Upcoming SlideShare
×

# On the Design of a Galculator

460 views

Published on

Presented at CIC09, Braga, Portugal in May 7-8, 2009.

0 Likes
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

• Be the first to like this

Views
Total views
460
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
3
0
Likes
0
Embeds 0
No embeds

No notes for slide

### On the Design of a Galculator

1. 1. On the design of a Galculator Paulo Silva Departamento de Informática Universidade do Minho Braga, Portugal Third Joint Research Workshop on Coinduction, Interaction and Composition May 7 – 8, 2009 Braga LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 1 / 29
2. 2. Outline Outline 1 Introduction Motivation Objectives 2 Theoretical background Indirect equality Galois connections Point-free transform 3 Galculator 4 Conclusion Conclusion Future work LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 2 / 29
3. 3. Introduction Outline 1 Introduction Motivation Objectives 2 Theoretical background Indirect equality Galois connections Point-free transform 3 Galculator 4 Conclusion Conclusion Future work LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 3 / 29
4. 4. Introduction Motivation Software correctness Current approaches Software correctness is an ambitious challenge Logic based approaches beneﬁt from the help of theorem provers Sometimes proofs are hindered by the theory It is not always easy to devise the correct strategy Alternatives Sometimes algebraic approaches are possible Algebras “abstract” the underlying logic Proofs become more syntactic Galois connections can play an important role Paulo Silva (UMinho) On the design of a Galculator LogoDI2 CIC’09 4 / 29
5. 5. Introduction Motivation Whole division implementation Haskell code x ‘div ‘ y | x < y = 0 | x y = (x − y ) ‘div ‘ y + 1 for non-negative x and positive y . This is the code. Where is the speciﬁcation? LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 5 / 29
6. 6. Introduction Motivation Whole division speciﬁcation Implicit deﬁnition c =x ÷y ⇔ ∃r : 0 r <y : x =c×y +r Explicit deﬁnition x ÷y = z :: z × y x Galois connection z ×y x ⇔ z x ÷y (y > 0) LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 6 / 29
7. 7. Introduction Motivation Whole division speciﬁcation Implicit deﬁnition c =x ÷y ⇔ ∃r : 0 r <y : x =c×y +r Explicit deﬁnition x ÷y = z :: z × y x Galois connection z ×y x ⇔ z x ÷y (y > 0) LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 6 / 29
8. 8. Introduction Motivation Whole division speciﬁcation Implicit deﬁnition c =x ÷y ⇔ ∃r : 0 r <y : x =c×y +r Explicit deﬁnition x ÷y = z :: z × y x Galois connection z ×y x ⇔ z x ÷y (y > 0) LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 6 / 29
9. 9. Introduction Motivation Whole division Speciﬁcation vs. Implementation We can verify if the implementation meets the speciﬁcation. We can calculate the implementation from the speciﬁcation. Another useful Galois connection a−b =c ⇔ a=c+b a−b c ⇔ a c+b LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 7 / 29
10. 10. Introduction Motivation Whole division Speciﬁcation vs. Implementation We can verify if the implementation meets the speciﬁcation. We can calculate the implementation from the speciﬁcation. Another useful Galois connection a−b =c ⇔ a=c+b a−b c ⇔ a c+b LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 7 / 29
11. 11. Introduction Motivation Proof. z ⇔ x ÷y { z ×y z ×y ⇔ x ⇔ z x ÷ y assuming x x { cancellation, thanks to a − b z ×y −y ⇔ 0, y > 0 } c⇔a c+b } x −y { distributivity } (z − 1) × y ⇔ { z ×y z −1 ⇔ x ⇔ z x ÷ y assuming x y} (x − y ) ÷ y { a−b z x −y c⇔a c+b } (x − y ) ÷ y + 1 LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 8 / 29
12. 12. Introduction Motivation Proof. z ⇔ x ÷y { z ×y z ×y ⇔ x ⇔ z x ÷ y assuming x x { cancellation, thanks to a − b z ×y −y ⇔ 0, y > 0 } c⇔a c+b } x −y { distributivity } (z − 1) × y ⇔ { z ×y z −1 ⇔ x ⇔ z x ÷ y assuming x y} (x − y ) ÷ y { a−b z x −y c⇔a c+b } (x − y ) ÷ y + 1 LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 8 / 29
13. 13. Introduction Motivation Proof. z ⇔ x ÷y { z ×y z ×y ⇔ x ⇔ z x ÷ y assuming x x { cancellation, thanks to a − b z ×y −y ⇔ 0, y > 0 } c⇔a c+b } x −y { distributivity } (z − 1) × y ⇔ { z ×y z −1 ⇔ x ⇔ z x ÷ y assuming x y} (x − y ) ÷ y { a−b z x −y c⇔a c+b } (x − y ) ÷ y + 1 LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 8 / 29
14. 14. Introduction Motivation Proof. z ⇔ x ÷y { z ×y z ×y ⇔ x ⇔ z x ÷ y assuming x x { cancellation, thanks to a − b z ×y −y ⇔ 0, y > 0 } c⇔a c+b } x −y { distributivity } (z − 1) × y ⇔ { z ×y z −1 ⇔ x ⇔ z x ÷ y assuming x y} (x − y ) ÷ y { a−b z x −y c⇔a c+b } (x − y ) ÷ y + 1 LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 8 / 29
15. 15. Introduction Motivation Proof. z ⇔ x ÷y { z ×y z ×y ⇔ x ⇔ z x ÷ y assuming x x { cancellation, thanks to a − b z ×y −y ⇔ 0, y > 0 } c⇔a c+b } x −y { distributivity } (z − 1) × y ⇔ { z ×y z −1 ⇔ x ⇔ z x ÷ y assuming x y} (x − y ) ÷ y { a−b z x −y c⇔a c+b } (x − y ) ÷ y + 1 LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 8 / 29
16. 16. Introduction Motivation Proof. z ⇔ x ÷y { z ×y z ×y ⇔ x ⇔ z x ÷ y assuming x x { cancellation, thanks to a − b z ×y −y ⇔ 0, y > 0 } c⇔a c+b } x −y { distributivity } (z − 1) × y ⇔ { z ×y z −1 ⇔ x ⇔ z x ÷ y assuming x y} (x − y ) ÷ y { a−b z x −y c⇔a c+b } (x − y ) ÷ y + 1 LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 8 / 29
17. 17. Introduction Motivation Proof. z ⇔ x ÷y { z ×y z ×y ⇔ x ⇔ z x ÷y } x { transitivity, since x < y } z ×y ⇔ x ∧ z ×y <y { since y = 0 } z ×y ⇔ { z z x ∧ z 0 0 entails z × y x, since 0 x } 0 LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 9 / 29
18. 18. Introduction Motivation Proof. z ⇔ x ÷y { z ×y z ×y ⇔ x ⇔ z x ÷y } x { transitivity, since x < y } z ×y ⇔ x ∧ z ×y <y { since y = 0 } z ×y ⇔ { z z x ∧ z 0 0 entails z × y x, since 0 x } 0 LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 9 / 29
19. 19. Introduction Motivation Proof. z ⇔ x ÷y { z ×y z ×y ⇔ x ⇔ z x ÷y } x { transitivity, since x < y } z ×y ⇔ x ∧ z ×y <y { since y = 0 } z ×y ⇔ { z z x ∧ z 0 0 entails z × y x, since 0 x } 0 LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 9 / 29
20. 20. Introduction Motivation Proof. z ⇔ x ÷y { z ×y z ×y ⇔ x ⇔ z x ÷y } x { transitivity, since x < y } z ×y ⇔ x ∧ z ×y <y { since y = 0 } z ×y ⇔ { z z x ∧ z 0 0 entails z × y x, since 0 x } 0 LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 9 / 29
21. 21. Introduction Motivation Proof. z ⇔ x ÷y { z ×y z ×y ⇔ x ⇔ z x ÷y } x { transitivity, since x < y } z ×y ⇔ x ∧ z ×y <y { since y = 0 } z ×y ⇔ { z z x ∧ z 0 0 entails z × y x, since 0 x } 0 LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 9 / 29
22. 22. Introduction Objectives Objectives Galculator Build a proof assistant based on Galois connections, their algebra and associated tactics LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 10 / 29
23. 23. Theoretical background Outline 1 Introduction Motivation Objectives 2 Theoretical background Indirect equality Galois connections Point-free transform 3 Galculator 4 Conclusion Conclusion Future work LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 11 / 29
24. 24. Theoretical background Indirect equality Indirect inequality Deﬁnition (Indirect inequality) a b ⇔ ∀ x :: x a⇒x b a b ⇔ ∀ x :: b x ⇒a x LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 12 / 29
25. 25. Theoretical background Indirect equality Proof. a=b ⇔ { Anti-symmetry } a ⇔ b∧b a { Indirect inequality } ∀ x :: x ⇔ a⇒x b ∧ ∀ x :: x b⇒x a { Rearranging quantiﬁers } ∀ x :: x ⇔ a⇒x b∧x b⇒x a { Mutual implication } ∀ x :: x a⇔x b LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 13 / 29
26. 26. Theoretical background Indirect equality Proof. a=b ⇔ { Anti-symmetry } a ⇔ b∧b a { Indirect inequality } ∀ x :: x ⇔ a⇒x b ∧ ∀ x :: x b⇒x a { Rearranging quantiﬁers } ∀ x :: x ⇔ a⇒x b∧x b⇒x a { Mutual implication } ∀ x :: x a⇔x b LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 13 / 29
27. 27. Theoretical background Indirect equality Proof. a=b ⇔ { Anti-symmetry } a ⇔ b∧b a { Indirect inequality } ∀ x :: x ⇔ a⇒x b ∧ ∀ x :: x b⇒x a { Rearranging quantiﬁers } ∀ x :: x ⇔ a⇒x b∧x b⇒x a { Mutual implication } ∀ x :: x a⇔x b LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 13 / 29
28. 28. Theoretical background Indirect equality Proof. a=b ⇔ { Anti-symmetry } a ⇔ b∧b a { Indirect inequality } ∀ x :: x ⇔ a⇒x b ∧ ∀ x :: x b⇒x a { Rearranging quantiﬁers } ∀ x :: x ⇔ a⇒x b∧x b⇒x a { Mutual implication } ∀ x :: x a⇔x b LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 13 / 29
29. 29. Theoretical background Indirect equality Proof. a=b ⇔ { Anti-symmetry } a ⇔ b∧b a { Indirect inequality } ∀ x :: x ⇔ a⇒x b ∧ ∀ x :: x b⇒x a { Rearranging quantiﬁers } ∀ x :: x ⇔ a⇒x b∧x b⇒x a { Mutual implication } ∀ x :: x a⇔x b LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 13 / 29
30. 30. Theoretical background Indirect equality Indirect equality Deﬁnition (Indirect equality) a=b ⇔ ∀ x :: x a⇔x b a=b ⇔ ∀ x :: a x ⇔b x LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 14 / 29
31. 31. Theoretical background Galois connections Galois connections Deﬁnition (Galois connection) Given two preordered sets (A, A ) and (B, B ) and two functions g f Bo A and A o B , the pair (f , g) is a Galois connection if and only if, for all a ∈ A and b ∈ B: f a B b ⇔ a A gb Graphical notation A Al f g ,
32. 32. B B or (A, A) o (f ,g) (B, B) LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 15 / 29
33. 33. Theoretical background Galois connections Properties Property f a Bb⇔a Agb a A a ⇒f a B f a b B b ⇒g b A g b a A g (f a) f (g b) B b f (g (f a)) = f a g (f (g b)) = g b g (b B b ) = g b A g b f (a A a ) = f a B f a g B= A f ⊥A = ⊥B Description “Shunting rule” Monotonicity (LA) Monotonicity (UA) Lower cancellation Upper cancellation Semi-inverse Semi-inverse Distributivity (UA over meet) Distributivity (LA over join) Top-preservation (UA) Bottom-preservation (LA) LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 16 / 29
34. 34. Theoretical background Galois connections Galois connections — Algebra Identity connection (A, A) o (id,id) (A, A) Composition if (A, ) o (f ,g) (B, ) and (B, ) o (h,k ) (h◦f ,g ◦k ) (C, ) then (A, ) o (C, ) Composition is associative and the identity is its unit. Galois connections form a category. LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 17 / 29
35. 35. Theoretical background Galois connections Galois connections — Algebra Converse if (A, ) o (f ,g) (B, ) then (B, ) o (g,f ) (A, ) Relator For every relator F if (A, ) o (f ,g) (B, ) then (FA, F (F f ,F g) )o (FB, F ) LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 18 / 29
36. 36. Theoretical background Point-free transform Logic vs. algebra Logic Propositional logic Intuitionistic propositional logic Predicate logic Algebra Boolean algebra Heyting algebra ?? LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 19 / 29
37. 37. Theoretical background Point-free transform Relation algebras Extension of Boolean algebras Original work of De Morgan, Peirce and Schröder Further developed by Tarski in his attempt to formalize set theory without variables Amenable for syntactic manipulation Only one inference rule is needed: substitution of equals by equals Equational reasoning LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 20 / 29
38. 38. Theoretical background Point-free transform Relation algebras Extension of Boolean algebras Original work of De Morgan, Peirce and Schröder Further developed by Tarski in his attempt to formalize set theory without variables Amenable for syntactic manipulation Only one inference rule is needed: substitution of equals by equals Equational reasoning LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 20 / 29
39. 39. Theoretical background Point-free transform Fork algebras Limitation of relation algebras Relations algebras can express ﬁrst-order predicates with at most three variables Fork algebras Extend relation algebras with a pairing operator Equivalent in expressive and deductive power to ﬁrst-order logic LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 21 / 29
40. 40. Theoretical background Point-free transform Fork algebras Limitation of relation algebras Relations algebras can express ﬁrst-order predicates with at most three variables Fork algebras Extend relation algebras with a pairing operator Equivalent in expressive and deductive power to ﬁrst-order logic LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 21 / 29
41. 41. Theoretical background Point-free transform Point-free transform summary Pointwise ¬(bRa) bRa ∧ bSa bSa ∨ bSa True False b=a aRb ∃ c :: bRc ∧ cSa ∀ x :: xRb ⇒ xSa ∀ x :: aRx ⇒ bSx bRa ∧ cSa bRa ∧ dSc ∀ a, b :: bRa ⇒ bSa ∀ a, b :: bRa ⇔ bSa Paulo Silva (UMinho) Pointfree b(¬R)a b(R ∩ S)a b(R ∪ S)a b a b⊥a b id a bR ◦ a b(R ◦ S)a b(R S)a b(S/R)a (b, c) R, S a (b, d)(R × S)(a, c) R⊆S R=S On the design of a Galculator LogoDI2 CIC’09 22 / 29
42. 42. Theoretical background Point-free transform Point-free deﬁnitions Deﬁnition (Galois connection) f◦ ◦ B = A ◦ g Deﬁnition (Indirect equality) f =g f =g ⇔ ⇔ ◦ f ◦ ◦ f = =g ◦ ◦ g ◦ LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 23 / 29
43. 43. Galculator Outline 1 Introduction Motivation Objectives 2 Theoretical background Indirect equality Galois connections Point-free transform 3 Galculator 4 Conclusion Conclusion Future work LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 24 / 29
44. 44. Galculator Design Principles Combine GC Derive Laws Relation algebra Derive Properties Derive Theory domain Derive Rules TRS Strategies Combine Paulo Silva (UMinho) On the design of a Galculator LogoDI2 CIC’09 25 / 29
45. 45. Conclusion Outline 1 Introduction Motivation Objectives 2 Theoretical background Indirect equality Galois connections Point-free transform 3 Galculator 4 Conclusion Conclusion Future work LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 26 / 29
46. 46. Conclusion Conclusion Conclusion Proof assistant prototype based on Galois connections Innovative approach Combination of Galois connections and point-free calculus Non-trivial example of the application of distinctive features of functional languages Generalized algebraic data types Existential data types Combinatorial approaches (parsing, rewriting) Support for embedded domain speciﬁc languages Computations as monads Higher-order functions New: Polymorphic type representation with uniﬁcation ... LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 27 / 29
47. 47. Conclusion Future work Future work Automated proofs Free-theorems Integration with host theorem provers (e.g., Coq) LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 28 / 29
48. 48. The End Download Source code and documentation available from www.di.uminho.pt/research/galculator Contact Questions to paufil@di.uminho.pt LogoDI2 Paulo Silva (UMinho) On the design of a Galculator CIC’09 29 / 29