Introduction to Co-Induction in Coq

Similar documents
Infinite Objects and Proofs 1

CoInduction in Coq. Yves Bertot. Yves Bertot. CoInduction in Coq. DEA. EU s coordination action Types Goteborg, 2005.

Induction in Coq. Nate Foster Spring 2018

Programming with (co-)inductive types in Coq

Inductive data types

CIS 500: Software Foundations

A Coq tutorial for confirmed Proof system users

c constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms

Coq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=

Certified Programming with Dependent Types

Theorem Proving Principles, Techniques, Applications Recursion

CIS 500 Software Foundations. Midterm I. (Standard and advanced versions together) October 1, 2013 Answer key

Inductive prod (A B : Set) : Set := pair : A -> B -> prod A B. Inductive sum (A B : Set) : Set := inl : A -> sum A B inr : B -> sum A B.

Inductive and Coinductive Components of Corecursive Functions in Coq

CIS 500: Software Foundations

Types Summer School Gothenburg Sweden August Dogma oftype Theory. Everything has a type

Programming with Dependent Types Interactive programs and Coalgebras

Modular dependent induction in Coq, Mendler-style. Paolo Torrini

3 Pairs and Lists. 3.1 Formal vs. Informal Proofs

Inductive Definitions, continued

Coq Summer School, Session 2 : Basic programming with numbers and lists. Pierre Letouzey

Inductive data types (I)

Analysis of dependent types in Coq through the deletion of the largest node of a binary search tree

4 Programming with Types

CS 456 (Fall 2018) Scribe Notes: 2

MoreIntro_annotated.v. MoreIntro_annotated.v. Printed by Zach Tatlock. Oct 04, 16 21:55 Page 1/10

Coq. LASER 2011 Summerschool Elba Island, Italy. Christine Paulin-Mohring

Inductive datatypes in HOL. lessons learned in Formal-Logic Engineering

Calculus of Inductive Constructions

Programming with dependent types: passing fad or useful tool?

Introduction to dependent types in Coq

Coq in a Hurry. Yves Bertot

CS 4110 Programming Languages & Logics. Lecture 28 Recursive Types

MoreIntro.v. MoreIntro.v. Printed by Zach Tatlock. Oct 07, 16 18:11 Page 1/10. Oct 07, 16 18:11 Page 2/10. Monday October 10, 2016 lec02/moreintro.

Preuves Interactives et Applications

Heq: a Coq library for Heterogeneous Equality

Ideas over terms generalization in Coq

Mathematics for Computer Scientists 2 (G52MC2)

Universes. Universes for Data. Peter Morris. University of Nottingham. November 12, 2009

Expr_annotated.v. Expr_annotated.v. Printed by Zach Tatlock

Induction Schemes. Math Foundations of Computer Science

CIS 500: Software Foundations

Coq, a formal proof development environment combining logic and programming. Hugo Herbelin

Verification in Coq. Prof. Clarkson Fall Today s music: Check Yo Self by Ice Cube

Sometimes it s good to be lazy

A constructive denotational semantics for Kahn networks in Coq

Intrinsically Typed Reflection of a Gallina Subset Supporting Dependent Types for Non-structural Recursion of Coq

CSE-321 Programming Languages 2011 Final

Advanced Features: Type Classes and Relations

Introduction to Coq Proof Assistant

A Simple Supercompiler Formally Verified in Coq

LASER 2011 Summerschool Elba Island, Italy Basics of COQ

August 5-10, 2013, Tsinghua University, Beijing, China. Polymorphic types

10 Years of Partiality and General Recursion in Type Theory

Lesson 4 Typed Arithmetic Typed Lambda Calculus

3.4 Deduction and Evaluation: Tools Conditional-Equational Logic

Stream Fusion. Wouter Swierstra 30/11/2010

Logical Verification Course Notes. Femke van Raamsdonk Vrije Universiteit Amsterdam

HIGHER-ORDER ABSTRACT SYNTAX IN TYPE THEORY

Autosubst Manual. May 20, 2016

An Algebra of Dependent Data Types

Type-directed Syntax Transformations for ATS-style Programs with Proofs

Data types à la carte

Lost in translation. Leonardo de Moura Microsoft Research. how easy problems become hard due to bad encodings. Vampire Workshop 2015

First-Class Type Classes

CS 4110 Programming Languages & Logics. Lecture 27 Recursive Types

Proving Properties on Programs From the Coq Tutorial at ITP 2015

Introduction to the Coq proof assistant First part

ISR 2014 Strategies. Hélène KIRCHNER Inria. August Topics, Objectives, Contents. Hélène KIRCHNER Inria ISR 2014 Strategies 1 / 48

Numerical Computations and Formal Methods

Lecture 14: Recursive Types

Embedding logics in Dedukti

Lambda Calculus. Type Systems, Lectures 3. Jevgeni Kabanov Tartu,

The University of Nottingham

Denotational Semantics. Domain Theory

Theory Exploration on Infinite Structures. Master s thesis in Computer Science Algorithms, Languages, and Logic SÓLRÚN HALLA EINARSDÓTTIR

Representing Cyclic Structures as Nested Datatypes. Makoto Hamana

Coq in a Hurry. Yves Bertot. October 2008

MPRI course 2-4 Functional programming languages Exercises

Lecture 4: Higher Order Functions

Introduction to lambda calculus Part 3

Coinduction, Corecursion, Copatterns

An experiment with variable binding, denotational semantics, and logical relations in Coq. Adam Chlipala University of California, Berkeley

Mathematics for Computer Scientists 2 (G52MC2)

Now that we have keys defined for the maps, we can start talking about maps. The first of these are Total Maps. Total Maps are defined as follows:

Finite Set Theory. based on Fully Ordered Lists. Jared Davis UT Austin. ACL2 Workshop 2004

CSCI-GA Scripting Languages

Synthesis of distributed mobile programs using monadic types in Coq

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL

Negations in Refinement Type Systems

Static and User-Extensible Proof Checking. Antonis Stampoulis Zhong Shao Yale University POPL 2012

CS 312. Lecture April Lazy Evaluation, Thunks, and Streams. Evaluation

Introduction to Functional Programming in Haskell 1 / 56

n n Try tutorial on front page to get started! n spring13/ n Stack Overflow!

Design Principles of Programming Languages. Recursive Types. Zhenjiang Hu, Haiyan Zhao, Yingfei Xiong Peking University, Spring Term

Pretty-Big-Step Semantics

Recursive Types. Chapter 7

A CONSTRUCTIVE SEMANTICS FOR REWRITING LOGIC MICHAEL N. KAPLAN

Functional Programming with Isabelle/HOL

Transcription:

August 2005

Motivation Reason about infinite data-structures, Reason about lazy computation strategies, Reason about infinite processes, abstracting away from dates. Finite state automata, Temporal logic, Computation on streams of data.

Inductive types as least fixpoint types Inductive types are fixpoints of abstract functions, If {c i } i {1,...,j} are the constructors of I and c i a 1 a k is well-typed then c i a 1 a k I Fixpoint property also gives pattern-matching: if c i : T i,1 T i,k I and f i : T i,1 T i,k B, then there exists a single function φ : I B such that φ(c i a 1... a k ) = f i a 1 a k. Initiality: if fi are functions with type f i : T i,1 [A/I ] T i,k [A/I ] A, then there exists a single function φ : I A such that φ(c 1 a 1 a k ) = f i a 1 a k, where a m = φ(a m ) if T m = I and a m = a m otherwise. Initiality gives structural recursion.

CoInductive types Consider a type C with the first two fixpoint properties, Images of constructors are in C (the co-inductive type), Functions on C can be defined by pattern-matching, Take a closer look at pattern-matching: With pattern matching you can define a function σ : C (T 11 T 1k1 ) + (T 21 T 2k2 ) + so that σ(t) = (a 1,... a ki ) (T i1 T iki ) when t = c i a 1 a k Replace initiality with co-initiality, i.e., If f : A (T 11 T 1k1 )[A/C]+(T 21 T 2k2 )[A/C]+, then there exists a single φ : A C such that φ(a) = c i a 1 a k i when f (a) = (T i1 T iki )[A/C] and a j = φ(a j) if T ij = C and a j = a j otherwise.

Practical reading of theory For both kinds of types, constructors and pattern-matching can be used in a similar way, For inductive types, Recursion is only used to consume elements of the type, Arguments of recursive calls can only be sub-components of constructors, For co-inductive types, Co-recursion is only used to produce elements of the type, Co-recursive calls can only produce sub-components of constructors.

Theory on an example Consider the two definitions: Inductive list (A:Set) : Set := nil : list A cons : A -> list A -> list A. CoInductive Llist (A:Set) : Set := Lnil : Llist A Lcons : A -> Llist A -> Llist A. Implicit Arguments Lcons. given values and functions v:b and f:a->b->b, we can define a function phi : list A -> B by the following Fixpoint phi (l:list A) : B := match l with nil => v const a t => f a (phi t) end.

Theory on an example (continued) The natural result type of pattern-matching on inductive lists is: unit+(a*list A) Definition sigma1(a:set)(l:list A):unit+(A*list A):= match l with nil => inl (B:=A*list A) tt cons a tl => inr (A:=unit) (a,tl) end. The natural result type of pattern matching on co-inductive lists (type Llist) is similar: unit+(a*llist A) We can define a co-recursive function phi : B -> Llist A if we are able to inhabit the type B -> unit+(a*b).

Categorical terminology In the category Set, collections of constructors define a functor F, for a given object A, F (A) corresponds to the natural result type for pattern-matching as described in the previous slide, An F -algebra is an object with a morphism F (A) A, F -algebras form a category, and the inductive type is an initial object in this category, An F -coalgebra is an object with a morphism A F (A), F -coalgebras form a category, and the coinductive type is a final object in this category.

Co-Inductive types in Coq Syntactic form of definitions is similar to inductive types (given a few frames before), pattern-matching with the same syntax as for inductive types. Elements of the co-inductive type can be obtained by: Using the constructors, Using the pattern-matching construct, Using co-recursion.

Constructing co-inductive elements Definition ll123 := Lcons 1 (Lcons 2 (Lcons 3 (Lnil nat))). Fixpoint list to llist (A:Set) (l:list A) {struct l} : Llist A := match l with nil => Lnil A a::tl => Lcons a (list to llist A tl) end. Definition ll123 := list to llist nat (1::2::3::nil). list to llist uses plain structural recursion on lists and plain calls to constructors.

Infinite elements list to llist shows that list A is isomorphic to a subset of Llist A Lists in list A are finite, recursive traversal on them terminates, There are infinite elements: CoFixpoint lones : Llist nat := Lcons 1 lones. lones is the value of the co-recursive function defined by the finality statement for the following f: Definition f : unit -> unit+(nat*unit) := fun => inr unit (1,tt).

Infinite elements (continued) Here is a definition of what is called the finality statement in this lecture: CoFixpoint Llist finality (A:Set)(B:Set)(f:B->unit+(A*B)):B->Llist A:= fun b:b => match f b with inl tt => Lnil A inr (a,b2) => Lcons a (Llist finality A B f b2) end. The finality statement is never used in Coq. Instead syntactic check on recursive definitions (guarded-by-constructors criterion).

Streams CoInductive stream (A:Set) : Set := Cons : A -> stream A -> stream A. Implicit Arguments Cons. an example of type where no element could be built without co-recursion. CoFixpoint nums (n:nat) : stream nat := Cons n (nums (n+1)).

Computing with co-recursive values Unleashed unfolding of co-recursive definitions would lead to infinite reduction, A redex appears only when patern-matching is applied on a co-recursive value. Unfolding is performed (only) as needed.

Proving properties of co-recursive values Definition Llist decompose (A:Set)(l:Llist A) : Llist A := match l with Lnil => Lnil A Lcons a tl => Lcons a tl end. Implicit Arguments Llist decompose. Proofs by pattern-matching as in inductive types. Theorem Llist dec thm : forall (A:Set)(l:Llist A), l = Llist decompose l. Proof. intros A l; case l; simpl; trivial. Qed.

Unfolding techniques The theorem Llist dec thm is not just an example, A tool to force co-recursive functions to unfold. Create a redex that maybe reduced by unfolding recursion. Theorem lones dec : Lcons 1 lones = lones. simpl. ============================ Lcons 1 lones = lones pattern lones at 2; rewrite (Llist dec thm nat lones); simpl. ============================ Lcons 1 lones = Lcons 1 lones

Proving equality Usual equality is an inductive concept with no recursion, Co-recursion can only provide new values in co-recursive types, Need a co-recursive notion of equality. Express that two terms are equal when then cannot be distinguished by any amount of pattern-matching, specific notion of equality for each co-inductive type.

Co-inductive equality CoInductive bisimilar (A:Set) : Llist A -> Llist A -> Prop := bisim0 : bisimilar A (Lnil A)(Lnil A) bisim1 : forall x t1 t2, bisimilar A t1 t2 -> bisimilar A (Lcons x t1) (Lcons x t2).

Proofs by Co-induction Use a tactic cofix to introduce a co-recursive value, Adds a new hypothesis in the context with the same type as the goal, The new hypothesis can only be used to fill a constructor s sub-component, Non-typed criterion, the correctness is checked using a Guarded command.

Example material CoFixpoint lmap (A B:Set)(f:A -> B)(l:Llist A) : Llist B := match l with Lnil => Lnil B Lcons a tl => Lcons (f a) (lmap A B f tl) end.

Example proof by co-induction Theorem lmap bi : forall (A:Set)(l:Llist A), bisimilar A (lmap A A (fun x => x) l) l. cofix. 1 subgoal lmap bi : forall (A : Set) (l : Llist A), bisimilar A (lmap A A (fun x : A => x) l) l ============================ forall (A : Set) (l : Llist A), bisimilar A (lmap A A (fun x : A => x) l) l

Example proof by co-induction (continued) intros A l; rewrite (Llist dec thm (lmap A A (fun x=>x) l)); simpl.... ============================ bisimilar A match match l with Lcons a tl => Lcons a (lmap A A (fun x : A => x) tl) Lnil => Lnil A end with Lcons a tl => Lcons a tl Lnil => Lnil A end l

Example proof by co-induction (continued) case l.... ============================ forall (a : A) (l0 : Llist A), bisimilar A (Lcons a (lmap A A (fun x : A => x) l0)) (Lcons a l0) subgoal 2 is: bisimilar A (Lnil A) (Lnil A)

Example proof by co-induction (continued) intros a k; apply bisim1.... lmap bi : forall (A : Set) (l : Llist A), bisimilar A (lmap A A (fun x : A => x) l) l... ============================ bisimilar A (lmap A A (fun x : A => x) k) k A constructor was used, the recursive hypothesis can be used. apply lmap bi. apply bisim0. Qed.

Minimal real arithmetics Represent the real numbers in [0,1] as infinite sequences of bits, add a third bit to make computation practical.

Redundant floating-point representations In usual represenation 1/2 is both 0.01111... and 0.1000..., Every number p/2 n where p and n are integers has two representations, Other numbers have only one, A number whose prefix is 0.1010... (but finite) is a number that can be bigger or smaller than 1/3, When computing 1/3 + 1/6 we can never decide what should be the first bit of the result. Problem solved by adding a third bit : Now L, C, or R.

Explaining redundancy A number of the form L... is in [0,1/2], (like a number of the form 0.0...), A number of the form R... is in [1/2,1], (like a number of the form 0.1...), A number of the form C... is in [1/4,3/4]. Taking an infinite stream of bits and adding a L in front divides by 2, Adding a R divides by 2 and adds 1/2, Adding a C divides by 2 and adds 1/4.

Coq encoding Inductive idigit : Set := L C R. CoInductive represents : stream idigit -> Rdefinitions.R -> Prop := reprl : forall s r, represents s r -> (0 <= r <= 1)%R -> represents (Cons L s) (r/2) reprr : forall s r, represents s r -> (0 <= r <= 1)%R -> represents (Cons R s) ((r+1)/2) reprc : forall s r, represents s r -> (0 <= r <= 1)%R -> represents (Cons C s) ((2*r+1)/4).

Encoding rational numbers CoFixpoint rat to stream (a b:z) : stream idigit := if Z le gt dec (2*a) b then Cons L (rat to stream (2*a) b) else Cons R (rat to stream (2*a-b) b).

Affine combination of redundant digit streams compute the representation of a a x + b b y + c c, where x and y are real numbers in [0,1] given by redundant digit streams, and a c are positive integers (non-zero when relevant). if 2c > c then the result has the form Rz where z is. 2a a x + 2b 2c c y + b c

Computation of other digits Similar sufficient condition to decide on Cz and Lz, for suitable values of z: if a a + b b a a + b b + c c 1 2 produce L c c 1 4 and a a + b b + c 3/4 produce C c is small enough, you can produce a digit, But sometimes necessary to observe x and y.

Consuming input if x and y are Lx and Ly, then is also a a x + b b y + c c a 2a x + b 2b y + c c Condition for outputting a digit may still not be ensured, but a 2a + b 2b = 1 2 ( a a + b b ) Similar for other possible forms of x and y.

Coq encoding Use a well-founded recursive function to consume from x and y until the condition is ensured to produce a digit, Produce a digit and perform a co-recursive call, This style of decomposition between well-founded part and co-recursive is quite powerful (not documented in Coq Art, though).

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback