galculator: functional prototype of a galois-connection based proof assistant
DESCRIPTION
Presented at PPDP'08, Valencia, Spain in July 15-17, 2008.TRANSCRIPT
LogoDI2
GalculatorFunctional Prototype of a Galois-connection Based
Proof Assistant
Paulo Silva José Nuno Oliveira
Departamento de InformáticaUniversidade do Minho
Braga, Portugal
Principles and Practice of Declarative ProgrammingJuly 15 – 17, 2008
Valencia
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 1 / 27
LogoDI2
Outline
Outline
1 IntroductionMotivationObjectives
2 Theoretical backgroundGalois connectionsPointfree transform
3 GalculatorPrinciplesRepresentation
4 ConclusionConclusionFuture work
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 2 / 27
LogoDI2
Introduction
Outline
1 IntroductionMotivationObjectives
2 Theoretical backgroundGalois connectionsPointfree transform
3 GalculatorPrinciplesRepresentation
4 ConclusionConclusionFuture work
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 3 / 27
LogoDI2
Introduction Motivation
Software correctness
Current approachesSoftware correctness is an ambitious challengeLogic based approaches benefit from the help of theorem proversSometimes proofs are hindered by the theoryIt is not always easy to devise the correct strategy
AlternativesSometimes algebraic approaches are possibleAlgebras “abstract” the underlying logicProofs become more syntactic
Galois connections can play an important role
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 4 / 27
LogoDI2
Introduction Motivation
Whole division implementation
Haskell code
x ‘div ‘ y | x < y = 0| x > y = (x − y) ‘div ‘ y + 1
for non-negative x and positive y .
This is the code. Where is the specification?
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 5 / 27
LogoDI2
Introduction Motivation
Whole division specification
Implicit definition
c = x ÷ y ⇔ 〈∃ r : 0 6 r < y : x = c × y + r〉
Explicit definition
x ÷ y = 〈∨
z :: z × y 6 x〉
Galois connection
z × y 6 x ⇔ z 6 x ÷ y (y > 0)
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 6 / 27
LogoDI2
Introduction Motivation
Whole division
Specification vs. ImplementationWe can verify if the implementation meets the specification.We can calculate the implementation from the specification.
Definition (Indirect equality)
a = b ⇔ 〈∀ x :: x 6 a⇔ x 6 b〉a = b ⇔ 〈∀ x :: a 6 x ⇔ b 6 x〉
Another useful Galois connection
a− b 6 c ⇔ a 6 c + b
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 7 / 27
LogoDI2
Introduction Motivation
Proof.
z 6 x ÷ y
⇔ { z × y 6 x ⇔ z 6 x ÷ y assuming x > 0, y > 0 }z × y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y − y 6 x − y
⇔ { distributivity }
(z − 1)× y 6 x − y
⇔ { z × y 6 x ⇔ z 6 x ÷ y assuming x > y }
z − 1 6 (x − y)÷ y
⇔ { a− b 6 c ⇔ a 6 c + b }
z 6 (x − y)÷ y + 1
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 8 / 27
LogoDI2
Introduction Motivation
Proof.
z 6 x ÷ y
⇔ { z × y 6 x ⇔ z 6 x ÷ y assuming x > 0, y > 0 }z × y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y − y 6 x − y
⇔ { distributivity }
(z − 1)× y 6 x − y
⇔ { z × y 6 x ⇔ z 6 x ÷ y assuming x > y }
z − 1 6 (x − y)÷ y
⇔ { a− b 6 c ⇔ a 6 c + b }
z 6 (x − y)÷ y + 1
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 8 / 27
LogoDI2
Introduction Motivation
Proof.
z 6 x ÷ y
⇔ { z × y 6 x ⇔ z 6 x ÷ y assuming x > 0, y > 0 }z × y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y − y 6 x − y
⇔ { distributivity }
(z − 1)× y 6 x − y
⇔ { z × y 6 x ⇔ z 6 x ÷ y assuming x > y }
z − 1 6 (x − y)÷ y
⇔ { a− b 6 c ⇔ a 6 c + b }
z 6 (x − y)÷ y + 1
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 8 / 27
LogoDI2
Introduction Motivation
Proof.
z 6 x ÷ y
⇔ { z × y 6 x ⇔ z 6 x ÷ y assuming x > 0, y > 0 }z × y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y − y 6 x − y
⇔ { distributivity }
(z − 1)× y 6 x − y
⇔ { z × y 6 x ⇔ z 6 x ÷ y assuming x > y }
z − 1 6 (x − y)÷ y
⇔ { a− b 6 c ⇔ a 6 c + b }
z 6 (x − y)÷ y + 1
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 8 / 27
LogoDI2
Introduction Motivation
Proof.
z 6 x ÷ y
⇔ { z × y 6 x ⇔ z 6 x ÷ y assuming x > 0, y > 0 }z × y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y − y 6 x − y
⇔ { distributivity }
(z − 1)× y 6 x − y
⇔ { z × y 6 x ⇔ z 6 x ÷ y assuming x > y }
z − 1 6 (x − y)÷ y
⇔ { a− b 6 c ⇔ a 6 c + b }
z 6 (x − y)÷ y + 1
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 8 / 27
LogoDI2
Introduction Motivation
Proof.
z 6 x ÷ y
⇔ { z × y 6 x ⇔ z 6 x ÷ y assuming x > 0, y > 0 }z × y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y − y 6 x − y
⇔ { distributivity }
(z − 1)× y 6 x − y
⇔ { z × y 6 x ⇔ z 6 x ÷ y assuming x > y }
z − 1 6 (x − y)÷ y
⇔ { a− b 6 c ⇔ a 6 c + b }
z 6 (x − y)÷ y + 1
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 8 / 27
LogoDI2
Introduction Motivation
Proof.
z 6 x ÷ y
⇔ { z × y 6 x ⇔ z 6 x ÷ y }z × y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 9 / 27
LogoDI2
Introduction Motivation
Proof.
z 6 x ÷ y
⇔ { z × y 6 x ⇔ z 6 x ÷ y }z × y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 9 / 27
LogoDI2
Introduction Motivation
Proof.
z 6 x ÷ y
⇔ { z × y 6 x ⇔ z 6 x ÷ y }z × y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 9 / 27
LogoDI2
Introduction Motivation
Proof.
z 6 x ÷ y
⇔ { z × y 6 x ⇔ z 6 x ÷ y }z × y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 9 / 27
LogoDI2
Introduction Motivation
Proof.
z 6 x ÷ y
⇔ { z × y 6 x ⇔ z 6 x ÷ y }z × y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 9 / 27
LogoDI2
Introduction Objectives
Objectives
GalculatorBuild a proof assistant based on Galois connections, their algebraand associated tactics
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 10 / 27
LogoDI2
Theoretical background
Outline
1 IntroductionMotivationObjectives
2 Theoretical backgroundGalois connectionsPointfree transform
3 GalculatorPrinciplesRepresentation
4 ConclusionConclusionFuture work
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 11 / 27
LogoDI2
Theoretical background Galois connections
Galois connections
Definition (Galois connection)Given two preordered sets (A,vA) and (B,vB) and two functions
B Afoo and A Bgoo , the pair (f , g) is a Galois connection
if and only if, for all a ∈ A and b ∈ B:
f a vB b ⇔ a vA g b
Graphical notation
Af
,,
vA��
Bg
ll
vB��
or (A,vA) (B,vB)(f ,g)oo
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 12 / 27
LogoDI2
Theoretical background Galois connections
Properties
Property Description
f a vB b ⇔ a vA g b “Shunting rule”g (b uB b′) = g b uA g b′ Distributivity (UA over meet)
f (a tA a′) = f a tB f a′ Distributivity (LA over join)a vA g (f a) Lower cancellationf (g b) vB b Upper cancellation
a vA a′⇒ f a vB f a′ Monotonicity (LA)b vB b′⇒ g b vA g b′ Monotonicity (UA)
g >B = >A Top-preservation (UA)f ⊥A = ⊥B Bottom-preservation (LA)
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 13 / 27
LogoDI2
Theoretical background Galois connections
Galois connections — Algebra
Identity connection
(A,vA) (A,vA)(id ,id)oo
Composition
if (A,v) (B,�)(f ,g)oo and (B,�) (C,6)
(h,k)oo then (A,v) (C,6)(h◦f ,g◦k)oo
Composition is associative and the identity is its unit.Galois connections form a category.
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 14 / 27
LogoDI2
Theoretical background Galois connections
Galois connections — Algebra
Converse
if (A,v) (B,�)(f ,g)oo then (B,�) (A,w)
(g,f )oo
RelatorFor every relator F that distributes through binary intersections,
if (A,v) (B,�)(f ,g)oo then (FA,F v) (FB,F �)
(F f ,Fg)oo
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 15 / 27
LogoDI2
Theoretical background Pointfree transform
Pointfree transform
Based on the formalization of set theory without variablesproposed by TarskiAbstracts points from definitionsMore compact and crypticMore amenable for syntactical manipulation
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 16 / 27
LogoDI2
Theoretical background Pointfree transform
Pointfree transform summary
Pointwise Pointfree〈∃ c :: bRc ∧ cSa〉 b(R ◦ S)a〈∀ x :: xRb⇒ xSa〉 b(R \ S)a〈∀ x :: bRx ⇒ aSx〉 b(S/R)a
bRa ∧ cSa (b, c)〈R, S〉abRa ∧ dSc (b, d)(R × S)(a, c)bRa ∧ bSa b(R ∩ S)abSa ∨ bSa b(R ∪ S)a(f b)R(g a) b(f ◦ ◦ R ◦ g)a
b = a b id aTrue b > aFalse b ⊥ a
〈∀ a, b :: bRa⇒ bSa〉 R ⊆ S〈∀ a, b :: bRa⇔ bSa〉 R = S
〈∀ a :: aRa〉 id ⊆ R
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 17 / 27
LogoDI2
Theoretical background Pointfree transform
Pointfree definitions
Definition (Galois connection)
f ◦ ◦vB = vA ◦ g
Definition (Indirect equality)
f = g ⇔ � ◦ f = � ◦ gf = g ⇔ f ◦ ◦� = g◦◦ �
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 18 / 27
LogoDI2
Galculator
Outline
1 IntroductionMotivationObjectives
2 Theoretical backgroundGalois connectionsPointfree transform
3 GalculatorPrinciplesRepresentation
4 ConclusionConclusionFuture work
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 19 / 27
LogoDI2
Galculator Principles
Design Principles
TRS
GC
Combine
Laws
Rules
Strategies
Combine
Properties Theory domain
Relation algebra
Derive
Derive DeriveDerive
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 20 / 27
LogoDI2
Galculator Representation
Algebraic data types
List definition — Algebraic data type
data List a = Nil | Cons a (List a)
List definition — Generalized algebraic data type
data List a whereNil :: List aCons :: a→ List a→ List a
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 21 / 27
LogoDI2
Galculator Representation
Type representation
data Type a whereBool :: Type BoolChar :: Type CharInt :: Type IntList :: Type a→ Type [a]Set :: Type a→ Type (Set a)Maybe :: Type a→ Type (Maybe a)· × · :: Type a→ Type b → Type (a, b)
Fun :: Type a→ Type b → Type (a← b)Rel :: Type a→ Type b → Type (a↔ b)GC :: Type a→ Type b → Type (GC a b)
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 22 / 27
LogoDI2
Galculator Representation
Relational representation
RepresentationRelationFunctionsOrdersGalois connections
Combinators
data R r where·◦ :: R (b ↔ a)→ R (a↔ b)· ◦· · :: Type b → R (c ↔ b)→ R (b ↔ a)→ R (c ↔ a)· × · :: R (b ↔ a)→ R (d ↔ c)→ R ((b, d)↔ (a, c)). . .
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 23 / 27
LogoDI2
Conclusion
Outline
1 IntroductionMotivationObjectives
2 Theoretical backgroundGalois connectionsPointfree transform
3 GalculatorPrinciplesRepresentation
4 ConclusionConclusionFuture work
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 24 / 27
LogoDI2
Conclusion Conclusion
Conclusion
Proof assistant prototype based on Galois connectionsInnovative approach
Combination of Galois connections and pointfree calculusNon-trivial example of the application of distinctive features offunctional languages
Generalized algebraic data typesExistential data typesCombinatorial approaches (parsing, rewriting)Support for embedded domain specific languagesComputations as monadsHigher-order functionsNew: Polymorphic type representation with unification. . .
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 25 / 27
LogoDI2
Conclusion Future work
Future work
User-friendly syntaxAutomated proofsFree-theoremsIntegration with host theorem provers
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 26 / 27
LogoDI2
The End
DownloadSource code and documentation available fromwww.di.uminho.pt/research/galculator
ContactQuestions to [email protected]
Paulo Silva, José Nuno Oliveira (UMinho) Galculator PPDP’08 27 / 27