In the last session, we've seen that our function definitions give us certain equations that can be used to compute parts of an expression in this session. We go on in the same direction by showing that the same equations also allow us to reason about the correctness of our operations. Recall the concatenation operation ++ on lists. What would it mean to say ++ is correct? Correct in what sense? So one thing we could do is verify that concatenation satisfies certain laws, for instance, that it's associative and that it admits the empty list Nil as neutral element to the left and to the right. So we would postulate these three laws that we say (xs + yx) in parenthesis on the left, followed by + zs. This is same thing as xs+ ys + zs, xs++Nil is xs, Nill++xs is xs. Okay, so now that we've established the properties, how can we prove them? And the answer is by using structural induction on lists. So what is structural induction? Well, let's take a step back and first have a look at natural induction. Probably most of you know that already. To show a property p(n) for all integers n greater or equal one base case b. We show that p(b) holds and for all integers n>b, we show the induction step. If one has p(n), than one also has p(n+1). Natural induction can be used also in programming, for instance, in this example here. We have the factorial function that you know, and we want to show that for all n greater equal 4 factorial of n is greater or equal power of 2 to the nth. So that's the implementation of 2 to the nth. So to prove that we start with the base case which is 4. And that cases established by simple calculation, factorial (4) is 24 2 to the 4th is 16, so 24 is greater or equal 16 and we're done. For the induction step we proceed as follows, we have for n greater or equal 4 that factorial n +1 is greater or equal n+1 x factorial of n. And that's simply by the 2nd clause of factorial. That's an equality factorial n+1, is that. So if we have equality here, we can also assume greater equal. And that's in turn greater than 2 x factorial of n simply by calculation n +1 is at least 5. Now by the induction hypothesis, we know that for n factorial of n is greater or equal power 2 to the nth. And that by the definition of power is power of 2 to the nth + first. So we have again a chain of greater or greater or equals. It starts with factorial n +1 and ends in 2 to the n + first. And in the sequence we used here, the induction hypothesis which says we are allowed to assume if we want to prove the case for n+1, that the case for n already holds. In these proofs, we have freely applied reduction steps as equalities to some part of a term. That means we have replaced the left hand side of a function with its right hand side or vice versa. That works because pure functional programs don't have side effects. So a term is equivalent to the term to which it reduces and a function left hand side is equivalent to its right hand side. That principle is called referential transparency and it's really the basis that makes everything in this kind of proof system work. So the principle of structural induction is analogous to natural induction. It goes like this to prove a property p(xs) for all lists xs, show that p(Nil) holds, that's a base case. And for a list sx and some element x, show the induction step. The induction step to show is if p(xs) holds, then p(x :: xs)also holds. So let's apply this principle in the proof of associativity for concat. So, we want to show that for all lists xs, ys, and zs this equation holds. To do this we want to use structural induction on xs let the left most list. So we saw the previous implementation of ++ that you saw here. And we can distill from this to defining classes of ++ that state how ++ works on its left operant. So we know that Nil ++ys is ys. And that x followed by xs1 ++ ys is x followed by xs1++ ys. So we read that off the 2nd clause here. And we're going to use these two clauses in turn for our proof. So let's look at the base case for the left hand side, we have Nil ++ys++ zs. By the first clause of ++ Nil ++ ys is ys. So that's ys ++ zs. And for the right hand side we have Nil ++ ys ++ zs, again by the first clause of ++, that's ys ++ zs, so the two are the same. And that in turn proves that this term here is the same as that term here. The case is therefore established. So now let's do the induction step where our left hand list is assumed to be of the former x colons xs. So the left hand side now looks like this (x colons xs) ++ ys)++ zs. Let's simplify that. To do that, we have to look at the 2nd clause of ++. So the 2nd clause is here, it says essentially that if I have a colons and a ++, I can move the parenthesis from the left to the right. So that's the case here. We have the parents here, let's move them to the right. That gives this term here. So we now have x colon xs now associates with ys ++ zs. Now we can simplify that further using the same trick. So we now move these parents to the right, so that gives us x and then xs ++ ys together with zs. Now we can apply the induction hypothesis. We have x ++ ys ++zs. So we can assume that one is associative. So by the induction hypothesis we get xs ++ and ys and zs, then in parenthesis together. And that's as far as the left hand side goes. So let's stick with that and concentrate on the right hand side. So for the right hand side, we have this. By the 2nd clause of ++ we can move the parenths here from the left to the right, so that gives x colon sx ++ ys ++ zs. And that's actually exactly the same as what we have seen here before. So the equality is established. We have the left hand side which is equal to this, and then that's where we picked up. And that's again equal to the right hand side going up. So we have a series of equalities which established the inductive case. So here's an exercise for you show by induction on xs that xs ++ Nil is xs. So that Nil is a neutral element on the right. How many equations do you need for the inductive step? 2, 3 or 4? Well, let's see. The inductive step would look like this, so it would be x followed by xs ++ Nil. So by the 2nd clause of ++, that's the same as xs ++ Nil. And by the induction hypothesis that's the same as x colon colon xs. So 2 is correct, we need 2 equations to get there.
