‘Galculator’ Functional Prototype of a Galois-connection Based Proof Assistant João Carneiro 22/06/2012 Thematic Seminar – MAP-i.

Slides:



Advertisements
Similar presentations
ARCHITECTURES FOR ARTIFICIAL INTELLIGENCE SYSTEMS
Advertisements

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Architecture Representation
1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.
The Logic of Intelligence Pei Wang Department of Computer and Information Sciences Temple University.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
1 A Description Logic with Concrete Domains CS848 presentation Presenter: Yongjuan Zou.
Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
VIDE als voortzetting van Cocktail SET Seminar 11 september 2008 Dr. ir. Michael Franssen.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.
© Janice Regan, CMPT 102, Sept CMPT 102 Introduction to Scientific Computer Programming The software development method algorithms.
CMPT 354, Simon Fraser University, Fall 2008, Martin Ester 52 Database Systems I Relational Algebra.
Train Control Language Teaching Computers Interlocking By: J. Endresen, E. Carlson, T. Moen1, K. J. Alme, Haugen, G. K. Olsen & A. Svendsen Synthesizing.
1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
Language Specfication and Implementation - PART II: Semantics of Procedural Programming Languages Lee McCluskey Department of Computing and Mathematical.
UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.
Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space html://
©Ian Sommerville 2000Software Engineering, 6/e, Chapter 91 Formal Specification l Techniques for the unambiguous specification of software.
Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.
1 Relational Algebra and Calculus Yanlei Diao UMass Amherst Feb 1, 2007 Slides Courtesy of R. Ramakrishnan and J. Gehrke.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Formal Specification.
Copyright © Cengage Learning. All rights reserved. CHAPTER 11 ANALYSIS OF ALGORITHM EFFICIENCY ANALYSIS OF ALGORITHM EFFICIENCY.
GENERAL CONCEPTS OF OOPS INTRODUCTION With rapidly changing world and highly competitive and versatile nature of industry, the operations are becoming.
1 Relational Algebra and Calculus Chapter 4. 2 Relational Query Languages  Query languages: Allow manipulation and retrieval of data from a database.
C++ Code Analysis: an Open Architecture for the Verification of Coding Rules Paolo Tonella ITC-irst, Centro per la Ricerca Scientifica e Tecnologica
Context Tailoring the DBMS –To support particular applications Beyond alphanumerical data Beyond retrieve + process –To support particular hardware New.
Speaking Bluntly about SharpHDL: Some Old Stuff and Some Other Proposed Future Extensions Gordon J. Pace & Christine Vella Synchron’05 Malta, November.
Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.
A Z Approach in Validating ORA-SS Data Models Scott Uk-Jin Lee Jing Sun Gillian Dobbie Yuan Fang Li.
MATH 224 – Discrete Mathematics
An Introduction to Design Patterns. Introduction Promote reuse. Use the experiences of software developers. A shared library/lingo used by developers.
Copyright 2002 Prentice-Hall, Inc. Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey F. George Joseph S. Valacich Chapter 20 Object-Oriented.
Architecture styles Pipes and filters Object-oriented design Implicit invocation Layering Repositories.
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
An Algebra for Composing Access Control Policies (2002) Author: PIERO BONATTI, SABRINA DE CAPITANI DI, PIERANGELA SAMARATI Presenter: Siqing Du Date:
Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.
CSC 580 – Theory of Programming Languages, Spring, 2009 Week 9: Functional Languages ML and Haskell, Dr. Dale E. Parson.
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
Chapter 18 Object Database Management Systems. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc. All rights reserved. Outline Motivation for object.
1 Relational Algebra and Calculas Chapter 4, Part A.
Propositional Calculus CS 270: Mathematical Foundations of Computer Science Jeremy Johnson.
1. 2 Preface In the time since the 1986 edition of this book, the world of compiler design has changed significantly 3.
Programming Languages and Design Lecture 3 Semantic Specifications of Programming Languages Instructor: Li Ma Department of Computer Science Texas Southern.
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.
Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.
International Conference on Fuzzy Systems and Knowledge Discovery, p.p ,July 2011.
Review of Parnas’ Criteria for Decomposing Systems into Modules Zheng Wang, Yuan Zhang Michigan State University 04/19/2002.
Plan 1.Introduction a)What is a Program Fault? b)Deterministic/Non-Deterministic Programs 2.A Refinement Calculus 3.Relative Correctness for Non Deterministic.
Chapter 18 Object Database Management Systems. Outline Motivation for object database management Object-oriented principles Architectures for object database.
Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.
CS104:Discrete Structures Chapter 2: Proof Techniques.
1 An infrastructure for context-awareness based on first order logic 송지수 ISI LAB.
FUNCTIONAL PROGRAMING AT WORK - HASKELL AND DOMAIN SPECIFIC LANGUAGES Dr. John Peterson Western State Colorado University.
June 21, Reasoning about explicit strictness in a lazy language using mixed lazy/strict semantics Marko van Eekelen Maarten de Mol Nijmegen University,
 Description of Inheritance  Base Class Object  Subclass, Subtype, and Substitutability  Forms of Inheritance  Modifiers and Inheritance  The Benefits.
The PLA Model: On the Combination of Product-Line Analyses 강태준.
Chapter 7. Propositional and Predicate Logic
System Design and Modeling
Logical architecture refinement
Lec 3: Object-Oriented Data Modeling
Chapter 20 Object-Oriented Analysis and Design
CIS601: Object-Oriented Programming in C++
Chapter 7. Propositional and Predicate Logic
Programming from Galois Connections
Copyright © Cengage Learning. All rights reserved.
OBJ first-order functional language based on equational logic
Presentation transcript:

‘Galculator’ Functional Prototype of a Galois-connection Based Proof Assistant João Carneiro 22/06/2012 Thematic Seminar – MAP-i

Outline Introduction Contextualization Galculator Related Work Conclusions João Carneiro 22/06/2012 Thematic Seminar MAP-i 2

Introduction Software correctness Ambitious challenge Augment confidence in programs written Eg. Formal and Informal techniques The success of each of these methods varies greatly but there seems to be evidence that success is proportional to tool support (Jackson, 2006). Logic based approaches Advantages Benefit from the help of theorem provers in the conduction of proofs Using annotations and tools, programs can be verified and formal proof obligations be discharged Disadvantages There are theoretical limits imposed by the undecidability of general predicate calculus João Carneiro 22/06/2012 Thematic Seminar MAP-i 3

Introduction Haskell function: This function computed whole division, for non-negative x and positive y To prove the correctness (we can use a standard proof: eg. Structural induction, fixpoint induction) BUT What we have above is code – Where is the specification? In literature we can find at least two definitions: one implicit João Carneiro 22/06/2012 Thematic Seminar MAP-i 4

Introduction and the other explicit The following Galois connection (Ore 1944) arises from the last definition: And another important Galois connection is (cancellation): Which explains subtraction over the integers (another operator used in the algorithm) João Carneiro 22/06/2012 Thematic Seminar MAP-i 5

Introduction We can put these two connections together by restricting (3) to non-negative integers, keeping y ≠ 0. We reason: João Carneiro 22/06/2012 Thematic Seminar MAP-i 6

Introduction We conclude that the two expressions are the same: This simple (non inductive) proof shows the calculational power of Galois connections operated via indirect equality, which are applicable to arbitrarily complex problem domains. Galculator does not intend to be a classical theorem prover (TP) because it is not usable in arbitrary proofs: only in those where adjoint operators of Galois connections participate. However, it can be very useful when used together with a “host” TP such as e.g. Coq (Bertot and Casté́ran 2004). João Carneiro 22/06/2012 Thematic Seminar MAP-i 7

Contextualization One of the keys to functional programming is the ability to compose functions to create new functions. Haskell Used to implement the Galculator prototype Purely functional programming language Statically typed (types are checked at compile-time) Lazy evaluation Polymorphic (parametric and ad hoc polymorphism) Allows Shorter, clearer, and more maintainable code João Carneiro 22/06/2012 Thematic Seminar MAP-i 8

Contextualization Haskell Monad Structure that represents computations Consists of a type constructor m and two operations, bind (>>=) and return Used to deal with computations such as: I/O; common environment or state; preprocessing of computations (simplification, optimization etc.) Available via standard type class Monad: João Carneiro 22/06/2012 Thematic Seminar MAP-i 9

Contextualization Haskell Monad (cont.) Every instance shall obey the monadic laws: Haskell MonadPlus & MonadOr Used in Galculator Provide mzero operator for modeling failure MonadPlus Uses mplus operator, which obeys to the left-distribution law: Backtracking behavior, where all the possible combinations are tried João Carneiro 22/06/2012 Thematic Seminar MAP-i 10

Contextualization Haskell MonadPlus & MonadOr (cont.) MonadOr Defines a morelse operator which obeys the left catch law: The second argument is only tried if the first one fails Galois connections Particular correspondence between two partially ordered sets (posets), preordered sets or classes Let (A, ≤) and (B, ≤) be two partially ordered sets. A Galois connection between these posets consists of two monotone functions: F : A → B and G : B → A, such that for all a in A and b in B, we have F(a) ≤ b if and only if a ≤ G(b) João Carneiro 22/06/2012 Thematic Seminar MAP-i 11

Contextualization Galois connections (cont.) Essence of the Galculator Given two preordered sets (A, ) and (B, ) and two functions and, the pair (f, g) is a Galois connection if and only if, for all a ϵ A and b ϵ B: João Carneiro 22/06/2012 Thematic Seminar MAP-i 12

Contextualization Galois connections (cont.) Function f (resp. g) is referred to as the lower adjoint (resp. upper adjoint) of the connection Represents the source domain of the lower adjoint on the left The arrow notation emphasizes the categorical structure of Galois connections Once a concept is identified as adjoint of a Galois connection, all generic properties are inherited, even when the other adjoint is not known Galois connections build up on top of themselves thanks to a number of combinators which enable the construction of new connections out of existing ones João Carneiro 22/06/2012 Thematic Seminar MAP-i 13

Contextualization Pointfree transform The overall operation of the Galculator is based on transforming and rewriting terms involving adjoints of Galois connections Care must be taken when rewriting terms: free and bound variables make substitutions tricky This complexity can be overcome by transforming variable-level logical formulæ into pointfree formulæ involving binary relations only Once PF-transformed, formulæ involve binary relations only (R, S, etc) and relational composition (R S) becomes the main “glue” among terms: João Carneiro 22/06/2012 Thematic Seminar MAP-i 14

Contextualization João Carneiro 22/06/2012 Thematic Seminar MAP-i 15

Galculator Prototype of a proof assistant of special brand João Carneiro 22/06/2012 Thematic Seminar MAP-i 16

Galculator João Carneiro 22/06/2012 Thematic Seminar MAP-i 17

Galculator João Carneiro 22/06/2012 Thematic Seminar MAP-i 18

Galculator João Carneiro 22/06/2012 Thematic Seminar MAP-i 19

Galculator Galois connection is the main block 1.Galculator combines the Galois connections to create new connections from the existing ones 2.From each Galois connection, Galculator derives its properties as given in last table 3.From this properties together with laws from relation algebra and algebraic properties of the particular domain of the problem being solved, form the set of laws of the system In ordem to represent all these concepts several embedded domain specific languages were defined (DSLs) João Carneiro 22/06/2012 Thematic Seminar MAP-i 20

Galculator Galculator proofs are transformations of the abstract representation of the equality being proved. These transformations are made according to the equalities enabled by the laws of the system Laws are objects arising from the theoretical level; they can- not be applied to representations 4.A mechanism is defined for deriving functional applications of the available laws in the form of rewrite rules 5.The application of such rules is performed by a strategic term rewrite system (TRS) Basic rewrite strategies can be combined in order to build more complex ones, according to the complexity of the problem João Carneiro 22/06/2012 Thematic Seminar MAP-i 21

Galculator Architecture Interpreter: The command line provides for interactive user interfacing Parser: Several domain specific languages (DSLs) are available in order to express the concepts in use Type inference: The system supports parametric polymorphism Term rewriting system: The core of Galculator is its term rewriting system (TRS) Property inference: This component derives the properties stated in last Table from the starting specification and adds them to the system João Carneiro 22/06/2012 Thematic Seminar MAP-i 22

Related Work Galois connections in Coq This work combines Galois connections and Coq (Pichardie, 2005) Developed in the context of work on abstract interpretation where adjoints are defined over complete lattices Proofs of the general properties that Galois connections enjoy are defined in order to be executed in Coq, however, Galois connection algebra is not exploited in order to combine existing connections nor is it applied to proofs This work in a sense complements the Galculator approach since it can discharge proof obligations about adjoints prior to loading these into the system 2LT 2LT is aimed at schema transformation of both data and migration functions in a type safe manner Further developments deal with calculating data retrieving functions in the context of data schema evolution and invariant preservation through data refinement Galculator representation technique and the rewriting strategies implemented were mostly influenced by this system João Carneiro 22/06/2012 Thematic Seminar MAP-i 23

Related Work PF-ESC A tool which performs pointfree extended static checking (Necco et al. 2007) Uses the relation calculus to simplify PF-transformed proof obligations and Galois connections are used implicitly in the underlying calculus The PF-ESC representation uses properties to classify relations while the Galculator uses the type representation itself Advantage: the system is more flexible Disadvantage: predicate functions which calculate the properties of expressions are required in order to apply certain transformations. This makes the system not extensible because rewrite equations must be hard-wired into functions João Carneiro 22/06/2012 Thematic Seminar MAP-i 24

Related Work Proof processor system Tool developed in Haskell Use the calculation approach proposed by Dijkstra and Scholten in teaching discrete maths Was based in the E logical calculus to exploit quational proofs written in Z notation (Spivey, 1989) The system helps the user by detecting errors in proofs and suggesting valid deductive steps. Unlike Galculator, this system does not provide type support and does not use Galois connections as a building block of the calculus implemented. João Carneiro 22/06/2012 Thematic Seminar MAP-i 25

Conclusions The Galculator is a proof assistant which implements an innovative approach to theorem proving, different from what is traditional in the field. The way how Galculator was developed in Haskell was presented. The Galculator turns in the first proof engine ever to combine and calculate directly with PF-transformed Galois connections. The prototype proposed is a non-trivial illustration of the power of functional programming advanced features or building prototypes of complex systems. This prototype uses an own rewriting system instead of using another rewriting engine. João Carneiro 22/06/2012 Thematic Seminar MAP-i 26

João Carneiro 22/06/2012 Thematic Seminar MAP-i 27 Questions?