Equational Reasoning with Applicative Functors Andreas Lochbihler - - PowerPoint PPT Presentation

Equational Reasoning with Applicative Functors

Andreas Lochbihler Joshua Schneider

Institute of Information Security

Equational Reasoning with Applicative Functors

Andreas Lochbihler Joshua Schneider

Institute of Information Security

state probabilities

• error

non-determinism

1 2 3 4 · · ·

streams model effects

Equational Reasoning with Applicative Functors

Andreas Lochbihler Joshua Schneider

Institute of Information Security

state probabilities

• error

non-determinism

1 2 3 4 · · ·

streams model effects k g f h f (g ) = h (k )

Equational Reasoning with Applicative Functors

Andreas Lochbihler Joshua Schneider

Institute of Information Security

state probabilities

• error

non-determinism

1 2 3 4 · · ·

streams model effects k g f h pure f ⋄ (g ) = pure h ⋄ (k )

Equational Reasoning with Applicative Functors

Andreas Lochbihler Joshua Schneider

Institute of Information Security

state probabilities

• error

non-determinism

1 2 3 4 · · ·

streams model effects k g f h pure f ⋄ (g ) = pure h ⋄ (k )

don’t care

Contributions

◮ Isabelle/HOL package for reasoning about applicative effects

functor registration ⋄ ⋄x = x = proof tactic classify effects

◮ Meta theory formalised and algorithms verified ◮ Used in several examples and case studies

• A. Lochbihler (ETH Zurich)

ITP 2016 6 / 35

Task: Label a binary tree with distinct numbers!

c b q a d 0 1 2 3 4 lbl

datatype α tree = L α | N (α tree) (α tree)

Example suggested by G. Hutton, D. Fulger: Reasoning about effects: seeing the wood through the trees. TFP 2008

• A. Lochbihler (ETH Zurich)

ITP 2016 7 / 35

Task: Label a binary tree with distinct numbers!

c b q a d 0 1 2 3 4 lbl

datatype α tree = L α | N (α tree) (α tree)

lbl :: α tree ⇒ nat tree

Example suggested by G. Hutton, D. Fulger: Reasoning about effects: seeing the wood through the trees. TFP 2008

• A. Lochbihler (ETH Zurich)

ITP 2016 8 / 35

Task: Label a binary tree with distinct numbers!

c b q a d 0 1 2 3 4 lbl

datatype α tree = L α | N (α tree) (α tree)

state lbl :: α tree ⇒ nat tree state

where

α state = nat ⇒ α × nat monadic

α M = α state return :: α ⇒ α M (> > =) :: α M ⇒ (α ⇒ β M) ⇒ β M lbl (L ) = fresh > > = λx′. return (L x′) lbl (N l r) = lbl l > > = λl′. lbl r > > = λr ′. return (N l′ r ′)

Example suggested by G. Hutton, D. Fulger: Reasoning about effects: seeing the wood through the trees. TFP 2008

• A. Lochbihler (ETH Zurich)

ITP 2016 9 / 35

Task: Label a binary tree with distinct numbers!

c b q a d 0 1 2 3 4 lbl

datatype α tree = L α | N (α tree) (α tree)

state lbl :: α tree ⇒ nat tree state

where

α state = nat ⇒ α × nat monadic

α M = α state

applicative

α F = α state return :: α ⇒ α M (> > =) :: α M ⇒ (α ⇒ β M) ⇒ β M pure :: α ⇒ α F (⋄) :: (α ⇒ β) F ⇒ α F ⇒ β F lbl (L ) = fresh > > = λx′. return (L x′) lbl (N l r) = lbl l > > = λl′. lbl r > > = λr ′. return (N l′ r ′) lbl (L ) = pure L ⋄ fresh lbl (N l r) = pure N ⋄ lbl l ⋄ lbl r

Example suggested by G. Hutton, D. Fulger: Reasoning about effects: seeing the wood through the trees. TFP 2008

• A. Lochbihler (ETH Zurich)

ITP 2016 10 / 35

Labelling trees and lists

c a q 0 1 2 [c, a, q] [0, 1, 2]

lbl lbl′ leaves pure leaves lbl′ :: α list ⇒ nat list state lbl′ [ ] = pure [ ] lbl′ ( · xs) = pure (·) ⋄ fresh ⋄ lbl′ xs leaves :: α tree ⇒ α list leaves (L x) = x · [ ] leaves (N l r) = leaves l + + leaves r

• A. Lochbihler (ETH Zurich)

ITP 2016 11 / 35

Labelling trees and lists

c a q 0 1 2 [c, a, q] [0, 1, 2]

lbl lbl′ leaves pure leaves lbl′ :: α list ⇒ nat list state lbl′ [ ] = pure [ ] lbl′ ( · xs) = pure (·) ⋄ fresh ⋄ lbl′ xs leaves :: α tree ⇒ α list leaves (L x) = x · [ ] leaves (N l r) = leaves l + + leaves r

Lemma: pure leaves ⋄ lbl t = lbl′ (leaves t) Proof by induction on t. Case L x: pure leaves ⋄ lbl (L x) = lbl′ (leaves (L x))

Labelling trees and lists

c a q 0 1 2 [c, a, q] [0, 1, 2]

lbl lbl′ leaves pure leaves lbl′ :: α list ⇒ nat list state lbl′ [ ] = pure [ ] lbl′ ( · xs) = pure (·) ⋄ fresh ⋄ lbl′ xs leaves :: α tree ⇒ α list leaves (L x) = x · [ ] leaves (N l r) = leaves l + + leaves r

Lemma: pure leaves ⋄ lbl t = lbl′ (leaves t) Proof by induction on t. Case L x: pure leaves ⋄ lbl (L x) = lbl′ (leaves (L x)) pure leaves ⋄ (pure L ⋄ fresh) = pure (·) ⋄ fresh ⋄ pure [ ] ∀x. leaves ( L x ) = (·) x [ ]

• A. Lochbihler (ETH Zurich)

ITP 2016 13 / 35

Labelling trees and lists

c a q 0 1 2 [c, a, q] [0, 1, 2]

lbl lbl′ leaves pure leaves lbl′ :: α list ⇒ nat list state lbl′ [ ] = pure [ ] lbl′ ( · xs) = pure (·) ⋄ fresh ⋄ lbl′ xs leaves :: α tree ⇒ α list leaves (L x) = x · [ ] leaves (N l r) = leaves l + + leaves r

Lemma: pure leaves ⋄ lbl t = lbl′ (leaves t) Proof by induction on t. Case L x: pure leaves ⋄ lbl (L x) = lbl′ (leaves (L x)) pure leaves ⋄ (pure L ⋄ fresh) = pure (·) ⋄ fresh ⋄ pure [ ]

⇑

∀x. leaves ( L x ) = (·) x [ ]

holds by the applicative laws

• A. Lochbihler (ETH Zurich)

ITP 2016 14 / 35

Labelling trees and lists

c a q 0 1 2 [c, a, q] [0, 1, 2]

lbl lbl′ leaves pure leaves lbl′ :: α list ⇒ nat list state lbl′ [ ] = pure [ ] lbl′ ( · xs) = pure (·) ⋄ fresh ⋄ lbl′ xs leaves :: α tree ⇒ α list leaves (L x) = x · [ ] leaves (N l r) = leaves l + + leaves r

Lemma: pure leaves ⋄ lbl t = lbl′ (leaves t) Proof by induction on t. Case L x: pure leaves ⋄ lbl (L x) = lbl′ (leaves (L x)) pure leaves ⋄ (pure L ⋄ fresh) = pure (·) ⋄ fresh ⋄ pure [ ]

⇑

∀x. leaves ( L x ) = (·) x [ ]

holds by the applicative laws apply applicative lifting

• A. Lochbihler (ETH Zurich)

ITP 2016 15 / 35

Lifting equations over applicative functors

= pure leaves ⋄ (pure L ⋄ fresh) pure (·) ⋄ fresh ⋄ pure [ ] = ∀x. leaves (L x) x · [ ]

[Hinze 2010]

• A. Lochbihler (ETH Zurich)

ITP 2016 16 / 35

Lifting equations over applicative functors

= pure leaves ⋄ (pure L ⋄ fresh) pure (·) ⋄ fresh ⋄ pure [ ] = ∀x. leaves (L x) x · [ ] ML

λ → ∀

=

I s a b e l l e

β α

kernel

syntactic formalisation

λ → ∀

=

I s a b e l l e

β α

HOL

f

• l

l

• w

s

[Hinze 2010]

• A. Lochbihler (ETH Zurich)

ITP 2016 17 / 35

Lifting equations over applicative functors

= pure leaves ⋄ (pure L ⋄ fresh) pure (·) ⋄ fresh ⋄ pure [ ] = pure (λx. leaves (L x)) ⋄ fresh pure (λx. x · [ ]) ⋄ fresh = ∀x. leaves (L x) x · [ ]

• 1. Convert to canonical form

[Hinze 2010]

• A. Lochbihler (ETH Zurich)

ITP 2016 18 / 35

Lifting equations over applicative functors

= pure leaves ⋄ (pure L ⋄ fresh) pure (·) ⋄ fresh ⋄ pure [ ] = pure (λx. leaves (L x)) ⋄ fresh pure (λx. x · [ ]) ⋄ fresh = ∀x. leaves (L x) x · [ ]

• 1. Convert to canonical form

applicative expression → pure f ⋄ x1 ⋄ x2 ⋄ . . . ⋄ xn Canonical form

[McBride, Paterson] [Hinze 2010]

• A. Lochbihler (ETH Zurich)

ITP 2016 19 / 35

Lifting equations over applicative functors

pure function

• paque arguments
• paque arguments
• paque arguments
• paque arguments
• paque arguments

= pure leaves ⋄ (pure L ⋄ fresh) pure (·) ⋄ fresh ⋄ pure [ ] = pure (λx. leaves (L x)) ⋄ fresh pure (λx. x · [ ]) ⋄ fresh = ∀x. leaves (L x) x · [ ]

• 1. Convert to canonical form

applicative expression → pure f ⋄ x1 ⋄ x2 ⋄ . . . ⋄ xn Canonical form

[McBride, Paterson] [Hinze 2010]

• A. Lochbihler (ETH Zurich)

ITP 2016 20 / 35

Lifting equations over applicative functors

pure function

• paque arguments
• paque arguments
• paque arguments
• paque arguments
• paque arguments

= pure leaves ⋄ (pure L ⋄ fresh) pure (·) ⋄ fresh ⋄ pure [ ] = pure (λx. leaves (L x)) ⋄ fresh pure (λx. x · [ ]) ⋄ fresh = ∀X. pure (λx. leaves (L x)) ⋄ X pure (λx. x · [ ]) ⋄ X = ∀x. leaves (L x) x · [ ]

• 1. Convert to canonical form
• 2. Generalise opaque arguments

applicative expression → pure f ⋄ x1 ⋄ x2 ⋄ . . . ⋄ xn Canonical form

[McBride, Paterson] [Hinze 2010]

• A. Lochbihler (ETH Zurich)

ITP 2016 21 / 35

Lifting equations over applicative functors

pure function

• paque arguments
• paque arguments
• paque arguments
• paque arguments
• paque arguments

= pure leaves ⋄ (pure L ⋄ fresh) pure (·) ⋄ fresh ⋄ pure [ ] = pure (λx. leaves (L x)) ⋄ fresh pure (λx. x · [ ]) ⋄ fresh = ∀X. pure (λx. leaves (L x)) ⋄ X pure (λx. x · [ ]) ⋄ X = ∀X. pure (λx. leaves (L x)) ⋄ X pure (λx. x · [ ]) ⋄ X = ∀x. leaves (L x) x · [ ]

• 1. Convert to canonical form
• 2. Generalise opaque arguments
• 3. Equality is a congruence

applicative expression → pure f ⋄ x1 ⋄ x2 ⋄ . . . ⋄ xn Canonical form

[McBride, Paterson] [Hinze 2010]

• A. Lochbihler (ETH Zurich)

ITP 2016 22 / 35

Lifting equations over applicative functors

pure function

• paque arguments
• paque arguments
• paque arguments
• paque arguments
• paque arguments

= pure leaves ⋄ (pure L ⋄ fresh) pure (·) ⋄ fresh ⋄ pure [ ] = pure (λx. leaves (L x)) ⋄ fresh pure (λx. x · [ ]) ⋄ fresh = ∀X. pure (λx. leaves (L x)) ⋄ X pure (λx. x · [ ]) ⋄ X = ∀X. pure (λx. leaves (L x)) ⋄ X pure (λx. x · [ ]) ⋄ X = ∀x. leaves (L x) x · [ ]

• 1. Convert to canonical form
• 2. Generalise opaque arguments
• 3. Equality is a congruence
• 4. Use extensionality

applicative expression → pure f ⋄ x1 ⋄ x2 ⋄ . . . ⋄ xn Canonical form

[McBride, Paterson] [Hinze 2010]

• A. Lochbihler (ETH Zurich)

ITP 2016 23 / 35

Lifting equations over applicative functors

pure function

• paque arguments
• paque arguments
• paque arguments
• paque arguments
• paque arguments

= pure leaves ⋄ (pure L ⋄ fresh) pure (·) ⋄ fresh ⋄ pure [ ] = pure (λx. leaves (L x)) ⋄ fresh pure (λx. x · [ ]) ⋄ fresh = ∀X. pure (λx. leaves (L x)) ⋄ X pure (λx. x · [ ]) ⋄ X = ∀X. pure (λx. leaves (L x)) ⋄ X pure (λx. x · [ ]) ⋄ X = ∀x. leaves (L x) x · [ ]

• 1. Convert to canonical form
• 2. Generalise opaque arguments
• 3. Equality is a congruence
• 4. Use extensionality

applicative expression → pure f ⋄ x1 ⋄ x2 ⋄ . . . ⋄ xn Canonical form

[McBride, Paterson] [Hinze 2010]

Same opaque args. on both sides!

• A. Lochbihler (ETH Zurich)

ITP 2016 24 / 35

Tree mirroring

c a q 0 1 2 q a c 1 2

lbl mirror lbl pure mirror

?

lbl :: α tree ⇒ nat tree state lbl (L ) = pure L ⋄ fresh lbl (N l r) = pure N ⋄ lbl l ⋄ lbl r mirror :: α tree ⇒ α tree mirror (L x) = L x mirror (N l r) = N (mirror r) (mirror l)

Lemma: lbl (mirror t) = pure mirror ⋄ lbl t

Proof by induction on t. Case N l r: pure (λr ′ l′. N (mirror r ′) (mirror l′)) ⋄ lbl r ⋄ lbl l

?

= pure (λl′ r ′. mirror (N l′ r ′)) ⋄ lbl l ⋄ lbl r

• A. Lochbihler (ETH Zurich)

ITP 2016 25 / 35

Tree mirroring

c a q 0 1 2 q a c 1 2

lbl mirror lbl pure mirror lbl :: α tree ⇒ nat tree state lbl (L ) = pure L ⋄ fresh lbl (N l r) = pure N ⋄ lbl l ⋄ lbl r mirror :: α tree ⇒ α tree mirror (L x) = L x mirror (N l r) = N (mirror r) (mirror l)

Lemma: lbl (mirror t) = pure mirror ⋄ lbl t

Proof by induction on t. Case N l r: pure (λr ′ l′. N (mirror r ′) (mirror l′)) ⋄ lbl r ⋄ lbl l

?

= pure (λl′ r ′. mirror (N l′ r ′)) ⋄ lbl l ⋄ lbl r

• A. Lochbihler (ETH Zurich)

ITP 2016 26 / 35

Tree mirroring and random labels

c a q q a c

lbl mirror lbl pure mirror lbl :: α tree ⇒ nat tree probability lbl (L ) = pure L ⋄ fresh lbl (N l r) = pure N ⋄ lbl l ⋄ lbl r mirror :: α tree ⇒ α tree mirror (L x) = L x mirror (N l r) = N (mirror r) (mirror l)

Lemma: lbl (mirror t) = pure mirror ⋄ lbl t if effects commute

Proof by induction on t. Case N l r: pure (λr ′ l′. N (mirror r ′) (mirror l′)) ⋄ lbl r ⋄ lbl l = pure (λl′ r ′. mirror (N l′ r ′)) ⋄ lbl l ⋄ lbl r

• A. Lochbihler (ETH Zurich)

ITP 2016 27 / 35

Tree mirroring and random labels

c a q q a c

lbl mirror lbl pure mirror lbl :: α tree ⇒ nat tree probability lbl (L ) = pure L ⋄ fresh lbl (N l r) = pure N ⋄ lbl l ⋄ lbl r mirror :: α tree ⇒ α tree mirror (L x) = L x mirror (N l r) = N (mirror r) (mirror l) Criterion for commutative effects: pure (λf x y. f y x) ⋄ f ⋄ x ⋄ y = f ⋄ y ⋄ x C f x y = f y x

Lemma: lbl (mirror t) = pure mirror ⋄ lbl t if effects commute

Proof by induction on t. Case N l r: pure (λr ′ l′. N (mirror r ′) (mirror l′)) ⋄ lbl r ⋄ lbl l = pure (λl′ r ′. mirror (N l′ r ′)) ⋄ lbl l ⋄ lbl r

• A. Lochbihler (ETH Zurich)

ITP 2016 28 / 35

Subtrees

q a c a c

lbl right lbl pure right

c a q

lbl mirror pure mirror

Lemma: lbl (right t) = pure right ⋄ lbl t

Proof by case analysis on t. Case N l r: pure (λr ′. r ′) ⋄ lbl r

?

= pure (λ r ′. r ′) ⋄ lbl l ⋄ lbl r

• A. Lochbihler (ETH Zurich)

ITP 2016 29 / 35

Subtrees

q a c a c

lbl right lbl pure right

c a q

lbl mirror pure mirror

Lemma: if effects are omissible lbl (right t) = pure right ⋄ lbl t

Proof by case analysis on t. Case N l r: pure (λr ′. r ′) ⋄ lbl r = pure (λ r ′. r ′) ⋄ lbl l ⋄ lbl r Criterion for omissible effects: pure (λx y. x) ⋄ x ⋄ y = x K x y = x

• A. Lochbihler (ETH Zurich)

ITP 2016 30 / 35

Combinatorial basis BCKW B C K W

commutative idempotent

• missible

◮ Declarative characterisation of “liftable” equations ◮ Modular implementation via bracket abstraction

• A. Lochbihler (ETH Zurich)

ITP 2016 31 / 35

Combinatorial basis BCKW B C K W

commutative idempotent

• missible

state probability exception reader

◮ Declarative characterisation of “liftable” equations ◮ Modular implementation via bracket abstraction ◮ User declares and proves combinator properties at registration

• A. Lochbihler (ETH Zurich)

ITP 2016 32 / 35

Combinatorial basis BCKW B C K W

commutative idempotent

• missible

state probability exception reader

stream non-standard numbers maybe zip list non- determinism non-determinism with failure subprobability commutative monoid idempotent monoid

• rdered

non-determinism parser list monoid ◮ Declarative characterisation of “liftable” equations ◮ Modular implementation via bracket abstraction ◮ User declares and proves combinator properties at registration

• A. Lochbihler (ETH Zurich)

ITP 2016 33 / 35

Summary

www.isa-afp.org/entries/Applicative Lifting.shtml

functor registration ⋄ ⋄x = x = proof tactic formalisation

• f the meta theory

guides

B C K W

classify effects

• A. Lochbihler (ETH Zurich)

ITP 2016 34 / 35

Summary

www.isa-afp.org/entries/Applicative Lifting.shtml

functor registration ⋄ ⋄x = x = proof tactic formalisation

• f the meta theory

guides generate? beyond equality? monads?

B C K W

classify effects

• A. Lochbihler (ETH Zurich)

ITP 2016 35 / 35