Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.

Published byTimothy Bridgford Modified over 9 years ago

Similar presentations

Presentation on theme: "Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei."— Presentation transcript:

1 Proofs and Programs Wei Hu 11/01/2007

2 Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei Hu2

3 Motivation - Why Learn Coq  Helps understand PL theory better  Good for CS615 (sadly, not quals)  Coq is becoming popular  People rethinking trusted software  Functional programming is gaining attention  Has been used to  Prove mathematical theorems  Specify hardware  Recently, papers being published for  Operating systems  Compilers 3Wei Hu

4 Coq is an Interactive Theorem Prover  Two types of theorem provers  Automated TP  Simplify, CVC, …  Interactive TP (aka, Proof Assistants)  Coq, PVS, ACL2, HOL, Isabelle, Twelf, NuPRL, Agda  Coq’s highlights  Higher-order intuitionistic logic  Higher-order type theory  Embedded functional programming language  Goal transformation through tactics  Mainly works interactively, with limited support of automation to discharge trivial propositions 4Wei Hu

5 Coq as a Programming Language  ML-like Fixpoint is_even (n:nat) : bool := match n with | 0 => true | 1 => false | S (S n') => is_even n’ end. Eval compute in is_even 3. Let’s try it out!  Restrictions  No side effects  No non-terminating programs (to avoid inconsistency) 5Wei Hu

6 Program Extraction Fixpoint is_even (n:nat) : bool := match n with | 0 => true | 1 => false | S (S n') => is_even n’ end. let rec is_even = function | O -> True | S n0 -> (match n0 with | O -> False | S n' -> is_even n') is_even n = case n of O -> True S n0 -> (case n0 of O -> False S n' -> is_even n') OCaml Coq Haskell 6Wei Hu

7 Nothing Is Built-in! Inductive bool : Set := | true : bool | false : bool. Inductive nat : Set := | O : nat | S : nat -> nat. type bool = | True | False type nat = | O | S of nat data Bool = True | False data Nat = O | S Nat OCaml Coq (theories/Init/Datatypes.v) Haskell 7Wei Hu

8 Simply Typed Lambda Calculus  Type  Base types: nat, bool, …  Function types: nat->nat, nat->bool, …  Term  Variables: x, y, z  Abstractions: x: T1. t2  Applications: M N  Environment (  )  Gives typing for variables 8Wei Hu

9 Typing Rules , x: T1 |- t2 : T2  |- x: T1. t2 : T1 -> T2 (Abs)  |- x : T (Var) x : T    |- t2 : T11  |- t1 t2 : T12 (App)  |- t1 : T11 -> T12 The typing rules work equally well in logic! 9Wei Hu

10 Curry-Howard Isomorphism  Propositions = Types  Proofs (inhabit Props) = Programs (inhabit Sets)  Proof tactics = Program constructs  So what?  Proof checking now becomes type checking (can be undecidable if non-termination is allowed)  Programs and proofs are organically unified  Why is it hard to prove something?  Unlike general programming, we are doing type-level programming  In other words, we are constructing programs for a given type  Tactics help with the construction 10Wei Hu

11 C-H at Work Section example1. Hypothesis A B : Prop. Hypothesis C : B -> A. Lemma Var : B -> A. exact C. Qed. Lemma Abs : A -> A. intros. exact H. Qed. Lemma App : A -> (A -> B) -> B. intros. apply H0. exact H. Qed. , x: T1 |- t2 : T2  |- x: T1. t2 : T1 -> T2  |- x : T x : T    |- t2 : T11  |- t1 t2 : T12  |- t1 : T11 -> T12 function or implication? 11Wei Hu

12 Type-centric View  -> is primitive, others not  theories/Init/Logic.v Inductive True : Prop := I : True. Inductive False : Prop :=. Definition not (A:Prop) := A -> False. Inductive and (A B:Prop) : Prop := conj : A -> B -> A /\ B. Inductive or (A B:Prop) : Prop := | or_introl : A -> A \/ B | or_intror : B -> A \/ B. 12Wei Hu BHK Interpretation (Brouwer-Heyting- Kolmogorov)

13 Intuitionistic (Constructive) Logic vs. Classical Logic  A set of equivalent axioms missing in IL  Law of excluded middle: P ∨ ~P  Double negation rule: ~~P → P  Peirce’s Law: ((P → Q) → P) → P  The correspondence between call/cc and Pierce’s Law  See Coq FAQ #30 “What axioms can be safely added to Coq?”  CL takes a denotational view  Assigns to every variable a value ( true or false )  Builds truth tables for primitive operations /\ ∨ ~  (P -> Q) ≡ (~P ∨ Q ) Wei Hu13

14 Polymorphism and Universal Quantification  Parametric polymorphism  You have been using it all the time!  Polymorphic functions  Definition id := fun (X : Set) (x : X) => x.  Check id. id : forall X : Set, X -> X.  Polymorphic data types (e.g., lists)  Universal quantification  Lemma refl : forall P : Prop, P -> P. intros. apply H. Qed.  Print refl. refl = fun (P : Prop) (H : P) => H : forall P : Prop, P -> P 14Wei Hu

15 Dependent Types  Type systems in ML-like languages are just not expressive enough  We want to specify propositions like ∀ n:nat, n ≤ n The result type ( n ≤ n ) depends on arguments ( n )  We generalize arrows (A -> B, or λx:A. B) to dependent products (∏x:A. B) where B is dependent on x.  In Coq:  forall n:nat, n<=n  forall m n: nat, m + n = n + m 15Wei Hu

16 Dependent Types  Compatibility with non-dependent product  The type of a function that builds a pair: forall (A B:Set) (a:A) (b:B), A*B forall A B : Set, A -> B -> A * B  Defining existential  ∀ x, (P x -> ∃ x, P x)  Dependent sums  Dependent types in programming  Epigram (http://www.e-pig.org/)http://www.e-pig.org/  Ynot (http://www.eecs.harvard.edu/~greg/ynot.html)http://www.eecs.harvard.edu/~greg/ynot.html  Concoqtion (http://www.metaocaml.org/concoqtion/)http://www.metaocaml.org/concoqtion/  Omega (http://web.cecs.pdx.edu/~sheard/)http://web.cecs.pdx.edu/~sheard/  ATS (http://www.cs.bu.edu/~hwxi/ATS/)http://www.cs.bu.edu/~hwxi/ATS/ Wei Hu16

17 Polymorphism vs. Dependent Types  Polymorphism  Terms can take types as arguments  Dependent types  Types can take terms as arguments  Inductive types and predicates  Generalization of conventional user-defined data types  We are talking about parameterized data types (e.g. vector n ) and propositions (e.g. m <= n ) Wei Hu17

18 Conclusions  We talked about type theory  Curry-Howard correspondence is cool  Dependent types matter *  We did not cover common proof techniques  Proof by induction  Use of tactics and tacticals * T. Altenkirch, C. McBride, and J. McKinna, “Why Dependent Types Matter” Wei Hu18

19 How to Learn Coq?  Resources (for beginners)  http://www.cs.virginia.edu/~wh5a/coq.html  Hardest parts (IMO)  Design/Formalization  Combination of tactics  Tools are getting better, but still hard  What’s the next breakthrough? 19Wei Hu

Download ppt "Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei."

Similar presentations

Programmed Strategies for Program Verification Richard B. Kieburtz OHSU/OGI School of Science and Engineering and Portland State University.

Programmed Strategies for Program Verification Richard B. Kieburtz OHSU/OGI School of Science and Engineering and Portland State University.
Types and Programming Languages Lecture 13 Simon Gay Department of Computing Science University of Glasgow 2006/07.

Types and Programming Languages Lecture 13 Simon Gay Department of Computing Science University of Glasgow 2006/07.
Types and Programming Languages Lecture 7 Simon Gay Department of Computing Science University of Glasgow 2006/07.

Types and Programming Languages Lecture 7 Simon Gay Department of Computing Science University of Glasgow 2006/07.
In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows.

In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows.
PROOF BY CONTRADICTION

PROOF BY CONTRADICTION
Static and User-Extensible Proof Checking Antonis StampoulisZhong Shao Yale University POPL 2012.

Static and User-Extensible Proof Checking Antonis StampoulisZhong Shao Yale University POPL 2012.
Techniques for Proving the Completeness of a Proof System Hongseok Yang Seoul National University Cristiano Calcagno Imperial College.

Techniques for Proving the Completeness of a Proof System Hongseok Yang Seoul National University Cristiano Calcagno Imperial College.
Type Checking, Inference, & Elaboration CS153: Compilers Greg Morrisett.

Type Checking, Inference, & Elaboration CS153: Compilers Greg Morrisett.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
1 Dependent Types for Termination Verification Hongwei Xi University of Cincinnati.

1 Dependent Types for Termination Verification Hongwei Xi University of Cincinnati.
Models and Propositional Logic In propositional logic, a model in general simply fixes the truth value – true or false – for every proposition symbol.

Models and Propositional Logic In propositional logic, a model in general simply fixes the truth value – true or false – for every proposition symbol.
ML: a quasi-functional language with strong typing Conventional syntax: - val x = 5; (*user input *) val x = 5: int (*system response*) - fun len lis =

ML: a quasi-functional language with strong typing Conventional syntax: - val x = 5; (*user input *) val x = 5: int (*system response*) - fun len lis =
CS 355 – Programming Languages

CS 355 – Programming Languages
What’s left in the course. The course in a nutshell Logics Techniques Applications.

What’s left in the course. The course in a nutshell Logics Techniques Applications.
ML: a quasi-functional language with strong typing Conventional syntax: - val x = 5; (*user input *) val x = 5: int (*system response*) - fun len lis =

ML: a quasi-functional language with strong typing Conventional syntax: - val x = 5; (*user input *) val x = 5: int (*system response*) - fun len lis =
Syllabus Every Week: 2 Hourly Exams +Final - as noted on Syllabus

Syllabus Every Week: 2 Hourly Exams +Final - as noted on Syllabus
Proofs are Programs: 19th Century Logic and 21st Century Computing CS 510: Programming Languages (a talk adapted from Philip Wadler)

Proofs are Programs: 19th Century Logic and 21st Century Computing CS 510: Programming Languages (a talk adapted from Philip Wadler)
So far we have learned about:

So far we have learned about:
Administrative stuff On Thursday, we will start class at 11:10, and finish at 11:55 This means that each project will get a 10 minute presentation + 5.

Administrative stuff On Thursday, we will start class at 11:10, and finish at 11:55 This means that each project will get a 10 minute presentation + 5.
Towards a HOL Framework for the Deductive Analysis of Hybrid Control Systems ADPM’2000 Norbert Völker University of Essex, England.

Towards a HOL Framework for the Deductive Analysis of Hybrid Control Systems ADPM’2000 Norbert Völker University of Essex, England.

Similar presentations

Ads by Google