Abstract Interpretation Using Laziness: Proving Conway s Lost Cosmological Theorem

Similar documents
THE AUDIOACTIVE PACKAGE

Lecture 6: Sequential Sorting

The List Datatype. CSc 372. Comparative Programming Languages. 6 : Haskell Lists. Department of Computer Science University of Arizona

GADTs. Wouter Swierstra and Alejandro Serrano. Advanced functional programming - Lecture 7. [Faculty of Science Information and Computing Sciences]

Reasoning about programs. Chapter 9 of Thompson

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Sections p.

GADTs. Alejandro Serrano. AFP Summer School. [Faculty of Science Information and Computing Sciences]

GADTs. Wouter Swierstra. Advanced functional programming - Lecture 7. Faculty of Science Information and Computing Sciences

Programming Languages Third Edition

Intro. Scheme Basics. scm> 5 5. scm>

Introduction II. Sets. Terminology III. Definition. Definition. Definition. Example

A Small Interpreted Language

CS103 Spring 2018 Mathematical Vocabulary

1 Introduction. 3 Syntax

Chapter 3. Set Theory. 3.1 What is a Set?

Proving liveness. Alexey Gotsman IMDEA Software Institute

Theorem Proving Principles, Techniques, Applications Recursion

Shared Variables and Interference

Testing. Wouter Swierstra and Alejandro Serrano. Advanced functional programming - Lecture 2. [Faculty of Science Information and Computing Sciences]

Shell CSCE 314 TAMU. Haskell Functions

Functional Programming

Global Optimization. Lecture Outline. Global flow analysis. Global constant propagation. Liveness analysis. Local Optimization. Global Optimization

COP4020 Programming Languages. Functional Programming Prof. Robert van Engelen

Haskell Introduction Lists Other Structures Data Structures. Haskell Introduction. Mark Snyder

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011

Streams, Delayed Evaluation and a Normal Order Interpreter. CS 550 Programming Languages Jeremy Johnson

From the λ-calculus to Functional Programming Drew McDermott Posted

Semantics of programming languages

introduction to Programming in C Department of Computer Science and Engineering Lecture No. #40 Recursion Linear Recursion

1 Non greedy algorithms (which we should have covered

[Ch 6] Set Theory. 1. Basic Concepts and Definitions. 400 lecture note #4. 1) Basics

Reasoning About Imperative Programs. COS 441 Slides 10

Shared Variables and Interference

Logic - CM0845 Introduction to Haskell

Symbolic Programming. Dr. Zoran Duric () Symbolic Programming 1/ 89 August 28, / 89

3.7 Denotational Semantics

Programming Languages 3. Definition and Proof by Induction

(How Not To Do) Global Optimizations

Discrete Mathematics Lecture 4. Harper Langston New York University

CIS 194: Homework 6. Due Monday, February 25. Fibonacci numbers

4.2 Variations on a Scheme -- Lazy Evaluation

Programming with Math and Logic

Lecture 3: Recursion; Structural Induction

CSCE 314 TAMU Fall CSCE 314: Programming Languages Dr. Flemming Andersen. Haskell Functions

Introduction to Denotational Semantics. Brutus Is An Honorable Man. Class Likes/Dislikes Survey. Dueling Semantics

Note that in this definition, n + m denotes the syntactic expression with three symbols n, +, and m, not to the number that is the sum of n and m.

Lecture 1 Contracts. 1 A Mysterious Program : Principles of Imperative Computation (Spring 2018) Frank Pfenning

CONVENTIONAL EXECUTABLE SEMANTICS. Grigore Rosu CS522 Programming Language Semantics

Recursively Enumerable Languages, Turing Machines, and Decidability

Cardinality of Sets MAT231. Fall Transition to Higher Mathematics. MAT231 (Transition to Higher Math) Cardinality of Sets Fall / 15

Computation Club: Gödel s theorem

Open and Closed Sets

Hoare Logic. COMP2600 Formal Methods for Software Engineering. Rajeev Goré

Lecture 2 Finite Automata

(Provisional) Lecture 08: List recursion and recursive diagrams 10:00 AM, Sep 22, 2017

Declaring Numbers. Bernd Braßel, Frank Huch and Sebastian Fischer. Department of Computer Science, University of Kiel, Germany

Logic: The Big Picture. Axiomatizing Arithmetic. Tautologies and Valid Arguments. Graphs and Trees

Polymorphic lambda calculus Princ. of Progr. Languages (and Extended ) The University of Birmingham. c Uday Reddy

6.001 Notes: Section 1.1

Fundamental Concepts. Chapter 1

CSCC24 Functional Programming Scheme Part 2

Programming Languages Fall 2013

CS 531: Notes II. January 31, 2014

Functional Programming. Overview. Topics. Definition n-th Fibonacci Number. Graph

This is not the chapter you re looking for [handwave]

Functional Programming. Big Picture. Design of Programming Languages

Lecture 1 Contracts : Principles of Imperative Computation (Fall 2018) Frank Pfenning

CSC Discrete Math I, Spring Sets

CS 457/557: Functional Languages

6.001 Notes: Section 15.1

SFU CMPT Lecture: Week 8

Lesson 17. Geometry and Algebra of Corner Points

Introduction to Functional Programming in Haskell 1 / 56

Exercise 1: Graph coloring (10 points)

Tail Calls. CMSC 330: Organization of Programming Languages. Tail Recursion. Tail Recursion (cont d) Names and Binding. Tail Recursion (cont d)

System Correctness. EEC 421/521: Software Engineering. System Correctness. The Problem at Hand. A system is correct when it meets its requirements

Review of Sets. Review. Philippe B. Laval. Current Semester. Kennesaw State University. Philippe B. Laval (KSU) Sets Current Semester 1 / 16

Handout 9: Imperative Programs and State

SETS. Sets are of two sorts: finite infinite A system of sets is a set, whose elements are again sets.

Recitation 4: Elimination algorithm, reconstituted graph, triangulation

Type Systems COMP 311 Rice University Houston, Texas

Last time. Reasoning about programs. Coming up. Project Final Presentations. This Thursday, Nov 30: 4 th in-class exercise

Reasoning about programs

Semantics via Syntax. f (4) = if define f (x) =2 x + 55.

CHAPTER 8. Copyright Cengage Learning. All rights reserved.

CONVENTIONAL EXECUTABLE SEMANTICS. Grigore Rosu CS422 Programming Language Semantics

CS 320 Midterm Exam. Fall 2018

DOWNLOAD PDF LINKED LIST PROGRAMS IN DATA STRUCTURE

CS1102: Macros and Recursion

CSCI 3155: Principles of Programming Languages Exam preparation #1 2007

Term Algebras with Length Function and Bounded Quantifier Elimination

To illustrate what is intended the following are three write ups by students. Diagonalization

6.001 Notes: Section 31.1

CS103 Handout 29 Winter 2018 February 9, 2018 Inductive Proofwriting Checklist

CS 320: Concepts of Programming Languages

6.001 Notes: Section 4.1

Data Structures and Algorithm Analysis (CSC317) Hash tables (part2)

CS558 Programming Languages

Streams. CS21b: Structure and Interpretation of Computer Programs Spring Term, 2004

LECTURE 16. Functional Programming

Transcription:

Abstract Interpretation Using Laziness: Proving Conway s Lost Cosmological Theorem Kevin Watkins CMU CSD POP Seminar December 8, 2006 In partial fulfillment of the speaking skills requirement

? 2111 1231 11121311 3112111321 13211231131211 1113122112132113111221 3113112221121113122113312211 13211321322112311311222123112221 2

Look and say Read string out loud 2111 one two, three ones 1231 1231 one one, one two, one three, one one 11121311... etc. Invented by John Conway paper: The Weird and Wonderful Chemistry of Audioactive Decay, 1987 also invented Life and surreal numbers So what happens? asymptotics of string length random looking? patterns in strings? answered by the Cosmological Theorem... 3

Cosmological Theorem Characterizes how strings evolve split strings into elements elements decay into other elements classify all elements surviving in arbitrarily late strings Proofs: J. H. Conway and friends, 1987 (by hand, lost) D. Zeilberger, 1997 (Maple) Litherland, 2003 (C) Watkins, 2006 (Haskell) All proofs by exhaustion of cases 4

What is a proof? Are these proofs? hand proof: case left out? too much paper? computer proof: buggy code? cosmic ray? My strategy semantics of Haskell is my deductive system proof correct by construction! most code needn t be checked! key technique: Haskell lazy data as abstract interpretation Vs deductive engine (e.g. Coq, HOL Light) their pros: correctness entirely formally verified my pros: much less effort; easy to experiment in Haskell interpreter 5

Other proofs with similar structure In general, must: enumerate cases verify a property for each case Examples: Four color theorem (Appel et al., 1976) Kepler s conjecture (Hales, 1998) My method: oracle strategy simplifies showing sufficiency of enumeration abstract interpretation via laziness simplifies verifying property of each case This talk will illustrate both aspects 6

My contributions New proof presentation strategy i.e. oracle strategy and abstract interpretation via laziness from previous slide may apply to similar proofs in other domains Verify Conway s result Simple code: presented and justified in its entirety in my technical report Code written in a language with a simple semantics Simplify prior proofs of Conway s result via my marked sequences (see technical report) 7

Talk outline Introduction Overview of Cosmological Theorem About Haskell and laziness Applying my method Conclusions 8

Cosmological Theorem Recall: Characterizes how strings evolve split strings into elements elements decay into other elements classify all elements surviving in arbitrarily late strings 9

Split strings into elements Split string into parts that evolve independently Formally: let xs n be nth string in evolution xs splits into ys. zs if and only if: xs n = ys n ++ zs n for all n 0 (++) means append strings Element: string that doesn t split into smaller ones Theorem (Conway, easy): every string splits into finitely many elements in unique way Decision procedure for splitting? I ll tell you in a few minutes... 10

Split strings into elements Split up strings into parts that evolve independently 2111 1231 11121311 3112111321 13211231131211 1113122112132113111221 3113112221121113122113312211 13211321322112311311222123112221... etc. 11

Split strings into elements Split up strings into parts that evolve independently 2. 111 12. 31 1112. 1311 3112. 111321 132112. 31131211 1113122112. 132113111221 311311222112. 1113122113312211 13211321322112. 311311222123112221... etc. 12

Split strings into elements Example: 2111 splits into 2. 111 which are elements first step: 2111 1231, and 2. 111 12. 31. OK! I claim happens for nth step, all n 0 (proof later!) Counterexample: 111 does not split into 1. 11: 111 31, but 1. 11 11. 21. BAD! Analogy: factoring integer into primes? Note substring of element can be element e.g. 111 is element, and also 1 so splitting into elements is context dependent 13

Cosmological Theorem Recall: Characterizes how strings evolve split strings into elements elements decay into other elements classify all elements surviving in arbitrarily late strings 14

Audioactive decay Start with string split into elements do look and say split result into elements do look and say... repeat ad infinitum 15

Audioactive decay 2. 111 12. 31 1112. 1311 3112. 111321 132112. 31131211 1113122112. 132113111221 311311222112. 1113122113312211 1321132 : 1322112. 311311222 : 12 : 3112221... etc. 16

Cosmological Theorem Recall: Characterizes how strings evolve split strings into elements elements decay into other elements classify all elements surviving in arbitrarily late strings Two special sets of elements: 92 common elements 2 infinite families of transuranic elements Cosmological Theorem (Conway, proof lost): every string eventually decays into a compound of common and transuranic elements 17

Common elements 92 special elements Conway assigned them symbols H-U from chemistry involve only integers 1, 2, 3 Ubiquity Theorem (Conway): every common element eventually shows up in the decay of any interesting string (proved in technical report, not needed for Cosmological Theorem) Two special cases empty string, 22 just repeat themselves call these boring, any other string interesting 18

Common elements example 2. 111 12. 31 1112. 1311 3112. 111321 132112. 31131211 1113122112. 132113111221 311311222112. 1113122113312211 1321132 : 1322112. 311311222 : 12 : 3112221 holmium-silicon-erbium-calcium-antinide! 19

Common elements example 2. 111 Ca. 31 K. 1311 Ar. 111321 Cl. 31131211 S. 132113111221 P. 1113122113312211 Ho : Si. Er : Ca : Sb holmium-silicon-erbium-calcium-antinide! 20

Transuranic elements What about integers other than 1 2 3? extra transuranic elements n Pu = 31221132221222112112322211n n Np = 1311222113321132211221121332211n Cosmological Theorem (Conway, proof lost): Every string eventually decays into a compound of common and transuranic elements 21

Using the Cosmological Theorem How long do strings get? make transition matrix on 92 common elements find principal eigenvalue λ = 1.3035772690... Theorem (linear algebra, not hard): length of any interesting string tends to cλ n on nth step, as n Can also compute asymptotic relative abundance of elements abundances of transuranic elements tend to 0 22

My proof First step proving Cosmological Theorem: decision procedure for splitting strings into elements This talk: develop correct decision procedure: use oracle strategy to enumerate cases use abstract interpretation to prove each case correct See paper for the rest, leading ultimately to the proof of the Cosmological Theorem two more distinct uses of oracles and abstract interpretation 23

Splitting into elements 2111 splits into 2 and 111 But 111 doesn t split into, say, 1 and 11. Why? Split point is in the middle of a run of 1s Run 111 coded as 31 in original string Pieces 1 and 11 coded as 11 and 21 in split parts 31 1121 Compare 2 and 111... 24

Splitting into elements Compare 2 and 111... 2. 111 12. 31 1112. 1311 3112. 111321 132112. 31131211 1113122112. 132113111221... etc. Split point never lands in the middle of a run 25

Splitting into elements... Split point never lands in the middle of a run Otherwise said: last number of left part first number of right part, forever Theorem (Conway, easy): necessary and sufficient for splitting note last number of left part never changes Plan: see what happens to first number of arbitrary string 26

Talk outline Introduction Overview of Cosmological Theorem About Haskell and laziness Applying my method Conclusions 27

Lists in Haskell List is either: Empty list, written [], read nil Non-empty list, written (x:xs), read x cons xs First element x (head) List of remaining elements xs (tail) Other syntax Cons associates to right: (1:2:3:[]) = (1:(2:(3:[]))) Bracket abbreviation: [1,2,3] = (1:(2:(3:[]))) 28

Haskell programming Defining functions write equations characterizing function when function is called: match pattern on left side of equation result is right hand side of equation Example: length of list length [] = 0 length (x:xs) = length xs + 1 This talk: patterns always mutually exclusive e.g. [] and (x:xs) never both match an input 29

Haskell reasoning Reasoning with functions by substitution can always replace (instance of) left hand side with right hand side, or vice versa no state, memory, etc. to screw things up relies on convention about mutually exclusive patterns Example: length (1:2:xs) = length (2:xs) + 1 = (length xs + 1) + 1 = length xs + 2 Derive properties by doing algebra 30

Haskell reasoning??? But can t you write inconsistent equations? e.g. f [] = 1 + f [] Solution: every Haskell type has special undefined element, read bottom have: f [] = therefore: = 1 + When running program, means infinite loop 31

Laziness: suspending computations What if: g [] = 1:(g []) Cons (:) and plus (+) work differently: 1+f [] evals 1 and (f []) then adds 1:(g []) created without eval ing 1 and (g []) More generally: (:) makes data structure, puts suspended computations in slots of structure 32

Classifying Haskell lists What happens when you look for [] at end of list? finite: terminate infinite: get more and more conses forever partial: get after seeing finitely many conses Examples: finite, e.g. (1:(2:(3:[]))) = [1,2,3] infinite, e.g. g [] where g [] = 1 : g [] partial, e.g. (1:(2:(3: ))) Mutually exclusive and exhaustive any nonterminating expression = 33

Refinements of data Every Haskell type has a refinement order: read x y as y at least as defined as x Pictorially... 34

Integer and boolean refinements All elements but incomparable True False 1 2 3... 35

List refinements [] and (:) incomparable; (:) monotone in both args This talk: restrict lists to 1 2 3; all members defined for lists we consider......... 1:[] 1:1: 1:2: 1:3:...... [] 1: 2: 3: 36

Talk outline Introduction Overview of Cosmological Theorem About Haskell and laziness Applying my method Conclusions 37

Using monotonicity Fact: every definable Haskell function is monotone xs ys implies f xs f ys (in refinement order) i.e., as arg gets more defined, result gets more defined Suppose: Given f such that f (1: ) = True Then: f (1:xs) = True for any xs, by monotonicity of f Don t need to see code for f! 38

Abstractly interpreting look and say Define Haskell function say that does look and say e.g. say [2,1,1,1] = [1,2,3,1] Want say to be as lazy as possible e.g. say (2:1:1:1:3: ) = (1:2:3:1: ) e.g. say (2:1: ) = (1:2: ) e.g. say (2: ) = definition from my paper is indeed as lazy as possible 39

Covering all lists Simulate f on all lists using abstract interpretation pick (somehow) set C of partial (or finite) lists C must cover every list: xs ys C such that ys xs eval f on every list in C Will explain how to pick C in a moment Pictorially... 40

Covering all lists A fringe in the tree of refinements......... 1:[] 1:1: 1:2: 1:3:...... [] 1: 2: 3: 41

Covering all lists A more refined cover......... 1:[] 1:1: 1:2: 1:3:...... [] 1: 2: 3: 42

Applying the method Recall: Splitting 2111... 2. 111 12. 31 1112. 1311 3112. 111321 132112. 31131211 1113122112. 132113111221... etc. 2 always appears on left; want to show evolution of 111 always starts with 1 or 3 43

Finding the limit cycles Pick covering set C (will say how later) Execute the following Haskell code: nub (map (take 20 say 30 ) C) nub removes duplicates from list Constants 20, 30 chosen by trial and error We get... 44

Finding the limit cycles? nub (map (take 20 say 30 ) C) [], [31131122211311123113], [13211321322113311213], [13111213122112132113], [31232112311321322112], [11131221131211132221], [22], [22132113213221133112], [22131112131221121321], [22311311222113111231], [22312321123113213221], [11133112111311222112], [22111312211312111322], [22111331121113112221] 45

Finding the limit cycles? nub (map (take 20 say 30 ) C) [], [31131122211311123113], [13211321322113311213], [13111213122112132113], [31232112311321322112], [11131221131211132221], [22], [22132113213221133112], [22131112131221121321], [22311311222113111231], [22312321123113213221], [11133112111311222112], [22111312211312111322], [22111331121113112221] 46

Finding the limit cycles? nub (map (take 20 say 30 ) C) [rearranged] [], [11131221131211132221], [31131122211311123113], [13211321322113311213], [11133112111311222112], [31232112311321322112], [13111213122112132113], [22], [22111312211312111322], [22311311222113111231], [22132113213221133112], [22111331121113112221], [22312321123113213221], [22131112131221121321] 47

Finding the limit cycles? nub (map (take 20 say 30 ) C) [rearranged] [], [11131221131211132221], [31131122211311123113], [13211321322113311213], [11133112111311222112], [31232112311321322112], [13111213122112132113], [22], [22111312211312111322], [22311311222113111231], [22132113213221133112], [22111331121113112221], [22312321123113213221], [22131112131221121321] By 30 th step we ve reached a limit cycle! 48

Finding the limit cycles? nub (map (take 20 say 30 )) C [rearranged] [], [11131221131211132221], [31131122211311123113], [13211321322113311213], [11133112111311222112], [31232112311321322112], [13111213122112132113], [22], [22111312211312111322], [22311311222113111231], [22132113213221133112], [22111331121113112221], [22312321123113213221], [22131112131221121321] By 30 th step we ve reached a limit cycle! By 32 nd step we ve seen every starting number! 49

Decision procedure for splitting By 30 th step we ve reached a limit cycle! By 32 nd step we ve seen every starting number! Define algorithm for starting numbers: starts xs = [ head (say n xs) n [0..32] ] Define decision procedure for splitting: splits xs ys = null xs null ys (last xs starts ys) Needed to pick C. How? 50

Picking a covering set Use oracle predicate p to decide how far to refine Call (cover p): cover p = if p [] then [ ] else [] : [ 1:xs xs cover (λys. p (1:ys)) ] ++ [ 2:xs xs cover (λys. p (2:ys)) ] ++ [ 3:xs xs cover (λys. p (3:ys)) ] Example: cover ((== 2) length) = { [], [1], 1:1:, 1:2:, 1:3:, [2],... } Claim: if (cover p) terminates, result is covering set Don t have to look at p! 51

Putting it together Determine appropriate oracle by experiment: p = (( 12) length say) Generate covering set using oracle: C = cover p Find limit cycles using covering set:? nub (map (take 20 say 30 ) C) [[], [31131122211311123113],... Conclude that decision procedure is correct: starts xs = [ head (say n xs) n [0..32] ] splits xs ys = null xs null ys (last xs starts ys) 52

About the code Two more applications of the method proving that a lazier version of splits is correct finding all decay products of arbitrary strings using splits Literate Haskell program 1311 lines (181 code + 1130 latex) 98 LOC verified; 83 LOC in oracles, needn t be verified Compare: Zeilberger (Maple): 2234 LOC (incl. self-documentation) Litherland (C): 1650 LOC (less than half comments) 53

Talk outline Introduction Overview of Cosmological Theorem About Haskell and laziness Applying my method Conclusions 54

Proofs my method targets In general, must: enumerate cases verify a property for each case Examples: Four color theorem (Appel et al., 1976) Kepler s conjecture (Hales, 1998) My method: oracle strategy simplifies showing sufficiency of enumeration abstract interpretation via laziness simplifies verifying property of each case 55

My contributions New proof presentation strategy i.e. oracle strategy and abstract interpretation via laziness from previous slide may apply to similar proofs in other domains Verify Conway s result Simple code: presented and justified in its entirety in my technical report Code written in a language with a simple semantics Simplify prior proofs of Conway s result via my marked sequences (see technical report) 56

Questions? 57

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback