nominal2: comparison Slides/Slides6.thy

equal deleted inserted replaced

-:d3ad5dc11ab3
+:03de62208942
 \end{center}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 *}
 text_raw {*
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}<1->[c]
 \frametitle{My Background}
-\begin{itemize}
+\mbox{}\\[-10mm]
-\item researcher in Theoretical Computer Science\medskip
+\begin{itemize}
+\item My background is in theory and programming languages.\bigskip
-\item programmer on a \alert<2->{software system} with 800 kloc (though I am
+\pause
-responsible only for 35 kloc)
-\end{itemize}
+\item But I am also a programmer with a \alert<2>{software system} of around 800 kloc
+(though I am responsible for only appr.~35 kloc),
-\only<2->{
-\begin{textblock}{6}(2,11)
+\item and I write papers.
+\end{itemize}
+\only<2>{
+\begin{textblock}{6}(6.5,11.5)
 \begin{tikzpicture}
 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
 {\color{darkgray}
-\begin{minipage}{4cm}\raggedright
+\begin{minipage}{6.5cm}\raggedright
-A theorem prover called {\bf Isabelle}.
+\begin{tabular}[b]{@ {}p{4.5cm}c@ {}}
+\raggedright
+The software is a theorem prover, called {\bf Isabelle}.
+& \mbox{}\hspace{-5mm}\raisebox{-14mm}{\includegraphics[scale=0.28]{isabelle1.png}}
+\end{tabular}%
 \end{minipage}};
 \end{tikzpicture}
 \end{textblock}}
+\only<4>{
-\only<3>{
+\begin{textblock}{6}(3,11.5)
-\begin{textblock}{6}(9,11)
 \begin{tikzpicture}
 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
 {\color{darkgray}
-\begin{minipage}{4cm}\raggedright
+\begin{minipage}{9.6cm}\raggedright
-Like every other code, this code is very hard to
+So I can experience every day that writing error-free code is {\bf very, very hard}
-get correct.
+and that papers are also {\bf hard} to get correct.
 \end{minipage}};
 \end{tikzpicture}
 \end{textblock}}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 *}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
+text_raw {*
-\begin{frame}<1->[t]
-\frametitle{Regular Expressions}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
-An example many (should) know about:\\
+\begin{frame}
-\rd{\bf Regular Expressions:}
+\frametitle{Getting Papers Correct}
-\only<2>{
+\begin{minipage}{1.1\textwidth}
-\begin{center}
+My work over the last 5 years.\\
-\bl{[] $\;\;\;|\;\;\;$ c $\;\;\;|\;\;\;$  r$_1$$|$r$_2$  $\;\;\;|\;\;\;$
+{\small (in the fields of programming languages, logic and lambda-calculi)}
-r$_1$$\cdot$r$_2$ $\;\;\;|\;\;\;$ r$^*$}
+\end{minipage}\bigskip
-\end{center}}
-\only<3->{
+\only<1>{
-\begin{center}
+\mbox{}\\[15mm]
-\begin{tabular}{@ {}rrll@ {}}
+\begin{center}
-\bl{r} & \bl{$::=$}  & \bl{NULL}            & \gr{(matches no string)}\\
+\begin{tikzpicture}[node distance=0.5mm]
-& \bl{$\mid$} & \bl{EMPTY}           & \gr{(matches the empty string, [])}\\
+\node at (-1.0,-0.3) (proof) [double arrow, fill=gray,text=white, minimum height=2cm]{\bf Proof};
-& \bl{$\mid$} & \bl{CHR c}           & \gr{(matches the character c)}\\
+\node [left=of proof]{\Large\bf Specification};
-& \bl{$\mid$} & \bl{ALT r$_1$ r$_2$} & \gr{(alternative, r$_1 |\,$r$_2$)}\\
+\node [right=of proof]{\Large\bf Code};
-& \bl{$\mid$} & \bl{SEQ r$_1$ r$_2$} & \gr{(sequential, r$_1\cdot\,$r$_2$)}\\
-& \bl{$\mid$} & \bl{STAR r}          & \gr{(repeat, r$^*$)}\\
-\end{tabular}
-\end{center}\medskip}
-\small
-\begin{textblock}{14.5}(1,12.5)
-\only<2->{\gr{(a$\cdot$b)$^*$ \hspace{3mm}$\mapsto$\hspace{3mm} \{[], ab, abab, ababab, \ldots\}}\\}
-\only<2->{\gr{x$\cdot$(0 $|$ 1 $|$ 2  \ldots  8 $|$ 9)$^*$ \hspace{3mm}$\mapsto$\hspace{3mm}
-\{x, x0, x1, \ldots, x00, \ldots, x123, \ldots\}}}
-\end{textblock}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1>[c]
-\frametitle{RegExp Matcher}
-Let's implement a regular expression matcher:\bigskip
-\begin{center}
-\begin{tikzpicture}
-%%\draw[help lines, black] (-3,0) grid (6,3);
-\draw[line width=1mm, red] (0.0,0.0) rectangle (4,2.3);
-\node[anchor=base] at (2,1)
-{\small\begin{tabular}{@ {}c@ {}}\Large\bf Regular\\
-\Large\bf Expression \\
-\Large\bf Matcher\end{tabular}};
-\coordinate (m1) at (0,1.5);
-\draw (-2,2) node (m2) {\small\begin{tabular}{c}\bl{regular}\\[-1mm] \bl{expression}\end{tabular}};
-\path[overlay, ->, line width = 1mm, shorten <=-3mm] (m2) edge (m1);
-\coordinate (s1) at (0,0.5);
-\draw (-1.8,-0) node (s2) {\small\begin{tabular}{c}\bl{string}\end{tabular}};
-\path[overlay, ->, line width = 1mm, shorten <=-3mm] (s2) edge (s1);
-\coordinate (r1) at (4,1.2);
-\draw (6,1.2) node (r2) {\small\begin{tabular}{c}\bl{true}, \bl{false}\end{tabular}};
-\path[overlay, ->, line width = 1mm, shorten >=-3mm] (r1) edge (r2);
 \end{tikzpicture}
 \end{center}
+}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1->[t]
-\frametitle{RegExp Matcher}
-\small
-{\bf input:} a \underline{list} of RegExps and a string \hspace{6mm}{\bf output:} true or false
-\only<2->{
-\begin{center}
-\begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {}}
-\bl{match [] []}                   & \bl{$=$} & \bl{true}\\
-\bl{match [] \_}                   & \bl{$=$} & \bl{false}\\
-\bl{match (NULL::rs) s}            & \bl{$=$} & \bl{false}\\
-\bl{match (EMPTY::rs) s}           & \bl{$=$} & \bl{match rs s}\\
-\bl{match (CHR c::rs) (c::s)}      & \bl{$=$} & \bl{match rs s}\\
-\bl{match (CHR c::rs) \_}          & \bl{$=$} & \bl{false}\\
-\bl{match (ALT r$_1$ r$_2$::rs) s} & \bl{$=$} & \bl{match (r$_1$::rs) s}\\
-&          & \bl{\;\;\;\;orelse match (r$_2$::rs) s}\\
-\bl{match (SEQ r$_1$ r$_2$::rs) s} & \bl{$=$} & \bl{match (r$_1$::r$_2$::rs) s}\\
-\bl{match (STAR r::rs) s}          & \bl{$=$} & \bl{match rs s}\\
-&          & \bl{\;\;\;\;orelse match (r::STAR r::rs) s}\\
-\end{tabular}
-\end{center}}
-\onslide<3->{we start the program with\\
-\hspace{6mm}\bl{matches r s $=$ match [r] s}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1>[c]
-\frametitle{Program in Scala}
-\bl{\footnotesize
-\begin{tabular}{l}
-sealed abstract class Rexp\\
-sealed case class Null extends Rexp\\
-sealed case class Empty extends Rexp\\
-sealed case class Chr(c: Char) extends Rexp\\
-sealed case class Alt(r1 : Rexp, r2 : Rexp) extends Rexp\\
-sealed case class Seq(r1 : Rexp, r2 : Rexp) extends Rexp\\
-sealed case class Star(r : Rexp) extends Rexp\medskip\\
-def match1 (rs : List[Rexp], s : List[Char]) : Boolean = rs match \{\\
-\hspace{3mm}case Nil @{text "\<Rightarrow>"} if (s == Nil) true else false\\
-\hspace{3mm}case (Null()::rs) @{text "\<Rightarrow>"} false\\
-\hspace{3mm}case (Empty()::rs) @{text "\<Rightarrow>"} match1 (rs, s)\\
-\hspace{3mm}case (Chr(c)::rs) @{text "\<Rightarrow>"} s match \\
-\hspace{6mm}\{ case Nil @{text "\<Rightarrow>"} false\\
-\hspace{8mm}case (d::s) @{text "\<Rightarrow>"} if (c==d) match1 (rs,s) else false \}\\
-\hspace{3mm}case (Alt (r1, r2)::rs) @{text "\<Rightarrow>"} match1 (r1::rs, s) || match1 (r2::rs, s)\\
-\hspace{3mm}case (Seq (r1, r2)::rs) @{text "\<Rightarrow>"} match1 (r1::r2::rs, s) \\
-\hspace{3mm}case (Star (r)::rs) @{text "\<Rightarrow>"} match1 (r::rs, s) || match1 (r::Star (r)::rs, s)\\
-\}
-\end{tabular}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1->[c]
-\frametitle{Testing}
-\small
-Every good programmer should do thourough tests:
-\begin{center}
-\begin{tabular}{@ {\hspace{-20mm}}lcl}
-\bl{matches (a$\cdot$b)$^*\;$ []}     & \bl{$\mapsto$} & \bl{true}\\
-\bl{matches (a$\cdot$b)$^*\;$ ab}   & \bl{$\mapsto$} & \bl{true}\\
-\bl{matches (a$\cdot$b)$^*\;$ aba}  & \bl{$\mapsto$} & \bl{false}\\
-\bl{matches (a$\cdot$b)$^*\;$ abab} & \bl{$\mapsto$} & \bl{true}\\
-\bl{matches (a$\cdot$b)$^*\;$ abaa} & \bl{$\mapsto$} & \bl{false}\medskip\\
-\onslide<2->{\bl{matches x$\cdot$(0$|$1)$^*\;$ x}   & \bl{$\mapsto$} & \bl{true}}\\
-\onslide<2->{\bl{matches x$\cdot$(0$|$1)$^*\;$ x0}  & \bl{$\mapsto$} & \bl{true}}\\
-\onslide<2->{\bl{matches x$\cdot$(0$|$1)$^*\;$ x3}  & \bl{$\mapsto$} & \bl{false}}
-\end{tabular}
-\end{center}
-\onslide<3->
-{looks OK \ldots let's ship it to customers\hspace{5mm}
-\raisebox{-5mm}{\includegraphics[scale=0.05]{sun.png}}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1->[t]
-\frametitle{Testing}
-\begin{itemize}
-\item While testing is an important part in the process of programming development\pause
-\item we can only test a {\bf finite} amount of examples\bigskip\pause
-\begin{center}
-\colorbox{cream}
-{\gr{\begin{minipage}{10cm}
-``Testing can only show the presence of errors, never their
-absence'' (Edsger W.~Dijkstra)
-\end{minipage}}}
-\end{center}\bigskip\pause
-\item In a theorem prover we can establish properties that apply to
-{\bf all} input and {\bf all} output.\pause
-\item For example we can establish that the matcher terminates
-on all input.
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1->[t]
-\frametitle{RegExp Matcher}
-\small
-We need to find a measure that gets smaller in each recursive call.\bigskip
-\onslide<1->{
-\begin{center}
-\begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {\hspace{-9mm}}l@ {}}
-\bl{match [] []}                   & \bl{$=$} & \bl{true} & \onslide<2->{\ok}\\
-\bl{match [] \_}                   & \bl{$=$} & \bl{false} & \onslide<2->{\ok}\\
-\bl{match (NULL::rs) s}            & \bl{$=$} & \bl{false} & \onslide<2->{\ok}\\
-\bl{match (EMPTY::rs) s}           & \bl{$=$} & \bl{match rs s} & \onslide<3->{\ok}\\
-\bl{match (CHR c::rs) (c::s)}      & \bl{$=$} & \bl{match rs s} & \onslide<4->{\ok}\\
-\bl{match (CHR c::rs) \_}          & \bl{$=$} & \bl{false} & \onslide<2->{\ok}\\
-\bl{match (ALT r$_1$ r$_2$::rs) s} & \bl{$=$} & \bl{match (r$_1$::rs) s} & \onslide<5->{\ok}\\
-&          & \bl{\;\;\;\;orelse match (r$_2$::rs) s}\\
-\bl{match (SEQ r$_1$ r$_2$::rs) s} & \bl{$=$} & \bl{match (r$_1$::r$_2$::rs) s} & \onslide<6->{\ok}\\
-\bl{match (STAR r::rs) s}          & \bl{$=$} & \bl{match rs s} & \onslide<7->{\notok}\\
-&          & \bl{\;\;\;\;orelse match (r::STAR r::rs) s}\\
-\end{tabular}
-\end{center}}
-\begin{textblock}{5}(4,4)
-\begin{tikzpicture}
-%%\draw[help lines, black] (-3,0) grid (6,3);
-\coordinate (m1) at (-2,0);
-\coordinate (m2) at ( 2,0);
-\path[overlay, ->, line width = 0.6mm, color = red] (m1) edge (m2);
-\draw (0,0) node[above=-1mm] {\footnotesize\rd{needs to get smaller}};
-\end{tikzpicture}
-\end{textblock}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1->[c]
-\frametitle{Bug Hunting}
-\only<1>{Several hours later\ldots}\pause
-\begin{center}
-\begin{tabular}{@ {\hspace{-20mm}}lcl}
-\bl{matches (STAR (EMPTY)) s}     & \bl{$\mapsto$} & loops\\
-\onslide<4->{\bl{matches (STAR (EMPTY $|$ \ldots)) s}   & \bl{$\mapsto$} & loops\\}
-\end{tabular}
-\end{center}
-\small
-\onslide<3->{
-\begin{center}
-\begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {}}
-\ldots\\
-\bl{match (EMPTY::rs) s}           & \bl{$=$} & \bl{match rs s}\\
-\ldots\\
-\bl{match (STAR r::rs) s}          & \bl{$=$} & \bl{match rs s}\\
-&          & \bl{\;\;\;\;orelse match (r::STAR r::rs) s}\\
-\end{tabular}
-\end{center}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1->[c]
-\frametitle{RegExp Matcher}
-\small
-\begin{center}
-\begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {}}
-\bl{match [] []}                   & \bl{$=$} & \bl{true}\\
-\bl{match [] \_}                   & \bl{$=$} & \bl{false}\\
-\bl{match (NULL::rs) s}            & \bl{$=$} & \bl{false}\\
-\bl{match (EMPTY::rs) s}           & \bl{$=$} & \bl{match rs s}\\
-\bl{match (CHR c::rs) (c::s)}      & \bl{$=$} & \bl{match rs s}\\
-\bl{match (CHR c::rs) \_}          & \bl{$=$} & \bl{false}\\
-\bl{match (ALT r$_1$ r$_2$::rs) s} & \bl{$=$} & \bl{match (r$_1$::rs) s}\\
-&          & \bl{\;\;\;\;orelse match (r$_2$::rs) s}\\
-\bl{match (SEQ r$_1$ r$_2$::rs) s} & \bl{$=$} & \bl{match (r$_1$::r$_2$::rs) s}\\
-\bl{match (STAR r::rs) s}          & \bl{$=$} & \bl{match rs s}\\
-&          & \bl{\;\;\;\;orelse match (r::STAR r::rs) s}\\
-\end{tabular}
-\end{center}
-\only<1>{
-\begin{textblock}{5}(4,4)
-\largenotok
-\end{textblock}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1->[t]
-\frametitle{Second Attempt}
-Can a regular expression match the empty string?
-\small
-\begin{center}
-\begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}ll@ {}}
-\bl{nullable (NULL)}            & \bl{$=$} & \bl{false} & \onslide<2->{\ok}\\
-\bl{nullable (EMPTY)}           & \bl{$=$} & \bl{true}  & \onslide<2->{\ok}\\
-\bl{nullable (CHR c)}           & \bl{$=$} & \bl{false} & \onslide<2->{\ok}\\
-\bl{nullable (ALT r$_1$ r$_2$)} & \bl{$=$} & \bl{(nullable r$_1$) orelse (nullable r$_2$)}
-& \onslide<2->{\ok}\\
-\bl{nullable (SEQ r$_1$ r$_2$)} & \bl{$=$} & \bl{(nullable r$_1$) andalso (nullable r$_2$)}
-& \onslide<2->{\ok}\\
-\bl{nullable (STAR r)}          & \bl{$=$} & \bl{true} & \onslide<2->{\ok}\\
-\end{tabular}
-\end{center}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1->[t]
-\frametitle{RegExp Matcher 2}
-If \bl{r} matches \bl{c::s}, which regular expression can match the string \bl{s}?
-\small
-\begin{center}
-\begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {\hspace{-10mm}}l@ {}}
-\bl{der c (NULL)}            & \bl{$=$} & \bl{NULL} & \onslide<3->{\ok}\\
-\bl{der c (EMPTY)}           & \bl{$=$} & \bl{NULL} & \onslide<3->{\ok}\\
-\bl{der c (CHR d)}           & \bl{$=$} & \bl{if c=d then EMPTY else NULL} & \onslide<3->{\ok}\\
-\bl{der c (ALT r$_1$ r$_2$)} & \bl{$=$} & \bl{ALT (der c r$_1$) (der c r$_2$)} & \onslide<3->{\ok}\\
-\bl{der c (SEQ r$_1$ r$_2$)} & \bl{$=$} & \bl{ALT (SEQ (der c r$_1$) r$_2$)} & \onslide<3->{\ok}\\
-&          & \bl{\phantom{ALT} (if nullable r$_1$ then der c r$_2$ else NULL)}\\
-\bl{der c (STAR r)}          & \bl{$=$} & \bl{SEQ (der c r) (STAR r)} & \onslide<3->{\ok}\medskip\\
 \pause
-\bl{derivative r []}     & \bl{$=$} & \bl{r} & \onslide<3->{\ok}\\
+\begin{tabular}{c@ {\hspace{2mm}}c}
-\bl{derivative r (c::s)} & \bl{$=$} & \bl{derivative (der c r) s} & \onslide<3->{\ok}\\
+\begin{tabular}{c}
-\end{tabular}
+\includegraphics[scale=0.09]{harper.jpg}\\[-2mm]
-\end{center}
+{\footnotesize Bob Harper}\\[-2.5mm]
+{\footnotesize (CMU)}
-we call the program with\\
+\end{tabular}
-\bl{matches r s $=$ nullable (derivative r s)}
+\begin{tabular}{c}
+\includegraphics[scale=0.31]{pfenning.jpg}\\[-2mm]
+{\footnotesize Frank Pfenning}\\[-2.5mm]
-\end{frame}}
+{\footnotesize (CMU)}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{tabular} &
-*}
+\begin{tabular}{p{6cm}}
-text_raw {*
+\raggedright\small
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\color{gray}{published a proof in ACM Transactions on Computational Logic (2005),
-\mode<presentation>{
+$\sim$31pp}
-\begin{frame}<1->[c]
+\end{tabular}\\
-\frametitle{But Now What?}
+\\[-4mm]
-\begin{center}
-{\usefont{T1}{ptm}{b}{N}\VERYHuge{\rd{?}}}
+\begin{tabular}{c}
-\end{center}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1->[c]
-\frametitle{Testing}
-\small
-\begin{center}
-\begin{tabular}{@ {\hspace{-20mm}}lcl}
-\bl{matches []$^*$ []} & \bl{$\mapsto$} & \bl{true}\\
-\bl{matches ([]$|$a)$^*$ a}  & \bl{$\mapsto$} & \bl{true}\medskip\\
-\bl{matches (a$\cdot$b)$^*\;$ []}     & \bl{$\mapsto$} & \bl{true}\\
-\bl{matches (a$\cdot$b)$^*\;$ ab}   & \bl{$\mapsto$} & \bl{true}\\
-\bl{matches (a$\cdot$b)$^*\;$ aba}  & \bl{$\mapsto$} & \bl{false}\\
-\bl{matches (a$\cdot$b)$^*\;$ abab} & \bl{$\mapsto$} & \bl{true}\\
-\bl{matches (a$\cdot$b)$^*\;$ abaa} & \bl{$\mapsto$} & \bl{false}\medskip\\
-\bl{matches x$\cdot$(0$|$1)$^*\;$ x}   & \bl{$\mapsto$} & \bl{true}\\
-\bl{matches x$\cdot$(0$|$1)$^*\;$ x0}  & \bl{$\mapsto$} & \bl{true}\\
-\bl{matches x$\cdot$(0$|$1)$^*\;$ x3}  & \bl{$\mapsto$} & \bl{false}
-\end{tabular}
-\end{center}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1->[t]
-\frametitle{Specification}
-We have to specify what it means for a regular expression to match
-a string.
-%
-\only<2>{
-\mbox{}\\[8mm]
-\bl{(a$\cdot$b)$^*$}\\
-\hspace{7mm}\bl{$\mapsto$\hspace{3mm}\{[], ab, abab, ababab, \ldots\}}\bigskip\\
-\bl{x$\cdot$(0 $|$ 1 $|$ 2  \ldots  8 $|$ 9 )$^*$}\\
-\hspace{7mm}\bl{$\mapsto$\hspace{3mm}
-\{x, x0, x1, \ldots, x00, \ldots, x123, \ldots\}}}
-%
-\only<3->{
-\begin{center}
-\begin{tabular}{rcl}
-\bl{\LL (NULL)}            & \bl{$\dn$} & \bl{\{\}}\\
-\bl{\LL (EMPTY)}           & \bl{$\dn$} & \bl{\{[]\}}\\
-\bl{\LL (CHR c)}           & \bl{$\dn$} & \bl{\{c\}}\\
-\bl{\LL (ALT r$_1$ r$_2$)} & \bl{$\dn$} & \onslide<4->{\bl{\LL (r$_1$) $\cup$ \LL (r$_2$)}}\\
-\bl{\LL (SEQ r$_1$ r$_2$)} & \bl{$\dn$} & \onslide<6->{\bl{\LL (r$_1$) ; \LL (r$_2$)}}\\
-\bl{\LL (STAR r)}          & \bl{$\dn$} & \onslide<8->{\bl{(\LL (r))$^\star$}}\\
-\end{tabular}
-\end{center}}
-\only<5-6>{
-\begin{textblock}{6}(2.9,13.3)
-\colorbox{cream}{\bl{S$_1$ ; S$_2$ $\;\dn\;$ \{ s$_1$@s$_2$ $|$ s$_1$$\in$S$_1$ $\wedge$
-s$_2$$\in$S$_2$ \}}}
-\end{textblock}}
-\only<7->{
-\begin{textblock}{9}(4,13)
-\colorbox{cream}{\bl{$\infer{\mbox{[]} \in \mbox{S}^\star}{}$}}\hspace{3mm}
-\colorbox{cream}{\bl{$\infer{\mbox{s}_1\mbox{@}\mbox{s}_2 \in \mbox{S}^\star}
-{\mbox{s}_1 \in \mbox{S} & \mbox{s}_2 \in \mbox{S}^\star}$}}
-\end{textblock}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1->[t]
-\frametitle{Is the Matcher Error-Free?}
-We expect that
-\begin{center}
-\begin{tabular}{lcl}
-\bl{matches r s = true}  & \only<1>{\rd{$\Longrightarrow\,\,$}}\only<2>{\rd{$\Longleftarrow\,\,$}}%
-\only<3->{\rd{$\Longleftrightarrow$}} & \bl{s $\in$ \LL(r)}\\
-\bl{matches r s = false} & \only<1>{\rd{$\Longrightarrow\,\,$}}\only<2>{\rd{$\Longleftarrow\,\,$}}%
-\only<3->{\rd{$\Longleftrightarrow$}} & \bl{s $\notin$ \LL(r)}\\
-\end{tabular}
-\end{center}
-\pause\pause\bigskip
-By \alert<4->{induction}, we can {\bf prove} these properties.\bigskip
-\begin{tabular}{lrcl}
-Lemmas:  & \bl{nullable (r)}          & \bl{$\Longleftrightarrow$} & \bl{[] $\in$ \LL (r)}\\
-& \bl{s $\in$ \LL (der c r)} & \bl{$\Longleftrightarrow$} & \bl{(c::s) $\in$ \LL (r)}\\
-\end{tabular}
-\only<4->{
-\begin{textblock}{3}(0.9,4.5)
-\rd{\huge$\forall$\large{}r s.}
-\end{textblock}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1->[t]
-\mbox{}\\[-2mm]
-\small
-\begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}ll@ {}}
-\bl{nullable (NULL)}            & \bl{$=$} & \bl{false} &\\
-\bl{nullable (EMPTY)}           & \bl{$=$} & \bl{true}  &\\
-\bl{nullable (CHR c)}           & \bl{$=$} & \bl{false} &\\
-\bl{nullable (ALT r$_1$ r$_2$)} & \bl{$=$} & \bl{(nullable r$_1$) orelse (nullable r$_2$)} & \\
-\bl{nullable (SEQ r$_1$ r$_2$)} & \bl{$=$} & \bl{(nullable r$_1$) andalso (nullable r$_2$)} & \\
-\bl{nullable (STAR r)}          & \bl{$=$} & \bl{true} & \\
-\end{tabular}\medskip
-\begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {\hspace{-10mm}}l@ {}}
-\bl{der c (NULL)}            & \bl{$=$} & \bl{NULL} & \\
-\bl{der c (EMPTY)}           & \bl{$=$} & \bl{NULL} & \\
-\bl{der c (CHR d)}           & \bl{$=$} & \bl{if c=d then EMPTY else NULL} & \\
-\bl{der c (ALT r$_1$ r$_2$)} & \bl{$=$} & \bl{ALT (der c r$_1$) (der c r$_2$)} & \\
-\bl{der c (SEQ r$_1$ r$_2$)} & \bl{$=$} & \bl{ALT (SEQ (der c r$_1$) r$_2$)} & \\
-&          & \bl{\phantom{ALT} (if nullable r$_1$ then der c r$_2$ else NULL)}\\
-\bl{der c (STAR r)}          & \bl{$=$} & \bl{SEQ (der c r) (STAR r)} &\smallskip\\
-\bl{derivative r []}     & \bl{$=$} & \bl{r} & \\
-\bl{derivative r (c::s)} & \bl{$=$} & \bl{derivative (der c r) s} & \\
-\end{tabular}\medskip
-\bl{matches r s $=$ nullable (derivative r s)}
-\only<2>{
-\begin{textblock}{8}(1.5,4)
-\includegraphics[scale=0.3]{approved.png}
-\end{textblock}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1->[c]
-\frametitle{Interlude: TCB}
-\begin{itemize}
-\item The \alert{\bf Trusted Code Base} (TCB) is the code that can make your
-program behave in unintended ways (i.e.~cause bugs).\medskip
-\item Typically the TCB includes: CPUs, operating systems, C-libraries,
-device drivers, (J)VMs\ldots\bigskip
-\pause
-\item It also includes the compiler.
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1-3>
-\frametitle{\LARGE\begin{tabular}{c}Hacking Compilers
-\end{tabular}}
-%Why is it so paramount to have a small trusted code base (TCB)?
-\bigskip\bigskip
-\begin{columns}
-\begin{column}{2.7cm}
-\begin{minipage}{2.5cm}%
-\begin{tabular}{c@ {}}
-\includegraphics[scale=0.2]{ken-thompson.jpg}\\[-1.8mm]
-\footnotesize Ken Thompson\\[-1.8mm]
-\footnotesize Turing Award, 1983\\
-\end{tabular}
-\end{minipage}
-\end{column}
-\begin{column}{9cm}
-\begin{tabular}{l@ {\hspace{1mm}}p{8cm}}
-\myitemi
-& Ken Thompson showed how to hide a Trojan Horse in a
-compiler \textcolor{red}{without} leaving any traces in the source code.\\[2mm]
-\myitemi
-& No amount of source level verification will protect
-you from such Thompson-hacks.\\[2mm]
-\myitemi
-& Therefore in safety-critical systems it is important to rely
-on only a very small TCB.
-\end{tabular}
-\end{column}
-\end{columns}
-\only<2>{
-\begin{textblock}{6}(4,2)
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=3mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
-{\normalsize
-\begin{minipage}{8cm}
-\begin{quote}
-\includegraphics[scale=0.05]{evil.png}
-\begin{enumerate}
-\item[1)] Assume you ship the compiler as binary and also with sources.
-\item[2)] Make the compiler aware when it compiles itself.
-\item[3)] Add the Trojan horse.
-\item[4)] Compile.
-\item[5)] Delete Trojan horse from the sources of the compiler.
-\item[6)] Go on holiday for the rest of your life. ;o)\\[-7mm]\mbox{}
-\end{enumerate}
-\end{quote}
-\end{minipage}};
-\end{tikzpicture}
-\end{textblock}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}
-\frametitle{\LARGE\begin{tabular}{c}An Example: Small TCB for\\[-2mm]
-A Critical Infrastructure\end{tabular}}
-\mbox{}\\[-14mm]\mbox{}
-\begin{columns}
-\begin{column}{0.2\textwidth}
-\begin{tabular}{@ {} c@ {}}
 \includegraphics[scale=0.3]{appel.jpg}\\[-2mm]
 {\footnotesize Andrew Appel}\\[-2.5mm]
 {\footnotesize (Princeton)}
-\end{tabular}
+\end{tabular} &
-\end{column}
+\begin{tabular}{p{6cm}}
-\begin{column}{0.8\textwidth}
+\raggedright\small
-\begin{textblock}{10}(4.5,3.95)
+\color{gray}{relied on their proof in a safety critical system (proof carrying code)}
-\begin{block}{Proof-Carrying Code}
+\end{tabular}
+\end{tabular}\medskip
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}
+\frametitle{Proof-Carrying Code}
+\begin{textblock}{10}(2.5,2.2)
+\begin{block}{Idea:}
 \begin{center}
 \begin{tikzpicture}
 \draw[help lines,cream] (0,0.2) grid (8,4);
 \draw[line width=1mm, red] (5.5,0.6) rectangle (7.5,4);
 \node at (3.8,1.3) [single arrow, fill=red,text=white, minimum height=3cm]{\bf LF proof};
 \node at (3.8,1.9) {\small certificate};
 }
 \onslide<2>{\node at (4.0,1.3) [text=red]{\begin{tabular}{c}\bf Highly\\\bf Dangerous!\end{tabular}};}
-% Code Developer
-% User (runs untrusted code)
-% transmits a proof that the code is safe
-%
 \end{tikzpicture}
 \end{center}
 \end{block}
 \end{textblock}
-\end{column}
-\end{columns}
+\begin{textblock}{15}(2,12)
+\small
-\small\mbox{}\\[2.5cm]
+\begin{itemize}
-\begin{itemize}
+\item<4-> Appel's checker is $\sim$2700 lines of code (1865 loc of\\ LF definitions;
-\item<4-> TCB of the checker is $\sim$2700 lines of code (1865 loc of\\ LF definitions;
 803 loc in C including 2 library functions)\\[-3mm]
 \item<5-> 167 loc in C implement a type-checker
 \end{itemize}
+\end{textblock}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
+*}
 text {*
 \tikzstyle{every node}=[node distance=25mm,text height=1.5ex, text depth=.25ex]
 \tikzstyle{node1}=[rectangle, minimum size=10mm, rounded corners=3mm, very thick,
 draw=black!50, top color=white, bottom color=black!20]
 \tikzstyle{node2}=[rectangle, minimum size=12mm, rounded corners=3mm, very thick,
 draw=red!70, top color=white, bottom color=red!50!black!20]
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
-\begin{frame}[squeeze]
+\begin{frame}<2->[squeeze]
 \frametitle{Type-Checking in LF}
 \begin{columns}
-\begin{column}{0.2\textwidth}
-\begin{tabular}{@ {\hspace{-4mm}}c@ {}}
-\\[-4mm]
-\includegraphics[scale=0.1]{harper.jpg}\\[-2mm]
-{\footnotesize Bob Harper}\\[-2.5mm]
-{\footnotesize (CMU)}\\[2mm]
-\includegraphics[scale=0.3]{pfenning.jpg}\\[-2mm]
-{\footnotesize Frank Pfenning}\\[-2.5mm]
-{\footnotesize (CMU)}\\[2mm]
-\onslide<-6>{
-{\footnotesize 31 pages in }\\[-2.5mm]
-{\footnotesize ACM Transact.~on}\\[-2.5mm]
-{\footnotesize Comp.~Logic.,~2005}\\}
-\end{tabular}
-\end{column}
 \begin{column}{0.8\textwidth}
-\begin{textblock}{0}(3.1,2)
+\begin{textblock}{0}(1,2)
 \begin{tikzpicture}
 \matrix[ampersand replacement=\&,column sep=7mm, row sep=5mm]
 { \&[-10mm]
 \node (def1)   [node1] {\large\hspace{1mm}Spec\hspace{1mm}\mbox{}}; \&
 \end{textblock}
 \end{column}
 \end{columns}
-\only<2>{%
-\begin{textblock}{2}(.1,12.85)
+\begin{textblock}{3}(12,3.6)
-\begin{tikzpicture}
-\draw[line width=1mm, red] (0,0) ellipse (1.5cm and 0.88cm);
-\end{tikzpicture}
-\end{textblock}
-}
-\begin{textblock}{3}(14,3.6)
 \onslide<4->{
 \begin{tikzpicture}
 \node at (0,0) [single arrow, shape border rotate=270, fill=red,text=white]{2h};
 \end{tikzpicture}}
 \end{textblock}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 *}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+text_raw {*
-\mode<presentation>{
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}<1>[c]
+\mode<presentation>{
+\begin{frame}<1->[c]
 \frametitle{Theorem Provers}
 \begin{itemize}
 \item Theorem provers help with keeping large proofs consistent;
 make them modifiable.\medskip
 \item They can ensure that all cases are covered.\medskip
-\item Sometimes, tedious reasoning can be automated.
+\item Some reasoning can be automated.
-\end{itemize}
+\end{itemize}\bigskip\pause
+\begin{minipage}{1.1\textwidth}
+Formal reasoning needs to be ``smooth''.\\
+{\small (ideally as close as possible to reasoning with ``pen-and-paper'')}
+\end{minipage}
+\only<2->{
+\begin{textblock}{3}(0.1,9.9)
+\begin{tikzpicture}
+\node at (0,0) [single arrow, shape border rotate=0, fill=red,text=red]{a};
+\end{tikzpicture}
+\end{textblock}}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+(*<*)
+atom_decl name
+nominal_datatype lam =
+Var "name"
+| App "lam" "lam"
+| Lam "\<guillemotleft>name\<guillemotright>lam" ("Lam [_]._" [100,100] 100)
+nominal_primrec
+subst :: "lam \<Rightarrow> name \<Rightarrow> lam \<Rightarrow> lam"  ("_[_::=_]")
+where
+"(Var x)[y::=s] = (if x=y then s else (Var x))"
+| "(App t\<^isub>1 t\<^isub>2)[y::=s] = App (t\<^isub>1[y::=s]) (t\<^isub>2[y::=s])"
+| "x\<sharp>(y,s) \<Longrightarrow> (Lam [x].t)[y::=s] = Lam [x].(t[y::=s])"
+apply(finite_guess)+
+apply(rule TrueI)+
+apply(simp add: abs_fresh)
+apply(fresh_guess)+
+done
+lemma  subst_eqvt[eqvt]:
+fixes pi::"name prm"
+shows "pi\<bullet>(t1[x::=t2]) = (pi\<bullet>t1)[(pi\<bullet>x)::=(pi\<bullet>t2)]"
+by (nominal_induct t1 avoiding: x t2 rule: lam.strong_induct)
+(auto simp add: perm_bij fresh_atm fresh_bij)
+lemma fresh_fact:
+fixes z::"name"
+shows "\<lbrakk>z\<sharp>s; (z=y \<or> z\<sharp>t)\<rbrakk> \<Longrightarrow> z\<sharp>t[y::=s]"
+by (nominal_induct t avoiding: z y s rule: lam.strong_induct)
+(auto simp add: abs_fresh fresh_prod fresh_atm)
+lemma forget:
+assumes asm: "x\<sharp>L"
+shows "L[x::=P] = L"
+using asm
+by (nominal_induct L avoiding: x P rule: lam.strong_induct)
+(auto simp add: abs_fresh fresh_atm)
+(*>*)
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}
+\begin{textblock}{16}(1,1)
+\renewcommand{\isasymbullet}{$\cdot$}
+\tiny\color{black}
+*}
+lemma substitution_lemma_not_to_be_tried_at_home:
+assumes asm: "x\<noteq>y" "x\<sharp>L"
+shows "M[x::=N][y::=L] = M[y::=L][x::=N[y::=L]]"
+using asm
+proof (induct M arbitrary: x y N L rule: lam.induct)
+case (Lam z M1)
+have ih: "\<And>x y N L. \<lbrakk>x\<noteq>y; x\<sharp>L\<rbrakk> \<Longrightarrow> M1[x::=N][y::=L] = M1[y::=L][x::=N[y::=L]]" by fact
+have "x\<noteq>y" by fact
+have "x\<sharp>L" by fact
+obtain z'::"name" where fc: "z'\<sharp>(x,y,z,M1,N,L)" by (rule exists_fresh) (auto simp add: fs_name1)
+have eq: "Lam [z'].([(z',z)]\<bullet>M1) = Lam [z].M1" using fc
+by (auto simp add: lam.inject alpha fresh_prod fresh_atm)
+have fc': "z'\<sharp>N[y::=L]" using fc by (simp add: fresh_fact fresh_prod)
+have "([(z',z)]\<bullet>x) \<noteq> ([(z',z)]\<bullet>y)" using `x\<noteq>y` by (auto simp add: calc_atm)
+moreover
+have "([(z',z)]\<bullet>x)\<sharp>([(z',z)]\<bullet>L)" using `x\<sharp>L` by (simp add: fresh_bij)
+ultimately
+have "M1[([(z',z)]\<bullet>x)::=([(z',z)]\<bullet>N)][([(z',z)]\<bullet>y)::=([(z',z)]\<bullet>L)]
+= M1[([(z',z)]\<bullet>y)::=([(z',z)]\<bullet>L)][([(z',z)]\<bullet>x)::=([(z',z)]\<bullet>N)[([(z',z)]\<bullet>y)::=([(z',z)]\<bullet>L)]]"
+using ih by simp
+then have "[(z',z)]\<bullet>(M1[([(z',z)]\<bullet>x)::=([(z',z)]\<bullet>N)][([(z',z)]\<bullet>y)::=([(z',z)]\<bullet>L)]
+= M1[([(z',z)]\<bullet>y)::=([(z',z)]\<bullet>L)][([(z',z)]\<bullet>x)::=([(z',z)]\<bullet>N)[([(z',z)]\<bullet>y)::=([(z',z)]\<bullet>L)]])"
+by (simp add: perm_bool)
+then have ih': "([(z',z)]\<bullet>M1)[x::=N][y::=L] = ([(z',z)]\<bullet>M1)[y::=L][x::=N[y::=L]]"
+by (simp add: eqvts perm_swap)
+show "(Lam [z].M1)[x::=N][y::=L] = (Lam [z].M1)[y::=L][x::=N[y::=L]]" (is "?LHS=?RHS")
+proof -
+have "?LHS = (Lam [z'].([(z',z)]\<bullet>M1))[x::=N][y::=L]" using eq by simp
+also have "\<dots> = Lam [z'].(([(z',z)]\<bullet>M1)[x::=N][y::=L])" using fc by (simp add: fresh_prod)
+also from ih have "\<dots> = Lam [z'].(([(z',z)]\<bullet>M1)[y::=L][x::=N[y::=L]])" sorry
+also have "\<dots> = (Lam [z'].([(z',z)]\<bullet>M1))[y::=L][x::=N[y::=L]]" using fc fc' by (simp add: fresh_prod)
+also have "\<dots> = ?RHS" using eq by simp
+finally show "?LHS = ?RHS" .
+qed
+qed (auto simp add: forget)
+text_raw {*
+\end{textblock}
+\mbox{}
+\only<2->{
+\begin{textblock}{11.5}(4,2.3)
+\begin{minipage}{9.3cm}
+\begin{block}{}\footnotesize
+*}
+lemma substitution_lemma\<iota>:
+assumes asm: "x \<noteq> y" "x \<sharp> L"
+shows "M[x::=N][y::=L] = M[y::=L][x::=N[y::=L]]"
+using asm
+by (nominal_induct M avoiding: x y N L rule: lam.strong_induct)
+(auto simp add: forget fresh_fact)
+text_raw {*
+\end{block}
+\end{minipage}
+\end{textblock}}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 *}
 text_raw {*
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}<1>[c]
-\frametitle{Theorem Provers}
+\frametitle{Getting Programs Correct}
-\begin{itemize}
+\begin{center}
-\item You also pay a (sometimes heavy) price: reasoning can be much, much harder.\medskip
+\begin{tikzpicture}[node distance=0.5mm]
+\node at (-1.0,-0.3) (proof) [double arrow, fill=gray,text=white, minimum height=2cm]{\bf Proof};
-\item Depending on your domain, suitable reasoning infrastructure
+\node [left=of proof]{\Large\bf Specification};
-might not yet be available.
+\node [right=of proof]{\Large\bf Code};
-\end{itemize}
+\end{tikzpicture}
+\end{center}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
+\end{frame}}
-text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
-\mode<presentation>{
-\begin{frame}<1>[c]
+text_raw {*
-\frametitle{Theorem Provers}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
-Recently impressive work has been accomplished proving the correctness
+\begin{frame}<1->[t]
+\frametitle{Regular Expressions}
-\begin{itemize}
-\item of a compiler for C-light (compiled code has the same observable
+\begin{textblock}{6}(2,4)
-behaviour as the original source code),\medskip
+\begin{tabular}{@ {}rrl}
+\bl{r} & \bl{$::=$}  & \bl{$\varnothing$}\\
-\item a mirco-kernel operating system (absence of certain
+& \bl{$\mid$} & \bl{[]}\\
-bugs\ldots no nil pointers, no buffer overflows).
+& \bl{$\mid$} & \bl{c}\\
-\end{itemize}
+& \bl{$\mid$} & \bl{r$_1$ + r$_2$}\\
+& \bl{$\mid$} & \bl{r$_1$ $\cdot$ r$_2$}\\
-\end{frame}}
+& \bl{$\mid$} & \bl{r$^*$}\\
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{tabular}
-*}
+\end{textblock}
+\begin{textblock}{6}(8,3.5)
-text_raw {*
+\includegraphics[scale=0.35]{Screen1.png}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{textblock}
-\mode<presentation>{
-\begin{frame}<1>[c]
+\begin{textblock}{6}(10.2,2.8)
-\frametitle{Trust in Theorem Provers}
+\footnotesize Isabelle:
+\end{textblock}
-\begin{center}
-Why should we trust theorem provers?
+\only<2>{
-\end{center}
+\begin{textblock}{9}(3.6,11.8)
+\bl{matches r s $\;\Longrightarrow\;$ true $\vee$ false}\\[3.5mm]
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\hspace{10mm}\begin{tikzpicture}
-*}
+\coordinate (m1) at (0.4,1);
+\draw (0,0.3) node (m2) {\small\color{gray}rexp};
-text_raw {*
+\path[overlay, ->, line width = 0.5mm, shorten <=-1mm, draw = gray] (m2) edge (m1);
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\coordinate (s1) at (0.81,1);
-\mode<presentation>{
+\draw (1.3,0.3) node (s2) {\small\color{gray} string};
-\begin{frame}
+\path[overlay, ->, line width = 0.5mm, shorten <=-1mm, draw = gray] (s2) edge (s1);
-\frametitle{Theorem Provers}
+\end{tikzpicture}
-\begin{itemize}
-\item Theorem provers are a \textcolor{red}{special kind} of software.
-\item We do \textcolor{red}{\bf not} need to trust them; we only need to trust:
-\end{itemize}
-\begin{quote}
-\begin{itemize}
-\item The logic they are based on \textcolor{gray}{(e.g.~HOL)}, and\smallskip
-\item a proof checker that checks the proofs
-\textcolor{gray}{(this can be a very small program)}.\smallskip\pause
-\item To a little extend, we also need to trust our definitions
-\textcolor{gray}{(this can be mitigated)}.
-\end{itemize}
-\end{quote}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-*}
-text_raw {*
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}
-\frametitle{Isabelle}
-\begin{itemize}
-\item I am using the Isabelle theorem prover (development since 1990).\bigskip\bigskip\bigskip
-\item It follows the LCF-approach:
-\begin{itemize}
-\item Have a special abstract type \alert{\bf thm}.
-\item Make the constructors of this abstract type the inference rules
-of your logic.
-\item Implement the theorem prover in a strongly-typed language (e.g.~ML).
-\end{itemize}
-$\Rightarrow$ everything of type {\bf thm} has been proved (even if we do not
-have to explicitly generate proofs).
-\end{itemize}
-\only<1>{
-\begin{textblock}{5}(11,2.3)
-\begin{center}
-\includegraphics[scale=0.18]{robin-milner.jpg}\\[-0.8mm]
-\footnotesize Robin Milner\\[-0.8mm]
-\footnotesize Turing Award, 1991\\
-\end{center}
 \end{textblock}}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}<1->[t]
+\frametitle{Specification}
+\small
+\begin{textblock}{6}(0,3.5)
+\begin{tabular}{r@ {\hspace{0.5mm}}r@ {\hspace{1.5mm}}c@ {\hspace{1.5mm}}l}
+\multicolumn{4}{c}{rexp $\Rightarrow$ set of strings}\bigskip\\
+&\bl{\LL ($\varnothing$)}   & \bl{$\dn$} & \bl{$\varnothing$}\\
+&\bl{\LL ([])}              & \bl{$\dn$} & \bl{\{[]\}}\\
+&\bl{\LL (c)}               & \bl{$\dn$} & \bl{\{c\}}\\
+&\bl{\LL (r$_1$ + r$_2$)}   & \bl{$\dn$} & \bl{\LL (r$_1$) $\cup$ \LL (r$_2$)}\\
+\rd{$\Rightarrow$} &\bl{\LL (r$_1$ $\cdot$ r$_2$)} & \bl{$\dn$} & \bl{\LL (r$_1$) ;; \LL (r$_2$)}\\
+\rd{$\Rightarrow$} &\bl{\LL (r$^*$)}           & \bl{$\dn$} & \bl{(\LL (r))$^\star$}\\
+\end{tabular}
+\end{textblock}
+\begin{textblock}{9}(7.3,3)
+{\mbox{}\hspace{2cm}\footnotesize Isabelle:\smallskip}
+\includegraphics[scale=0.325]{Screen3.png}
+\end{textblock}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}<1->[t]
+\frametitle{Version 1}
+\small
+\mbox{}\\[-8mm]\mbox{}
+\begin{center}\def\arraystretch{1.05}
+\begin{tabular}{@ {\hspace{-5mm}}l@ {\hspace{2.5mm}}c@ {\hspace{2.5mm}}l@ {}}
+\bl{match [] []}                   & \bl{$=$} & \bl{true}\\
+\bl{match [] (c::s)}               & \bl{$=$} & \bl{false}\\
+\bl{match ($\varnothing$::rs) s}   & \bl{$=$} & \bl{false}\\
+\bl{match ([]::rs) s}              & \bl{$=$} & \bl{match rs s}\\
+\bl{match (c::rs) []}              & \bl{$=$} & \bl{false}\\
+\bl{match (c::rs) (d::s)}          & \bl{$=$} & \bl{if c = d then match rs s else false}\\
+\bl{match (r$_1$ + r$_2$::rs) s} & \bl{$=$} & \bl{match (r$_1$::rs) s $\vee$ match (r$_2$::rs) s}\\
+\bl{match (r$_1$ $\cdot$ r$_2$::rs) s} & \bl{$=$} & \bl{match (r$_1$::r$_2$::rs) s}\\
+\bl{match (r$^*$::rs) s}          & \bl{$=$} & \bl{match rs s $\vee$ match (r::r$^*$::rs) s}\\
+\end{tabular}
+\end{center}
+\begin{textblock}{9}(0.2,1.6)
+\hspace{10mm}\begin{tikzpicture}
+\coordinate (m1) at (0.44,-0.5);
+\draw (0,0.3) node (m2) {\small\color{gray}\mbox{}\hspace{-9mm}list of rexps};
+\path[overlay, ->, line width = 0.5mm, shorten <=-1mm, draw = gray] (m2) edge (m1);
+\coordinate (s1) at (0.86,-0.5);
+\draw (1.5,0.3) node (s2) {\small\color{gray} string};
+\path[overlay, ->, line width = 0.5mm, shorten <=-1mm, draw = gray] (s2) edge (s1);
+\end{tikzpicture}
+\end{textblock}
+\begin{textblock}{9}(2.8,11.8)
+\bl{matches$_1$ r s $\;=\;$ match [r] s}
+\end{textblock}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}<1->[c]
+\frametitle{Testing}
+\small
+Every good programmer should do thourough tests:
+\begin{center}
+\begin{tabular}{@ {\hspace{-20mm}}lcl}
+\bl{matches (a$\cdot$b)$^*\;$ []}     & \bl{$\mapsto$} & \bl{true}\\
+\bl{matches (a$\cdot$b)$^*\;$ ab}   & \bl{$\mapsto$} & \bl{true}\\
+\bl{matches (a$\cdot$b)$^*\;$ aba}  & \bl{$\mapsto$} & \bl{false}\\
+\bl{matches (a$\cdot$b)$^*\;$ abab} & \bl{$\mapsto$} & \bl{true}\\
+\bl{matches (a$\cdot$b)$^*\;$ abaa} & \bl{$\mapsto$} & \bl{false}\medskip\\
+\onslide<2->{\bl{matches x$\cdot$(0$|$1)$^*\;$ x}   & \bl{$\mapsto$} & \bl{true}}\\
+\onslide<2->{\bl{matches x$\cdot$(0$|$1)$^*\;$ x0}  & \bl{$\mapsto$} & \bl{true}}\\
+\onslide<2->{\bl{matches x$\cdot$(0$|$1)$^*\;$ x3}  & \bl{$\mapsto$} & \bl{false}}
+\end{tabular}
+\end{center}
+\onslide<3->
+{looks OK \ldots let's ship it to customers\hspace{5mm}
+\raisebox{-5mm}{\includegraphics[scale=0.05]{sun.png}}}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}<1->[c]
+\frametitle{Version 1}
+\only<1->{Several hours later\ldots}\pause
+\begin{center}
+\begin{tabular}{@ {\hspace{0mm}}lcl}
+\bl{matches$_1$ []$^*$ s}     & \bl{$\mapsto$} & loops\\
+\onslide<4->{\bl{matches$_1$ ([] + \ldots)$^*$ s}   & \bl{$\mapsto$} & loops\\}
+\end{tabular}
+\end{center}
+\small
+\onslide<3->{
+\begin{center}
+\begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {}}
+\ldots\\
+\bl{match ([]::rs) s}           & \bl{$=$} & \bl{match rs s}\\
+\ldots\\
+\bl{match (r$^*$::rs) s}        & \bl{$=$} & \bl{match rs s $\vee$ match (r::r$^*$::rs) s}\\
+\end{tabular}
+\end{center}}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}<1->[t]
+\frametitle{Testing}
+\begin{itemize}
+\item While testing is an important part in the process of programming development\pause
+\item We can only test a {\bf finite} amount of examples.\bigskip\pause
+\begin{center}
+\colorbox{cream}
+{\gr{\begin{minipage}{10cm}
+``Testing can only show the presence of errors, never their
+absence'' (Edsger W.~Dijkstra)
+\end{minipage}}}
+\end{center}\bigskip\pause
+\item In a theorem prover we can establish properties that apply to
+{\bf all} input and {\bf all} output.\pause
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}<1->[t]
+\frametitle{Version 2}
+\mbox{}\\[-14mm]\mbox{}
+\small
+\begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}ll@ {}}
+\bl{nullable ($\varnothing$)}   & \bl{$=$} & \bl{false} &\\
+\bl{nullable ([])}              & \bl{$=$} & \bl{true}  &\\
+\bl{nullable (c)}               & \bl{$=$} & \bl{false} &\\
+\bl{nullable (r$_1$ + r$_2$)}   & \bl{$=$} & \bl{nullable r$_1$ $\vee$ nullable r$_2$} & \\
+\bl{nullable (r$_1$ $\cdot$ r$_2$)} & \bl{$=$} & \bl{nullable r$_1$ $\wedge$ nullable r$_2$} & \\
+\bl{nullable (r$^*$)}           & \bl{$=$} & \bl{true} & \\
+\end{tabular}\medskip
+\begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {\hspace{-10mm}}l@ {}}
+\bl{der c ($\varnothing$)}       & \bl{$=$} & \bl{$\varnothing$} & \\
+\bl{der c ([])}                  & \bl{$=$} & \bl{$\varnothing$} & \\
+\bl{der c (d)}                   & \bl{$=$} & \bl{if c = d then [] else $\varnothing$} & \\
+\bl{der c (r$_1$ + r$_2$)}       & \bl{$=$} & \bl{(der c r$_1$) + (der c r$_2$)} & \\
+\bl{der c (r$_1$ $\cdot$ r$_2$)} & \bl{$=$} & \bl{((der c r$_1$) $\cdot$ r$_2$)} & \\
+&          & \bl{\;\;+ (if nullable r$_1$ then der c r$_2$ else $\varnothing$)}\\
+\bl{der c (r$^*$)}          & \bl{$=$} & \bl{(der c r) $\cdot$ r$^*$} &\smallskip\\
+\bl{derivative r []}     & \bl{$=$} & \bl{r} & \\
+\bl{derivative r (c::s)} & \bl{$=$} & \bl{derivative (der c r) s} & \\
+\end{tabular}\medskip
+\bl{matches$_2$ r s $=$ nullable (derivative r s)}
+\begin{textblock}{6}(9.5,0.9)
+\begin{flushright}
+\color{gray}``if r matches []''
+\end{flushright}
+\end{textblock}
+\begin{textblock}{6}(9.5,6.18)
+\begin{flushright}
+\color{gray}``derivative for a char''
+\end{flushright}
+\end{textblock}
+\begin{textblock}{6}(9.5,12.1)
+\begin{flushright}
+\color{gray}``deriv.~for a string''
+\end{flushright}
+\end{textblock}
+\begin{textblock}{6}(9.5,13.98)
+\begin{flushright}
+\color{gray}``main''
+\end{flushright}
+\end{textblock}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}<1->[t]
+\frametitle{Is the Matcher Error-Free?}
+We expect that
+\begin{center}
+\begin{tabular}{lcl}
+\bl{matches$_2$ r s = true}  & \only<1>{\rd{$\Longrightarrow\,\,$}}\only<2>{\rd{$\Longleftarrow\,\,$}}%
+\only<3->{\rd{$\Longleftrightarrow$}} & \bl{s $\in$ \LL(r)}\\
+\bl{matches$_2$ r s = false} & \only<1>{\rd{$\Longrightarrow\,\,$}}\only<2>{\rd{$\Longleftarrow\,\,$}}%
+\only<3->{\rd{$\Longleftrightarrow$}} & \bl{s $\notin$ \LL(r)}\\
+\end{tabular}
+\end{center}
+\pause\pause\bigskip
+By \alert<4->{induction}, we can {\bf prove} these properties.\bigskip
+\begin{tabular}{lrcl}
+Lemmas:  & \bl{nullable (r)}          & \bl{$\Longleftrightarrow$} & \bl{[] $\in$ \LL (r)}\\
+& \bl{s $\in$ \LL (der c r)} & \bl{$\Longleftrightarrow$} & \bl{(c::s) $\in$ \LL (r)}\\
+\end{tabular}
+\only<4->{
+\begin{textblock}{3}(0.9,4.5)
+\rd{\huge$\forall$\large{}r s.}
+\end{textblock}}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 *}
 text_raw {*
 text_raw {*
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
-\begin{frame}<1->[c]
+\begin{frame}<1->[t]
-\frametitle{Future Research}
+\mbox{}\\[-2mm]
-\begin{itemize}
-\item Make theorem provers more like a programming environment.\medskip\pause
-\item Use all the computational power we get from the hardware to
-automate reasoning (GPUs).\medskip\pause
-\item Provide a comprehensive reasoning infrastructure for many domains and
-design automated decision procedures.
-\end{itemize}\pause
-\begin{center}
-\colorbox{cream}{
-\begin{minipage}{10cm}
-\color{gray}
 \small
-``Formal methods will never have a significant impact until
+\begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}ll@ {}}
-they can be used by people that don't understand them.''\smallskip\\
+\bl{nullable (NULL)}            & \bl{$=$} & \bl{false} &\\
-\mbox{}\footnotesize\hfill attributed to Tom Melham
+\bl{nullable (EMPTY)}           & \bl{$=$} & \bl{true}  &\\
-\end{minipage}}
+\bl{nullable (CHR c)}           & \bl{$=$} & \bl{false} &\\
-\end{center}
+\bl{nullable (ALT r$_1$ r$_2$)} & \bl{$=$} & \bl{(nullable r$_1$) orelse (nullable r$_2$)} & \\
+\bl{nullable (SEQ r$_1$ r$_2$)} & \bl{$=$} & \bl{(nullable r$_1$) andalso (nullable r$_2$)} & \\
-\end{frame}}
+\bl{nullable (STAR r)}          & \bl{$=$} & \bl{true} & \\
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{tabular}\medskip
-*}
+\begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {\hspace{-10mm}}l@ {}}
-text_raw {*
+\bl{der c (NULL)}            & \bl{$=$} & \bl{NULL} & \\
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\bl{der c (EMPTY)}           & \bl{$=$} & \bl{NULL} & \\
-\mode<presentation>{
+\bl{der c (CHR d)}           & \bl{$=$} & \bl{if c=d then EMPTY else NULL} & \\
-\begin{frame}<1->[c]
+\bl{der c (ALT r$_1$ r$_2$)} & \bl{$=$} & \bl{ALT (der c r$_1$) (der c r$_2$)} & \\
-\frametitle{Conclusion}
+\bl{der c (SEQ r$_1$ r$_2$)} & \bl{$=$} & \bl{ALT (SEQ (der c r$_1$) r$_2$)} & \\
+&          & \bl{\phantom{ALT} (if nullable r$_1$ then der c r$_2$ else NULL)}\\
-\begin{itemize}
+\bl{der c (STAR r)}          & \bl{$=$} & \bl{SEQ (der c r) (STAR r)} &\smallskip\\
-\item The plan is to make this kind of programming the ``future''.\medskip\pause
+\bl{derivative r []}     & \bl{$=$} & \bl{r} & \\
-\item Though the technology is already there\\ (compiler + micro-kernel os).\medskip\pause
+\bl{derivative r (c::s)} & \bl{$=$} & \bl{derivative (der c r) s} & \\
+\end{tabular}\medskip
-\item Logic and reasoning (especially induction) are important skills for
-Computer Scientists.
+\bl{matches r s $=$ nullable (derivative r s)}
-\end{itemize}
+\only<2>{
-\end{frame}}
+\begin{textblock}{8}(1.5,4)
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\includegraphics[scale=0.3]{approved.png}
-*}
+\end{textblock}}
+\end{frame}}
-text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
-\mode<presentation>{
-\begin{frame}<1>[c]
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{No Automata?}
+You might be wondering why I did not use any automata:
+\begin{itemize}
+\item A \alert{regular language} is one where there is a DFA that
+recognises it.\bigskip\pause
+\end{itemize}
+I can think of two reasons why this is a good definition:\medskip
+\begin{itemize}
+\item pumping lemma
+\item closure properties of regular languages (closed under complement)
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{Really Bad News!}
+DFAs are bad news for formalisations in theorem provers. They might
+be represented as:
+\begin{itemize}
+\item graphs
+\item matrices
+\item partial functions
+\end{itemize}
+All constructions are messy to reason about.\bigskip\bigskip
+\pause
+\small
+\only<2>{
+Constable et al needed (on and off) 18 months for a 3-person team
+to formalise automata theory in Nuprl including Myhill-Nerode. There is
+only very little other formalised work on regular languages I know of
+in Coq, Isabelle and HOL.}
+\only<3>{typical textbook reasoning goes like: ``\ldots if \smath{M} and \smath{N} are any two
+automata with no inaccessible states \ldots''
+}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\LARGE The Myhill-Nerode Theorem}
+\begin{itemize}
+\item provides necessary and suf\!ficient conditions for a language
+being regular (pumping lemma only necessary)\medskip
+\item will help with closure properties of regular languages\bigskip\pause
+\item key is the equivalence relation:\smallskip
+\begin{center}
+\smath{x \approx_{L} y \,\dn\, \forall z.\; x @ z \in L \Leftrightarrow y @ z \in L}
+\end{center}
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\LARGE The Myhill-Nerode Theorem}
+\mbox{}\\[5cm]
+\begin{itemize}
+\item \smath{\text{finite}\, (U\!N\!IV /\!/ \approx_L) \;\Leftrightarrow\; L\; \text{is regular}}
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\LARGE Equivalence Classes}
+\begin{itemize}
+\item \smath{L = []}
+\begin{center}
+\smath{\Big\{\{[]\},\; U\!N\!IV - \{[]\}\Big\}}
+\end{center}\bigskip\bigskip
+\item \smath{L = [c]}
+\begin{center}
+\smath{\Big\{\{[]\},\; \{[c]\},\; U\!N\!IV - \{[], [c]\}\Big\}}
+\end{center}\bigskip\bigskip
+\item \smath{L = \varnothing}
+\begin{center}
+\smath{\Big\{U\!N\!IV\Big\}}
+\end{center}
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\LARGE Regular Languages}
+\begin{itemize}
+\item \smath{L} is regular \smath{\dn} if there is an automaton \smath{M}
+such that \smath{\mathbb{L}(M) = L}\\[1.5cm]
+\item Myhill-Nerode:
+\begin{center}
+\begin{tabular}{l}
+finite $\Rightarrow$ regular\\
+\;\;\;\smath{\text{finite}\,(U\!N\!IV /\!/ \approx_L) \Rightarrow \exists r. L = \mathbb{L}(r)}\\[3mm]
+regular $\Rightarrow$ finite\\
+\;\;\;\smath{\text{finite}\, (U\!N\!IV /\!/ \approx_{\mathbb{L}(r)})}
+\end{tabular}
+\end{center}
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\LARGE Final States}
+\mbox{}\\[3cm]
+\begin{itemize}
+\item \smath{\text{final}_L\,X \dn}\\
+\smath{\hspace{6mm}X \in (U\!N\!IV /\!/\approx_L) \;\wedge\; \forall s \in X.\; s \in L}
+\smallskip
+\item we can prove: \smath{L = \bigcup \{X.\;\text{final}_L\,X\}}
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\LARGE Transitions between\\[-3mm] Equivalence Classes}
+\smath{L = \{[c]\}}
+\begin{tabular}{@ {\hspace{-7mm}}cc}
+\begin{tabular}{c}
+\begin{tikzpicture}[shorten >=1pt,node distance=2cm,auto, ultra thick]
+\tikzstyle{state}=[circle,thick,draw=blue!75,fill=blue!20,minimum size=0mm]
+%\draw[help lines] (0,0) grid (3,2);
+\node[state,initial]   (q_0)                        {$R_1$};
+\node[state,accepting] (q_1) [above right of=q_0]   {$R_2$};
+\node[state]           (q_2) [below right of=q_0]   {$R_3$};
+\path[->] (q_0) edge                node        {c} (q_1)
+edge                node [swap] {$\Sigma-{c}$} (q_2)
+(q_2) edge [loop below]   node        {$\Sigma$} ()
+(q_1) edge                node        {$\Sigma$} (q_2);
+\end{tikzpicture}
+\end{tabular}
+&
+\begin{tabular}[t]{ll}
+\\[-20mm]
+\multicolumn{2}{l}{\smath{U\!N\!IV /\!/\approx_L} produces}\\[4mm]
+\smath{R_1}: & \smath{\{[]\}}\\
+\smath{R_2}: & \smath{\{[c]\}}\\
+\smath{R_3}: & \smath{U\!N\!IV - \{[], [c]\}}\\[6mm]
+\multicolumn{2}{l}{\onslide<2->{\smath{X \stackrel{c}{\longrightarrow} Y \dn X ; [c] \subseteq Y}}}
+\end{tabular}
+\end{tabular}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\LARGE Systems of Equations}
+Inspired by a method of Brzozowski\;'64, we can build an equational system
+characterising the equivalence classes:
+\begin{center}
+\begin{tabular}{@ {\hspace{-20mm}}c}
+\\[-13mm]
+\begin{tikzpicture}[shorten >=1pt,node distance=2cm,auto, ultra thick]
+\tikzstyle{state}=[circle,thick,draw=blue!75,fill=blue!20,minimum size=0mm]
+%\draw[help lines] (0,0) grid (3,2);
+\node[state,initial]   (p_0)                  {$R_1$};
+\node[state,accepting] (p_1) [right of=q_0]   {$R_2$};
+\path[->] (p_0) edge [bend left]   node        {a} (p_1)
+edge [loop above]   node       {b} ()
+(p_1) edge [loop above]   node       {a} ()
+edge [bend left]   node        {b} (p_0);
+\end{tikzpicture}\\
+\\[-13mm]
+\end{tabular}
+\end{center}
+\begin{center}
+\begin{tabular}{@ {\hspace{-6mm}}ll@ {\hspace{1mm}}c@ {\hspace{1mm}}l}
+& \smath{R_1} & \smath{\equiv} & \smath{R_1;b + R_2;b \onslide<2->{\alert<2>{+ \lambda;[]}}}\\
+& \smath{R_2} & \smath{\equiv} & \smath{R_1;a + R_2;a}\medskip\\
+\onslide<3->{we can prove}
+& \onslide<3->{\smath{R_1}} & \onslide<3->{\smath{=}}
+& \onslide<3->{\smath{R_1; \mathbb{L}(b) \,\cup\, R_2;\mathbb{L}(b) \,\cup\, \{[]\};\{[]\}}}\\
+& \onslide<3->{\smath{R_2}} & \onslide<3->{\smath{=}}
+& \onslide<3->{\smath{R_1; \mathbb{L}(a) \,\cup\, R_2;\mathbb{L}(a)}}\\
+\end{tabular}
+\end{center}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}<1>[t]
+\small
+\begin{center}
+\begin{tabular}{l@ {\hspace{1mm}}c@ {\hspace{1mm}}ll}
+\onslide<1->{\smath{R_1}} & \onslide<1->{\smath{=}}
+& \onslide<1->{\smath{R_1; b + R_2; b + \lambda;[]}}\\
+\onslide<1->{\smath{R_2}} & \onslide<1->{\smath{=}}
+& \onslide<1->{\smath{R_1; a + R_2; a}}\\
+& & & \onslide<2->{by Arden}\\
+\onslide<2->{\smath{R_1}} & \onslide<2->{\smath{=}}
+& \onslide<2->{\smath{R_1; b + R_2; b + \lambda;[]}}\\
+\onslide<2->{\smath{R_2}} & \onslide<2->{\smath{=}}
+& \only<2>{\smath{R_1; a + R_2; a}}%
+\only<3->{\smath{R_1; a\cdot a^\star}}\\
+& & & \onslide<4->{by Arden}\\
+\onslide<4->{\smath{R_1}} & \onslide<4->{\smath{=}}
+& \onslide<4->{\smath{R_2; b \cdot b^\star+ \lambda;b^\star}}\\
+\onslide<4->{\smath{R_2}} & \onslide<4->{\smath{=}}
+& \onslide<4->{\smath{R_1; a\cdot a^\star}}\\
+& & & \onslide<5->{by substitution}\\
+\onslide<5->{\smath{R_1}} & \onslide<5->{\smath{=}}
+& \onslide<5->{\smath{R_1; a\cdot a^\star \cdot b \cdot b^\star+ \lambda;b^\star}}\\
+\onslide<5->{\smath{R_2}} & \onslide<5->{\smath{=}}
+& \onslide<5->{\smath{R_1; a\cdot a^\star}}\\
+& & & \onslide<6->{by Arden}\\
+\onslide<6->{\smath{R_1}} & \onslide<6->{\smath{=}}
+& \onslide<6->{\smath{\lambda;b^\star\cdot (a\cdot a^\star \cdot b \cdot b^\star)^\star}}\\
+\onslide<6->{\smath{R_2}} & \onslide<6->{\smath{=}}
+& \onslide<6->{\smath{R_1; a\cdot a^\star}}\\
+& & & \onslide<7->{by substitution}\\
+\onslide<7->{\smath{R_1}} & \onslide<7->{\smath{=}}
+& \onslide<7->{\smath{\lambda;b^\star\cdot (a\cdot a^\star \cdot b \cdot b^\star)^\star}}\\
+\onslide<7->{\smath{R_2}} & \onslide<7->{\smath{=}}
+& \onslide<7->{\smath{\lambda; b^\star\cdot (a\cdot a^\star \cdot b \cdot b^\star)^\star
+\cdot a\cdot a^\star}}\\
+\end{tabular}
+\end{center}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\LARGE A Variant of Arden's Lemma}
+{\bf Arden's Lemma:}\smallskip
+If \smath{[] \not\in A} then
+\begin{center}
+\smath{X = X; A + \text{something}}
+\end{center}
+has the (unique) solution
+\begin{center}
+\smath{X = \text{something} ; A^\star}
+\end{center}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}<1->[t]
+\small
+\begin{center}
+\begin{tabular}{l@ {\hspace{1mm}}c@ {\hspace{1mm}}ll}
+\onslide<1->{\smath{R_1}} & \onslide<1->{\smath{=}}
+& \onslide<1->{\smath{R_1; b + R_2; b + \lambda;[]}}\\
+\onslide<1->{\smath{R_2}} & \onslide<1->{\smath{=}}
+& \onslide<1->{\smath{R_1; a + R_2; a}}\\
+& & & \onslide<2->{by Arden}\\
+\onslide<2->{\smath{R_1}} & \onslide<2->{\smath{=}}
+& \onslide<2->{\smath{R_1; b + R_2; b + \lambda;[]}}\\
+\onslide<2->{\smath{R_2}} & \onslide<2->{\smath{=}}
+& \only<2>{\smath{R_1; a + R_2; a}}%
+\only<3->{\smath{R_1; a\cdot a^\star}}\\
+& & & \onslide<4->{by Arden}\\
+\onslide<4->{\smath{R_1}} & \onslide<4->{\smath{=}}
+& \onslide<4->{\smath{R_2; b \cdot b^\star+ \lambda;b^\star}}\\
+\onslide<4->{\smath{R_2}} & \onslide<4->{\smath{=}}
+& \onslide<4->{\smath{R_1; a\cdot a^\star}}\\
+& & & \onslide<5->{by substitution}\\
+\onslide<5->{\smath{R_1}} & \onslide<5->{\smath{=}}
+& \onslide<5->{\smath{R_1; a\cdot a^\star \cdot b \cdot b^\star+ \lambda;b^\star}}\\
+\onslide<5->{\smath{R_2}} & \onslide<5->{\smath{=}}
+& \onslide<5->{\smath{R_1; a\cdot a^\star}}\\
+& & & \onslide<6->{by Arden}\\
+\onslide<6->{\smath{R_1}} & \onslide<6->{\smath{=}}
+& \onslide<6->{\smath{\lambda;b^\star\cdot (a\cdot a^\star \cdot b \cdot b^\star)^\star}}\\
+\onslide<6->{\smath{R_2}} & \onslide<6->{\smath{=}}
+& \onslide<6->{\smath{R_1; a\cdot a^\star}}\\
+& & & \onslide<7->{by substitution}\\
+\onslide<7->{\smath{R_1}} & \onslide<7->{\smath{=}}
+& \onslide<7->{\smath{\lambda;b^\star\cdot (a\cdot a^\star \cdot b \cdot b^\star)^\star}}\\
+\onslide<7->{\smath{R_2}} & \onslide<7->{\smath{=}}
+& \onslide<7->{\smath{\lambda; b^\star\cdot (a\cdot a^\star \cdot b \cdot b^\star)^\star
+\cdot a\cdot a^\star}}\\
+\end{tabular}
+\end{center}
+\only<8->{
+\begin{textblock}{6}(2.5,4)
+\begin{block}{}
+\begin{minipage}{8cm}\raggedright
+\begin{tikzpicture}[shorten >=1pt,node distance=2cm,auto, ultra thick, inner sep=1mm]
+\tikzstyle{state}=[circle,thick,draw=blue!75,fill=blue!20,minimum size=0mm]
+%\draw[help lines] (0,0) grid (3,2);
+\node[state,initial]   (p_0)                  {$R_1$};
+\node[state,accepting] (p_1) [right of=q_0]   {$R_2$};
+\path[->] (p_0) edge [bend left]   node        {a} (p_1)
+edge [loop above]   node       {b} ()
+(p_1) edge [loop above]   node       {a} ()
+edge [bend left]   node        {b} (p_0);
+\end{tikzpicture}
+\end{minipage}
+\end{block}
+\end{textblock}}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\LARGE The Equ's Solving Algorithm}
+\begin{itemize}
+\item The algorithm must terminate: Arden makes one equation smaller;
+substitution deletes one variable from the right-hand sides.\bigskip
+\item We need to maintain the invariant that Arden is applicable
+(if \smath{[] \not\in A} then \ldots):\medskip
+\begin{center}\small
+\begin{tabular}{l@ {\hspace{1mm}}c@ {\hspace{1mm}}ll}
+\smath{R_1} & \smath{=} & \smath{R_1; b + R_2; b + \lambda;[]}\\
+\smath{R_2} & \smath{=} & \smath{R_1; a + R_2; a}\\
+& & & by Arden\\
+\smath{R_1} & \smath{=} & \smath{R_1; b + R_2; b + \lambda;[]}\\
+\smath{R_2} & \smath{=} & \smath{R_1; a\cdot a^\star}\\
+\end{tabular}
+\end{center}
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\LARGE Other Direction}
+One has to prove
+\begin{center}
+\smath{\text{finite} (U\!N\!IV /\!/ \approx_{\mathbb{L}(r)})}
+\end{center}
+by induction on \smath{r}. Not trivial, but after a bit
+of thinking, one can prove that if
+\begin{center}
+\smath{\text{finite} (U\!N\!IV /\!/ \approx_{\mathbb{L}(r_1)})}\hspace{5mm}
+\smath{\text{finite} (U\!N\!IV /\!/ \approx_{\mathbb{L}(r_2)})}
+\end{center}
+then
+\begin{center}
+\smath{\text{finite} (U\!N\!IV /\!/ \approx_{\mathbb{L}(r_1) \,\cup\, \mathbb{L}(r_2)})}
+\end{center}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\LARGE What Have We Achieved?}
+\begin{itemize}
+\item \smath{\text{finite}\, (U\!N\!IV /\!/ \approx_L) \;\Leftrightarrow\; L\; \text{is regular}}
+\bigskip\pause
+\item regular languages are closed under complementation; this is easy
+\begin{center}
+\smath{U\!N\!IV /\!/ \approx_L \;\;=\;\; U\!N\!IV /\!/ \approx_{-L}}
+\end{center}
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\LARGE Examples}
+\begin{itemize}
+\item \smath{L \equiv \Sigma^\star 0 \Sigma} is regular
+\begin{quote}\small
+\begin{tabular}{lcl}
+\smath{A_1} & \smath{=} & \smath{\Sigma^\star 00}\\
+\smath{A_2} & \smath{=} & \smath{\Sigma^\star 01}\\
+\smath{A_3} & \smath{=} & \smath{\Sigma^\star 10 \cup \{0\}}\\
+\smath{A_4} & \smath{=} & \smath{\Sigma^\star 11 \cup \{1\} \cup \{[]\}}\\
+\end{tabular}
+\end{quote}
+\item \smath{L \equiv \{ 0^n 1^n \,|\, n \ge 0\}} is not regular
+\begin{quote}\small
+\begin{tabular}{lcl}
+\smath{B_0} & \smath{=} & \smath{\{0^n 1^n \,|\,     n \ge 0\}}\\
+\smath{B_1} & \smath{=} & \smath{\{0^n 1^{(n-1)} \,|\, n \ge 1\}}\\
+\smath{B_2} & \smath{=} & \smath{\{0^n 1^{(n-2)} \,|\, n \ge 2\}}\\
+\smath{B_3} & \smath{=} & \smath{\{0^n 1^{(n-3)} \,|\, n \ge 3\}}\\
+& \smath{\vdots} &\\
+\end{tabular}
+\end{quote}
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\LARGE What We Have Not Achieved}
+\begin{itemize}
+\item regular expressions are not good if you look for a minimal
+one for a language (DFAs have this notion)\pause\bigskip
+\item Is there anything to be said about context free languages:\medskip
+\begin{quote}
+A context free language is where every string can be recognised by
+a pushdown automaton.\bigskip
+\end{quote}
+\end{itemize}
+\textcolor{gray}{\footnotesize Yes. Derivatives also work for c-f grammars. Ongoing work.}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\LARGE Conclusion}
+\begin{itemize}
+\item We formalised the Myhill-Nerode theorem based on
+regular expressions (DFA are difficult to deal with in a theorem prover).\smallskip
+\item Seems to be a common theme: algorithms need to be reformulated
+to better suit formal treatment.\smallskip
+\item The most interesting aspect is that we are able to
+implement the matcher directly inside the theorem prover
+(ongoing work).\smallskip
+\item Parsing is a vast field and seems to offer new results.
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+text_raw {*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}<1>[b]
 \frametitle{
 \begin{tabular}{c}
-\mbox{}\\[23mm]
+\mbox{}\\[13mm]
 \alert{\LARGE Thank you very much!}\\
 \alert{\Large Questions?}
 \end{tabular}}
-\end{frame}}
+%\begin{center}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%\bf \underline{Short Bio:}
-*}
+%\end{center}
+%\mbox{}\\[-17mm]\mbox{}\small
+%\begin{itemize}
+%\item PhD in Cambridge
+%\item Emmy-Noether Fellowship in Munich
+%\item main results in nominal reasoning and nominal unification
+%\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
 (*<*)
 end

changeset 2764	03de62208942
parent 2762	1a1a2b778ba2
child 2771	66ef2a2c64fb