performant category-theory library in Coq Jason Gross, Adam - PowerPoint PPT Presentation

Experience implementing a performant category-theory library in Coq Jason Gross, Adam Chlipala, David I. Spivak Massachusetts Institute of Technology

How should theorem provers work? 2

How theorem provers should work: 1 = 0 1 = 0 No; here’s a Coq, is this proof of correct? 1 = 0 → False 3

How theorem provers should work: Th Theo eorem rem (curr rryi ying ng) ) : 𝑫 𝟐 → 𝑫 𝟑 → 𝑬 ≅ (𝑫 𝟐 × 𝑫 𝟑 → 𝑬) Proof: : homewo ework k ∎ Coq, is this Yes; here’s a correct? proof … 4

How theorem provers should work: Th Theo eorem rem (curr rryi ying ng) ) : 𝑫 𝟐 → 𝑫 𝟑 → 𝑬 ≅ (𝑫 𝟐 × 𝑫 𝟑 → 𝑬) Proof: : homewo ework k ∎ Theorem currying : 𝐷 1 → 𝐷 2 → 𝐸 ≅ 𝐷 1 × 𝐷 2 → 𝐸 . Proof. trivial. Qed. 5

How theorem provers should work: Theo Th eorem rem (curr rryi ying ng) ) : 𝑫 𝟐 → 𝑫 𝟑 → 𝑬 ≅ (𝑫 𝟐 × 𝑫 𝟑 → 𝑬) Proof: → : : 𝑮 ↦ 𝝁 𝒅 𝟐 , 𝒅 𝟑 . 𝑮 𝒅 𝟐 𝒅 𝟑 ; morph phisms isms simila larly ly ← : : 𝑮 ↦ 𝝁 𝒅 𝟐 . 𝝁 𝒅 𝟑 . 𝑮(𝒅 𝟐 , 𝒅 𝟑 ) ; morphis hisms ms simila larly ly Functoriality oriality, , naturality rality, , and congrue uence: nce: straig ightfo htforward. rward. ∎ Theorem currying : 𝐷 1 → 𝐷 2 → 𝐸 ≅ 𝐷 1 × 𝐷 2 → 𝐸 . Proof. esplit. { by refine ( 𝜇 F ( 𝐺 ↦ ( 𝜇 F ( 𝑑 ↦ 𝐺 o 𝑑 1 𝑑 2 )))). } { by refine ( 𝜇 F ( 𝐺 ↦ ( 𝜇 F ( 𝑑 1 ↦ ( 𝜇 F ( 𝑑 2 ↦ 𝐺 o (𝑑 1 , 𝑑 2 )) ))))). } all: trivial. Qed. 6

How theorem provers should work: Th Theo eorem rem (curr rryi ying ng) ) : 𝑫 𝟐 → 𝑫 𝟑 → 𝑬 ≅ (𝑫 𝟐 × 𝑫 𝟑 → 𝑬) Proof: → : : 𝑮 ↦ 𝝁 𝒅 𝟐 , 𝒅 𝟑 . 𝑮 𝒅 𝟐 𝒅 𝟑 ; morph phisms isms simila larly ly ← : : 𝑮 ↦ 𝝁 𝒅 𝟐 . 𝝁 𝒅 𝟑 . 𝑮(𝒅 𝟐 , 𝒅 𝟑 ) ; morphis hisms ms simila larly ly Functoriality oriality, , naturality rality, , and congrue uence: nce: straig ightfo htforward. rward. ∎ Theorem currying : 𝐷 1 → 𝐷 2 → 𝐸 ≅ 𝐷 1 × 𝐷 2 → 𝐸 . Proof. esplit. { by refine ( 𝜇 F ( 𝐺 ↦ ( 𝜇 F ( 𝑑 ↦ 𝐺 o 𝑑 1 𝑑 2 ) ( 𝑡 𝑒 𝑛 ↦ 𝐺 o 𝑒 1 m 𝑛 2 ∘ 𝐺 m 𝑛 1 o 𝑡 2 )) ( 𝐺 𝐻 𝑈 ↦ ( 𝜇 T ( 𝑑 ↦ 𝑈 𝑑 1 𝑑 2 )))). } { by refine ( 𝜇 F ( 𝐺 ↦ ( 𝜇 F ( 𝑑 1 ↦ ( 𝜇 F ( 𝑑 2 ↦ 𝐺 o (𝑑 1 , 𝑑 2 )) ( 𝑡 𝑒 𝑛 ↦ 𝐺 m (1, 𝑛)) )) ( 𝐺 𝐻 𝑈 ↦ ( 𝜇 T ( 𝑑 1 ↦ ( 𝜇 T ( 𝑑 2 ↦ 𝑈 (𝑑 1 , 𝑑 2 ) ))))). } all: trivial. Qed. 7

How theorem provers do work: Th Theo eorem rem (curr rryi ying ng) ) : 𝑫 𝟐 → 𝑫 𝟑 → 𝑬 ≅ (𝑫 𝟐 × 𝑫 𝟑 → 𝑬) Proof: → : : 𝑮 ↦ 𝝁 𝒅 𝟐 , 𝒅 𝟑 . 𝑮 𝒅 𝟐 𝒅 𝟑 ; morph phisms isms simila larly ly ≈ 0 s ← : : 𝑮 ↦ 𝝁 𝒅 𝟐 . 𝝁 𝒅 𝟑 . 𝑮(𝒅 𝟐 , 𝒅 𝟑 ) ; morphis hisms ms simila larly ly Functoriality oriality, , naturality rality, , and congrue uence: nce: straig ightfo htforward. rward. ∎ 17 s 2m 46 s !!! (5 s, if we use UIP) Theorem currying : 𝐷 1 → 𝐷 2 → 𝐸 ≅ 𝐷 1 × 𝐷 2 → 𝐸 . Proof. esplit. { by refine ( 𝜇 F ( 𝐺 ↦ ( 𝜇 F ( 𝑑 ↦ 𝐺 o 𝑑 1 𝑑 2 ) ( 𝑡 𝑒 𝑛 ↦ 𝐺 o 𝑒 1 m 𝑛 2 ∘ 𝐺 m 𝑛 1 o 𝑡 2 )) ( 𝐺 𝐻 𝑈 ↦ ( 𝜇 T ( 𝑑 ↦ 𝑈 𝑑 1 𝑑 2 )))). } { by refine ( 𝜇 F ( 𝐺 ↦ ( 𝜇 F ( 𝑑 1 ↦ ( 𝜇 F ( 𝑑 2 ↦ 𝐺 o (𝑑 1 , 𝑑 2 )) ( 𝑡 𝑒 𝑛 ↦ 𝐺 m (1, 𝑛)) )) ( 𝐺 𝐻 𝑈 ↦ ( 𝜇 T ( 𝑑 1 ↦ ( 𝜇 T ( 𝑑 2 ↦ 𝑈 (𝑑 1 , 𝑑 2 ) ))))). } all: trivial. Qed. 8

Performance is important! If we’re not careful, obvious or trivial things can be very, very slow. 9

Why you should listen to me Theorem : You should listen to me. Proof. by experience. Qed. 10

Why you should listen to me Category theory in Coq: https://github.com/HoTT/HoTT (subdirectory theories/categories): 𝐷 1 ≅ 𝐷 ; 1 𝐷 ≅ 1 • Concepts Formalized: 𝐷 𝐵+𝐶 ≅ 𝐷 𝐵 × 𝐷 𝐶 • • 1-precategories (in the sense of the HoTT Book) (𝐵 × 𝐶) 𝐷 ≅ 𝐵 𝐷 × 𝐶 𝐷 • • univalent/saturated categories (or just categories, in the HoTT Book) • • (𝐵 𝐶 ) 𝐷 ≅ 𝐵 𝐶×𝐷 functor precategories 𝐷 → 𝐸 dual functor isomorphisms Cat → Cat ; and 𝐷 → 𝐸 op → (𝐷 op → 𝐸 op ) • • Product laws • • the category Prop of (U-small) hProps 𝐷 × 𝐸 ≅ 𝐸 × 𝐷 • • the category Set of (U-small) hSets 𝐷 × 0 ≅ 0 × 𝐷 ≅ 0 • • the category Cat of (U-small) strict (pre)categories (strict in the sense of the 𝐷 × 1 ≅ 1 × 𝐷 ≅ 𝐷 • objects being hSets) Grothendieck construction (oplax colimit) of a pseudofunctor to Cat • • pseudofunctors Category of sections (gives rise to oplax limit of a pseudofunctor to Cat when • profunctors applied to Grothendieck construction identity profunction (the hom functor 𝐷 op × 𝐷 → Set ) • • functor composition is functorial (there's a functor Δ: 𝐷 → 𝐸 → (𝐸 → • adjoints • equivalences between a number of definitions: • unit-counit + zig-zag definition • unit + UMP definition • counit + UMP definition • universal morphism definition • hom-set definition (porting from old version in progress) • composition, identity, dual pointwise adjunctions in the library, 𝐻 𝐹 ⊣ 𝐺 𝐷 and 𝐹 𝐺 ⊣ 𝐷 𝐻 from an • adjunction 𝐺 ⊣ 𝐻 for functors 𝐺: 𝐷 ⇆ 𝐸: 𝐻 and 𝐹 a precategory (still too slow to be merged into the library proper; code here) • Yoneda lemma • Exponential laws 11 𝐷 0 ≅ 1 ; 0 𝐷 ≅ 0 given an object in 𝐷 •

Presentation is not mainly about: 12

Presentation is not mainly about: • category theory or diagram chasing Cartoon from xkcd, adapted by Alan Huang 13

Presentation is not mainly about: • category theory or diagram chasing Cartoon from xkcd, adapted by Alan Huang • my library 14

Presentation is not mainly about: • category theory or diagram chasing Cartoon from xkcd, adapted by Alan Huang • my library • Coq 15

Presentation is not mainly about: • category theory or diagram chasing Cartoon from xkcd, adapted by Alan Huang • my library • Coq (though what I say might not always generalize nicely) 16

Presentation is is about: • performance • the design of proof assistants and type theories to assist with performance • the kind of performance issues I encountered 17

Presentation is is for: • Users of proof assistants (and Coq in particular) • Who want to make their code faster • Designers of (type-theoretic) proof assistants • Who want to know where to focus their optimization efforts 18

Outline • Why should we care about performance? • What makes theorem provers (mainly Coq) slow? • Examples of particular slowness • For users (workarounds) • Arguments vs. fields and packed records • Proof by duality as proof by unification • Abstraction barriers • Proof by reflection • For developers (features) • Primitive projections • Higher inductive types • Universe Polymorphism Universes image from Abell NGC2218 hst big, NASA, • More judgmental rules http://en.wikipedia.org/wiki/Abell_2218#mediaviewer/File:A bell_NGC2218_hst_big.jpg, released in Public Domain; Bubble from http://pixabay.com/en/blue-bubble-shiny- 157652/, released in Public Domain CC0, combined in • Hashconsing Photoshop by Jason Gross 19 Dam image from http://www.flickr.com/photos/gammaman/7803829282/ by Eli Christman, CC by 2.0 Fence image from http://www.picgifs.com/clip-art/playing-children/clip-art-playing-children-362018-689955/

Performance • Question: What makes programs, particularly theorem provers or proof scripts, slow? 20

Performance • Question: What makes programs, particularly theorem provers or proof scripts, slow? • Answer: Doing too much stuff! 21

Performance • Question: What makes programs, particularly theorem provers or proof scripts, slow? • Answer: Doing too much stuff! • doing the same things repeatedly 22 Snail from http://naolito.deviantart.com/art/Repetitive-task-258126598

Performance • Question: What makes programs, particularly theorem provers or proof scripts, slow? • Answer: Doing too much stuff! • doing the same things repeatedly • doing lots of stuff for no good reason 23 Running rooster from http://d.wapday.com:8080/animation/ccontennt/15545-f/mr_rooster_running.gif

Performance • Question: What makes programs, particularly theorem provers or proof scripts, slow? • Answer: Doing too much stuff! • doing the same things repeatedly • doing lots of stuff for no good reason • using a slow language when you could be using a quicker one 24

Proof assistant performance • What kinds of things does Coq do? • Type checking • Term building • Unification • Normalization 25

Proof assistant performance (pain) • When are these slow? • when you duplicate work • when you do work on a part of a term you end up not caring about • when you do them too many times • when your term is large 26

Proof assistant performance (size) • How large is slow? 27