Computing in Coq with Infinite Algebraic Data Structures

One main feature of constructive type theory, through the well-known Curry-Howard isomorphism, is the equivalence between proving and programming. This is clearly one of the advantages of Coq [5] with respect to other proof assistants, like Isabelle/HOL [22]. This characteristic is the base of reflective tactics, pioneered by S. Boutin [6], and successfully used, for instance, in [14,20]. Computing can play another role when formalizing a proof. It can be useful, for example, to check some conjecture over concrete cases. When dealing with standard data structures (as lists, trees, and the like), these experiments can be done in a parallel line by programming the tests in Java, C, or any other programming language. If infinite data structures occur, programming them is a more delicate task, and it can be rewarding to keep a tighter link among programs and specifications. Infinite data structures, presented as coinductive objets as streams, have been dealt with in the theorem proving literature (see [5] for instance). In this work, we undertake another via to manage the infinity, working with algebraic structures of infinite type (that is to say, generated by infinite sets) [24]. We report in this paper on an experiment of this nature, in the area of homological algebra. It is well-known that homological information is not computable over explicit calculations with elements are presented in Section 5, using Coq as a computing tool to check some conjectures. The paper ends with conclusions, future work, and the bibliography. The Coq source files are available at https://esus.unirioja.es/psycotrip/archivos documentos/CCIADS.zip. In this section we introduce the algebraic structures which support our constructions. They include chain complexes, chain complex morphisms, and reductions and effective homologies of chain complexes. The formalization in Coq of these structures are also described. We assume as known the notions of ring, module over a ring and module morphism (see [16] for instance). A ring R commutative and with unity is fixed all through the paper, and modules are supposed to be left R-modules. We have built these basic structures in Coq using records called Ring, Module and ModHom, respectively. They are based on the ones included in CoRN [13] (but simplifying them: basically eliminating the apartness relation included in setoids which is not used by us, since we are working in a discrete mathematics setting). Besides, further constructions as for instance the addition or the composition of module morphisms are defined, and are represented using the infix notation [+h] or [oh], respectively. A free R-module generated over a set B is the module R[B] whose elements are linear combinations with elements of B as generators. The addition and the external product by elements of R are defined in the natural way. Since we are planning to work in a constructive logic setting, it is convenient to define a free module as one module M where an explicit isomorphism is known between M and R[B] (the set of generators B must also be explicitly given). If B is finite, the free module is said of finite type. The formalization of free modules in Coq follows the ideas given by L. Pottier in the Coq contributions web page [19]. There, a definition can be found of a module built by freely generation from a basis, which is given by a setoid (i.e. a set with an equality, usually denoted by [=]), using the module operations. If we call B the basis setoid, this is representing the mathematical structure R[B] introduced above. Then, our formalization of free modules consists of a record with a module and an explicit isomorphism to such a freely generated module. In order to deal with finite sets in a constructive type theory, more care is needed. For instance, several alternatives for defining finite sets in a constructive logic are included in [8]. Finite algebraic structures have also been implemented in Coq in [15] as a first milestone of a long-term effort to formalize the Feit-Thompson theorem. Our formalization is the following. Given a natural number k ∈ N, let us denote F S(k) the (finite) setoid {0, 1, . . . , k -1} (with the Leibniz equality). We consider a setoid B as finite if it is endowed with a natural number k ∈ N and an explicit bijection to F S(k). Then, a free module of finite type is a free module, but we impose that the generator set is equal (in the Coq internal sense) to F S(k). We concentrate ourselves in the sequel on free modules, since it is the unique kind of modules dealt with in the Kenzo system [12]. We are ready to introduce the first graded concept, needed in Homological Algebra and Algebraic Topology. Definition 1. A graded module M is a family of R-modules indexed by the integer numbers (M i ) i∈Z . A graded module is free (or free of finite type) if M i is free (free of finite type, respectively) for all i ∈ Z. If x ∈ M i , the index i is called degree of the element x. Definition 2. Given a graded module M a differential operator d on M is a family of module morphisms where M is a graded module and d a differential operator on M . A chain complex is called free (or free of finite type) when its underlying graded module is free (free of finite type, respectively). Chain complexes have a corresponding notion of morphism. Definition 4. A chain complex morphism (or, simply, a chain morphism) f : CC → CC ′ between two chain complexes CC = (M, d) and Given a ring R: Ring, a graded module can be formalized in Coq with the following dependent type: Z -> Module R, which accurately represents a family of modules indexed by the integer numbers. Then, a (free) chain complex can be formalized in Coq using the following record structure: Record ChainComplex: Type:= {GrdMod:> Z -> FreeModule R; Diff: forall i:Z, ModHom (R:=R) (GrdMod (i + 1)) (GrdMod i); NilpotencyDiff: forall i:Z, (Nilpotency (Diff i)(Diff (i + 1))}. where the nilpotency property is defined by Nilpotency(g:ModHom B C) (f:ModHom A B):= forall a: A, ((g[oh]f)a)[=]Zero. In a similar way, given two chain complexes CC1 CC2: ChainComplex R, a chain complex morphism ChainComplexHom is represented as a record with a family of module morphisms GrdModHom:>forall i:Z,ModHom(CC1 i)(CC2 i) which commutes with the chain complex differentials. Now, the central definition in effective homology theory: reduction. A reduction establishes a link between a "big" chain complex, called top complex, and a smaller one, called bottom complex, in such a way that if all the homological problems are solved in the bottom complex, then it is the same in the top one. where T CC = (M, d) and BCC = (M ′ , d ′ ) are chain complexes (named top and bottom chain complex), f : T CC → BCC and g : BCC → T CC are chain morphisms, h = (h i : M i → M i+1 ) i∈Z is a family of module morphisms (called homotopy operator), which satisfy the following properties for all i ∈ Z: And now, the relevant case. In a free chain complex of finite type the homological problems can be solved algorithmically in a simple way (at least in cases where the ring R allows one to diagonalize matrices over R; this includes the case R = Z, the most important one in Algebraic Topology; see [24]). Thus, if from a chain complex (possibly of infinite type) we can get a reduction to a chain complex of finite type, the homological problem is solved for the initial complex. This is the strategy followed in the Kenzo system. And it is the very notion of chain complex with effective homology. Definition 6. A chain complex CC is with effective homology if it is free and it is endowed with a reduction where CC itself is the top chain complex and the bottom chain complex is free of finite type. Given a chain complex CC1: ChainComplex R, a homotopy operator is represented in Coq as a family of module morphisms HomotopyOperator:= forall i: Z, ModHom(C1 i)(C1(i + 1)). The reduction notion is then formalized as a record Reduction with two chain complexes topCC:ChainComplex R, bottomCC:ChainComplex R and three morphisms f t b:ChainComplexHom topCC bottomCC, g b t:ChainComplexHom bottomCC topCC, h t t:HomotopyOperator topCC. Besides, five fields representing the five reduction properties are included. For instance, the field which corresponds to the second property is: rp2: homotopy operator property f t b g b t h t t with: Some comments on these Coq definitions are needed. Why are the elements in this definition considered to be on the i+1-th degree and not on the i-th degree, as it is the usual definition of reduction? The same decision was previously taken when the definition of differential was introduced. It is clear that as we are considering the definition for all the integers, both definitions are equivalent. But, a Coq technical problem is easily avoided thanks to our definition. We are going to focus our attention on the (h i[oh](Diff C1 i)) component of the definition. The differential takes an element in degree i+1 and obtains an element in degree i which is translated to a component in degree i+1 by the homotopy operator. If we consider the mathematically equivalent definition, considering the differential defined from degree i to i-1, then the corresponding component would be (h(i-1)[oh](Diff C1 i)). In this composition, the differential takes an element in degree i and returns an element in degree i-1, which is now translated to a component in degree i-1+1. In Coq this element is equal but is not convertible to i. So, we will obtain a Coq type error from this sum of morphisms. A transition function between equal but not directly convertible types (which it is essentially an identity between types) can be introduced allowing us to overcome this drawback 1 . The concept of free of finite type chain complex is then obtained in Coq as a specialization of the chain complex structure: simply adding that the family of modules are free modules of finite type. In a similar way it is formalized the concept of effective homology as a specialization of the reduction structure by declaring the bottomCC is of finite type. In this section we first define the notion of the cone of a chain complex morphism. Then, the main result that we are going to deal with is stated: the effective homology of a cone. We also show how this theorem can be proved in Coq. Now, the theorem which determines the effective homology of a cone can be stated. Theorem 1. Given two reductions r = (T CC, BCC, f, g, h) and r ′ = (T CC ′ , BCC ′ , f ′ , g ′ , h ′ ) and a chain morphism α : T CC → T CC ′ between their top chain complexes, it is possible to define a reduction r ′′ = (Cone(α), BCC ′′ , f ′′ , g ′′ , h ′′ ) with Cone(α) as top chain complex and: 1 We acknowledge T. Coquand for the suggestion of this idea. Besides, if T CC and T CC ′ are objects with effective homology through the reductions r and r ′ , then Cone(α) is an object with effective homology through r ′′ . In [11] we formalized in Coq the effective homology of a bicomplex. That result can be considered as a generalization of the previous theorem to an infinite (indexed by the natural numbers) family of reductions. Nevertheless, in order to obtain it, the chain complexes must be positive, i.e., with null components in the negative indexes (or, in other equivalent presentation, indexed by the natural numbers). In this paper, we have not this constraint since we work with a general definition of chain complex, with modules indexed by integer numbers. The formalization of Theorem 1 in Coq is obtained as follows. Given two chain complexes CC0 CC1: ChainComplex R and a chain complex morphism f: ChainComplexHom CC1 CC0, the cone of this morphism is a chain complex with family of modules ConeGrdMod:= fun i: Z => Sum FreeModule (CC1 i) (CC0(i+1)) (with the direct sum of free modules Sum FreeModule defined in a natural way) and with differential operator defined as follows: It is not difficult to prove that these functions define a module morphism which satisfies the differential condition. This last property allows one to build the cone chain complex associated to a chain complex morphism: Cone(f). Given now two reductions r1 r2: Reduction R and a chain complex morphism between their top chain complexes alpha: ChainComplexHom(topCC r1) (topCC r2), it is possible to define a chain complex morphism alpha' between the bottom chain complexes through the function alpha'':= fun n: Z => (f t b r2 i)[oh](alpha i)[oh](g b t r1 i). The first part of Theorem 1 is proved if we build a reduction between Cone(alpha) and Cone(alpha'). The first chain complex morphism of the reduction is defined in the following way: Analogous definitions are provided for the two other morphisms of the reduction. Then we state Coq lemmas for the reduction properties on these morphisms. The proof of these lemmas consists in applying mainly equational reasoning over setoid equalities, following closely the paper and pencil proof. It allows building the reduction of a cone: ConeReduction(alpha). Finally, given two effective homologies r1 r2: EffectiveHomology R and a chain complex morphism alpha between their top chain complexes, ConeReduction(alpha) is directly a reduction of the cone. Then, in order to define an effective homology for the cone it remains to prove that the bottom free chain complex of this reduction is free of finite type. It is easily obtained in Coq since the direct sum of free chain complex of finite type is free of finite type. A working representation in a proof assistant of the concepts included in previous sections has to be sound, but also needs to be useful. The second feature can be shown by formally proving some results. This was the purpose of the previous section. The first feature can be illustrated by providing instances of the representations, that accurately reflect usual mathematical entities. This is the aim of this section which includes different instances of all the previous structures. First, we define some elementary instances which will act as building blocks for more elaborated constructions. The first example is the null free module M (0) (i.e., a module with the unit as unique element). This is indeed a free module of finite type, generated by the setoid with zero elements. Then, a null free chain complex can be defined CC (0) = ((M (0) ) i∈Z , (d (0) ) i∈Z ) (i.e., with the previous module in each degree and the null differential). This chain complex can be also built as a free chain complex of finite type F CC (0) , defined from the corresponding free module of finite type. Obviously, a trivial effective homology for this chain complex can be defined. Another basic example is the free module of the integers Z (over the ring of integers) which we denote in Coq by ZFreeModule. This module can be also implemented as a module of finite type, ZFinFreeModule, generated by the setoid with only one element. Then, an example of free chain complex is CC (1) = ((M (1) ) i∈Z , (d (1) ) i∈Z ) with (M (1) ) i = Z, ∀i ∈ Z, and (d (1) ) i : Z → Z such as (d (1) ) i (x) = 2 * x if i is even and (d (1) ) i (x) = 0 otherwise: The Coq formalization of the required differential is obtained through the functional type fun i: Z => if (Zeven bool i) then x2 ModHom else (ModHom zero ZFreeModule ZFreeModule). It is easy to prove that this morphism satisfies the nilpotency condition. A similar free chain complex of finite type F CC (1) can be defined using the corresponding family of free modules of finite type. Besides, we can define a trivial effective homology between both complexes that we name Id Z 2x 0 EffectiveHomology: The previous examples are chain complexes of finite type, since the modules are free of finite type (in that case with zero or one generator). An example of a free module of infinite type is Z[N], the free module generated by the natural numbers (over the ring of integer numbers) which we denote in Coq by Z nat FreeModule. It is defined by taking as free module the one freely generated from the setoid denoted in Coq by nat as Setoid (that is to say, the setoid of natural numbers with the Leibniz equality). The definition is then completed with the same module as module representation and the identity as isomorphism between them. To keep notations clear, the generator i of Z[N] will be denoted by x i , ∀i ∈ N. Now, a chain complex of infinite type CC (2) = ((M (2) ) i∈Z , (d (2) ) i∈Z ) is built where (M (2) ) i = Z[N], ∀i ∈ Z, and (d (2) ) i : Z[N] → Z[N] defined on generators (and then extended to all elements by freely generation) in the following way: if i is even, (d (2) ) i (x j ) = x j if j is even and (d (2) ) i (x j ) = 0 otherwise; and if i is odd, (d (2) ) i (x j ) = 0 if j is even and (d (2) ) i (x j ) = x j otherwise. This differential on generators can be illustrated with the following diagram: . . . . . . . . . This chain complex is named in our representation Z nat ChainComplex. Its differential can be easily defined using auxiliary functions as fun n: nat as Setoid => if even bool n then Var n else Unit . Here, we are using the Unit notation for the null element as in L. Pottier' s development. It is not difficult to prove that this morphism satisfies the nilpotency condition (in other words, it is really a differential). Now, it is possible to define a homotopy operator h (2) on CC (2) built on generators in the same way as the previous differential (but, defined from an element in the module at degree i to an element in the module at degree i + 1). Obvious morphisms allow us to complete an effective homology from this last free chain complex to the null free chain complex of finite type F CC (0) . This last effective homology proves that CC (2) is acyclic. In order to define a more interesting effective homology we define the free chain complex CC (1) ⊕ CC (2) obtained from the direct sum of the two previous chain complexes. Then, it is easy to define an effective homology Z x Z nat EffectiveHomology: F CC (1) (id,0) n n where π 1 is the canonical projection in the first component. Finally, we consider a free chain morphism between the top chain complexes of Z x Z nat EffectiveHomology and Id Z 2x 0 EffectiveHomology again through the canonical projection in the first component: CC (1) ⊕ CC (2) π1 --(0,h (2) ) π1 F CC (1) (id,0) Then, we can obtain in Coq the cone of this morphism and the effective homology associated to it, named Example Cone EffectiveHomology, as a particular instance of our general result developed in the previous section: We will use this effective homology instance to make concrete computations in Coq in the following section. Working in the Coq constructive type theoretic setting allows us to obtain from proofs directly computable terms. In the previous section we obtained instances of meaningful examples of all our data structures, so we can now make calculations with them through the associated algorithms (which have been proved correct in Coq). In particular we can make computations within instances of chain complexes of infinite type. We will use the vm compute Coq tactic for evaluating terms. It computes the goal using the optimized call-by-value evaluation bytecode-based virtual machine [19]. Another option consists in using the Coq extracting code mechanism. Nowadays, the functional languages available as output in Coq are OCaml, Haskell and Scheme [18]. This extracted code should be, in principle, efficient but the presence of dependent types makes it complicated, at least in the Haskell case. Being Scheme a kind of Lisp, its dynamical typing style should be more convenient from this point of view in order to be our target language in which extracts our code. Nevertheless it seems to be the least developed frame (see [19] again). Since Kenzo is implemented in Common Lisp it is clear that the problems encountered with Scheme are important for us if we want to extract code which was directly comparable with the Kenzo code. We do not follow this line in this paper. We explore rather the possibilities of the internal execution of Coq terms. We are going to choose as an example the top chain complex of Example Cone EffectiveHomology, i.e. Cone(π 1 ). This is an example of chain complex of infinite type. For instance, we want to compute its differential applied to the element (5, 7 * x 4 +8 * x 0 , 3) at degree 2. Since the module at degree 2 of the cone (and, in fact, at any degree) is Z⊕Z[N]⊕Z, the element (5, 7 * x 4 +8 * x 0 , 3) has a component in each module. The first and third components appear simply as integers, because Z is considered a free module over a singleton which is skipped. On the contrary, elements in the second component are true combinations in Z[N] with generator x i (recall our convention of naming x i the element i of N). Thus the modules of the cone are not presented as free modules, but they are isomorphic to modules freely generated, as it is inferred from the results of Section 3. The second element of the tuple (5, 7 * x 4 + 8 * x 0 , 3) is represented in Coq by e:= Law (Op (R:= Z as Ring) 7 (Var (4%nat: nat as Setoid))) (Op (R:= Z as Ring) 8 (Var (0%nat: nat as Setoid))). The required Coq code is then the following: Eval vm_compute in ((Diff(topCC Example_Cone_EffectiveHomology) 2) ( or, in plain notation, (0, -(-(7 * () + 8 * ()), 0) which it is equal (in the setoid) to the null element. It should be recalled that our formalization of the free module generated by the natural numbers directly use the L. Pottier definition for free modules, and, as a consequence, we are not working with canonical elements on the free modules or with structures which allow a reduction to them. Now, we focus our attention on homotopy operators, that is to say on morphisms which increase in one unity the degree into the graded module. We use as ambient structures the chain complexes Cone(π 1 ) and Cone(α ′ ) introduced in the previous section. Some examples of homotopy operators for Cone(α ′ ), h = (h i : Cone(α ′ ) i → Cone(α ′ ) i+1 ) i∈Z , are the following: Both can be easily implemented in Coq. For example, the first one is represented through: Definition h1': forall i:Z, bottomCC Example_Cone_EffectiveHomology i -> bottomCC Example_Cone_EffectiveHomology(i + 1):= fun (i:Z)(c: bottomCC Example_Cone_EffectiveHomology i) => (0, fst c). There exist special homotopy operators called contracting homotopies which express algorithmically that the chain complex is acyclic [24]. Definition 8. A chain complex is acyclic if it is possible to define an effective homology from it to the null chain complex. Corollary 1. Let CC = (M, d) be a chain complex, CC is acyclic if and only if there exists a homotopy operator h defined on CC such that d • h + h • d = id. Such an operator is called contracting homotopy. We can test if the previous homotopy operators define a contracting homotopy. For instance, the corresponding tactic at degree i=1 choosing as element (5, 7): bottomCone 2 for the first candidate is: For the second homotopy operator over the same element we obtain: This means that h1 is not a contracting homotopy for Cone(α ′ ). It could be, anyway, acyclic. The homotopy operator h2 could be a candidate for contracting homotopy and, in fact, if we test other elements in other dimensions we always obtain the identity. Moreover, using the homotopy operator h2 and the one h Ex in the effective homology at the end of the previous section, we can define a new homotopy operator over Cone(π 1 ) with the formula h = h Ex + g Ex • h2 • f Ex . Graphically: This homotopy operator can be easily defined in Coq in the following way: We can test if it is a candidate to be a contracting homotopy: whose result is an element equal (in the setoid) to (5, e, 3). The testing with other elements and at other degrees is always successful and this allows us to conjecture that it is really a contracting homotopy. If that is the case, it could be used to solve a problem that, in general, is undecidable when working with chain complexes of infinite type. If an element x is a cycle (that is to say, d n (x) = 0) and the chain complex is acyclic, then there exists an element z such that d n+1 (z) = x. Or, in other words, z is a pre-image of x for the differential. Let us compute such a pre-image in our example. To this aim, we choose again x = (-10, -(7 * x 4 + 8 * x 0 ), 5) as an element at degree 2. We know already it is a cycle, because it has been previously computed. Then, if our homotopy operator h is a contracting homotopy, the image h(x) must be a pre-image of x for d (since dh(x) + hd(x) = x, but hd(x) = 0). We can test in Coq this fact as follows. First we apply the homotopy operator on the element: Eval vm_compute in (h_topCone 2)(-10, Inv e, 5). obtaining an element equal to (5, e, 0). And due to our previous computations we know that this element is indeed in the right pre-image because gives the required element (-10, Inv e, 5). This behaviour is not accidental. The testing is reflecting a general result relating cones and reductions. Namely: Proposition 1. Let (M, N, f, g, h) be a reduction. Then Cone(f ) is an acyclic chain complex. The constructive proof of this proposition gives exactly the formula we were testing before. Finally, we could proof in Coq that h2 and h are indeed contracting homotopies which is now an easy exercise. Also Corollary 1 and Proposition 1 could be formalized in Coq, although more effort is required. Both tasks are proposed as future work. In this paper we have presented some examples relating deduction and computing in the Coq proof assistant. Even if constructive type theory always allows, in principle, the modeler to execute terms (by reducing them) this is rarely used in development (or, at least, it is rarely documented). In our case, testing has been worked out in an infinite dimensional setting. Concretely, we have constructed concrete instances of chain complexes of infinite type, we have computed in Coq with their elements, and we have checked some formula producing a contracting homotopy on one of the chain complexes. This testing corresponds to a general theorem that could be, later on, proved in Coq, too. The chain complexes of infinite type used as examples in this paper are, in some sense, artificial. It can be considered as a demonstration of feasibility. In a future step, we will undertake the implementation in Coq of more meaningful infinite dimensional spaces. Our first candidates will be loop spaces. The chain complex associated to a combinatorial loop space (see Kan's G construction in [21]) is of infinite type. Under good conditions, its homology groups are, however, of finite type. Computing these homology groups was one of the first challenges solved by Kenzo (see [24]), and working with them in Coq would be an interesting issue. One unpleasant aspect of our work is that we are working in a context where combinations are not in normal form. This implies that, once a function has been applied, some work is needed to prove the result is equal to some assumed test value. Several approaches are known to tackle this reduction to canonical form, and we should systematically explore some of them to propose a more comfortable way of doing testing in Coq. Another via to avoid this difficulty could be to give setoids up and work inside the ssreflect framework [14]. Another related line is that of code extraction. We should retake the works on going from Coq to Scheme [18], and adapt them to Common Lisp. Since that we have a model (Kenzo [12]) of the programs we would like to extract, the challenge would be to devise Coq statements and proofs in such a way that the extracted programs would be as close as possible to the selected Kenzo fragment. Finally we could study the possibilities of tools like QuickCheck [7] in our setting. This system allows to test properties of programs automatically by generating a large number of cases (although, up to our knowledge, there is no direct application to Coq code).