recursive functions on lazy lists via domains and
play

Recursive Functions on Lazy Lists via Domains and Topologies - PowerPoint PPT Presentation

Recursive Functions on Lazy Lists via Domains and Topologies Andreas Lochbihler Johannes H olzl Institute of Information Security Institut f ur Informatik ETH Zurich, Switzerland TU M unchen, Germany ITP 2014 Running example:


  1. Recursive Functions on Lazy Lists via Domains and Topologies Andreas Lochbihler Johannes H¨ olzl Institute of Information Security Institut f¨ ur Informatik ETH Zurich, Switzerland TU M¨ unchen, Germany ITP 2014

  2. Running example: filtering lazy lists Task: Given a codatatype define a recursive function and prove properties. Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11

  3. Running example: filtering lazy lists Task: Given a codatatype α llist = [ ] | α · α llist define a recursive function lfilter P [ ] = [ ] lfilter P ( x · xs ) = ( if P x then x · lfilter P xs else lfilter P xs ) and prove properties. lfilter P ( lfilter Q xs ) = lfilter ( λ x . P x ∧ Q x ) xs Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11

  4. Running example: filtering lazy lists finite and Task: Given a codatatype α llist = [ ] | α · α llist infinite lists define a recursive function lfilter P [ ] = [ ] lfilter P ( x · xs ) = ( if P x then x · lfilter P xs else lfilter P xs ) and prove properties. lfilter P ( lfilter Q xs ) = lfilter ( λ x . P x ∧ Q x ) xs Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11

  5. Running example: filtering lazy lists finite and Task: Given a codatatype α llist = [ ] | α · α llist infinite lists define a recursive function lfilter P [ ] = [ ] lfilter P ( x · xs ) = ( if P x then x · lfilter P xs else lfilter P xs ) and prove properties. lfilter P ( lfilter Q xs ) = lfilter ( λ x . P x ∧ Q x ) xs Usual definition principles • well-founded recursion • guarded/primitive corecursion Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11

  6. Running example: filtering lazy lists finite and Task: Given a codatatype α llist = [ ] | α · α llist infinite lists define a recursive function lfilter P [ ] = [ ] lfilter P ( x · xs ) = ( if P x then x · lfilter P xs else lfilter P xs ) and prove properties. lfilter P ( lfilter Q xs ) = lfilter ( λ x . P x ∧ Q x ) xs Usual definition principles • well-founded recursion • guarded/primitive corecursion Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11

  7. Running example: filtering lazy lists finite and Task: Given a codatatype α llist = [ ] | α · α llist infinite lists define a recursive function lfilter P [ ] = [ ] guarded lfilter P ( x · xs ) = ( if P x then x · lfilter P xs else lfilter P xs ) and prove properties. lfilter P ( lfilter Q xs ) = lfilter ( λ x . P x ∧ Q x ) xs Usual definition principles • well-founded recursion • guarded/primitive corecursion Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11

  8. Running example: filtering lazy lists finite and Task: Given a codatatype α llist = [ ] | α · α llist infinite lists define a recursive function lfilter P [ ] = [ ] guarded unguarded lfilter P ( x · xs ) = ( if P x then x · lfilter P xs else lfilter P xs ) and prove properties. lfilter P ( lfilter Q xs ) = lfilter ( λ x . P x ∧ Q x ) xs Usual definition principles • well-founded recursion • guarded/primitive corecursion Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11

  9. Running example: filtering lazy lists finite and Task: Given a codatatype α llist = [ ] | α · α llist infinite lists define a recursive function lfilter P [ ] = [ ] guarded unguarded lfilter P ( x · xs ) = ( if P x then x · lfilter P xs else lfilter P xs ) and prove properties. lfilter P ( lfilter Q xs ) = lfilter ( λ x . P x ∧ Q x ) xs Usual definition principles lfilter is underspecified: • well-founded recursion lfilter ( ≤ 0) (1 · [1 , 1 , 1 , . . . ]) = lfilter ( ≤ 0) [1 , 1 , 1 , . . . ] • guarded/primitive corecursion Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 2 / 11

  10. Beyond well-founded and guarded corecursion lfilter P [ ] = [ ] lfilter P ( x · xs ) = ( if P x then x · lfilter P xs else lfilter P xs ) lfilter P ( lfilter Q xs ) = lfilter ( λ x . P x ∧ Q x ) xs Previous approaches: Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 3 / 11

  11. Beyond well-founded and guarded corecursion lfilter P [ ] = [ ] lfilter P ( x · xs ) = ( if P x then x · lfilter P xs else lfilter P xs ) lfinite xs ∨ ( ∀ n . ∃ x ∈ lset ( ldrop n xs ) . P x ∧ Q x ) − → lfilter P ( lfilter Q xs ) = lfilter ( λ x . P x ∧ Q x ) xs Previous approaches: Partiality leave unspecified for infinite lists w/o satisfying elements close to specification properties need preconditions no proof principles Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 3 / 11

  12. Beyond well-founded and guarded corecursion lfilter P [ ] = [ ] lfilter P ( x · xs ) = ( if P x then x · lfilter P xs else lfilter P xs ) � �� � if ¬ find P xs then [ ] else lfilter P ( lfilter Q xs ) = lfilter ( λ x . P x ∧ Q x ) xs Previous approaches: Partiality leave unspecified for infinite lists w/o satisfying elements close to specification properties need preconditions no proof principles Search function check whether there are more elements total function, no preconditions additional lemmas about search function necessary ad hoc solution Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 3 / 11

  13. Two views on lfilter lfilter :: ( α ⇒ bool ) ⇒ α llist ⇒ α llist Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 4 / 11

  14. Two views on lfilter lfilter :: ( α ⇒ bool ) ⇒ α llist ⇒ α llist 1. produces a list corecursively • lfilter :: β ⇒ α llist • find chain-complete partial order on α llist • take the least fixpoint for lfilter Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 4 / 11

  15. Two views on lfilter lfilter :: ( α ⇒ bool ) ⇒ α llist ⇒ α llist 1. produces a list corecursively • lfilter :: β ⇒ α llist • find chain-complete partial order on α llist • take the least fixpoint for lfilter proof principles � domain theory fixpoint induction structural induction Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 4 / 11

  16. Two views on lfilter lfilter :: ( α ⇒ bool ) ⇒ α llist ⇒ α llist 2. consumes a list recursively 1. produces a list corecursively • lfilter :: α llist ⇒ β • lfilter :: β ⇒ α llist • find topology on α llist • find chain-complete partial order on α llist • define lfilter on finite lists • take the least fixpoint for lfilter by well-founded recursion • take the limit for infinite lists proof principles � domain theory fixpoint induction structural induction Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 4 / 11

  17. Two views on lfilter lfilter :: ( α ⇒ bool ) ⇒ α llist ⇒ α llist 2. consumes a list recursively 1. produces a list corecursively • lfilter :: α llist ⇒ β • lfilter :: β ⇒ α llist • find topology on α llist • find chain-complete partial order on α llist • define lfilter on finite lists • take the least fixpoint for lfilter by well-founded recursion • take the limit for infinite lists proof principles � topology � domain theory convergence on closed sets fixpoint induction uniqueness of limits structural induction Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 4 / 11

  18. Proof principles pay off Isabelle proofs of lfilter P ( lfilter Q xs ) = lfilter ( λ x . P x ∧ Q x ) xs Paulson’s Structural induction Fixpoint induction Continuous extension Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 5 / 11

  19. The producer view: least fixpoints • prefix order ⊑ defined coinductively • least upper bound � Y defined by primitive corecursion ( ⊑ , � ) forms a chain-complete partial order (CCPO) with ⊥ = [ ] Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11

  20. The producer view: least fixpoints • prefix order ⊑ defined coinductively • least upper bound � Y defined by primitive corecursion ( ⊑ , � ) forms a chain-complete partial order (CCPO) with ⊥ = [ ] A • • • � A . . . • • Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11

  21. The producer view: least fixpoints • prefix order ⊑ defined coinductively • least upper bound � Y defined by primitive corecursion ( ⊑ , � ) forms a chain-complete partial order (CCPO) with ⊥ = [ ] A • • ⊑ • � A ⊑ ⊑ ⊑ ⊑ ⊑ . . . • • Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11

  22. The producer view: least fixpoints • prefix order ⊑ defined coinductively • least upper bound � Y defined by primitive corecursion ( ⊑ , � ) forms a chain-complete partial order (CCPO) with ⊥ = [ ] ⊑ • A • • ⊑ • � A ⊑ ⊑ ⊑ ⊑ ⊑ . . . • • Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11

  23. The producer view: least fixpoints • prefix order ⊑ defined coinductively • least upper bound � Y defined by primitive corecursion ( ⊑ , � ) forms a chain-complete partial order (CCPO) with ⊥ = [ ] ⊑ • A ⊒ • • ⊑ • � A ⊑ ⊑ ⊑ ⊑ ⊑ . . . • • Lochbihler (ETHZ), H¨ olzl (TUM) Recursive functions on lazy lists ITP 2014 6 / 11

Recommend


More recommend