmps):

  1. Proof that FAa [a] is a strictly increasing list (trivial)
  2. Proof that FAaaltb implies that [a, b] is strictly increasing (trivial)
  3. From induction on the above 2 base cases, prove that the result of the function step is an strictly increasing list.
    • For this we need to prove that using join in the definition of step is safe. Needs:
      • Proof that in any sequence xs ++ [a,b]: ageb implies that (a,b) is an lmp. (follows from 1.a)
      • Proof that in any sequence xs ++ [t, u, v] ++ ts: vgttgequ implies that (t, u) is an lmp. (follows from Lemma 2)
      • Proof that in any sequence xs ++ [t, u, v] ++ ts: [u,v] ++ ts is increasing & t >= v ^ t >= u => (u, v) is an lmp (follows from Lemma 3)

From the above follows that foldl1 join creates a tree of minimum height. QED.

Possible problems

  • Step is not a fixpoint decreasing on one of its arguments, in combination with foldr it is however terminating. How to convince coq?
  • There is no fold1, since it is an partial function. is this a problem for us?
  • How to deal with 'end of list' (NIL), which can be interpreted as an item of the maximum height.
  • The main problem: how to prove that using join on lmps as arguments to a recursive call on step maintains the invariant (that step creates a strictly increasing list).

About

Verification of the algorithm described in "On building trees of minimal height" by Richard S. Bird, using Coq

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages