A logical framework for incremental type-checking Matthias Puech 1 , - - PowerPoint PPT Presentation

A logical framework for incremental type-checking

Matthias Puech1,2 Yann R´ egis-Gianas2

• 1Dept. of Computer Science, University of Bologna

2University Paris 7, CNRS, and INRIA, PPS, team πr2

May 2011

CEA LIST

1 / 28

A paradoxical situation

Observation

We have powerful tools to mechanize the metatheory of (proof) languages

2 / 28

A paradoxical situation

Observation

We have powerful tools to mechanize the metatheory of (proof) languages

. . . And yet,

Workflow of programming and formal mathematics is still largely inspired by legacy software development (emacs, make, svn,

• diffs. . . )

2 / 28

A paradoxical situation

Observation

We have powerful tools to mechanize the metatheory of (proof) languages

. . . And yet,

Workflow of programming and formal mathematics is still largely inspired by legacy software development (emacs, make, svn,

• diffs. . . )

Isn’t it time to make these tools metatheory-aware?

2 / 28

Incrementality in programming & proof languages

Q : Do you spend more time writing code or editing code?

Today, we use:

• separate compilation
• dependency management
• version control on the scripts
• interactive toplevel with rollback (Coq)

3 / 28

Incrementality in programming & proof languages

4 / 28

Incrementality in programming & proof languages

4 / 28

Incrementality in programming & proof languages

4 / 28

Incrementality in programming & proof languages

4 / 28

Incrementality in programming & proof languages

4 / 28

Incrementality in programming & proof languages

4 / 28

Incrementality in programming & proof languages

4 / 28

Incrementality in programming & proof languages

4 / 28

In an ideal world. . .

• Edition should be possible anywhere
• The impact of changes visible “in real time”
• No need for separate compilation, dependency management

5 / 28

In an ideal world. . .

• Edition should be possible anywhere
• The impact of changes visible “in real time”
• No need for separate compilation, dependency management

Types are good witnesses of this impact

5 / 28

In an ideal world. . .

• Edition should be possible anywhere
• The impact of changes visible “in real time”
• No need for separate compilation, dependency management

Types are good witnesses of this impact Applications

• non-(linear|batch) user interaction
• typed version control systems
• type-directed programming
• tactic languages

5 / 28

In this talk, we focus on. . .

. . . building a procedure to type-check local changes

• What data structure for storing type derivations?
• What language for expressing changes?

6 / 28

Menu

The big picture Incremental type-checking Why not memoization? Our approach Two-passes type-checking The data-oriented way A metalanguage of repository The LF logical framework Monadic LF Committing to MLF

7 / 28

Menu

The big picture Incremental type-checking Why not memoization? Our approach Two-passes type-checking The data-oriented way A metalanguage of repository The LF logical framework Monadic LF Committing to MLF

8 / 28

The big picture

version management script files parsing type-checking

9 / 28

The big picture

version management script files parsing type-checking

9 / 28

The big picture

script files version management parsing type-checking

9 / 28

The big picture

script files parsing version management type-checking

• AST representation

9 / 28

The big picture

script files parsing version management type-checking

• AST representation

9 / 28

The big picture

user interaction parsing version management type-checking

• AST representation

9 / 28

The big picture

user interaction parsing type-checking version management

• AST representation
• Typing annotations

9 / 28

The big picture

user interaction parsing incremental type-checking version management

• AST representation
• Typing annotations

9 / 28

A logical framework for incremental type-checking

Yes, we’re speaking about (any) typed language.

A type-checker

val check : env → term → types → bool

• builds and checks the derivation (on the stack)
• conscientiously discards it

10 / 28

A logical framework for incremental type-checking

Yes, we’re speaking about (any) typed language.

A type-checker

val check : env → term → types → bool

• builds and checks the derivation (on the stack)
• conscientiously discards it

→i →i →i →e A → B, B → C, A ⊢ B → C Ax A → B, B → C, A ⊢ A → B Ax A → B, B → C, A ⊢ A Ax A → B, B → C, A ⊢ B →e A → B, B → C, A ⊢ C A → B, B → C ⊢ A → C A → B ⊢ (B → C) → A → C ⊢ (A → B) → (B → C) → A → C 10 / 28

A logical framework for incremental type-checking

Yes, we’re speaking about (any) typed language.

A type-checker

val check : env → term → types → bool

• builds and checks the derivation (on the stack)
• conscientiously discards it

true

10 / 28

A logical framework for incremental type-checking

Goal Type-check a large derivation taking advantage of the knowledge from type-checking previous versions Idea Remember all derivations!

11 / 28

A logical framework for incremental type-checking

Goal Type-check a large derivation taking advantage of the knowledge from type-checking previous versions Idea Remember all derivations!

More precisely

Given a well-typed R : repository and a δ : delta and apply : repository → delta → derivation , an incremental type-checker tc : repository → delta → bool decides if apply(δ, R) is well-typed in O(|δ|).

(and not O(|apply(δ, R)|))

11 / 28

A logical framework for incremental type-checking

Goal Type-check a large derivation taking advantage of the knowledge from type-checking previous versions Idea Remember all derivations!

More precisely

Given a well-typed R : repository and a δ : delta and apply : repository → delta → derivation , an incremental type-checker tc : repository → delta → repository option decides if apply(δ, R) is well-typed in O(|δ|).

(and not O(|apply(δ, R)|))

11 / 28

A logical framework for incremental type-checking

Goal Type-check a large derivation taking advantage of the knowledge from type-checking previous versions Idea Remember all derivations! from to

11 / 28

Memoization maybe?

let rec check env t a = match t with | ... → ... false | ... → ... true and infer env t = match t with | ... → ... None | ... → ... Some a

12 / 28

Memoization maybe?

let table = ref ([] : environ × term × types) in let rec check env t a = if List .mem (env,t,a) ! table then true else match t with | ... → ... false | ... → ... table := (env,t,a )::! table ; true and infer env t = try List .assoc (env,t) ! table with Not found → match t with | ... → ... None | ... → ... table := (env,t,a )::! table ; Some a

12 / 28

Memoization maybe?

Syntactically

+ lightweight, efficient implementation

12 / 28

Memoization maybe?

Syntactically

+ lightweight, efficient implementation + repository = table, delta = t

12 / 28

Memoization maybe?

Syntactically

+ lightweight, efficient implementation + repository = table, delta = t – syntactic comparison (no quotient on judgements)

What if I want e.g. weakening or permutation to be taken into account?

12 / 28

Memoization maybe?

Syntactically

+ lightweight, efficient implementation + repository = table, delta = t – syntactic comparison (no quotient on judgements)

What if I want e.g. weakening or permutation to be taken into account?

Semantically

– external to the type system (meta-cut)

What does it mean logically?

J ∈ Γ Γ ⊢ J wf ⇒ Γ Γ1 ⊢ J1 wf ⇒ Γ2 . . . Γn−1[Jn−1] ⊢ Jn wf ⇒ Γn Γ1 ⊢ J wf ⇒ Γn[Jn][J] 12 / 28

Memoization maybe?

Syntactically

+ lightweight, efficient implementation + repository = table, delta = t – syntactic comparison (no quotient on judgements)

What if I want e.g. weakening or permutation to be taken into account?

Semantically

– external to the type system (meta-cut)

What does it mean logically?

J ∈ Γ Γ ⊢ J wf ⇒ Γ Γ1 ⊢ J1 wf ⇒ Γ2 . . . Γn−1[Jn−1] ⊢ Jn wf ⇒ Γn Γ1 ⊢ J wf ⇒ Γn[Jn][J]

– imperative (introduces a dissymmetry)

12 / 28

Memoization maybe?

Syntactically

+ lightweight, efficient implementation + repository = table, delta = t – syntactic comparison (no quotient on judgements)

What if I want e.g. weakening or permutation to be taken into account?

Semantically

– external to the type system (meta-cut)

What does it mean logically?

J ∈ Γ Γ ⊢ J wf ⇒ Γ Γ1 ⊢ J1 wf ⇒ Γ2 . . . Γn−1[Jn−1] ⊢ Jn wf ⇒ Γn Γ1 ⊢ J wf ⇒ Γn[Jn][J]

– imperative (introduces a dissymmetry)

Mixes two goals: derivation synthesis & object reuse

12 / 28

Menu

The big picture Incremental type-checking Why not memoization? Our approach Two-passes type-checking The data-oriented way A metalanguage of repository The LF logical framework Monadic LF Committing to MLF

13 / 28

Two-passes type-checking

ti = type inference = derivation delta synthesis tc = type checking = derivation delta checking δ = program delta δLF = derivation delta R = repository of derivations

14 / 28

Two-passes type-checking

ti = type inference = derivation delta synthesis tc = type checking = derivation delta checking δ = program delta δLF = derivation delta R = repository of derivations Shift of trust: ti (complex, ad-hoc algorithm) → tc (simple, generic kernel)

14 / 28

A popular storage model for directories

/ /foo /bar /foo/a /bar/b /bar/c v1

15 / 28

A popular storage model for directories

/ /foo /bar /foo/a /bar/b /bar/c / /bar /bar/c' v1 /foo /foo/a /bar/b

15 / 28

A popular storage model for directories

/ /foo /bar /foo/a /bar/b /bar/c / /bar /bar/c' v1

15 / 28

A popular storage model for directories

/ /foo /bar /foo/a /bar/b /bar/c / /bar /bar/c' v1 v2

15 / 28

A popular storage model for directories

/ /foo /bar /foo/a /bar/b /bar/c / /bar

99dcf1d 46f9c2 923ace3 c328e8f d54c809 6e4f99a 4244e8a cf189a6 e33478f

/bar/c' v1 v2

820e7ab a85f0b77

15 / 28

A popular storage model for directories

/ /foo /bar /foo/a /bar/b /bar/c / /bar

99dcf1d 46f9c2 923ace3 c328e8f d54c809 6e4f99a 4244e8a cf189a6 e33478f 99dcf1d → "Hello World" d54c809 → 46f9c2, 923ace3 6ef99a → 99dcf1d 4244e8a → 6e4f99a, d54c809 cf189a6 → 46f9c2, c328e8f ...

/bar/c' v1 v2

820e7ab a85f0b77

15 / 28

A popular storage model for directories

/ /foo /bar /foo/a /bar/b /bar/c / /bar

99dcf1d 46f9c2 923ace3 c328e8f d54c809 6e4f99a 4244e8a cf189a6 e33478f 99dcf1d → "Hello World" d54c809 → 46f9c2, 923ace3 6ef99a → 99dcf1d 4244e8a → 6e4f99a, d54c809 cf189a6 → 46f9c2, c328e8f ...

/bar/c' v1 v2

820e7ab a85f0b77 a85f0b77

⊢ 15 / 28

A popular storage model for directories

The repository R is a pair (∆, x): ∆ : x → (Commit (x × y) | Tree x | Blob string)

Operations

commit δ

• extend the database with Tree/Blob objects
• add a Commit object
• update head

checkout v

• follow v all the way to the Blobs

diff v1 v2

• follow simultaneously v1 and v2
• if object names are equal, stop (content is

equal)

• otherwise continue

. . .

15 / 28

A popular storage model for directories

The repository R is a pair (∆, x): ∆ : x → (Commit (x × y) | Tree x | Blob string)

Invariants

• ∆ forms a DAG
• if (x, Commit (y, z)) ∈ ∆ then

◮ (y, Tree t) ∈ ∆ ◮ (z, Commit (t, v)) ∈ ∆

• if (x, Tree(

y)) ∈ ∆ then for all yi, either (yi, Tree( z)) or (yi, Blob(s)) ∈ ∆

15 / 28

A popular storage model for directories

The repository R is a pair (∆, x): ∆ : x → (Commit (x × y) | Tree x | Blob string)

Invariants

• ∆ forms a DAG
• if (x, Commit (y, z)) ∈ ∆ then

◮ (y, Tree t) ∈ ∆ ◮ (z, Commit (t, v)) ∈ ∆

• if (x, Tree(

y)) ∈ ∆ then for all yi, either (yi, Tree( z)) or (yi, Blob(s)) ∈ ∆

Let’s do the same with proofs

15 / 28

A typed repository of proofs

v1

• - : ⊢ C

λ- : ⊢(A∧B)→C

• ,- : ⊢ A∧B

π₁ : A∧B⊢C π₂ : ⊢A π₃ : ⊢B

16 / 28

A typed repository of proofs

• - : ⊢ C

v1

• - : ⊢ C

λ- : ⊢(A∧B)→C

• ,- : ⊢ A∧B
• ,- : ⊢ A∧B

π₁ : A∧B⊢C π₂ : ⊢A π₃ : ⊢B π₃' : ⊢B λ- : ⊢(A∧B)→C π₁ : A∧B⊢C π₂ : ⊢A

16 / 28

A typed repository of proofs

• - : ⊢ C

v1

• - : ⊢ C

λ- : ⊢(A∧B)→C

• ,- : ⊢ A∧B
• ,- : ⊢ A∧B

π₁ : A∧B⊢C π₂ : ⊢A π₃ : ⊢B π₃' : ⊢B

16 / 28

A typed repository of proofs

• - : ⊢ C

v1 v2

• - : ⊢ C

λ- : ⊢(A∧B)→C

• ,- : ⊢ A∧B
• ,- : ⊢ A∧B

π₁ : A∧B⊢C π₂ : ⊢A π₃ : ⊢B π₃' : ⊢B

16 / 28

A typed repository of proofs

• - : ⊢ C

v1 v2

• - : ⊢ C

λ- : ⊢(A∧B)→C

• ,- : ⊢ A∧B
• ,- : ⊢ A∧B

π₁ : A∧B⊢C π₂ : ⊢A π₃ : ⊢B π₃' : ⊢B

x y z t v w s r q p u

16 / 28

A typed repository of proofs

x = . . . : A ∧ B ⊢ C y = . . . : ⊢ A z = . . . : ⊢ B t = λa : A ∧ B · x : ⊢ A ∧ B → C u = (y, z) : ⊢ A ∧ B v = t u : ⊢ C w = Commit(v, w1) : Version

16 / 28

A typed repository of proofs

x = . . . : A ∧ B ⊢ C y = . . . : ⊢ A z = . . . : ⊢ B t = λa : A ∧ B · x : ⊢ A ∧ B → C u = (y, z) : ⊢ A ∧ B v = t u : ⊢ C w = Commit(v, w1) : Version , w

16 / 28

A typed repository of proofs

x = . . . : A ∧ B ⊢ C y = . . . : ⊢ A z = . . . : ⊢ B t = λa : A ∧ B · x : ⊢ A ∧ B → C u = (y, z) : ⊢ A ∧ B v = t u : ⊢ C w = Commit(v, w1) : Version p = . . . : ⊢ B q = (y, p) : ⊢ A ∧ B r = t q : ⊢ C s = Commit(r, w) : Version

16 / 28

A typed repository of proofs

x = . . . : A ∧ B ⊢ C y = . . . : ⊢ A z = . . . : ⊢ B t = λa : A ∧ B · x : ⊢ A ∧ B → C u = (y, z) : ⊢ A ∧ B v = t u : ⊢ C w = Commit(v, w1) : Version p = . . . : ⊢ B q = (y, p) : ⊢ A ∧ B r = t q : ⊢ C s = Commit(r, w) : Version , s

16 / 28

A data-oriented notion of delta

The first-order case

A delta is a term t with variables x, y , defined in the repository

17 / 28

A data-oriented notion of delta

The binder case

A delta is a term t with variables x, y and boxes [t]{x/u}

y.n

to jump

• ver binders in the repository

17 / 28

A data-oriented notion of delta

The binder case

A delta is a term t with variables x, y and boxes [t]{x/u}

y.n

to jump

• ver binders in the repository

17 / 28

Towards a metalanguage of proof repository

Repository language

• 1. name all proof steps
• 2. annote them by judgement

Delta language

• 1. address sub-proofs (variables)
• 2. instantiate lambdas (boxes)
• 3. check against R

18 / 28

Towards a metalanguage of proof repository

Repository language

• 1. name all proof steps
• 2. annote them by judgement

Delta language

• 1. address sub-proofs (variables)
• 2. instantiate lambdas (boxes)
• 3. check against R

Need extra-logical features!

18 / 28

Menu

The big picture Incremental type-checking Why not memoization? Our approach Two-passes type-checking The data-oriented way A metalanguage of repository The LF logical framework Monadic LF Committing to MLF

19 / 28

A logical framework for incremental type-checking

LF [Harper et al. 1992] (a.k.a. λΠ) provides a meta-logic to represent and validate syntax, rules and proofs of an object language, by means of a typed λ-calculus. dependent types to express object-judgements signature to encode the object language higher-order abstract syntax to easily manipulate hypothesis

20 / 28

A logical framework for incremental type-checking

LF [Harper et al. 1992] (a.k.a. λΠ) provides a meta-logic to represent and validate syntax, rules and proofs of an object language, by means of a typed λ-calculus. dependent types to express object-judgements signature to encode the object language higher-order abstract syntax to easily manipulate hypothesis

Examples

• [x : A]

. . . t : B λx · t : A → B

• is-lam :

ΠA, B : ty · Πt : tm → tm· (Πx : tm · is x A → is (t x) B) → is (lam A (λx · t x))(arr A B)

• [x : N]

λx · x : N → N

• is-lam nat nat (λx · x) (λyz · z)

: is (lam nat (λx · x)) (arr nat nat)

20 / 28

A logical framework for incremental type-checking

Syntax

K ::= Πx : A · K | ∗ A ::= Πx : A · A | a(l) t ::= λx : A · t | x(l) | c(l) l ::= · | t, l Σ ::= · | Σ[c : A] | Σ[a : K]

Judgements

• Γ ⊢Σ K
• Γ ⊢Σ A : K
• Γ ⊢Σ t : A
• ⊢ Σ

20 / 28

The delta language

Syntax

K ::= Πx : A · K | ∗ A ::= Πx : A · A | a(l) t ::= λx : A · t | x(l) | c(l) | [t]{x/t}

x.n

l ::= · | t, l Σ ::= · | Σ[c : A] | Σ[a : K]

Judgements

• R, Γ ⊢Σ K ⇒ R
• R, Γ ⊢Σ A : K ⇒ R
• R, Γ ⊢Σ t : A ⇒ R
• ⊢ Σ

Informally

• R, Γ ⊢Σ x ⇒ R means

“I am what x stands for, in Γ or in R (and produce R)”.

• R, Γ ⊢Σ [t]{x/u}

y.n

⇒ R′ means “Variable y has the form (v1 . . . vn−1(λx · R′′) . . .) in R. Make all variables in R′′ in scope for t, taking u for x. t will produce R′”

21 / 28

Naming of proof steps

Remark

In LF, proof step = term application spine Example is-lam nat nat (λx · x) (λyz · z)

Monadic Normal Form (MNF)

Program transformation, IR for FP compilers Goal: sequentialize all computations by naming them (lets) t ::= λx · t | t(l) | x l ::= · | t, l = ⇒ t ::= ret v | let x = v(l) in t | v(l) l ::= · | v, l v ::= x | λx · t

Examples

• f(g(x))

/ ∈ MNF

• λx · f(g(λy · y, x))

= ⇒ ret (λx · let a = g(λy · y, x) in f(a))

Naming of proof steps

Positionality inefficiency

let x = . . . in let y = . . . in let z = . . . in . . . v(l)

22 / 28

Naming of proof steps

Positionality inefficiency

let x = . . . in let y = . . . in let z = . . . in . . . v(l) = ⇒      x = . . . y = . . . z = . . . . . .      ⊢ v(l)

22 / 28

Naming of proof steps

Positionality inefficiency

let x = . . . in let y = . . . in let z = . . . in . . . v(l) = ⇒      x = . . . y = . . . z = . . . . . .      ⊢ v(l)

Non-positional monadic calculus

t ::= ret v | let x = v(l) in t | v(l) l ::= · | v, l v ::= x | λx · t

22 / 28

Naming of proof steps

Positionality inefficiency

let x = . . . in let y = . . . in let z = . . . in . . . v(l) = ⇒      x = . . . y = . . . z = . . . . . .      ⊢ v(l)

Non-positional monadic calculus

t ::= ret v | σ ⊢ v(l) l ::= · | v, l v ::= x | λx · t σ ::= · | σ[x = v(l)]

22 / 28

Naming of proof steps

Positionality inefficiency

let x = . . . in let y = . . . in let z = . . . in . . . v(l) = ⇒      x = . . . y = . . . z = . . . . . .      ⊢ v(l)

Non-positional monadic calculus

t ::= ret v | σ ⊢ v(l) l ::= · | v, l v ::= x | λx · t σ : x → v(l)

22 / 28

Monadic LF

K ::= Πx : A · K | ∗ A ::= Πx : A · A | σ ⊢ a(l) t ::= ret v | σ ⊢ h(l) h ::= x | c l ::= · | v, l v ::= c | x | λx : A · t σ : x → h(l) Σ ::= · | Σ[c : A] | Σ[a : K]

23 / 28

Monadic LF

K ::= Πx : A · K | ∗ A ::= Πx : A · A | σ ⊢ a(l) t ::= ret v | σ ⊢ h(l) h ::= x | c l ::= · | v, l v ::= c | x | λx : A · t σ : x → h(l) Σ ::= · | Σ[c : A] | Σ[a : K]

23 / 28

Monadic LF

K ::= Πx : A · K | ∗ A ::= Πx : A · A | σ ⊢ a(l) t ::= σ ⊢ h(l) h ::= x | c l ::= · | v, l v ::= c | x | λx : A · t σ : x → h(l) Σ ::= · | Σ[c : A] | Σ[a : K]

23 / 28

Type annotation

Remark

In LF, judgement annotation = type annotation

Example

is-lam nat nat (λx · x) (λyz · z) : is (lam nat (λx · x)) (arr nat nat)

24 / 28

Type annotation

Remark

In LF, judgement annotation = type annotation

Example

is-lam nat nat (λx · x) (λyz · z) : is (lam nat (λx · x)) (arr nat nat) K ::= Πx : A · K | ∗ A ::= Πx : A · A | σ ⊢ a(l) t ::= σ ⊢ h(l) : a(l) h ::= x | a l ::= · | v, l v ::= c | x | λx : A · t σ : x → h(l) : a(l) Σ ::= · | Σ[c : A] | Σ[a : K]

24 / 28

The repository language

Remark

In LF, judgement annotation = type annotation

Example

is-lam nat nat (λx · x) (λyz · z) : is (lam nat (λx · x)) (arr nat nat) K ::= Πx : A · K | ∗ A ::= Πx : A · A | σ ⊢ a(l) R ::= σ ⊢ h(l) : a(l) h ::= x | a l ::= · | v, l v ::= c | x | λx : A · R σ : x → h(l) : a(l) Σ ::= · | Σ[c : A] | Σ[a : K]

24 / 28

Commit (WIP) R−, ·− ⊢Σ− t− : A+ ⇒ R+

What does it do?

• type-checks t wrt. R (in O(t))
• puts t in non-pos. MNF
• annotate with type
• with the adapted rules for variable & box:

Var Γ(x) = A

• r

σ(x) : A (σ ⊢ : ), Γ ⊢Σ x : A ⇒ (σ ⊢ x : A) Box σ(x).i = λy : B · (ρ ⊢ H′′) (σ ⊢ H), Γ ⊢ u : B ⇒ (θ ⊢ H′) (ρ ∪ θ[y = H′] ⊢ H′′), Γ ⊢ t : A ⇒ R (σ ⊢ H), Γ ⊢ [t]{y/u}

x.i

: A ⇒ R

25 / 28

Example

Signature A B C D : ∗ a : (D → B) → C → A b b′ : C → B c : D → C d : D Terms t1 = a(λx : D · b(c(x)), c(d)) R1 = [v = c(d) : C] ⊢ a(λx : D · [w = c(x) : C] ⊢ b(w) : B, v) : A t2 = a(λy : D · [b′(w)]{x/y}

1

) R2 = [v = c(d) : C] ⊢ a(λy : D · [x = y][w = c(x) : C] ⊢ b′(w) : B, v) : A

26 / 28

Regaining version management

Just add to the signature Σ: Version : ∗ Commit0 : Version Commit : Πt : tm · is(t, unit) → Version → Version

Commit t

if R = σ ⊢ v : Version and R, · ⊢Σ t : is(p, unit) ⇒ (ρ ⊢ k) then ρ[x = Commit(p, k, v)] ⊢ x : Version is the new repository

27 / 28

Further work

• implementation & metatheory of Commit
• from terms to derivations (ti)
• diff on terms
• mimick other operations from VCS (Merge)

28 / 28