2

I need to prove that the following selection sort code (in Haskell) is always sorting:

import Data.List (minimum, delete)

ssort :: Ord t => [t] -> [t]
ssort [] = []
ssort xs = let { x = minimum xs } in  x : ssort (delete x xs)

We can assume that we have a function called "sorted" that checks when a list is sorted.

Statement to prove by structural induction: sorted(ssort xs)

I tried the following but I was not able to complete the proof. Can you please help me out to complete the proof?

Base case: xs = []

sorted(ssort xs) =

sorted(ssort []]) =

sorted([]])

correct since sorted([]) is always sorted

Inductive step

IH (inductive hypothesis) = sorted(ssort xs)

show: sorted(ssort y#xs)

case I: x = y = minimum

sorted(ssort y#xs) =

sorted(let { x = minimum (y#xs)} in x : ssort (delete x (y#xs))) = (by definition)

sorted(let { y = minimum (y#xs)} in y : ssort (delete y (y#xs))) = (by substitution)

sorted(y : ssort (delete y (y#xs))) =

sorted(y : ssort (xs)) = (by delete definition)

sorted(y : ssort (xs))

by IH we know that ssort (xs) is sorted, also y is the minimum value so it goes first

case II: y is not minimum

sorted(ssort y#xs) =

sorted(let { x = minimum (y#xs)} in x : ssort (delete x (y#xs))) = (by definition)

.....

no idea

P. Ez
  • 103
  • 4
  • 2
    Side note: to prove the sorting function correct, you need to demonstrate two more things: 1. That the computation eventually terminates, and 2. That the the result of the function is a permutation of its argument (no element has been dropped, doubled, or added). – dfeuer May 12 '19 at 22:15
  • Also, for what it's worth, I suspect you will find it easier to prove an implementation of insertion sort correct, which will lead you more or less directly to proving a mergesort correct. Proving selection sort correct seems like a bit of a dead end; some similar ideas show up in heap sort, but in considerably different clothing. – dfeuer May 12 '19 at 22:19
  • @dfeuer I'll admit that the cases given elide some detail, but aren't both termination and permutation essentially covered by the same induction as presented? Read the induction on `n` to be "`ssort` terminates with correct output (ie. a sorted permutation) of any input of length `n`". Yes, we assume some typeclass laws connecting the `eq`, `ord` instances, some properties of `delete`, and probably a couple other things but the essential structure of the proof doesn't need modification to account for those details? – moonGoose May 12 '19 at 22:28
  • @moonGoose, you may be right. I know it can be rather tricky to get the permutation bit right in formal proofs, but it's probably not bad in informal ones. – dfeuer May 13 '19 at 23:47

1 Answers1

6

Your inductive hypothesis is too weak. You should assume that ssort works correctly on any list of length k rather than some specific list xs of length k.

So, instead, assuming ssort is correct on any list of length k and letting xs be any list of length k+1, 

ssort xs 
= let x = minimum xs in x : ssort (delete x xs) -- by definition of `ssort`
= let x = minimum xs in x : sorted (delete x xs) -- `delete x xs` has length `k` so `ssort` sorts it correctly by IH
= sorted xs -- by definition of sorted, minimum, delete
moonGoose
  • 1,510
  • 6
  • 14