Cutland: Computability, an introduction to recursive function theory - PowerPoint PPT Presentation

W EAK C ALL - BY -V ALUE L AMBDA C ALCULUS AS A M ODEL OF C OMPUTATION IN C OQ ITP 2017 Yannick Forster Gert Smolka S AARLAND U NIVERSITY , P ROGRAMMING S YSTEMS L AB saarland university computer science

Introduction Definitions Verification Rice Modesty Post R ELATED W ORK Michael Norrish Mechanised computability theory ITP 2011 J. Xu, X. Zhang and C. Urban Mechanising Turing Machines and computability theory in Isabelle/HOL ITP 2013 Andrea Asperti and Wilmer Ricciotti A formalization of multi-tape Turing machines TCS 2015 Andrej Bauer First steps in synthetic computability theory ENTCS 2006 2

Introduction Definitions Verification Rice Modesty Post Cutland: Computability, an introduction to recursive function theory Kozen: Automata and Computability: Wikipedia: 3

Introduction Definitions Verification Rice Modesty Post I NGREDIENTS ◮ Take terms s , t , u , call closed normal forms procedures , ◮ take evaluation s ⊲ t (functional, t procedure), ◮ define E s := ∃ t . s ⊲ t , ◮ take procedures T � = F such that T st ⊲ s and F st ⊲ t , ◮ take retraction s into procedures to encode terms, ◮ do computability theory. 4

Introduction Definitions Verification Rice Modesty Post D EFINITIONS u decides p if ∀ s . ps ∧ us ⊲ T ∨ ¬ ps ∧ us ⊲ F u recognises p if ∀ s . ps ↔ E ( us ) 5

Introduction Definitions Verification Rice Modesty Post u decides p if ∀ s . ps ∧ us ⊲ T ∨ ¬ ps ∧ us ⊲ F Fact λ s . ¬ ( ss ⊲ T ) is not decidable. Proof. u decides λ s . ¬ ( ss ⊲ T ) : ∀ s . ¬ ( ss ⊲ T ) ∧ us ⊲ T ∨ ¬¬ ( ss ⊲ T ) ∧ us ⊲ F ¬ ( uu ⊲ T ) ∧ uu ⊲ T ∨ ¬¬ ( uu ⊲ T ) ∧ uu ⊲ F Contradiction! 6

Introduction Definitions Verification Rice Modesty Post S ELECTED R ESULTS ◮ Self-interpreter. There is a procedure U such that for all terms s , t : 1. If s ⊲ t , then U s ⊲ t . 2. If U s evaluates, then s evaluates. ◮ Rice’s theorem. Every nontrivial extensional class of procedures is undecidable. ◮ Modesty. L -decidable classes are functionally decidable. ◮ Post’s Theorem. A class is decidable if it is recognisable, corecognisable, and logically decidable. 7

Introduction Definitions Verification Rice Modesty Post S YNTAX OF L De Bruijn Terms: s , t ::= n | s t | λ s ( n ∈ N ) I = λ x . x T = λ xy . x F = λ xy . y ω = λ x . xx D = λ x .ωω := λ 0 := λ ( λ 1 ) := λ ( λ 0 ) := λ ( 00 ) := λ ( ωω ) “Procedure” := closed abstraction 8

Introduction Definitions Verification Rice Modesty Post S EMANTICS OF L Reduction: s ≻ s ′ t ≻ t ′ ( λ s )( λ t ) ≻ s 0 st ≻ s ′ t st ≻ st ′ λ t implemented using capturing single-point substitution ≡ equivalence closure of ≻ ⊲ big-step evaluation to abstraction 1. Equational reasoning: s ≡ s ′ → t ≡ t ′ → st ≡ s ′ t ′ 2. Church Rosser: If s ≡ t , then s ≻ ∗ u and t ≻ ∗ u for some u . 3. Unique nfs: If s ⊲ m t , s ⊲ n u , then t = u , m = n . [Plotkin, 1975], [Niehren, 1996], [Dal Lago & Martini, 2008] 9

Introduction Definitions Verification Rice Modesty Post S COTT ENCODINGS AND RECURSION E NCODINGS T , F for booleans � n for natural numbers s for terms S COTT CONSTRUCTORS n ≡ � ◮ Succ � Sn ◮ A s t ≡ st R ECURSION COMBINATOR ◮ ( ρ u ) v ≡ u ( ρ u ) v [Mogensen, 1990], [Jansen, 2013] 10

Introduction Definitions Verification Rice Modesty Post V ERIFICATION Functional specification: ∀ mn . Add � m � n ≡ � m + n By induction from: Add � 0 � n ≡ � Add � Sm � n ≡ Succ ( Add � m � n n ) Add := ρ ( λ amn . mn ( λ m 0 . Succ ( am 0 n ))) Add � m � n ≡ Add � n � m 11

Introduction Definitions Verification Rice Modesty Post If u decides p and v decides q then λ s . ps ∧ qs is decidable. λ x . ux ( vx ) F does the job 12

Introduction Definitions Verification Rice Modesty Post (S TEP - INDEXED ) I NTERPRETER eval : N → T → T ⊥ eval n k = ⊥ eval n ( λ s ) = ⌊ λ s ⌋ eval 0 ( st ) = ⊥ eval ( Sn ) ( st ) = match eval n s , eval n t with | ⌊ λ s ⌋ , ⌊ t ⌋ ⇒ eval n s 0 t | _ _ ⇒ ⊥ s ⊲ t ↔ ∃ n . eval n s = ⌊ t ⌋ E � n s ≡ eval n s If s ⊲ t , then U s ⊲ t . If U s evaluates, then s evaluates. 13

Introduction Definitions Verification Rice Modesty Post M INIMISATION AND I NTERPRETER If s ⊲ t , then U s ⊲ t . If U s evaluates, then s evaluates. Theorem There is a procedure C such that for every unary u: 1. If u is satisfiable, then C u ⊲ � n for some n satisfying u. 2. If C u evaluates, then u is satisfiable. U := λ x . E ( C ( λ y . E y x ( λ z . T ) F )) x 14

Introduction Definitions Verification Rice Modesty Post R ICE IN R EALITY Kozen: Wikipedia: 15

Introduction Definitions Verification Rice Modesty Post R ICE & S COTT Scott: Every class p satisfying the following conditions is undecidable. 1. There are closed terms s 1 and s 2 such that ps 1 and ¬ ps 2 . 2. If s and t are closed terms such that s ≡ t and ps , then pt . Rice: Every class p satisfying the following conditions is undecidable. 1. There are procedures s 1 and s 2 such that ps 1 and ¬ ps 2 . 2. If s and t are procedures such that ∀ uv . su ⊲ v ↔ tu ⊲ v and ps , then pt . (“ p is extensional”) [Barendregt, 1984] 16

Introduction Definitions Verification Rice Modesty Post R ICE ’ S THEOREM Fact The class of closed terms s such that ¬E ( ss ) is not recognisable. Lemma (Reduction) A class p is unrecognisable if there exists a function f such that: 1. p ( fs ) ↔ ¬E ( ss ) for every closed terms s. 2. There is a procedure v such that vs ≡ fs for all s. 17

Introduction Definitions Verification Rice Modesty Post R ICE ’ S THEOREM Lemma Let p be an extensional class such that D is in p and some procedure N is not in p. Then p is unrecognisable. Proof. ◮ Define function fs such that ◮ fs ≈ D if ¬E ( ss ) ◮ fs ≈ N if E ( ss ) ◮ f := s �→ λ y . F ( ss ) Ny v := λ x . L ( A ( A ( A F ( A x ( Q x ))) N ) 0 ) ◮ vs ≡ fs and p ( fs ) ↔ ¬E ( ss ) ◮ Reduction lemma 18

Introduction Definitions Verification Rice Modesty Post R ICE ’ S THEOREM Lemma Let p be an extensional class such that D is in p and some procedure N is not in p. Then p is unrecognisable. Theorem Every nontrivial extensional class of procedures is undecidable. Proof. If u decides p then pD or ¬ pD and . . . 19

Introduction Definitions Verification Rice Modesty Post C OMPUTABLE NORMAL FORMS Lemma There is a function of type ∀ s . ( ∃ t . s ⊲ t ) → Σ t . s ⊲ t. Proof. ◮ ( ∃ t . s ⊲ t ) ↔ ∃ n . eval n s � = ⊥ ◮ λ n . eval n s � = ⊥ is Coq-decidable ◮ Use constructive choice (constructive indefinite ground description) to obtain n with eval n s = ⌊ t ⌋ ◮ s ⊲ t 20

Introduction Definitions Verification Rice Modesty Post T YPING TOTAL λ - DEFINABLE FUNCTIONS IN C OQ If u decides p then there is f with fs = true ↔ ps ⇒ L -decidability implies Coq-decidability s ⊲ � ∀ u . ( ∀ n ∃ m . u � n ⊲ � m ) → { f : N → N | ∀ s . u � fs } [Larchey-Wendling (2017)] 21

Introduction Definitions Verification Rice Modesty Post P OST ’ S T HEOREM Theorem If u recognises p and v recognises λ s . ¬ ps, then p is decidable if ∀ s . ps ∨ ¬ ps. Without restriction: equivalent to ¬¬E s → E s [Bauer (2006)] 22

Introduction Definitions Verification Rice Modesty Post F URTHER RESULTS ◮ Totality. The class of total procedures is unrecognisable. ◮ Parallel or. There is procedure O such that: 1. If s or t evaluates, then O s t evaluates. 2. If O s t evaluates, then either O s t ⊲ T and E s , or O s t ⊲ F and E t . ◮ Closure under union. The union of recognisable languages is recognisable. ◮ Scott’s theorem. Every nontrivial class of closed terms closed under ≡ is undecidable. ◮ Enumerability. A class is recognisable if and only if it is enumerable. 23

Introduction Definitions Verification Rice Modesty Post C ONTRIBUTION ◮ Elegant model of computation, easy to reason about ◮ Constructive formalisation of basic computability theory, less than 2000 loc ◮ Self-Interpreter, Rice, Scott, Post, Totality 24

Introduction Definitions Verification Rice Modesty Post F UTURE W ORK ◮ “ L and Turing Machines can simulate each other with a polynomially bounded overhead in time and a constant-factor overhead in space.” [Dal Lago, Martini (2008)], [Forster, Kunze, Roth (LOLA 2017)] ◮ Connect L to other models such as recursive functions. ◮ Use L to show “real-word” problems undecidable (e.g. from logic) ◮ Do further computability theory in L (Turing degrees, Myhill isomorphism theorem) ◮ Automate correctness proofs including time complexity [Forster, Kunze (CoqWS 2016)] https://www.ps.uni-saarland.de/ extras/L-computability/ 25

L INES OF CODE UP TO . . . What? Lines cumulated Definition of L 400 400 loc Rice’s theorem 500 900 loc Step-indexed interpreter 500 900 loc Full parallel interpreter 300 1200 loc Enumerable ↔ recognisable 600 1500 loc 26