Mechanizing Abstract Interpretation Thesis Defense David Darais - PowerPoint PPT Presentation

The Plan Spec ̑ α ( γ ([ w , x ]) + γ ([ y , z ])) Step 1: 
 = Check These Calculations α ({ i + j | i ∈ γ ([ w , x ]) Using a Proof Assistant ∧ j ∈ γ ([ y , z ]) }) = α ({ w + y ,…, x + z }) = α ({ w + y }) ⊔ ⋯ ⊔ α ({ x + z }) Step 2: 
 = Algorithm Extract a Certified 
 [ w + y , x + z ] Implementation ≜ ̂ [ w , x ] + [ y , z ]

The Plan Spec ̑ α ( γ ([ w , x ]) + γ ([ y , z ])) Step 1: 
 = Check These Calculations α ({ i + j | i ∈ γ ([ w , x ]) Using a Proof Assistant ∧ j ∈ γ ([ y , z ]) }) = Implementation ✗ α ({ w + y ,…, x + z }) = α ({ w + y }) ⊔ ⋯ ⊔ α ({ x + z }) Step 2: 
 = Algorithm Extract a Certified 
 [ w + y , x + z ] ≜ ̂ [ w , x ] + [ y , z ]

“This looks like an algorithm” 
 “I know how to execute this” (to a human) (to a machine)


 
 
 
 “This looks like an algorithm” 
 “I know how to execute this” (to a human) (to a machine) Mathematical 
 Formulas 
 Backed by an Algorithm


 
 
 
 “This looks like an algorithm” 
 “I know how to execute this” (to a human) (to a machine) Classical 
 Mathematics 
 Constructive 
 Mathematics


 
 
 
 “This looks like an algorithm” 
 “I know how to execute this” (to a human) (to a machine) Classical 
 Mathematics 
 PROBLEM: SOLUTION: how to know 
 explicitly 
 when boundary account for is crossed algorithmic Constructive 
 content Mathematics

Classical Galois Connections α ℘ ( ℤ ) ℤ × ℤ

Constructive Galois Connections η ℤ ℤ × ℤ

Constructive Galois Connections η ℤ ℤ × ℤ defn η ( i ) ≔ [ i , i ] algorithmic 
 content of 
 abstraction

Constructive Galois Connections η ℤ ℤ × ℤ defn η ( i ) ≔ [ i , i ] embedding 
 algorithms law 1 α = ⟨ η ⟩

Constructive Galois Connections η ℤ ℤ × ℤ defn η ( i ) ≔ [ i , i ] singleton powersets law 1 α = ⟨ η ⟩ compute law 2 ⟨ η ⟩ ({ x }) = ⟨ η ( x ) ⟩

̑ α ( γ ([ w , x ]) + γ ([ y , z ])) = α ({ i + j | i ∈ γ ([ w , x ]) ∧ j ∈ γ ([ y , z ]) }) = α ({ w + y ,…, x + z }) = α ({ w + y }) ⊔ ⋯ ⊔ α ({ x + z }) = [ w + y , x + z ] ≜ ̂ [ w , x ] + [ y , z ]

̑ α ( γ ([ w , x ]) + γ ([ y , z ]))

̑ α ( γ ([ w , x ]) + γ ([ y , z ])) law 1 α = ⟨ η ⟩

̑ α ( γ ([ w , x ]) + γ ([ y , z ]))

̑ ⟨ η ⟩ ( γ ([ w , x ]) + γ ([ y , z ]))

̑ ⟨ η ⟩ ( γ ([ w , x ]) + γ ([ y , z ])) = ⟨ η ⟩ ({ i + j | i ∈ γ ([ w , x ]) ∧ j ∈ γ ([ y , z ]) }) = ⟨ η ⟩ ({ w + y ,…, x + z }) = ⟨ η ⟩ ({ w + y }) ⊔ ⋯ ⊔ ⟨ η ⟩ ({ x + z })

̑ ⟨ η ⟩ ( γ ([ w , x ]) + γ ([ y , z ])) = ⟨ η ⟩ ({ i + j | i ∈ γ ([ w , x ]) ∧ j ∈ γ ([ y , z ]) }) = law 2 ⟨ η ⟩ ({ w + y ,…, x + z }) ⟨ η ⟩ ({ x }) = ⟨ η ( x ) ⟩ = ⟨ η ⟩ ({ w + y }) ⊔ ⋯ ⊔ ⟨ η ⟩ ({ x + z })

̑ ⟨ η ⟩ ( γ ([ w , x ]) + γ ([ y , z ])) = ⟨ η ⟩ ({ i + j | i ∈ γ ([ w , x ]) ∧ j ∈ γ ([ y , z ]) }) = ⟨ η ⟩ ({ w + y ,…, x + z }) = ⟨ η ⟩ ({ w + y }) ⊔ ⋯ ⊔ ⟨ η ⟩ ({ x + z })

̑ ⟨ η ⟩ ( γ ([ w , x ]) + γ ([ y , z ])) = ⟨ η ⟩ ({ i + j | i ∈ γ ([ w , x ]) ∧ j ∈ γ ([ y , z ]) }) = ⟨ η ⟩ ({ w + y ,…, x + z }) = ⟨ η ( w + y ) ⟩ ⊔ ⋯ ⊔ ⟨ η ( x + z ) ⟩

̑ ⟨ η ⟩ ( γ ([ w , x ]) + γ ([ y , z ])) = ⟨ η ⟩ ({ i + j | i ∈ γ ([ w , x ]) ∧ j ∈ γ ([ y , z ]) }) = ⟨ η ⟩ ({ w + y ,…, x + z }) = ⟨ η ( w + y ) ⟩ ⊔ ⋯ ⊔ ⟨ η ( x + z ) ⟩ = ⟨ [ w + y , x + z ] ⟩ ≜ ̂ [ w , x ] + [ y , z ]

The Plan Spec ̑ ⟨ η ⟩ ( γ ([ w , x ]) + γ ([ y , z ])) Step 1: 
 = Check These Calculations ⟨ η ⟩ ({ i + j | i ∈ γ ([ w , x ]) Using a Proof Assistant ∧ j ∈ γ ([ y , z ]) }) = ⟨ η ⟩ ({ w + y ,…, x + z }) = ⟨ η ( w + y ) ⟩ ⊔ ⋯ ⊔ ⟨ η ( x + z ) ⟩ Step 2: 
 = Algorithm Implementation ✓ Extract a Certified 
 ⟨ [ w + y , x + z ] ⟩ ≜ ̂ [ w , x ] + [ y , z ]

calc.agda calc.cousot ‣ ⟬ α [ ⇄ᴿ ⇗ ⇄ᴵ ] α (eval[ n ])( ρ♯ ) ⋅ eval[ Num n ] ⋅ ρ♯ ⟭ ⟅ defn of α ⟆ ‣ ⟬ ηᴵ * ⋅ (eval[ Num n ] * = αᴵ (eval[ n ]( γᴿ ( ρ♯ ))) ⋅ ( μᴿ ⋅ ρ♯ )) ⟭ ⟅ defn of eval[ n ] ⟆ ‣ [focus-right [ ⋅ ] of ηᴵ * ] = αᴵ ({i | ρ ⊢ n ↦ i}) ⟅ defn[eval[ Num n ]] ⟆ ⟅ defn of _ ⊢ _ ↦ _ ⟆ ‣ ⟬ ηᴵ * ⋅ (return ⋅ n ) ⟭ = αᴵ ({ n }) ‣ ⟅ right-unit[*] ⟆ ⟅ defn of eval ♯ [ n ] ⟆ ‣ ⟬ pure ⋅ ( ηᴵ ⋅ n ) ⟭ ≜ eval ♯ [ n ]( ρ♯ ) ‣ ⟬ pure ⋅ eval ♯ [ Num n ] ⋅ ρ♯ ⟭ 67

Classical GCs A : poset α : A ↗ B B : poset γ : B ↗ A x ⊑ γ ( α ( x )) ∧ α ( γ ( y )) ⊑ y =========================== x ⊑ γ ( y ) ⟺ α ( x ) ⊑ y 68

Classical GCs A : poset α : A ↗ B B : poset γ : B ↗ A α∘γ ⊑ id id ⊑ γ∘α ∧ =========================== id( x ) ⊑ γ ( y ) ⟺ α ( x ) ⊑ id( y ) 69

Constructive GCs η : A ↗ ℘ (B) A : poset μ : B ↗ ℘ (A) B : poset ret ⊑ μ⊛η ∧ η⊛μ ⊑ ret =========================== ret( n ) ⊆ μ * ( r ) ⟺ η * ( n ) ⊆ ret( r ) 70

Constructive GCs A : poset η : A ↗ B μ : B ↗ ℘ (A) B : poset ret ⊑ μ⊛ ⟨ η ⟩ ∧ ⟨ η ⟩ ⊛μ ⊑ ret =========================== ret( n ) ⊆ μ * * ( r ) ⟺ ⟨ η ⟩ ( n ) ⊆ ret( r ) 71

Constructive GCs A : poset η : A ↗ B μ : B ↗ ℘ (A) B : poset ret ⊑ μ⊛ ⟨ η ⟩ ∧ ⟨ η ⟩ ⊛μ ⊑ ret =========================== ret( n ) ⊆ μ * * ( r ) ⟺ ⟨ η ⟩ ( n ) ⊆ ret( r ) 72

Constructive GCs A : poset η : A ↗ B μ : B ↗ ℘ (A) B : poset ret ⊑ μ⊛ ⟨ η ⟩ ∧ ⟨ η ⟩ ⊛μ ⊑ ret =========================== ret( n ) ⊆ μ * * ( r ) ⟺ ⟨ η ⟩ ( n ) ⊆ ret( r ) 73

Classical GCs = adjunction in 
 category of posets (adjoints are mono. functions) Constructive GCs = biadjunction in 
 category of posets enriched over ℘ -Kleisli (adjoints are mono. ℘ -monadic functions)

Constructive Galois Connections ✓ First theory to support both calculation and extraction ✓ Soundness and completeness w.r.t. classical GCs ✓ Two case studies: calculational AI and gradual typing ✗ Only (constr.) equivalent to subset of classical GCs ✗ Same limitations as classical GCs ( ∄α for some γ ) 75

Constructive 
 Abstracting 
 Galois Galois 
 Definitional 
 Transformers Connections Interpreters 76

Galois Transformers 0: int x y ; 1: void safe_fun(int N ) { 2: if ( N ≠ 0) { x := 0;} 3: else { x := 1;} 4: if ( N ≠ 0) { y := 100/ N ;} 5: else { y := 100/ x ;}} 77

Galois Transformers 0: int x y ; 1: void safe_fun(int N ) { 2: if ( N ≠ 0) { x := 0;} 3: else { x := 1;} 4: if ( N ≠ 0) { y := 100/ N ;} 5: else { y := 100/ x ;}} Flow-insensitive results : var ↦ ℘ ({-,0,+}) 77

Galois Transformers 0: int x y ; N ∈ {-,0,+} 1: void safe_fun(int N ) { x ∈ {0,+} 2: if ( N ≠ 0) { x := 0;} y ∈ {-,0,+} 
 3: else { x := 1;} 4: if ( N ≠ 0) { y := 100/ N ;} UNSAFE : {100/ N } 
 5: else { y := 100/ x ;}} UNSAFE : {100/ x } Flow-insensitive results : var ↦ ℘ ({-,0,+}) 77

Galois Transformers 4: x ∈ {0,+} 0: int x y ; 4.T: N ∈ {-,+} 1: void safe_fun(int N ) { 5.F: x ∈ {0,+} 2: if ( N ≠ 0) { x := 0;} 3: else { x := 1;} N , y ∈ {-,0,+} 4: if ( N ≠ 0) { y := 100/ N ;} 5: else { y := 100/ x ;}} UNSAFE : {100/ x } Flow-sensitive results : loc ↦ (var ↦ ℘ ({-,0,+})) 78