ltl p {(Xq) || (Fp)},
what will be the formal language accepted of this LTL formula?
For example :
ltl p { p && (Xq)}
{w = a0a1a2.... | p∈a0 && q∈a1}
The property X q || F p accepts words of the language
{ w = w0w1w2... | q ∈ w1 or ∃wi. p ∈ wi }
Another way to look at the accepted language is to draw the Buchi Automaton corresponding to the LTL formula X q || F p:
Credits: image generated with ltl2ba
Related
Given the language below, how do i find a regular expression for the language...
L = { a^n b^m | n >= 4 , m <= 3}
I try to prove the following lemma. It seems really trivial, but I can't manage to prove it. Thank you in advance!
lemma test(x : seq<int>)
// if the values from x are margined by an interval
// the values are different
// and the number of values equals the size of the interval
// then all values from the interval appear in x
requires forall i :: 0 <= i < |x| ==>
0 <= x[i] < |x|;
requires forall i :: 0 <= i < |x| ==>
forall i' :: 0 <= i' < |x| && i != i' ==>
x[i] != x[i'];
ensures forall v :: 0 <= v < |x| ==>
exists i :: 0 <= i < |x| && x[i] == v;
{
}
https://rise4fun.com/Dafny/d8VK
Here's one way to do it, using some facts about set cardinalities.
lemma test(x : seq<int>)
// if the values from x are margined by an interval
// the values are different
// and the number of values equals the size of the interval
// then all values from the interval appear in x
requires forall i :: 0 <= i < |x| ==>
0 <= x[i] < |x|;
requires forall i :: 0 <= i < |x| ==>
forall i' :: 0 <= i' < |x| && i != i' ==>
x[i] != x[i'];
ensures forall v :: 0 <= v < |x| ==> v in x
{
var L: set<int>, R: set<int> := {}, RangeSet(0, |x|);
var i := 0;
CardinalityRangeSet(0, |x|);
while i < |x|
invariant 0 <= i <= |x|
invariant L == set j | 0 <= j < i :: x[j]
invariant forall v | v in L :: v in x
invariant forall v | 0 <= v < |x| :: v in L || v in R
invariant |R| == |x| - i
{
L, R := L + {x[i]}, R - {x[i]};
i := i + 1;
}
}
predicate InRange(lo: int, hi: int, i: int)
{
lo <= i < hi
}
function RangeSet(lo: int, hi: int): set<int>
{
set i | lo <= i < hi && InRange(lo, hi, i)
}
lemma CardinalityRangeSet(lo: int, hi: int)
decreases hi - lo
ensures |RangeSet(lo, hi)| == if lo >= hi then 0 else hi - lo
{
if lo < hi {
assert RangeSet(lo, hi) == {lo} + RangeSet(lo + 1, hi);
CardinalityRangeSet(lo + 1, hi);
}
}
I changed your specification slightly to use the Dafny syntax v in x, which is equivalent to what you wrote, and a little easier for Dafny to reason about.
The basic idea of the proof is to start with the range R of elements 0..|x|, and then iteratively remove elements x[i] from R and add them to L. This maintains the invariant that every number in the range 0..|x| is either in L or R, while the cardinality of R decreases on every iteration. Thus, at the end of the loop R is empty, so every number in the range must be in L, and therefore in x.
I also used one helper lemma proved by induction to show that RangeSet has the expected size.
(Edited to get rid of "No terms found to trigger on" warning in RangeSet. Introducing the predicate InRange gives it something to trigger on, but you still need to include the explicit range in RangeSet because otherwise it can't figure that the set is finite.)
I am trying to translate a VDM model to Isabelle, but for some reason, what
I do, do not work
The following sample is a VDM function of my model
Dot_Move_invariant: Dot * Dot -> bool
Dot_Move_invariant(d1, d2) ==
d1 < d2 and
let coordinate_1 = Dot_Coord(d1) in
let coordinate_2 = Dot_Coord(d2) in
moving_coordinates_invariant(coordinate_1, coordinate_2);
And the following sample represents my attempt to translate it
definition
Dot_Move_invariant:: "Dot⇒Dot⇒𝔹"
where "Dot_Move_invariant d1 d2 ≡ d1 < d2 ∧ let x = (SOME y. y ∈ Dot_Coord d1) in x ∧ let y = (SOME x. x ∈ Dot_Coord d2 ) "
The error I get is: Inner syntax error⌂
Failed to parse prop
It might be following:
"Dot_Move_invariant d1 d2 ≡ d1 < d2 ∧ let x = (SOME y. y ∈ Dot_Coord d1) in x ∧ let y = (SOME x. x ∈ Dot_Coord d2 ) in y"
cubes = [ (a,b,c) | a <- [1..30],b <-[1..30],c <- [1..30] ]
filtering (d,f,g)
| d == f && f == g && d ==g = "cube"
third = filter newfun cubes
newfun (x,y,z) = (filtering (x,y,z) == "cube")
*Charana> third
[(1,1,1)*** Exception: haskell.hs:(55,1)-(56,37): Non-exhaustive patterns in function filtering
So when i put this in terminal it gives me a non-exhaustive pattern error ,the functions individually by them selves works fine and the program complies fine too.Any idea?
Thank you
Try this instead:
cubes = [ (a,b,c) | a <- [1..30],b <-[1..30],c <- [1..30] ]
filtering (d,f,g) = d == f && f == g && d == g
third = filter filtering cubes
Some comments:
Do you really need to check d == g? I'd expect it to follow by transitivity from the other two equality checks.
It is customary to add type annotations to top-level definitions. I'd suggest e.g.
cubes :: [(Int,Int,Int)]
cubes = [ (a,b,c) | a <- [1..30],b <-[1..30],c <- [1..30] ]
filtering :: (Int,Int,Int) -> Bool
filtering (d,f,g) = d == f && f == g && d == g
third :: [(Int,Int,Int)]
third = filter filtering cubes
Always compile your code with warning enabled. E.g. use this at the top of your file
{-# OPTIONS -Wall #-}
or pass the -Wall flag manually to GHC. If you do, it will warn you about functions being potentially non-exhaustive at compile time. For instance,
someFunction x
| someConditionOn x = someValue
will trigger the warning since it does not say what should be the result when someConditionOn x is false.
I often hear the phrase, guards are just syntactic sugar for if-then-else (or case statements).
Can somebody please desugar the following instance:
halfOf :: Int -> Int
halfOf x | even x = div x 2
(The function is intentionally partial)
Thanks,
halfOf x =
if even x
then div x 2
else error "Incomplete pattern match"
The exact kind of error triggered by an unhandled case is not specified by the language definition, and varies from compiler to compiler.
edit: If there are multiple guards and/or patterns, each guard or pattern match goes into the non-matching part of the previous case.
compare x y
| x == y = foo
| x /= y = bar
compare _ _ = baz
produces
compare x y =
if x == y
then foo
else if x /= y
then bar
else baz
The semantics of pattern matching are defined in the following section of the standard: Formal Semantics of Pattern Matching.
The step that is relevant to your question is c. As you can see, pattern matches with guards of the form
case v of { p | g1 -> e1 ; ...
| gn -> en where { decls }
_ -> e' }
Are translated to pattern matches without guards as:
case e' of
{y ->
case v of {
p -> let { decls } in
if g1 then e1 ... else if gn then en else y ;
_ -> y }}
So pattern guards are defined in terms of if and "fallthrough" is implemented by binding the expression to a variable and then repeating it once in the else clause of the if and then in the pattern that you'd fall through to.
If there is no case to fall through to (as in your example) one will have been inserted by step b, which inserts a default case _ -> error "No match"