Presentated at PhD Defense, Guimarães, Portugal in November 16, 2009.

1. On the Design of a Galculator
Paulo Silva
Departamento de Informática
Universidade do Minho
Braga, Portugal
November 16, 2009
Guimarães

2. Outline
Introduction
Motivation
Objectives
Ingredients
Indirect equality
Galois connections
Relation and fork algebras
Point-free transform
Galois and Galculator
Concluding remarks
Contributions
Future work

3. Outline
Introduction
Motivation
Objectives
Ingredients
Indirect equality
Galois connections
Relation and fork algebras
Point-free transform
Galois and Galculator
Concluding remarks
Contributions
Future work

4. Software correctness
Current approaches
Software correctness is an ambitious challenge
Sometimes proofs are hindered by the theory
Tool support seems to be important
Alternatives
Sometimes algebraic approaches are possible
Algebras “abstract” the underlying logic
Proofs become more syntactic
Galois connections can play an important role

5. Software correctness
Current approaches
Software correctness is an ambitious challenge
Sometimes proofs are hindered by the theory
Tool support seems to be important
Alternatives
Sometimes algebraic approaches are possible
Algebras “abstract” the underlying logic
Proofs become more syntactic
Galois connections can play an important role

6. Whole division implementation
Haskell code
x ‘div ‘ y | x < y = 0
| x y = (x − y ) ‘div ‘ y + 1
for non-negative x and positive y .
This is the code. Where is the specification?

7. Whole division implementation
Haskell code
x ‘div ‘ y | x < y = 0
| x y = (x − y ) ‘div ‘ y + 1
for non-negative x and positive y .
This is the code. Where is the specification?

8. Whole division specification
Implicit definition
c =x ÷y ⇔ ∃r : 0
r <y : x =c×y +r
Explicit definition
x ÷y =
z :: z × y
x
Galois connection
z ×y
x ⇔ z
x ÷y
(y > 0)

9. Whole division specification
Implicit definition
c =x ÷y ⇔ ∃r : 0
r <y : x =c×y +r
Explicit definition
x ÷y =
z :: z × y
x
Galois connection
z ×y
x ⇔ z
x ÷y
(y > 0)

10. Whole division specification
Implicit definition
c =x ÷y ⇔ ∃r : 0
r <y : x =c×y +r
Explicit definition
x ÷y =
z :: z × y
x
Galois connection
z ×y
x ⇔ z
x ÷y
(y > 0)

11. Specification vs. Implementation
We can verify if the implementation meets the
specification.
We can calculate the implementation from the
specification.

12. Whole division
From specification to implementation
We want to calculate the implementation
x ÷ y = (x − y ) ÷ y + 1
if x
x ÷y =0
if x < y
from specification
z ×y
x ⇔ z
x ÷y
(y > 0)
Some useful Galois connections
a−b =c ⇔ a=c+b
a−b
c ⇔ a
c+b
y

13. Proof when x
z
y
x÷y
⇔
{ z×y
x ⇔ z
x÷y assuming x
0, y > 0 }
x
z×y
⇔
{ cancellation, thanks to a − b
z × y −y
⇔
c⇔a
c+b }
x−y
{ distributivity }
(z − 1)×y
⇔
{ z×y
z−1
⇔
x ⇔ z
x÷y assuming x
(x − y )÷y
{ a−b
z
x −y
c⇔a
(x − y ) ÷ y +1
c+b }
y}

14. Proof when x
z
y
x÷y
⇔
{ z×y
x ⇔ z
x÷y assuming x
0, y > 0 }
x
z×y
⇔
{ cancellation, thanks to a − b
z × y −y
⇔
c⇔a
c+b }
x−y
{ distributivity }
(z − 1)×y
⇔
{ z×y
z−1
⇔
x ⇔ z
x÷y assuming x
(x − y )÷y
{ a−b
z
x −y
c⇔a
(x − y ) ÷ y +1
c+b }
y}

15. Proof when x
z
y
x÷y
⇔
{ z×y
x ⇔ z
x÷y assuming x
0, y > 0 }
x
z×y
⇔
{ cancellation, thanks to a − b
z × y −y
⇔
c⇔a
c+b }
x−y
{ distributivity }
(z − 1)×y
⇔
{ z×y
z−1
⇔
x ⇔ z
x÷y assuming x
(x − y )÷y
{ a−b
z
x −y
c⇔a
(x − y ) ÷ y +1
c+b }
y}

16. Proof when x
z
y
x÷y
⇔
{ z×y
x ⇔ z
x÷y assuming x
0, y > 0 }
x
z×y
⇔
{ cancellation, thanks to a − b
z × y −y
⇔
c⇔a
c+b }
x−y
{ distributivity }
(z − 1)×y
⇔
{ z×y
z−1
⇔
x ⇔ z
x÷y assuming x
(x − y )÷y
{ a−b
z
x −y
c⇔a
(x − y ) ÷ y +1
c+b }
y}

17. Proof when x
z
y
x÷y
⇔
{ z×y
x ⇔ z
x÷y assuming x
0, y > 0 }
x
z×y
⇔
{ cancellation, thanks to a − b
z × y −y
⇔
c⇔a
c+b }
x−y
{ distributivity }
(z − 1)×y
⇔
{ z×y
z−1
⇔
x ⇔ z
x÷y assuming x
(x − y )÷y
{ a−b
z
x −y
c⇔a
(x − y ) ÷ y +1
c+b }
y}

18. Proof when x
z
y
x÷y
⇔
{ z×y
x ⇔ z
x÷y assuming x
0, y > 0 }
x
z×y
⇔
{ cancellation, thanks to a − b
z × y −y
⇔
c⇔a
c+b }
x−y
{ distributivity }
(z − 1)×y
⇔
{ z×y
z−1
⇔
x ⇔ z
x÷y assuming x
(x − y )÷y
{ a−b
z
x −y
c⇔a
(x − y ) ÷ y +1
c+b }
y}

19. Proof when x < y
z
⇔
x÷y
{ z×y
z×y
⇔
x ⇔ z
x÷y }
x
{ transitivity, since x < y }
z ×y
⇔
x ∧ z ×y <y
{ since y = 0 }
z ×y
⇔
{ z
z
0
x ∧ z
0
0 entails z × y
x, since 0
x }

20. Proof when x < y
z
⇔
x÷y
{ z×y
z×y
⇔
x ⇔ z
x÷y }
x
{ transitivity, since x < y }
z ×y
⇔
x ∧ z ×y <y
{ since y = 0 }
z ×y
⇔
{ z
z
0
x ∧ z
0
0 entails z × y
x, since 0
x }

21. Proof when x < y
z
⇔
x÷y
{ z×y
z×y
⇔
x ⇔ z
x÷y }
x
{ transitivity, since x < y }
z ×y
⇔
x ∧ z ×y <y
{ since y = 0 }
z ×y
⇔
{ z
z
0
x ∧ z
0
0 entails z × y
x, since 0
x }

22. Proof when x < y
z
⇔
x÷y
{ z×y
z×y
⇔
x ⇔ z
x÷y }
x
{ transitivity, since x < y }
z ×y
⇔
x ∧ z ×y <y
{ since y = 0 }
z ×y
⇔
{ z
z
0
x ∧ z
0
0 entails z × y
x, since 0
x }

23. Proof when x < y
z
⇔
x÷y
{ z×y
z×y
⇔
x ⇔ z
x÷y }
x
{ transitivity, since x < y }
z ×y
⇔
x ∧ z ×y <y
{ since y = 0 }
z ×y
⇔
{ z
z
0
x ∧ z
0
0 entails z × y
x, since 0
x }

24. Objectives
Exploit equational reasoning
Use Galois connections in equational proofs
Integrate Galois connections, fork algebras and indirect
equality
Galois language
Language for mathematical reasoning
Equivalent to first-order logic
Strongly typed
Front-end for the Galculator

25. Objectives
Galculator = Galois connections + calculator
Proof assistant based on Galois connections, their algebra
and associated tactics
Exploit the state-of-the-art Haskell technology in the
development of a proof assistant prototype

26. Outline
Introduction
Motivation
Objectives
Ingredients
Indirect equality
Galois connections
Relation and fork algebras
Point-free transform
Galois and Galculator
Concluding remarks
Contributions
Future work

27. Indirect equality
Definition (Indirect inequality)
a
b
⇔
∀ x :: x
a⇒x
b
a
b
⇔
∀ x :: b
x ⇒a
x
Definition (Indirect equality)
a=b
⇔
∀ x :: x
a⇔x
b
a=b
⇔
∀ x :: a
x ⇔b
x

28. Galois connections
Definition (Galois connection)
Given two preordered sets (A, A ) and (B, B ) and two
functions B o f A and A o g B , the pair (f , g) is a Galois
connection if and only if, for all a ∈ A and b ∈ B:
f a
B
b
⇔
a
A
gb
Graphical notation
A
Al
f
g
,

29. B
B
or (A,
A)
o
(f ,g)
(B,
B)

30. Galois connections
f a
B
⊤A
b
⇔
g
a
A
gb
⊤B
f
A
B
f⊤A
g B
g
f
B
A

31. Algebra
Identity connection.
(A,
A)
o
(id,id)
(A,
A)
Composition.
if (A, ) o
(f ,g)
(h,k )
(B, ) and (B, ) o
(C, ) then
(h◦f ,g ◦k )
(A, ) o
(C, )
Converse.
if (A, ) o
(f ,g)
(B, ) then (B, ) o
(g,f )
(A, )
Relator. For every relator F,
if (A, ) o
(f ,g)
(B, ) then (FA, F
(F f ,F g)
)o
(FB, F
)

32. Relation and fork algebras
Relation algebras
Extension of Boolean algebras
Single inference rule: substitution of equals by equals
Amenable for syntactic manipulation
Equivalent to a three-variable fragment of first-order logic
Fork algebras
Extend relation algebras with a pairing operator
Equivalent in expressive and deductive power to first-order
logic
Equational reasoning

33. Relation and fork algebras
Relation algebras
Extension of Boolean algebras
Single inference rule: substitution of equals by equals
Amenable for syntactic manipulation
Equivalent to a three-variable fragment of first-order logic
Fork algebras
Extend relation algebras with a pairing operator
Equivalent in expressive and deductive power to first-order
logic
Equational reasoning

34. Point-free definitions
Definition (Galois connection)
f◦ ◦
B
=
A
◦
g
Definition (Indirect equality)
f =g
f =g
⇔
⇔
◦
f
◦
◦
f =
=g
◦
◦
g
◦

35. Outline
Introduction
Motivation
Objectives
Ingredients
Indirect equality
Galois connections
Relation and fork algebras
Point-free transform
Galois and Galculator
Concluding remarks
Contributions
Future work

36. Galois language
Module
Definition
GC
Definition
Axiom
Type
Theorem
Strategy
Proof Step
Fork
Formula
Rewriting
Combinator
Term
Derivation
Order
Function
Galois
connection

37. Galculator prototype
Combine
GC
Derive
Laws
Relation
algebra
Derive
Properties
Derive
Rules
TRS
Strategies
Combine
Theory
domain
Derive

38. Outline
Introduction
Motivation
Objectives
Ingredients
Indirect equality
Galois connections
Relation and fork algebras
Point-free transform
Galois and Galculator
Concluding remarks
Contributions
Future work

39. Contributions
Study about Galois connections
Survey of the most important theoretical results
Comprehensive study of different approaches to combine
Galois connections
Relation with category theory
Survey of applications
Innovative approach
Fork algebras used together with Galois connections
Use of indirect equality
Amenable for either pencil-and-paper or computer assisted
proofs

40. Contributions
Galois language
Follows from the theoretical concepts
Strongly typed
Galois connections introduce some semantic support while
reasoning in a syntactic level
Galculator prototype
Proof assistant prototype based on Galois connections
First proof engine to calculate directly with point-free
Galois connections
Application of advanced and innovative implementation
techniques

41. Future work
Integration with host theorem provers (e.g., Coq)
Mechanization of point-free transform
Automated proofs
Free-theorems
Extension of the type system
Evaluation of the language
Application to abstract interpretation