Functional Programming with Isabelle/HOL

Similar documents
Programs and Proofs in Isabelle/HOL

Preuves Interactives et Applications

Turning inductive into equational specifications

Theorem Proving Principles, Techniques, Applications Recursion

Inductive datatypes in HOL. lessons learned in Formal-Logic Engineering

From Types to Sets in Isabelle/HOL

Isabelle s meta-logic. p.1

Functional Programming and Modeling

Integration of SMT Solvers with ITPs There and Back Again

Code generation from Isabelle/HOL theories

Isabelle/HOL:Selected Features and Recent Improvements

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL

COMP4161: Advanced Topics in Software Verification. fun. Gerwin Klein, June Andronick, Ramana Kumar S2/2016. data61.csiro.au

Finite Model Generation for Isabelle/HOL Using a SAT Solver

Induction in Coq. Nate Foster Spring 2018

Basic Foundations of Isabelle/HOL

Haskell-style type classes with Isabelle/Isar

How Efficient Can Fully Verified Functional Programs Be - A Case Study of Graph Traversal Algorithms

Coq, a formal proof development environment combining logic and programming. Hugo Herbelin

Automatic Proof and Disproof in Isabelle/HOL

A CRASH COURSE IN SEMANTICS

Dependent Types and Irrelevance

A Verified Compiler from Isabelle/HOL to CakeML

Programming and Proving in

Provably Correct Software

Formalization of Incremental Simplex Algorithm by Stepwise Refinement

Introduction to dependent types in Coq

The Isabelle/HOL type-class hierarchy

CSCI-GA Scripting Languages

Coq with Classes. Matthieu Sozeau. Journées PPS 2011 September 5th 2011 Trouville, France. Project Team πr 2 INRIA Paris

Unit- and Sequence Test Generation with HOL-TestGen

First-Class Type Classes

Encoding Object-Z in Isabelle/HOL

Concrete Semantics. A Proof Assistant Approach. Tobias Nipkow Fakultät für Informatik Technische Universität München

COMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein

Pattern Matching and Abstract Data Types

Reasoning Using Higher-Order Abstract Syntax in a Higher-Order Logic Proof Environment: Improvements to Hybrid and a Case Study

Specification, Verification, and Interactive Proof

Context aware Calculation and Deduction

Induction Schemes. Math Foundations of Computer Science

Vector Clocks in Coq

Lecture #13: Type Inference and Unification. Typing In the Language ML. Type Inference. Doing Type Inference

Synthesis of distributed mobile programs using monadic types in Coq

An Isabelle/HOL-based Model of Stratego-like Traversal Strategies

A Brief Introduction to Standard ML

Reasoning about programs. Chapter 9 of Thompson

Parametricity of Inductive Predicates

type classes & locales

Structural polymorphism in Generic Haskell

Partiality and Recursion in Interactive Theorem Provers - An Overview

Programming and Proving in Isabelle/HOL

Lecture #23: Conversion and Type Inference

Conversion vs. Subtyping. Lecture #23: Conversion and Type Inference. Integer Conversions. Conversions: Implicit vs. Explicit. Object x = "Hello";

Isabelle Tutorial: System, HOL and Proofs

locales ISAR IS BASED ON CONTEXTS CONTENT Slide 3 Slide 1 proof - fix x assume Ass: A. x and Ass are visible Slide 2 Slide 4 inside this context

Type Theory meets Effects. Greg Morrisett

Intrinsically Typed Reflection of a Gallina Subset Supporting Dependent Types for Non-structural Recursion of Coq

MLW. Henk Barendregt and Freek Wiedijk assisted by Andrew Polonsky. March 26, Radboud University Nijmegen

Why3 where programs meet provers

Programming Languages Lecture 14: Sum, Product, Recursive Types

Proving Inequalities over Reals with Computation in Isabelle/HOL

Functional Programming

Com S 541. Programming Languages I

Simply-Typed Lambda Calculus

Partiality and Recursion in Interactive Theorem Provers An Overview

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011

The Isabelle/Isar Reference Manual

Verifying Concurrent ML programs

Interactive Theorem Proving in Higher-Order Logics

1 Introduction. 3 Syntax

Numerical Computations and Formal Methods

CS 4110 Programming Languages & Logics. Lecture 28 Recursive Types

Generic Constructors and Eliminators from Descriptions

Formal proofs and certified computation in Coq

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

Combining Static and Dynamic Contract Checking for Curry

λ calculus is inconsistent

Verification of an LCF-Style First-Order Prover with Equality

Verified Firewall Policy Transformations for Test Case Generation

Me and my research. Wouter Swierstra Vector Fabrics, 6/11/09

10 Years of Partiality and General Recursion in Type Theory

Adding GADTs to OCaml the direct approach

A unified machine-checked model for multithreaded Java

Programming with dependent types: passing fad or useful tool?

CS Lecture 6: Map and Fold. Prof. Clarkson Spring Today s music: Selections from the soundtrack to 2001: A Space Odyssey

MPRI course 2-4 Functional programming languages Exercises

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214

Natural Numbers. We will use natural numbers to illustrate several ideas that will apply to Haskell data types in general.

The design of a programming language for provably correct programs: success and failure

Lecture 8: Summary of Haskell course + Type Level Programming

Mathematics for Computer Scientists 2 (G52MC2)

An Introduction to Isabelle/HOL 2008

Embedding Cryptol in Higher Order Logic

Programming and Proving in Isabelle/HOL

CS-XXX: Graduate Programming Languages. Lecture 9 Simply Typed Lambda Calculus. Dan Grossman 2012

Type Classes and Overloading in Higher-Order Logic

Programming with Universes, Generically

Modular dependent induction in Coq, Mendler-style. Paolo Torrini

User-Defined Algebraic Data Types

Proving Properties on Programs From the Coq Tutorial at ITP 2015

Transcription:

Functional Programming with Isabelle/HOL = Isabelle λ β HOL α Florian Haftmann Technische Universität München January 2009

Overview Viewing Isabelle/HOL as a functional programming language: 1. Isabelle/HOL Specification Tools. 2. Code Generation from Isabelle/HOL-Theories. 3. Behind the Scene. 1 / 18

Overview Viewing Isabelle/HOL as a functional programming language: 1. Isabelle/HOL Specification Tools. 2. Code Generation from Isabelle/HOL-Theories. 3. Behind the Scene. Isabelle/HOL code generation SML / OCaml / Haskell specification tools 1 / 18

Isabelle/HOL specification tools

The definitional game Aim: write programs in Isabelle/HOL as naturally as in, say, SML... Isabelle/HOL specification tools 3 / 18

The definitional game Aim: write programs in Isabelle/HOL as naturally as in, say, SML... but it s not enough just to claim arbitrary things: axiomatization nonsense :: nat nat where nonsense-def : nonsense n = Suc (nonsense n) Isabelle/HOL specification tools 3 / 18

The definitional game Aim: write programs in Isabelle/HOL as naturally as in, say, SML... but it s not enough just to claim arbitrary things: axiomatization nonsense :: nat nat where nonsense-def : nonsense n = Suc (nonsense n) lemma 0 = Suc 0 proof from nonsense-def have nonsense 0 nonsense 0 = Suc (nonsense 0) nonsense 0 by simp then show 0 = Suc 0 by simp qed Isabelle/HOL specification tools 3 / 18

The definitional game Aim: write programs in Isabelle/HOL as naturally as in, say, SML... but it s not enough just to claim arbitrary things: axiomatization nonsense :: nat nat where nonsense-def : nonsense n = Suc (nonsense n) lemma 0 = Suc 0 proof from nonsense-def have nonsense 0 nonsense 0 = Suc (nonsense 0) nonsense 0 by simp then show 0 = Suc 0 by simp qed Things have to be properly constructed, that is: Find an appropriate primitive definition. Derive desired specification (honest toil). Specification tools automate this. Isabelle/HOL specification tools 3 / 18

The Isabelle/HOL toolbox Isabelle/HOL code generation SML / OCaml / Haskell specification tools inductive predicates Knaster-Tarski fixed point theorem inductive datatypes inductive predicate plus typedef primitive recursion primitive recursion combinator terminating functions explicit function graph plus definite choice Isabelle/HOL specification tools 4 / 18

Type classes Leightweight mechanism for overloading plus abstract specification. Example: algebra Isabelle/HOL specification tools 5 / 18

Code generator basics

Code generation paradigms proof extraction animates proof derivations in the spirit of the Curry- Howard isomorphism (cf. Coq) Code generator basics 7 / 18

Code generation paradigms proof extraction animates proof derivations in the spirit of the Curry- Howard isomorphism (cf. Coq) shallow embedding identifies term language of logic with term language of target language Code generator basics 7 / 18

Code generation paradigms proof extraction animates proof derivations in the spirit of the Curry- Howard isomorphism (cf. Coq) shallow embedding identifies term language of logic with term language of target language In the HOL tradition the second approach is favoured, Isabelle/HOL permits proof extraction, though. Code generator basics 7 / 18

Code generation paradigms proof extraction animates proof derivations in the spirit of the Curry- Howard isomorphism (cf. Coq) shallow embedding identifies term language of logic with term language of target language In the HOL tradition the second approach is favoured, Isabelle/HOL permits proof extraction, though. Isabelle/HOL code generation SML / OCaml / Haskell specification tools Code generator basics 7 / 18

Code generation using shallow embedding Correctness criterion: semantics of generated target language program P describes a term rewrite system where each derivation can be simulated in the theory Θ of the logic: sum [Suc Zero_nat, Suc Zero_nat] t identification t datatype nat = Suc of nat Zero_nat; fun plus_nat (Suc m) n = plus_nat m (Suc n) plus_nat Zero_nat n = n; fun sum [] = Zero_nat sum (m :: ms) = plus_nat m (sum ms); E Θ code generation E P Suc (Suc Zero_nat) u identification u Code generator basics 8 / 18

Code generation using shallow embedding Correctness criterion: semantics of generated target language program P describes a term rewrite system where each derivation can be simulated in the theory Θ of the logic: sum [Suc Zero_nat, Suc Zero_nat] t identification t datatype nat = Suc of nat Zero_nat; fun plus_nat (Suc m) n = plus_nat m (Suc n) plus_nat Zero_nat n = n; fun sum [] = Zero_nat sum (m :: ms) = plus_nat m (sum ms); E Θ code generation E P Suc (Suc Zero_nat) u identification u (partial correctness) Code generator basics 8 / 18

Examples amortised queues amortised queues with poor man s datatype abstraction algebra with type classes Code generator basics 9 / 18

A closer look at code generation

How does a code generator look like? A closer look at code generation 11 / 18

How does a code generator look like? A closer look at code generation 11 / 18

Architecture Isabelle/HOL tools Isabelle theory selection SML OCaml... Haskell serialisation preprocessing code equations translation intermediate language A closer look at code generation 12 / 18

Intermediate language purpose: add structure to bare logical equations A closer look at code generation 13 / 18

Intermediate language purpose: add structure to bare logical equations data κ α k = f 1 of τ 1... f n of τ n fun f :: α::s k. τ where f [α::s k ] t 1 = t 1... f [α::s k ] t k = t k class c c 1... c m where f 1 :: α. τ 1,..., f n :: α. τ n inst κ α::s k :: c where f 1 [κ α::s k ] = t 1,..., f n [κ α::s k ] = t n... a kind of Mini-Haskell A closer look at code generation 13 / 18

Intermediate language purpose: add structure to bare logical equations data κ α k = f 1 of τ 1... f n of τ n fun f :: α::s k. τ where f [α::s k ] t 1 = t 1... f [α::s k ] t k = t k class c c 1... c m where f 1 :: α. τ 1,..., f n :: α. τ n inst κ α::s k :: c where f 1 [κ α::s k ] = t 1,..., f n [κ α::s k ] = t n... a kind of Mini-Haskell... not All-gol, but Thin-gol A closer look at code generation 13 / 18

Selecting Two degrees of freedom: code equations by default: definition, primrec, fun, function explicitly: attribute [code] datatype constructors by default: datatype, record explicitly: code-datatype A closer look at code generation 14 / 18

Preprocessing Interface to plugin arbitrary theorem transformations: rewrites simpset function transformators theory -> thm list -> thm list A closer look at code generation 15 / 18

Serialising Adaption to target-language specifics: improving readability and aesthetics of generated code (bools, tuples, lists,... ) gaining efficiency (target-language integers) interface with language parts which have no direct counterpart in HOL (imperative data structures) A closer look at code generation 16 / 18

Serialising Adaption to target-language specifics: improving readability and aesthetics of generated code (bools, tuples, lists,... ) gaining efficiency (target-language integers) interface with language parts which have no direct counterpart in HOL (imperative data structures)... but: know what you are doing! A closer look at code generation 16 / 18

Serialising Adaption to target-language specifics: improving readability and aesthetics of generated code (bools, tuples, lists,... ) gaining efficiency (target-language integers) interface with language parts which have no direct counterpart in HOL (imperative data structures)... but: know what you are doing! Remember the fundamental rule of software engineering: Don t write your own foo; if you can, use somebody else s. A closer look at code generation 16 / 18

Serialising Adaption to target-language specifics: improving readability and aesthetics of generated code (bools, tuples, lists,... ) gaining efficiency (target-language integers) interface with language parts which have no direct counterpart in HOL (imperative data structures)... but: know what you are doing! Remember the fundamental rule of software engineering: Don t write your own foo; if you can, use somebody else s. foo { operating system, garabage collector, cryptographic algorithm, concurrency framework, theorem prover,... } A closer look at code generation 16 / 18

Serialising Adaption to target-language specifics: improving readability and aesthetics of generated code (bools, tuples, lists,... ) gaining efficiency (target-language integers) interface with language parts which have no direct counterpart in HOL (imperative data structures)... but: know what you are doing! Remember the fundamental rule of software engineering: Don t write your own foo; if you can, use somebody else s. foo { operating system, garabage collector, cryptographic algorithm, concurrency framework, theorem prover,... } {serialisation} A closer look at code generation 16 / 18

What remains Not mentioned here implementing equality code extraction from proofs Ongoing work and research turning inductive predicates into equations Haskabelle: importing Haskell files Quickcheck concept for datatype abstraction Further reading Tutorials in the Isabelle distribution for functions, code generation etc. PhD thesis on code generation (under heavy construction... )... A closer look at code generation 17 / 18

Happy proving, happy hacking Thanks for your attention

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback