program extraction from proofs induction and coinduction
play

Program extraction from proofs: induction and coinduction Ulrich - PowerPoint PPT Presentation

Dec 31, 2023 •144 likes •374 views

FP Seminar, Nottingham Program extraction from proofs: induction and coinduction Ulrich Berger Swansea University 1 / 22 Program extraction? Thesis: Program extraction from proofs has a good chance to become an accepted methodology for

  1. FP Seminar, Nottingham Program extraction from proofs: induction and coinduction Ulrich Berger Swansea University 1 / 22

  2. Program extraction? Thesis: Program extraction from proofs has a good chance to become an accepted methodology for producing verified software. Defence: ◮ Proofs can be carried out in surprisingly simple formal systems, namely mild extensions of first-order predicate logic. ◮ A lot of classical mathematics can be reused, without constructivization. ◮ Case studies (medium size) indicate that the method is practical and useful, with and without proof assistant. (We give examples from real analysis and monadic parsing.) 2 / 22

  3. Overview ◮ Mathematical and formal framework ◮ From coinduction to exact real number computation ◮ From induction to monadic parsers ◮ Related work ◮ Conclusion 3 / 22

  4. Mathematical and formal framework Classical mathematics with constructive topping Axioms: Any suitable axiom system of classical mathematics (for example ZFC) in a negative formulation, i.e double-negation translated. On top of that: Inductive and coinductive definitions as least and greatest fixed points of strictly positive predicate operators. Intuitionistic logic. 4 / 22

  5. Mathematical and formal framework Program extraction Realisability with uniform interpretation of quantifiers: � � ∀ = ∃ = A suitable formalisation yields Haskell-like extracted programs. Paper with M. Seisenberger to appear. 5 / 22

  6. From coinduction to exact real number computation Real and natural numbers R = the usual (classical) complete ordered field. N = the natural numbers as an inductively defined subset of R , i.e. the least subset of R such that = { 0 } ∪ { x + 1 | x ∈ N } N (= { x ∈ R | x = 0 ∨ ∃ y ( y ∈ N ∧ x = y + 1) } ) Here, ∨ is constructive disjunction. A first example of program extraction: From a constructive proof of ∀ x , y ( x ∈ N ∧ y ∈ N → x + y ∈ N ) one extracts a program computing addition for natural numbers in unary notation. 6 / 22

  7. From coinduction to exact real number computation Approaching real numbers coinductively I := [ − 1 , 1] ⊆ R . Define C 0 coinductively as the largest subset of I such that C 0 = { x + d | x ∈ C 0 , d ∈ SD } 2 where SD = { 0 , 1 , − 1 } is the set of signed (binary) digits. ∀ n ∈ N ∃ q ∈ Q ∩ I | x − q | ≤ 2 − n . Theorem 1 x ∈ C 0 iff This theorem and all results in the following are constructive. A realiser of x ∈ C 0 is an infinite stream of signed digits i a i 2 − ( i +1) . a = a 0 : a 1 : . . . representing x , i.e. x = � From the proof of the lemma one extracts programs translating between the signed-digit- and the Cauchy-representation. 7 / 22

  8. From coinduction to exact real number computation Extracting exact real arithmetic If x , y ∈ C 0 then x + y ∈ C 0 . Theorem 2 2 Theorem 3 If x , y ∈ C 0 then xy ∈ C 0 . From these theorems one extracts implementations of addition and multiplication w.r.t. the signed digit representation. Similar implementations were studied by Edalat, Potts, Heckmann, Escardo, Ciaffaglione, Gianantonio, e.t.c. The difference is that we extract the programs –together with their correctness proofs. 8 / 22

  9. From coinduction to exact real number computation Approaching real functions (co)inductively x ∈ C 0 roughly means that there is a signed digit stream a = a 0 : a 1 : . . . such that x = av a 0 ◦ av a 1 ◦ . . . where av d ( y ) = d + y 2 . The stream a can be viewed as a process that emits the digits a i . A (uniformly) continuous function f ∈ I I can be viewed as real number that depends on an input. Therefore it cannot always emit digits: occasionally it must absorb digits from the input. This idea is captured by the set C 1 which is defined coindutively as the largest subset of I I such that C 1 = µ F . { av e ◦ g | e ∈ SD , g ∈ C 1 } ∪ { f | ∀ d ∈ SD f ◦ av d ∈ F } where µ F . Φ( F ) denotes the least fixed point of Φ, i.e. an inductive definition. 9 / 22

  10. From coinduction to exact real number computation Memo trees (tries?) for continuous functions f ∈ I I is continuous iff f ∈ C 1 . Theorem 4 From the proof of this theorem one extracts programs translating between realisers of “ f is continuous” (where continuity has to be defined in a contructively meaningful way) and realisers of “ f ∈ C 1 ”. What is a realiser of “ f ∈ C 1 ”? It is a finitely branchning non-wellfounded tree describing when f emits and absorbs digits. I.p. it is a data structure , not a function. Similar trees have been studied by P. Hancock, D. Pattinson, N. Ghani. 10 / 22

  11. From coinduction to exact real number computation Extracting memoized exact real arithmetic The definition of C 1 ⊆ I I can be generalised to C n ⊆ I ( I n ) . Theorem 5 The average function lies in C 2 . Multiplication lies in C 2 . Theorem 6 From Theorems 5,6 one extracts implementations of addition and multiplication as memo-tries (relation to work by Hinze and Altenkirch?) Experiments show considerable speed-up when sampling “hard” functions (e.g. high iterations of the logistic map) on a very fine grid. � Theorem 7 If f ∈ C 1 , then f ∈ C 0 . The ectracted program program has some similarity with A. Simpson’s, but is more efficient because the functions to be integrated are represented differently. 11 / 22

  12. From coinduction to exact real number computation Generalisation: digit spaces A digit space ( X , D ) consists of a set X and a set D ⊆ X X . This generalises the structure ( I , { av d | d ∈ SD } ). Given digit space ( X , D ) and ( Y , E ) we define the set C ⊆ X Y of digital maps by := ν F .µ G . { e ◦ f | e ∈ E , f ∈ F } ∪ C { h : X → Y | ∀ d ∈ D h ◦ d ∈ G } This generalises C 1 ⊆ I I . 12 / 22

  13. From coinduction to exact real number computation Fundamental results about digit spaces and their application Theorem 8 Digit spaces and digital maps form a category with finite products. The extracted program corresponds to the main results by Ghani/Hancock/Pattinson. The generality of digit spaces can be used to obtain new algorithsm in computable analysis (for example, power series using higher-order digit spaces). 13 / 22

  14. From coinduction to exact real number computation What have we achieved? ◮ Programs with correctness proofs extracted (some new, some more efficient). ◮ Simple formalisation: Abstract classical reals, no streams, no trees, . . . . ◮ Simple proofs (you have to believe me). ◮ In some cases first hacking the program and then verifying it would have been much harder than the extraction of the program from a proof (for example, the proof that digit spaces have finite products). 14 / 22

  15. From induction to monadic parsers Finite sets Let P ( X ) be the classical powerset of X . Define P 0 ( X ) ⊆ P ( X ) by a constructive inductive definition: (i) ∅ ∈ P 0 ( X ) (ii) If E ∈ P 0 ( X ) and x ∈ X , then { x } ˜ ∪ E ∈ P 0 ( X ) where A ˜ ∪ B := { x | x ∈ A ˜ ∨ x ∈ B } and ˜ ∨ is classical disjunction (we asume comprehension for classical properties, hence A ˜ ∪ B exists). In other words, P 0 ( X ) is the least subset of P ( X ) such that P 0 ( X ) = { F | F = ∅ ∨ ∃ x ∃ E ∈ P 0 ( X ) F = { x } ˜ ∪ E } A realiser of “ E ∈ P 0 ( X )” is a finite list [ a 1 , . . . , a n ] such that a i realises “ x i ∈ X ” and E = { x 1 , . . . , x n } . In particular, if X is a “concrete” set, that is, its elements realise themselves, then a realiser of “ E ∈ P 0 ( X )” is simply a listing of the elements of E . 15 / 22

  16. From induction to monadic parsers Labelled transition systems Let S , A be sets (states and labels). For simplicity let’s assume both are concrete. LTS S , A := P ( S × A × S ). Let P ∈ LTS S , A . Finitely branching LTS FB S , A ( P ) : ≡ ∀ s ∈ S P ( s ) ∈ P 0 ( A × S ) where P ( s ) := { ( a , t ) | ( s , a , t ) ∈ P } . A realiser of “ FB S , A ( P )” is a function p : S → [ A × S ] such that p ( s ) is a listing of all ( a , t ) with P ( s , a , t ). 16 / 22

  17. From induction to monadic parsers Constructing finitely branching LTS return ( a ) := { ( s , a , s ) | s ∈ S } (for a ∈ A ). fail := ∅ Lemma (a) FB S , A ( return ( a )) (b) FB S , A ( fail ) (c) If FB S , A ( P ) and FB S , A ( Q ), then FB S , A ( A ˜ ∪ B ) If P ∈ LTS S , A and Q a ∈ LTS S , B for a ∈ A , then we define P >> = Q := { ( s , b , t ) | ∃ a , r ( P ( s , a , r ) ∧ Q a ( r , b , t )) } If FB S , A ( P ) and FB S , B ( Q a ) for all a ∈ A , then Lemma FB S , B ( P >> = Q ). From these lemmas the corresponding monadic parsers and parser combinators can be extracted. For more parser combinators the set S must be instantiated by the set of strings. 17 / 22

  18. From induction to monadic parsers What have we achieved? ◮ The well-known parser combinaters by Hutton/Meijer have been extracted – with correctness and in particular termination proofs! ◮ In the (source) proofs no lists or higer-order functions occur. 18 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal proofs, variable binding, and program extraction from proofs Colloquium Logicum 2016 (10

Formal proofs, variable binding, and program extraction from proofs Colloquium Logicum 2016 (10

Formal proofs, variable binding, and program extraction from proofs Colloquium Logicum 2016 (10 - 12 September 2016, Hamburg) Gyesik Lee Hankyong National University 1 Overview 1. Verification of proofs 2. Hales proof of the Kepler

651 views • 43 slides
Encoding Induction in Correctness Proofs of Program Transformations as a Termination Problem

Encoding Induction in Correctness Proofs of Program Transformations as a Termination Problem

Encoding Induction in Correctness Proofs of Program Transformations as a Termination Problem Conrad Rau, David Sabel and Manfred Schmidt-Schau Goethe-University, Frankfurt am Main, Germany WST 2012, Obergurgl, Austria 1 Introduction

307 views • 26 slides
Computational content of proofs involving coinduction Helmut Schwichtenberg (j.w.w. Kenji

Computational content of proofs involving coinduction Helmut Schwichtenberg (j.w.w. Kenji

Computational content of proofs involving coinduction Helmut Schwichtenberg (j.w.w. Kenji Miyamoto and Fredrik Nordvall Forsberg) Mathematisches Institut, LMU, M unchen Advances in Proof Theory, Universit at Bern, 13.-14. Dezember 2013

1.94k views • 114 slides
Computational content of proofs involving coinduction Helmut Schwichtenberg (j.w.w. Kenji

Computational content of proofs involving coinduction Helmut Schwichtenberg (j.w.w. Kenji

Computational content of proofs involving coinduction Helmut Schwichtenberg (j.w.w. Kenji Miyamoto and Fredrik Nordvall Forsberg) Mathematisches Institut, LMU, M unchen Kyoto University, 19. March 2014 1 / 29 Proof: 2 aspects provides

543 views • 29 slides
Program extraction from constructive proofs Helmut Schwichtenberg Mathematisches Institut der

Program extraction from constructive proofs Helmut Schwichtenberg Mathematisches Institut der

Program extraction from constructive proofs Helmut Schwichtenberg Mathematisches Institut der Universit at M unchen 1. Hilberts programme The foundational crisis Some basic facts from mathematical logic Undefinability of truth G

1.14k views • 55 slides
Constructive Proofs and Program Extraction Christoph Kreitz 1. Type Theory vs. Set Theory 2.

Constructive Proofs and Program Extraction Christoph Kreitz 1. Type Theory vs. Set Theory 2.

Constructive Proofs and Program Extraction Christoph Kreitz 1. Type Theory vs. Set Theory 2. Overview of the Nuprl System 3. Proofs of the Integer Square Root Problem What distinguishes Type Theory from Set Theory? n r r 2 n

800 views • 42 slides
Walking through infinite trees with mixed induction and coinduction Keiko Nakata and Tarmo

Walking through infinite trees with mixed induction and coinduction Keiko Nakata and Tarmo

Walking through infinite trees with mixed induction and coinduction Keiko Nakata and Tarmo Uustalu with Marc Bezem Institute of Cybernetics, Tallinn (many thanks to T. Altenkirch and H. Herbelin ) Theory Days, Nelijrve, 4 February 2011

363 views • 17 slides
The Role of the Coinduction Hypothesis in Coinductive Proofs Anton Setzer Swansea University

The Role of the Coinduction Hypothesis in Coinductive Proofs Anton Setzer Swansea University

The Role of the Coinduction Hypothesis in Coinductive Proofs Anton Setzer Swansea University With contributions by Peter Hancock, Andreas Abel, Brigitte Pientka, David Thibodeau Operations, Sets, Types, M unchenwiler near Bern, Switzerland

940 views • 59 slides
Logic for Computer Science 10 Proofs by induction Wouter Swierstra University of Utrecht 1

Logic for Computer Science 10 Proofs by induction Wouter Swierstra University of Utrecht 1

Logic for Computer Science 10 Proofs by induction Wouter Swierstra University of Utrecht 1 Last time Induction 2 This lecture Proofs by induction 3 Previously: definitions using induction In the last lecture, we studied how to give an

831 views • 68 slides
Subtyping, Declaratively An Exercise in Mixed Induction and Coinduction Nils Anders Danielsson

Subtyping, Declaratively An Exercise in Mixed Induction and Coinduction Nils Anders Danielsson

Subtyping, Declaratively An Exercise in Mixed Induction and Coinduction Nils Anders Danielsson Thorsten Altenkirch (University of Nottingham) Lac-Beauport, Qu ebec, 2010-06-23 Introduction New way to define subtyping for recursive

620 views • 34 slides
Program Extraction in Constructive Analysis Helmut Schwichtenberg Mathematisches Institut,

Program Extraction in Constructive Analysis Helmut Schwichtenberg Mathematisches Institut,

Program Extraction in Constructive Analysis Helmut Schwichtenberg Mathematisches Institut, Universit at M unchen 1 Program extraction from proofs Every constructive existence proof contains an algorithm. Bishop 1970 Mathematics as a

868 views • 45 slides
A3.1 Mathematical Induction direct proof indirect proof (proof by contradiction)

A3.1 Mathematical Induction direct proof indirect proof (proof by contradiction)

Discrete Mathematics in Computer Science September 23, 2020 A3. Proofs II Discrete Mathematics in Computer Science A3. Proofs II A3.1 Mathematical Induction Malte Helmert, Gabriele R oger A3.2 Structural Induction University of Basel

188 views • 6 slides
Extraction of Programs from Proofs using Postulated Axioms Anton Setzer Swansea University,

Extraction of Programs from Proofs using Postulated Axioms Anton Setzer Swansea University,

Extraction of Programs from Proofs using Postulated Axioms Anton Setzer Swansea University, Swansea UK (Joint work with Chi Ming Chuang) 10 October 2011 1/ 31 1. Agda in 5 Slides 2. Real Number Computations in Agda 3. Theory of Program

489 views • 31 slides
Foundations of Computer Science Lecture 8 Proofs with Recursive Objects Structural Induction:

Foundations of Computer Science Lecture 8 Proofs with Recursive Objects Structural Induction:

Foundations of Computer Science Lecture 8 Proofs with Recursive Objects Structural Induction: Induction on Recursively Defined Objects Proving an object is not in a recursive set Examples: sets, sequences, trees Last Time 1 Recursion. 2

169 views • 15 slides
The fundamental idea of program extraction 2 / 51 The fundamental idea of program extraction A

The fundamental idea of program extraction 2 / 51 The fundamental idea of program extraction A

IFP - A Logic for Program Extraction 1 Ulrich Berger Swansea University BCTCS Durham, April 15-17, 2019 1 available at www.cs.swan.ac.uk/ csulrich/slides.html 1 / 51 The fundamental idea of program extraction 2 / 51 The fundamental idea

1.59k views • 131 slides
Multi-Linear Strategy Extraction for QBF Expansion Proofs via Local Soundness Matthias Schlaipfer

Multi-Linear Strategy Extraction for QBF Expansion Proofs via Local Soundness Matthias Schlaipfer

Multi-Linear Strategy Extraction for QBF Expansion Proofs via Local Soundness Matthias Schlaipfer Friedrich Slivovsky Georg Weissenbacher Florian Zuleger July 6, 2020 Outline 1. Motivation 2. QBF: Semantics and expansion proofs 3. Local

582 views • 41 slides
A Deterministic Fault-Tolerant and Deadlock-Free Routing Protocol in 2-D Meshes Based on

A Deterministic Fault-Tolerant and Deadlock-Free Routing Protocol in 2-D Meshes Based on

A Deterministic Fault-Tolerant and Deadlock-Free Routing Protocol in 2-D Meshes Based on Odd-Even Turn Model Jie Wu Dept. of Computer Science and Engineering Florida Atlantic University Boca Raton, FL 33431 jie@cse.fau.edu Table of

800 views • 43 slides
Complex Networks: From the U.S. Congress to U.S. College Football Mason A. Porter Oxford Centre

Complex Networks: From the U.S. Congress to U.S. College Football Mason A. Porter Oxford Centre

Complex Networks: From the U.S. Congress to U.S. College Football Mason A. Porter Oxford Centre for Industrial and Applied Mathematics Mathematical Institute University of Oxford Collaborators: Thomas Callaghan, James Fowler, A. J. Friend,

815 views • 42 slides
Semi-leptonic form factors for B s K and B s D s Oliver Witzel (RBC-UKQCD

Semi-leptonic form factors for B s K and B s D s Oliver Witzel (RBC-UKQCD

Semi-leptonic form factors for B s K and B s D s Oliver Witzel (RBC-UKQCD collaborations) Lattice 2018, East Lansing, MI, July 27, 2018 RBC- and UKQCD collaborations BNL/RBRC Columbia U U Edinburgh U Southampton

497 views • 26 slides
New perspectives for heavy flavour physics from the lattice A Rainer Sommer LPHA Collaboration

New perspectives for heavy flavour physics from the lattice A Rainer Sommer LPHA Collaboration

New perspectives for heavy flavour physics from the lattice A Rainer Sommer LPHA Collaboration DESY, A Research Centre of the Helmholtz Association Les rencontres de Moriond, March 2009 Rainer Sommer New perspectives for heavy flavour

638 views • 41 slides
Universal Range Effects to Efimov Features Chen Ji ECT* / INFN-TIFPA EMMI RRTF, 02.06.2016 In

Universal Range Effects to Efimov Features Chen Ji ECT* / INFN-TIFPA EMMI RRTF, 02.06.2016 In

Universal Range Effects to Efimov Features Chen Ji ECT* / INFN-TIFPA EMMI RRTF, 02.06.2016 In Collaboration with: Bijaya Acharya, Eric Braaten, Lucas Platter, Daniel Phillips EFT for 3 identical bosons LO ( r/a ) 0 EFT Lagrangian for 3

1k views • 44 slides
Intrinsic Charm at LHCb Philip Ilten on behalf of the LHCb Collaboration Massachusetts Institute

Intrinsic Charm at LHCb Philip Ilten on behalf of the LHCb Collaboration Massachusetts Institute

Intrinsic Charm at LHCb Philip Ilten on behalf of the LHCb Collaboration Massachusetts Institute of Technology February 1, 2017 7th Workshop of the APS Topical Group on Hadronic Physics Ilten Intrinsic Charm at LHCb February 1, 2017 1 / 25

481 views • 25 slides
Improving Relational Consistency Algorithms Using Dynamic Relation Partitioning Anthony

Improving Relational Consistency Algorithms Using Dynamic Relation Partitioning Anthony

Improving Relational Consistency Algorithms Using Dynamic Relation Partitioning Anthony Schneider 1 Robert J. Woodward 1,2 Berthe Y. Choueiry 1 & Christian Bessiere 2 1 Constraint Systems Laboratory, University of

425 views • 26 slides
Certification of Safety-Critical, Software-Intensive Systems EECS4312: Software Engineering

Certification of Safety-Critical, Software-Intensive Systems EECS4312: Software Engineering

Certification of Safety-Critical, Software-Intensive Systems EECS4312: Software Engineering Requirements Fall 2019 C HEN -W EI W ANG McMaster Centre for Software Certification Led a $20M project (MAR.2008 to SEP .2016) of ORF-RE (Ontario

812 views • 37 slides

More recommend