formal islands and certified pattern matching code
TRANSCRIPT
![Page 1: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/1.jpg)
loria-logo
Introduction Languages Validation method Conclusion
Formal Islands and Certified Pattern MatchingCode
Claude Kirchner
joint work with
Pierre-Etienne Moreau, Antoine Reilles
INRIA & LORIA & CNRS
September 7, 2005
Formal Islands and Certified Pattern Matching Code 1 / 27
![Page 2: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/2.jpg)
loria-logo
Introduction Languages Validation method Conclusion
1. IntroductionFormal IslandsThe Tom languageOur goal
2. LanguagesThe PIL languageMappingSemantics
3. Validation methodDefinition of correct compilationHow this worksResults
4. Conclusion
Formal Islands and Certified Pattern Matching Code 2 / 27
![Page 3: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/3.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
Principle schema, 1
Existing codeJAVA program
Formal Islands and Certified Pattern Matching Code 3 / 27
![Page 4: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/4.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
Principle schema, 2
Algebraic anchorageLinks Java with the basic extensions
Formal Islands and Certified Pattern Matching Code 4 / 27
![Page 5: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/5.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
Principle schema, 3
Building of the islandG → D
Formal Islands and Certified Pattern Matching Code 5 / 27
![Page 6: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/6.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
Principle schema, 4
Building ValidationsProperty proofs
Formal Islands and Certified Pattern Matching Code 6 / 27
![Page 7: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/7.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
Principle schema, end
Island dissolutionJAVA ProgramSituation similar to the starting one, but we are sure of the codegenerated, thanks to the formal island.
Formal Islands and Certified Pattern Matching Code 7 / 27
![Page 8: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/8.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
Formal Islands for Language Extension
I We use the notion of Formal Island and anchoring to extendan existing languages with formal capabilities
I Anchoring means to describe new features in terms of theavailable functionalities of the host language
I Once compiled, these features are translated into pure hostlanguage constructs
Formal Islands and Certified Pattern Matching Code 8 / 27
![Page 9: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/9.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
Formal Islands Capabilities
1. To extend the expressivity of the language with higher-levelconstructs at design time
2. To perform formal proofs or transformations on the formalisland constructions
3. To certify the implementation of the formal island compilationinto the host language
Formal Islands and Certified Pattern Matching Code 9 / 27
![Page 10: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/10.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
TOM
Allows for the formal island creation based on:
I matching
I rewriting
I traversals and strategies
In Java: JTOMIn C: CTOMIn CAML: CamTOM
http://tom.loria.fr
Formal Islands and Certified Pattern Matching Code 10 / 27
![Page 11: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/11.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
The Tom language
Rewriting as a programming language:
fib(3)→ fib(2) + fib(1)fib(2) + fib(1)→ fib(2) + 1
fib(2) + 1→ fib(1) + fib(0) + 1fib(1) + fib(0) + 1→ . . .
Tom: pattern matching compiler for Java, C, . . .
Formal Islands and Certified Pattern Matching Code 11 / 27
![Page 12: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/12.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
The Tom language
Rewriting as a programming language:
fib(3)→ fib(2) + fib(1)fib(2) + fib(1)→ fib(2) + 1
fib(2) + 1→ fib(1) + fib(0) + 1fib(1) + fib(0) + 1→ . . .
Tom: pattern matching compiler for Java, C, . . .
Formal Islands and Certified Pattern Matching Code 11 / 27
![Page 13: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/13.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
The Tom language
Rewriting as a programming language:
fib(3)→ fib(2) + fib(1)fib(2) + fib(1)→ fib(2) + 1
fib(2) + 1→ fib(1) + fib(0) + 1fib(1) + fib(0) + 1→ . . .
Tom: pattern matching compiler for Java, C, . . .
Rewriting languages
Tom
Fixed data-structure
plug-in (Objects, XML,. . . )
Everything is rewriting
Java, C,. . .
Formal Islands and Certified Pattern Matching Code 11 / 27
![Page 14: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/14.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
The Tom language
Rewriting as a programming language:
fib(3)→ fib(2) + fib(1)fib(2) + fib(1)→ fib(2) + 1
fib(2) + 1→ fib(1) + fib(0) + 1fib(1) + fib(0) + 1→ . . .
Tom: pattern matching compiler for Java, C, . . .
Rewriting languages Tom
Fixed data-structure plug-in (Objects, XML,. . . )Everything is rewriting Java, C,. . .
Formal Islands and Certified Pattern Matching Code 11 / 27
![Page 15: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/15.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
The Tom language
Rewriting as a programming language:
fib(3)→ fib(2) + fib(1)fib(2) + fib(1)→ fib(2) + 1
fib(2) + 1→ fib(1) + fib(0) + 1fib(1) + fib(0) + 1→ . . .
Tom: pattern matching compiler for Java, C, . . .
f i b ( x ) {%match ( x ) {
z e r o ( ) −>{return ‘ suc ( z e r o ( ) ) ; }suc ( z e r o ())−>{ return ‘ suc ( z e r o ( ) ) ; }suc ( suc ( n))−>{ return ‘ p l u s ( f i b ( suc ( n ) ) , f i b ( n ) ) ; }
}}
Formal Islands and Certified Pattern Matching Code 11 / 27
![Page 16: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/16.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
The Tom language
Rewriting as a programming language:
fib(3)→ fib(2) + fib(1)fib(2) + fib(1)→ fib(2) + 1
fib(2) + 1→ fib(1) + fib(0) + 1fib(1) + fib(0) + 1→ . . .
Tom: pattern matching compiler for Java, C, . . .
f i b ( x ) {%match ( x ) {
z e r o ( ) −>{return ‘ suc ( z e r o ( ) ) ; }suc ( z e r o ())−>{ return ‘ suc ( z e r o ( ) ) ; }suc ( suc ( n))−>{ return ‘ p l u s ( f i b ( suc ( n ) ) , f i b ( n ) ) ; }
}}
Match against Java data-structures
Formal Islands and Certified Pattern Matching Code 11 / 27
![Page 17: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/17.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
Pattern matching
Typical example:The pattern x + y matches the subject 1 + 2 using the variableassignment x 7→ 1, y 7→ 2.
In general, given:a pattern pa subject tfind variables assignment σ such thatσ(p) = tSuch a pattern matching problem is denoted p � t
Formal Islands and Certified Pattern Matching Code 12 / 27
![Page 18: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/18.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
Objectives
I Need for certification of matching
I Independent of the used data-structures
I Compilation:
I Independent of the compilation process
Formal Islands and Certified Pattern Matching Code 13 / 27
![Page 19: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/19.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
Objectives
I Need for certification of matching
I Independent of the used data-structures
I Compilation:
I Independent of the compilation process
Formal Islands and Certified Pattern Matching Code 13 / 27
![Page 20: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/20.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
Objectives
I Need for certification of matching
I Independent of the used data-structures
I Compilation:
p � compile// Pp
σ ε
I Independent of the compilation process
Formal Islands and Certified Pattern Matching Code 13 / 27
![Page 21: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/21.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
Objectives
I Need for certification of matching
I Independent of the used data-structures
I Compilation:
p �t
match
��
compile// Pp(t)
eval
��
σ ooabstract
ε
I Independent of the compilation process
Formal Islands and Certified Pattern Matching Code 13 / 27
![Page 22: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/22.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
Objectives
I Need for certification of matching
I Independent of the used data-structures
I Compilation:
p �t
match
��
compile// Pp(t)
eval
��
σ ooabstract
ε
I Independent of the compilation process
Formal Islands and Certified Pattern Matching Code 13 / 27
![Page 23: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/23.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
Quote
When we are using a compiler, we believe it is correctWhen writing a compiler, we know it is incorrect!
PEM
Formal Islands and Certified Pattern Matching Code 14 / 27
![Page 24: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/24.jpg)
Introduction Languages Validation method Conclusion Formal Islands The Tom language Our goal
In the Tom compiler
HostLanguage
+Patterns
Parser BackendHost
LanguageCompiler
Tom Compiler
p� t PIL
Formal Islands and Certified Pattern Matching Code 15 / 27
![Page 25: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/25.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
The PIL language
instr ::= accept| refuse
| if(expr, instr, instr)| let(pxq, term, instr) (x ∈ X )
expr ::= true | false| is fsym(term, pf q) (f ∈ F)| eq(term, term)
term ::= pxq (x ∈ X )| ptq (t ∈ T (F))| subtermf (term, int) (f ∈ F)
Access the tree structure
Formal Islands and Certified Pattern Matching Code 16 / 27
![Page 26: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/26.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
The PIL language
instr ::= accept| refuse| if(expr, instr, instr)| let(pxq, term, instr) (x ∈ X )
expr ::= true | false| is fsym(term, pf q) (f ∈ F)| eq(term, term)
term ::= pxq (x ∈ X )| ptq (t ∈ T (F))| subtermf (term, int) (f ∈ F)
Access the tree structure
Formal Islands and Certified Pattern Matching Code 16 / 27
![Page 27: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/27.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
The PIL language
instr ::= accept| refuse| if(expr, instr, instr)| let(pxq, term, instr) (x ∈ X )
expr ::= true | false| is fsym(term, pf q) (f ∈ F)| eq(term, term)
term ::= pxq (x ∈ X )| ptq (t ∈ T (F))| subtermf (term, int) (f ∈ F)
Access the tree structure
Formal Islands and Certified Pattern Matching Code 16 / 27
![Page 28: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/28.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
The PIL language
instr ::= accept| refuse| if(expr, instr, instr)| let(pxq, term, instr) (x ∈ X )
expr ::= true | false| is fsym(term, pf q) (f ∈ F)| eq(term, term)
term ::= pxq (x ∈ X )| ptq (t ∈ T (F))| subtermf (term, int) (f ∈ F)
Access the tree structure
Formal Islands and Certified Pattern Matching Code 16 / 27
![Page 29: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/29.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
The PIL language
instr ::= accept| refuse| if(expr, instr, instr)| let(pxq, term, instr) (x ∈ X )
expr ::= true | false| is fsym(term, pf q) (f ∈ F)| eq(term, term)
term ::= pxq (x ∈ X )| ptq (t ∈ T (F))| subtermf (term, int) (f ∈ F)
Access the tree structure
Formal Islands and Certified Pattern Matching Code 16 / 27
![Page 30: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/30.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
The PIL language
instr ::= accept| refuse| if(expr, instr, instr)| let(pxq, term, instr) (x ∈ X )
expr ::= true | false| is fsym(term, pf q) (f ∈ F)| eq(term, term)
term ::= pxq (x ∈ X )| ptq (t ∈ T (F))| subtermf (term, int) (f ∈ F)
Access the tree structure
Formal Islands and Certified Pattern Matching Code 16 / 27
![Page 31: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/31.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
The PIL language
instr ::= accept| refuse| if(expr, instr, instr)| let(pxq, term, instr) (x ∈ X )
expr ::= true | false| is fsym(term, pf q) (f ∈ F)| eq(term, term)
term ::= pxq (x ∈ X )| ptq (t ∈ T (F))| subtermf (term, int) (f ∈ F)
Access the tree structure
Formal Islands and Certified Pattern Matching Code 16 / 27
![Page 32: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/32.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
Definition of mapping : why and what ?
I Mapping between algebraic terms and their objectrepresentation
I How to represent a term (How to make it)?
I How to destruct a term?
Formal Islands and Certified Pattern Matching Code 17 / 27
![Page 33: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/33.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
Definition of mapping : why and what ?
Algebraic space Concrete space
Abstract Data type� �Person(name:String,age:int)� �
� �c l a s s Person {
S t r i n g name ;S t r i n g f i r s tName ;i n t age ;
}� �Person
xxqqqq!!DDD
D
”smith” 42
Symb(t)t|1t|2
Person
”smith””bob”42
instanceoft.namet.age
is fsym(dte, df e) ≡ dSymb(t) = f esubtermf (dte, die) ≡ dt|ie
Formal Islands and Certified Pattern Matching Code 17 / 27
![Page 34: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/34.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
Definition of mapping : why and what ?
Algebraic space Concrete space
Abstract Data type� �Person(name:String,age:int)� �
� �c l a s s Person {
S t r i n g name ;S t r i n g f i r s tName ;i n t age ;
}� �
Personxxqqqq
!!DDDD
”smith” 42
Symb(t)t|1t|2
Person
”smith””bob”42
instanceoft.namet.age
is fsym(dte, df e) ≡ dSymb(t) = f esubtermf (dte, die) ≡ dt|ie
Formal Islands and Certified Pattern Matching Code 17 / 27
![Page 35: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/35.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
Definition of mapping : why and what ?
Algebraic space Concrete space
Abstract Data type� �Person(name:String,age:int)� �
� �c l a s s Person {
S t r i n g name ;S t r i n g f i r s tName ;i n t age ;
}� �Person
xxqqqq!!DDD
D
”smith” 42
Symb(t)t|1t|2
Person
”smith””bob”42
instanceoft.namet.age
is fsym(dte, df e) ≡ dSymb(t) = f esubtermf (dte, die) ≡ dt|ie
Formal Islands and Certified Pattern Matching Code 17 / 27
![Page 36: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/36.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
Definition of mapping : why and what ?
Algebraic space Concrete space
Abstract Data type� �Person(name:String,age:int)� �
� �c l a s s Person {
S t r i n g name ;S t r i n g f i r s tName ;i n t age ;
}� �Person
xxqqqq!!DDD
D
”smith” 42
Symb(t)t|1t|2
Person
”smith””bob”42
instanceoft.namet.age
is fsym(dte, df e) ≡ dSymb(t) = f esubtermf (dte, die) ≡ dt|ie
Formal Islands and Certified Pattern Matching Code 17 / 27
![Page 37: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/37.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
Definition of mapping : why and what ?
Algebraic space Concrete space
Abstract Data type� �Person(name:String,age:int)� �
� �c l a s s Person {
S t r i n g name ;S t r i n g f i r s tName ;i n t age ;
}� �Person
xxqqqq!!DDD
D
”smith” 42
Symb(t)t|1t|2
Person
”smith””bob”42
instanceoft.namet.age
is fsym(dte, df e) ≡ dSymb(t) = f esubtermf (dte, die) ≡ dt|ie
Formal Islands and Certified Pattern Matching Code 17 / 27
![Page 38: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/38.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
Definition of mapping : why and what ?
Algebraic space Concrete space
Abstract Data type� �Person(name:String,age:int)� �
� �c l a s s Person {
S t r i n g name ;S t r i n g f i r s tName ;i n t age ;
}� �Person
xxqqqq!!DDD
D
”smith” 42
Symb(t)t|1t|2
Person
”smith””bob”42
instanceoft.namet.age
is fsym(dte, df e) ≡ dSymb(t) = f esubtermf (dte, die) ≡ dt|ie
Formal Islands and Certified Pattern Matching Code 17 / 27
![Page 39: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/39.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
Definition of mapping : why and what ?
Algebraic space Concrete space
Abstract Data type� �Person(name:String,age:int)� �
� �c l a s s Person {
S t r i n g name ;S t r i n g f i r s tName ;i n t age ;
}� �Person
xxqqqq!!DDD
D
”smith” 42
Symb(t)t|1t|2
Person
”smith””bob”42
instanceoft.namet.age
is fsym(dte, df e) ≡ dSymb(t) = f esubtermf (dte, die) ≡ dt|ie
Formal Islands and Certified Pattern Matching Code 17 / 27
![Page 40: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/40.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
Validation method
Consider the pattern g(f (x), b) and the term g(f (a), b)and the program P
g(f (x), b)�g(f (a), b)
match��
compile // P(dg(f (a), b)e)
semantics��
[x ← a] ooabstract
{x := dae}
Formal Islands and Certified Pattern Matching Code 18 / 27
![Page 41: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/41.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
Validation method
Consider the pattern g(f (x), b) and the term g(f (a), b)and the program P
g(f (x), b)�X
match��
compile // P(dX e)
semantics��
[x ← X|1|1] ooabstract
{x := dX|1|1e}
Formal Islands and Certified Pattern Matching Code 18 / 27
![Page 42: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/42.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
Big-step semantics
Rules for instructions instr:
〈ε, accept〉 7→ 〈ε, accept〉 (accept)
〈ε, refuse〉 7→ 〈ε, refuse〉 (refuse)
〈ε, i1〉 7→ 〈ε′, i〉〈ε, if(e, i1, i2)〉 7→ 〈ε′, i〉
if ε(e) ≡ true(iftrue)
〈ε, i2〉 7→ 〈ε′, i〉〈ε, if(e, i1, i2)〉 7→ 〈ε′, i〉
if ε(e) ≡ false(iffalse)
〈ε[x ← dte], i1〉 7→ 〈ε′, i〉〈ε, let(x , u, i1)〉 7→ 〈ε′, i〉
if ε(u) ≡ dte(let)
Formal Islands and Certified Pattern Matching Code 19 / 27
![Page 43: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/43.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
Big-step semantics
Rules for instructions instr:
〈ε, accept〉 7→ 〈ε, accept〉 (accept)
〈ε, refuse〉 7→ 〈ε, refuse〉 (refuse)
〈ε, i1〉 7→ 〈ε′, i〉〈ε, if(e, i1, i2)〉 7→ 〈ε′, i〉
if ε(e) ≡ true(iftrue)
〈ε, i2〉 7→ 〈ε′, i〉〈ε, if(e, i1, i2)〉 7→ 〈ε′, i〉
if ε(e) ≡ false(iffalse)
〈ε[x ← dte], i1〉 7→ 〈ε′, i〉〈ε, let(x , u, i1)〉 7→ 〈ε′, i〉
if ε(u) ≡ dte(let)
Formal Islands and Certified Pattern Matching Code 19 / 27
![Page 44: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/44.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
Big-step semantics
Rules for instructions instr:
〈ε, accept〉 7→ 〈ε, accept〉 (accept)
〈ε, refuse〉 7→ 〈ε, refuse〉 (refuse)
〈ε, i1〉 7→ 〈ε′, i〉〈ε, if(e, i1, i2)〉 7→ 〈ε′, i〉
if ε(e) ≡ true(iftrue)
〈ε, i2〉 7→ 〈ε′, i〉〈ε, if(e, i1, i2)〉 7→ 〈ε′, i〉
if ε(e) ≡ false(iffalse)
〈ε[x ← dte], i1〉 7→ 〈ε′, i〉〈ε, let(x , u, i1)〉 7→ 〈ε′, i〉
if ε(u) ≡ dte(let)
Formal Islands and Certified Pattern Matching Code 19 / 27
![Page 45: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/45.jpg)
Introduction Languages Validation method Conclusion The PIL language Mapping Semantics
Big-step semantics
Rules for instructions instr:
〈ε, accept〉 7→ 〈ε, accept〉 (accept)
〈ε, refuse〉 7→ 〈ε, refuse〉 (refuse)
〈ε, i1〉 7→ 〈ε′, i〉〈ε, if(e, i1, i2)〉 7→ 〈ε′, i〉
if ε(e) ≡ true(iftrue)
〈ε, i2〉 7→ 〈ε′, i〉〈ε, if(e, i1, i2)〉 7→ 〈ε′, i〉
if ε(e) ≡ false(iffalse)
〈ε[x ← dte], i1〉 7→ 〈ε′, i〉〈ε, let(x , u, i1)〉 7→ 〈ε′, i〉
if ε(u) ≡ dte(let)
Formal Islands and Certified Pattern Matching Code 19 / 27
![Page 46: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/46.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Definition of a correct compilation
Definition
Given a formal anchor de, a well-formed program πp is a correctcompilation of p when both:
If the program results in accept, then a match is computed∀ε, ε′ ∈ Env ,∀t ∈ T (F),
〈ε, πp(dte)〉 7→ 〈ε′, accept〉 ⇒ Φ(ε′)(p) = t
(soundOK )If p matches t, then the program finds a match∀ε ∈ Env ,∀t ∈ T (F),
p � t ⇒ ∃ε′ ∈ Env , 〈ε, πp(dte)〉 7→ 〈ε′, accept〉
∧Φ(ε′)(p) = t (completeOK )
Formal Islands and Certified Pattern Matching Code 20 / 27
![Page 47: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/47.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Result
Theorem
Given a formal anchor de, a pattern p ∈ T (F ,X ), and awell-formed program πp ∈ PIL, we have:
πp is a correct compilation of p⇐⇒
∀ε, ε′ ∈ Env ,∀t ∈ T (F),
〈ε, πp(dte)〉 7→ 〈ε′, accept〉 ⇔ Φ(ε′)(p) = t
Now, how to use these tools ?
Formal Islands and Certified Pattern Matching Code 21 / 27
![Page 48: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/48.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Result
Theorem
Given a formal anchor de, a pattern p ∈ T (F ,X ), and awell-formed program πp ∈ PIL, we have:
πp is a correct compilation of p⇐⇒
∀ε, ε′ ∈ Env ,∀t ∈ T (F),
〈ε, πp(dte)〉 7→ 〈ε′, accept〉 ⇔ Φ(ε′)(p) = t
Now, how to use these tools ?
Formal Islands and Certified Pattern Matching Code 21 / 27
![Page 49: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/49.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Method
Let’s consider the pattern p : g(f (x), b)
πg(f (x),b)(s) ,if(is fsym(s, dge),
if(is fsym(subtermg (s, 1), df e),let(x1, subtermf (subtermg (s, 1), 1),
if(is fsym(subtermg (s, 2), dbe),let(x , x1, accept),refuse)),
refuse),refuse)
Formal Islands and Certified Pattern Matching Code 22 / 27
![Page 50: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/50.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Deriving constraints for g(f (x), b)
πg(f (x),b)(s) ,if(is fsym(s, dge),
if(is fsym(subtermg (s, 1), df e),let(x1, subtermf (subtermg (s, 1), 1),
if(is fsym(subtermg (s, 2), dbe),let(x , x1, accept),refuse)),
refuse),refuse)
is fsym(s, dge) ≡ true → Symb(s) = gis fsym(subtermg (s, 1), df e) ≡ true → Symb(s|1) = fx1 = subtermf (subtermg (s, 1), 1) → x1 = s|1|1is fsym(subtermg (s, 2), dbe) ≡ true → Symb(s|2) = bx = x1 → x = s|1|1
Formal Islands and Certified Pattern Matching Code 23 / 27
![Page 51: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/51.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Deriving constraints for g(f (x), b)
πg(f (x),b)(s) ,if(is fsym(s, dge),
if(is fsym(subtermg (s, 1), df e),let(x1, subtermf (subtermg (s, 1), 1),
if(is fsym(subtermg (s, 2), dbe),let(x , x1, accept),refuse)),
refuse),refuse)
is fsym(s, dge) ≡ true → Symb(s) = gis fsym(subtermg (s, 1), df e) ≡ true → Symb(s|1) = fx1 = subtermf (subtermg (s, 1), 1) → x1 = s|1|1is fsym(subtermg (s, 2), dbe) ≡ true → Symb(s|2) = bx = x1 → x = s|1|1
Formal Islands and Certified Pattern Matching Code 23 / 27
![Page 52: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/52.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Deriving constraints for g(f (x), b)
πg(f (x),b)(s) ,if(is fsym(s, dge),
if(is fsym(subtermg (s, 1), df e),let(x1, subtermf (subtermg (s, 1), 1),
if(is fsym(subtermg (s, 2), dbe),let(x , x1, accept),refuse)),
refuse),refuse)
is fsym(s, dge) ≡ true
→ Symb(s) = gis fsym(subtermg (s, 1), df e) ≡ true → Symb(s|1) = fx1 = subtermf (subtermg (s, 1), 1) → x1 = s|1|1is fsym(subtermg (s, 2), dbe) ≡ true → Symb(s|2) = bx = x1 → x = s|1|1
Formal Islands and Certified Pattern Matching Code 23 / 27
![Page 53: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/53.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Deriving constraints for g(f (x), b)
πg(f (x),b)(s) ,if(is fsym(s, dge),
if(is fsym(subtermg (s, 1), df e),let(x1, subtermf (subtermg (s, 1), 1),
if(is fsym(subtermg (s, 2), dbe),let(x , x1, accept),refuse)),
refuse),refuse)
is fsym(s, dge) ≡ true
→ Symb(s) = gis fsym(subtermg (s, 1), df e) ≡ true → Symb(s|1) = fx1 = subtermf (subtermg (s, 1), 1) → x1 = s|1|1is fsym(subtermg (s, 2), dbe) ≡ true → Symb(s|2) = bx = x1 → x = s|1|1
Formal Islands and Certified Pattern Matching Code 23 / 27
![Page 54: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/54.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Deriving constraints for g(f (x), b)
πg(f (x),b)(s) ,if(is fsym(s, dge),
if(is fsym(subtermg (s, 1), df e),let(x1, subtermf (subtermg (s, 1), 1),
if(is fsym(subtermg (s, 2), dbe),let(x , x1, accept),refuse)),
refuse),refuse)
is fsym(s, dge) ≡ true
→ Symb(s) = g
is fsym(subtermg (s, 1), df e) ≡ true
→ Symb(s|1) = fx1 = subtermf (subtermg (s, 1), 1) → x1 = s|1|1is fsym(subtermg (s, 2), dbe) ≡ true → Symb(s|2) = bx = x1 → x = s|1|1
Formal Islands and Certified Pattern Matching Code 23 / 27
![Page 55: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/55.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Deriving constraints for g(f (x), b)
πg(f (x),b)(s) ,if(is fsym(s, dge),
if(is fsym(subtermg (s, 1), df e),let(x1, subtermf (subtermg (s, 1), 1),
if(is fsym(subtermg (s, 2), dbe),let(x , x1, accept),refuse)),
refuse),refuse)
is fsym(s, dge) ≡ true
→ Symb(s) = g
is fsym(subtermg (s, 1), df e) ≡ true
→ Symb(s|1) = fx1 = subtermf (subtermg (s, 1), 1) → x1 = s|1|1is fsym(subtermg (s, 2), dbe) ≡ true → Symb(s|2) = bx = x1 → x = s|1|1
Formal Islands and Certified Pattern Matching Code 23 / 27
![Page 56: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/56.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Deriving constraints for g(f (x), b)
πg(f (x),b)(s) ,if(is fsym(s, dge),
if(is fsym(subtermg (s, 1), df e),let(x1, subtermf (subtermg (s, 1), 1),
if(is fsym(subtermg (s, 2), dbe),let(x , x1, accept),refuse)),
refuse),refuse)
is fsym(s, dge) ≡ true
→ Symb(s) = g
is fsym(subtermg (s, 1), df e) ≡ true
→ Symb(s|1) = f
x1 = subtermf (subtermg (s, 1), 1)
→ x1 = s|1|1is fsym(subtermg (s, 2), dbe) ≡ true → Symb(s|2) = bx = x1 → x = s|1|1
Formal Islands and Certified Pattern Matching Code 23 / 27
![Page 57: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/57.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Deriving constraints for g(f (x), b)
πg(f (x),b)(s) ,if(is fsym(s, dge),
if(is fsym(subtermg (s, 1), df e),let(x1, subtermf (subtermg (s, 1), 1),
if(is fsym(subtermg (s, 2), dbe),let(x , x1, accept),refuse)),
refuse),refuse)
is fsym(s, dge) ≡ true
→ Symb(s) = g
is fsym(subtermg (s, 1), df e) ≡ true
→ Symb(s|1) = f
x1 = subtermf (subtermg (s, 1), 1)
→ x1 = s|1|1is fsym(subtermg (s, 2), dbe) ≡ true → Symb(s|2) = bx = x1 → x = s|1|1
Formal Islands and Certified Pattern Matching Code 23 / 27
![Page 58: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/58.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Deriving constraints for g(f (x), b)
πg(f (x),b)(s) ,if(is fsym(s, dge),
if(is fsym(subtermg (s, 1), df e),let(x1, subtermf (subtermg (s, 1), 1),
if(is fsym(subtermg (s, 2), dbe),let(x , x1, accept),refuse)),
refuse),refuse)
is fsym(s, dge) ≡ true
→ Symb(s) = g
is fsym(subtermg (s, 1), df e) ≡ true
→ Symb(s|1) = f
x1 = subtermf (subtermg (s, 1), 1)
→ x1 = s|1|1
is fsym(subtermg (s, 2), dbe) ≡ true
→ Symb(s|2) = bx = x1 → x = s|1|1
Formal Islands and Certified Pattern Matching Code 23 / 27
![Page 59: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/59.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Deriving constraints for g(f (x), b)
πg(f (x),b)(s) ,if(is fsym(s, dge),
if(is fsym(subtermg (s, 1), df e),let(x1, subtermf (subtermg (s, 1), 1),
if(is fsym(subtermg (s, 2), dbe),let(x , x1, accept),refuse)),
refuse),refuse)
is fsym(s, dge) ≡ true
→ Symb(s) = g
is fsym(subtermg (s, 1), df e) ≡ true
→ Symb(s|1) = f
x1 = subtermf (subtermg (s, 1), 1)
→ x1 = s|1|1
is fsym(subtermg (s, 2), dbe) ≡ true
→ Symb(s|2) = bx = x1 → x = s|1|1
Formal Islands and Certified Pattern Matching Code 23 / 27
![Page 60: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/60.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Deriving constraints for g(f (x), b)
πg(f (x),b)(s) ,if(is fsym(s, dge),
if(is fsym(subtermg (s, 1), df e),let(x1, subtermf (subtermg (s, 1), 1),
if(is fsym(subtermg (s, 2), dbe),let(x , x1, accept),refuse)),
refuse),refuse)
is fsym(s, dge) ≡ true
→ Symb(s) = g
is fsym(subtermg (s, 1), df e) ≡ true
→ Symb(s|1) = f
x1 = subtermf (subtermg (s, 1), 1)
→ x1 = s|1|1
is fsym(subtermg (s, 2), dbe) ≡ true
→ Symb(s|2) = b
x = x1
→ x = s|1|1
Formal Islands and Certified Pattern Matching Code 23 / 27
![Page 61: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/61.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Deriving constraints for g(f (x), b)
πg(f (x),b)(s) ,if(is fsym(s, dge),
if(is fsym(subtermg (s, 1), df e),let(x1, subtermf (subtermg (s, 1), 1),
if(is fsym(subtermg (s, 2), dbe),let(x , x1, accept),refuse)),
refuse),refuse)
is fsym(s, dge) ≡ true → Symb(s) = gis fsym(subtermg (s, 1), df e) ≡ true → Symb(s|1) = fx1 = subtermf (subtermg (s, 1), 1) → x1 = s|1|1is fsym(subtermg (s, 2), dbe) ≡ true → Symb(s|2) = bx = x1 → x = s|1|1
Formal Islands and Certified Pattern Matching Code 23 / 27
![Page 62: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/62.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Proof obligation
We have to prove:
∀s, x : g(f (x), b) = s⇔
Symb(s) = g∧ Symb(s|1) = f∧ Symb(s|2) = b∧ x = s|1|1
Handled by Zenon [Doligez, INRIA], first order theorem prover
Formal Islands and Certified Pattern Matching Code 24 / 27
![Page 63: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/63.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Proof obligation
We have to prove:
∀s, x : g(f (x), b) = s⇔
Symb(s) = g∧ Symb(s|1) = f∧ Symb(s|2) = b∧ x = s|1|1
Handled by Zenon [Doligez, INRIA], first order theorem prover
Formal Islands and Certified Pattern Matching Code 24 / 27
![Page 64: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/64.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Proof obligation
We have to prove:
∀s, x : g(f (x), b) = s⇔
Symb(s) = g∧ Symb(s|1) = f∧ Symb(s|2) = b∧ x = s|1|1
Handled by Zenon [Doligez, INRIA], first order theorem prover
Formal Islands and Certified Pattern Matching Code 24 / 27
![Page 65: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/65.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
In the Tom compiler
Input Parser Backend Output
Compiler
constraints extraction
Optimizer
Proof ΠZenon
Tom Compiler
Patterns PIL
PIL
Cp,σ ⇔ Cπp
Formal Islands and Certified Pattern Matching Code 25 / 27
![Page 66: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/66.jpg)
Introduction Languages Validation method Conclusion Definition of correct compilation How this works Results
Application
Application on the Tom compiler itself
I more than 200 patterns
I verification takes about 20% of the compilation time
Formal Islands and Certified Pattern Matching Code 26 / 27
![Page 67: Formal Islands and Certified Pattern Matching Code](https://reader034.vdocuments.site/reader034/viewer/2022042822/62696c87d7acc15ac311eeeb/html5/thumbnails/67.jpg)
Introduction Languages Validation method Conclusion
Conclusion
I ContributionsI Formal Island concept: safely build on existing codeI Certification of pattern matching codeI Model of the mapping between formal and actual
data-structure
I PerspectivesI Extention to rewriting (inlining)I DecidabilityI Extention to associative matchingI Support for equational theories
http://tom.loria.fr
Formal Islands and Certified Pattern Matching Code 27 / 27