A model of PCF in Guarded Type Theory Marco Paviotti 1 Rasmus - - PowerPoint PPT Presentation

a model of pcf in guarded type theory
SMART_READER_LITE
LIVE PREVIEW

A model of PCF in Guarded Type Theory Marco Paviotti 1 Rasmus - - PowerPoint PPT Presentation

Jan 12, 2023 446 likes •841 views

A model of PCF in Guarded Type Theory Marco Paviotti 1 Rasmus Mgelberg 1 Lars Birkedal 2 1 IT University of Copenhagen 2 Aarhus University June 23th, 2015 MFPS 2015 Nijmegen, Netherlands 1 / 20 Guarded Type Theory Birkedal and Mgelberg

slide-1
SLIDE 1

A model of PCF in Guarded Type Theory

Marco Paviotti1 Rasmus Møgelberg1 Lars Birkedal2

1IT University of Copenhagen 2Aarhus University

June 23th, 2015 MFPS 2015 Nijmegen, Netherlands

1 / 20

slide-2
SLIDE 2

Guarded Type Theory

Birkedal and Møgelberg ’12

In Type Theory unrestricted fix-point fix: (A → A) → A is inconsistent

e.g. fix(id) : A leads to every type to be inhabited

In Guarded Type Theory restricted fix-points are allowed by using the ⊲ operator

  • next : A → ⊲A
  • ⊛: ⊲(A → B) → ⊲A → ⊲B
  • fix: (⊲A → A) → A

s.t. f (next(fix(f ))) = fix(f )

  • X ∼

= A × ⊲X

2 / 20

slide-3
SLIDE 3

Guarded Type Theory

Birkedal and Møgelberg ’12

In Type Theory unrestricted fix-point fix: (A → A) → A is inconsistent

e.g. fix(id) : A leads to every type to be inhabited

In Guarded Type Theory restricted fix-points are allowed by using the ⊲ operator

  • next : A → ⊲A
  • ⊛: ⊲(A → B) → ⊲A → ⊲B
  • fix: (⊲A → A) → A

s.t. f (next(fix(f ))) = fix(f )

  • X ∼

= A × ⊲X

2 / 20

slide-4
SLIDE 4

Streams StrA ∼ = A × StrA

Streams in Coq

  • ones = 1 : : ones

  • bad = tail bad

  • nats = 0 : : map (1 +) nats

3 / 20

slide-5
SLIDE 5

Streams StrA ∼ = A × StrA

Streams in Coq

  • ones = 1 : : ones

  • bad = tail bad

  • nats = 0 : : map (1 +) nats

✘ Strg

A ∼

= A × ⊲ Strg

A

Guarded Streams : : : A → ⊲ Strg

A → Strg A

head : Strg

A → A

tail : Strg

A → ⊲ Strg A

  • ones = 1 : : ones : Strg

A

  • bad = tail bad : Strg

A

  • nats = 0 : : next(map (1 +)) ⊛ nats : Strg

A

3 / 20

slide-6
SLIDE 6

Model of Guarded Type Theory

Birkedal and Møgelberg ’12

The category of presheaves over ω X X(1) ✛ r1 X(2) .. ✛ rn−1 X(n) ✛ rn .. ⊲X 1 ✛ ! X(1) .. ✛ rn−2 X(n − 1) ✛ rn .. Strg

A ∼

= A × ⊲ Strg

A

Guarded Streams Strg

A

A × 1 ✛ r1 A × (A × 1) ✛ r2 A × (A × A × 1) ⊲ Strg

A

1 ✛ ! A × 1 ✛ r2 A × A × 1 A × ⊲ Strg

A

A × 1 ✛ r1 A × A × 1 ✛ r2 A × A × A × 1

4 / 20

slide-7
SLIDE 7

Can we do denotational semantics in Guarded Type Theory ?

in particular, is it possible to model recursion with guarded recursion ?

5 / 20

slide-8
SLIDE 8

Can we do denotational semantics in Guarded Type Theory ?

in particular, is it possible to model recursion with guarded recursion ?

  • Motivations Mechanising denotational semantics in a

proof-assistant

  • Contributions

+ Model of PCF in GTT + Adequacy Theorem proved in GTT

Similar to Escardo’s metric model 1, but here the whole development is entirely carried out within guarded type theory

1M.H. Escardo, “A metric model of PCF”. Presented at the Workshop on

Realizability Semantics and Applications, 1999

5 / 20

slide-9
SLIDE 9

Outline

  • Operational Semantics of PCF
  • Denotational Semantics
  • Computational Adequacy
  • Discussion

6 / 20

slide-10
SLIDE 10

PCF

σ, τ := nat | σ → τ L, M, N := n | x | λx.M | pred M | succ M | Y M | ifz L M N Γ, x : σ, ∆ ⊢ x : σ Γ ⊢ n : nat Γ, x : σ ⊢ M : τ Γ ⊢ (λx : σ.M) : σ → τ Γ ⊢ M : σ → τ Γ ⊢ N : σ Γ ⊢ MN : τ Γ ⊢ M : nat Γ ⊢ succ M : nat Γ ⊢ M : nat Γ ⊢ pred M : nat Γ ⊢ M : σ → σ Γ ⊢ Yσ M : σ Γ ⊢ L : nat Γ ⊢ M : σ Γ ⊢ N : σ Γ ⊢ ifz L M N : σ

7 / 20

slide-11
SLIDE 11

Big-step semantics

The big-step relation is defined by induction on terms and indexes:

M ⇓k Q

8 / 20

slide-12
SLIDE 12

Big-step semantics

The big-step relation is defined by induction on terms and indexes:

M ⇓k Q

explicit step counting

8 / 20

slide-13
SLIDE 13

Big-step semantics

The big-step relation is defined by induction on terms and indexes:

M ⇓k Q

explicit step counting Predicates on values can define M ⇓k v as M ⇓k λv′.v = v′

8 / 20

slide-14
SLIDE 14

Big-step semantics

The big-step relation is defined by induction on terms and indexes:

M ⇓k Q

explicit step counting Predicates on values can define M ⇓k v as M ⇓k λv′.v = v′

v ⇓0 Q def = = Q(v)

8 / 20

slide-15
SLIDE 15

Big-step semantics

The big-step relation is defined by induction on terms and indexes:

M ⇓k Q

explicit step counting Predicates on values can define M ⇓k v as M ⇓k λv′.v = v′

v ⇓0 Q def = = Q(v) MN ⇓k+m Q def = = M ⇓k Q′ where Q′(λx.L) = L[N/x] ⇓m Q

8 / 20

slide-16
SLIDE 16

Big-step semantics

The big-step relation is defined by induction on terms and indexes:

M ⇓k Q

explicit step counting Predicates on values can define M ⇓k v as M ⇓k λv′.v = v′

v ⇓0 Q def = = Q(v) MN ⇓k+m Q def = = M ⇓k Q′ where Q′(λx.L) = L[N/x] ⇓m Q Yσ M ⇓k+1 Q def = = ⊲(M(Yσ M) ⇓k Q)

8 / 20

slide-17
SLIDE 17

Big-step semantics

The big-step relation is defined by induction on terms and indexes:

M ⇓k Q

explicit step counting Predicates on values can define M ⇓k v as M ⇓k λv′.v = v′ Synchronising with the type theory

v ⇓0 Q def = = Q(v) MN ⇓k+m Q def = = M ⇓k Q′ where Q′(λx.L) = L[N/x] ⇓m Q Yσ M ⇓k+1 Q def = = ⊲(M(Yσ M) ⇓k Q)

8 / 20

slide-18
SLIDE 18

Small-Step Operational Semantics

(λx : σ.M)(N) →0 M[N/x] Yσ M →1 M(Yσ M) M →k M′ M(N) →k M′(N) Let →0

∗ be the reflexive, transitive closure of →0.

M ⇒0 Q def = = ΣN : TermPCF.M →0

∗ N and Q(N)

M ⇒k+1 Q def = = ΣM′, M′′ : TermPCF.M →0

∗ M′

and M′ →1 M′′ and ⊲(M′′ ⇒k Q) Define M ⇒k v as M ⇒k λv′.v = v′

Lemma

M ⇓k v ⇔ M ⇒k v

9 / 20

slide-19
SLIDE 19

Outline

  • Operational Semantics of PCF
  • Denotational Semantics
  • Computational Adequacy
  • Discussion

10 / 20

slide-20
SLIDE 20

Lifting Monad

LA ∼ = A + ⊲LA

Lifting monad

  • η : A → LA

θ : ⊲LA → LA

  • Time step operation : δ = θ ◦ next : LA → LA
  • Bottom element ⊥ = fix(θ)
  • LA is a free ⊲–algebra on A
  • L is the guarded recursive version of Capretta’s partiality

monad1

1Venanzio Capretta, “General Recursion via Co-Inductive Types”, In Logical

Methods in Computer Science, 2005

11 / 20

slide-21
SLIDE 21

Lifting monad

LA ∼ = A + ⊲LA

Lifting monad LN ∼ = N + ⊲LN LN N + 1 ✛r1 N + N + 1 ✛ r2 N + N + N + 1 ⊲LN 1 ✛ ! N + 1 ✛ r1 N + N + 1 N + ⊲LN N + 1 ✛r1 N + N + 1 ✛ r2 N + N + N + 1

12 / 20

slide-22
SLIDE 22

Interpreting PCF

  • Interpreting Types

nat def = = LN τ → σ def = = τ → σ

  • All types are ⊲–algebras with θσ : ⊲σ → σ
  • Interpreting terms t : Γ → σ

Γ ⊢ Yσ M(γ) = (fixσ)(λx : ⊲σ.θσ(next(M(γ))) ⊛ x))

13 / 20

slide-23
SLIDE 23

Interpreting PCF

  • Interpreting Types

nat def = = LN τ → σ def = = τ → σ

  • All types are ⊲–algebras with θσ : ⊲σ → σ
  • Interpreting terms t : Γ → σ

Γ ⊢ Yσ M(γ) = (fixσ)(λx : ⊲σ.θσ(next(M(γ))) ⊛ x))

can be thought of

θ ◦ ⊲M

13 / 20

slide-24
SLIDE 24

Interpreting PCF

  • Interpreting Types

nat def = = LN τ → σ def = = τ → σ

  • All types are ⊲–algebras with θσ : ⊲σ → σ
  • Interpreting terms t : Γ → σ

Γ ⊢ Yσ M(γ) = (fixσ)(λx : ⊲σ.θσ(next(M(γ))) ⊛ x))

Lemma

Let Γ ⊢ M : σ → σ then Yσ M = δσ ◦ M(Yσ M)

13 / 20

slide-25
SLIDE 25

Soundness

Theorem (Soundness)

Let M be a closed term of type τ, if M ⇓k v then M(∗) = δkv(∗)

14 / 20

slide-26
SLIDE 26

Outline

  • Operational Semantics of PCF
  • Denotational Semantics
  • Computational Adequacy

if M(∗) = δk v(∗) then M ⇓k v

  • Discussion

15 / 20

slide-27
SLIDE 27

Logical Relation

Adequacy proved by (proof-relevant) logical relation

d Rτ M

Define Rτ by induction on τ η(v) Rnat M def = = M ⇓0 v θnat(r) Rnat M def = = ΣM′, M′′ : TermPCF.M →0

∗ M′

and M′ →1 M′′ and r ⊲Rnat next(M′′)

16 / 20

slide-28
SLIDE 28

Logical Relation

Adequacy proved by (proof-relevant) logical relation

d Rτ M

Define Rτ by induction on τ η(v) Rnat M def = = M ⇓0 v θnat(r) Rnat M def = = ΣM′, M′′ : TermPCF.M →0

∗ M′

and M′ →1 M′′ and r ⊲Rnat next(M′′)

LN ∼ = N + ⊲LN an element in this type is ei- ther of the form η(v) or θnat(r)

16 / 20

slide-29
SLIDE 29

Logical Relation

Adequacy proved by (proof-relevant) logical relation

d Rτ M

Define Rτ by induction on τ η(v) Rnat M def = = M ⇓0 v θnat(r) Rnat M def = = ΣM′, M′′ : TermPCF.M →0

∗ M′

and M′ →1 M′′ and r ⊲Rnat next(M′′)

Delayed Relation ⊲R t ⊲Rnat u delayed version of R

16 / 20

slide-30
SLIDE 30

Logical Relation

Adequacy proved by (proof-relevant) logical relation

d Rτ M

Define Rτ by induction on τ η(v) Rnat M def = = M ⇓0 v θnat(r) Rnat M def = = ΣM′, M′′ : TermPCF.M →0

∗ M′

and M′ →1 M′′ and r ⊲Rnat next(M′′) f Rτ→σ M def = = Πα: τ, N : TermPCF.α Rτ N = ⇒ f (α) Rσ (MN)

16 / 20

slide-31
SLIDE 31

Adequacy

Lemma (Fundamental Lemma)

Let Γ ⊢ t : τ, suppose Γ ≡ x1 : τ1, · · · , xn : τn and ti : τi, αi : τi and αi Rτi ti for i ∈ {1, . . . , n}, then t( α) Rτ t[ t/ x]

Theorem (Computational Adequacy)

If M is a closed term of type nat then M ⇓k v iff M(∗) = δkv.

17 / 20

slide-32
SLIDE 32

Outline

  • Operational Semantics of PCF
  • Denotational Semantics
  • Computational Adequacy
  • Discussion

18 / 20

slide-33
SLIDE 33

Type theory vs. Topos logic

Setωop also models the topos logic. The following is derivable in the non-proof-relevant topos logic:

∃k.∃v. Ynat (λx.x) ⇓k v

Proof (Sketch)

  • The argument is by Guarded Recursion: assume

⊲(∃k.∃v. Ynat (λx.x) ⇓k v)

  • by property of Setωop ∃k.∃v.⊲(Ynat (λx.x) ⇓k v)
  • which implies ∃k.∃v. Ynat (λx.x) ⇓k+1 v

In Type Theory

Σk.Σv. Ynat λx.x ⇓k v

is not globally inhabited

19 / 20

slide-34
SLIDE 34

Type theory vs. Topos logic

Setωop also models the topos logic. The following is derivable in the non-proof-relevant topos logic:

∃k.∃v. Ynat (λx.x) ⇓k v

Proof (Sketch)

  • The argument is by Guarded Recursion: assume

⊲(∃k.∃v. Ynat (λx.x) ⇓k v)

  • by property of Setωop ∃k.∃v.⊲(Ynat (λx.x) ⇓k v)
  • which implies ∃k.∃v. Ynat (λx.x) ⇓k+1 v

In Type Theory

Σk.Σv. Ynat λx.x ⇓k v

is not globally inhabited

19 / 20

slide-35
SLIDE 35

Type theory vs. Topos logic

Setωop also models the topos logic. The following is derivable in the non-proof-relevant topos logic:

∃k.∃v. Ynat (λx.x) ⇓k v

Proof (Sketch)

  • The argument is by Guarded Recursion: assume

⊲(∃k.∃v. Ynat (λx.x) ⇓k v)

  • by property of Setωop ∃k.∃v.⊲(Ynat (λx.x) ⇓k v)
  • which implies ∃k.∃v. Ynat (λx.x) ⇓k+1 v

In Type Theory

Σk.Σv. Ynat λx.x ⇓k v

is not globally inhabited

19 / 20

slide-36
SLIDE 36

Type theory vs. Topos logic

Setωop also models the topos logic. The following is derivable in the non-proof-relevant topos logic:

∃k.∃v. Ynat (λx.x) ⇓k v

Proof (Sketch)

  • The argument is by Guarded Recursion: assume

⊲(∃k.∃v. Ynat (λx.x) ⇓k v)

  • by property of Setωop ∃k.∃v.⊲(Ynat (λx.x) ⇓k v)
  • which implies ∃k.∃v. Ynat (λx.x) ⇓k+1 v

In Type Theory

Σk.Σv. Ynat λx.x ⇓k v

is not globally inhabited

19 / 20

slide-37
SLIDE 37

Conclusions

We presented a model for PCF that is adequate w.r.t. the operational semantics. The work has been carried out entirely in guarded type theory:

  • Operational Semantics with explicit step-indexing is synchronised

with the time steps in the type theory

  • Denotational semantics with proof of adequacy

Main message Guarded type theory as a meta theory for deno- tational semantics of programming languages.

Future work

  • Using the model to reason about contextual equivalence
  • FPC in guarded type theory

Thanks!

20 / 20

slide-38
SLIDE 38

Conclusions

We presented a model for PCF that is adequate w.r.t. the operational semantics. The work has been carried out entirely in guarded type theory:

  • Operational Semantics with explicit step-indexing is synchronised

with the time steps in the type theory

  • Denotational semantics with proof of adequacy

Main message Guarded type theory as a meta theory for deno- tational semantics of programming languages.

Future work

  • Using the model to reason about contextual equivalence
  • FPC in guarded type theory

Thanks!

20 / 20