Programming and proving with classical types Cristina Matache - - PowerPoint PPT Presentation

▶

Aug 13, 2022 439 likes •701 views

Programming and proving with classical types Cristina Matache University of Oxford University of Cambridge APLAS 2017 1 Joint work with Victor Gomes and Dominic Mulligan Motivation Question Classical proof assistant with

SLIDE 1

Programming and proving with classical types

Cristina Matache†‡ Joint work with Victor Gomes‡ and Dominic Mulligan‡

†University of Oxford ‡University of Cambridge

APLAS 2017

SLIDE 2

Motivation

▶ Proof assistants: ▪ Logic: intuitionistic vs. classical; ▪ Evidence: explicit (witness) vs. implicit. Question Classical proof assistant with explicit evidence.

SLIDE 3

Motivation

Question Classical proof assistant with explicit evidence. ▶ Problems: ▪ Logic: classical fjrst-order; ▪ Evidence: λµ terms.

SLIDE 4

Outline

1 Evidence: λµ and µML

2 Realisation: µTP Type system Operational semantics Meta-theory Extension of the λµ-calculus Isabelle Verifjed Interpreter µML OCaml Generation Code Theorem Prover µTP OCaml Proof terms

SLIDE 5

Evidence: λµ and µML

SLIDE 6

Typed λµ-calculus [Parigot, 1992]

ρ, σ, τ ∶∶= ⊥ ∣ τ → σ types t, r, s ∶∶= x ∣ λx∶σ.t ∣ t s ∣ λ-calculus terms µα∶σ.c µ-abstraction c ∶∶= [α]t named terms bind continuation α apply α to term t

µα∶σ.[α]t

type the continuation expects

SLIDE 7

Reduction Example

(µα.[β](x µγ.[α]f)) y ⟶ µα.[β](x µγ.[α](f y)) @ µα [β] @ x µγ [α] f y µα [β] @ x µγ [α] @ f y

α ↦ □ y

SLIDE 8

Reduction Example

(µα.[β](x µγ.[α]f)) y ⟶ µα.[β](x µγ.[α](f y)) @ µα [β] @ x µγ [α] f y µα [β] @ x µγ [α] @ f y

α ↦ □ y

SLIDE 9

Reduction Example

(µα.[β](x µγ.[α]f)) y ⟶ µα.[β](x µγ.[α](f y)) @ µα [β] @ x µγ [α] f y µα [β] @ x µγ [α] @ f y

α ↦ □ y

SLIDE 10

Reduction Example

(µα.[β](x µγ.[α]f)) y ⟶ µα.[β](x µγ.[α](f y)) @ µα [β] @ x µγ [α] f y µα [β] @ x µγ [α] @ f y

α ↦ □ y

SLIDE 11

Reduction Example

(µα.[β](x µγ.[α]f)) y ⟶ µα.[β](x µγ.[α](f y)) @ µα [β] @ x µγ [α] f y µα [β] @ x µγ [α] @ f y

α ↦ □ y

SLIDE 12

The Propositions-as-Types Correspondence

λ-calculus λµ-calculus λµ with ↑ Implicational Fragment

f Intuitionistic Logic

Minimal Classical Logic Full Classical Logic Propositions-as-Types + control

perators

+ multiple conclusions + ↑ + ⊥ elimination

SLIDE 13

Extending λµ

▶ Open terms for classical tautologies ⟹ Add ↑ [Ariola & Herbelin, 2003] Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A; ∆ Γ; ∆, α∶A ⊢c c Γ; ∆ ⊢ µα∶A.c ∶ A Γ; ∆ ⊢ t ∶ A α∶A ∈ ∆ Γ; ∆ ⊢c [α]t Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢c [↑]t

(⊥ elimination)

λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ¬¬A → A

¬A ≡ A → ⊥

SLIDE 14

Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑

[Ariola & Herbelin, 2003] Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A; ∆ Γ; ∆, α∶A ⊢c c Γ; ∆ ⊢ µα∶A.c ∶ A Γ; ∆ ⊢ t ∶ A α∶A ∈ ∆ Γ; ∆ ⊢c [α]t Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢c [↑]t

(⊥ elimination)

λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ¬¬A → A

¬A ≡ A → ⊥

SLIDE 15

Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑

[Ariola & Herbelin, 2003] Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A; ∆ Γ; ∆, α∶A ⊢c c Γ; ∆ ⊢ µα∶A.c ∶ A Γ; ∆ ⊢ t ∶ A α∶A ∈ ∆ Γ; ∆ ⊢c [α]t Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢c [↑]t

(⊥ elimination)

λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ¬¬A → A

¬A ≡ A → ⊥

SLIDE 16

Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑

[Ariola & Herbelin, 2003] Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A; ∆ Γ; ∆, α∶A ⊢c c Γ; ∆ ⊢ µα∶A.c ∶ A Γ; ∆ ⊢ t ∶ A α∶A ∈ ∆ Γ; ∆ ⊢c [α]t Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢c [↑]t

(⊥ elimination)

λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ¬¬A → A

¬A ≡ A → ⊥

SLIDE 17

Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑

[Ariola & Herbelin, 2003] Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A; ∆ Γ; ∆, α∶A ⊢c c Γ; ∆ ⊢ µα∶A.c ∶ A Γ; ∆ ⊢ t ∶ A α∶A ∈ ∆ Γ; ∆ ⊢c [α]t Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢c [↑]t

(⊥ elimination)

λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ¬¬A → A

¬A ≡ A → ⊥

SLIDE 18

Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑

[Ariola & Herbelin, 2003] Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A; ∆ Γ; ∆, α∶A ⊢c c Γ; ∆ ⊢ µα∶A.c ∶ A Γ; ∆ ⊢ t ∶ A α∶A ∈ ∆ Γ; ∆ ⊢c [α]t Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢c [↑]t

(⊥ elimination)

λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ¬¬A → A

¬A ≡ A → ⊥

SLIDE 19

Extending λµ ▶ First order quantifjcation:

ρ, σ, τ ∶∶= . . . ∣ a ∣ ∀a.σ types t, r, s ∶∶= . . . ∣ Λa.t terms ▶ Datatype encoding not unique ⟹ Built-in datatypes ▪ natural numbers and primitive recursion [Geuvers et. al., 2013] ▪ booleans ▪ products ▪ tagged unions

SLIDE 20

µML Interpreter

Type system Operational semantics Meta-theory Polymorphic λµ with ↑ and datatypes Isabelle Verifjed Interpreter µML OCaml Generation Code ✓ Preservation ✓ Progress Type Safety

SLIDE 21

Realisation: µTP

SLIDE 22

µTP Theorem Prover

▶ LCF-style theorem prover ▶ Use µML terms as evidence Backwards proof Proof state Tactics User-level Forward proof Constructs µML term Kernel OCaml µTP “qed”

SLIDE 23

Example µTP Proof

ΛA λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ΛA. ¬¬A → A

conjecture (mk_all_t (mk_arrow_t (mk_arrow_t (mk_arrow_t (mk_var_t 0) mk_bot_t) mk_bot_t) (mk_var_t 0))); apply 0 all_intro_tac; apply 0 imp_intro_tac; apply 0 mu_top_intro_tac; apply 0 (imp_elim_tac (mk_arrow_t (mk_var_t 0) mk_bot_t)); apply 0 (assm_tac 0); apply 0 imp_intro_tac; apply 0 (mu_label_intro_tac 1); apply 0 (assm_tac 0); qed ();

SLIDE 24

Extracted µML Program

ΛA λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ΛA. ¬¬A → A

tabs(A) -> fun (y : (A -> bot) -> bot) -> bind (a : A) -> [abort]. (y (fun (x : A) -> bind (b : bot) -> [a]. x end end)) end end end : forall(A)(((A -> bot) -> bot) -> A)

SLIDE 25

Programming and proving with classical types

Cristina Matache†‡ Joint work with Victor Gomes‡ and Dominic Mulligan‡

APLAS 2017

Motivation

▶ Proof assistants: ▪ Logic: intuitionistic vs. classical; ▪ Evidence: explicit (witness) vs. implicit. Question Classical proof assistant with explicit evidence.

Motivation

Question Classical proof assistant with explicit evidence. ▶ Problems: ▪ Logic: classical fjrst-order; ▪ Evidence: λµ terms.

Outline

1

Evidence: λµ and µML

2

Realisation: µTP Type system Operational semantics Meta-theory Extension of the λµ-calculus Isabelle Verifjed Interpreter µML OCaml Generation Code Theorem Prover µTP OCaml Proof terms

Evidence: λµ and µML

Typed λµ-calculus [Parigot, 1992]

ρ, σ, τ ∶∶= ⊥ ∣ τ → σ types t, r, s ∶∶= x ∣ λx∶σ.t ∣ t s ∣ λ-calculus terms µα∶σ.c µ-abstraction c ∶∶= [α]t named terms bind continuation α apply α to term t

µα∶σ.[α]t

type the continuation expects

Reduction Example

(µα.[β](x µγ.[α]f)) y ⟶ µα.[β](x µγ.[α](f y)) @ µα [β] @ x µγ [α] f y µα [β] @ x µγ [α] @ f y

α ↦ □ y

Reduction Example

(µα.[β](x µγ.[α]f)) y ⟶ µα.[β](x µγ.[α](f y)) @ µα [β] @ x µγ [α] f y µα [β] @ x µγ [α] @ f y

α ↦ □ y

Reduction Example

(µα.[β](x µγ.[α]f)) y ⟶ µα.[β](x µγ.[α](f y)) @ µα [β] @ x µγ [α] f y µα [β] @ x µγ [α] @ f y

α ↦ □ y

Reduction Example

(µα.[β](x µγ.[α]f)) y ⟶ µα.[β](x µγ.[α](f y)) @ µα [β] @ x µγ [α] f y µα [β] @ x µγ [α] @ f y

α ↦ □ y

Reduction Example

(µα.[β](x µγ.[α]f)) y ⟶ µα.[β](x µγ.[α](f y)) @ µα [β] @ x µγ [α] f y µα [β] @ x µγ [α] @ f y

α ↦ □ y

The Propositions-as-Types Correspondence

λ-calculus λµ-calculus λµ with ↑ Implicational Fragment

Minimal Classical Logic Full Classical Logic Propositions-as-Types + control

+ multiple conclusions + ↑ + ⊥ elimination

Extending λµ

▶ Open terms for classical tautologies ⟹ Add ↑ [Ariola & Herbelin, 2003] Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A; ∆ Γ; ∆, α∶A ⊢c c Γ; ∆ ⊢ µα∶A.c ∶ A Γ; ∆ ⊢ t ∶ A α∶A ∈ ∆ Γ; ∆ ⊢c [α]t Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢c [↑]t

(⊥ elimination)

λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ¬¬A → A

¬A ≡ A → ⊥

Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑

[Ariola & Herbelin, 2003] Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A; ∆ Γ; ∆, α∶A ⊢c c Γ; ∆ ⊢ µα∶A.c ∶ A Γ; ∆ ⊢ t ∶ A α∶A ∈ ∆ Γ; ∆ ⊢c [α]t Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢c [↑]t

(⊥ elimination)

λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ¬¬A → A

¬A ≡ A → ⊥

Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑

[Ariola & Herbelin, 2003] Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A; ∆ Γ; ∆, α∶A ⊢c c Γ; ∆ ⊢ µα∶A.c ∶ A Γ; ∆ ⊢ t ∶ A α∶A ∈ ∆ Γ; ∆ ⊢c [α]t Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢c [↑]t

(⊥ elimination)

λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ¬¬A → A

¬A ≡ A → ⊥

Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑

[Ariola & Herbelin, 2003] Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A; ∆ Γ; ∆, α∶A ⊢c c Γ; ∆ ⊢ µα∶A.c ∶ A Γ; ∆ ⊢ t ∶ A α∶A ∈ ∆ Γ; ∆ ⊢c [α]t Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢c [↑]t

(⊥ elimination)

λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ¬¬A → A

¬A ≡ A → ⊥

Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑

[Ariola & Herbelin, 2003] Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A; ∆ Γ; ∆, α∶A ⊢c c Γ; ∆ ⊢ µα∶A.c ∶ A Γ; ∆ ⊢ t ∶ A α∶A ∈ ∆ Γ; ∆ ⊢c [α]t Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢c [↑]t

(⊥ elimination)

λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ¬¬A → A

¬A ≡ A → ⊥

Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑

[Ariola & Herbelin, 2003] Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A; ∆ Γ; ∆, α∶A ⊢c c Γ; ∆ ⊢ µα∶A.c ∶ A Γ; ∆ ⊢ t ∶ A α∶A ∈ ∆ Γ; ∆ ⊢c [α]t Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢c [↑]t

(⊥ elimination)

λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ¬¬A → A

¬A ≡ A → ⊥

Extending λµ ▶ First order quantifjcation:

ρ, σ, τ ∶∶= . . . ∣ a ∣ ∀a.σ types t, r, s ∶∶= . . . ∣ Λa.t terms ▶ Datatype encoding not unique ⟹ Built-in datatypes ▪ natural numbers and primitive recursion [Geuvers et. al., 2013] ▪ booleans ▪ products ▪ tagged unions

µML Interpreter

Type system Operational semantics Meta-theory Polymorphic λµ with ↑ and datatypes Isabelle Verifjed Interpreter µML OCaml Generation Code ✓ Preservation ✓ Progress Type Safety

Realisation: µTP

µTP Theorem Prover

▶ LCF-style theorem prover ▶ Use µML terms as evidence Backwards proof Proof state Tactics User-level Forward proof Constructs µML term Kernel OCaml µTP “qed”

Example µTP Proof

ΛA λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ΛA. ¬¬A → A

Extracted µML Program

ΛA λy∶¬¬A µα∶A [↑] @ y λx∶A µβ∶⊥ [α] x ΛA. ¬¬A → A

tabs(A) -> fun (y : (A -> bot) -> bot) -> bind (a : A) -> [abort]. (y (fun (x : A) -> bind (b : bot) -> [a]. x end end)) end end end : forall(A)(((A -> bot) -> bot) -> A)

Conclusion ▶ Classical theorem prover with explicit evidence: ▪ Extended λµ-calculus;

▪ Evidence: µML terms; ▪ Realisation: µTP. ▶ Future work: ▪ Classical Fω; ▪ Extend µTP.