Presented at PPDP'08, Valencia, Spain in July 15-17, 2008.

1. Galculator
Functional Prototype of a Galois-connection Based
Proof Assistant
Paulo Silva
José Nuno Oliveira
Departamento de Informática
Universidade do Minho
Braga, Portugal
Principles and Practice of Declarative Programming
July 15 – 17, 2008
Valencia
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
1 / 27

2. Outline
Outline
1
Introduction
Motivation
Objectives
2
Theoretical background
Galois connections
Pointfree transform
3
Galculator
Principles
Representation
4
Conclusion
Conclusion
Future work
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
2 / 27

3. Introduction
Outline
1
Introduction
Motivation
Objectives
2
Theoretical background
Galois connections
Pointfree transform
3
Galculator
Principles
Representation
4
Conclusion
Conclusion
Future work
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
3 / 27

4. Introduction
Motivation
Software correctness
Current approaches
Software correctness is an ambitious challenge
Logic based approaches benefit from the help of theorem provers
Sometimes proofs are hindered by the theory
It is not always easy to devise the correct strategy
Alternatives
Sometimes algebraic approaches are possible
Algebras “abstract” the underlying logic
Proofs become more syntactic
Galois connections can play an important role
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
LogoDI2
PPDP’08
4 / 27

5. Introduction
Motivation
Whole division implementation
Haskell code
x ‘div ‘ y | x < y = 0
| x y = (x − y ) ‘div ‘ y + 1
for non-negative x and positive y .
This is the code. Where is the specification?
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
5 / 27

6. Introduction
Motivation
Whole division specification
Implicit definition
c =x ÷y ⇔ ∃r : 0
r <y : x =c×y +r
Explicit definition
x ÷y =
z :: z × y
x
Galois connection
z ×y
x ⇔ z
x ÷y
(y > 0)
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
6 / 27

7. Introduction
Motivation
Whole division
Specification vs. Implementation
We can verify if the implementation meets the specification.
We can calculate the implementation from the specification.
Definition (Indirect equality)
a=b
⇔
∀ x :: x
a⇔x
b
a=b
⇔
∀ x :: a
x ⇔b
x
Another useful Galois connection
a−b
Paulo Silva, José Nuno Oliveira (UMinho)
c ⇔ a
Galculator
c+b
LogoDI2
PPDP’08
7 / 27

8. Introduction
Motivation
Proof.
z
⇔
x ÷y
{ z ×y
z ×y
⇔
x ⇔ z
x ÷ y assuming x
x
{ cancellation, thanks to a − b
z ×y −y
⇔
0, y > 0 }
c⇔a
c+b }
x −y
{ distributivity }
(z − 1) × y
⇔
{ z ×y
z −1
⇔
x ⇔ z
x ÷ y assuming x
y}
(x − y ) ÷ y
{ a−b
z
x −y
c⇔a
c+b }
(x − y ) ÷ y + 1
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
8 / 27

9. Introduction
Motivation
Proof.
z
⇔
x ÷y
{ z ×y
z ×y
⇔
x ⇔ z
x ÷ y assuming x
x
{ cancellation, thanks to a − b
z ×y −y
⇔
0, y > 0 }
c⇔a
c+b }
x −y
{ distributivity }
(z − 1) × y
⇔
{ z ×y
z −1
⇔
x ⇔ z
x ÷ y assuming x
y}
(x − y ) ÷ y
{ a−b
z
x −y
c⇔a
c+b }
(x − y ) ÷ y + 1
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
8 / 27

10. Introduction
Motivation
Proof.
z
⇔
x ÷y
{ z ×y
z ×y
⇔
x ⇔ z
x ÷ y assuming x
x
{ cancellation, thanks to a − b
z ×y −y
⇔
0, y > 0 }
c⇔a
c+b }
x −y
{ distributivity }
(z − 1) × y
⇔
{ z ×y
z −1
⇔
x ⇔ z
x ÷ y assuming x
y}
(x − y ) ÷ y
{ a−b
z
x −y
c⇔a
c+b }
(x − y ) ÷ y + 1
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
8 / 27

11. Introduction
Motivation
Proof.
z
⇔
x ÷y
{ z ×y
z ×y
⇔
x ⇔ z
x ÷ y assuming x
x
{ cancellation, thanks to a − b
z ×y −y
⇔
0, y > 0 }
c⇔a
c+b }
x −y
{ distributivity }
(z − 1) × y
⇔
{ z ×y
z −1
⇔
x ⇔ z
x ÷ y assuming x
y}
(x − y ) ÷ y
{ a−b
z
x −y
c⇔a
c+b }
(x − y ) ÷ y + 1
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
8 / 27

12. Introduction
Motivation
Proof.
z
⇔
x ÷y
{ z ×y
z ×y
⇔
x ⇔ z
x ÷ y assuming x
x
{ cancellation, thanks to a − b
z ×y −y
⇔
0, y > 0 }
c⇔a
c+b }
x −y
{ distributivity }
(z − 1) × y
⇔
{ z ×y
z −1
⇔
x ⇔ z
x ÷ y assuming x
y}
(x − y ) ÷ y
{ a−b
z
x −y
c⇔a
c+b }
(x − y ) ÷ y + 1
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
8 / 27

13. Introduction
Motivation
Proof.
z
⇔
x ÷y
{ z ×y
z ×y
⇔
x ⇔ z
x ÷ y assuming x
x
{ cancellation, thanks to a − b
z ×y −y
⇔
0, y > 0 }
c⇔a
c+b }
x −y
{ distributivity }
(z − 1) × y
⇔
{ z ×y
z −1
⇔
x ⇔ z
x ÷ y assuming x
y}
(x − y ) ÷ y
{ a−b
z
x −y
c⇔a
c+b }
(x − y ) ÷ y + 1
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
8 / 27

14. Introduction
Motivation
Proof.
z
⇔
x ÷y
{ z ×y
z ×y
⇔
x ⇔ z
x ÷y }
x
{ transitivity, since x < y }
z ×y
⇔
x ∧ z ×y <y
{ since y = 0 }
z ×y
⇔
{ z
z
x ∧ z
0
0 entails z × y
x, since 0
x }
0
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
9 / 27

15. Introduction
Motivation
Proof.
z
⇔
x ÷y
{ z ×y
z ×y
⇔
x ⇔ z
x ÷y }
x
{ transitivity, since x < y }
z ×y
⇔
x ∧ z ×y <y
{ since y = 0 }
z ×y
⇔
{ z
z
x ∧ z
0
0 entails z × y
x, since 0
x }
0
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
9 / 27

16. Introduction
Motivation
Proof.
z
⇔
x ÷y
{ z ×y
z ×y
⇔
x ⇔ z
x ÷y }
x
{ transitivity, since x < y }
z ×y
⇔
x ∧ z ×y <y
{ since y = 0 }
z ×y
⇔
{ z
z
x ∧ z
0
0 entails z × y
x, since 0
x }
0
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
9 / 27

17. Introduction
Motivation
Proof.
z
⇔
x ÷y
{ z ×y
z ×y
⇔
x ⇔ z
x ÷y }
x
{ transitivity, since x < y }
z ×y
⇔
x ∧ z ×y <y
{ since y = 0 }
z ×y
⇔
{ z
z
x ∧ z
0
0 entails z × y
x, since 0
x }
0
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
9 / 27

18. Introduction
Motivation
Proof.
z
⇔
x ÷y
{ z ×y
z ×y
⇔
x ⇔ z
x ÷y }
x
{ transitivity, since x < y }
z ×y
⇔
x ∧ z ×y <y
{ since y = 0 }
z ×y
⇔
{ z
z
x ∧ z
0
0 entails z × y
x, since 0
x }
0
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
9 / 27

19. Introduction
Objectives
Objectives
Galculator
Build a proof assistant based on Galois connections, their algebra
and associated tactics
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
10 / 27

20. Theoretical background
Outline
1
Introduction
Motivation
Objectives
2
Theoretical background
Galois connections
Pointfree transform
3
Galculator
Principles
Representation
4
Conclusion
Conclusion
Future work
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
11 / 27

21. Theoretical background
Galois connections
Galois connections
Definition (Galois connection)
Given two preordered sets (A, A ) and (B, B ) and two functions
g
f
Bo
A and A o
B , the pair (f , g) is a Galois connection
if and only if, for all a ∈ A and b ∈ B:
f a
B
b
⇔
a
A
gb
Graphical notation
A
Al
f
,
g

22. B
B
or (A,
A)
o
(f ,g)
(B,
B)
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
12 / 27

23. Theoretical background
Galois connections
Properties
Property
f a Bb⇔a Agb
g (b B b ) = g b A g b
f (a A a ) = f a B f a
a A g (f a)
f (g b) B b
a A a ⇒f a B f a
b B b ⇒g b A g b
g B= A
f ⊥A = ⊥B
Description
“Shunting rule”
Distributivity (UA over meet)
Distributivity (LA over join)
Lower cancellation
Upper cancellation
Monotonicity (LA)
Monotonicity (UA)
Top-preservation (UA)
Bottom-preservation (LA)
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
13 / 27

24. Theoretical background
Galois connections
Galois connections — Algebra
Identity connection
(A,
A)
o (id,id) (A,
A)
Composition
if (A, ) o
(f ,g)
(B, ) and (B, ) o
(h,k )
(h◦f ,g ◦k )
(C, ) then (A, ) o
(C, )
Composition is associative and the identity is its unit.
Galois connections form a category.
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
14 / 27

25. Theoretical background
Galois connections
Galois connections — Algebra
Converse
if (A, ) o
(f ,g)
(B, ) then (B, ) o
(g,f )
(A, )
Relator
For every relator F that distributes through binary intersections,
if (A, ) o
(f ,g)
(B, ) then (FA, F
(F f ,F g)
)o
(FB, F
)
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
15 / 27

26. Theoretical background
Pointfree transform
Pointfree transform
Based on the formalization of set theory without variables
proposed by Tarski
Abstracts points from definitions
More compact and cryptic
More amenable for syntactical manipulation
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
16 / 27

27. Theoretical background
Pointfree transform
Pointfree transform summary
Pointwise
∃ c :: bRc ∧ cSa
∀ x :: xRb ⇒ xSa
∀ x :: bRx ⇒ aSx
bRa ∧ cSa
bRa ∧ dSc
bRa ∧ bSa
bSa ∨ bSa
(f b)R(g a)
b=a
True
False
∀ a, b :: bRa ⇒ bSa
∀ a, b :: bRa ⇔ bSa
∀ a :: aRa
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
Pointfree
b(R ◦ S)a
b(R S)a
b(S/R)a
(b, c) R, S a
(b, d)(R × S)(a, c)
b(R ∩ S)a
b(R ∪ S)a
b(f ◦ ◦ R ◦ g)a
b id a
b a
b⊥a
R⊆S
R=S
id ⊆ R
LogoDI2
PPDP’08
17 / 27

28. Theoretical background
Pointfree transform
Pointfree definitions
Definition (Galois connection)
f◦ ◦
B
=
A
◦
g
Definition (Indirect equality)
f =g
f =g
⇔
⇔
◦
f
◦
f =
◦
=g
◦
◦
g
◦
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
18 / 27

29. Galculator
Outline
1
Introduction
Motivation
Objectives
2
Theoretical background
Galois connections
Pointfree transform
3
Galculator
Principles
Representation
4
Conclusion
Conclusion
Future work
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
19 / 27

30. Galculator
Principles
Design Principles
Combine
GC
Derive
Laws
Relation
algebra
Derive
Properties
Derive
Theory
domain
Derive
Rules
TRS
Strategies
Combine
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
LogoDI2
PPDP’08
20 / 27

31. Galculator
Representation
Algebraic data types
List definition — Algebraic data type
data List a = Nil | Cons a (List a)
List definition — Generalized algebraic data type
data List a where
Nil :: List a
Cons :: a → List a → List a
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
21 / 27

32. Galculator
Representation
Type representation
data Type a where
Bool :: Type Bool
Char :: Type Char
Int
:: Type Int
List
:: Type a → Type [a]
Set
:: Type a → Type (Set a)
Maybe :: Type a → Type (Maybe a)
· × · :: Type a → Type b → Type (a, b)
Fun
Rel
GC
:: Type a → Type b → Type (a ← b)
:: Type a → Type b → Type (a ↔ b)
:: Type a → Type b → Type (GC a b)
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
22 / 27

33. Galculator
Representation
Relational representation
Representation
Relation
Functions
Orders
Galois connections
Combinators
data R
·◦
· ◦· ·
·×·
...
r where
:: R (b ↔ a) → R (a ↔ b)
:: Type b → R (c ↔ b) → R (b ↔ a) → R (c ↔ a)
:: R (b ↔ a) → R (d ↔ c) → R ((b, d) ↔ (a, c))
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
23 / 27

34. Conclusion
Outline
1
Introduction
Motivation
Objectives
2
Theoretical background
Galois connections
Pointfree transform
3
Galculator
Principles
Representation
4
Conclusion
Conclusion
Future work
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
24 / 27

35. Conclusion
Conclusion
Conclusion
Proof assistant prototype based on Galois connections
Innovative approach
Combination of Galois connections and pointfree calculus
Non-trivial example of the application of distinctive features of
functional languages
Generalized algebraic data types
Existential data types
Combinatorial approaches (parsing, rewriting)
Support for embedded domain specific languages
Computations as monads
Higher-order functions
New: Polymorphic type representation with unification
...
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
25 / 27

36. Conclusion
Future work
Future work
User-friendly syntax
Automated proofs
Free-theorems
Integration with host theorem provers
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
26 / 27

37. The End
Download
Source code and documentation available from
www.di.uminho.pt/research/galculator
Contact
Questions to paufil@di.uminho.pt
LogoDI2
Paulo Silva, José Nuno Oliveira (UMinho)
Galculator
PPDP’08
27 / 27