Introduction to dependent types in Coq

Similar documents
HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

Certified Programming with Dependent Types

c constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms

Coq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=

Coq in a Hurry. Yves Bertot

CIS 194: Homework 8. Due Wednesday, 8 April. Propositional Logic. Implication

Proofs are Programs. Prof. Clarkson Fall Today s music: Proof by Paul Simon

CS 456 (Fall 2018) Scribe Notes: 2

A Coq tutorial for confirmed Proof system users

Coq in a Hurry. Yves Bertot. To cite this version: HAL Id: inria v6

Logical Verification Course Notes. Femke van Raamsdonk Vrije Universiteit Amsterdam

An Introduction to Programming and Proving in Agda (incomplete draft)

CIS 500 Software Foundations. Midterm I. (Standard and advanced versions together) October 1, 2013 Answer key

LASER 2011 Summerschool Elba Island, Italy Basics of COQ

Mathematics for Computer Scientists 2 (G52MC2)

The Coq Proof Assistant A Tutorial

Expr_annotated.v. Expr_annotated.v. Printed by Zach Tatlock

Coq in a Hurry. Yves Bertot. October 2008

Programming with (co-)inductive types in Coq

Induction in Coq. Nate Foster Spring 2018

Inductive prod (A B : Set) : Set := pair : A -> B -> prod A B. Inductive sum (A B : Set) : Set := inl : A -> sum A B inr : B -> sum A B.

The Coq Proof Assistant A Tutorial

First-Class Type Classes

On Agda JAIST/AIST WS CVS/AIST Yoshiki Kinoshita, Yoriyuki Yamagata. Agenda

The Coq Proof Assistant A Tutorial

Infinite Objects and Proofs 1

Inductive data types

Basic Foundations of Isabelle/HOL

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214

Mathematics for Computer Scientists 2 (G52MC2)

Inductive Definitions, continued

Definition: A context-free grammar (CFG) is a 4- tuple. variables = nonterminals, terminals, rules = productions,,

Coq in a Hurry. Yves Bertot. HAL Id: inria v5

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL

CIS 500: Software Foundations

CIS 500: Software Foundations

The Truth about Types. Bartosz Milewski

MoreIntro_annotated.v. MoreIntro_annotated.v. Printed by Zach Tatlock. Oct 04, 16 21:55 Page 1/10

A NEW PROOF-ASSISTANT THAT REVISITS HOMOTOPY TYPE THEORY THE THEORETICAL FOUNDATIONS OF COQ USING NICOLAS TABAREAU

Proofs are Programs. Prof. Clarkson Fall Today s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson

MoreIntro.v. MoreIntro.v. Printed by Zach Tatlock. Oct 07, 16 18:11 Page 1/10. Oct 07, 16 18:11 Page 2/10. Monday October 10, 2016 lec02/moreintro.

Heq: a Coq library for Heterogeneous Equality

Improving Coq Propositional Reasoning Using a Lazy CNF Conversion

Now that we have keys defined for the maps, we can start talking about maps. The first of these are Total Maps. Total Maps are defined as follows:

CIS 500: Software Foundations

Introduction to Coq Proof Assistant

Automated Reasoning. Natural Deduction in First-Order Logic

Introduction to the Coq proof assistant First part

STABILITY AND PARADOX IN ALGORITHMIC LOGIC

Universes. Universes for Data. Peter Morris. University of Nottingham. November 12, 2009

Analysis of dependent types in Coq through the deletion of the largest node of a binary search tree

Types Summer School Gothenburg Sweden August Dogma oftype Theory. Everything has a type

Topic 3: Propositions as types

L04_in_class.v. L04_in_class.v. Printed by Zach Tatlock

Lecture slides & distribution files:

Calculus of Inductive Constructions

CSE 311: Foundations of Computing. Lecture 8: Predicate Logic Proofs

Programming with Universes, Generically

Induction and Semantics in Dafny

Natural Numbers. We will use natural numbers to illustrate several ideas that will apply to Haskell data types in general.

Coq Summer School. Yves Bertot

Coq projects for type theory 2018

10 Years of Partiality and General Recursion in Type Theory

Lecture 3: Typed Lambda Calculus and Curry-Howard

Verification in Coq. Prof. Clarkson Fall Today s music: Check Yo Self by Ice Cube

Abella: A System for Reasoning about Relational Specifications

Typed Lambda Calculus

4 Programming with Types

Embedding logics in Dedukti

Implementing Constructive Logics with OCaml

Equations: a tool for dependent pattern-matching

CS3110 Spring 2017 Lecture 9 Inductive proofs of specifications

Preuves Interactives et Applications

Me and my research. Wouter Swierstra Vector Fabrics, 6/11/09

Univalent fibrations in type theory and topology

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter 11 p. 1/38

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Numerical Computations and Formal Methods

Introductory logic and sets for Computer scientists

Importing HOL-Light into Coq

An experiment with variable binding, denotational semantics, and logical relations in Coq. Adam Chlipala University of California, Berkeley

Lecture 5 - Axiomatic semantics

Formal Predicate Calculus. Michael Meyling

Notes. Notes. Introduction. Notes. Propositional Functions. Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry.

Warm-Up Problem. Let L be the language consisting of as constant symbols, as a function symbol and as a predicate symbol. Give an interpretation where

Fondamenti della Programmazione: Metodi Evoluti. Lezione 5: Invariants and Logic

Haske k ll An introduction to Functional functional programming using Haskell Purely Lazy Example: QuickSort in Java Example: QuickSort in Haskell

Z Notation. June 21, 2018

arxiv: v2 [cs.lo] 6 Sep 2018

CSE 20 DISCRETE MATH. Winter

Software Engineering Lecture Notes

An introduction introduction to functional functional programming programming using usin Haskell

CSE 20 DISCRETE MATH. Fall

Hoare Logic. COMP2600 Formal Methods for Software Engineering. Rajeev Goré

Lee Pike. June 3, 2005

CSE505, Fall 2012, Midterm Examination October 30, 2012

Provably Correct Software

Typed Lambda Calculus for Syntacticians

Abella: A System for Reasoning about Relational Specifications

Reasoning About Imperative Programs. COS 441 Slides 10

Transcription:

October 24, 2008

basic use of the Coq system In Coq, you can play with simple values and functions. The basic command is called Check, to verify if an expression is well-formed and learn what is its type. Check 3. 3 : nat Check plus. plus : nat nat nat Check plus 3 4. 3 + 4 : nat

Building your own function Check fun x:nat => 3 + x. fun x:nat => 3 + x : nat nat use type inference when possible, Check fun x => 3 + x. fun x:nat => 3 + x : nat nat Check fun (x:nat)(y:bool) => if y then x else 3. fun (x : nat) (y : bool) => if y then x else 3 : nat bool nat

Applying functions Check (fun x => 3 + x) 4 (fun (x : nat) => 3 + x) 4 : nat You can also force functions to compute Eval compute in (fun x => 3 + x) 4 = 7 : nat

Proofs as functions, functions as proofs Using the Modus-Ponens rule: if A implies B and A both hold, then we can deduce B,

Proofs as functions, functions as proofs Using the Modus-Ponens rule: if A implies B and A both hold, then we can deduce B, The Moduls-Ponens rule transforms any proof of A B into a function mapping (the type of) proofs of A to (the type of) proofs of B, Try reading without the text in parentheses.

Proofs as functions, functions as proofs Using the Modus-Ponens rule: if A implies B and A both hold, then we can deduce B, The Moduls-Ponens rule transforms any proof of A B into a function mapping (the type of) proofs of A to (the type of) proofs of B, Try reading without the text in parentheses. Using the forall-elimination rule: if x : A, P and e has type A, then we can deduce P[x\e], The forall elimination rule transforms any proof of x : A, P into a function mapping any element e of A to a proof of P[x\e], P where x is replaced by e.

Proofs as functions, functions as proofs Using the Modus-Ponens rule: if A implies B and A both hold, then we can deduce B, The Moduls-Ponens rule transforms any proof of A B into a function mapping (the type of) proofs of A to (the type of) proofs of B, Try reading without the text in parentheses. Using the forall-elimination rule: if x : A, P and e has type A, then we can deduce P[x\e], The forall elimination rule transforms any proof of x : A, P into a function mapping any element e of A to a proof of P[x\e], P where x is replaced by e. When considering total functions, we also have the reverse: any function of type A B can be used to prove A B,

And for universal formulas? Simple types, as found in Ocaml or Haskell are not enough, The rest of this lecture is about new constructs for universal quantification. In the next slides, blue will be use for types.

The Curry-Howard Isomorphism Accept the existence of a type Prop whose elements are types, All elements of Prop are types of proofs, Thus if A and B are types of of proofs, then A B is also a type of proof, Next, accept that a type of proofs is a proposition, A proposition holds if it contains a proof.

Arrows in the Curry-Howard Isomorphims In this frame, assume A, B, and C are propositions, They are propositions, A function of type A B maps any proof of A to a proof of B, It represents a proof of A B. for some formulas, we can build function of that type directly, When you do this, you do give a proof! Example 1: fun x:a => x : A A

Arrows in the Curry-Howard Isomorphims In this frame, assume A, B, and C are propositions, They are propositions, A function of type A B maps any proof of A to a proof of B, It represents a proof of A B. for some formulas, we can build function of that type directly, When you do this, you do give a proof! Example 1: fun x:a => x : A A Example 2: fun (f: A B C) (x: B) (y:a) => f y x : (A B C) (B A C)

Various kinds of logics Can all usual tautologies be proved with pure functions?

Various kinds of logics Can all usual tautologies be proved with pure functions? No. Peirce s Formula: ((A B) A) A A B A B (A B) A ((A B) A) A T T T T T T F F T T F T F F T F F T F T

Various kinds of logics Can all usual tautologies be proved with pure functions? No. Peirce s Formula: ((A B) A) A A B A B (A B) A ((A B) A) A T T T T T T F F T T F T F F T F F T F T This cannot be proved by a pure function, To have full classical propositional logic, you have to add the excluded-middle axiom: P.P P People often don t: you can do a lot without axioms.

Back to universal quantification We will introduce families of types, We will introduce function that produce results in these families,

Indexed types Consider families of types B i (i A), where each member of a family is annoted with an index i, Assume the existence of a type of types: Type, Assume the existence of a type of indices A, The family of indexed type can be described by a function B whose type is A Type.

Dependent products Consider a family of types B : A Type, Consider a function that takes as input an element x of A and guarantees that it always return an element of type B(x), The type system is extended so that this function is well-typed, the notation for its type is forall x:a, B x, The name forall is intuitively acceptable: whenever we have an x in A, we know we have a value in B(x).

Why is it called a dependent product? A dependent product is a generalization of a cartesian product, A cartesian product has the form A 1 A 2, An cartesian product iterated n times is A 1... A n It can also be written Π i {1 n} A i, We see the use of a family A i, Given an element of Π i {1 n} A i, we are sure to have an element of A i for every i This is like the dependent product type of the previous frame.

Dependent products in formulas Represent formulas in the predicate calculus, Assume even : nat Prop, Assume divides : nat nat Prop Assume there exists a theorem: th1: x y, even x divides x y even y and a theorem: th2: x y, divides x (x * y)

Building functions with a dependent product type Any function whose output type depends on the input value. Simple example: in a context where x has type nat. => fun (h: even x) => h: even x even x Check fun (x:nat) => fun (h: even x) => h.

Building functions with a dependent product type Any function whose output type depends on the input value. Simple example: in a context where x has type nat. => fun (h: even x) => h: even x even x Check fun (x:nat) => fun (h: even x) => h. fun (x:nat) (h: even x) => h: x: nat, even x even x

Building functions with a dependent product type (2) More elaborate example: recall th1: x y, even x divides x y even y th2: x y, divides x (x * y) In a context where x:nat, th2 x x : divides x x Check fun x => th2 x x.

Building functions with a dependent product type (2) More elaborate example: recall th1: x y, even x divides x y even y th2: x y, divides x (x * y) In a context where x:nat, th2 x x : divides x x Check fun x => th2 x x. fun (x : nat) => th2 x x : x : nat, divides x (x * x)

Building functions with a dependent product type (2) More elaborate example: recall th1: x y, even x divides x y even y th2: x y, divides x (x * y) In a context where x:nat, th2 x x : divides x x Check fun x => th2 x x. fun (x : nat) => th2 x x : x : nat, divides x (x * x) Check fun x (h: even x) => th1 x x h (th2 x x).

Building functions with a dependent product type (2) More elaborate example: recall th1: x y, even x divides x y even y th2: x y, divides x (x * y) In a context where x:nat, th2 x x : divides x x Check fun x => th2 x x. fun (x : nat) => th2 x x : x : nat, divides x (x * x) Check fun x (h: even x) => th1 x x h (th2 x x). fun (x : nat) (h : even x) => th1 x x h (th2 x x) : x:nat, even x even (x * x)

Defining new constants Learn some more of the syntax of Coq: Definition name : type := value. Definition name := value. Definition name (x : type) := value. This is equivalent to Definition name := fun x : type => value.

Defining your own indexed type We have played with indexed types as if they existed, Can we produce some?

Defining your own indexed type We have played with indexed types as if they existed, Can we produce some? You can define a proposition by quantifying over all propositions: Definition even (x:nat) : Prop := P : nat Prop, ( y, P(2*y)) P x. This was used a lot in the early days of Coq, (replaced by inductive types), How do you define divides in the same style?

Defining your own indexed type We have played with indexed types as if they existed, Can we produce some? You can define a proposition by quantifying over all propositions: Definition even (x:nat) : Prop := P : nat Prop, ( y, P(2*y)) P x. This was used a lot in the early days of Coq, (replaced by inductive types), How do you define divides in the same style? Definition divides (x y:nat) : Prop := forall P : nat nat Prop, (forall z t:nat, P z (z*t)) P x y.

Logic and reasoning in Coq Conjunction, disjunction, equality, existential quantification, negation. Proof technology: Goals and tactics.

Conjunction A function and :Prop Prop Prop, A notation A /\ B and A B Two basic theorems to construct and consume conjunctions conj : A B:Prop, A B A /\ B and ind : A B P:Prop, (A B P) A /\ B P

Disjunction A function or :Prop Prop Prop, A notation A \/ B or A B Three basic theorems to construct and consume disjunctions or introl : A B:Prop, A A \/ B or intror : A B:Prop, B A \/ B or ind : A B P:Prop, (A P) (B P) A /\ B P

Equality A function eq : A:Type, A A Prop, A notation x = y eq x y Two basic theorems to construct and consume equalities refl equal : (A : Type) (x : A), x = x, eq ind : (A : Type) (x : A) (P : A Prop), P x x = y P y

Existential quantification A function ex : (A:Type), (A Prop) Prop, A notation exists x : A, P ex A (fun x : A => P), Two basic theorems to construct and consume existential quantifications ex intro : (A : Type) (P : A Prop) (x : A), P x ex P ex ind : (A : Type) (P : A Prop) (Q : Prop), ( x : A, P x Q) ex P Q

Contradiction and negation A value False : Prop A basic theorem to use contradiction False ind : P : Prop, False P A function not = fun A => False, A notation A not A

Example of proof: the hard way Definition th1 (x y : nat) (h : even x) (hd : divides x y) : even y := hd (fun z t => even z even t) (fun (z t : nat) (h : even z) (P : nat Prop) (hp : forall y : nat, P (2 * y )) => h (fun z : nat => P (z * t)) (fun z : nat => eq ind (2 * (z * t)) (fun n : nat => P n) (hp (z * t)) (2 * z * t) (mult assoc 2 z t))) h. Too hard to build by hand (I didn t). A lot of data is redundant and should be computed for us.

Goal directed proofs and tactics Propose a statement, Apply commands called tactics that build the proof term from the outside, with holes inside, Fill the holes progresssively, Mix with direct constructions of terms. In practice: each commands transforms a goal into a simpler goal, Goals contain two parts 1. An enumeration of all the bound variables that are available for use, 2. A description of the expected type for the current hole.

Example proof by tactics Lemma ex1 : P:Prop, P P. ============ P:Prop, P P Proof:?1 intros P H. P : Prop H : P ============ P:Prop, P P Proof: fun (P : Prop) (H : P) =>?1

Tactics /\ \/ hypothesis H apply H apply H case H case H elim H elim H destruct H destruct H goal intros H intros x split left right = hypothesis H case H rewrite H case H elim H rewrite H destruct H goal exists e reflexivity intros H exact H, assumption when the goal is available from the context, unfold name to unfold definitions, assert (H : formula) to propose an intermediate step.

Demonstration

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback