Programming and proving with classical types Cristina Matache - PowerPoint PPT Presentation

Programming and proving with classical types Cristina Matache †‡ † University of Oxford ‡ University of Cambridge APLAS 2017 1 Joint work with Victor Gomes ‡ and Dominic Mulligan ‡

Motivation Question Classical proof assistant with explicit evidence. 2 ▶ Proof assistants: ▪ Logic: intuitionistic vs. classical; ▪ Evidence: explicit (witness) vs. implicit.

Motivation Question Classical proof assistant with explicit evidence. 3 ▶ Problems: ▪ Logic: classical fjrst-order; ▪ Evidence: λµ terms.

Outline 1 terms Proof OCaml Theorem Prover Code Generation OCaml Verifjed Interpreter Isabelle Extension of the Meta-theory Operational semantics Type system 2 4 Evidence: λµ and µ ML Realisation: µ TP µ ML λµ -calculus µ TP

Evidence: λµ and µ ML

[Parigot, 1992] types named terms type the continuation expects 5 Typed λµ -calculus ρ, σ, τ ∶∶ = ⊥ ∣ τ → σ t, r, s ∶∶ = x ∣ λx ∶ σ.t ∣ t s ∣ λ -calculus terms µα ∶ σ.c µ -abstraction c ∶∶ = [ α ] t apply α to term t bind continuation α µα ∶ σ. [ α ] t

Reduction Example 6 ( µα. [ β ]( x µγ. [ α ] f )) y ⟶ µα. [ β ]( x µγ. [ α ]( f y )) α ↦ □ y @ µα y µα [ β ] [ β ] @ @ x µγ x µγ [ α ] [ α ] f @ y f

Reduction Example 6 ( µα. [ β ]( x µγ. [ α ] f )) y ⟶ µα. [ β ]( x µγ. [ α ]( f y )) α ↦ □ y @ µα y µα [ β ] [ β ] @ @ x µγ x µγ [ α ] [ α ] f @ y f

Reduction Example 6 ( µα. [ β ]( x µγ. [ α ] f )) y ⟶ µα. [ β ]( x µγ. [ α ]( f y )) α ↦ □ y @ µα y µα [ β ] [ β ] @ @ x µγ x µγ [ α ] [ α ] f @ y f

Reduction Example 6 ( µα. [ β ]( x µγ. [ α ] f )) y ⟶ µα. [ β ]( x µγ. [ α ]( f y )) α ↦ □ y @ µα y µα [ β ] [ β ] @ @ x µγ x µγ [ α ] [ α ] f @ y f

Reduction Example 6 ( µα. [ β ]( x µγ. [ α ] f )) y ⟶ µα. [ β ]( x µγ. [ α ]( f y )) α ↦ □ y @ µα y µα [ β ] [ β ] @ @ x µγ x µγ [ α ] [ α ] f @ y f

The Propositions-as-Types Correspondence Full Classical Logic elimination conclusions operators Propositions-as-Types Minimal Classical Logic of Intuitionistic Logic Implicational Fragment 7 λ -calculus + control + multiple λµ -calculus + ⊥ + ↑ λµ with ↑

8 [Ariola & Herbelin, 2003] Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑ ¬¬ A → A ¬ A ≡ A → ⊥ Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A ; ∆ λy ∶¬¬ A µα ∶ A Γ; ∆ , α ∶ A ⊢ c c Γ; ∆ ⊢ µα ∶ A.c ∶ A [ ↑ ] @ Γ; ∆ ⊢ t ∶ A α ∶ A ∈ ∆ Γ; ∆ ⊢ c [ α ] t y λx ∶ A µβ ∶ ⊥ Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢ c [ ↑ ] t [ α ] ( ⊥ elimination) x

8 [Ariola & Herbelin, 2003] Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑ ¬¬ A → A ¬ A ≡ A → ⊥ Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A ; ∆ λy ∶¬¬ A µα ∶ A Γ; ∆ , α ∶ A ⊢ c c Γ; ∆ ⊢ µα ∶ A.c ∶ A [ ↑ ] @ Γ; ∆ ⊢ t ∶ A α ∶ A ∈ ∆ Γ; ∆ ⊢ c [ α ] t y λx ∶ A µβ ∶ ⊥ Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢ c [ ↑ ] t [ α ] ( ⊥ elimination) x

8 [Ariola & Herbelin, 2003] Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑ ¬¬ A → A ¬ A ≡ A → ⊥ Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A ; ∆ λy ∶¬¬ A µα ∶ A Γ; ∆ , α ∶ A ⊢ c c Γ; ∆ ⊢ µα ∶ A.c ∶ A [ ↑ ] @ Γ; ∆ ⊢ t ∶ A α ∶ A ∈ ∆ Γ; ∆ ⊢ c [ α ] t y λx ∶ A µβ ∶ ⊥ Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢ c [ ↑ ] t [ α ] ( ⊥ elimination) x

8 [Ariola & Herbelin, 2003] Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑ ¬¬ A → A ¬ A ≡ A → ⊥ Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A ; ∆ λy ∶¬¬ A µα ∶ A Γ; ∆ , α ∶ A ⊢ c c Γ; ∆ ⊢ µα ∶ A.c ∶ A [ ↑ ] @ Γ; ∆ ⊢ t ∶ A α ∶ A ∈ ∆ Γ; ∆ ⊢ c [ α ] t y λx ∶ A µβ ∶ ⊥ Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢ c [ ↑ ] t [ α ] ( ⊥ elimination) x

8 [Ariola & Herbelin, 2003] Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑ ¬¬ A → A ¬ A ≡ A → ⊥ Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A ; ∆ λy ∶¬¬ A µα ∶ A Γ; ∆ , α ∶ A ⊢ c c Γ; ∆ ⊢ µα ∶ A.c ∶ A [ ↑ ] @ Γ; ∆ ⊢ t ∶ A α ∶ A ∈ ∆ Γ; ∆ ⊢ c [ α ] t y λx ∶ A µβ ∶ ⊥ Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢ c [ ↑ ] t [ α ] ( ⊥ elimination) x

8 [Ariola & Herbelin, 2003] Extending λµ ▶ Open terms for classical tautologies ⟹ Add ↑ ¬¬ A → A ¬ A ≡ A → ⊥ Γ; ∆ ⊢ t ∶ A ⟷ Γ ⊢ A ; ∆ λy ∶¬¬ A µα ∶ A Γ; ∆ , α ∶ A ⊢ c c Γ; ∆ ⊢ µα ∶ A.c ∶ A [ ↑ ] @ Γ; ∆ ⊢ t ∶ A α ∶ A ∈ ∆ Γ; ∆ ⊢ c [ α ] t y λx ∶ A µβ ∶ ⊥ Γ; ∆ ⊢ t ∶ ⊥ Γ; ∆ ⊢ c [ ↑ ] t [ α ] ( ⊥ elimination) x

types terms [Geuvers et. al., 2013] 9 Extending λµ ▶ First order quantifjcation: ρ, σ, τ ∶∶ = . . . ∣ a ∣ ∀ a.σ t, r, s ∶∶ = . . . ∣ Λ a.t ▶ Datatype encoding not unique ⟹ Built-in datatypes ▪ natural numbers and primitive recursion ▪ booleans ▪ products ▪ tagged unions

Type system Operational semantics Meta-theory Isabelle Verifjed Interpreter OCaml Generation Code Type Safety 10 µ ML Interpreter Polymorphic λµ with ↑ and datatypes µ ML ✓ Preservation ✓ Progress

Realisation: µ TP

Backwards proof Proof state Tactics User-level Forward proof Kernel OCaml “ qed ” 11 µ TP Theorem Prover ▶ LCF-style theorem prover ▶ Use µ ML terms as evidence µ TP Constructs µ ML term

12 (mk_arrow_t (mk_arrow_t qed (); apply 0 (assm_tac 0); apply 0 (mu_label_intro_tac 1); apply 0 imp_intro_tac; apply 0 (assm_tac 0); (mk_arrow_t (mk_var_t 0) mk_bot_t)); apply 0 (imp_elim_tac apply 0 mu_top_intro_tac; apply 0 imp_intro_tac; apply 0 all_intro_tac; (mk_var_t 0))); (mk_var_t 0) mk_bot_t) mk_bot_t) (mk_arrow_t (mk_all_t conjecture Example µ TP Proof Λ A. ¬¬ A → A Λ A λy ∶¬¬ A µα ∶ A [ ↑ ] @ y λx ∶ A µβ ∶ ⊥ [ α ] x

13 fun (y : (A -> bot) -> bot) -> : forall(A)(((A -> bot) -> bot) -> A) end end end end)) end [a]. x bind (b : bot) -> [abort]. (y (fun (x : A) -> bind (a : A) -> tabs(A) -> Extracted µ ML Program Λ A. ¬¬ A → A Λ A λy ∶¬¬ A µα ∶ A [ ↑ ] @ y λx ∶ A µβ ∶ ⊥ [ α ] x

14 Conclusion ▶ Classical theorem prover with explicit evidence: ▪ Extended λµ -calculus; ▪ Evidence: µ ML terms; ▪ Realisation: µ TP. ▶ Future work: ▪ Classical F ω ; ▪ Extend µ TP.