Page 1
Circular Coinduction-based Techniques for ProvingBehavioral Properties
Dorel Lucanu
Al. I. Cuza Univ., Iasi, RO
Nov. 6, 2008, INRIA/LORIA
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 1 / 1
Page 2
Outline
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 2 / 1
Page 3
Introduction
Plan
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 3 / 1
Page 4
Introduction
What is CIRC?
I CIRC is a metalanguage application implemented as an extension ofFull Maude:
I comes with a new way of execution (proving goals expressingbehavioral equivalences)
I provides a parser for a language syntax that extends Maude’s
I implements Circularity Principle (CP) for both coinduction andinduction (the later partially implemented)
I extends CP for coinduction with simplification and special context (inprogress)
I uses strategies for specifying proof tactics
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 4 / 1
Page 5
Introduction
What is CIRC?
I CIRC is a metalanguage application implemented as an extension ofFull Maude:
I comes with a new way of execution (proving goals expressingbehavioral equivalences)
I provides a parser for a language syntax that extends Maude’s
I implements Circularity Principle (CP) for both coinduction andinduction (the later partially implemented)
I extends CP for coinduction with simplification and special context (inprogress)
I uses strategies for specifying proof tactics
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 4 / 1
Page 6
Introduction
What is CIRC?
I CIRC is a metalanguage application implemented as an extension ofFull Maude:
I comes with a new way of execution (proving goals expressingbehavioral equivalences)
I provides a parser for a language syntax that extends Maude’s
I implements Circularity Principle (CP) for both coinduction andinduction (the later partially implemented)
I extends CP for coinduction with simplification and special context (inprogress)
I uses strategies for specifying proof tactics
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 4 / 1
Page 7
Introduction
What is CIRC?
I CIRC is a metalanguage application implemented as an extension ofFull Maude:
I comes with a new way of execution (proving goals expressingbehavioral equivalences)
I provides a parser for a language syntax that extends Maude’s
I implements Circularity Principle (CP) for both coinduction andinduction (the later partially implemented)
I extends CP for coinduction with simplification and special context (inprogress)
I uses strategies for specifying proof tactics
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 4 / 1
Page 8
Introduction
What is CIRC?
I CIRC is a metalanguage application implemented as an extension ofFull Maude:
I comes with a new way of execution (proving goals expressingbehavioral equivalences)
I provides a parser for a language syntax that extends Maude’s
I implements Circularity Principle (CP) for both coinduction andinduction (the later partially implemented)
I extends CP for coinduction with simplification and special context (inprogress)
I uses strategies for specifying proof tactics
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 4 / 1
Page 9
Introduction
What is CIRC?
I CIRC is a metalanguage application implemented as an extension ofFull Maude:
I comes with a new way of execution (proving goals expressingbehavioral equivalences)
I provides a parser for a language syntax that extends Maude’s
I implements Circularity Principle (CP) for both coinduction andinduction (the later partially implemented)
I extends CP for coinduction with simplification and special context (inprogress)
I uses strategies for specifying proof tactics
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 4 / 1
Page 10
CIRC at Work
Plan
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 5 / 1
Page 11
CIRC at Work Streams
Example: Streams 1/3
I consider:I two datatypes: Bit = {0, 1} and BitStream (S = b0b1b2 . . .)I two behavioral operations:
hd : BitStream→ Bit (hd(S) = b0)tl : BitStream→ BitStream (tl(S) = b1b2 . . .)
I another operation:zip : BitStream BitStream→ Bit
zip(b0b1 . . . , b′0b
′1 . . .) = b0b
′0b1b
′1 . . .
I define behavioral equivalence ≡ over BitStream by:S1 ≡ S2 iff hd(S1) = hd(S2) and tl(S1) ≡ tl(S2)
I how do we prove that zip(0∞, 1∞) ≡ (01)∞? 1
1w∞ def= w : w : w : . . .
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 6 / 1
Page 12
CIRC at Work Streams
Example: Streams 1/3
I consider:I two datatypes: Bit = {0, 1} and BitStream (S = b0b1b2 . . .)I two behavioral operations:
hd : BitStream→ Bit (hd(S) = b0)tl : BitStream→ BitStream (tl(S) = b1b2 . . .)
I another operation:zip : BitStream BitStream→ Bit
zip(b0b1 . . . , b′0b
′1 . . .) = b0b
′0b1b
′1 . . .
I define behavioral equivalence ≡ over BitStream by:S1 ≡ S2 iff hd(S1) = hd(S2) and tl(S1) ≡ tl(S2)
I how do we prove that zip(0∞, 1∞) ≡ (01)∞? 1
1w∞ def= w : w : w : . . .
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 6 / 1
Page 13
CIRC at Work Streams
Example: Streams 1/3
I consider:I two datatypes: Bit = {0, 1} and BitStream (S = b0b1b2 . . .)I two behavioral operations:
hd : BitStream→ Bit (hd(S) = b0)tl : BitStream→ BitStream (tl(S) = b1b2 . . .)
I another operation:zip : BitStream BitStream→ Bit
zip(b0b1 . . . , b′0b
′1 . . .) = b0b
′0b1b
′1 . . .
I define behavioral equivalence ≡ over BitStream by:S1 ≡ S2 iff hd(S1) = hd(S2) and tl(S1) ≡ tl(S2)
I how do we prove that zip(0∞, 1∞) ≡ (01)∞? 1
1w∞ def= w : w : w : . . .
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 6 / 1
Page 14
CIRC at Work Streams
Example: Streams 1/3
I consider:I two datatypes: Bit = {0, 1} and BitStream (S = b0b1b2 . . .)I two behavioral operations:
hd : BitStream→ Bit (hd(S) = b0)tl : BitStream→ BitStream (tl(S) = b1b2 . . .)
I another operation:zip : BitStream BitStream→ Bit
zip(b0b1 . . . , b′0b
′1 . . .) = b0b
′0b1b
′1 . . .
I define behavioral equivalence ≡ over BitStream by:S1 ≡ S2 iff hd(S1) = hd(S2) and tl(S1) ≡ tl(S2)
I how do we prove that zip(0∞, 1∞) ≡ (01)∞? 1
1w∞ def= w : w : w : . . .
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 6 / 1
Page 15
CIRC at Work Streams
Example: Streams 1/3
I consider:I two datatypes: Bit = {0, 1} and BitStream (S = b0b1b2 . . .)I two behavioral operations:
hd : BitStream→ Bit (hd(S) = b0)tl : BitStream→ BitStream (tl(S) = b1b2 . . .)
I another operation:zip : BitStream BitStream→ Bit
zip(b0b1 . . . , b′0b
′1 . . .) = b0b
′0b1b
′1 . . .
I define behavioral equivalence ≡ over BitStream by:S1 ≡ S2 iff hd(S1) = hd(S2) and tl(S1) ≡ tl(S2)
I how do we prove that zip(0∞, 1∞) ≡ (01)∞? 1
1w∞ def= w : w : w : . . .
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 6 / 1
Page 16
CIRC at Work Streams
Example: Streams 2/3
(fth BITSTREAM .sort Bit BitStream .var S S’ : BitStream .var B : Bit .
ops 0 1 : -> Bit . --- constants of sort Bit
op hd : BitStream -> Bit . --- the derivativesop tl : BitStream -> BitStream . --- (observers)
op zip : BitStream BitStream -> BitStream .eq hd(zip(S, S’)) = hd(S) .eq tl(zip(S, S’)) = zip(S’, tl(S)) .
op _:_ : Bit BitStream -> BitStream .eq hd(B : S)) = B .eq tl(B : S)) = S .
endfth)
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 7 / 1
Page 17
CIRC at Work Streams
Example: Streams 2/3
(fth BITSTREAM .sort Bit BitStream .var S S’ : BitStream .var B : Bit .
ops 0 1 : -> Bit . --- constants of sort Bit
op hd : BitStream -> Bit . --- the derivativesop tl : BitStream -> BitStream . --- (observers)
op zip : BitStream BitStream -> BitStream .eq hd(zip(S, S’)) = hd(S) .eq tl(zip(S, S’)) = zip(S’, tl(S)) .
op _:_ : Bit BitStream -> BitStream .eq hd(B : S)) = B .eq tl(B : S)) = S .
endfth)
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 7 / 1
Page 18
CIRC at Work Streams
Example: Streams 2/3
(fth BITSTREAM .sort Bit BitStream .var S S’ : BitStream .var B : Bit .
ops 0 1 : -> Bit . --- constants of sort Bit
op hd : BitStream -> Bit . --- the derivativesop tl : BitStream -> BitStream . --- (observers)
op zip : BitStream BitStream -> BitStream .eq hd(zip(S, S’)) = hd(S) .eq tl(zip(S, S’)) = zip(S’, tl(S)) .
op _:_ : Bit BitStream -> BitStream .eq hd(B : S)) = B .eq tl(B : S)) = S .
endfth)
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 7 / 1
Page 19
CIRC at Work Streams
Example: Streams 2/3
(fth BITSTREAM .sort Bit BitStream .var S S’ : BitStream .var B : Bit .
ops 0 1 : -> Bit . --- constants of sort Bit
op hd : BitStream -> Bit . --- the derivativesop tl : BitStream -> BitStream . --- (observers)
op zip : BitStream BitStream -> BitStream .eq hd(zip(S, S’)) = hd(S) .eq tl(zip(S, S’)) = zip(S’, tl(S)) .
op _:_ : Bit BitStream -> BitStream .eq hd(B : S)) = B .eq tl(B : S)) = S .
endfth)
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 7 / 1
Page 20
CIRC at Work Streams
Example: Streams 2/3
(fth BITSTREAM .sort Bit BitStream .var S S’ : BitStream .var B : Bit .
ops 0 1 : -> Bit . --- constants of sort Bit
op hd : BitStream -> Bit . --- the derivativesop tl : BitStream -> BitStream . --- (observers)
op zip : BitStream BitStream -> BitStream .eq hd(zip(S, S’)) = hd(S) .eq tl(zip(S, S’)) = zip(S’, tl(S)) .
op _:_ : Bit BitStream -> BitStream .eq hd(B : S)) = B .eq tl(B : S)) = S .
endfth)
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 7 / 1
Page 21
CIRC at Work Streams
Example: Streams 3/3
(cth BITSTREAM-0-1 is including BITSTREAM .
ops zeroes ones blink : -> BitStream .
eq hd(zeroes) = 0 . eq tl(zeroes) = zeroes .
eq hd(ones) = 1 . eq tl(ones) = ones .
eq hd(blink) = 0 . eq tl(blink) = 1 : blink .
der hd(*:BitStream) .
der tl(*:BitStream) .
endcth)
(add goal zip(zeroes, ones) = blink .)
Demo: streams-blink.maude
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 8 / 1
Page 22
CIRC at Work Streams
Example: Streams 3/3
(cth BITSTREAM-0-1 is including BITSTREAM .
ops zeroes ones blink : -> BitStream .
eq hd(zeroes) = 0 . eq tl(zeroes) = zeroes .
eq hd(ones) = 1 . eq tl(ones) = ones .
eq hd(blink) = 0 . eq tl(blink) = 1 : blink .
der hd(*:BitStream) .
der tl(*:BitStream) .
endcth)
(add goal zip(zeroes, ones) = blink .)
Demo: streams-blink.maude
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 8 / 1
Page 23
CIRC at Work Streams
Example: Streams 3/3
(cth BITSTREAM-0-1 is including BITSTREAM .
ops zeroes ones blink : -> BitStream .
eq hd(zeroes) = 0 . eq tl(zeroes) = zeroes .
eq hd(ones) = 1 . eq tl(ones) = ones .
eq hd(blink) = 0 . eq tl(blink) = 1 : blink .
der hd(*:BitStream) .
der tl(*:BitStream) .
endcth)
(add goal zip(zeroes, ones) = blink .)
Demo: streams-blink.maude
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 8 / 1
Page 24
CIRC at Work Extended Regular Expressions
Example: Extended Regular Expressions 1/3Let Alph be an alphabet.The extended regular expressions over Alph:
R ::= ε | ∅ | A | R1 + R2 | R1#R2 | R∗ | R1 ∩ R2 | ¬R
where A ranges over Alph.The behavioral operations (derivatives)[Brzozowski]:
I epsIn , testing the membership of ε to an ERE, and
I { }, which takes an ERE R and a letter a and returns anexpression characterized by L(R{a}) = {w | aw ∈ L(R)}.
the behavioral equivalence:R ≡ R′ iff epsInR = epsinR′ and (∀a) R{a} ≡ R′{a}
TheoremTogether with the B-ERE behavioral specification, CIRC becomes a fullyautomatic decision procedure for the equivalence of EREs.
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 9 / 1
Page 25
CIRC at Work Extended Regular Expressions
Example: Extended Regular Expressions 2/2th ALPH is
sort Alph . --- the alphabetops a b : -> Alph .
endth
th ERE isinc ALPH + BOOL .sort Ere . --- regular expressions
var R R1 R2 : Ere . var A B : Alph .
op _‘{_‘} : Ere Alph -> Ere . --- letters derivativesop epsIn_ : Re -> Bool . --- epsilon membership derivative
subsort Alph < Ere . --- a lettereq epsIn A = false .eq B { A } = if A == B then epsilon else empty fi .
op epsilon : -> Ere . --- the empty wordeq epsilon { A } = empty .eq epsIn epsilon = true .
op _+_ : Ere Ere -> Ere [assoc comm] . --- unioneq ( R1 + R2 ){ A } = (R1 { A }) + (R2 { A }) .eq epsIn ( R1 + R2 ) = epsIn R1 or epsIn R2 ....
endth ***>Demo: ere.maude
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 10 / 1
Page 26
Behavioral specifications
Plan
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 11 / 1
Page 27
Behavioral specifications
Behavioral Specifications: SyntaxA behavioral specification is a triple (D,B,∆), where
I D = (SD ,ΣD ,ED) specifies data,
I B = (S ,Σ,E ) specifies further the behavioral operations
I there is an inclusion D ↪→ B,
I the elements of SD are visible sorts; e.g., Elt
I the elements of S − SD are hidden sorts; e.g., Stream
I ∆ ⊆ Der(Σ) whose operations are called derivatives (behavioral opns)∆; e.g., hd(∗ : Stream), tl(∗ : Stream)∗ is a special variable of a hidden sortother names for derivatives: destructors, observers
I the derivatives are used to define the experiments:each δ ∈ ∆ of visible sort is an experiment; e.g., hd(∗ : Stream)if γ[∗ : h] is an experiment and (δ : w → h) ∈ ∆,then γ[δ/∗] is an experiment;e.g., hd(tl(∗ : Stream)), hd(tl(tl(∗ : Stream))), . . .
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 12 / 1
Page 28
Behavioral specifications
Behavioral Specifications of EREs
(cth B-ERE
including ERE .
--- any Maude declaration is allowed here
der epsIn(*:Ere) .
der *:Ere a .
der *:Ere b .
endcth)
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 13 / 1
Page 29
Behavioral specifications
Behavioral Specifications of EREs
(cth B-ERE
including ERE .
--- any Maude declaration is allowed here
der epsIn(*:Ere) .
der *:Ere a .
der *:Ere b .
endcth)
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 13 / 1
Page 30
Behavioral specifications
Behavioral Specifications: Semantics
Let (D,B,∆) be a behavioral spec.
A model is a B-model M together with the behavioral equivalence ≡M :
I (∀v ∈ SD) a ≡M,v b iff a = b (for visible sorts ≡M is equality)
I (∀h ∈ S − SD) a ≡M,h b iff (∀γ[∗])[[γ]]M(a) = [[γ]]M(b)(for hidden sorts is the non-distinguish-ability under experiments)
E.g., for streams, s ≡ s ′ iff (∀i)[[hd]]M([[tli]]M(s)) = [[hd]]M([[tli]]M(s′))
M behavioral satisfies (∀X )t = t ′ iff for all θ : X → M, θ∗(t) ≡M θ∗(t ′),where θ∗ is the extension of θ to terms. We write M |≡ (∀X )t = t ′.
Notation. D = M|D (the restriction of M to D)
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 14 / 1
Page 31
Behavioral specifications
A Model for the “Streams of Bits”
[[Stream]]M = N∞[[hd]]M(n0 : n1 : n2 : . . .) = n0 mod 2[[tl]]M(n0 : n1 : n2 : . . .) = n1 : n2 : . . .[[zip]]M(n0 : n1 : n2 : . . . , n′0 : n′1 : n′2 : . . .) = n0 : n′0 : n1 : n′1 : . . .
w∞def= w : w : w : . . .
(0 : 1)∞ ≡M 2 : (3 : 4)∞
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 15 / 1
Page 32
Behavioral specifications
A Model for the Regular Expression
[[Re]]M = P({a, b}∗)[[epsilon]]M = {ε}[[+]]M(L1, L2) = L1 ∪ L2
. . .
[[ { }]]M(L, x) = {w | xw ∈ L}[[epsIn]]M(L) = (ε ∈ L)
L1 ≡M L2 iff L1 = L2
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 16 / 1
Page 33
Behavioral specifications
Behavioral equivalence lifted up to specifications
Let (D,B,∆) be a behavioral spec, whereD = (SD ,ΣD ,ED), B = (S ,Σ,E )I consider a sound inference relation E ` (∀X )t = t ′
I ` could be the equational deduction (complete, but non-practical)I E ` (∀X )t = t ′ iff nfE (t) = nfE (t ′), where the normal forms are
computed using the equations as rewrite rules, e.g., oriented from leftto right (practical, but incomplete)
I define E (∀X )t = t ′ as follows:I if t, t ′ are of visible sort, then E (∀X )t = t ′ iff E ` (∀X )t = t ′
I if t, t ′ are of hidden sort, then E (∀X )t = t ′ iff(∀γ)E ` (∀X )γ[t] = γ[t ′]
Note. We may consider conditional equations, as well.
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 17 / 1
Page 34
Behavioral specifications
Soundness
TheoremLet (D,B,∆) be a behavioral spec, where D = (SD ,ΣD ,ED),B = (S ,Σ,E ). If E (∀X ) t = t ′, then E |≡ (∀X ) t = t ′.
Note. E |≡ e iff for each model M of (D,B,∆), M |≡ e.
Notation. We write t ≡E t ′, or t ≡ t ′ when E is understood from thecontext, for E |≡ (∀X )t = t ′.
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 18 / 1
Page 35
Circular coinduction
Plan
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 19 / 1
Page 36
Circular coinduction
How to prove behavioral equivalence
goal: t ≡E t ′
I coinductionI define a relation RI show that R ⊆ ≡E
I show that E ` t R t ′
I context induction (Hennicker, 1990)I uses the inductive definition of the experiments
I both above methods need manual interventionI circular coinduction
I first time implemented in BOBJ (Goguen, Rosu, Lin, 1999)I at that time Maude did not include reflective capabilitiesI now implemented in CIRC (Lucanu & Rosu, 2007)
I iterative circular coinduction for CoCASL in Isabelle/HOL (Haussmanet al., 2005)
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 20 / 1
Page 37
Circular coinduction
Circularity principle
I generalizes circular coinductive deduction
I assume that each equation of interest (to be proved) e admitsI a frozen form [[[e]]] andI a set of derived equations, its derivatives, Der(e)
I the circularity principle says that the following statement is valid:if from hypotheses H together with [[[e]]] we can deduce Der(e),then e is a consequence of H
I structural induction can also be seen as an instance of the circularityprinciple
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 21 / 1
Page 38
Circular coinduction
Circular Coinduction in CIRC(1/4)
I an example:I the initial goal is zip(0∞, 1∞) ≡ (01)∞
I compute hd(zip(0∞, 1∞)) = 0; hd((01)∞) = 0. They are equal. OK.I compute tl(zip(0∞, 1∞)) = zip(1∞, 0∞); tl((01)∞) = 1 : (01)∞).
zip(1∞, 0∞) ≡ 1 : (01)∞) is the new goal.I compute hd(zip(1∞, 0∞)) = 1; hd(1 : (01)∞)) = 1. OK.I compute tl(zip(1∞, 0∞)) = zip(0∞, 1∞), tl(1 : (01)∞)) = (01)∞.
zip(0∞, 1∞) ≡ (01)∞ should be the new goal but . . .I . . . because it is equal to the initial goal (a circularity was found), we
conclude that zip(0∞, 1∞) ≡ (01)∞ holds.
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 22 / 1
Page 39
Circular coinduction
Circular Coinduction in CIRC(1/4)
I an example:I the initial goal is zip(0∞, 1∞) ≡ (01)∞
I compute hd(zip(0∞, 1∞)) = 0; hd((01)∞) = 0. They are equal. OK.I compute tl(zip(0∞, 1∞)) = zip(1∞, 0∞); tl((01)∞) = 1 : (01)∞).
zip(1∞, 0∞) ≡ 1 : (01)∞) is the new goal.I compute hd(zip(1∞, 0∞)) = 1; hd(1 : (01)∞)) = 1. OK.I compute tl(zip(1∞, 0∞)) = zip(0∞, 1∞), tl(1 : (01)∞)) = (01)∞.
zip(0∞, 1∞) ≡ (01)∞ should be the new goal but . . .I . . . because it is equal to the initial goal (a circularity was found), we
conclude that zip(0∞, 1∞) ≡ (01)∞ holds.
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 22 / 1
Page 40
Circular coinduction
Circular Coinduction in CIRC(1/4)
I an example:I the initial goal is zip(0∞, 1∞) ≡ (01)∞
I compute hd(zip(0∞, 1∞)) = 0; hd((01)∞) = 0. They are equal. OK.I compute tl(zip(0∞, 1∞)) = zip(1∞, 0∞); tl((01)∞) = 1 : (01)∞).
zip(1∞, 0∞) ≡ 1 : (01)∞) is the new goal.I compute hd(zip(1∞, 0∞)) = 1; hd(1 : (01)∞)) = 1. OK.I compute tl(zip(1∞, 0∞)) = zip(0∞, 1∞), tl(1 : (01)∞)) = (01)∞.
zip(0∞, 1∞) ≡ (01)∞ should be the new goal but . . .I . . . because it is equal to the initial goal (a circularity was found), we
conclude that zip(0∞, 1∞) ≡ (01)∞ holds.
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 22 / 1
Page 41
Circular coinduction
Circular Coinduction in CIRC(1/4)
I an example:I the initial goal is zip(0∞, 1∞) ≡ (01)∞
I compute hd(zip(0∞, 1∞)) = 0; hd((01)∞) = 0. They are equal. OK.I compute tl(zip(0∞, 1∞)) = zip(1∞, 0∞); tl((01)∞) = 1 : (01)∞).
zip(1∞, 0∞) ≡ 1 : (01)∞) is the new goal.I compute hd(zip(1∞, 0∞)) = 1; hd(1 : (01)∞)) = 1. OK.I compute tl(zip(1∞, 0∞)) = zip(0∞, 1∞), tl(1 : (01)∞)) = (01)∞.
zip(0∞, 1∞) ≡ (01)∞ should be the new goal but . . .I . . . because it is equal to the initial goal (a circularity was found), we
conclude that zip(0∞, 1∞) ≡ (01)∞ holds.
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 22 / 1
Page 42
Circular coinduction
Circular Coinduction in CIRC(1/4)
I an example:I the initial goal is zip(0∞, 1∞) ≡ (01)∞
I compute hd(zip(0∞, 1∞)) = 0; hd((01)∞) = 0. They are equal. OK.I compute tl(zip(0∞, 1∞)) = zip(1∞, 0∞); tl((01)∞) = 1 : (01)∞).
zip(1∞, 0∞) ≡ 1 : (01)∞) is the new goal.I compute hd(zip(1∞, 0∞)) = 1; hd(1 : (01)∞)) = 1. OK.I compute tl(zip(1∞, 0∞)) = zip(0∞, 1∞), tl(1 : (01)∞)) = (01)∞.
zip(0∞, 1∞) ≡ (01)∞ should be the new goal but . . .I . . . because it is equal to the initial goal (a circularity was found), we
conclude that zip(0∞, 1∞) ≡ (01)∞ holds.
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 22 / 1
Page 43
Circular coinduction
Circular Coinduction in CIRC(1/4)
I an example:I the initial goal is zip(0∞, 1∞) ≡ (01)∞
I compute hd(zip(0∞, 1∞)) = 0; hd((01)∞) = 0. They are equal. OK.I compute tl(zip(0∞, 1∞)) = zip(1∞, 0∞); tl((01)∞) = 1 : (01)∞).
zip(1∞, 0∞) ≡ 1 : (01)∞) is the new goal.I compute hd(zip(1∞, 0∞)) = 1; hd(1 : (01)∞)) = 1. OK.I compute tl(zip(1∞, 0∞)) = zip(0∞, 1∞), tl(1 : (01)∞)) = (01)∞.
zip(0∞, 1∞) ≡ (01)∞ should be the new goal but . . .I . . . because it is equal to the initial goal (a circularity was found), we
conclude that zip(0∞, 1∞) ≡ (01)∞ holds.
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 22 / 1
Page 44
Circular coinduction
Circular Coinduction in CIRC(1/4)
I an example:I the initial goal is zip(0∞, 1∞) ≡ (01)∞
I compute hd(zip(0∞, 1∞)) = 0; hd((01)∞) = 0. They are equal. OK.I compute tl(zip(0∞, 1∞)) = zip(1∞, 0∞); tl((01)∞) = 1 : (01)∞).
zip(1∞, 0∞) ≡ 1 : (01)∞) is the new goal.I compute hd(zip(1∞, 0∞)) = 1; hd(1 : (01)∞)) = 1. OK.I compute tl(zip(1∞, 0∞)) = zip(0∞, 1∞), tl(1 : (01)∞)) = (01)∞.
zip(0∞, 1∞) ≡ (01)∞ should be the new goal but . . .I . . . because it is equal to the initial goal (a circularity was found), we
conclude that zip(0∞, 1∞) ≡ (01)∞ holds.
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 22 / 1
Page 45
Circular coinduction
Circular Coinduction in CIRC(2/4)
The frozen form of equation (∀X ) t = t ′ if c is
(∀X )[[[t]]] = [[[t ′]]] if c,
where [[[ ]]] : sort(t)→ new is a new operation andnew is a new sort
The set Der∆(e) is
{(∀X ) [[[δ[t/∗:h]]]] = [[[δ[t ′/∗:h]]]] if c | δ[∗:h ∈ ∆, h = sort(t)}.
Note. 1. CIRC tool uses the notation fr(t) for [[[t]]].2. Conditions c in equations must of of the form ∧i ti = t ′i ,
where ti and t ′i are of visible sort.
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 23 / 1
Page 46
Circular coinduction
Circular Coinduction in CIRC(3/4)
[Normalize]:(E ,G ∪ {[[[(∀X )t = t ′ if c]]]},S)⇒(E ,G ∪ {[[[(∀X )nf (t) = nf (t ′) if c]]]},S)
[EqRed]:(E ,G ∪ {[[[e]]]},S)⇒ (E ,G,S) if E ` [[[e]]]
[CoindFail]:(E ,G ∪ {[[[e]]]},S)⇒ failure if E 6` [[[e]]] and e is visible
[CCStep]:(E ,G ∪ {(∀X )[[[t]]] = [[[t ′]]] if c},S)⇒(E ∪ {(∀X )[[[t]]] = [[[t ′]]] if c},G ∪ Der∆((∀X )t = t ′ if c),S)if E 6` (∀X )[[[t]]] = [[[t ′]]] if c and t, t ′ are of a hidden sort
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 24 / 1
Page 47
Circular coinduction
Circular Coinduction in CIRC(4/4)
[Simpl]:(E ,G ∪ {[[[e]]]},S)⇒ (E ,G ∪ {(∀X )[[[θ(u)]]] = [[[θ(u′)]]]},S)if (S is S ′ ∪ {(∀X ) t = t ′ if u = u′ ∧ scond}) ∧
(e is (∀X )θ(t) = θ(t ′)) for some θ ∧E ` (∀X )θ([[[scond ]]])
[Comm]:(E ,G ∪ { op : Stream Stream→ Stream [comm]},S)⇒(E ∪ { opComm : Stream Stream→ Stream [comm],
(∀x , y)[[[x op y ]]] = [[[x opComm y ]]]}G ∪ Der(x op y = y op x)},S)
Note. Similar rules to [Comm] are added for associativity, idempotency,and identity. Combinations are also possible, but these require someworkaround; the details will be given somewhere else.
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 25 / 1
Page 48
Circular coinduction
Correctness of CIRC
TheoremLet (D,B = (Σ,E ),∆ be a behavioral specification, e a Σ-equation, andS a set of simplification equations. If (E , [[[e]]])⇒? (E , ∅) using theprocedure above, then E e.
Remarks
I the termination is not guaranteed
I the procedure may fail even if the eqn is beh satisfied (false negativeanswers)
I behavioral equivalence problem is Π02-complete (even for streams)
There are cases when CIRC together with an appropriate beh spec suppliesa fully automatic procedure, e.g., extended regular expressions (ERE)
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 26 / 1
Page 49
Circular coinduction
Coinduction Step
[CCStep]:(E ,G ∪ {(∀X )[[[t]]] = [[[t ′]]] if c},S)⇒(E ∪ {(∀X )[[[t]]] = [[[t ′]]] if c},G ∪ Der∆((∀X )t = t ′ if c),S)if E 6` (∀X )[[[t]]] = [[[t ′]]] if c and t, t ′ are of a hidden sort
I implements Circularity Principle for coinduction
E ∪ {(∀X )[[[t]]] = [[[t ′]]] if c} G ∪ Der∆((∀X )t = t ′ if c)
E G ∪ {(∀X )[[[t]]] = [[[t ′]]] if c}
I in terms of proving theory: [CCStep] tries to discover new helpfullemmas; if in the end all these lemmas are proved using the frozenhypothesis, then the initial goals hold
I in terms of bisimulation: [CCStep] tries to discover new bisimilar pairs
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 27 / 1
Page 50
Circular coinduction
Simplification Step
[Simpl]:(E ,G ∪ {[[[e]]]},S)⇒ (E ,G ∪ {(∀X )[[[θ(u)]]] = [[[θ(u′)]]]},S)if (S is S ′ ∪ {(∀X ) t = t ′ if u = u′ ∧ scond}) ∧
(e is (∀X )θ(t) = θ(t ′)) for some θ ∧E ` (∀X )θ([[[scond ]]])
I it is used to simplify goals; a simplification equation can be thought as
(∀X )t = t ′
u = u′if scond
I an example of simplification equation isS1 + S2 = S ′
S1 = S ′if S2 = [0]
I the correctness is given by the following Modus Ponens like rule:
(MP)(E ∪ S) ` (∀X )t = t ′ if c, E ` c
E ` (∀X )t = t ′
provided that S is sound for E , i.e., E |≡ S.
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 28 / 1
Page 51
Circular coinduction
Special Contexts
I restricting application of circularities to the top of proof goals usingthe operation [[[ ]]] excludes many important situations
I e.g., if f = 1 : zip(f , f ), g = 1 : zip(g , g) and the goal is f = g ,then after a derivation with tl, we obtain zip(f , f ) = zip(g , g); nowthe frozen hypothesis should be applied under the contextszip(∗:Stream, S :Stream) and zip(S :Stream, ∗:Stream)
I a context is defined similarly to experiments, but the result sort couldalso be hidden
I under which context is it safe to use the frozen hypothesis?[in progress]
I adding the equation[[[γ[X :h]]]] = [[[γ[X ′:h]]]] if [[[X :h]]] := [[[X ′:h]]] ∧ X :h 6= X ′:h
to E , solve the above problem
I can the special contexts be automatically computed?[in progress]
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 29 / 1
Page 52
Circular coinduction
Proof Strategies
I the core of CIRC is a set of reduction rules (nondeterministicprocedure)
I a proof tactic means apply these rules in a controlled way
I CIRC uses a strategy language, ROC!, to specify proof tactics(SYNASC 2008)
act ::= r | act . act | act ◦ act | act !
I the (extended) coinduction strategy is like([Comm] . [Normalize] . [Simpl] . [EqRed] . [CCstep])!
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 30 / 1
Page 53
Conclusion
Plan
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 31 / 1
Page 54
Conclusion
A short history of CIRC
I February-March 2006: a first version, as a Maude application,developed by G. Rosu, A. Popescu and D. Lucanu at UIUC
I Autumn 2006: the first major refactoring as Maude metalanguageapplication (D. Lucanu) [CALCO 2007]
I Spring 2007: regular strategies are added (D. Lucanu, G. Rosu, Gh.Grogoras) [WRS 2007]
I Autumn 2007: CIRC become a funded project (PN II ID 393,Romanian Government); G. Caltais (Goriac) and E. Goriac enjoyCIRC team
I Spring 2008: the second major refactoring based on patterns and thestrategy language ROC! [WRLA 2008, SYNASC 2008]
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 32 / 1
Page 55
Conclusion
Conclusion
I CIRC tool implements in Maude Circularity Principle using reflectionproperty of RWL
I CIRC extends Circularity Principle with other capabilities:simplification, special contexts, case analysis
I the proof tactics for CIRC can be described using rewriting strategieswritten in ROC!
I the theoretical background of CIRC is behavioral logic, known also ashidden logic
I CIRC can be easily extended with other capabilities, e.g., combinationof induction with coinduction
I case studies: streams (over rings, fieds), extended regular expressions,infinite trees, equivalence of programs [in progress]
I things to do: refactor induction engine, finding automatically specialcontexts, bisimulation of lts specified as rewrite theories, applicationto program equivalence, integration . . .
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 33 / 1
Page 56
Conclusion
Thanks!
circ.jpg
Dorel Lucanu (Al. I. Cuza Univ., Iasi, RO) Circular Coinduction-based Techniques Nov. 6, 2008, INRIA/LORIA 34 / 1