Parametricity of Inductive Predicates

Size: px
Start display at page:

Download "Parametricity of Inductive Predicates"

Transcription

1 Proposal for a Master s thesis Parametricity of Inductive Predicates Supervisors: Dr. Andreas Lochbihler, Dr. Dmitriy Traytel Professor: Prof. David Basin Issue date: May 19, 2017 Prerequisites Good skills in functional programming (e.g., from the FMFP course) Some familiarity with interactive theorem proving, in particular with the Isabelle/HOL proof assistant (e.g., from the CAMR course) Introduction Parametricity is a central notion in functional programming which singles out truly polymorphic functions. Such functions, whose type contains type variables, behave exactly the same, no matter what concrete type they are actually used with at run-time. For example, the standard map function on lists map :: (α β) α list β list is parametric in both type variables a and b, as map f xs merely applies the function f to all elements of xs, independent of whether we use map on a list of Ints or on a list of Strings. Parametricity has numerous theoretical and practical applications. On the theoretical side various theorems follow for free for parametric constants [13]. On the practical side, in particular in the proof assistant Isabelle/HOL [12], parametricity is the key driving force behind data refinement [9, 10], transfer of definitions and theorems accross subtypes and quotient types [7, 8], ensuring productivity of corecursive definitions [2, 4], and defining functions on and proving properties about nonuniform (co)datatypes [3]. Inductive definitions are a common specification mechanism in Isabelle/HOL. For example, the predicate append : α list α list α list B that checks that the concatenation of its first two arguments is equal to its third argument can be defined inductively by the following rules. append xs ys zs append (x xs) ys (x zs) append [] ys ys (1) (2)

2 Like in logic programming à la Prolog, the predicate append can be used (queried) in different ways: iii λxs ys zs. append xs ys zs takes three lists xs, ys, zs as input and checks whether zs really is the concatenation of xs and ys. iio λxs ys. {zs append xs ys zs} takes two lists xs, ys as input and computes the singleton set containing the concatenation of xs and ys. ooi λzs. {(xs, ys) append xs ys zs} takes one list zs as input and computes all the possible decompositions of zs into a prefix xs and a suffix ys. These different ways to compute with append are refered to as modes. It is sensible to separately analyse each mode s parametricity. It turns out that iio and ooi are parametric, i.e., they behave the same no matter what the list element type is, whereas iii behaves the same on isomorphic element types, but not in general. For example, append [x] [] [y] holds for all x and y of the singleton type unit, but not if x and y are booleans. Thus, mode iii is parametric only under certain conditions. Objectives The goal of this thesis is to provide automation for stating and proving parametricity statements of inductively defined predicates. To achieve this, the automation will first perform a mode analysis on the predicates rules to determine consistent modes (see Appendix). These modes determine which terms can be attempted to be proved parametric. To work uniformly for all inductive predicates, the proof of parametricity itself will use the definition of the inductive predicate in terms of least fixpoint combinator lfp applied to a functional. For the above example append, this definition reads after a bit of simplification: append = lfp (λp xs ys zs. xs = [] ys = zs ( xs ys zs x. xs = x xs zs = x zs p xs ys zs )) This definition is not ideal for proving parametricity because of the many unbounded existential quantifiers and equality comparisons as quantifiers and equality are parametric only under strong conditions. To eliminate those problems, the automation will rewrite the argument to lfp into an equivalent term using a match :: (α β) β α set combinator according to a certain mode. In our two example modes iio and ooi for append, we obtain: lfp λp xs ys. {zs} {x zs} match (λ(). []) xs (x,xs) match ( ) xs zs p xs ys lfp λp zs. {([], zs )} {(x xs, ys)} (x,zs) match ( ) zs (xs,ys) p zs 2

3 where () denotes the only value of type unit and ( ) is the uncurried list constructor, i.e., ( )(x, xs) = x xs. The parametricity of those functionals can be reduced to the invertibility of the terms under match (in our case constructors of the list type) and parametricity of the other constants occurring in the functional definition (in our case: operations on sets and the list constructors). Moreover, it can be lifted through the least fixpoint lfp to obtain the parametricity of the terms for the modes. The available modes of a predicate and their parametricity theorems will be stored in Isabelle/HOL such that the information about modes is available when other predicates later use existing predicates. Tasks This project can be subdivided into the following tasks: 1. Familiarize yourself with Isabelle/HOL and Isabelle/ML (read parts of [11, 12, 14]). 2. Familiarize yourself with existing automation for proving parametricity theorems in Isabelle/HOL [6] and the mode analysis theory for inductive predicates [1, 5]. 3. Implement a data structure to store mode information and parametricity theorems for inductive predicates in Isabelle/HOL. 4. Implement a command that takes a an inductive predicate P defined as P = lfp F and a list of desired modes as input and analyzes P s introduction rules to compute for each desired mode the mode annotations and the associated information flow in P s introduction rules (if several information flows are possible, it heuristically picks one that minimises the conditions on the parametricity), rewrites F into another functional G that replaces existential quantifiers in F with the function match according to the computed information flow, automate the proof of G s parametricity by extending the existing parametricity prover to account for match, automates the proof of parametricity of lfp G by proving that G is monotone, and automates the proof of P = Q by fixpoint induction. 5. Evaluate the command on several examples from the Isabelle/HOL library and the Archive of Formal Proofs. 6. (optionally) Implement an algorithm that computes all possible modes for an inductive predicate. 7. (optionally) Automatically prove parametricity of match C (modulo currying) for an arbitrary datatype constructor C. 3

4 8. (optionally) Extend the command to support higher-order inductive predicates in the style of [1, 5]. 9. (optionally) Extend the command to support coinductive predicates defined via the greatest fixpoint combinator gfp. Deliverables The following deliverables are due at the end of the project: Final report The final report should consist of an introduction; a theoretical background section; one or more sections describing the modelling, implementation and evaluation; and a conclusion. The report may be written in English or German. Two copies of the report must be delivered to the supervisor. Isabelle/ML code Complete Isabelle/ML development that runs with a recent developer s version or the latest official version. Presentation At the end of the project, a presentation of 30 minutes must be given during an InfSec group seminar. It should give an overview and discuss the most important highlights of the work. References [1] Stefan Berghofer, Lukas Bulwahn, and Florian Haftmann. Turning inductive into equational specifications. In Stefan Berghofer, Tobias Nipkow, Christian Urban, and Makarius Wenzel, editors, TPHOLs 2009, volume 5674 of LNCS, pages Springer, [2] Jasmin Christian Blanchette, Aymeric Bouzy, Andreas Lochbihler, Andrei Popescu, and Dmitriy Traytel. Friends with benefits: Implementing corecursion in foundational proof assistants. In Hongseok Yang, editor, ESOP 2017, volume of LNCS, pages Springer, [3] Jasmin Christian Blanchette, Fabian Meier, Andrei Popescu, and Dmitriy Traytel. Foundational nonuniform (co)datatypes for higher-order logic. In Joël Ouaknine, editor, LICS IEEE Computer Society, [4] Jasmin Christian Blanchette, Andrei Popescu, and Dmitriy Traytel. Foundational extensible corecursion. In John Reppy, editor, ICFP 2015, pages ACM, [5] Lukas Bulwahn. Code Generation from Inductive Predicates in Isabelle/HOL. Diploma thesis, Fakultät für Informatik, Technische Universität München, [6] Jan Gilcher. Conditional Parametricity in Isabelle/HOL. B.Sc. thesis, ETH Zürich,

5 [7] Brian Huffman and Ondřej Kunčar. Lifting and Transfer: A modular design for quotients in Isabelle/HOL. In Georges Gonthier and Michael Norrish, editors, CPP 2013, volume 8307 of LNCS, pages Springer, [8] Ondřej Kunčar. Types, Abstraction and Parametric Polymorphism in Higher-Order Logic. Ph.d. thesis, Technische Universität München, [9] Peter Lammich. Automatic data refinement. In Sandrine Blazy, Christine Paulin- Mohring, and David Pichardie, editors, ITP 2013, volume 7998 of LNCS, pages Springer, [10] Peter Lammich. Refinement based verification of imperative data structures. In Jeremy Avigad and Adam Chlipala, editors, CPP 2016, pages ACM, [11] Tobias Nipkow and Gerwin Klein. Concrete Semantics: With Isabelle/HOL. Springer, [12] Tobias Nipkow, Lawrence C. Paulson, and Markus Wenzel. Isabelle/HOL: A Proof Assistant for Higher-Order Logic. Springer, [13] Philip Wadler. Theorems for free! In Joseph E. Stoy, editor, FPCA 1989, London, pages ACM, [14] Makarius Wenzel. The Isabelle/Isar Implementation, tum.de/dist/isabelle2016/doc/implementation.pdf. 5

6 First-order modes An inductive definition of a predicate P consists of several introduction rules (possibly none) of the form x 1... x n. Q 1 t t 1 m 1... Q k t k 1... t k m k P t t 0 m (3) where the x 1... x n cover exactly the variables that occur in the introduction rule and (Q i ) 1 i k and P are predicates, i.e., no function applications or lambda abstractions. To simplify notation, we set Q 0 = P. A first-order mode for a type τ 1... τ m B is a subset M of {1,..., m}, which denotes the argument positions that are considered to be input. We write M = {1,..., m} M for the set of output argument positions. A mode annotation M for a predicate is a set of first-order modes for the type of the predicate. In the following, we assume that every predicate P has a mode annotation M P. A mode assignment ((M i ) i, V, π) to an introduction rule like (3) consists of a family of first-order modes (M i ) 0 i k for the types of the predicates Q i. a variable assignment V, which maps each variable x 1,... x n to one of its occurrences in some t i j (we call these occurrences binding), and a permutation π on {1,..., k} such that 1. for all 1 i n, if the occurrence V (x i ) is in t j in the conclusion, then j M 0, i.e., t j is an input argument; 2. for all 1 i n. if the occurrence V (x i ) is in t j j in the assumptions, then j / M j, i.e., t j j is an output argument; 3. for all i M 0, all variable occurrences in t i are binding, i.e., input arguments in the conclusion bind all their variables; 4. for all 1 i k and all 1 j m i and all variables x that occur in t i j, if j M i or x has a non-binding occurrence in t i j, then π(i ) < π(i), where we set π(0) = 0; i.e., π orders the assumptions such that all non-binding variables are bound in the conclusion or earlier assumption. The functions to be inverted (fj i) (i,j) ({0} M 0 ) k j =0 {j } M of a mode assignment ((M j i) i, V, π) are the functions fj i = λy. λ(x). ti j where the (x) denotes the tuple of all variables that have a binding occurrence in t i j and y is the sequence of all other variables in ti j. Note that due to the mode assignment constraints, if a variable s binding occurrence is in some assumption, then this is the only occurrence of that variable in that assumption. A function f : τ σ is invertible for relations T and S if whenever (y, y ) S, then (f 1 (y), f 1 (y )) P(t) where (A, B) P(S) iff x A. y B. (x, y) S and y B. x A. (x, y) B. Datatype constructors are invertible for relations built from the corresponding datatype relators. If f and g are invertible, so is f g. A mode assignment ((M i ) i, V, π) is consistent for an introduction rule for mode M w.r.t. the mode annotations (M Q ) Q iff 1. M 0 = M; 2. for all 1 i k, M i M Qi ; and 6

7 3. for all functions f i j to be inverted, f i j (y) is invertible1 for all possible values y for the non-binding variables in t i j. A mode annotation M is consistent for a predicate P iff for every mode M M and every introduction rule of P, there is a consistent mode assignment for mode M w.r.t. (M Q ) Q where M P = M. Example: Consider the predicate append from the introduction with the mode annotation M = {M iio, M ooi } where M iio = {1, 2} and M ooi = {3}. For (1), consider the following mode annotation ((M 0 = M iio, M 1 = M iio ), V 1, id) where id is the identity permutation and V 1 maps x, xs, and ys to the occurrences in the conclusion and zs to the occurrence in the assumption. This mode annotation is consistent for mode M iio because ( ) is invertible as it is the list constructor. Similarly, the mode annotation ((M 0 = M ooi, M 1 = M ooi ), V 2, id) is consistent for mode M ooi when V 2 maps x and zs to the conclusion occurrences and xs and ys to the assumption. Analogously, mode annotations for (2) can be found for both M iio and M ooi. Thus, M is consistent. Conversely, there is no consistent mode annotation for M iii = {1, 2, 3} for (1) because not both occurrences of x can be binding. In such a case, one may want to preprocess the rule into the following logically equivalent rule x = x append xs ys zs append (x xs) ys (x zs) (4) where we consider = as a binary predicate. If we assume that {1, 2} M =, i.e., = can take two input arguments, then the mode annotation ((M 0 = M iii, M 1 = {1, 2}, M 2 = M iii ), V 3, id) is consistent for (4) for mode M iii, where V 3 maps x, x, xs, ys, and zs to the conclusion. Consistent mode annotations ensure that one can compute the output arguments from the input arguments under the assumption that the invertible functions can be computed. In (4), the mode annotation says that one must deconstruct the ( )-constructors of the first and the third argument, check that the heads are the same (as π(1) < π(2)) and then call append recursively on the tails and ys. 1 We are sloppy here in that we leave the relations for invertibility implicit. 7

From Types to Sets in Isabelle/HOL

From Types to Sets in Isabelle/HOL From Types to Sets in Isabelle/HOL Extented Abstract Ondřej Kunčar 1 and Andrei Popescu 1,2 1 Fakultät für Informatik, Technische Universität München, Germany 2 Institute of Mathematics Simion Stoilow

More information

Nonuniform (Co)datatypes

Nonuniform (Co)datatypes Foundational Nonuniform (Co)datatypes for Higher-Order Logic Jasmin Blanchette Fabian Meier Andrei Popescu Dmitriy Traytel uniform datatype 'a list = Nil Cons 'a ('a list) 1 3 4 uniform datatype 'a list

More information

Friends with Benefits

Friends with Benefits Friends with Benefits Jasmin Blanchette, Aymeric Bouzy, Andreas Lochbihler, Andrei Popescu, Dmitriy Traytel To cite this version: Jasmin Blanchette, Aymeric Bouzy, Andreas Lochbihler, Andrei Popescu, Dmitriy

More information

Turning inductive into equational specifications

Turning inductive into equational specifications Turning inductive into equational specifications Stefan Berghofer and Lukas Bulwahn and Florian Haftmann Technische Universität München Institut für Informatik, Boltzmannstraße 3, 85748 Garching, Germany

More information

Inductive datatypes in HOL. lessons learned in Formal-Logic Engineering

Inductive datatypes in HOL. lessons learned in Formal-Logic Engineering Inductive datatypes in HOL lessons learned in Formal-Logic Engineering Stefan Berghofer and Markus Wenzel Institut für Informatik TU München = Isabelle λ β HOL α 1 Introduction Applications of inductive

More information

Isabelle/HOL:Selected Features and Recent Improvements

Isabelle/HOL:Selected Features and Recent Improvements /: Selected Features and Recent Improvements webertj@in.tum.de Security of Systems Group, Radboud University Nijmegen February 20, 2007 /:Selected Features and Recent Improvements 1 2 Logic User Interface

More information

Programs and Proofs in Isabelle/HOL

Programs and Proofs in Isabelle/HOL Programs and Proofs in Isabelle/HOL Makarius Wenzel http://sketis.net March 2016 = Isabelle λ β α Introduction What is Isabelle? Hanabusa Itcho : Blind monks examining an elephant Introduction 2 History:

More information

Defining Nonprimitively (Co)recursive Functions in Isabelle/HOL

Defining Nonprimitively (Co)recursive Functions in Isabelle/HOL Defining Nonprimitively (Co)recursive Functions in Isabelle/HOL Jasmin Christian Blanchette, Aymeric Bouzy, Andreas Lochbihler, Andrei Popescu, and Dmitriy Traytel 15 August 2018 Abstract This tutorial

More information

Basic Foundations of Isabelle/HOL

Basic Foundations of Isabelle/HOL Basic Foundations of Isabelle/HOL Peter Wullinger May 16th 2007 1 / 29 1 Introduction into Isabelle s HOL Why Type Theory Basic Type Syntax 2 More HOL Typed λ Calculus HOL Rules 3 Example proof 2 / 29

More information

Functional Programming with Isabelle/HOL

Functional Programming with Isabelle/HOL Functional Programming with Isabelle/HOL = Isabelle λ β HOL α Florian Haftmann Technische Universität München January 2009 Overview Viewing Isabelle/HOL as a functional programming language: 1. Isabelle/HOL

More information

COMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein

COMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Toby Murray, June Andronick, Gerwin Klein λ 1 Last time... λ calculus syntax free variables, substitution β reduction α and η conversion

More information

Verified Memoization and Dynamic Programming

Verified Memoization and Dynamic Programming Verified Memoization and Dynamic Programming Simon Wimmer, Shuwei Hu, and Tobias Nipkow Fakultät für Informatik, Technische Universität München Abstract. We present a lightweight framework in Isabelle/HOL

More information

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL Overview A Compact Introduction to Isabelle/HOL Tobias Nipkow TU München 1. Introduction 2. Datatypes 3. Logic 4. Sets p.1 p.2 System Architecture Overview of Isabelle/HOL ProofGeneral Isabelle/HOL Isabelle

More information

1 Scope, Bound and Free Occurrences, Closed Terms

1 Scope, Bound and Free Occurrences, Closed Terms CS 6110 S18 Lecture 2 The λ-calculus Last time we introduced the λ-calculus, a mathematical system for studying the interaction of functional abstraction and functional application. We discussed the syntax

More information

COMP 4161 Data61 Advanced Course. Advanced Topics in Software Verification. Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka

COMP 4161 Data61 Advanced Course. Advanced Topics in Software Verification. Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka COMP 4161 Data61 Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka 1 COMP4161 c Data61, CSIRO: provided under Creative Commons Attribution

More information

λ calculus is inconsistent

λ calculus is inconsistent Content Rough timeline COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Toby Murray λ Intro & motivation, getting started [1] Foundations & Principles

More information

Theorem Proving Principles, Techniques, Applications Recursion

Theorem Proving Principles, Techniques, Applications Recursion NICTA Advanced Course Theorem Proving Principles, Techniques, Applications Recursion 1 CONTENT Intro & motivation, getting started with Isabelle Foundations & Principles Lambda Calculus Higher Order Logic,

More information

Embedding Cryptol in Higher Order Logic

Embedding Cryptol in Higher Order Logic Embedding Cryptol in Higher Order Logic Joe Hurd Computer Laboratory Cambridge University joe.hurd@cl.cam.ac.uk 10 March 2007 Abstract This report surveys existing approaches to embedding Cryptol programs

More information

The design of a programming language for provably correct programs: success and failure

The design of a programming language for provably correct programs: success and failure The design of a programming language for provably correct programs: success and failure Don Sannella Laboratory for Foundations of Computer Science School of Informatics, University of Edinburgh http://homepages.inf.ed.ac.uk/dts

More information

CS3110 Spring 2017 Lecture 7 Specifications using types continued

CS3110 Spring 2017 Lecture 7 Specifications using types continued CS3110 Spring 2017 Lecture 7 Specifications using types continued Robert Constable 1 Lecture Plan 1. Repeating schedule of remaining five problem sets and prelim. 2. Fixing OCaml specification and code

More information

Coq with Classes. Matthieu Sozeau. Journées PPS 2011 September 5th 2011 Trouville, France. Project Team πr 2 INRIA Paris

Coq with Classes. Matthieu Sozeau. Journées PPS 2011 September 5th 2011 Trouville, France. Project Team πr 2 INRIA Paris Coq with Classes Matthieu Sozeau Project Team πr 2 INRIA Paris Journées PPS 2011 September 5th 2011 Trouville, France This talk A quick overview of Coq Elaboration Type Classes Matthieu Sozeau - Coq with

More information

A Verified Compiler from Isabelle/HOL to CakeML

A Verified Compiler from Isabelle/HOL to CakeML A Verified Compiler from Isabelle/HOL to CakeML Lars Hupel and Tobias Nipkow Technische Universität München lars.hupel@tum.de, nipkow@in.tum.de Abstract. Many theorem provers can generate functional programs

More information

Partiality and Recursion in Interactive Theorem Provers - An Overview

Partiality and Recursion in Interactive Theorem Provers - An Overview Partiality and Recursion in Interactive Theorem Provers - An Overview Ana Bove, Alexander Krauss, Matthieu Sozeau To cite this version: Ana Bove, Alexander Krauss, Matthieu Sozeau. Partiality and Recursion

More information

Finite Model Generation for Isabelle/HOL Using a SAT Solver

Finite Model Generation for Isabelle/HOL Using a SAT Solver Finite Model Generation for / Using a SAT Solver Tjark Weber webertj@in.tum.de Technische Universität München Winterhütte, März 2004 Finite Model Generation for / p.1/21 is a generic proof assistant: Highly

More information

CS3110 Spring 2017 Lecture 6 Building on Problem Set 1

CS3110 Spring 2017 Lecture 6 Building on Problem Set 1 CS3110 Spring 2017 Lecture 6 Building on Problem Set 1 Robert Constable 1 Lecture Plan 1. Repeating schedule of remaining five problem sets and prelim. 2. Expressing PS1 related concepts in type theory.

More information

Functional Logic Programming: From Theory to Curry

Functional Logic Programming: From Theory to Curry Functional Logic Programming: From Theory to Curry Michael Hanus Institut für Informatik, CAU Kiel, D-24098 Kiel, Germany. mh@informatik.uni-kiel.de Abstract. Functional logic programming languages combine

More information

The Isabelle/HOL type-class hierarchy

The Isabelle/HOL type-class hierarchy = Isabelle λ β Isar α The Isabelle/HOL type-class hierarchy Florian Haftmann 8 October 2017 Abstract This primer introduces corner stones of the Isabelle/HOL type-class hierarchy and gives some insights

More information

Foundational (Co)datatypes and (Co)recursion for Higher-Order Logic

Foundational (Co)datatypes and (Co)recursion for Higher-Order Logic Foundational (Co)datatypes and (Co)recursion for Higher-Order Logic Julian Biendarra 1, Jasmin Christian Blanchette 2,3( ), Aymeric Bouzy 4, Martin Desharnais 5, Mathias Fleury 3, Johannes Hölzl 6, Ondřej

More information

Partizan Games in Isabelle/HOLZF

Partizan Games in Isabelle/HOLZF Partizan Games in Isabelle/HOLZF Steven Obua Technische Universität München D-85748 Garching, Boltzmannstr. 3, Germany e-mail: obua@in.tum.de, url: http://www4.in.tum.de/~obua Abstract. Partizan Games

More information

Integration of SMT Solvers with ITPs There and Back Again

Integration of SMT Solvers with ITPs There and Back Again Integration of SMT Solvers with ITPs There and Back Again Sascha Böhme and University of Sheffield 7 May 2010 1 2 Features: SMT-LIB vs. Yices Translation Techniques Caveats 3 4 Motivation Motivation System

More information

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27 CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter 2.1-2.7 p. 1/27 CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer

More information

First-Class Type Classes

First-Class Type Classes First-Class Type Classes Matthieu Sozeau Joint work with Nicolas Oury LRI, Univ. Paris-Sud - Démons Team & INRIA Saclay - ProVal Project Gallium Seminar November 3rd 2008 INRIA Rocquencourt Solutions for

More information

Lambda Calculus and Extensions as Foundation of Functional Programming

Lambda Calculus and Extensions as Foundation of Functional Programming Lambda Calculus and Extensions as Foundation of Functional Programming David Sabel and Manfred Schmidt-Schauß 29. September 2015 Lehrerbildungsforum Informatik Last update: 30. September 2015 Overview

More information

Programming Languages 3. Definition and Proof by Induction

Programming Languages 3. Definition and Proof by Induction Programming Languages 3. Definition and Proof by Induction Shin-Cheng Mu Oct. 22, 2015 Total Functional Programming The next few lectures concerns inductive definitions and proofs of datatypes and programs.

More information

MPRI course 2-4 Functional programming languages Exercises

MPRI course 2-4 Functional programming languages Exercises MPRI course 2-4 Functional programming languages Exercises Xavier Leroy October 13, 2016 Part I: Interpreters and operational semantics Exercise I.1 (**) Prove theorem 2 (the unique decomposition theorem).

More information

Week 5 Tutorial Structural Induction

Week 5 Tutorial Structural Induction Department of Computer Science, Australian National University COMP2600 / COMP6260 Formal Methods in Software Engineering Semester 2, 2016 Week 5 Tutorial Structural Induction You should hand in attempts

More information

A Refinement Framework for Monadic Programs in Isabelle/HOL

A Refinement Framework for Monadic Programs in Isabelle/HOL A Refinement Framework for Monadic Programs in Isabelle/HOL Peter Lammich TU Munich, Institut für Informatik, Theorem Proving Group Easter 2013 Peter Lammich (TUM) Refinement Framework Easter 2013 1 /

More information

Lambda Calculus and Type Inference

Lambda Calculus and Type Inference Lambda Calculus and Type Inference Björn Lisper Dept. of Computer Science and Engineering Mälardalen University bjorn.lisper@mdh.se http://www.idt.mdh.se/ blr/ August 17, 2007 Lambda Calculus and Type

More information

How Efficient Can Fully Verified Functional Programs Be - A Case Study of Graph Traversal Algorithms

How Efficient Can Fully Verified Functional Programs Be - A Case Study of Graph Traversal Algorithms How Efficient Can Fully Verified Functional Programs Be - A Case Study of Graph Traversal Algorithms Mirko Stojadinović Faculty of Mathematics, University of Belgrade Abstract. One approach in achieving

More information

Typed Lambda Calculus for Syntacticians

Typed Lambda Calculus for Syntacticians Department of Linguistics Ohio State University January 12, 2012 The Two Sides of Typed Lambda Calculus A typed lambda calculus (TLC) can be viewed in two complementary ways: model-theoretically, as a

More information

Multi-paradigm Declarative Languages

Multi-paradigm Declarative Languages Michael Hanus (CAU Kiel) Multi-paradigm Declarative Languages ICLP 2007 1 Multi-paradigm Declarative Languages Michael Hanus Christian-Albrechts-University of Kiel Programming Languages and Compiler Construction

More information

The Isabelle/Isar Reference Manual

The Isabelle/Isar Reference Manual = Isabelle λ β Isar α The Isabelle/Isar Reference Manual Makarius Wenzel With Contributions by Clemens Ballarin, Stefan Berghofer, Jasmin Blanchette, Timothy Bourke, Lukas Bulwahn, Amine Chaieb, Lucas

More information

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011 CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011 1 Introduction Type checking is a lightweight technique for proving simple properties of programs. Unlike theorem-proving techniques based on axiomatic

More information

1 Introduction. 3 Syntax

1 Introduction. 3 Syntax CS 6110 S18 Lecture 19 Typed λ-calculus 1 Introduction Type checking is a lightweight technique for proving simple properties of programs. Unlike theorem-proving techniques based on axiomatic semantics,

More information

Organisatorials. About us. Binary Search (java.util.arrays) When Tue 9:00 10:30 Thu 9:00 10:30. COMP 4161 NICTA Advanced Course

Organisatorials. About us. Binary Search (java.util.arrays) When Tue 9:00 10:30 Thu 9:00 10:30. COMP 4161 NICTA Advanced Course Organisatorials COMP 4161 NICTA Advanced Course When Tue 9:00 10:30 Thu 9:00 10:30 Where Tue: Law 163 (F8-163) Thu: Australian School Business 205 (E12-205) Advanced Topics in Software Verification Rafal

More information

The Typed λ Calculus and Type Inferencing in ML

The Typed λ Calculus and Type Inferencing in ML Notes on Types S. Arun-Kumar Department of Computer Science and Engineering Indian Institute of Technology New Delhi, 110016 email: sak@cse.iitd.ernet.in April 14, 2002 2 Chapter 1 The Typed λ Calculus

More information

Pure Lambda Calculus. Lecture 17

Pure Lambda Calculus. Lecture 17 Pure Lambda Calculus Lecture 17 Lambda Calculus Lambda Calculus (λ-calculus) is a functional notation introduced by Alonzo Church in the early 1930s to formalize the notion of computability. Pure λ-calculus

More information

Foundations. Yu Zhang. Acknowledgement: modified from Stanford CS242

Foundations. Yu Zhang. Acknowledgement: modified from Stanford CS242 Spring 2013 Foundations Yu Zhang Acknowledgement: modified from Stanford CS242 https://courseware.stanford.edu/pg/courses/317431/ Course web site: http://staff.ustc.edu.cn/~yuzhang/fpl Reading Concepts

More information

Partiality and Recursion in Interactive Theorem Provers An Overview

Partiality and Recursion in Interactive Theorem Provers An Overview Under consideration for publication in Math. Struct. in Comp. Science Partiality and Recursion in Interactive Theorem Provers An Overview A N A B O V E 1, A L E X A N D E R K R A U S S 2, and M A T T H

More information

Formal Systems and their Applications

Formal Systems and their Applications Formal Systems and their Applications Dave Clarke (Dave.Clarke@cs.kuleuven.be) Acknowledgment: these slides are based in part on slides from Benjamin Pierce and Frank Piessens 1 Course Overview Introduction

More information

Formalising FinFuns Generating Code for Functions as Data from Isabelle/HOL

Formalising FinFuns Generating Code for Functions as Data from Isabelle/HOL Formalising FinFuns Generating Code for Functions as Data from Isabelle/HOL Andreas Lochbihler Universität Karlsruhe (TH) 17.8.2009, TPHOLs 2009 Motivation I Quickcheck Andreas Lochbihler (Univ. Karlsruhe

More information

A Framework for Verified Depth-First Algorithms

A Framework for Verified Depth-First Algorithms René Neumann Technische Universität München Garching, Germany rene.neumann@in.tum.de Abstract We present a framework in Isabelle/HOL for formalizing variants of depth-first search. This framework allows

More information

λ calculus Function application Untyped λ-calculus - Basic Idea Terms, Variables, Syntax β reduction Advanced Formal Methods

λ calculus Function application Untyped λ-calculus - Basic Idea Terms, Variables, Syntax β reduction Advanced Formal Methods Course 2D1453, 2006-07 Advanced Formal Methods Lecture 2: Lambda calculus Mads Dam KTH/CSC Some material from B. Pierce: TAPL + some from G. Klein, NICTA Alonzo Church, 1903-1995 Church-Turing thesis First

More information

Tool Presentation: Isabelle/HOL for Reachability Analysis of Continuous Systems

Tool Presentation: Isabelle/HOL for Reachability Analysis of Continuous Systems EPiC Series in Computer Science Volume 34, 2015, Pages 180 187 ARCH14-15. 1st and 2nd International Workshop on Applied verification for Continuous and Hybrid Systems Tool Presentation: Isabelle/HOL for

More information

Infinite Derivations as Failures

Infinite Derivations as Failures Infinite Derivations as Failures Andrea Corradi and Federico Frassetto DIBRIS, Università di Genova, Italy name.surname@dibris.unige.it Abstract. When operating on cyclic data, programmers have to take

More information

Programming Language Concepts: Lecture 19

Programming Language Concepts: Lecture 19 Programming Language Concepts: Lecture 19 Madhavan Mukund Chennai Mathematical Institute madhavan@cmi.ac.in http://www.cmi.ac.in/~madhavan/courses/pl2009 PLC 2009, Lecture 19, 01 April 2009 Adding types

More information

axiomatic semantics involving logical rules for deriving relations between preconditions and postconditions.

axiomatic semantics involving logical rules for deriving relations between preconditions and postconditions. CS 6110 S18 Lecture 18 Denotational Semantics 1 What is Denotational Semantics? So far we have looked at operational semantics involving rules for state transitions, definitional semantics involving translations

More information

A Canonical 1 Locally Named Representation of Binding. α -equivalence is identity. Randy Pollack. Masahiko Sato. LFCS, University of Edinburgh

A Canonical 1 Locally Named Representation of Binding. α -equivalence is identity. Randy Pollack. Masahiko Sato. LFCS, University of Edinburgh A Canonical 1 Locally Named Representation of Binding Randy Pollack LFCS, University of Edinburgh Masahiko Sato Graduate School of Informatics, Kyoto University Version of December 7, 2009 1 α -equivalence

More information

Generic Constructors and Eliminators from Descriptions

Generic Constructors and Eliminators from Descriptions DRAFT Generic Constructors and Eliminators from Descriptions Type Theory as a Dependently Typed Internal DSL Larry Diehl Tim Sheard Portland State University {ldiehl,sheard}@cs.pdx.edu Abstract Dependently

More information

Context aware Calculation and Deduction

Context aware Calculation and Deduction Context aware Calculation and Deduction Ring Equalities via Gröbner Bases in Isabelle Amine Chaieb and Makarius Wenzel Technische Universität München Institut für Informatik, Boltzmannstraße 3, 85748 Garching,

More information

Haskell Overview II (2A) Young Won Lim 8/9/16

Haskell Overview II (2A) Young Won Lim 8/9/16 (2A) Copyright (c) 2016 Young W. Lim. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published

More information

Foundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution

Foundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution Foundations of AI 9. Predicate Logic Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution Wolfram Burgard, Andreas Karwath, Bernhard Nebel, and Martin Riedmiller 09/1 Contents Motivation

More information

Foundational Nonuniform (Co)datatypes for Higher-Order Logic

Foundational Nonuniform (Co)datatypes for Higher-Order Logic Foundational Nonuniform (Co)datatypes for Higher-Order Logic Jasmin Christian Blanchette, Fabian Meier, Andrei Popescu, and Dmitriy Traytel Vrije Universiteit Amsterdam, The Netherlands, and Inria & LORIA,

More information

Type Inference with Inequalities

Type Inference with Inequalities Type Inference with Inequalities Michael I. Schwartzbach mis@daimi.aau.dk Computer Science Department Aarhus University Ny Munkegade DK-8000 Århus C, Denmark Abstract Type inference can be phrased as constraint-solving

More information

From IMP to Java. Andreas Lochbihler. parts based on work by Gerwin Klein and Tobias Nipkow ETH Zurich

From IMP to Java. Andreas Lochbihler. parts based on work by Gerwin Klein and Tobias Nipkow ETH Zurich From IMP to Java Andreas Lochbihler ETH Zurich parts based on work by Gerwin Klein and Tobias Nipkow 2015-07-14 1 Subtyping 2 Objects and Inheritance 3 Multithreading 1 Subtyping 2 Objects and Inheritance

More information

Automatic Proof and Disproof in Isabelle/HOL

Automatic Proof and Disproof in Isabelle/HOL Automatic Proof and Disproof in Isabelle/HOL Jasmin Blanchette, Lukas Bulwahn, Tobias Nipkow Fakultät für Informatik TU München 1 Introduction 2 Isabelle s Standard Proof Methods 3 Sledgehammer 4 Quickcheck:

More information

Programming Languages Lecture 14: Sum, Product, Recursive Types

Programming Languages Lecture 14: Sum, Product, Recursive Types CSE 230: Winter 200 Principles of Programming Languages Lecture 4: Sum, Product, Recursive Types The end is nigh HW 3 No HW 4 (= Final) Project (Meeting + Talk) Ranjit Jhala UC San Diego Recap Goal: Relate

More information

Multi-paradigm Declarative Languages

Multi-paradigm Declarative Languages c Springer-Verlag In Proc. of the International Conference on Logic Programming, ICLP 2007. Springer LNCS 4670, pp. 45-75, 2007 Multi-paradigm Declarative Languages Michael Hanus Institut für Informatik,

More information

JOURNAL OF OBJECT TECHNOLOGY

JOURNAL OF OBJECT TECHNOLOGY JOURNAL OF OBJECT TECHNOLOGY Online at www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2002 Vol. 1, No. 2, July-August 2002 The Theory of Classification Part 2: The Scratch-Built

More information

Calculus of Inductive Constructions

Calculus of Inductive Constructions Calculus of Inductive Constructions Software Formal Verification Maria João Frade Departmento de Informática Universidade do Minho 2008/2009 Maria João Frade (DI-UM) Calculus of Inductive Constructions

More information

Locales and Locale Expressions in Isabelle/Isar

Locales and Locale Expressions in Isabelle/Isar Locales and Locale Expressions in Isabelle/Isar Clemens Ballarin Fakultät für Informatik Technische Universität München 85748 Garching, Germany ballarin@in.tum.de Abstract. Locales provide a module system

More information

Typed Racket: Racket with Static Types

Typed Racket: Racket with Static Types Typed Racket: Racket with Static Types Version 5.0.2 Sam Tobin-Hochstadt November 6, 2010 Typed Racket is a family of languages, each of which enforce that programs written in the language obey a type

More information

Introduction to the Lambda Calculus

Introduction to the Lambda Calculus Introduction to the Lambda Calculus Overview: What is Computability? Church s Thesis The Lambda Calculus Scope and lexical address The Church-Rosser Property Recursion References: Daniel P. Friedman et

More information

Rule Formats for Nominal Modal Transition Systems

Rule Formats for Nominal Modal Transition Systems Rule Formats for Nominal Modal Transition Systems Anke Stüber Universitet Uppsala, Uppsala, Sweden anke.stuber@it.uu.se Abstract. Modal transition systems are specification languages that allow the expression

More information

CMSC 336: Type Systems for Programming Languages Lecture 5: Simply Typed Lambda Calculus Acar & Ahmed January 24, 2008

CMSC 336: Type Systems for Programming Languages Lecture 5: Simply Typed Lambda Calculus Acar & Ahmed January 24, 2008 CMSC 336: Type Systems for Programming Languages Lecture 5: Simply Typed Lambda Calculus Acar & Ahmed January 24, 2008 Contents 1 Solution to the Exercise 1 1.1 Semantics for lambda calculus.......................

More information

CITS3211 FUNCTIONAL PROGRAMMING

CITS3211 FUNCTIONAL PROGRAMMING CITS3211 FUNCTIONAL PROGRAMMING 9. The λ calculus Summary: This lecture introduces the λ calculus. The λ calculus is the theoretical model underlying the semantics and implementation of functional programming

More information

9/23/2014. Why study? Lambda calculus. Church Rosser theorem Completeness of Lambda Calculus: Turing Complete

9/23/2014. Why study? Lambda calculus. Church Rosser theorem Completeness of Lambda Calculus: Turing Complete Dr A Sahu Dept of Computer Science & Engineering IIT Guwahati Why study? Lambda calculus Syntax Evaluation Relationship to programming languages Church Rosser theorem Completeness of Lambda Calculus: Turing

More information

Lecture slides & distribution files:

Lecture slides & distribution files: Type Theory Lecture slides & distribution files: http://www.cs.rhul.ac.uk/home/zhaohui/ttlectures.html Zhaohui Luo Department of Computer Science Royal Holloway, University of London April 2011 2 Type

More information

The Typed Racket Guide

The Typed Racket Guide The Typed Racket Guide Version 5.3.6 Sam Tobin-Hochstadt and Vincent St-Amour August 9, 2013 Typed Racket is a family of languages, each of which enforce

More information

Formalization of Incremental Simplex Algorithm by Stepwise Refinement

Formalization of Incremental Simplex Algorithm by Stepwise Refinement Formalization of Incremental Simplex Algorithm by Stepwise Refinement Mirko Spasić and Filip Marić Faculty of Mathematics, University of Belgrade Abstract. We present an Isabelle/HOL formalization and

More information

Concepts of programming languages

Concepts of programming languages Concepts of programming languages Lecture 5 Wouter Swierstra 1 Announcements Submit your project proposal to me by email on Friday; The presentation schedule in now online Exercise session after the lecture.

More information

Less naive type theory

Less naive type theory Institute of Informatics Warsaw University 26 May 2007 Plan 1 Syntax of lambda calculus Why typed lambda calculi? 2 3 Syntax of lambda calculus Why typed lambda calculi? origins in 1930s (Church, Curry)

More information

Symmetry in Type Theory

Symmetry in Type Theory Google May 29th, 2012 What is Symmetry? Definition Symmetry: Two or more things that initially look distinct, may actually be instances of a more general underlying principle. Why do we care? Simplicity.

More information

Programming and Proving in

Programming and Proving in Programming and Proving in = λ β Isabelle HOL α Tobias Nipkow Fakultät für Informatik Technische Universität München 1 Notation Implication associates to the right: A = B = C means A = (B = C) Similarly

More information

Mechanised Separation Algebra

Mechanised Separation Algebra Mechanised Separation Algebra Gerwin Klein, Rafal Kolanski, and Andrew Boyton 1 NICTA, Sydney, Australia 2 School of Computer Science and Engineering, UNSW, Sydney, Australia {first-name.last-name}@nicta.com.au

More information

A Simpl Shortest Path Checker Verification

A Simpl Shortest Path Checker Verification A Simpl Shortest Path Checker Verification Christine Rizkallah Max-Planck-Institut für Informatik, Saarbrücken, Germany Abstract. Verification of complex algorithms with current verification tools in reasonable

More information

FUNCTIONAL PEARLS The countdown problem

FUNCTIONAL PEARLS The countdown problem To appear in the Journal of Functional Programming 1 FUNCTIONAL PEARLS The countdown problem GRAHAM HUTTON School of Computer Science and IT University of Nottingham, Nottingham, UK www.cs.nott.ac.uk/

More information

Contents. Chapter 1 SPECIFYING SYNTAX 1

Contents. Chapter 1 SPECIFYING SYNTAX 1 Contents Chapter 1 SPECIFYING SYNTAX 1 1.1 GRAMMARS AND BNF 2 Context-Free Grammars 4 Context-Sensitive Grammars 8 Exercises 8 1.2 THE PROGRAMMING LANGUAGE WREN 10 Ambiguity 12 Context Constraints in Wren

More information

Inductive Definitions, continued

Inductive Definitions, continued 1 / 27 Inductive Definitions, continued Assia Mahboubi Jan 7th, 2016 2 / 27 Last lecture Introduction to Coq s inductive types: Introduction, elimination and computation rules; Twofold implementation :

More information

Contents. A Source Code 32 A.1 ASCII versions of mathematical symbols A.2 Definitions of used library functions... 32

Contents. A Source Code 32 A.1 ASCII versions of mathematical symbols A.2 Definitions of used library functions... 32 Contents 1 Declarative Programming 1 1.1 Functional programming.................... 2 1.1.1 Type polymorphism and higher-order functions.... 3 1.1.2 Lazy evaluation..................... 5 1.1.3 Class-based

More information

An Implementation of the Language Lambda Prolog Organized around Higher-Order Pattern Unification

An Implementation of the Language Lambda Prolog Organized around Higher-Order Pattern Unification An Implementation of the Language Lambda Prolog Organized around Higher-Order Pattern Unification SUBMITTED TO THE FACULTY OF THE GRADUATE SCHOOL OF THE UNIVERSITY OF MINNESOTA BY Xiaochu Qi IN PARTIAL

More information

Trusted Source Translation of a Total Function Language

Trusted Source Translation of a Total Function Language Trusted Source Translation of a Total Function Language Guodong Li and Konrad Slind School of Computing, University of Utah {ligd, slind}@cs.utah.edu Abstract. We present a trusted source translator that

More information

Typed Lambda Calculus

Typed Lambda Calculus Department of Linguistics Ohio State University Sept. 8, 2016 The Two Sides of A typed lambda calculus (TLC) can be viewed in two complementary ways: model-theoretically, as a system of notation for functions

More information

Introduction to the Lambda Calculus. Chris Lomont

Introduction to the Lambda Calculus. Chris Lomont Introduction to the Lambda Calculus Chris Lomont 2010 2011 2012 www.lomont.org Leibniz (1646-1716) Create a universal language in which all possible problems can be stated Find a decision method to solve

More information

A Verified Simple Prover for First-Order Logic

A Verified Simple Prover for First-Order Logic A Verified Simple Prover for First-Order Logic Jørgen Villadsen, Anders Schlichtkrull, and Andreas Halkjær From DTU Compute, AlgoLoG, Technical University of Denmark, 2800 Kongens Lyngby, Denmark jovi@dtu.dk

More information

Nonfree Datatypes in Isabelle/HOL Animating a Many-Sorted Metatheory

Nonfree Datatypes in Isabelle/HOL Animating a Many-Sorted Metatheory Nonfree Datatypes in Isabelle/HOL Animating a Many-Sorted Metatheory Andreas Schropp and Andrei Popescu Technische Universität München, Germany Abstract. Datatypes freely generated by their constructors

More information

Random Oracles - OAEP

Random Oracles - OAEP Random Oracles - OAEP Anatoliy Gliberman, Dmitry Zontov, Patrick Nordahl September 23, 2004 Reading Overview There are two papers presented this week. The first paper, Random Oracles are Practical: A Paradigm

More information

15-819M: Data, Code, Decisions

15-819M: Data, Code, Decisions 15-819M: Data, Code, Decisions 08: First-Order Logic André Platzer aplatzer@cs.cmu.edu Carnegie Mellon University, Pittsburgh, PA André Platzer (CMU) 15-819M/08: Data, Code, Decisions 1 / 40 Outline 1

More information

Encoding Object-Z in Isabelle/HOL

Encoding Object-Z in Isabelle/HOL Encoding Object-Z in Isabelle/HOL Graeme Smith 1, Florian Kammüller 2, and Thomas Santen 2 1 Software Verification Research Centre University of Queensland 4072, Australia smith@svrc.uq.edu.au 2 Technische

More information

Transforming Functional Logic Programs into Monadic Functional Programs

Transforming Functional Logic Programs into Monadic Functional Programs Transforming Functional Logic Programs into Monadic Functional Programs Bernd Braßel Sebastian Fischer Michael Hanus Fabian Reck Institut für Informatik, CAU Kiel, D-24098 Kiel, Germany {bbr sebf mh fre}@informatik.uni-kiel.de

More information