On the Design of a Galculator
40
On the Design of a Galculator Paulo Silva Departamento de Informática Universidade do Minho Braga, Portugal November 16, 2009 Guimarães
-
Upload
paulo-silva -
Category
Technology
-
view
30 -
download
0
description
Presentated at PhD Defense, Guimarães, Portugal in November 16, 2009.
Transcript of On the Design of a Galculator
On the Design of a Galculator
Paulo Silva
Departamento de InformáticaUniversidade do Minho
Braga, Portugal
November 16, 2009Guimarães
Outline
IntroductionMotivationObjectives
IngredientsIndirect equalityGalois connectionsRelation and fork algebrasPoint-free transform
Galois and Galculator
Concluding remarksContributionsFuture work
Outline
IntroductionMotivationObjectives
IngredientsIndirect equalityGalois connectionsRelation and fork algebrasPoint-free transform
Galois and Galculator
Concluding remarksContributionsFuture work
Software correctness
Current approaches
I Software correctness is an ambitious challengeI Sometimes proofs are hindered by the theoryI Tool support seems to be important
AlternativesI Sometimes algebraic approaches are possibleI Algebras “abstract” the underlying logicI Proofs become more syntactic
Galois connections can play an important role
Software correctness
Current approaches
I Software correctness is an ambitious challengeI Sometimes proofs are hindered by the theoryI Tool support seems to be important
AlternativesI Sometimes algebraic approaches are possibleI Algebras “abstract” the underlying logicI Proofs become more syntactic
Galois connections can play an important role
Whole division implementation
Haskell code
x ‘div ‘ y | x < y = 0| x > y = (x − y) ‘div ‘ y + 1
for non-negative x and positive y .
This is the code. Where is the specification?
Whole division implementation
Haskell code
x ‘div ‘ y | x < y = 0| x > y = (x − y) ‘div ‘ y + 1
for non-negative x and positive y .
This is the code. Where is the specification?
Whole division specification
Implicit definition
c = x ÷ y ⇔ 〈∃ r : 0 6 r < y : x = c × y + r〉
Explicit definition
x ÷ y = 〈∨
z :: z × y 6 x〉
Galois connection
z × y 6 x ⇔ z 6 x ÷ y (y > 0)
Whole division specification
Implicit definition
c = x ÷ y ⇔ 〈∃ r : 0 6 r < y : x = c × y + r〉
Explicit definition
x ÷ y = 〈∨
z :: z × y 6 x〉
Galois connection
z × y 6 x ⇔ z 6 x ÷ y (y > 0)
Whole division specification
Implicit definition
c = x ÷ y ⇔ 〈∃ r : 0 6 r < y : x = c × y + r〉
Explicit definition
x ÷ y = 〈∨
z :: z × y 6 x〉
Galois connection
z × y 6 x ⇔ z 6 x ÷ y (y > 0)
Specification vs. Implementation
I We can verify if the implementation meets thespecification.
I We can calculate the implementation from thespecification.
Whole divisionFrom specification to implementation
We want to calculate the implementation
x ÷ y = (x − y)÷ y + 1 if x > yx ÷ y = 0 if x < y
from specification
z × y 6 x ⇔ z 6 x ÷ y (y > 0)
Some useful Galois connections
a− b = c ⇔ a = c + ba− b 6 c ⇔ a 6 c + b
Proof when x > y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > 0, y > 0 }z×y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y−y 6 x−y
⇔ { distributivity }
(z − 1)×y 6 x − y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > y }
z−1 6 (x − y)÷y
⇔ { a−b 6 c ⇔ a 6 c+b }
z 6 (x − y)÷ y +1
Proof when x > y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > 0, y > 0 }z×y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y−y 6 x−y
⇔ { distributivity }
(z − 1)×y 6 x − y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > y }
z−1 6 (x − y)÷y
⇔ { a−b 6 c ⇔ a 6 c+b }
z 6 (x − y)÷ y +1
Proof when x > y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > 0, y > 0 }z×y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y−y 6 x−y
⇔ { distributivity }
(z − 1)×y 6 x − y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > y }
z−1 6 (x − y)÷y
⇔ { a−b 6 c ⇔ a 6 c+b }
z 6 (x − y)÷ y +1
Proof when x > y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > 0, y > 0 }z×y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y−y 6 x−y
⇔ { distributivity }
(z − 1)×y 6 x − y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > y }
z−1 6 (x − y)÷y
⇔ { a−b 6 c ⇔ a 6 c+b }
z 6 (x − y)÷ y +1
Proof when x > y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > 0, y > 0 }z×y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y−y 6 x−y
⇔ { distributivity }
(z − 1)×y 6 x − y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > y }
z−1 6 (x − y)÷y
⇔ { a−b 6 c ⇔ a 6 c+b }
z 6 (x − y)÷ y +1
Proof when x > y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > 0, y > 0 }z×y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y−y 6 x−y
⇔ { distributivity }
(z − 1)×y 6 x − y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > y }
z−1 6 (x − y)÷y
⇔ { a−b 6 c ⇔ a 6 c+b }
z 6 (x − y)÷ y +1
Proof when x < y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y }z×y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
Proof when x < y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y }z×y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
Proof when x < y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y }z×y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
Proof when x < y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y }z×y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
Proof when x < y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y }z×y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
Objectives
Exploit equational reasoning
I Use Galois connections in equational proofsI Integrate Galois connections, fork algebras and indirect
equality
Galois language
I Language for mathematical reasoningI Equivalent to first-order logicI Strongly typedI Front-end for the Galculator
Objectives
Galculator = Galois connections + calculator
I Proof assistant based on Galois connections, their algebraand associated tactics
I Exploit the state-of-the-art Haskell technology in thedevelopment of a proof assistant prototype
Outline
IntroductionMotivationObjectives
IngredientsIndirect equalityGalois connectionsRelation and fork algebrasPoint-free transform
Galois and Galculator
Concluding remarksContributionsFuture work
Indirect equality
Definition (Indirect inequality)
a v b ⇔ 〈∀ x :: x v a⇒ x v b〉a v b ⇔ 〈∀ x :: b v x ⇒ a v x〉
Definition (Indirect equality)
a = b ⇔ 〈∀ x :: x v a ⇔ x v b〉a = b ⇔ 〈∀ x :: a v x ⇔ b v x〉
Galois connections
Definition (Galois connection)Given two preordered sets (A,vA) and (B,vB) and twofunctions B Afoo and A B
goo , the pair (f , g) is a Galoisconnection if and only if, for all a ∈ A and b ∈ B:
f a vB b ⇔ a vA g b
Graphical notation
Af
,,
vA��
Bg
ll
vB��
or (A,vA) (B,vB)(f ,g)oo
Galois connections
f a vB b ⇔ a vA g b
g
f
f⊤A
B
g⊥B
Af
g
⊤A⊤B
⊥A⊥B
Algebra
I Identity connection.
(A,vA) (A,vA)(id ,id)oo
I Composition.
if (A,v) (B,�)(f ,g)oo and (B,�) (C,6)
(h,k)oo then
(A,v) (C,6)(h◦f ,g◦k)oo
I Converse.
if (A,v) (B,�)(f ,g)oo then (B,�) (A,w)
(g,f )oo
I Relator. For every relator F ,
if (A,v) (B,�)(f ,g)oo then (FA,F v) (FB,F �)
(F f ,Fg)oo
Relation and fork algebras
Relation algebras
I Extension of Boolean algebrasI Single inference rule: substitution of equals by equalsI Amenable for syntactic manipulationI Equivalent to a three-variable fragment of first-order logic
Fork algebras
I Extend relation algebras with a pairing operatorI Equivalent in expressive and deductive power to first-order
logic
Equational reasoning
Relation and fork algebras
Relation algebras
I Extension of Boolean algebrasI Single inference rule: substitution of equals by equalsI Amenable for syntactic manipulationI Equivalent to a three-variable fragment of first-order logic
Fork algebras
I Extend relation algebras with a pairing operatorI Equivalent in expressive and deductive power to first-order
logic
Equational reasoning
Point-free definitions
Definition (Galois connection)
f ◦ ◦vB = vA ◦ g
Definition (Indirect equality)
f = g ⇔ � ◦ f = � ◦ gf = g ⇔ f ◦ ◦� = g◦◦ �
Outline
IntroductionMotivationObjectives
IngredientsIndirect equalityGalois connectionsRelation and fork algebrasPoint-free transform
Galois and Galculator
Concluding remarksContributionsFuture work
Galois language
Fork
Formula
Term
Module
TheoremGC DefinitionDefinition Axiom Strategy
Type
Galois connection
Rewriting Combinator
Derivation
Proof Step
FunctionOrder
Galculator prototype
TRS
GC
Combine
Laws
Rules
Strategies
Combine
Properties Theory domain
Relation algebra
Derive
Derive DeriveDerive
Outline
IntroductionMotivationObjectives
IngredientsIndirect equalityGalois connectionsRelation and fork algebrasPoint-free transform
Galois and Galculator
Concluding remarksContributionsFuture work
Contributions
Study about Galois connections
I Survey of the most important theoretical resultsI Comprehensive study of different approaches to combine
Galois connectionsI Relation with category theoryI Survey of applications
Innovative approach
I Fork algebras used together with Galois connectionsI Use of indirect equalityI Amenable for either pencil-and-paper or computer assisted
proofs
Contributions
Galois language
I Follows from the theoretical conceptsI Strongly typedI Galois connections introduce some semantic support while
reasoning in a syntactic level
Galculator prototype
I Proof assistant prototype based on Galois connectionsI First proof engine to calculate directly with point-free
Galois connectionsI Application of advanced and innovative implementation
techniques
Future work
I Integration with host theorem provers (e.g., Coq)I Mechanization of point-free transformI Automated proofsI Free-theoremsI Extension of the type systemI Evaluation of the languageI Application to abstract interpretation
