Programming with Dependent Types Interactive programs and Coalgebras

Similar documents
Coinduction, Corecursion, Copatterns

Introduction to Co-Induction in Coq

Introduction to Homotopy Type Theory

Mathematics for Computer Scientists 2 (G52MC2)

CS 275 Automata and Formal Language Theory. First Problem of URMs. (a) Definition of the Turing Machine. III.3 (a) Definition of the Turing Machine

DRAFT. Dependent types. Chapter The power of and

Mathematics for Computer Scientists 2 (G52MC2)

Lecture slides & distribution files:

This is already grossly inconvenient in present formalisms. Why do we want to make this convenient? GENERAL GOALS

MLW. Henk Barendregt and Freek Wiedijk assisted by Andrew Polonsky. March 26, Radboud University Nijmegen

Using Agda to Explore Path-Oriented Models of Type Theory

CSC313 High Integrity Systems/CSCM13 Critical Systems. CSC313/CSCM13 Chapter 2 1/ 221

ABriefOverviewofAgda A Functional Language with Dependent Types

Certified Programming with Dependent Types

Infinite Objects and Proofs 1

On Agda JAIST/AIST WS CVS/AIST Yoshiki Kinoshita, Yoriyuki Yamagata. Agenda

Calculus of Inductive Constructions

The three faces of homotopy type theory. Type theory and category theory. Minicourse plan. Typing judgments. Michael Shulman.

10 Years of Partiality and General Recursion in Type Theory

Type- & Example-Driven Program Synthesis. Steve Zdancewic WG 2.8, August 2014

An Introduction to Programming and Proving in Agda (incomplete draft)

CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving

Intersections and Unions of Session Types

Programming Up-to-Congruence, Again. WG 2.8 Estes Park

Types Summer School Gothenburg Sweden August Dogma oftype Theory. Everything has a type

THE AGDA STANDARD LIBRARY

Course notes for Data Compression - 2 Kolmogorov complexity Fall 2005

SAT-CNF Is N P-complete

6c Lecture 3 & 4: April 8 & 10, 2014

Automata and Formal Languages - CM0081 Introduction to Agda

Univalent fibrations in type theory and topology

Propositional Logic Formal Syntax and Semantics. Computability and Logic

Typed Lambda Calculus

COMPUTABILITY THEORY AND RECURSIVELY ENUMERABLE SETS

Proofs-Programs correspondance and Security

Lecture 6: Arithmetic and Threshold Circuits

Programming with dependent types: passing fad or useful tool?

Improving Coq Propositional Reasoning Using a Lazy CNF Conversion

Coq, a formal proof development environment combining logic and programming. Hugo Herbelin

Typed Lambda Calculus for Syntacticians

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27

Behavioural Equivalences and Abstraction Techniques. Natalia Sidorova

MPRI course 2-4 Functional programming languages Exercises

3.4 Deduction and Evaluation: Tools Conditional-Equational Logic

Expressiveness and Complexity of a Graph Logic

c constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms

Coq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=

Formal Predicate Calculus. Michael Meyling

arxiv: v1 [cs.pl] 10 May 2016

Type-driven Development of Communicating Systems in Idris

CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Dan Grossman Spring 2011

Computational problems. Lecture 2: Combinatorial search and optimisation problems. Computational problems. Examples. Example

Foundations of Computer Science Spring Mathematical Preliminaries

SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION

Foundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution

Intuitionistic Type Theory

Programming with (co-)inductive types in Coq

Discrete Mathematics Lecture 4. Harper Langston New York University

Martin-Löf s Type Theory

Interactive Programming in Agda Objects and Graphical User Interfaces

Universes. Universes for Data. Peter Morris. University of Nottingham. November 12, 2009

Cardinality of Sets MAT231. Fall Transition to Higher Mathematics. MAT231 (Transition to Higher Math) Cardinality of Sets Fall / 15

From OCL to Propositional and First-order Logic: Part I

Negations in Refinement Type Systems

Programming with Universes, Generically

STABILITY AND PARADOX IN ALGORITHMIC LOGIC

CHAPTER 8. Copyright Cengage Learning. All rights reserved.

Formalizing the Halting Problem in a Constructive Type Theory

First-Order Logic PREDICATE LOGIC. Syntax. Terms

Coding Trees in the Deflate format

Part VI. Imperative Functional Programming

A NEW PROOF-ASSISTANT THAT REVISITS HOMOTOPY TYPE THEORY THE THEORETICAL FOUNDATIONS OF COQ USING NICOLAS TABAREAU

CSC Discrete Math I, Spring Sets

Classical logic, truth tables. Types, Propositions and Problems. Heyting. Brouwer. Conjunction A B A & B T T T T F F F T F F F F.

Programming Languages Third Edition

COS 320. Compiling Techniques

HW Graph Theory SOLUTIONS (hbovik) - Q

Lecture 5: Predicate Calculus. ffl Predicate Logic ffl The Language ffl Semantics: Structures

Combining Proofs and Programs in a Dependently Typed Language. Certification of High-level and Low-level Programs

Denotational Semantics. Domain Theory

DATABASE THEORY. Lecture 18: Dependencies. TU Dresden, 3rd July Markus Krötzsch Knowledge-Based Systems

Automated Verification of Signalling Principles in Railway Interlockings 1

Formally Certified Satisfiability Solving

Towards Reasoning about State Transformer Monads in Agda. Master of Science Thesis in Computer Science: Algorithm, Language and Logic.

Chapter 2 & 3: Representations & Reasoning Systems (2.2)

8 Colouring Planar Graphs

HOMEWORK #4 SOLUTIONS - MATH 4160

CSCI 270: Introduction to Algorithms and Theory of Computing Fall 2017 Prof: Leonard Adleman Scribe: Joseph Bebel

introduction to Programming in C Department of Computer Science and Engineering Lecture No. #40 Recursion Linear Recursion

Structural polymorphism in Generic Haskell

Proofs are Programs. Prof. Clarkson Fall Today s music: Proof by Paul Simon

Lecture 3: Recursion; Structural Induction

1.3 Primitive Recursive Predicates and Bounded Minimalization

An Operational and Axiomatic Semantics for Non-determinism and Sequence Points in C

/633 Introduction to Algorithms Lecturer: Michael Dinitz Topic: Approximation algorithms Date: 11/27/18

Constructing Strictly Positive Families

LTCS Report. Concept Descriptions with Set Constraints and Cardinality Constraints. Franz Baader. LTCS-Report 17-02

Semi-Passive Replication in the Presence of Byzantine Faults

4. The λ-calc. with Prod. and Conj.

CLF: A logical framework for concurrent systems

Transcription:

Programming with Dependent Types Interactive programs and Coalgebras Anton Setzer Swansea University, Swansea, UK 14 August 2012 1/ 50

A Brief Introduction into ML Type Theory Interactive Programs in Dependent Type Theory More on IO Coalgebras and Bisimulation 2/ 50

A Brief Introduction into ML Type Theory A Brief Introduction into ML Type Theory Interactive Programs in Dependent Type Theory More on IO Coalgebras and Bisimulation 3/ 50

A Brief Introduction into ML Type Theory 1. A Brief Introduction into ML Type Theory Martin-Löf type theory = version of predicative dependent type theory. As in simple type theory we have judgements of the form s is of type A. s : A Additionally we have judgements of the form A : type and judgements expressing on the term and type level having α-equivalent normal form w.r.t. reductions. s = t : A A = B : type 4/ 50

A Brief Introduction into ML Type Theory Logical Framework We have a collection of small types: Set : type If A : Set then A : type. If A = B : Set then A = B : type All types used in the following will be elements of Set, except for Set itself and function types which refer to Set. E.g. A Set : type. Types will be used for expressiveness (and that s what Martin-Löf intended): Instead of B is a set depending on x : A we write B : A Set. 5/ 50

A Brief Introduction into ML Type Theory Judgements E.g. λx.x : N N where N is the type of natural numbers. Because of the higher complexity of the type theory, one doesn t define the valid judgements inductively, but introduces rules for deriving valid judgements. Similar to derivations of propositions. For the main version of ML type theory however, whether s : A is decidable. 6/ 50

A Brief Introduction into ML Type Theory Dependent Types In ML type theory we have dependent types. Simplest example are the type of n m matrices Mat n m. Depends on n, m : N. In ordinary programming languages, matrix multiplication can in general not be typed correctly. All we can do is say that it takes two matrices and returns a 3rd matrix. We cannot enforce that the dimensions of the inputs are correct. In dependent type theory it can be typed as follows: matmult : (n, m, k : N) Mat n m Mat m k Mat n k Example of dependent function type. 7/ 50

A Brief Introduction into ML Type Theory Propositions as Types Using the Brouwer-Heyting-Kolmogorov interpretation of the intuitionistic propositions one can now define propositions as types. Done in such a way such that ψ is intuitionistically provable iff there exists p : ψ. For instance, we can define φ ψ := ϕ ψ ϕ ψ is the product of ϕ and ψ. A proof of ϕ ψ is a pair p, q consisting of An element p : ϕ, i.e. a proof of ϕ and an element q : ψ, i.e. a proof of ψ. 8/ 50

A Brief Introduction into ML Type Theory,,, We can define φ ψ := ϕ + ψ ϕ + ψ is the disjoint union of ϕ and ψ. A proof of ϕ ψ is inl p for p : ϕ or inr q for q : ϕ ϕ ψ is the function type, which maps a proof of ϕ to a proof of ψ. is the false formula, which has no proof, and we can define := is the true formula, which has exactly one proof, and we can interpret it as the one element set data : Set where triv : ϕ := ϕ. 9/ 50

A Brief Introduction into ML Type Theory Propositions as Types We can define x : A.ϕ := (x : A) ϕ The type of functions, mapping any element a : A to a proof of ϕ[x := a] We can define x : A.ϕ := (x : A) ϕ The type of pairs a, p, consisting of an a : A and a p : ϕ[x := a]. 10/ 50

A Brief Introduction into ML Type Theory Sorting functions We can now define, depending on l : List N the proposition Now we can define which maps lists to sorted lists. Sorted l sort : List N (l : List N) Sorted l We can define as well Eq l l expressing that l and l are lists having the same elements and define even better sort : (l : List N) (l : List N) Sorted l Eq l l 11/ 50

A Brief Introduction into ML Type Theory Verified programs This allows to define verified programs. Usage in critical systems. Example, verification of railway interlocking systems (including underground lines). Automatic theorem proving used for proving that concrete interlocking system fulfils signalling principles. Interactive theorem proving used to show that signalling principle imply formalised safety. Interlocking can be run inside Agda without change of language. 12/ 50

A Brief Introduction into ML Type Theory Normalisation However, we need some degree of normalisation, in order to guarantee that p : ϕ implies ϕ is true. By using full recursion, one can define p : ϕ recursively by defining: p : ϕ = p Therefore most types (except for the dependent function type) in standard ML-type theory correspond to essentially inductive-recursive definitions (an extension of inductive data types). Therefore all data types are well-founded. Causes problems since interactive programs correspond to non-well-founded data types. 13/ 50

Interactive Programs in Dependent Type Theory A Brief Introduction into ML Type Theory Interactive Programs in Dependent Type Theory More on IO Coalgebras and Bisimulation 14/ 50

Interactive Programs in Dependent Type Theory 2. Interactive Programs Functional programming based on reduction of expressions. Program is given by an expression which is applied to finitely many arguments. The normal form obtained is the result. Allows only non-interactive batch programs with a fixed number of inputs. In order to have interactive programs, something needs to be added to functional programming (constants with side effects, monads, streams,...). We want a solution which exploits the flexibility of dependent types. 15/ 50

Interactive Programs in Dependent Type Theory Interfaces We consider programs which interact with the real world: They issue a command... (e.g. (1) get last key pressed; (2) write character to terminal; (3) set traffic light to red)... and obtain a response, depending on the command... (e.g. in (1) the key pressed in (2), (3) a trivial element indicating that this was done, or a message indicating success or an error element). 16/ 50

Interactive Programs in Dependent Type Theory Interactive Programs Program Response Command World 17/ 50

Interactive Programs in Dependent Type Theory Dependent Interfaces The set of commands might vary after interactions. E.g. after switching on the printer, we can print; after opening a new window, we can communicate with it; if we have tested whether the printer is on, and got a positive answer, we can print on it (increase of knowledge). States indicate principal possibilities of interaction (we can only communicate with an existing window), objective knowledge (e.g. about which printers are switched on). 18/ 50

Interactive Programs in Dependent Type Theory Interfaces (Cont.) An interface is a quadruple (S, C, R, n) s.t. S : Set. S = set of states which determine the interactions possible. C : S Set. C s = set of commands the program can issue when in state s : S. R : (s : S) (C s) Set. R s c = set of responses the program can obtain from the real world, when having issued command c. n : (s : S) (c : C s) (r : R s c) S. n s c r is the next state the system is in after having issued command c and received response r : R s c. 19/ 50

Interactive Programs in Dependent Type Theory Expl. 1: Interact. with 1 Window S = { }. Only one state, no state-dependency. C = {getchar} {writechar c c Char}. getchar means: get next character from the keyboard. writechar c means: write character on the window. R getchar = Char. Response of the real world to getchar is the character code for the key pressed. R (writechar c) = { }. Response to the request to writing a character is a success message. n c r = 20/ 50

Interactive Programs in Dependent Type Theory Ex. 2: Interact. with many Windows S = N. n : N = number of windows open. Let Finn := {0,..., n 1}. C n = {getchar}. {getselection n > 0} {writestring k s k Fin n s String} {open} {close k k Fin n } writestring k s means: output string s on window k. getselection means: get the window selected. open means: open a new window. close k means: close the kth window. 21/ 50

Interactive Programs in Dependent Type Theory Example 2 (Cont.) R n getchar = Char R n getselection = Fin n R n c = { } otherwise n n open = n + 1 n n (close k) = n 1 n n c r = n otherwise.. 22/ 50

A Brief Introduction into ML Type Theory Interactive Programs in Dependent Type Theory More on IO Coalgebras and Bisimulation 23/ 50

3. The interactive programs for such an interface is given by a family of sets IO : S Set IO s = set of interactive programs, starting in state s; a function c : (s : S) IO s C s c s p = command issued by program p; and a function next : (s : S) (p : IO s), (r : R s (c s p)) IO (n s (c s p) r) next(s, p, r) = program we execute, after having obtained for command c s p response r. 24/ 50

IO-Trees p : IO s (s = n s c r ) c : C s 1100 00 11 (r : R s c ) p : IO s (s = n s c r) c : C s 1100 11 00 (r : R s c) p : IO s c : C s 25/ 50

Need for Coalgebraic Types IO : S Set c : (s : S) IO s C s next : (s : S) (p : IO s), (r : R s (c s p)) IO (n s (c s p) r) We might think we can define IO s as data IO : S Set where do : (s : S) (c : C s) ((r : R s c) IO (n s c r)) IO s However this is the type of well-founded IO-trees, programs which always terminate. Artificial to force programs to always terminate. 26/ 50

Coalgebras Instead we use the type of non-well-founded trees, as given by coalgebras. We consider first non-state dependent programs. So we have as interfaces C : Set, R : C Set The type of programs for this interface requires IO : Set, c : IO C next : (p : IO) (r : R (c p)) IO. 27/ 50

Coalgebras Can be combined into IO : Set. evolve : IO (c : C) (R c IO) Let F X := (c : C) (R c X ). Then need to define evolveio F IO, i.e. an F-coalgebra IO. 28/ 50

Having non-terminating programs can be expressed as having a weakly final F -coalgebra: A f F A g F g evolve IO F (IO A) 29/ 50

In our example we have A f (c : C) (R c A) g IO id (g ) evolve (c : C) (R c IO) 30/ 50

Guarded Recursion A f (c : C) (R c A) g IO id (g ) evolve (c : C) (R c IO) If we split f into two functions: and evolve back into f 0 : A C f 1 : (a : A) R (f 0 a) A c : IO C next : (p : IO) R : (c a) IO 31/ 50

Guarded Recursion we obtain that we can define g : A IO s.t. Simple form of guarded recursion. c (g a) = f 0 a next (g a) = g (f 1 a) 32/ 50

Generalisation In case of final coalgebras we can get a more general principle c (g a) = some { c : C depending on a g a next (g a) = for some a depending on a or some p : IO depending on a We can t have final coalgebras (uniqueness of g above), since this would result in undecidability of type checking. However we can add rules for this and other extended principles. 33/ 50

Desired Notations in Agda record IO : Set where c : IO C next : (p : IO) R (c p) IO 34/ 50

Example Program Assume interface C = {getchar} {writechar c c Char} R getchar = Char, R (writechar c) = { } read : IO c read = getchar next read c = write c write : Char IO c (write c) = writechar c next (write c) = read 35/ 50

Difference to codata Note that in this setting, coalgebras are defined by their elimination rules. So they are not introduced by some constructor, Constructor can be defined using guarded recursion Elements of coalgebras are not infinite objects, but objects which evolves into something infinite. No problem of subject reduction problem as it occurs in Coq and in Agda if allowing dependent pattern matching on coalgebras. Maybe a more accurate picture are IO graphs which unfold to IO trees. 36/ 50

IO Graphs c : C s p : IO s r : R s c r : R s c p : IO s (s = n s c r) c : C s 37/ 50

IO-Trees p : IO s (s = n s c r ) c : C s 1100 00 11 (r : R s c ) p : IO s (s = n s c r) c : C s 1100 11 00 (r : R s c) p : IO s c : C s 38/ 50

Dependent Coalgebras Generalisation to dependent weakly final coalgebras. S : Set, C : S Set, R : (s : S) C s Set, n : (s : S) (c : C s) R s c S, record IO : S Set where c : IO s C s next : (p : IO s) (r : R s (c s p)) IO (n s (c s p) r) 39/ 50

Example Assume the interface interacting with arbitrarily many windows. We can define a function, which when the user presses key o will open a window, when the user presses key c and has at least two open windows, get the selection of a window by the user and will close it 40/ 50

start : (n : N) IO n c (start n) = getchar next (start (n + 2)) c = close n next (start n) o = open n next (start n) x = start n close : (n : N) IO (n + 2) c (close n) = getselection next (close n) k = close n k close : (n : N) (k : Fin n ) IO (n + 2) c (close n k) = close k next (close n k) k = start (n + 1) open : (n : N) IO n c (open n) = open next (open n) = start (n + 1)

More on IO A Brief Introduction into ML Type Theory Interactive Programs in Dependent Type Theory More on IO Coalgebras and Bisimulation 42/ 50

More on IO Server-Side Programs Client Response Command Program 43/ 50

More on IO GUIs In object-oriented programming, GUIs are treated in server-side style: With each event (e.g. button click) an event handler is associated. When the event occurs, the corresponding event handler is activated, which carries out some calculations, possibly modifies the interface and then waits for the next event. So C s = set of events in state s. R s c = possible modifications of the GUI the program can execute. n s c r = next state of the GUI after this interaction. 44/ 50

More on IO IO-Monad By adding leaves labelled by A to IO-trees we can define the IO-monad IO (A : Set) : Set together with operations η : A IO A : IO A (A IO B) IO B 45/ 50

More on IO Compilation We can define a horizontal transformation from a (S, C, R, n)-program into a (S, C, R, n )-program: Assume translatec : (s : S) (c : C s) IO S,C,R,n s (R c) Then we can define translate : IO S,C,R,n IO S,C,R,n by replacing c : C by an execution of translatec c. 46/ 50

Coalgebras and Bisimulation A Brief Introduction into ML Type Theory Interactive Programs in Dependent Type Theory More on IO Coalgebras and Bisimulation 47/ 50

Coalgebras and Bisimulation 4. Coalgebras and Bisimulation For simplicity consider non-state dependent IO-trees. Two IO-trees are the same, if their commands are the same and for every response to it, the resulting IO-trees are bisimilar. Because of non-well-foundedness of trees we need non-well-foundedness of bisimulation. 48/ 50

Coalgebras and Bisimulation Definition of Bisimulation mutual record : IO IO Set where toproof : (p, p : IO) p p Bisimaux (c p) (next p) (c p ) (next p ) data Bisimaux : (c : C) (next : R c IO) (c : C) (next : R c IO) Set where eq : (c : C) (next, next : R c IO) (p : (r : R c) (next r) (next r)) Bisimaux c next c next 49/ 50

Coalgebras and Bisimulation Conclusion Introduction of state-dependent interactive programs. Coalgebras defined by their elimination rules. Categorical diagram corresponds exactly to guarded recursion. IO-monad definable. Compilation. Bisimilarity as a state-dependent weakly final coalgebra. 50/ 50

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback