Inductive datatypes in HOL. lessons learned in Formal-Logic Engineering

Similar documents
Theorem Proving Principles, Techniques, Applications Recursion

λ calculus is inconsistent

Isabelle s meta-logic. p.1

Functional Programming with Isabelle/HOL

CS 4110 Programming Languages & Logics. Lecture 28 Recursive Types

Functional Programming and Modeling

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL

COMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein

Partizan Games in Isabelle/HOLZF

CS 4110 Programming Languages & Logics. Lecture 27 Recursive Types

Nonuniform (Co)datatypes

MLW. Henk Barendregt and Freek Wiedijk assisted by Andrew Polonsky. March 26, Radboud University Nijmegen

A CRASH COURSE IN SEMANTICS

Parametricity of Inductive Predicates

Exercise 1 ( = 24 points)

Exercise 1 (2+2+2 points)

CSE-321 Programming Languages 2010 Midterm

Calculus of Inductive Constructions

Embedding logics in Dedukti

axiomatic semantics involving logical rules for deriving relations between preconditions and postconditions.

CSE-321 Programming Languages 2011 Final

From Types to Sets in Isabelle/HOL

HIGHER-ORDER ABSTRACT SYNTAX IN TYPE THEORY

Basic Foundations of Isabelle/HOL

Preuves Interactives et Applications

Inductive Definitions, continued

Foundational Nonuniform (Co)datatypes for Higher-Order Logic

10 Years of Partiality and General Recursion in Type Theory

CSE-321 Programming Languages 2012 Midterm

Generalized Iteration and Coiteration for Higher-Order Nested Datatypes

Exercise 1 ( = 18 points)

Integration of SMT Solvers with ITPs There and Back Again

Functional Programming - 2. Higher Order Functions

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

Exercise 1 ( = 22 points)

Turning inductive into equational specifications

Type-indexed functions in Generic Haskell

a brief introduction to (dependent) type theory

3.7 Denotational Semantics

MoreIntro_annotated.v. MoreIntro_annotated.v. Printed by Zach Tatlock. Oct 04, 16 21:55 Page 1/10

M. Snyder, George Mason University LAMBDA CALCULUS. (untyped)

Formal Verification of Monad Transformers

Contractive Signatures with Recursive Types, Type Parameters, and Abstract Types

Introduction to Co-Induction in Coq

We defined congruence rules that determine the order of evaluation, using the following evaluation

CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Dan Grossman Spring 2011

Lecture 14: Recursive Types

Overview. A normal-order language. Strictness. Recursion. Infinite data structures. Direct denotational semantics. Transition semantics

General Bindings and Alpha-Equivalence in Nominal Isabelle

Partiality and Recursion in Interactive Theorem Provers - An Overview

CIS 500 Software Foundations Midterm I

Lecture Notes on Data Representation

Formalising FinFuns Generating Code for Functions as Data from Isabelle/HOL

Lambda Calculus and Extensions as Foundation of Functional Programming

Ornaments in ML. Thomas Williams, Didier Rémy. April 18, Inria - Gallium

Denotational Semantics. Domain Theory

Semantics and Concurrence Module on Semantic of Programming Languages

MoreIntro.v. MoreIntro.v. Printed by Zach Tatlock. Oct 07, 16 18:11 Page 1/10. Oct 07, 16 18:11 Page 2/10. Monday October 10, 2016 lec02/moreintro.

Defining (Co)datatypes in Isabelle/HOL

The Typed λ Calculus and Type Inferencing in ML

A Verified Compiler from Isabelle/HOL to CakeML

Programming and Proving in

Higher-Order Logic. Specification and Verification with Higher-Order Logic

Friends with Benefits

Fall 2013 Midterm Exam 10/22/13. This is a closed-book, closed-notes exam. Problem Points Score. Various definitions are provided in the exam.

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011

Pattern Matching and Abstract Data Types

1 Introduction. 3 Syntax

Programming and Proving in Isabelle/HOL

Semantics and Concurrence Module on Semantic of Programming Languages

Friends with Benefits

A Simple Supercompiler Formally Verified in Coq

GENERAL BINDINGS AND ALPHA-EQUIVALENCE IN NOMINAL ISABELLE

Specification, Verification, and Interactive Proof

CSCE 314 TAMU Fall CSCE 314: Programming Languages Dr. Flemming Andersen. Haskell Functions

Programming Language Concepts: Lecture 19

Generic Constructors and Eliminators from Descriptions

Mechanising a type-safe model of multithreaded Java with a verified compiler

Programs and Proofs in Isabelle/HOL

Lambda calculus. Chapter 2

Work-in-progress: Verifying the Glasgow Haskell Compiler Core language

Programming Languages Lecture 15: Recursive Types & Subtyping

Partiality and Recursion in Interactive Theorem Provers An Overview

Programming with (co-)inductive types in Coq

Nominal Techniques in Coq

Shell CSCE 314 TAMU. Haskell Functions

Concrete Semantics. A Proof Assistant Approach. Tobias Nipkow Fakultät für Informatik Technische Universität München

1.3. Conditional expressions To express case distinctions like

A Pronominal Account of Binding and Computation

Combining Proofs and Programs in a Dependently Typed Language. Certification of High-level and Low-level Programs

From natural numbers to the lambda calculus

Modelling General Recursion in Type Theory

Less naive type theory

Programming Languages Lecture 14: Sum, Product, Recursive Types

Lambda Calculus and Type Inference

Types Summer School Gothenburg Sweden August Dogma oftype Theory. Everything has a type

ATS: a language to make typeful programming real and fun

Executing Higher Order Logic

What s in Main. Tobias Nipkow. December 5, Abstract

Toward explicit rewrite rules in the λπ-calculus modulo

Transcription:

Inductive datatypes in HOL lessons learned in Formal-Logic Engineering Stefan Berghofer and Markus Wenzel Institut für Informatik TU München = Isabelle λ β HOL α 1

Introduction Applications of inductive datatypes Data structures (lists, trees,...) Abstract syntax of programming languages (e.g. Bali)... What we want simple user-supplied datatype specification datatype package characteristic properties (induction, recursion,...) Different approaches Axiomatic Desired theorems are introduced as axioms ( danger of introducing inconsistencies) Inherent Concept of inductive definitions is part of the logic (e.g. Coq) Definitional Define datatypes in terms of already existing types, derive characteristic theorems from definition by formal proof 2

Definitional packages in Isabelle/HOL constdef axclass coinductive inductive typedef datatype recdef primrec record 3

Examples datatype α aexp = If (α bexp) (α aexp) (α aexp) Sum (α aexp) (α aexp) Var α Num nat and α bexp = Less (α aexp) (α aexp) And (α bexp) (α bexp) datatype (α, β)term = Var α App β (((α, β)term)list) datatype (α, β, γ)tree = Atom α Branch β (γ (α, β, γ)tree) datatype α lambda = Var α App (α lambda) (α lambda) Lam (α α lambda) 4

Limitations of set-theoretic datatypes Cardinality restrictions (Cantor) datatype t = C (t bool) D ((bool t) bool) E ((t bool) bool) F C, D, E would yield injections of type (t bool) t Dangerous type parameters datatype (α, β, γ)t = C (α set) D (β γ) E (γ list) Caution: α and β are dangerous: α occurs as an argument of non-datatype constructor set β occurs as left argument of (i.e. not strictly positive) datatype δ u = F ((δ u, δ, δ)t) G datatype δ u = F ((δ, δ u, δ)t) G datatype δ u = F ((δ, δ, δ u)t) G 5

Admissible datatype specifications datatype (α 1,..., α h )t 1 = C 1 1 τ 1 1,1... τ 1 1,m 1 1... C 1 k 1 τ 1 k 1,1... τ 1 k 1,m 1 k 1 and (α 1,..., α h )t n = C n 1 τ n 1,1... τ n 1,m n 1... C n kn τ n kn,1... τ n kn,m n kn Types τ j i,i must be admissible. A type τ is admissible iff τ is non-recursive (i.e. does not contain t 1,..., t n ), or τ = σ τ, where σ is non-recursive and τ is admissible, or τ = (α 1,..., α h )t j, where 1 j n, or τ = (τ 1,..., τ h )t, where t is an existing datatype, and τ 1,..., τ h are admissible, and if τ i is recursive, then ith argument of t is not dangerous 6

Observation: elements of datatypes are trees A universe for recursive types Leaf :: α (α, β)dtree In0, In1 :: (α, β)dtree (α, β)dtree Pair :: (α, β)dtree (α, β)dtree (α, β)dtree Lim :: (β (α, β)dtree) (α, β)dtree embedding non-recursive occurrences of types modeling distinct constructors modeling constructors with multiple arguments embedding function types (infinitary products) Representing trees in HOL position branching label z} { z } { (α, β)node = ( nat (β + nat)) (α + bool) {z } {z } path node value (α, β)dtree = ((α, β)node)set 7

Representing trees in HOL a 1 t = {(f 1, a 1 ), (f 2, a 2 ), (f 3, a 3 )} a 2 a 3 1 2 1 2 where f1 = 1, 0, 0,... f 2 = 2, 1, 0, 0,... f 3 = 2, 2, 0, 0,... t 1 t 2 Pair t 1 t 2 1 2 Pair t 1 t 2 (push (Inr 1) t 1 ) (push (Inr 2) t 2 ) f x 1 f x 2... x 1 x 2 Lim f S {z x. z = push (Inl x) (f x)} 8

Constructing an example datatype α list datatype α list = Nil Cons α (α list) Inductive definition of the representing set Nil-rep list-rep ys list-rep Cons-rep y ys list-rep Nil-rep In0 dummy Cons-rep y ys In1 (Pair (Leaf y) ys) HOL type definition Abs-list (Rep-list x) = x Abs-list y list-rep = Rep-list (Abs-list y) = y α list Rep-list x list-rep Rep-list (α, unit)dtree list-rep Constructors Nil Abs-list Nil-rep Cons x xs Abs-list (Cons-rep x (Rep-list xs)) Nil Cons x xs because In0 t In1 t Cons x xs = Cons y ys x = y xs = ys because In1, Pair, Leaf, Abs-list and Rep-list are injective 9

lfp F = T {x F x x} Inductive definitions and least fixpoints The Knaster-Tarski theorem If F is monotone then lfp F = F (lfp F ) F y y lfp F y F {x P x} {x P x} lfp F {x P x} (weakind) F (lfp F {x P x}) {x P x} lfp F {x P x} (strongind) list-rep as a least fixpoint F L = {x x = Nil-rep y ys. x = Cons-rep y ys ys L} list-rep = lfp F datatype α list = Nil Cons α (α list) list-rep = F list-rep 10

Structural induction α list Induction rule for type α list P Nil x xs. P xs = P (Cons x xs) P xs (list-ind) Induction rule for list-rep Q Nil-rep y ys. Q ys ys list-rep = Q (Cons-rep y ys) ys list-rep = Q ys (list-rep-ind) Derivation of list-ind from list-rep-ind...... = P (Cons y (Abs-list ys))... = P (Abs-list (Cons-rep y (Rep-list (Abs-list ys)))) y ys. P (Abs-list ys) ys list-rep = P (Abs-list (Cons-rep y ys)) Rep-list xs list-rep = P (Abs-list (Rep-list xs)) P xs 11

Primitive recursion α list Recursion combinator list-rec :: β (α α list β β) α list β list-rec f 1 f 2 Nil = f 1 list-rec f 1 f 2 (Cons x xs) = f 2 x xs (list-rec f 1 f 2 xs) Example foldl f a Nil = a foldl f a (Cons x xs) = foldl f (f a x) xs can be defined by foldl λf a xs. list-rec (λf a. a) (λx xs r. (λf a. r f (f a x))) xs f a Inductive definition of function graph list-rel (Nil, f 1 ) list-rel f 1 f 2 (xs, y) list-rel f 1 f 2 (Cons x xs, f 2 x xs y) list-rel f 1 f 2 list-rec f 1 f 2 xs εy. (xs, y) list-rel f 1 f 2 show:!y. (xs, y) list-rel f 1 f 2 (by induction on xs) 12

Datatypes with nested recursion (α, β)term Unfolding the datatype specification datatype (α, β)term = Var α App β ((α, β)term-list) and (α, β)term-list = Nil Cons ((α, β)term) ((α, β)term-list) The representing sets term-rep, term-list-rep :: ((α + β, unit)dtree)set) ts term-list-rep In0 (Leaf (Inl a)) term-rep In1 (Pair (Leaf (Inr b)) ts) term-rep In0 dummy term-list-rep t term-rep ts term-list-rep In1 (Pair t ts) term-list-rep Representation function (primitive recursive) Rep-term-list Nil = In0 dummy Rep-term-list (Cons t ts) = In1 (Pair (Rep-term t) (Rep-term-list ts)) Abs-term-list inv Rep-term-list list-rep Abs-list ((α, β)term)list Abs-term-list term-list-rep Rep-list Rep-term-list 13

(α, β)term continued Constructors Var a Abs-term (In0 (Leaf (Inl a))) App b ts Abs-term (In1 (Pair (Leaf (Inr b)) (Rep-term-list ts))) Induction a. P (Var a) b ts. Q ts = P (App b ts) Q Nil t ts. P t Q ts = Q (Cons t ts) P t Q ts Primitive recursion term-rec f 1... f 4 (Var a) = f 1 a term-rec f 1... f 4 (App b ts) = f 2 b ts (term-list-rec f 1... f 4 ts) term-list-rec f 1... f 4 Nil = f 3 term-list-rec f 1... f 4 (Cons t ts) = f 4 t ts (term-rec f 1... f 4 t) (term-list-rec f 1... f 4 ts) 14

Infinitely branching datatypes (α, β, γ)tree The representing set tree-rep :: ((α + β, γ)dtree)set In0 (Leaf (Inl a)) tree-rep where Funs :: β set (α β)set Funs S {g range g S} g Funs tree-rep In1 (Pair (Leaf (Inr b)) (Lim g)) tree-rep Constructors Atom a Abs-tree (In0 (Leaf (Inl a))) Branch b f Abs-tree (In1 (Pair (Leaf (Inr b)) (Lim (Rep-tree f)))) Structural induction a. P (Atom a) b f. ( x. P (f x)) = P (Branch b f) P t 15

Primitive recursion (α, β, γ)tree Recursion combinator tree-rec :: (α δ) (β (γ (α, β, γ)tree) (γ δ) δ) (α, β, γ)tree δ tree-rec f 1 f 2 (Atom a) = f 1 a tree-rec f 1 f 2 (Branch b f) = f 2 b f ((tree-rec f 1 f 2 ) f) Example member c (Atom a) = (a = c) member c (Branch b f) = ( x. member c (f x)) can be defined by member λc. tree-rec (λa. a = c) (λb f f. x. f x) Inductive definition of function graph tree-rel (Atom a, f 1 a) tree-rel f 1 f 2 (Branch b f, f 2 b f f ) tree-rel f 1 f 2 f compose f (tree-rel f 1 f 2 ) where compose :: (α β) (β γ)set (α γ)set compose f R {f x. (f x, f x) R} 16

Lessons learned Approaches to theory extension mechanisms definitional The logic of choice? take HOL as is ( simply typed, classical set theory) Layered arrangements of concepts ( deep vs. shallow embedding) extra-logical notion of admissibility extra-logical unfolding System integration Bootstrapping problem: universe dtree depends on types nat, α + β, α β Represent these { types as datatypes } { later! } freeness, primitive recursion, rep-datatype: induction representation function More uniform treatment of types Cooperation of packages: not just logical theory extension, also additional information ( theory data concept) 17

Conclusion Achievements Set theoretic construction of mutually recursive nested arbitrarily branching types, together with primitive recursion Knaster-Tarski fixpoint approach Scalable and robust working environment Further work Actual combination of definitional packages Codatatypes (mixing with datatypes?) Non-freely generated types: implement by datatype α t = C α D ((α t)finset) datatype α t = C α D ((α t)list) quotient construction 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback