Making a productive use of failure to generate witnesses for coinduction from divergent proof attempts
- 40 Downloads
Coinduction is a proof rule. It is the dual of induction. It allows reasoning about non-well-founded structures such as lazy lists or streams and is of particular use for reasoning about equivalences. A central difficulty in the automation of coinductive proof is the choice of a relation (called a bisimulation).
We present an automation of coinductive theorem proving. This automation is based on the idea of proof planning . Proof planning constructs the higher level steps in a proof, using knowledge of the general structure of a family of proofs and exploiting this knowledge to control the proof search. Part of proof planning involves the use of failure information to modify the plan by the use of a proof critic  which exploits the information gained from the failed proof attempt.
Our approach to the problem was to develop a strategy that makes an initial simple guess at a bisimulation and then uses generalisation techniques, motivated by a critic, to refine this guess, so that a larger class of coinductive problems can be automatically verified.
The implementation of this strategy has focused on the use of coinduction to prove the equivalence of programs in a small lazy functional language which is similar to Haskell .
We have developed a proof plan for coinduction and a critic associated with this proof plan. These have been implemented in CoCLAM, an extended version of CLAM , with encouraging results. The planner has been successfully tested on a number of theorems.
KeywordsInference Rule Operational Semantic Label Transition System Reduction Rule Proof Strategy
Unable to display preview. Download preview PDF.
- M. Abadi and A.D. Gordon, A calculus for cryptographic protocols: The Spi Calculus, in: Fourth ACM Conference on Computer and Communications Security (ACM Press, 1997) pp. 36–47. Full version available as Technical Report 414, University of Cambridge Computer Laboratory, January 1997.Google Scholar
- S. Abramsky, The lazy lambda calculus, in: Research Topics in Functional Programming, ed. D. Turner (Addison-Wesley, Reading, MA, 1990) pp. 65–117.Google Scholar
- D. Basin and T.Walsh, Difference matching, in: 11th Conference on Automated Deduction, ed. D. Kapur, Lecture Notes in Artificial Intelligence, Vol. 607(Springer, Berlin, 1992) pp. 295–309.Google Scholar
- C. Benzmüller, L. Cheikhrouhou, D. Fehrer, A. Fiedler, X. Huang, M. Kerber, M. Kohlhase, A.Meier, E. Melis, W. Schaarschmidt, J. Siekmann and V. Sorge, Ωmega, Towards a mathematical assistant, in: 14th Conference on Automated Deduction, ed. W. McCune, Lecture Notes in Artificial Intelligence, Vol. 1249(Springer, Berlin, 1997) pp. 252–255.Google Scholar
- R. Boulton, K. Slind, A. Bundy and M. Gordon, An interface between CLAM and HOL, in: Proceedingsof the 11th International Conference on Theorem Proving in Higher Order Logics, eds. J. Grundy and M. Newey, Lecture Notes in Computer Science, Vol. 1479(Springer, Berlin) pp. 87–104.Google Scholar
- A. Bundy, The use of explicit plans to guide inductive proofs, in: 9th Conference on Automated Deduction, eds. R. Lusk and R. Overbeek (1988) pp. 111–120. Longer version available from Edinburgh as DAI Research Paper No. 349.Google Scholar
- A. Bundy, F. van Harmelen, C. Horn and A. Smaill, The Oyster-Clam system, in: 10th International Conference on Automated Deduction, ed. M.E. Stickel, Lecture Notes in Artificial Intelligence, Vol. 449(Springer, Berlin, 1990) pp. 647–648. Also available from Edinburgh as DAI Research Paper 507.Google Scholar
- A. Bundy, A. Smaill and J. Hesketh, Turning eureka steps into calculations in automatic program synthesis, in: Proceedings of UK IT 90, ed. S.L.H. Clarke (1990) pp. 221–226. Also available from Edinburgh as DAI Research Paper 448.Google Scholar
- H. Chen, J. Hsiang and H.-C. Kong, On finite representations of infinite sequences of terms, in: Proceedings of the 2nd International Workshop of Conditional and Typed Rewriting Systems, ed. M. Okada, Lecture Notes in Computer Science, Vol. 516(Springer, Berlin, 1990) pp. 100–114.Google Scholar
- R. Cleaveland, J. Parrow and B. Steffen, The ConcurrencyWorkbench: A semantics-based verification tool for finite-state systems, in: Proceedings of the Workshop on Automated Verification Methods for Finite-State Systems, Lecture Notes in Computer Science, Vol. 407(Springer, Berlin, 1989). Also available from Edinburgh, as ECS-LFCS-89-83.Google Scholar
- G. Collins, A proof tool for reasoning about functional programs. in: 9th International Conference of Theorem Proving in Higher Order Logics, eds. J. von Wright, J. Grundy and J. Harrison, Lecture Notes in Computer Science, Vol. 1125(Springer, Berlin, 1996) pp. 109–124.Google Scholar
- L. Dennis, A. Bundy and I. Green, Using a generalisation critic to find bisimulations for coinductive proofs, in: 14th Conference on Automated Deduction, ed.W. McCune, Lecture Notes in Artificial Intelligence, Vol. 1249(Springer, Berlin, 1996) pp. 276–290.Google Scholar
- L. Dennis, Proof planning coinduction, unpublished Ph.D. thesis, Edinburgh University (1998).Google Scholar
- M. Fiore, A coinduction principle for recursive data types based on bisimulation, in: Proceedings of the Eight IEEE Symposium on Logic in Computer Science (1993) pp. 110–119.Google Scholar
- J. Goguen, How to prove algebraic inductive hypotheses without induction, with applications to the correctness of data type implementation, in: 5th Conference on Automated Deduction, eds.W. Bibel and R. Kowalski, Lecture Notes in Computer Science, Vol. 87(Springer, Berlin, 1980) pp. 356–373.Google Scholar
- J. Goguen, K. Lin and G. Rosu, Circular Coinductive Rewriting, in: Proceedings, Automated Software Engineering (ASE)'00 (2000) o appear.Google Scholar
- A.D. Gordon, Bisimilarity as a theory of functional programming, in: Proceedings of 11th Conference on the Mathematical Foundations of Programming Semantics, Electronic Notes in Computer Science, Vol. 1(Elsevier, 1995).Google Scholar
- A.D. Gordon, Bisimilarity for a first-order calculus of objects with subtyping, in: Proceedings, 23rd Symposium on Principles of Programming Languages (ACM SIGPLAN-SIGACT, 1996) pp. 386–395.Google Scholar
- A.D. Gordon and L. Cardelli, Mobile ambients, in: Proceedings FoSSaCS'98, Lecture Notes in Computer Science, Vol. 1578(Springer, Berlin, 1998). Full version to appear in Theor. Comput. Sci.Google Scholar
- P. Hudak, S. Peyton–Jones, P.Wadler et al., Report on the functional programming language Haskell: A non-strict, purely functional language version 1.2, ACM SIGPLAN Notices 27(5) (1992).Google Scholar
- A. Ireland and A. Bundy, Productive use of failure in inductive proof, J. Autom. Reason. 16(1–2) (1996) 79–111. Also available as DAI Research Paper No. 716, Department of Artificial Intelligence, Edinburgh.Google Scholar
- B. Jacobs and J. Rutten, A tutorial on (co)algebras and (co)induction, EATCS Bull. 2(1997) 222–259.Google Scholar
- D. Park, Fixpoint induction and proofs of program properties, in: Machine Intelligence, Vol. 5, eds. D. Michie and B. Meltzer (1970) pp. 59–78.Google Scholar
- L.C. Paulson, Co-induction and co-recursion in higher-order logic, Technical Report 304, University of Cambridge, Computer Laboratory (1993).Google Scholar
- U.S. Reddy, Narrowing as the Operational Semantics of Functional Languages, in: Proc. of Second IEEE Int'l Symp. on Logic Programming (IEEE, New York, 1985) pp. 138–151.Google Scholar
- G. Roşu and J. Goguen, Circular Coinduction, UCSD Technical Report CSE2000-064 (1999).Google Scholar
- J. Rutten, Universal coalgebra: A theory of systems, Technical Report CS-R9652, CWI, Amsterdam (1996).Google Scholar
- M. Sheeran and G. Jones, Circuit Design in Ruby (North-Holland, Amsterdam, 1990).Google Scholar