![Page 1: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/1.jpg)
Recursive Functions on Lazy Listsvia Domains and Topologies
Andreas Lochbihler
Institute of Information Security
ETH Zurich, Switzerland
Johannes Holzl
Institut fur Informatik
TU Munchen, Germany
ITP 2014
![Page 2: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/2.jpg)
Running example: filtering lazy lists
Task: Given a codatatype
α llist = [ ] | α · α llistfinite and
infinite lists
define a recursive function
lfilter P [ ] = [ ]
lfilter P (x · xs) = (if P x then x · lfilter P xs else lfilter P xs)
and prove properties.
lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xs
Usual definition principles• well-founded recursion
• guarded/primitive corecursion
guarded unguarded
lfilter is underspecified:
lfilter (≤ 0) (1 · [1, 1, 1, . . .]) = lfilter (≤ 0) [1, 1, 1, . . .]
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11
![Page 3: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/3.jpg)
Running example: filtering lazy lists
Task: Given a codatatype α llist = [ ] | α · α llist
finite andinfinite lists
define a recursive function
lfilter P [ ] = [ ]
lfilter P (x · xs) = (if P x then x · lfilter P xs else lfilter P xs)
and prove properties.
lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xs
Usual definition principles• well-founded recursion
• guarded/primitive corecursion
guarded unguarded
lfilter is underspecified:
lfilter (≤ 0) (1 · [1, 1, 1, . . .]) = lfilter (≤ 0) [1, 1, 1, . . .]
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11
![Page 4: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/4.jpg)
Running example: filtering lazy lists
Task: Given a codatatype α llist = [ ] | α · α llistfinite and
infinite lists
define a recursive function
lfilter P [ ] = [ ]
lfilter P (x · xs) = (if P x then x · lfilter P xs else lfilter P xs)
and prove properties.
lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xs
Usual definition principles• well-founded recursion
• guarded/primitive corecursion
guarded unguarded
lfilter is underspecified:
lfilter (≤ 0) (1 · [1, 1, 1, . . .]) = lfilter (≤ 0) [1, 1, 1, . . .]
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11
![Page 5: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/5.jpg)
Running example: filtering lazy lists
Task: Given a codatatype α llist = [ ] | α · α llistfinite and
infinite lists
define a recursive function
lfilter P [ ] = [ ]
lfilter P (x · xs) = (if P x then x · lfilter P xs else lfilter P xs)
and prove properties.
lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xs
Usual definition principles• well-founded recursion
• guarded/primitive corecursion
guarded unguarded
lfilter is underspecified:
lfilter (≤ 0) (1 · [1, 1, 1, . . .]) = lfilter (≤ 0) [1, 1, 1, . . .]
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11
![Page 6: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/6.jpg)
Running example: filtering lazy lists
Task: Given a codatatype α llist = [ ] | α · α llistfinite and
infinite lists
define a recursive function
lfilter P [ ] = [ ]
lfilter P (x · xs) = (if P x then x · lfilter P xs else lfilter P xs)
and prove properties.
lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xs
Usual definition principles• well-founded recursion
• guarded/primitive corecursion
guarded unguarded
lfilter is underspecified:
lfilter (≤ 0) (1 · [1, 1, 1, . . .]) = lfilter (≤ 0) [1, 1, 1, . . .]
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11
![Page 7: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/7.jpg)
Running example: filtering lazy lists
Task: Given a codatatype α llist = [ ] | α · α llistfinite and
infinite lists
define a recursive function
lfilter P [ ] = [ ]
lfilter P (x · xs) = (if P x then x · lfilter P xs else lfilter P xs)
and prove properties.
lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xs
Usual definition principles• well-founded recursion
• guarded/primitive corecursion
guarded
unguarded
lfilter is underspecified:
lfilter (≤ 0) (1 · [1, 1, 1, . . .]) = lfilter (≤ 0) [1, 1, 1, . . .]
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11
![Page 8: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/8.jpg)
Running example: filtering lazy lists
Task: Given a codatatype α llist = [ ] | α · α llistfinite and
infinite lists
define a recursive function
lfilter P [ ] = [ ]
lfilter P (x · xs) = (if P x then x · lfilter P xs else lfilter P xs)
and prove properties.
lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xs
Usual definition principles• well-founded recursion
• guarded/primitive corecursion
guarded unguarded
lfilter is underspecified:
lfilter (≤ 0) (1 · [1, 1, 1, . . .]) = lfilter (≤ 0) [1, 1, 1, . . .]
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11
![Page 9: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/9.jpg)
Running example: filtering lazy lists
Task: Given a codatatype α llist = [ ] | α · α llistfinite and
infinite lists
define a recursive function
lfilter P [ ] = [ ]
lfilter P (x · xs) = (if P x then x · lfilter P xs else lfilter P xs)
and prove properties.
lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xs
Usual definition principles• well-founded recursion
• guarded/primitive corecursion
guarded unguarded
lfilter is underspecified:
lfilter (≤ 0) (1 · [1, 1, 1, . . .]) = lfilter (≤ 0) [1, 1, 1, . . .]
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11
![Page 10: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/10.jpg)
Beyond well-founded and guarded corecursion
lfilter P [ ] = [ ]lfilter P (x · xs) = (if P x then x · lfilter P xs else lfilter P xs)
lfinite xs ∨ (∀n. ∃x ∈ lset (ldrop n xs). P x ∧ Q x) −→
lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xs
Previous approaches:
Partiality leave unspecified for infinite lists w/o satisfying elements
close to specificationproperties need preconditionsno proof principles
Search function check whether there are more elements
︷ ︸︸ ︷if ¬ find P xs then [ ] else
total function, no preconditionsadditional lemmas about search function necessaryad hoc solution
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 3 / 11
![Page 11: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/11.jpg)
Beyond well-founded and guarded corecursion
lfilter P [ ] = [ ]lfilter P (x · xs) = (if P x then x · lfilter P xs else lfilter P xs)
lfinite xs ∨ (∀n. ∃x ∈ lset (ldrop n xs). P x ∧ Q x) −→lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xs
Previous approaches:
Partiality leave unspecified for infinite lists w/o satisfying elements
close to specificationproperties need preconditionsno proof principles
Search function check whether there are more elements
︷ ︸︸ ︷if ¬ find P xs then [ ] else
total function, no preconditionsadditional lemmas about search function necessaryad hoc solution
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 3 / 11
![Page 12: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/12.jpg)
Beyond well-founded and guarded corecursion
lfilter P [ ] = [ ]lfilter P (x · xs) = (if P x then x · lfilter P xs else lfilter P xs)
lfinite xs ∨ (∀n. ∃x ∈ lset (ldrop n xs). P x ∧ Q x) −→
lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xs
Previous approaches:
Partiality leave unspecified for infinite lists w/o satisfying elements
close to specificationproperties need preconditionsno proof principles
Search function check whether there are more elements
︷ ︸︸ ︷if ¬ find P xs then [ ] else
total function, no preconditionsadditional lemmas about search function necessaryad hoc solution
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 3 / 11
![Page 13: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/13.jpg)
Two views on lfilter
lfilter :: (α⇒ bool)⇒ α llist⇒ α llist
1. produces a list corecursively
• lfilter :: β⇒ α llist
• find chain-complete partialorder on α llist
• take the least fixpoint for lfilter
2. consumes a list recursively
• lfilter :: α llist⇒ β
• find topology on α llist
• define lfilter on finite listsby well-founded recursion
• take the limit for infinite lists
proof principles
domain theory
fixpoint inductionstructural induction
topology
convergence on closed setsuniqueness of limits
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 4 / 11
![Page 14: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/14.jpg)
Two views on lfilter
lfilter :: (α⇒ bool)⇒ α llist⇒ α llist
1. produces a list corecursively
• lfilter :: β⇒ α llist
• find chain-complete partialorder on α llist
• take the least fixpoint for lfilter
2. consumes a list recursively
• lfilter :: α llist⇒ β
• find topology on α llist
• define lfilter on finite listsby well-founded recursion
• take the limit for infinite lists
proof principles
domain theory
fixpoint inductionstructural induction
topology
convergence on closed setsuniqueness of limits
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 4 / 11
![Page 15: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/15.jpg)
Two views on lfilter
lfilter :: (α⇒ bool)⇒ α llist⇒ α llist
1. produces a list corecursively
• lfilter :: β⇒ α llist
• find chain-complete partialorder on α llist
• take the least fixpoint for lfilter
2. consumes a list recursively
• lfilter :: α llist⇒ β
• find topology on α llist
• define lfilter on finite listsby well-founded recursion
• take the limit for infinite lists
proof principles
domain theory
fixpoint inductionstructural induction
topology
convergence on closed setsuniqueness of limits
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 4 / 11
![Page 16: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/16.jpg)
Two views on lfilter
lfilter :: (α⇒ bool)⇒ α llist⇒ α llist
1. produces a list corecursively
• lfilter :: β⇒ α llist
• find chain-complete partialorder on α llist
• take the least fixpoint for lfilter
2. consumes a list recursively
• lfilter :: α llist⇒ β
• find topology on α llist
• define lfilter on finite listsby well-founded recursion
• take the limit for infinite lists
proof principles
domain theory
fixpoint inductionstructural induction
topology
convergence on closed setsuniqueness of limits
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 4 / 11
![Page 17: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/17.jpg)
Two views on lfilter
lfilter :: (α⇒ bool)⇒ α llist⇒ α llist
1. produces a list corecursively
• lfilter :: β⇒ α llist
• find chain-complete partialorder on α llist
• take the least fixpoint for lfilter
2. consumes a list recursively
• lfilter :: α llist⇒ β
• find topology on α llist
• define lfilter on finite listsby well-founded recursion
• take the limit for infinite lists
proof principles
domain theory
fixpoint inductionstructural induction
topology
convergence on closed setsuniqueness of limits
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 4 / 11
![Page 18: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/18.jpg)
Proof principles pay off
Isabelle proofs of lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xs
Paulson’s Structural induction
Fixpoint induction
Continuous extension
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 5 / 11
![Page 19: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/19.jpg)
The producer view: least fixpoints
• prefix order v defined coinductively
• least upper bound⊔
Y defined by primitive corecursion
(v,⊔) forms a chain-complete partial order (CCPO) with ⊥ = [ ]
•
•
•
• •
. . .
A⊔
Av v v
v
v
v
•v w
• lift (v,⊔) point-wise to function space β⇒ α llist
Knaster-Tarski theorem:If f on a ccpo is monotone, then f has a least fixpoint.
partial-function (llist) lfilter :: (α⇒ bool)⇒ α llist⇒ α llist where
lfilter P xs = (case xs of [ ]⇒ [ ]| x · xs ⇒ if P x then x · lfilter P xs else lfilter P xs)
Light-weight domain theory
[ ] represents “undefined”, no additional values in α llist
full function space ⇒, no continuity restrictions
less automation
less expressive (no nested or higher-order recursion)
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11
![Page 20: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/20.jpg)
The producer view: least fixpoints
• prefix order v defined coinductively
• least upper bound⊔
Y defined by primitive corecursion
(v,⊔) forms a chain-complete partial order (CCPO) with ⊥ = [ ]
•
•
•
• •
. . .
A⊔
A
v v v
v
v
v
•v w
• lift (v,⊔) point-wise to function space β⇒ α llist
Knaster-Tarski theorem:If f on a ccpo is monotone, then f has a least fixpoint.
partial-function (llist) lfilter :: (α⇒ bool)⇒ α llist⇒ α llist where
lfilter P xs = (case xs of [ ]⇒ [ ]| x · xs ⇒ if P x then x · lfilter P xs else lfilter P xs)
Light-weight domain theory
[ ] represents “undefined”, no additional values in α llist
full function space ⇒, no continuity restrictions
less automation
less expressive (no nested or higher-order recursion)
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11
![Page 21: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/21.jpg)
The producer view: least fixpoints
• prefix order v defined coinductively
• least upper bound⊔
Y defined by primitive corecursion
(v,⊔) forms a chain-complete partial order (CCPO) with ⊥ = [ ]
•
•
•
• •
. . .
A⊔
Av v vv
v
v
•v w
• lift (v,⊔) point-wise to function space β⇒ α llist
Knaster-Tarski theorem:If f on a ccpo is monotone, then f has a least fixpoint.
partial-function (llist) lfilter :: (α⇒ bool)⇒ α llist⇒ α llist where
lfilter P xs = (case xs of [ ]⇒ [ ]| x · xs ⇒ if P x then x · lfilter P xs else lfilter P xs)
Light-weight domain theory
[ ] represents “undefined”, no additional values in α llist
full function space ⇒, no continuity restrictions
less automation
less expressive (no nested or higher-order recursion)
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11
![Page 22: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/22.jpg)
The producer view: least fixpoints
• prefix order v defined coinductively
• least upper bound⊔
Y defined by primitive corecursion
(v,⊔) forms a chain-complete partial order (CCPO) with ⊥ = [ ]
•
•
•
• •
. . .
A⊔
Av v vv
v
v
•v
w
• lift (v,⊔) point-wise to function space β⇒ α llist
Knaster-Tarski theorem:If f on a ccpo is monotone, then f has a least fixpoint.
partial-function (llist) lfilter :: (α⇒ bool)⇒ α llist⇒ α llist where
lfilter P xs = (case xs of [ ]⇒ [ ]| x · xs ⇒ if P x then x · lfilter P xs else lfilter P xs)
Light-weight domain theory
[ ] represents “undefined”, no additional values in α llist
full function space ⇒, no continuity restrictions
less automation
less expressive (no nested or higher-order recursion)
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11
![Page 23: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/23.jpg)
The producer view: least fixpoints
• prefix order v defined coinductively
• least upper bound⊔
Y defined by primitive corecursion
(v,⊔) forms a chain-complete partial order (CCPO) with ⊥ = [ ]
•
•
•
• •
. . .
A⊔
Av v vv
v
v
•v w
• lift (v,⊔) point-wise to function space β⇒ α llist
Knaster-Tarski theorem:If f on a ccpo is monotone, then f has a least fixpoint.
partial-function (llist) lfilter :: (α⇒ bool)⇒ α llist⇒ α llist where
lfilter P xs = (case xs of [ ]⇒ [ ]| x · xs ⇒ if P x then x · lfilter P xs else lfilter P xs)
Light-weight domain theory
[ ] represents “undefined”, no additional values in α llist
full function space ⇒, no continuity restrictions
less automation
less expressive (no nested or higher-order recursion)
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11
![Page 24: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/24.jpg)
The producer view: least fixpoints
• prefix order v defined coinductively
• least upper bound⊔
Y defined by primitive corecursion
(v,⊔) forms a chain-complete partial order (CCPO) with ⊥ = [ ]
•
•
•
• •
. . .
A⊔
Av v vv
v
v
•v w
• lift (v,⊔) point-wise to function space β⇒ α llist
Knaster-Tarski theorem:If f on a ccpo is monotone, then f has a least fixpoint.
partial-function (llist) lfilter :: (α⇒ bool)⇒ α llist⇒ α llist where
lfilter P xs = (case xs of [ ]⇒ [ ]| x · xs ⇒ if P x then x · lfilter P xs else lfilter P xs)
Light-weight domain theory
[ ] represents “undefined”, no additional values in α llist
full function space ⇒, no continuity restrictions
less automation
less expressive (no nested or higher-order recursion)
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11
![Page 25: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/25.jpg)
The producer view: least fixpoints
• prefix order v defined coinductively
• least upper bound⊔
Y defined by primitive corecursion
(v,⊔) forms a chain-complete partial order (CCPO) with ⊥ = [ ]
•
•
•
• •
. . .
A⊔
Av v vv
v
v
•v w
• lift (v,⊔) point-wise to function space β⇒ α llist
Knaster-Tarski theorem:If f on a ccpo is monotone, then f has a least fixpoint.
partial-function (llist) lfilter :: (α⇒ bool)⇒ α llist⇒ α llist where
lfilter P xs = (case xs of [ ]⇒ [ ]| x · xs ⇒ if P x then x · lfilter P xs else lfilter P xs)
Light-weight domain theory
[ ] represents “undefined”, no additional values in α llist
full function space ⇒, no continuity restrictions
less automation
less expressive (no nested or higher-order recursion)
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11
![Page 26: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/26.jpg)
The producer view: least fixpoints
• prefix order v defined coinductively
• least upper bound⊔
Y defined by primitive corecursion
(v,⊔) forms a chain-complete partial order (CCPO) with ⊥ = [ ]
•
•
•
• •
. . .
A⊔
Av v vv
v
v
•v w
• lift (v,⊔) point-wise to function space β⇒ α llist
Knaster-Tarski theorem:If f on a ccpo is monotone, then f has a least fixpoint.
partial-function (llist) lfilter :: (α⇒ bool)⇒ α llist⇒ α llist where
lfilter P xs = (case xs of [ ]⇒ [ ]| x · xs ⇒ if P x then x · lfilter P xs else lfilter P xs)
Light-weight domain theory
[ ] represents “undefined”, no additional values in α llist
full function space ⇒, no continuity restrictions
less automation
less expressive (no nested or higher-order recursion)
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11
![Page 27: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/27.jpg)
The producer view: least fixpoints
• prefix order v defined coinductively
• least upper bound⊔
Y defined by primitive corecursion
(v,⊔) forms a chain-complete partial order (CCPO) with ⊥ = [ ]
•
•
•
• •
. . .
A⊔
Av v vv
v
v
•v w
• lift (v,⊔) point-wise to function space β⇒ α llist
Knaster-Tarski theorem:If f on a ccpo is monotone, then f has a least fixpoint.
partial-function (llist) lfilter :: (α⇒ bool)⇒ α llist⇒ α llist where
lfilter P xs = (case xs of [ ]⇒ [ ]| x · xs ⇒ if P x then x · lfilter P xs else lfilter P xs)
Light-weight domain theory
[ ] represents “undefined”, no additional values in α llist
full function space ⇒, no continuity restrictions
less automation
less expressive (no nested or higher-order recursion)
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11
![Page 28: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/28.jpg)
The producer view: induction proofs
• structural induction
adm Q Q [ ] ∀x xs. lfinite xs ∧ Q xs −→ Q (x · xs)
Q xs
• fixpoint induction rule generated for lfilter
Induction is sound onlyfor admissible statements Q •
•
•
• •
. . .
v v v
v
vA
⊔A
Q
Q ( )
proof automation via syntactic decomposition rules for admissibility
lemma
adm (λxs.
lfilter P (lfilter Q xs ) = lfilter (λx . P x ∧ Q x) xs
)
by(induction xs) simp all
continuous contextsatomic predicate
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 7 / 11
![Page 29: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/29.jpg)
The producer view: induction proofs
• structural induction
adm Q Q [ ] ∀x xs. lfinite xs ∧ Q xs −→ Q (x · xs)
Q xs
• fixpoint induction rule generated for lfilter
Induction is sound onlyfor admissible statements Q •
•
•
• •
. . .
v v v
v
vA
⊔A
Q
Q ( )
proof automation via syntactic decomposition rules for admissibility
lemma
adm (λxs.
lfilter P (lfilter Q xs ) = lfilter (λx . P x ∧ Q x) xs
)
by(induction xs) simp all
continuous contextsatomic predicate
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 7 / 11
![Page 30: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/30.jpg)
The producer view: induction proofs
• structural induction
adm Q Q [ ] ∀x xs. lfinite xs ∧ Q xs −→ Q (x · xs)
Q xs
• fixpoint induction rule generated for lfilter
Induction is sound onlyfor admissible statements Q •
•
•
• •
. . .
v v v
v
vA
⊔AQ
Q ( )
proof automation via syntactic decomposition rules for admissibility
lemma
adm (λxs.
lfilter P (lfilter Q xs ) = lfilter (λx . P x ∧ Q x) xs
)
by(induction xs) simp all
continuous contextsatomic predicate
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 7 / 11
![Page 31: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/31.jpg)
The producer view: induction proofs
• structural induction
adm Q Q [ ] ∀x xs. lfinite xs ∧ Q xs −→ Q (x · xs)
Q xs
• fixpoint induction rule generated for lfilter
Induction is sound onlyfor admissible statements Q •
•
•
• •
. . .
v v v
v
vA
⊔AQ
Q ( )
proof automation via syntactic decomposition rules for admissibility
lemma
adm (λxs.
lfilter P (lfilter Q xs ) = lfilter (λx . P x ∧ Q x) xs
)
by(induction xs) simp all
continuous contextsatomic predicate
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 7 / 11
![Page 32: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/32.jpg)
The producer view: induction proofs
• structural induction
adm Q Q [ ] ∀x xs. lfinite xs ∧ Q xs −→ Q (x · xs)
Q xs
• fixpoint induction rule generated for lfilter
Induction is sound onlyfor admissible statements Q •
•
•
• •
. . .
v v v
v
vA
⊔AQ
Q ( )
proof automation via syntactic decomposition rules for admissibility
lemma
adm (λxs. lfilter P (lfilter Q xs ) = lfilter (λx . P x ∧ Q x) xs )
by(induction xs) simp all
continuous contextsatomic predicate
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 7 / 11
![Page 33: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/33.jpg)
The producer view: induction proofs
• structural induction
adm Q Q [ ] ∀x xs. lfinite xs ∧ Q xs −→ Q (x · xs)
Q xs
• fixpoint induction rule generated for lfilter
Induction is sound onlyfor admissible statements Q •
•
•
• •
. . .
v v v
v
vA
⊔AQ
Q ( )
proof automation via syntactic decomposition rules for admissibility
lemma
adm (λxs. lfilter P (lfilter Q xs ) = lfilter (λx . P x ∧ Q x) xs )
by(induction xs) simp all
continuous contextsatomic predicate
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 7 / 11
![Page 34: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/34.jpg)
The consumer view: continuous extensions
datatype α list = [] | α · α list 1. Define filter recursivelyfilter :: (α⇒ bool)⇒ α list⇒ α list on finite lists.
lfilter P xs = Lim (filter P) xs 2. Take the limit.
infinite
finite filter P
Lim
introduce CCPO topology
define the open sets
S
⊔A
•
•
•
• •
. . .
v v v
v
v
Anon-empty overlap
Properties of a CCPO topology
limits are unique
finite elements are discrete, i.e., open {xs}
}not the Scott topology!
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 8 / 11
![Page 35: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/35.jpg)
The consumer view: continuous extensions
datatype α list = [] | α · α list 1. Define filter recursivelyfilter :: (α⇒ bool)⇒ α list⇒ α list on finite lists.
lfilter P xs = Lim (filter P) xs 2. Take the limit.
infinite
finite filter P
Lim
introduce CCPO topology
define the open sets
S
⊔A
•
•
•
• •
. . .
v v v
v
v
Anon-empty overlap
Properties of a CCPO topology
limits are unique
finite elements are discrete, i.e., open {xs}
}not the Scott topology!
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 8 / 11
![Page 36: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/36.jpg)
The consumer view: continuous extensions
datatype α list = [] | α · α list 1. Define filter recursivelyfilter :: (α⇒ bool)⇒ α list⇒ α list on finite lists.
lfilter P xs = Lim (filter P) xs 2. Take the limit.
infinite
finite filter P
Lim
introduce CCPO topology
define the open sets
S
⊔A
•
•
•
• •
. . .
v v vv
v
A
non-empty overlap
Properties of a CCPO topology
limits are unique
finite elements are discrete, i.e., open {xs}
}not the Scott topology!
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 8 / 11
![Page 37: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/37.jpg)
The consumer view: continuous extensions
datatype α list = [] | α · α list 1. Define filter recursivelyfilter :: (α⇒ bool)⇒ α list⇒ α list on finite lists.
lfilter P xs = Lim (filter P) xs 2. Take the limit.
infinite
finite filter P
Lim
introduce CCPO topology
define the open sets
open S
⊔A
•
•
•
• •
. . .
v v vv
v
Anon-empty overlap
Properties of a CCPO topology
limits are unique
finite elements are discrete, i.e., open {xs}
}not the Scott topology!
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 8 / 11
![Page 38: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/38.jpg)
The consumer view: continuous extensions
datatype α list = [] | α · α list 1. Define filter recursivelyfilter :: (α⇒ bool)⇒ α list⇒ α list on finite lists.
lfilter P xs = Lim (filter P) xs 2. Take the limit.
infinite
finite filter P
Lim
introduce CCPO topology
define the open sets
open S
⊔A
•
•
•
• •
. . .
v v vv
v
Anon-empty overlap
Properties of a CCPO topology
limits are unique
finite elements are discrete, i.e., open {xs}
}not the Scott topology!
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 8 / 11
![Page 39: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/39.jpg)
The consumer view: proving
1. Prove that filter P is continuous!follows from monotonicity of filter
2. Proof rule convergence on a closed set (specialised for α llist):
closed {xs |Q xs} ∀ys. lfinite ys ∧ ys v xs −→ Q ys
Q xs
lemma lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xsby (rule converge closed[of xs]) (auto intro!: closed eq isCont lfilter )
decomposition rulesfor closedness
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 9 / 11
![Page 40: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/40.jpg)
The consumer view: proving
1. Prove that filter P is continuous!follows from monotonicity of filter
2. Proof rule convergence on a closed set (specialised for α llist):
closed {xs |Q xs} ∀ys. lfinite ys ∧ ys v xs −→ Q ys
Q xs
lemma lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xsby (rule converge closed[of xs]) (auto intro!: closed eq isCont lfilter )
decomposition rulesfor closedness
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 9 / 11
![Page 41: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/41.jpg)
Summary
Comparison least fixpoint continuous extension
ccpo on result type on parameter type
monotonicity of the functional of the function
proof principles structural induction = convergence on a closed setfixpoint induction
Available in the AFP entry Coinductive
Which codatatypes can be turned into useful ccpos?
extended naturals enat = 0 | eSuc enat
n-ary trees α tree = Leaf | Node α (α tree) (α tree)
}finitetruncations
streams α stream = Stream α (α stream) no finite elements
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 10 / 11
![Page 42: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/42.jpg)
Summary
Comparison least fixpoint continuous extension
ccpo on result type on parameter type
monotonicity of the functional of the function
proof principles structural induction = convergence on a closed setfixpoint induction
Available in the AFP entry Coinductive
Which codatatypes can be turned into useful ccpos?
extended naturals enat = 0 | eSuc enat
n-ary trees α tree = Leaf | Node α (α tree) (α tree)
}finitetruncations
streams α stream = Stream α (α stream) no finite elements
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 10 / 11
![Page 43: Recursive Functions on Lazy Lists via Domains and Topologies · Johannes H olzl Institut f ur Informatik TU M unchen, Germany ITP 2014. Running example: ltering lazy lists Task: Given](https://reader034.vdocuments.net/reader034/viewer/2022050607/5faebd8e8f8a69755e66faed/html5/thumbnails/43.jpg)
Two views on lfilter
lfilter :: (α⇒ bool)⇒ α llist⇒ α llist
1. produces a list corecursively
• lfilter :: β⇒ α llist
• find chain-complete partialorder on α llist
• take the least fixpoint for lfilter
2. consumes a list recursively
• lfilter :: α llist⇒ β
• find topology on α llist
• define lfilter on finite listsby well-founded recursion
• take the limit for infinite lists
proof principles
domain theory
fixpoint inductionstructural induction
topology
convergence on closed setsuniqueness of limits
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 4 / 11
Proof principles pay off
Isabelle proofs of lfilter P (lfilter Q xs) = lfilter (λx . P x ∧ Q x) xs
Paulson’s Structural induction
Fixpoint induction
Continuous extension
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 5 / 11
The consumer view: continuous extensions
datatype α list = [] | α · α list 1. Define filter recursivelyfilter :: (α⇒ bool)⇒ α list⇒ α list on finite lists.
lfilter P xs = Lim (filter P) xs 2. Take the limit.
infinite
finite filter P
Lim
introduce CCPO topology
define the open sets
open S
⊔A
•
•
•
• •
. . .
v v v
v
v
Anon-empty overlap
limits are unique
finite lists are discrete, i.e., open {xs}
}not the Scott topology!
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 8 / 11
The producer view: least fixpoints
• prefix order v defined coinductively
• least upper bound⊔
Y defined by primitive corecursion
(v,⊔) forms a chain-complete partial order (CCPO) with ⊥ = [ ]
•
•
•
• •
. . .
A⊔
Av v v
v
v
v
•v w
• lift (v,⊔) point-wise to function space β⇒ α llist
Knaster-Tarski theorem:If f on a ccpo is monotone, then f has a least fixpoint.
partial-function (llist) lfilter :: (α⇒ bool)⇒ α llist⇒ α llist where
lfilter P xs = (case xs of [ ]⇒ [ ]| x · xs ⇒ if P x then x · lfilter P xs else lfilter P xs)
Light-weight domain theory
[ ] represents “undefined”, no additional values in α llist
full function space ⇒, no continuity restrictions
less automation
less expressive (no nested or higher-order recursion)
Lochbihler (ETHZ), Holzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11