Portland State University PDXScholar Dissertations and Theses Dissertations and Theses 1-1-2011 HOLCF '11: A Definitional Domain Theory for Verifying Functional Programs Brian Charles Huffman Portland State University Follow this and additional works at: https://pdxscholar.library.pdx.edu/open_access_etds Let us know how access to this document benefits ou.y Recommended Citation Huffman, Brian Charles, "HOLCF '11: A Definitional Domain Theory for Verifying Functional Programs" (2011). Dissertations and Theses. Paper 113. https://doi.org/10.15760/etd.113 This Dissertation is brought to you for free and open access. It has been accepted for inclusion in Dissertations and Theses by an authorized administrator of PDXScholar. Please contact us if we can make this document more accessible: [email protected]. HOLCF ’11: A Definitional Domain Theory for Verifying Functional Programs by Brian Charles Huffman A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Dissertation Committee: James Hook, Chair John Matthews Mark Jones Tim Sheard Gerardo Lafferriere Portland State University c 2012 This work is licensed under the Creative Commons Attribu- tion 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. i ABSTRACT HOLCF is an interactive theorem proving system that uses the mathematics of domain theory to reason about programs written in functional programming lan- guages. This thesis introduces HOLCF ’11, a thoroughly revised and extended version of HOLCF that advances the state of the art in program verification: HOLCF ’11 can reason about many program definitions that are beyond the scope of other formal proof tools, while providing a high degree of proof automation. The soundness of the system is ensured by adhering to a definitional approach: New constants and types are defined in terms of previous concepts, without introducing new axioms. Major features of HOLCF ’11 include two high-level definition packages: the Fixrec package for defining recursive functions, and the Domain package for defining recursive datatypes. Each of these uses the domain-theoretic concept of least fixed points to translate user-supplied recursive specifications into safe low- level definitions. Together, these tools make it easy for users to translate a wide variety of functional programs into the formalism of HOLCF. Theorems generated by the tools also make it easy for users to reason about their programs, with a very high level of confidence in the soundness of the results. As a case study, we present a fully mechanized verification of a model of con- currency based on powerdomains. The formalization depends on many features unique to HOLCF ’11, and is the first verification of such a model in a formal proof tool. ii ACKNOWLEDGMENTS I would like to thank my advisor, John Matthews, for having continued to devote so much time to working with me, even as a part-time professor; and for motivating me to keep studying domain theory (and enjoying it!) these past years. iii CONTENTS Abstract ..................................... i Acknowledgments ............................... ii List of Figures ................................. viii 1 Introduction ................................. 1 1.1 Informal reasoning with Haskell....................3 1.1.1 Haskell terms and types....................3 1.1.2 Equational reasoning......................5 1.1.3 Proofs by induction.......................6 1.1.4 Bottoms and partial values...................7 1.1.5 Infinite values and admissibility conditions..........9 1.2 A preview of formal reasoning with HOLCF ’11........... 10 1.3 Historical background.......................... 13 1.3.1 Logic of computable functions................. 13 1.3.2 LCF style theorem provers................... 14 1.3.3 Higher order logic and the definitional approach....... 16 1.3.4 Isabelle/HOLCF........................ 18 1.4 Thesis statement............................ 21 1.5 Outline.................................. 22 2 Basic Domain Theory in HOLCF ................... 24 2.1 Introduction............................... 24 2.2 Abstract domain theory........................ 27 2.2.1 Type class hierarchy for cpos................. 27 2.2.2 Continuous functions...................... 30 2.2.3 Fixed points, admissibility, and compactness......... 32 2.3 Defining cpos as subtypes: The Cpodef package........... 36 2.4 HOLCF types.............................. 42 iv 2.4.1 Cartesian product cpo..................... 43 2.4.2 Full function space cpo..................... 44 2.4.3 Continuous function type.................... 45 2.4.4 Lifted cpo............................ 49 2.4.5 Cpos from HOL types..................... 51 2.4.6 Strict product type....................... 55 2.4.7 Strict sum type......................... 59 2.5 Automating continuity proofs..................... 63 2.5.1 Original HOLCF continuity tactic............... 63 2.5.2 Bottom-up continuity proofs.................. 64 2.5.3 Efficient continuity rules using products........... 67 2.6 Evaluation................................ 70 3 Recursive Value Definitions: The Fixrec Package ......... 75 3.1 Introduction............................... 75 3.2 Fixrec package features......................... 76 3.3 Expressing recursion with fix...................... 82 3.4 Pattern match compilation....................... 85 3.4.1 Compiling to simple case expressions............. 85 3.4.2 Original Fixrec: Monadic pattern matching......... 87 3.4.3 New Fixrec: Continuation-based matching combinators.. 90 3.5 Implementation............................. 92 3.5.1 Pattern match type....................... 92 3.5.2 Table of pattern match combinators.............. 93 3.5.3 Pattern match compilation................... 94 3.5.4 Fixed point definition and continuity proof.......... 98 3.5.5 Proving pattern match equations............... 100 3.5.6 Mutual recursion........................ 102 3.6 Discussion................................ 105 4 Recursive Datatype Definitions: The Domain Package ...... 109 4.1 Introduction............................... 109 4.2 Domain package features........................ 112 4.2.1 Strict and lazy constructors.................. 112 4.2.2 Case expressions........................ 114 4.2.3 Mixfix syntax.......................... 114 v 4.2.4 Selector functions........................ 115 4.2.5 Discriminator functions..................... 115 4.2.6 Fixrec package support..................... 116 4.2.7 Take functions.......................... 116 4.2.8 Induction rules......................... 117 4.2.9 Finite-valued domains..................... 118 4.2.10 Coinduction........................... 119 4.2.11 Indirect recursion........................ 119 4.3 Implementation............................. 121 4.3.1 Input specification module................... 122 4.3.2 Isomorphism axioms module.................. 125 4.3.3 Take functions module..................... 126 4.3.4 Reach axioms module...................... 130 4.3.5 Take induction module..................... 130 4.3.6 Constructor functions module................. 134 4.3.7 Take rules module....................... 144 4.3.8 Induction rules module..................... 145 4.4 Discussion................................ 147 4.4.1 Problems with axioms..................... 147 5 Powerdomains and Ideal Completion ................. 150 5.1 Introduction............................... 150 5.2 Nondeterminism monads........................ 152 5.3 Powerdomains.............................. 159 5.3.1 Convex powerdomain...................... 160 5.3.2 Upper powerdomain...................... 162 5.3.3 Lower powerdomain....................... 163 5.3.4 Visualizing powerdomains................... 164 5.4 Powerdomain library features..................... 165 5.4.1 Type class constraints..................... 166 5.4.2 Automation........................... 168 5.5 Ideal completion............................ 171 5.5.1 Preorders and ideals...................... 172 5.5.2 Formalizing ideal completion.................. 173 5.5.3 Continuous extensions of functions.............. 178 5.5.4 Formalizing continuous extensions............... 178 vi 5.6 Bifinite cpos............................... 179 5.6.1 Type class for bifinite cpos................... 181 5.6.2 Bifinite types as ideal completions............... 183 5.7 Construction of powerdomains..................... 184 5.7.1 Powerdomain basis type.................... 185 5.7.2 Defining powerdomain types with ideal completion..... 186 5.7.3 Defining constructor functions by continuous extension... 186 5.7.4 Proving properties about the constructors.......... 189 5.7.5 Defining functor and monad operations............ 191 5.8 Discussion................................ 193 6 The Universal Domain and Definitional Domain Package .... 195 6.1 Introduction............................... 195 6.2 Background............................... 197 6.2.1 Embedding-projection pairs and deflations.......... 197 6.2.2 Deflation model of datatypes.................. 200 6.3 Universal domain library features................... 204 6.4 Construction of the universal domain................. 206 6.4.1 Building a sequence of increments............... 207 6.4.2 A basis for the universal domain................ 210 6.4.3 Basis ordering relation..................... 212 6.4.4 Building the embedding and projection............ 212 6.4.5 Bifiniteness