I'm trying out some of the examples of a Z3 tutorial that involve recursive functions. I've tried out the following example.
Fibonacci (Section 8.3)
IsNat (Section 8.3)
Inductive (Section 10.5)
Z3 times out on all of the above examples. But, the tutorial seems to imply that only Inductive is non-terminating.
Can Z3 check the satisfiability of formulas that contain recursive functions or it cannot handle any inductive facts?
These examples from the Z3 tutorial are there to illustrate limitations of the technology behind Z3.
Z3 fails on these examples for two reasons:
The models produced by Z3 assign an interpretation for each uninterpreted function symbol. The models can be viewed as functional programs. The current version does not produce recursive definitions. The first example is satisfiable, but Z3 fails to produce an interpretation for fib because it does not support recursive definitions.
We have plans to extend Z3 in this direction.
Z3 does not support proofs by induction. Examples 2 and 3 are unsatisfiable, but Z3 fails because it does not support proof by induction.
We also have plans to add basic support for that.
Although these items are on my TODO list, I will not start working on them this year.
Related
Symbolic calculations performed manually or by a computer algebra system may be faulty or hold only subject to certain assumptions. A classical example is sqrt(x^2) == x which is not true in general but it does hold if x is real and non-negative.
Are there examples where proof assistants/checkers such as Coq, Isabelle, HOL, Metamath, or others are used to certify correctness of symbolic calculations? In particular, I am interested in calculus and linear algebra examples such as solving definite or indefinite integrals, differential equations, and matrix equations.
Update:
To be more concrete, it would be interesting to know whether there are examples of undergraduate assignments in calculus and linear algebra that could be formally solved (possibly with the help of a proof assistant) such that the solution can be automatically verified by a proof checker. A very simple example assignment for Lean is here.
For the Coq proof assistant there are several libraries to help with that. One matching your request quite well is Coquelicot (https://gitlab.inria.fr/coquelicot/coquelicot). The Coquelicot team made an exercise and participated in the French baccalauréat - I would say comparable more to a college than a high school math exam - and finished proofs for a good part of the exercises. The proofs can be found in the examples here (https://gitlab.inria.fr/coquelicot/coquelicot/-/tree/master/examples). I thought about translating the exercises and solutions to English.
But this was quite a few years ago and meanwhile there are very powerful tools for specific applications. E.g. there is coq-interval (https://gitlab.inria.fr/coqinterval/interval) which fully automatically does Coq proofs of rather complicated inequalities, say that a high order polynomial matches a sine function in a certain interval with a certain maximum deviation. It does this by Taylor decomposition and computing upper bounds for the residual. It can also do error proofs for a wide range of numerical integrals. A new feature added recently is the ability to do proven correct plots.
A tool for proving in Coq the error between infinite precision real and floating point computations is Gappa (https://gitlab.inria.fr/gappa/gappa).
Another very interesting Coq development is CoRN (https://github.com/coq-community/corn), a formalization of constructive reals in Coq. Constructive Reals are true real numbers which do compute. Essentially a constructive real number is an algorithm to compute a number to any desired precision together with a proof that this algorithm converges. One can prove that such numbers fulfill all usual properties of real numbers. An interesting side effect of constructive reals is that they need only LPO as axiom, while in classical reals the existence of the real numbers itself is an axiom. Any computation you do in CoRN, say pi>3, is automatically proven correct.
All these tools are included in Coq Platform, a common distribution of the Coq proof assistant.
There is more and this is steadily increasing. I would say it is not that far in the future that we have a usable proven correct CAS.
The only thing that comes to my mind is that Isabelle/HOL can replay SMT proofs (as produced e.g. by Z3 or CVC4), e.g. involving integer and real arithmetic. For computer algebra systems, I don't know of any comparable examples.
The problem is that computer algebra systems tend not to be set up in a way where they can output a detailed certificate for their simplifications – if they were able to do that, one could attempt to replay that in a theorem prover. But it would have to go beyond purely equational reasoning, since many rules (such as your example) require proving inequalities as preconditions.
If computer algebra systems were able to output a trace of their computations as a list of rewrite rules that were used, including how to prove each of their preconditions, one could in principle replay such a trace in a theorem prover – but that would of course require that every rule used by the CAS has a corresponding rule in the theorem prover (this is roughly how replaying SMT proofs works in Isabelle). However, I do not know of any projects like this.
There are, on the other hand, various examples where CASs are used to compute some easily verifiable (but hard to compute) result, e.g. factoring a polynomial, isolating the roots of a real polynomial, Wilf–Zeilberger witnesses, and then verifying that this is really a valid result in a theorem prover. However, this does not involve certifying the computation process of the CAS, just the result.
for demonstration purposes, I prepared a small "fake exercise" both to illustrate what it means to verify a calculation and to illustrate the most graphical approaches available in Coq (this shows some of the things you can do in Nov. 2021).
It can be seen on github at github.com:ybertot/osxp_demos_coq, especially the file sin_properties.v.
The demonstration follows this path:
Show that we can state and prove automatically a statement giving a "safe approximation" of PI (that's the name of the mathematical constant in the Coq library).
Show that Coq can be used to plot a known mathematical function, in this case the sin function between 0 and PI. This relies on a connexion to gnuplot for the graphical display. I am afraid that gnuplot will not be included in the Coq platform mentioned by M. Soegtrop in another answer.
Show that we can also plot the function sin(1/x) using Coq
(the plot is actually preserved as a pdf file on the github repository)
Show that a generic function plotter actually returns a misleading result in that case (the generic function plotter is gnuplot).
The misleading plot is also given in the github repository as a pdf file.
The next step is to show that we can prove guaranties of intervals for some computations, sometimes automatically using the interval tactic, and sometimes the interval tactic fails to conclude. The important point here is that the command fails to conclude, instead of giving an answer that cannot be trusted. When this happens, users can rely on knowledge and mathematical reasoning to obtain the desired result. The demo shows how to prove that for any x in a certain range, the sin function is guaranteed to have a positive value.
The next step is about proving that sin x < x for every positive x, it shows that mathematical reasoning can rely on various techniques of mathematics:
decomposing the interval in two parts,
using the mean value theorem,
computing the derivative of x - sin x (and this can be done automatically in Coq),
relying on the fact that cos is known to be strictly decreasing between 0 and PI.
This is just a short demo, which is also meant to explain how a theorem prover has to be used differently from a pocket calculator, because just returning an approximation without qualification for the value of a mathematical formula is a process that cannot really be trusted.
The original question also includes questions about computing integrals. The interval package also contains facilities for this.
Matlab has functionalities that allow you to work with known functions that you must define.
But, sometimes I want to do a complex symbolic calculation using a general function, Say A(x), without specifying A(x).
In other words, is it possible for me to make a statement like
diff(A(x^2+1),x), where the answer should involve a symbolic derivative of A???
diff(A(x^2+1),x) = A' diff(x^2+1,x)
That is, if A' is the derivative of A.
Yes. The functionality you describe is part of the symbolic algebra toolkit -- note that it comes with some fairly significant limitations, but, in short, all you would require would be
syms x A(x)
diff(A(x), x)
Note that ' is reserved for transpose, even with symbolic functions. (Although, personally, I'd frankly suggest Mathematica for any serious symbolic algebra any day over matlab -- it's really the intended purpose of the whole product, whereas the symbolic algebra toolkit is exactly that: a toolkit add-on to the core features of Matlab, namely fast linear algebra).
I'm considering to learn Scala for my algorithm development, but first need to know if the language has implemented (or is implementing) complex inverse and pseudo-inverse functions. I looked at the documentation (here, here), and although it states these functions are for real matrices, in the code, I don't see why it wouldn't accept complex matrices.
There's also the following comment left in the code:
pinv for anything that can be transposed, multiplied with that transposed, and then solved
Is this just my wishful thinking, or will it not accept complex matrices?
Breeze implementer here:
I haven't implemented inv etc. for complex numbers yet, because I haven't figured out a good way to store complex numbers unboxed in a way that is compatible with blas and lapack and doesn't break the current API. You can set the call up yourself using netlib java following a similar recipe to the code you linked.
I have a program written in Fortran and in Julia, one of the cases I have symmetric matrices
and I get results more or less similar with both programs. When I switch to a case where I have hermitian matrices, the program in Julia and the program in Fortran give me different stuff. I would guess that maybe the difference comes from the diagonalization procedure, in Fortran I use:
ZHEEVD(..)
while in Julia I simply use:
eig(matrix)
The first thing that I notice is that ZHEEVD fixes the first row of the eigenvector matrices to real numbers (no imaginary part), while eig fixes the last row to real numbers.
Any idea how to overcome this tiny differences? Any more info that can be useful when dealing with julia's linear algebra built-ins?
Digging in to the Julia methods (the #less macro is very handy for this), you'll find that it eventually calls the LAPACK.syevr! method, which in the Complex128 case is a wrapper for the ZHEEVR LAPACK method (scroll down a bit to see the actual definition).
If you'd prefer to keep using ZHEEVD, you can access it via the ccall interface: see the manual section on Calling C and Fortran code. The LAPACK wrappers linked above should provide plenty of examples (LAPACK comes as part of OpenBLAS, which is included in Julia, so you shouldn't need to install anything else).
I need to find the roots from the equations as follows (Mathematica):
Sqrt[3]/2*x-(I-x*Sqrt[3]/2*c^2)*I/Sqrt[2*Pi]/d^3*Integrate[t*Exp[-t^2/2/d^2]/(Sqrt[3]/2*x+I*(t+b0)),{t,-Inf,Inf}]=0
i.e. as the picture shows:
where c, d, and b0 is given parameters, x is a complex root needs to find.
I have tried several methods, including scanning the real and imagine part of x and the iteration approach, but non of them could resolve all the cases.
Are there any general approaches that could solve such kind of equation efficiently, or by MATLAB/Mathematica?
did you try Matlab's mupad? it is a powerful symbolic tool, very similar to Maple wich gives really good results in non-numerical mathematics. Try there. declare the equation, give assumptions to the software ,i.e assume c real positive (don't copy this, I dont remember the proper syntax) and then solve! It will very likely find a solution if it exits (sometimes in some mathematical cases that you even don't know!)