Encoding Induction in Correctness Proofs of Program Transformations as a Termination Problem

Transcription

1 Encoding Induction in Correctness Proofs of Program Transformations as a Termination Problem Conrad Rau, David Sabel and Manfred Schmidt-Schauß Goethe-University, Frankfurt am Main, Germany WST 2012, Obergurgl, Austria

2 Introduction and Motivation Motivation: Automate correctness proofs of program transformations Programming language: Core language, modelled as extended λ-calculus Correctness of program transformations: Based on contextual equivalence Correctness proof uses: Diagrams (already automated) Induction (automate through a termination proof) vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 2/14

3 Related and Own Work Schmidt-Schauß, Schütz, Sabel, 2008 Extended λ-calculus LR and correctness of program transformations via diagrams; manual proofs Wells, Plump and Kamareddine, 2003 Diagrams to show meaning preservation R., Schmidt-Schauß, 2010, 2011 Compute diagrams in extended λ-calculi Fuhs, Giesl, Plücker, Schneider-Kamp, Falke, 2009 Termination of integer term rewriting vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 3/14

4 Program Calculus, Contextual Equivalence Definition (Program calculus (E, C, sr, A)) E: Set of expressions C: Set of contexts sr E E: Reduction relation, usually labeled sr,l A E: Set of answers Example (Extended λ-calculus: LR) call-by-need λ-calculus, core language of pure Haskell Convergence: e iff e sr, a where a A (also called termination) Definition (Contextual Equivalence for (E, C, sr, A)) Contextual approximation: e 1 c e 0 C C : C[e 1 ] = C[e 0 ] Contextual equivalence: e 1 c e 0 e 1 c e 0 e 0 c e 1 vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 4/14

5 Program Transformations Definition (Program Transformation, Correctness) A Program transformation: e 1 T e0 = e 1 c e 0 Focus on c, since c = c c T is called convergence preserving iff e 1 T (E E) is correct iff T e0 e 1 = e 0 context-closed for T iff convergence preservation of T implies T c R(T ) T (e.g. := {(R[e 1 ], R[e 0 ]) e 1 e0, R R}) Focus on c. p., since T can easily be context-closed vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 5/14

6 Proving Convergence Preservation Prove convergence preservation for T, i.e. e 1 T e0 e 1 = e 0 : e 1 e 2. sr,l 2 T e 0 e 2. a 1 a 0 sr,l 2 sr,l m Outline of Convergence Preservation Proof for T T e0 e 1, e 0 E with e 1 sr,l T 1 Determine all overlaps e 2 e 1 e0 and join them into: Sets of diagrams 2 Construct converging reduction sequence for e 0 using the diagram sets vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 6/14

7 Forking and Answer Diagrams Diagram for : T Rewrite rule S L S R on abstract reduction sequences (ARSs) 1 concrete sequence: a e n... T e 1 e 0 1 abstract sequence: A e n... T e 1 e 0 + denotes transitive closure of reductions Forking diagram:... T T... T sr,l m... Finite representation of overlaps and joining sequences Represent set of rewrite rules on concrete sequences sr,l 1 Answer diagram: A T A sr,ln... DF ( T ), DA( T ): Sets of diagrams (i.e. rewriting systems) vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 7/14

8 Complete Sets of Diagrams Example (Diagrams for is,llet ) DF DF sr,a is,llet sr,a A is,llet A sr,lll,+ is,llet sr,lll,+ is,llet sr,a sr,a sr,llet sr,a is,llet sr,a is,llet is,llet sr,lll,+ sr,lll,+ is,llet Definition (Complete Diagram Set for T ) DF ( ) T is complete, if every ARS of the form A sr,ln... T is rewritable by a diagram in DF ( ) T DA( T ) is complete, if every sequence A T is rewritable by a diagram in DA( T ) vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 8/14

9 Proving Correctness through Induction Construct an evaluation through diagram application and induction vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 9/14

10 Proving Correctness through Induction Construct an evaluation through diagram application and induction a 1 is,llet e0 vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 9/14

11 Proving Correctness through Induction Construct an evaluation through diagram application and induction a 1 is,llet e0 A is,llet A vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 9/14

12 Proving Correctness through Induction Construct an evaluation through diagram application and induction a 1 is,llet e0 A is,llet A is,llet e 1 e0 e 2 sr,l 2. a 1 vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 9/14

13 Proving Correctness through Induction Construct an evaluation through diagram application and induction a 1 is,llet e0 A is,llet A is,llet e 1 e0 e 2 sr,l 2. a 1 is,llet sr,a sr,a vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 9/14

14 Proving Correctness through Induction Construct an evaluation through diagram application and induction a 1 is,llet e0 A is,llet A is,llet e 1 e0 sr,l 1 e 2 sr,l 2. a 1 is,llet sr,a sr,a vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 9/14

15 Proving Correctness through Induction Construct an evaluation through diagram application and induction a 1 is,llet e0 A is,llet A is,llet e 1 e0 sr,l 1 e 2 is,llet e 1 e0 e 2 sr,l 2 sr,l 2.. a 1 is,llet sr,a sr,a a 1 vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 9/14

16 Proving Correctness through Induction Construct an evaluation through diagram application and induction a 1 is,llet e0 A is,llet A is,llet e 1 e0 sr,l 1 e 2 is,llet e 1 e0 e 2 sr,l 2 sr,l 2.. a 1 is,llet sr,a sr,a a 1 is,llet sr,a sr,a is,llet vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 9/14

17 Proving Correctness through Induction Construct an evaluation through diagram application and induction a 1 is,llet e0 A is,llet A is,llet e 1 e0 sr,l 1 e 2 is,llet e 1 e0 is,llet e 2 e 2 sr,l 2 sr,l 2.. a 1 is,llet sr,a sr,a a 1 is,llet sr,a sr,a is,llet vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 9/14

18 Proving Correctness through Induction Construct an evaluation through diagram application and induction a 1 is,llet e0 A is,llet A is,llet e 1 e0 sr,l 1 e 2 sr,l 2. a 1 is,llet sr,a sr,a is,llet e 1 e0 is,llet e 2 e 2 sr,l 2 I.H.. a 1 a 0 sr,a is,llet sr,a is,llet vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 9/14

19 Proving Correctness through Induction Construct an evaluation through diagram application and induction a 1 is,llet e0 A is,llet A is,llet e 1 e0 sr,l 1 e 2 is,llet e 1 e0 is,llet e 2 e 2 sr,l 2 sr,l 2. I.H.. a a 1 a 0 1 is,llet is,llet sr,a sr,a sr,a sr,a is,llet Rewriting by diagrams, termination by induction vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 9/14

20 Proving Correctness by Termination Lemma Let DF ( T ) and DA( T ) be complete sets of diagrams for T. If DF ( T ) DA( T ) terminates, then T is convergence preserving. Theorem Let T be context-closed for T and DF ( ), T DA( ) T be complete sets of diagrams. T Let T be context-closed for and DF ( ), T DA( ) T be complete sets of diagrams. If DF ( ) T DA( ) T and DF ( ) T DA( ) T terminate, then T c. vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 10/14

21 Automation of Correctness Proof DF ( T ) DA( T ) is a rewriting system on ARSs that characterizes the convergence preservation of T Encode complete sets of diagrams into TRSs Those TRSs can be automatically tested for termination (e.g. by AProVE) Thus automating a critical part of the correctness proof vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 11/14

22 Introduction Calculus & Program Transformations Proving Correctness Encoding Conclusion Example: Encoding DF ( is,seq ) DA( is,seq ) DF ( is,seq ) sr,a is,seq sr,a is,seq sr,a sr,a sr,seq sr,a sr,cp is,seq sr,a is,seq is,seq sr,cp is,seq is,seq TRS isseq(sra(x)) sra(x) isseq(srseq(x)) srseq(x) isseq(srcp(x)) srcp(x) isseq(sra(srseq(x))) sra(x) isseq(srseq(srseq(x))) srseq(x) isseq(srcp(srseq(x))) srcp(x) isseq(sra(x)) sra(isseq(x)) isseq(srseq(x)) srseq(isseq(x)) isseq(srcp(x)) srcp(isseq(x)) isseq(srcp(x)) srcp(isseq(isseq(x))) DA( is,seq ) A is,seq A TRS isseq(a) A Termination of DF ( is,seq ) DA( is,seq ) was shown using AProVE vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 12/14

23 Introduction Calculus & Program Transformations Proving Correctness Encoding Conclusion Example: Encoding Transitive Closure of Reductions sr,lll,+ is,llet sr,lll,+ isllet(d(x)) E(x) Transitive closure of reductions: Infinite sets of diagrams Contract sequence of lll-reductions into the transitive closure srlll(x) D(x) srlll(d(x)) D(x) Expand transitive closure into sequence of lll-reductions E(x) srlll(x) E(x) E(srlll(x)) isllet(srlll(srlll(a))) isllet(d(a)) E(A) E(srlll(A))... vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 13/14

24 Introduction Calculus & Program Transformations Proving Correctness Encoding Conclusion Example: Encoding Transitive Closure of Reductions sr,lll,+ is,llet sr,lll,+ isllet(d(x)) E(x) Transitive closure of reductions: Infinite sets of diagrams Contract sequence of lll-reductions into the transitive closure srlll(x) D(x) srlll(d(x)) D(x) Expand transitive closure into sequence of lll-reductions E(x) srlll(x) E(x) E(srlll(x)) Naive approach introduces non-termination isllet(srlll(srlll(a))) isllet(d(a)) E(A) E(srlll(A))... vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 13/14

25 Introduction Calculus & Program Transformations Proving Correctness Encoding Conclusion Example: Encoding Transitive Closure of Reductions sr,lll,+ is,llet sr,lll,+ isllet(d(x)) E(x) isllet(d(x)) E(k, x) Transitive closure of reductions: Infinite sets of diagrams Contract sequence of lll-reductions into the transitive closure srlll(x) D(x) srlll(d(x)) D(x) Expand transitive closure into sequence of lll-reductions E(x) srlll(x) Naive approach introduces E(x) E(srlll(x)) non-termination E(0, x) x CITRS approach E(k, x) E(k 1, srlll(x)) if k > 0 isllet(srlll(srlll(a))) E(k, A) E(k 1, srlll(a))... srlll k (A) vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 13/14

26 Results and Further Work Results Automation of a critical part in correctness proofs: Manual induction is replaced by automatic termination proofs All diagrams from Schmidt-Schauß, Schütz, Sabel, 2008 (LR-calculus) could be shown as terminating by AProVE Method is independent of program calculus Future Work Extend the method to diagrams in other program calculi Connect an automated termination prover with the diagram calculator to complete the tool for automated correctness proofs of program transformations vid Sabel Correctness Proofs of Program Transformations as a Termination Problem C. Rau, D. Sabel, M. Schmidt-Schauß 14/14