Temporal Logic and Functional Reactive Programming
Sergei Winitzki
Bay Area Categories and Types
April 25, 2014
Sergei Win...
What is reactive programming
Transformational programs Reactive programs
example: pdflatex frp_talk.tex example: any GUI p...
The uses of logic in computer science
1 Logic as a specication language - enables automatic verication
Automatic synthesis...
Part 1: Introduction to temporal logic
Let's forget all philosophy, what is time, what is true, modal logic...
We want to ...
Boolean algebra: notation
Classical propositional (Boolean) logic: T , F , a ∨ b, a ∧ b, ¬a, a → b
A notation better adapt...
Boolean algebra: example
Of the three suspects A, B, C , only one is guilty of a crime.
Suspect A says: B did it. Suspect ...
Synthesis of Boolean programs
Specication of a Boolean program:
If the boss is in, I need to work unless the telephone rin...
Propositional linear-time temporal logic (LTL)
Reactive programs respond to an innite stream of signals
So let's work with...
Temporal xpoints and the µ-calculus notation
LTL admits only temporal functions dened by xpoints:
Fa = [a0 + a1 + a2 + a3 ...
LTL: interpretation of Until
Weak Until: pUq = p holds from now on until q rst becomes true
pUq = q + pN(q + pN(q + ...))
...
LTL: temporal specication
Whenever the boss comes by my oce, I will start working.
Once I start working, I will keep worki...
LTL: disjunctive normal form
What would be the DNF in LTL? Let's just expand brackets:
φ = G b + Fw w + w Ur = b + Fw w + ...
LTL: disjunctive normal form
Let's expand and simplify φφ1 and φφ2: we get simultaneous xpoints
φ = rw + b w N(φ) + w N(φφ...
The failure of LTL program synthesis
Goal: given b and r , determine w
The DNF generates a nondeterministic nite automaton...
Part 2: Temporal logic as type theory
Logic gives a recipe for designing a minimal programming language
(Curry-Howard isom...
Interpreting values typed by LTL
What does it mean to have a value x of type, say, G(α → αUβ)?
x : Nα means that x : α wil...
A small FRP language: Elm
Core Elm: polymorphic λ-calculus with lift2, foldp, async
lift2 : (α → β → γ) → Gα → Gβ → Gγ
fol...
Legacy FRP systems: FrTime, Fran, AFRP, etc.
Two functors: continuous behavior Gα and discrete event Fα
Time is conceptual...
A lower-level FRP language: AdjS
A lower-level type system: Nα (next), ˆµα.Σ (µ+next), α (stable)
Explicit one-step tempor...
Dreams of an ideal FRP language
Requirements for a broadly usable FRP language:
stable and temporal types distinguished st...
Conclusions and outlook
LTL is not a good t as a specication language for reactive programs
LTL synthesis from specication...
Abstract
In my day job, most bugs come from imperatively implemented reactive
programs. Temporal Logic and FRP are declara...
Suggested reading
E. Czaplicki, S. Chong. Asynchronous FRP for GUIs. (2013)
E. Czaplicki. Concurrent FRP for functional GU...
Nächste SlideShare
Wird geladen in …5
×

Temporal logic and functional reactive programming

1.983 Aufrufe

Veröffentlicht am

In my day job, most bugs come from imperatively implemented reactive programs. Temporal Logic and FRP are declarative approaches that promise to solve my problems. I will briey review the motivations behind
and the connections between temporal logic and FRP. I propose a rather "pedestrian" approach to propositional linear-time temporal logic (LTL), showing how to perform calculations in LTL and how to synthesize programs from LTL formulas. I intend to explain why LTL largely failed to
solve the synthesis problem, and how FRP tries to cope.
FRP can be formulated as a -calculus with types given by the propositional intuitionistic LTL. I will discuss the limitations of this approach, and outline the features of FRP that are required by typical application programming scenarios. My talk will be largely self-contained and should be understandable to anyone familiar with Curry-Howard and functional programming.

Veröffentlicht in: Wissenschaft, Technologie
  • Als Erste(r) kommentieren

Temporal logic and functional reactive programming

  1. 1. Temporal Logic and Functional Reactive Programming Sergei Winitzki Bay Area Categories and Types April 25, 2014 Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 1 / 23
  2. 2. What is reactive programming Transformational programs Reactive programs example: pdflatex frp_talk.tex example: any GUI program start, run, then stop keep running indenitely read some input, write some output wait for signals, send messages execution: sequential + some parallel main run loop + concurrency diculty: algorithms signal/response sequences specication: classical logic temporal logic? owcharts? verication: prove it correct model checking? synthesis: extract code from proof temporal synthesis? type theory: intuitionistic logic intuitionistic temporal logic Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 2 / 23
  3. 3. The uses of logic in computer science 1 Logic as a specication language - enables automatic verication Automatic synthesis of programs from specications? 2 (Intuitionistic) logic as type theory - guides language design Mathematicians have already minimized the set of axioms! 3 Logic programming - use a decidable subset of logic Very high-level language, but limited to its domain 4 Automated theorem proving - derive a program as a proof artifact Requires advanced type systems and proof heuristics Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 3 / 23
  4. 4. Part 1: Introduction to temporal logic Let's forget all philosophy, what is time, what is true, modal logic... We want to see logic as a down-to-earth, computationally useful tool We begin with the computational view of classical Boolean logic Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 4 / 23
  5. 5. Boolean algebra: notation Classical propositional (Boolean) logic: T , F , a ∨ b, a ∧ b, ¬a, a → b A notation better adapted to school-level algebra: 1, 0, a + b, ab, a The only new rule is 1 + 1 = 1 Dene a → b = a + b Some identities: 0a = 0, 1a = a, a + 0 = a, a + 1 = 1, a + a = a, aa = a, a + a = 1, aa = 0, (a + b) = a b , (ab) = a + b , a = a a (b + c) = ab + ac, (a + b) (a + c) = a + bc DNF = expand all brackets. Some DNF simplication tricks: a + ab = a, a (a + b) = a, (a → b) a → c = ab + a c, (a → x) b → x = a + x b + x = x a + xb Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 5 / 23
  6. 6. Boolean algebra: example Of the three suspects A, B, C , only one is guilty of a crime. Suspect A says: B did it. Suspect B says: C is innocent. The guilty one is lying, the innocent ones tell the truth. φ = ab c + a bc + a b c a b + ab b c + bc Simplify: expand the brackets, omit aa , bb , cc , replace aa = a etc.: φ = ab c + 0 + 0 = ab c The guilty one is A. Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 6 / 23
  7. 7. Synthesis of Boolean programs Specication of a Boolean program: If the boss is in, I need to work unless the telephone rings. If the boss is not in, I go drink tea. b =boss is in, r =telephone rings, w =I work, w =I drink tea φ(b, r , w ) = br → w b → w = w br + wb = w b + r + wb Goal: given any b and r , compute w such that φ(b, r , w ) = 1. One solution is just φ(b, r , w = 1): w = φ(b, r , 1) = 0 b + r + 1b = b I work if and only if the boss is in (Other solutions exist, e.g. w = br ) Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 7 / 23
  8. 8. Propositional linear-time temporal logic (LTL) Reactive programs respond to an innite stream of signals So let's work with innite boolean sequences (linear time) Boolean operations: a = [a0, a1, a2, ...] ; b = [b0, b1, b2, ...] ; a + b = [a0 + b0, a1 + b1, ...] ; a = a0, a1, ... ; ab = [a0b0, a1b1, ...] Temporal operations: (Next) Na = [a1, a2, ...] (Sometimes) Fa = [a0 + a1 + a2 + ..., a1 + a2 + ..., ...] (Always) Ga = [a0a1a2a3..., a1a2a3..., a2a3..., ...] Other notation (from modal logic): Na ≡ a; Fa ≡ ♦a; Ga ≡ a Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 8 / 23
  9. 9. Temporal xpoints and the µ-calculus notation LTL admits only temporal functions dened by xpoints: Fa = [a0 + a1 + a2 + a3 + ..., a1 + a2 + a3 + ..., ...] Fa = a + N(Fa) Ga = [a0a1a2a3..., a1a2a3..., a2a3..., ...] Ga = aN(Ga) Notation: µ for the least xpoint, ν for the greatest xpoint Fa = µx. (a + Nx) ; Ga = νx. (a(Nx)) but νx. (a + Nx) = 1; µx. (a(Nx)) = 0 The most general xpoints involving only one N: (weak Until) pUq = νx. (q + p(Nx)) (strict Until) p ˙Uq = µx. (q + p(Nx)) Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 9 / 23
  10. 10. LTL: interpretation of Until Weak Until: pUq = p holds from now on until q rst becomes true pUq = q + pN(q + pN(q + ...)) Example: a = [1, 0, 0, 0, 1, 0, ...] b = [0, 1, 0, 1, 0, 1, ...] aUb = [1, 1, 0, 1, 1, 1, ...] Strict Until: p ˙Uq = q must become true, and p holds until then Dualities: (Fa) = G(a ); also (p ˙Uq) = q U(p q ) Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 10 / 23
  11. 11. LTL: temporal specication Whenever the boss comes by my oce, I will start working. Once I start working, I will keep working until the telephone rings. G((b → Fw ) (w → w Ur )) = G b + Fw w + w Ur Whenever the button is pressed, the dialog will appear. The dialog will disappear after 1 minute of user inactivity. G (b → Fd ) (d → Ft) d → d Utd The timer t is an external event and is not specied here Dicult to say x stays true until further notice Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 11 / 23
  12. 12. LTL: disjunctive normal form What would be the DNF in LTL? Let's just expand brackets: φ = G b + Fw w + w Ur = b + Fw w + w Ur Nφ = b + w + N(Fw ) w + r + w N(w Ur ) Nφ = b + w + N(w + N(Fw )) w + r + w N(r + w N(w Ur )) N(...) = ... N(... ...N(... ...N(...))) ... We will never nish expanding those brackets! But many subformulas under N(...) are the same: φ1 = Fw ; φ2 = w Ur ; φ = b + w + Nφ1 w + r + w Nφ2 Nφ = rw + b w Nφ + w N(φφ1) + w N(φφ2) Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 12 / 23
  13. 13. LTL: disjunctive normal form Let's expand and simplify φφ1 and φφ2: we get simultaneous xpoints φ = rw + b w N(φ) + w N(φφ1) + w N(φφ2); φφ1 = rw N(φ) + r + w N(φφ1) + w N(φφ2); φφ2 = r w + b N(φ) + r N(φφ1) + w N(φφ2). The DNF for LTL is a graph! φ φφ1 rw + b′ w′ w′ w rw r φφ2 w r + w′ r(w + b′ ) w Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 13 / 23
  14. 14. The failure of LTL program synthesis Goal: given b and r , determine w The DNF generates a nondeterministic nite automaton (NFA) for w States of the automaton are φ, φφ1, φφ2, ... (sets of xpoints of φ) The DNF construction generates these states for us Determinizing the automaton may exponentially increase its size Worst case: for φ with n xpoints, DFA will have 2 2n states Specications will generally need to use many xpoints. Example: Whenever b is pressed, send query q and show w (Waiting). Upon reply r , show d (Done). Pressing c (Cancel) stops waiting. φ = G[ bw → bUd w w → d w U(c + r ) cw → cUw q ↔ bw rw → r Udw ]. LTL is not particularly convenient for modular specication Synthesis is not practical (I write and debug my automata by hand...) Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 14 / 23
  15. 15. Part 2: Temporal logic as type theory Logic gives a recipe for designing a minimal programming language (Curry-Howard isomorphism) Typically, we use an intuitionistic version of the logic: No negation, no ⊥; only a + b, ab, a → b No law of excluded middle No truth tables, no simplication Usually, cannot derive proofs automatically Axioms are predened terms needed in the language Example: (a → c) → (b → c) → (a + b → c) is the case operator Proof rules are predened constructions needed in the language Example: modus ponens (a; a → b so b) is function application Natural deduction rules are typing rules for the language Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 15 / 23
  16. 16. Interpreting values typed by LTL What does it mean to have a value x of type, say, G(α → αUβ)? x : Nα means that x : α will be available only at the next time tick (x is a deferred value of type α) x : Fα means that x : α will be available at some future tick(s) (x is an event of type α) x : Gα means that a (dierent) value x : α is available at every tick (x is an innite stream of type α) x : αUβ means a nite stream of α that may end with a β Some temporal axioms of intuitionistic LTL: (deferred apply) N(α → β) → (Nα → Nβ) ; (streamed apply) G(α → β) → (Gα → Gβ) ; (generate a stream) G(α → Nα) → (α → Gα) ; (read innite stream) Gα → αN(Gα) (read nite stream) αUβ → β + αN(αUβ) Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 16 / 23
  17. 17. A small FRP language: Elm Core Elm: polymorphic λ-calculus with lift2, foldp, async lift2 : (α → β → γ) → Gα → Gβ → Gγ foldp : (α → β → β) → β → Gα → Gβ async : Gα → Gα (lift2 makes G an applicative functor) async is a special scheduling instruction Limitations: Cannot have a type G(Gα), also no concept of N or F Cannot construct temporal values by hand This language is an incomplete Curry-Howard image of LTL! I work after the boss comes by and until the phone rings: let after_until w (b,r) = (w or b) and not r in foldp after_until false (boss, phone) Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 17 / 23
  18. 18. Legacy FRP systems: FrTime, Fran, AFRP, etc. Two functors: continuous behavior Gα and discrete event Fα Time is conceptually continuous Explicit N, delay by time ∆t, explicit values of time Many predened combinators that do not follow from type theory: value-now, delay-by, integral, ... (FrTime) merge, switcher, G(Gα), ... (Fran) AFRP: temporal values are not available, only combinators! Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 18 / 23
  19. 19. A lower-level FRP language: AdjS A lower-level type system: Nα (next), ˆµα.Σ (µ+next), α (stable) Explicit one-step temporal xpoints, for example Fτ = ˆµα.τ + α τ = ˆµα.Σ ∼= ˆµα. Nτ α Σ Term assignments, simplied (see Krishnaswamy's paper): Γ e : α Γ next e : Nα NI Γ f : Nα Γ, x : α e : β let next x = f in e : β NE Γ e : [N(ˆµα.Σ)/α] Σ Γ into e : ˆµα.Σ ˆµI Γ e : ˆµα.Σ Γ out e : [N(ˆµα.Σ)/α] Σ ˆµE Γ e : α Γ stable e : α I Γ f : α Γ, x : α e : β Γ let stable x = f in e : β E Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 19 / 23
  20. 20. Dreams of an ideal FRP language Requirements for a broadly usable FRP language: stable and temporal types distinguished statically seamless conversion from int to G(int) and back, for stable types construct values of type Fα by hand: from asynchronous scheduling construct values of type Fα from external sources (environment) tick-free operation: N is not needed, use F instead the runloop (UI thread / background threads) needs to be represented I guess we are still in the research phase here... Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 20 / 23
  21. 21. Conclusions and outlook LTL is not a good t as a specication language for reactive programs LTL synthesis from specication is theoretical, not practical FRP tries to make specication closer to implementation There are some languages that implement FRP in various ad hoc ways The ideal is not (yet) reached Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 21 / 23
  22. 22. Abstract In my day job, most bugs come from imperatively implemented reactive programs. Temporal Logic and FRP are declarative approaches that promise to solve my problems. I will briey review the motivations behind and the connections between temporal logic and FRP. I propose a rather pedestrian approach to propositional linear-time temporal logic (LTL), showing how to perform calculations in LTL and how to synthesize programs from LTL formulas. I intend to explain why LTL largely failed to solve the synthesis problem, and how FRP tries to cope. FRP can be formulated as a λ-calculus with types given by the propositional intuitionistic LTL. I will discuss the limitations of this approach, and outline the features of FRP that are required by typical application programming scenarios. My talk will be largely self-contained and should be understandable to anyone familiar with Curry-Howard and functional programming. Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 22 / 23
  23. 23. Suggested reading E. Czaplicki, S. Chong. Asynchronous FRP for GUIs. (2013) E. Czaplicki. Concurrent FRP for functional GUI (2012). N. R. Krishnaswamy. https://www.mpi-sws.org/∼neelk/simple-frp.pdfHigher-order functional reactive programming without spacetime leaks(2013). M. F. Dam. Lectures on temporal logic. Slides: Syntax and semantics of LTL, A Hilbert-style proof system for LTL E. Bainomugisha, et al. A survey of reactive programming (2013). W. Jeltsch. Temporal logic with Until, Functional Reactive Programming with processes, and concrete process categories. (2013). A. Jerey. LTL types FRP. (2012). D. Marchignoli. Natural deduction systems for temporal logic. (2002). See Chapter 2 for a natural deduction system for modal and temporal logics. Sergei Winitzki (Versal Group Inc.) Temporal Logic and FRP April 25, 2014 23 / 23

×