Formalising FinFuns Generating Code for Functions as Data from Isabelle/HOL

Similar documents
Theorem Proving Principles, Techniques, Applications Recursion

COMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein

MLW. Henk Barendregt and Freek Wiedijk assisted by Andrew Polonsky. March 26, Radboud University Nijmegen

Inductive datatypes in HOL. lessons learned in Formal-Logic Engineering

Exercise 1 (2+2+2 points)

λ calculus is inconsistent

Overview. A normal-order language. Strictness. Recursion. Infinite data structures. Direct denotational semantics. Transition semantics

Isabelle s meta-logic. p.1

Programming with Universes, Generically

From Types to Sets in Isabelle/HOL

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

Polymorphic lambda calculus Princ. of Progr. Languages (and Extended ) The University of Birmingham. c Uday Reddy

CSE-505: Programming Languages. Lecture 20.5 Recursive Types. Zach Tatlock 2016

CS-XXX: Graduate Programming Languages. Lecture 17 Recursive Types. Dan Grossman 2012

Lecture 5: Lazy Evaluation and Infinite Data Structures

Coq with Classes. Matthieu Sozeau. Journées PPS 2011 September 5th 2011 Trouville, France. Project Team πr 2 INRIA Paris

Light-weight containers for Isabelle: efficient, extensible, nestable

Introduction to the Lambda Calculus

10 Years of Partiality and General Recursion in Type Theory

1KOd17RMoURxjn2 CSE 20 DISCRETE MATH Fall

Functional Programming with Isabelle/HOL

In class 75min: 2:55-4:10 Thu 9/30.

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27

CMSC 330, Fall 2018 Midterm 2

CITS3211 FUNCTIONAL PROGRAMMING

This is already grossly inconvenient in present formalisms. Why do we want to make this convenient? GENERAL GOALS

M. Snyder, George Mason University LAMBDA CALCULUS. (untyped)

Functional Programming and Modeling

Reasoning about programs. Chapter 9 of Thompson

Turning inductive into equational specifications

Higher-Order Logic. Specification and Verification with Higher-Order Logic

CS 4110 Programming Languages & Logics. Lecture 17 Programming in the λ-calculus

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL

CIS 500 Software Foundations Midterm I

Types and Programming Languages. Lecture 5. Extensions of simple types

Mechanising a type-safe model of multithreaded Java with a verified compiler

Haskell 98 in short! CPSC 449 Principles of Programming Languages

CSE 3302 Programming Languages Lecture 8: Functional Programming

CIS 500 Software Foundations Midterm I Answer key October 8, 2003

The Metalanguage λprolog and Its Implementation

Typed Racket: Racket with Static Types

COMP4161: Advanced Topics in Software Verification. fun. Gerwin Klein, June Andronick, Ramana Kumar S2/2016. data61.csiro.au

Mathematical Programming and Research Methods (Part II)

CMSC330 Fall 2016 Midterm #2 2:00pm/3:30pm

Idioms are oblivious, arrows are meticulous, monads are promiscuous

CS Lecture 6: Map and Fold. Prof. Clarkson Spring Today s music: Selections from the soundtrack to 2001: A Space Odyssey

Parametricity of Inductive Predicates

MTAEA Convexity and Quasiconvexity

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011

General Bindings and Alpha-Equivalence in Nominal Isabelle

Runtime Checking for Program Verification Systems

Functional Programming. Overview. Topics. Recall λ-terms. Examples

A Verified Simple Prover for First-Order Logic

Denotational Semantics. Domain Theory

1 Introduction. 3 Syntax

Basic Foundations of Isabelle/HOL

CS 4110 Programming Languages & Logics. Lecture 28 Recursive Types

CSC Discrete Math I, Spring Sets

CSE-321 Programming Languages 2010 Midterm

Defining Nonprimitively (Co)recursive Functions in Isabelle/HOL

Towards a Software Model Checker for ML. Naoki Kobayashi Tohoku University

CMSC 336: Type Systems for Programming Languages Lecture 5: Simply Typed Lambda Calculus Acar & Ahmed January 24, 2008

Fall 2013 Midterm Exam 10/22/13. This is a closed-book, closed-notes exam. Problem Points Score. Various definitions are provided in the exam.

CS-XXX: Graduate Programming Languages. Lecture 9 Simply Typed Lambda Calculus. Dan Grossman 2012

The Typed Racket Guide

CSE 505: Concepts of Programming Languages

Convexity. 1 X i is convex. = b is a hyperplane in R n, and is denoted H(p, b) i.e.,

Lambda Calculus as a Programming Language

SAT Modulo Bounded Checking

Three Applications of Strictness in the Efficient Implementaton of Higher-Order Terms

Embedding Cryptol in Higher Order Logic

CS152: Programming Languages. Lecture 7 Lambda Calculus. Dan Grossman Spring 2011

CS Lecture 6: Map and Fold. Prof. Clarkson Fall Today s music: Selections from the soundtrack to 2001: A Space Odyssey

Whereweare. CS-XXX: Graduate Programming Languages. Lecture 7 Lambda Calculus. Adding data structures. Data + Code. What about functions

Flat (Draft) Pasqualino Titto Assini 27 th of May 2016

CS 457/557: Functional Languages

In Praise of Impredicativity: A Contribution to the Formalisation of Meta-Programming

Lecture 14: Recursive Types

Standard ML. Data types. ML Datatypes.1

The University of Nottingham

Quis Custodiet Ipsos Custodes The Java memory model

CS 6110 S14 Lecture 38 Abstract Interpretation 30 April 2014

A Decision Procedure for (Co)datatypes in SMT Solvers. Andrew Reynolds Jasmin Christian Blanchette IJCAI sister conference track, July 12, 2016

Mathematics for Computer Scientists 2 (G52MC2)

Verified Firewall Policy Transformations for Test Case Generation

Midterm Practice Exam Sample Solutions

Lecture 4: Higher Order Functions

An Introduction to Programming and Proving in Agda (incomplete draft)

Part VI. Imperative Functional Programming

On the Logical Foundations of Staged Computation

Synchronization SPL/2010 SPL/20 1

Integration of SMT Solvers with ITPs There and Back Again

Programming in Standard ML: Continued

Introduction to OCaml

First-Class Type Classes

(a) Give inductive definitions of the relations M N and M N of single-step and many-step β-reduction between λ-terms M and N. (You may assume the

An Evolution of Mathematical Tools

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Sections p.

CMPSCI 250: Introduction to Computation. Lecture #1: Things, Sets and Strings David Mix Barrington 22 January 2014

Computability Theory XI

Transcription:

Formalising FinFuns Generating Code for Functions as Data from Isabelle/HOL Andreas Lochbihler Universität Karlsruhe (TH) 17.8.2009, TPHOLs 2009

Motivation I Quickcheck Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 2 / 12

Motivation I Quickcheck Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 2 / 12

Motivation I Quickcheck Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 2 / 12

Motivation II Code generation Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 3 / 12

Motivation II Code generation Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 3 / 12

Shortcomings of finite maps Finite maps in Isabelle 1 Model as function: a b option No support for code generation 2 Use associative lists: ( a b) list Clutter proofs with implementation details Suffer from multiple representations: map-of [(2, 32), (3, 100)] = map-of [(3, 100), (2, 32)] None is always the default value Only useful for functions a b option What about other types? Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 4 / 12

Use FinFuns to push the code generator s boundaries Function equality and quantifiers are a major limitation for Isabelle s code generator Solution: Represent functions explicitly as graph Default value for almost all points List of point-value pairs for changed points (3 := f 100) (2 := f 32) K f 0 Goals: easy to use: Logically like functions (extensionality, application, composition,...) Syntax similar to ordinary functions executability (equality, quantifiers, composition) conservative extension of Isabelle and the code generator Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 5 / 12

The new FinFun type f Logic: subset of function space finfun f Representation Rep_finfun Abstraction Abs_finfun almost everywhere constant functions Function space Implementation: datatype data Finfun a b = Finfun_const b Finfun_update_code (Finfun a b) a b Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 6 / 12

Operators for FinFuns FinFun ordinary function operation complexity K f c λx. c constant function O(1) ˆf (a := f b) f (a := b) pointwise update O(#ˆf ) ˆf f x f x application O(#ˆf ) g f ˆf g f composition O(#ˆf (#ˆf + g )) (ˆf, ĝ) f λx. (f x, g x) parallel evaluation O(#ˆf (#ˆf + #ĝ)) finfun-all ˆP x. P x universal quantifier O((#ˆP) 2 ) ˆf = ĝ f = g equality test O((#ˆf + #ĝ) 2 ) where #ˆf = number of updated points in ˆf Equality test via universal quantification: f = g x. f x = g x x. ((λ(y, z). y = z) (λx. f x, g x)) x ˆf = ĝ finfun-all ((λ(y, z). y = z) f (ˆf, ĝ) f ) Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 7 / 12

Deleting redundant updates 1 Constructor finfun-update-code ˆf a b (written ˆf ( a := f b )) instead of ˆf (a := f b). 2 Implement ˆf (a := f b) recursively: (K f c)(a := f b) = if b = c then K f c else (K f c)( a := f b ) (ˆf ( a := f b ))(a := f b) = if a = a then ˆf (a := f b) else (ˆf (a := f b))( a := f b ) ˆf ( 3 := f False ) ( 2 := f False ) ( 1 := f False ) K f True ˆf (2 := f True) Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 8 / 12

Deleting redundant updates 1 Constructor finfun-update-code ˆf a b (written ˆf ( a := f b )) instead of ˆf (a := f b). 2 Implement ˆf (a := f b) recursively: (K f c)(a := f b) = if b = c then K f c else (K f c)( a := f b ) (ˆf ( a := f b ))(a := f b) = if a = a then ˆf (a := f b) else (ˆf (a := f b))( a := f b ) ˆf ˆf (2 := f True) ( 3 := f False ) (2 := f True) ( 3 := f False ) ( 2 := f False ) ( 1 := f False ) K f True Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 8 / 12

Deleting redundant updates 1 Constructor finfun-update-code ˆf a b (written ˆf ( a := f b )) instead of ˆf (a := f b). 2 Implement ˆf (a := f b) recursively: (K f c)(a := f b) = if b = c then K f c else (K f c)( a := f b ) (ˆf ( a := f b ))(a := f b) = if a = a then ˆf (a := f b) else (ˆf (a := f b))( a := f b ) ˆf ˆf (2 := f True) ( 3 := f False ) ( 3 := f False ) ( 2 := f False ) (2 := f True) ( 1 := f False ) K f True Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 8 / 12

Deleting redundant updates 1 Constructor finfun-update-code ˆf a b (written ˆf ( a := f b )) instead of ˆf (a := f b). 2 Implement ˆf (a := f b) recursively: (K f c)(a := f b) = if b = c then K f c else (K f c)( a := f b ) (ˆf ( a := f b ))(a := f b) = if a = a then ˆf (a := f b) else (ˆf (a := f b))( a := f b ) ˆf ˆf (2 := f True) ( 3 := f False ) ( 3 := f False ) ( 2 := f False ) ( 1 := f False ) ( 1 := f False ) (2 := f True) K f True Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 8 / 12

Deleting redundant updates 1 Constructor finfun-update-code ˆf a b (written ˆf ( a := f b )) instead of ˆf (a := f b). 2 Implement ˆf (a := f b) recursively: (K f c)(a := f b) = if b = c then K f c else (K f c)( a := f b ) (ˆf ( a := f b ))(a := f b) = if a = a then ˆf (a := f b) else (ˆf (a := f b))( a := f b ) ˆf ˆf (2 :=f True) ( 3 := f False ) ( 3 := f False ) ( 2 := f False ) ( 1 := f False ) ( 1 := f False ) K f True K f True (2 := f True) Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 8 / 12

Deleting redundant updates 1 Constructor finfun-update-code ˆf a b (written ˆf ( a := f b )) instead of ˆf (a := f b). 2 Implement ˆf (a := f b) recursively: (K f c)(a := f b) = if b = c then K f c else (K f c)( a := f b ) (ˆf ( a := f b ))(a := f b) = if a = a then ˆf (a := f b) else (ˆf (a := f b))( a := f b ) ˆf ˆf (2 :=f True) ( 3 := f False ) ( 3 := f False ) ( 2 := f False ) ( 1 := f False ) ( 1 := f False ) K f True K f True Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 8 / 12

Universal quantifier finfun-all finfun-all ˆP x. ˆP f x no recursive implementation Generalise: ff -All xs ˆP holds if ˆP holds everywhere except at points in xs: ff -All xs ˆP x. x set xs ˆP f x finfun-all ˆP ff -All [] ˆP Recursive implementation: ff -All xs (K f c) c set xs = UNIV ff -All xs (ˆP( x := f y )) (y x set xs) ff -All (x xs) ˆP set xs = UNIV : use type information (implemented via type classes) infinite type: always false finite type: count distinct elements in xs and compare to card UNIV Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 9 / 12

Example revisited: executable state conformance WORKS! Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 10 / 12

Much more... Primitive recursion operator finfun-rec: finfun-rec c u (K f b) = c b finfun-rec c u (ˆf (a := f b)) = u a b (finfun-rec c u ˆf ) c and u must satisfy identities between K f and ( := f ) Executable sets: Subset: ˆf f ĝ finfun-all ((λ(x, y). x y) f (ˆf, ĝ) f ) Complement: ˆf = (λb. b) f ˆf... Code generator automatically replaces set operations with FinFun operations where possible. Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 11 / 12

Conclusion Future work: Binary search trees for totally ordered domains Better integration with Isabelle packages Summary: + FinFuns generalise finite maps + Executable equality and quantifiers for almost everywhere constant functions + Syntax similar to ordinary functions + Conservative extension of Isabelle and the code generator No λ-abstraction, higher-order unification Available in the AFP and Isabelle Development Snapshot Andreas Lochbihler (Univ. Karlsruhe (TH)) Formalising FinFuns TPHOLs 2009 12 / 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback