on the design of a galculator
DESCRIPTION
Presentated at PhD Defense, Guimarães, Portugal in November 16, 2009.TRANSCRIPT
![Page 1: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/1.jpg)
On the Design of a Galculator
Paulo Silva
Departamento de InformáticaUniversidade do Minho
Braga, Portugal
November 16, 2009Guimarães
![Page 2: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/2.jpg)
Outline
IntroductionMotivationObjectives
IngredientsIndirect equalityGalois connectionsRelation and fork algebrasPoint-free transform
Galois and Galculator
Concluding remarksContributionsFuture work
![Page 3: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/3.jpg)
Outline
IntroductionMotivationObjectives
IngredientsIndirect equalityGalois connectionsRelation and fork algebrasPoint-free transform
Galois and Galculator
Concluding remarksContributionsFuture work
![Page 4: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/4.jpg)
Software correctness
Current approaches
I Software correctness is an ambitious challengeI Sometimes proofs are hindered by the theoryI Tool support seems to be important
AlternativesI Sometimes algebraic approaches are possibleI Algebras “abstract” the underlying logicI Proofs become more syntactic
Galois connections can play an important role
![Page 5: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/5.jpg)
Software correctness
Current approaches
I Software correctness is an ambitious challengeI Sometimes proofs are hindered by the theoryI Tool support seems to be important
AlternativesI Sometimes algebraic approaches are possibleI Algebras “abstract” the underlying logicI Proofs become more syntactic
Galois connections can play an important role
![Page 6: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/6.jpg)
Whole division implementation
Haskell code
x ‘div ‘ y | x < y = 0| x > y = (x − y) ‘div ‘ y + 1
for non-negative x and positive y .
This is the code. Where is the specification?
![Page 7: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/7.jpg)
Whole division implementation
Haskell code
x ‘div ‘ y | x < y = 0| x > y = (x − y) ‘div ‘ y + 1
for non-negative x and positive y .
This is the code. Where is the specification?
![Page 8: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/8.jpg)
Whole division specification
Implicit definition
c = x ÷ y ⇔ 〈∃ r : 0 6 r < y : x = c × y + r〉
Explicit definition
x ÷ y = 〈∨
z :: z × y 6 x〉
Galois connection
z × y 6 x ⇔ z 6 x ÷ y (y > 0)
![Page 9: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/9.jpg)
Whole division specification
Implicit definition
c = x ÷ y ⇔ 〈∃ r : 0 6 r < y : x = c × y + r〉
Explicit definition
x ÷ y = 〈∨
z :: z × y 6 x〉
Galois connection
z × y 6 x ⇔ z 6 x ÷ y (y > 0)
![Page 10: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/10.jpg)
Whole division specification
Implicit definition
c = x ÷ y ⇔ 〈∃ r : 0 6 r < y : x = c × y + r〉
Explicit definition
x ÷ y = 〈∨
z :: z × y 6 x〉
Galois connection
z × y 6 x ⇔ z 6 x ÷ y (y > 0)
![Page 11: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/11.jpg)
Specification vs. Implementation
I We can verify if the implementation meets thespecification.
I We can calculate the implementation from thespecification.
![Page 12: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/12.jpg)
Whole divisionFrom specification to implementation
We want to calculate the implementation
x ÷ y = (x − y)÷ y + 1 if x > yx ÷ y = 0 if x < y
from specification
z × y 6 x ⇔ z 6 x ÷ y (y > 0)
Some useful Galois connections
a− b = c ⇔ a = c + ba− b 6 c ⇔ a 6 c + b
![Page 13: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/13.jpg)
Proof when x > y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > 0, y > 0 }z×y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y−y 6 x−y
⇔ { distributivity }
(z − 1)×y 6 x − y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > y }
z−1 6 (x − y)÷y
⇔ { a−b 6 c ⇔ a 6 c+b }
z 6 (x − y)÷ y +1
![Page 14: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/14.jpg)
Proof when x > y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > 0, y > 0 }z×y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y−y 6 x−y
⇔ { distributivity }
(z − 1)×y 6 x − y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > y }
z−1 6 (x − y)÷y
⇔ { a−b 6 c ⇔ a 6 c+b }
z 6 (x − y)÷ y +1
![Page 15: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/15.jpg)
Proof when x > y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > 0, y > 0 }z×y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y−y 6 x−y
⇔ { distributivity }
(z − 1)×y 6 x − y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > y }
z−1 6 (x − y)÷y
⇔ { a−b 6 c ⇔ a 6 c+b }
z 6 (x − y)÷ y +1
![Page 16: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/16.jpg)
Proof when x > y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > 0, y > 0 }z×y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y−y 6 x−y
⇔ { distributivity }
(z − 1)×y 6 x − y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > y }
z−1 6 (x − y)÷y
⇔ { a−b 6 c ⇔ a 6 c+b }
z 6 (x − y)÷ y +1
![Page 17: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/17.jpg)
Proof when x > y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > 0, y > 0 }z×y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y−y 6 x−y
⇔ { distributivity }
(z − 1)×y 6 x − y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > y }
z−1 6 (x − y)÷y
⇔ { a−b 6 c ⇔ a 6 c+b }
z 6 (x − y)÷ y +1
![Page 18: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/18.jpg)
Proof when x > y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > 0, y > 0 }z×y 6 x
⇔ { cancellation, thanks to a− b 6 c ⇔ a 6 c + b }z × y−y 6 x−y
⇔ { distributivity }
(z − 1)×y 6 x − y
⇔ { z×y 6 x ⇔ z 6 x÷y assuming x > y }
z−1 6 (x − y)÷y
⇔ { a−b 6 c ⇔ a 6 c+b }
z 6 (x − y)÷ y +1
![Page 19: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/19.jpg)
Proof when x < y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y }z×y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
![Page 20: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/20.jpg)
Proof when x < y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y }z×y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
![Page 21: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/21.jpg)
Proof when x < y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y }z×y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
![Page 22: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/22.jpg)
Proof when x < y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y }z×y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
![Page 23: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/23.jpg)
Proof when x < y
z 6 x÷y
⇔ { z×y 6 x ⇔ z 6 x÷y }z×y 6 x
⇔ { transitivity, since x < y }z × y 6 x ∧ z × y < y
⇔ { since y 6= 0 }
z × y 6 x ∧ z 6 0
⇔ { z 6 0 entails z × y 6 x , since 0 6 x }
z 6 0
![Page 24: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/24.jpg)
Objectives
Exploit equational reasoning
I Use Galois connections in equational proofsI Integrate Galois connections, fork algebras and indirect
equality
Galois language
I Language for mathematical reasoningI Equivalent to first-order logicI Strongly typedI Front-end for the Galculator
![Page 25: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/25.jpg)
Objectives
Galculator = Galois connections + calculator
I Proof assistant based on Galois connections, their algebraand associated tactics
I Exploit the state-of-the-art Haskell technology in thedevelopment of a proof assistant prototype
![Page 26: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/26.jpg)
Outline
IntroductionMotivationObjectives
IngredientsIndirect equalityGalois connectionsRelation and fork algebrasPoint-free transform
Galois and Galculator
Concluding remarksContributionsFuture work
![Page 27: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/27.jpg)
Indirect equality
Definition (Indirect inequality)
a v b ⇔ 〈∀ x :: x v a⇒ x v b〉a v b ⇔ 〈∀ x :: b v x ⇒ a v x〉
Definition (Indirect equality)
a = b ⇔ 〈∀ x :: x v a ⇔ x v b〉a = b ⇔ 〈∀ x :: a v x ⇔ b v x〉
![Page 28: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/28.jpg)
Galois connections
Definition (Galois connection)Given two preordered sets (A,vA) and (B,vB) and twofunctions B Afoo and A B
goo , the pair (f , g) is a Galoisconnection if and only if, for all a ∈ A and b ∈ B:
f a vB b ⇔ a vA g b
Graphical notation
Af
,,
vA��
Bg
ll
vB��
or (A,vA) (B,vB)(f ,g)oo
![Page 29: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/29.jpg)
Galois connections
f a vB b ⇔ a vA g b
g
f
f⊤A
B
g⊥B
Af
g
⊤A⊤B
⊥A⊥B
![Page 30: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/30.jpg)
Algebra
I Identity connection.
(A,vA) (A,vA)(id ,id)oo
I Composition.
if (A,v) (B,�)(f ,g)oo and (B,�) (C,6)
(h,k)oo then
(A,v) (C,6)(h◦f ,g◦k)oo
I Converse.
if (A,v) (B,�)(f ,g)oo then (B,�) (A,w)
(g,f )oo
I Relator. For every relator F ,
if (A,v) (B,�)(f ,g)oo then (FA,F v) (FB,F �)
(F f ,Fg)oo
![Page 31: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/31.jpg)
Relation and fork algebras
Relation algebras
I Extension of Boolean algebrasI Single inference rule: substitution of equals by equalsI Amenable for syntactic manipulationI Equivalent to a three-variable fragment of first-order logic
Fork algebras
I Extend relation algebras with a pairing operatorI Equivalent in expressive and deductive power to first-order
logic
Equational reasoning
![Page 32: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/32.jpg)
Relation and fork algebras
Relation algebras
I Extension of Boolean algebrasI Single inference rule: substitution of equals by equalsI Amenable for syntactic manipulationI Equivalent to a three-variable fragment of first-order logic
Fork algebras
I Extend relation algebras with a pairing operatorI Equivalent in expressive and deductive power to first-order
logic
Equational reasoning
![Page 33: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/33.jpg)
Point-free definitions
Definition (Galois connection)
f ◦ ◦vB = vA ◦ g
Definition (Indirect equality)
f = g ⇔ � ◦ f = � ◦ gf = g ⇔ f ◦ ◦� = g◦◦ �
![Page 34: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/34.jpg)
Outline
IntroductionMotivationObjectives
IngredientsIndirect equalityGalois connectionsRelation and fork algebrasPoint-free transform
Galois and Galculator
Concluding remarksContributionsFuture work
![Page 35: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/35.jpg)
Galois language
Fork
Formula
Term
Module
TheoremGC DefinitionDefinition Axiom Strategy
Type
Galois connection
Rewriting Combinator
Derivation
Proof Step
FunctionOrder
![Page 36: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/36.jpg)
Galculator prototype
TRS
GC
Combine
Laws
Rules
Strategies
Combine
Properties Theory domain
Relation algebra
Derive
Derive DeriveDerive
![Page 37: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/37.jpg)
Outline
IntroductionMotivationObjectives
IngredientsIndirect equalityGalois connectionsRelation and fork algebrasPoint-free transform
Galois and Galculator
Concluding remarksContributionsFuture work
![Page 38: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/38.jpg)
Contributions
Study about Galois connections
I Survey of the most important theoretical resultsI Comprehensive study of different approaches to combine
Galois connectionsI Relation with category theoryI Survey of applications
Innovative approach
I Fork algebras used together with Galois connectionsI Use of indirect equalityI Amenable for either pencil-and-paper or computer assisted
proofs
![Page 39: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/39.jpg)
Contributions
Galois language
I Follows from the theoretical conceptsI Strongly typedI Galois connections introduce some semantic support while
reasoning in a syntactic level
Galculator prototype
I Proof assistant prototype based on Galois connectionsI First proof engine to calculate directly with point-free
Galois connectionsI Application of advanced and innovative implementation
techniques
![Page 40: On the Design of a Galculator](https://reader033.vdocument.in/reader033/viewer/2022052908/5596efde1a28ab2a778b470a/html5/thumbnails/40.jpg)
Future work
I Integration with host theorem provers (e.g., Coq)I Mechanization of point-free transformI Automated proofsI Free-theoremsI Extension of the type systemI Evaluation of the languageI Application to abstract interpretation