Supporting dependently typed functional programming with proof automation and testing

Dependent types can be used to capture useful properties about programs at compile time. However, developing dependently typed programs can be difficult in current systems. Capturing interesting program properties usually requires the user to write proofs, where constructing the latter can be both a difficult and tedious process. Additionally, finding and fixing errors in program scripts can be challenging. This thesis concerns ways in which functional programming with dependent types can be made easier. In particular, we focus on providing help for developing programs that incorporate user-defined types and user-defined functions. For the purpose of supporting dependently typed programming, we have designed a framework that provides improved proof automation and error feedback. Proof automation is provided with the use of heuristic based tactics that automate common patterns of proofs that arise when programming with dependent types. In particular, we use heuristics for generalising goals and employ the rippling heuristic for guiding inductive and non-inductive proofs. The automation we describe includes features for caching and reusing lemmas proven during proof search and, whenever proof search fails, the user can assist the prover by providing high-level hints. We concentrate on providing improved feedback for the errors that occur when there is a mismatch between the specification of a program, described with the use of dependent types, and the behaviour of the program. We employ a QuickCheck-like testing tool for automatically identifying these forms of errors, where the counterexamples generated are used as error messages. To demonstrate the effectiveness of our framework for supporting dependently typed programming, we have developed a prototype based around the Coq theorem prover. We demonstrate that the framework as a whole makes program development easier by conducting a series of case studies. In these case studies, which involved verifying properties of tail recursive functions, sorting functions and a binary adder, a significant number of the proofs required were automated.

[1]  Lennart Augustsson,et al.  A compiler for lazy ML , 1984, LFP '84.

[2]  Alan Bundy,et al.  Rippling - meta-level guidance for mathematical reasoning , 2005, Cambridge tracts in theoretical computer science.

[3]  de Ng Dick Bruijn,et al.  A survey of the project Automath , 1980 .

[4]  A. Bundy,et al.  Automated Discovery of Inductive Theorems , 2007 .

[5]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2011, SIGP.

[6]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[7]  Christine Paulin-Mohring Extraction de programmes dans le Calcul des Constructions. (Program Extraction in the Calculus of Constructions) , 1989 .

[8]  Simon L. Peyton Jones,et al.  Report on the programming language Haskell: a non-strict, purely functional language version 1.2 , 1992, SIGP.

[9]  A. Tate,et al.  The Dynamic Creation of Induction Rules Using Proof Planning , 2004 .

[10]  William McCune,et al.  OTTER 3.0 Reference Manual and Guide , 1994 .

[11]  Frank Pfenning,et al.  Refinement Types for Logical Frameworks , 2010 .

[12]  Raymond Aubin,et al.  Mechanizing structural induction , 1976 .

[13]  J. Strother Moore,et al.  An Industrial Strength Theorem Prover for a Logic Based on Common Lisp , 1997, IEEE Trans. Software Eng..

[14]  Ewen Denney The synthesis of a Java card tokenisation algorithm , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[15]  Natarajan Shankar,et al.  Principles and Pragmatics of Subtyping in PVS , 1999, WADT.

[16]  Marieke Huisman,et al.  A Comparison of PVS and Isabelle/HOL , 1998, TPHOLs.

[17]  Edwin C. Brady,et al.  Phase Distinctions In The Compilation Of EPIGRAM , 2005 .

[18]  Simon Colton,et al.  The TM System for Repairing Non-Theorems , 2005, D/PDPAR@IJCAR.

[19]  Matthieu Sozeau A New Look at Generalized Rewriting in Type Theory , 2009, J. Formaliz. Reason..

[20]  Andrew Cumming,et al.  Evaluating environments for functional programming , 2000, Int. J. Hum. Comput. Stud..

[21]  Frank Pfenning,et al.  Eliminating array bound checking through dependent types , 1998, PLDI.

[22]  Ian Green,et al.  Higher-Order Annotated Terms for Proof Search , 1996, TPHOLs.

[23]  Alan Bundy,et al.  The Use of Explicit Plans to Guide Inductive Proofs , 1988, CADE.

[24]  Tjark Weber,et al.  SAT-based finite model generation for higher-order logic , 2008 .

[25]  Yves Bertot,et al.  CoInduction in Coq , 2006, ArXiv.

[26]  A. Church The calculi of lambda-conversion , 1941 .

[27]  Florian Kammüller,et al.  Modular Reasoning in Isabelle , 2000, CADE.

[28]  Ewen Denney,et al.  Hiproofs: A Hierarchical Notion of Proof Tree , 2006, MFPS.

[29]  Colin Runciman,et al.  Smallcheck and lazy smallcheck: automatic exhaustive testing for small values , 2008, Haskell '08.

[30]  P. Dybjer Inductive sets and families in Martin-Lo¨f's type theory and their set-theoretic semantics , 1991 .

[31]  Qiao Haiyan Testing and Proving in Dependent Type Theory , 2003 .

[32]  Hongwei Xi,et al.  ATS: A Language That Combines Programming with Theorem Proving , 2005, FroCoS.

[33]  Walid Taha,et al.  Concoqtion: indexed types now! , 2007, PEPM '07.

[34]  Christoph Kreitz,et al.  The Nuprl Open Logical Environment , 2000, CADE.

[35]  Matthieu Sozeau,et al.  Un environnement pour la programmation avec types dépendants. (An environment for programming with dependent types) , 2008 .

[36]  Ian Green,et al.  Automatic Synthesis of Recursive Programs: The Proof-Planning Paradigm , 2004, Automated Software Engineering.

[37]  Matthieu Sozeau Program-ing finger trees in Coq , 2007, ICFP '07.

[38]  Robert S. Boyer,et al.  A computational logic handbook , 1979, Perspectives in computing.

[39]  Christoph Walther,et al.  Mathematical induction , 1994, Handbook of Logic in Artificial Intelligence and Logic Programming.

[40]  Robert S. Boyer,et al.  Integrating decision procedures into heuristic theorem provers: a case study of linear arithmetic , 1988 .

[41]  Bengt Nordström,et al.  The ALF Proof Editor and Its Proof Engine , 1994, TYPES.

[42]  Chris Okasaki,et al.  Purely functional data structures , 1998 .

[43]  Frank van Harmelen,et al.  Rippling: A Heuristic for Guiding Inductive Proofs , 1993, Artif. Intell..

[44]  Cristina Cornes,et al.  Automating Inversion of Inductive Predicates in Coq , 1995, TYPES.

[45]  Gilles Barthe,et al.  Defining and Reasoning About Recursive Functions: A Practical Tool for the Coq Proof Assistant , 2006, FLOPS.

[46]  James McKinna,et al.  Why dependent types matter , 2006, POPL '06.

[47]  Alan Smaill,et al.  Ordinal Arithmetic: A Case Study for Rippling in a Higher Order Domain , 2001, TPHOLs.

[48]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[49]  Andrew A. Adams,et al.  Rippling in PVS , 2003 .

[50]  Jacques D. Fleuriot,et al.  Automation for Dependently Typed Functional Programming , 2010, Fundam. Informaticae.

[51]  Louise A. Dennis Proof planning coinduction , 1998 .

[52]  P. Medawar A view from the left , 1984, Nature.

[53]  Chetan R. Murthy Extracting Constructive Content From Classical Proofs , 1990 .

[54]  Bernd Grobauer Cost Recurrences for DML Programs , 2001 .

[55]  Catherine Parent,et al.  Synthesizing Proofs from Programs in the Calculus of Inductive Constructions , 1995, MPC.

[56]  Tobias Nipkow,et al.  Nitpick: A Counterexample Generator for Higher-Order Logic Based on a Relational Model Finder , 2010, ITP.

[57]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[58]  Petros Papapanagiotou,et al.  On the Automation of Inductive Proofs in HOL Light , 2007 .

[59]  Hongwei Xi,et al.  Imperative programming with dependent types , 2000, Proceedings Fifteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.99CB36332).

[60]  Andrew Ireland,et al.  Productive use of failure in inductive proof , 1996, Journal of Automated Reasoning.

[61]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[62]  Tobias Nipkow,et al.  Random testing in Isabelle/HOL , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[63]  Ulf Norell,et al.  A Brief Overview of Agda - A Functional Language with Dependent Types , 2009, TPHOLs.

[64]  Ewen Denney,et al.  A Tactic Language for Hiproofs , 2008, AISC/MKM/Calculemus.

[65]  Jacques D. Fleuriot,et al.  IsaPlanner: A Prototype Proof Planner in Isabelle , 2003, CADE.

[66]  Yves Bertot Coq in a Hurry , 2006 .

[67]  Georges Gonthier,et al.  The Four Colour Theorem: Engineering of a Formal Proof , 2008, ASCM.

[68]  Chiyan Chen,et al.  Combining programming with theorem proving , 2005, ICFP '05.

[69]  Yves Bertot,et al.  Dependent Types, Theorem Proving, and Applications for a Verifying Compiler , 2005, VSTTE.

[70]  Venanzio Capretta,et al.  Modelling general recursion in type theory , 2005, Mathematical Structures in Computer Science.

[71]  Dieter Hutter,et al.  INKA: The Next Generation , 1996, CADE.

[72]  Jacques D. Fleuriot,et al.  Higher Order Rippling in IsaPlanner , 2004, TPHOLs.

[73]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[74]  William A. Howard,et al.  The formulae-as-types notion of construction , 1969 .

[75]  Benjamin C. Pierce,et al.  Types and programming languages: the next generation , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[76]  Matthieu Sozeau,et al.  Subset Coercions in Coq , 2006, TYPES.

[77]  J. McKinna FUNCTIONAL PEARL A type-correct , stack-safe , provably correct expression compiler in Epigram , 2006 .

[78]  Edwin Brady,et al.  Lightweight Invariants with Full Dependent Types , 2008, Trends in Functional Programming.

[79]  Peter Dybjer,et al.  Verifying Haskell programs by combining testing and proving , 2003, Third International Conference on Quality Software, 2003. Proceedings..

[80]  Robert Harper,et al.  A dependently typed assembly language , 2001, ICFP '01.

[81]  Jacques D. Fleuriot,et al.  Inductive Proof Automation for Coq , 2010 .

[82]  Conor McBride,et al.  Dependently typed functional programs and their proofs , 2000 .

[83]  Luca Cardelli,et al.  The Quest Language and System , 1994 .

[84]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[85]  Toby Walsh,et al.  A calculus for and termination of rippling , 1996, Journal of Automated Reasoning.

[86]  Stephen N. Freund,et al.  Sage: Hybrid Checking for Flexible Specifications , 2006 .

[87]  Markus Aderhold,et al.  Improvements in Formula Generalization , 2007, CADE.

[88]  Jim Christian,et al.  Flatterms, discrimination nets, and fast term rewriting , 1993, Journal of Automated Reasoning.

[89]  Frank van Harmelen,et al.  The Oyster-Clam System , 1990, CADE.

[90]  Joe Hurd Predicate Subtyping with Predicate Sets , 2001, TPHOLs.

[91]  Eduardo Giménez,et al.  A Tutorial on (Co-)Inductive Types in Coq , 2005 .

[92]  Richard J. Boulton,et al.  System Description: An Interface Between CLAM and HOL , 1998, CADE.

[93]  Fredrik Lindblad,et al.  A Tool for Automated Theorem Proving in Agda , 2004, TYPES.

[94]  Walid Taha,et al.  Implementing Multi-stage Languages Using ASTs, Gensym, and Reflection , 2003, GPCE.

[95]  David Delahaye,et al.  A Tactic Language for the System Coq , 2000, LPAR.

[96]  Alonzo Church,et al.  A formulation of the simple theory of types , 1940, Journal of Symbolic Logic.

[97]  Hongwei Xi,et al.  Dependently Typed Data Structures , 2000 .

[98]  Edwin Brady,et al.  Practical implementation of a dependently typed functional programming language , 2005 .

[99]  Richard J. Boulton Boyer-Moore Automation for the HOL System , 1992, TPHOLs.

[100]  Christoph Kreitz,et al.  Instantiation of Existentially Quantified Variables in Inductive Specification Proofs , 1998, AISC.

[101]  George B. Dantzig,et al.  Fourier-Motzkin Elimination and Its Dual , 1973, J. Comb. Theory, Ser. A.

[102]  Joseph R. Shoenfield,et al.  Mathematical logic , 1967 .

[103]  Alan Bundy,et al.  Best-First Rippling , 2006, Reasoning, Action and Interaction in AI Theories and Systems.

[104]  Christine Paulin-Mohring,et al.  Inductive Definitions in the system Coq - Rules and Properties , 1993, TLCA.

[105]  Peter Aczel,et al.  An Introduction to Inductive Definitions , 1977 .

[106]  Lucas Dixon,et al.  A proof planning framework for Isabelle , 2006 .

[107]  Marinus J. Plasmeijer,et al.  Gast: Generic Automated Software Testing , 2002, IFL.

[108]  Ralph Loader Notes on Simply Typed Lambda Calculus , 1998 .

[109]  Moa Johansson,et al.  Automated discovery of inductive lemmas , 2009 .

[110]  Robin Milner,et al.  Definition of standard ML , 1990 .

[111]  Edwin Brady,et al.  Ivor, a Proof Engine , 2006, IFL.

[112]  Hongwei Xi,et al.  Dead Code Elimination through Dependent Types , 1999, PADL.

[113]  Magnus Carlsson,et al.  An exercise in dependent types: A well-typed interpreter , 1999 .

[114]  Frank Pfenning,et al.  Dependent types in practical programming , 1999, POPL '99.

[115]  Hongwei Xi,et al.  Dependent Types for Program Termination Verification , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[116]  Pierre Castéran,et al.  Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[117]  Peter Dybjer,et al.  Combining Testing and Proving in Dependent Type Theory , 2003, TPHOLs.

[118]  Catherine Dubois,et al.  Functional Testing in the Focal Environment , 2008, TAP.

[119]  Rance Cleaveland,et al.  Implementing mathematics with the Nuprl proof development system , 1986 .

[120]  Louise A. Dennis,et al.  What can be learned from failed proofs of non-theorems? , 2005 .

[121]  Adam Chlipala Position Paper: Thoughts on Programming with Proof Assistants , 2007, Electron. Notes Theor. Comput. Sci..

[122]  Robin Milner,et al.  A Theory of Type Polymorphism in Programming , 1978, J. Comput. Syst. Sci..

[123]  U. Norell,et al.  Towards a practical programming language based on dependent type theory , 2007 .

[124]  Lennart Augustsson,et al.  Cayenne—a language with dependent types , 1998, ICFP '98.