the type checking problem (TCP) schema the proof checking problem the type synthesis problem (TSP) decidability input: Γ M :? polymorphism in Coq

Similar documents
A Tutorial on [Co-]Inductive Types in Coq

Deterministic Discrete Modeling

Dependent Types at Work

Introduction to type systems

The Lean Theorem Prover

CHAPTER 7 GENERAL PROOF SYSTEMS

ML for the Working Programmer

Parametric Domain-theoretic models of Linear Abadi & Plotkin Logic

Extraction of certified programs with effects from proofs with monadic types in Coq

Introduction to Type Theory

Computer-Assisted Theorem Proving for Assuring the Correct Operation of Software

Foundational Proof Certificates

An Agda Tutorial. Makoto Takeyama

A Theory of Parametric Polymorphism and an Application

Verifying security protocols using theorem provers

Bindings, mobility of bindings, and the -quantifier

Relations: their uses in programming and computational specifications

PROGRAM-ing Finger Trees in COQ

POLYTYPIC PROGRAMMING OR: Programming Language Theory is Helpful

Automated Proof Construction in Type Theory using Resolution

CIS 500 Software Foundations Midterm I, Review Questions

Software Engineering

Summary Last Lecture. Automated Reasoning. Outline of the Lecture. Definition sequent calculus. Theorem (Normalisation and Strong Normalisation)

MAP-I Programa Doutoral em Informática. Rigorous Software Development

Setoids in type theory

A Computer Verified Theory of Compact Sets

Termination Checking: Comparing Structural Recursion and Sized Types by Examples

NP-Completeness and Cook s Theorem

Verifying design patterns in Hoare Type Theory. Kasper Svendsen, Alexandre Buisse and Lars Birkedal

CSE 459/598: Logic for Computer Scientists (Spring 2012)

Observational Program Calculi and the Correctness of Translations

Incompleteness & Completeness Formalizing Logic and Analysis in Type Theory

On automating the extraction of programs from termination proofs

Implementing Certified Programming Language Tools in Dependent Type Theory. Adam James Chlipala

Types vs Tests Amanda

Weyl s Predicative Classical Mathematics as a Logic-Enriched Type Theory

OPERATIONAL TYPE THEORY by Adam Petcher Prepared under the direction of Professor Aaron Stump A thesis presented to the School of Engineering of

Fun with Henry. Dirk Pattinson Department of Computing Imperial College London

AURA: A language with authorization and audit

Normalization by Evaluation

Logic in Computer Science: Logic Gates

Mathematics for Computer Science/Software Engineering. Notes for the course MSM1F3 Dr. R. A. Wilson

Non-deterministic Semantics and the Undecidability of Boolean BI

Certified Assembly Programming with Embedded Code Pointers

Mathematical Induction

From Program Verification to Certified Binaries

Verifying Specifications with Proof Scores in CafeOBJ

One More Decidable Class of Finitely Ground Programs

SECTION 10-2 Mathematical Induction

Formal Engineering for Industrial Software Development

A Certified Type-Preserving Compiler from Lambda Calculus to Assembly Language


Model Checking: An Introduction

Computational Semantics, Type Theory, and Functional Programming

INF5140: Specification and Verification of Parallel Systems


Real Roots of Univariate Polynomials with Real Coefficients

Equality and dependent type theory. Oberwolfach, March 2 (with some later corrections)

Propositional Logic. A proposition is a declarative sentence (a sentence that declares a fact) that is either true or false, but not both.

Certified Programming with Dependent Types

Section 6.1 Factoring Expressions

Discrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 2

GRAPH THEORY LECTURE 4: TREES

Hoare Type Theory, Polymorphism and Separation

Towards Certified Program Logics for the Verification of Imperative Programs

Formalization of the CRM: Initial Thoughts

MATHEMATICS: CONCEPTS, AND FOUNDATIONS Vol. III - Logic and Computer Science - Phokion G. Kolaitis

Specification and Analysis of Contracts Lecture 1 Introduction

Functional programming languages

Lecture 16 : Relations and Functions DRAFT

JUST THE MATHS UNIT NUMBER 1.8. ALGEBRA 8 (Polynomials) A.J.Hobson

How to Make Ad Hoc Proof Automation Less Ad Hoc

Intuitionistic Type Theory. Per Martin-Löf

Properties of Stabilizing Computations

Certified Security Proofs of Cryptographic Protocols in the Computational Model : an Application to Intrusion Resilience

CS510 Software Engineering

A Gentle Introduction to Type Classes and Relations in Coq

A Formal Specification of the MIDP 2.0 Security Model

Types and Programming Languages

Linear Types for Continuations

Using the Computer to Prove the Correctness of Programs p.1/12

Lecture 13 of 41. More Propositional and Predicate Logic

Formal firewall conformance testing: an application of test and proof techniques

Automated Theorem Proving - summary of lecture 1

(67902) Topics in Theory and Complexity Nov 2, Lecture 7

WOLLONGONG COLLEGE AUSTRALIA. Diploma in Information Technology

THEORY of COMPUTATION

Predicate Logic Review

COMPUTER SCIENCE TRIPOS

A Note on Context Logic

Chapter 15 Functional Programming Languages

6.1 Add & Subtract Polynomial Expression & Functions

The Modal Logic Programming System MProlog

Elementary Number Theory and Methods of Proof. CSE 215, Foundations of Computer Science Stony Brook University

Trust but Verify: Authorization for Web Services. The University of Vermont

Proving Type Soundness of a Simply Typed ML-Like Language with References

Ralf Hinze Generic Programs and Proofs

The last three chapters introduced three major proof techniques: direct,

Idris, a General Purpose Dependently Typed Programming Language: Design and Implementation

Program Transformation and Its Applications to Software Synthesis and Verification

Transcription:

schema the type checking problem (TCP) decidability polymorphism in Coq dependent inductive data-types in Coq further reading overview input: Γ M : N? output: true yes the typing judgement is derivable false no the typing judgement is not derivable (usually) decidable overview the proof checking problem the type synthesis problem (TSP) input: is candidate-proof P a proof of formula A? output: true yes P is a proof of A false no P is not a proof of A corresponds to type checking input: Γ M :? output: yes and term N typing judgment is derivable no typing judgment is not derivable generally decidable

the type inhabitation problem (TIP) the provability problem input: Γ? : N output: yes and term M typing judgment is derivable no typing judgment is not deriable input: is there a proof of formula A? corresponds to type inhabitation problem generally undecidable (but decidable in λ ) reduction theory schema subject reduction types are preserved under computation if Γ M : A and M β M then Γ M : A unique normal forms result of a computation is unique via confluence: if M β N and M β P then there is Q such that: N Q and P Q termination all computations eventually end in a normal form decidability polymorphism in Coq dependent inductive data-types in Coq further reading overview overview

identity function applications Definition natid : nat -> nat := fun n : nat => n. Definition boolid: bool -> bool := fun b : bool => b. Definition polyid : forall A : Set, A -> A := fun (A : Set) => fun (a : A) => a. polyid nat : nat -> nat polyid nat 0 polyid bool true Notation id := (polyid _). natlists and boollists in Coq polymorphic lists in Coq definition: Inductive natlist : Set := natnil : natlist natcons : nat -> natlist -> natlist. Inductive polylist (A:Set) : Set := polynil : (polylist A) polycons : A -> (polylist A) -> (polylist A). Inductive boollist : Set := boolnil : boollist boolcons : bool -> boollist -> boollist. types (use Check): polylist : Set -> Set polynil : forall A : Set, polylist A polycons : forall A : Set, A -> polylist A -> polylist A

instantiation by application slightly more efficient notation polylist nat : Set polynil nat : polylist nat polycons nat : nat -> polylist nat -> polylist nat polycons nat 2 (polycons nat 1 (polynil nat)) polycons bool true (polycons bool false (polynil bool)) Notation ni := (polynil _). Notation co := (polycons _). then we can write the following: Check (co 2 (co 1 ni)). Check (co true (co false ni)). type constructor for dependent lists function on natlists in Coq inductive definition of dependent natlists: Inductive natlist_dep : nat -> Set := nil_dep : natlist_dep 0 cons_dep : forall n : nat, nat -> natlist_dep n -> natlist_dep (S n). the type of the type constructor: natlist_dep : nat -> Set : Type Fixpoint natlength (l:natlist) {struct l} : nat := match l with natnil => O natcons h t => S (natlength t) end.

function on polymorphic lists in Coq dependent types versus polymorphism Fixpoint polylength (A:Set)(l:(polylist A)){struct l} : nat := match l with polynil => O polycons h t => S (polylength A t) end. dependent types types may depend on terms natlistdep n polymorphic types terms may depend on types polyid nat dependent types versus polymorphism inductive data-type for lists dependent types functions and quantifications over elements of a type λx : nat. x Πx:nat. natlistdep x polymorphic types functions and quantification over types λa :. λx : a. x Πa:. a a Inductive natlist : Set := natnil : natlist natcons : nat -> natlist -> natlist. Inductive boollist : Set := boolnil : boollist boolcons : bool -> boollist -> boollist. Inductive polylist (X : Set) : Set := polynil : polylist X polycons : X -> polylist X -> polylist X.

instantiation polymorphic types using application Coq < Check polyid nat. polyid nat : nat -> nat Coq < Check polylist nat. polylist nat : Set polymorphic identity in lambda2: λa :. λx : a. x : Πa:. a a polymorphic identity in Coq: Definition polyid : forall A : Set, A -> A := fun (A : Set) => fun (a : A) => a. polymorphic data-type for lists in Coq: Inductive polylist (X : Set) : Set := polynil : polylist X polycons : X -> polylist X -> polylist X. schema zeroes decidability polymorphism in Coq dependent inductive data-types in Coq further reading overview overview definition in Coq: Fixpoint zeroes (n:nat) : natlist := match n with O => nil S p => cons O (zeroes p) end. using Eval compute we find: (zeroes 0) = nil : natlist (zeroes 1) = cons 0 nil : natlist (zeroes 2) = cons 0 (cons 0 nil) : natlist

the type of zeroes the type of zeroes: more information the type of the function: zeroes : nat -> natlist use of the application rule (as before): zeroes : nat natlist 3 : nat zeroes 3 (zeroes 0) is a natlist of length 0 (zeroes 1) is a natlist of length 1 (zeroes 2) is a natlist of length 2 (zeroes n) is a natlist of length n type constructor for dependent lists type constructor for dependent lists: type inductive definition of dependent natlists: Inductive natlist_dep : nat -> Set := nil_dep : natlist_dep 0 cons_dep : forall n : nat, nat -> natlist_dep n -> natlist_dep (S n). the type of the type constructor: natlist_dep : nat -> Set : Type the type of the type constructor: natlist_dep : nat -> Set : Type use of the application rule (as before): natlistdep : nat Set 3 : nat natlistdep 3 : Set

dependent types in Coq: example inductive definition of dependent zeroes: Fixpoint zeroes_dep (n:nat) : natlist_dep n := match n return natlist_dep n with O => nil_dep S p => cons_dep p O (zeroes_dep p) end. the type of the function: zeroes_dep : forall n : nat, natlist_dep n using Eval compute we find: (zeroes_dep 0) = nil_dep : natlist_dep 0 (zeroes_dep 1) = cons_dep 0 0 nil_dep : natlist_dep 1 (zeroes_dep 2) = cons_dep 1 0 (cons_dep 0 0 nil_dep) : natlist_dep 2 dependent zeroes: type the type of the function: zeroes_dep : forall n : nat, natlist_dep n (new) use of the application rule: zeroesdep : foralln : nat, natlistdepn 3 : nat zeroesdep 3 : natlistdep3 function types: non-dependent and dependent length of dependent lists: definitions non-dependent function type (as before): nat -> natlist dependent function type (new): forall n : nat, natlist_dep n uniform presentation for both: forall n:nat, natlist forall n : nat, natlist_dep n an easy definition: Definition length_dep (n : nat) (l : natlist_dep n) := n. another definition: Definition length_dep_b (n : nat) (l : natlist_dep n) : nat := match l with nil_dep => 0 cons_dep n h t => S n end.

append of dependent lists: definition dependent types in Coq Fixpoint append_dep (n : nat) (k : natlist_dep n) (m : nat)(l : natlist_dep m) {struct k} : natlist_dep (n + m) := match k in (natlist_dep n) return (natlist_dep (n + m)) with nil_dep => l cons_dep p h t => cons_dep (p + m) h (append_dep p t m l) end. datatype and (data)type constructor in Set: natlist : Set natlist_dep : nat -> Set proposition and predicate ( proposition constructor ) in Prop: True : Prop even : nat -> Prop we need to compute inside types examples schema decidability O : nat : Set : Type fun x:nat x : nat nat : Set : Type nil : natlist : Set : Type nildep : natlistdep O : Set : Type natlistdep : nat Set : Type polymorphism in Coq dependent inductive data-types in Coq further reading overview overview

further reading decidability issues Girard Reynolds normalization of F type inhabitation problem (TIP) Γ? : A decidable in λ, undecidable in λp and in λ2 type checking problem (TCP) Γ P : A? decidable in λ, in λp, in λ2 type synthesis problem (TSP) or typability problem Γ P :? decidable in λ, in λp, in λ2 big projects in proof checking compcert by Xavier Leroy et al using Coq logical verification lecture 13 2015 05 21 overview four colour theorem by Georges Gonthier using Coq flyspeck project by Thomas Hales et al using HOL verificard by the Münich theorem proving group using Isabelle

Curry-Howard-De Bruijn isomorphism Curry-Howard-De Bruijn isomorphism formulas as types proofs as terms prop1 λ pred1 λp prop2 λ2 logic and lambda calculus logic formulas proofs proof rules provability proof checking types terms typing rules inhabitation type checking prop1 pred1 prop1 prop2 minimal intuitionistic classical

formulas formulas in Coq prop1 pred1 prop2 a + + + A B + + + x. B + a. B + a A B x. B a. B a A B forall x:terms, B forall a:prop, B proof rules proofs in minimal logic prop1 pred1 prop2 introduction rules and elimination rules I [x] + + + E + + + I (terms) + E (terms) + I (prop) + E (prop) +

proofs in intuitionistic logic proofs in intuitionistic logic prop1 pred1 prop2 I + + + E + + + I + + + E + + + E + + + prop1 pred1 prop2 I (terms) + E (terms) + I (prop) + E (prop) + detour logic: possible questions tautology introduction rule for a connective immediately followed by an elimination rule for the same connective correctness detours encodings in prop2

examples formulas as types in prop1 λ : A (A B) B in pred1 λp: ( x. P(x) Q(x)) P(M) Q(M) in prop2 λ2: a b. ((a b) b) a A B x. B a. B a Πx:A. B Πx:Terms. B Πa:. B proofs as terms implication introduction and abstraction B A B Γ, x : A b : B Γ A B : Γ λx : A. b : A B proof rules correspond to typing rules prop1 λ pred1 λp prop2 λ2

implication elimination and application quantification introduction and abstraction A B B A Γ P : A B Γ a : A Γ (P a) : B B x. B Γ, x : Terms b : B Γ Πa:Terms. B : Γ λa : Terms. b : Πa:Terms. B prop1 λ pred1 λp prop2 λ2 pred1 λp quantification elimination and application quantification elimination and application x. B B[x := M] Γ P : Πx:Terms. B Γ M : Terms Γ (P M) : B[x := M] a. B B[a := A] Γ P : Πa:. B Γ A : Γ (P A) : B[a := A] pred1 λp prop2 λ2

lambda calculus the lambda cube λ λp λ λ2 inductive definitions: data-types and predicates terms and simple types terms and types general A ::= a A A M ::= x λx : A. M (M M) M ::= x Πx : M. M λx : M. M (M M)

term normalization three product rules β-reduction rule: (λx : A. M) N β M[x := N] β-reduction step: application of the rule in a context β-reduction: a sequence of β-reduction steps λ, λp, λ2: Γ A : Γ, x : A B : Γ Πx:A. B : only λp: Γ A : Γ, x : A B : Γ Πx:A. B : only λ2: Γ A : Γ, x : A B : Γ Πx:A. B : lambda: possible questions decidability issues typing derivation (for λ ) terms typing rules inhabitants encodings type checking problem (TCP) Γ P : A? type inhabitation problem (TIP) Γ? : A type synthesis problem (TSP) or typability problem Γ P :?

decidability inductive datatype: example λ λp λ2 TCP + + + TIP + TSP + Inductive natlist : Set := natnil : natlist natcons : nat -> natlist -> natlist. typing following the product rule for λ : nat -> natlist -> natlist : Set family of inductive datatypes: example family of inductive datatypes: example Inductive natlist_dep : nat -> Set := nil_dep : natlist_dep 0 cons_dep : forall n : nat, nat -> natlist_dep n -> natlist_dep (S n). typing following the product rule for λp: nat -> Set : Type Inductive polylist (X : Set) : Set := polynil : polylist X polycons : X -> polylist X -> polylist X. typing following the product rule for λ2: forall X : Set, polylist X : Type

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information