A taste of linear logic for staged computation Hubert Godfroy - - PowerPoint PPT Presentation

A taste of linear logic for staged computation

Hubert Godfroy Jean-Yves Marion First GDRI-LL meeting 4 février 2016

1/27

Plan

Staged computation A correct system Sof modality Low level correspondence

2/27

Staged computation

◮ Paradigm where computation is split in stages ◮ Partial evaluation ◮ Run-time code generation ◮ Community uses tools like modal or temporal logic (MetaML)

• R. Davies and F. Pfenning.

A modal analysis of staged computation. Principles of programming languages, 1996.

• R. Davies.

A temporal-logic approach to binding-time analysis. Logic in Computer Science, pages 184–195, Jul 1996.

3/27

Staged computation in everyday life

◮ Python

◮ Strings are frozen codes. ◮ eval launches execution of strings.

◮ Meta-OCaml

◮ t are frozen codes. ◮ pieces of unevaluated code can be inserted in frozen terms with

∼. f t1 ∼ ((λx.x)t2) → f t1 t2

4/27

Syntactic mark for value

◮ t is a value for any t. ◮ (λx.x)t and t are not β-equivalent... ◮ ...but computations are frozen.

5/27

Syntactic mark for value

◮ t is a value for any t. ◮ (λx.x)t and t are not β-equivalent... ◮ ...but computations are frozen.

(λx.x)t t =β t run run

5/27

Why is it important?

◮ Frozen codes are used to denote data like string. ◮ Patern matching on data. ◮ Confluence should be preserved

6/27

Why is it important?

◮ Frozen codes are used to denote data like string. ◮ Patern matching on data. ◮ Confluence should be preserved

Counter example

match(λx.x)(λx.x) with App → 1 | Lam → 2 1 2

6/27

Example: creation of data breaks confluence

It should not exist a reifying operator returning the code (data) of a term.

Otherwise...

If θ were this operator θ ((λx.x)t) (λx.x)t t =β

Corollary

θ is not expressible in λ-calculus.

7/27

Frozen codes are mutable

◮ Substitution in frozen terms are allowed

t[x → t′] = t[x → t′]

8/27

Frozen codes are mutable

◮ Substitution in frozen terms are allowed

t[x → t′] = t[x → t′]

◮ Put a frozen term into another

letx = t′ in t → t[x → t′] = t[x → t′]

Subtly

◮ Same confluence issue than reification ◮ Cannot plug terms which are note data. ◮ If t → t′ :

(λx.x)t t t′ =

8/27

Usages IRL

◮ Partial evaluation optimisations: n-ary function can be

specialized by inspecting their code: pow is the power function. without specialization pow 2 = λx.x × pow 1 with specialization pow 2 = λx.x × x × 1

◮ Dynamic code generation ◮ Code protection:

◮ if d =

t0 is the encryption of t0 and dec : t → t is the decrypting function, run(dec d) → t0

◮ Chained processus: tn = run(dec

tn−1)

9/27

Plan

Staged computation A correct system Sof modality Low level correspondence

10/27

Modal Logic

◮ ∀t, t is in NF (data).

11/27

Modal Logic

◮ ∀t, t is in NF (data). ◮ Meta-binder: letx = t′ in t ◮ Meta-redex: (letx = t′ in t) → t[x/t′]

11/27

Modal Logic

◮ ∀t, t is in NF (data). ◮ Meta-binder: letx = t′ in t ◮ Meta-redex: (letx = t′ in t) → t[x/t′] ◮ Typing rules:

Box

∆ ⊢ t : A ∆, Γ ⊢ t : A

GVar

x : A ∈ Γ Γ ⊢ x : A

Let

Γ ⊢ t′ : A x : A, Γ ⊢ t : B Γ ⊢ letx = t′ in t : B

where Γ = xi : Ai, then Γ

def

= xi : Ai.

11/27

Linear Logic

◮ ∀t, t is in NF (data). ◮ Meta-binder: letx = t′ in t ◮ Meta-redex: (letx = t′ in t) → t[x/t′] ◮ Typing rules:

Promotion

∆ ⊢ t : A ∆, Γ ⊢ t : !A

Dereliction

x : A ∈ Γ Γ ⊢ x : A

Let

Γ ⊢ t′ : !A x : A, Γ ⊢ t : B Γ ⊢ letx = t′ in t : B

where Γ = xi : Ai, then Γ

def

= xi : !Ai.

11/27

Exemple

◮ Writing:

(letx = t′ in t) → t[x/t′]

12/27

Exemple

◮ Writing:

(letx = t′ in t) → t[x/t′] Use this derivation (for t = x):

· · · Γ ⊢ t′ : !A Dereliction Γ ′, x : !A ⊢ x : A Promotion Γ, x : !A ⊢ x : !A Abstraction Γ ⊢ letx = t′ in x : !A

12/27

Exemple

◮ Writing:

(letx = t′ in t) → t[x/t′] Use this derivation (for t = x):

· · · Γ ⊢ t′ : !A Dereliction Γ ′, x : !A ⊢ x : A Promotion Γ, x : !A ⊢ x : !A Abstraction Γ ⊢ letx = t′ in x : !A

◮ Execution:

run

def

= λx. lety = x in y

12/27

Exemple

◮ Writing:

(letx = t′ in t) → t[x/t′] Use this derivation (for t = x):

· · · Γ ⊢ t′ : !A Dereliction Γ ′, x : !A ⊢ x : A Promotion Γ, x : !A ⊢ x : !A Abstraction Γ ⊢ letx = t′ in x : !A

◮ Execution:

run

def

= λx. lety = x in y Use this derivation:

Var Γ, y : A ⊢ y : A Dereliction Γ, y : !A ⊢ y : A Let Γ, x : !A ⊢ lety = x in y : A Abstraction Γ ⊢ λx. lety = x in y : !A → A

12/27

Exemple

◮ Writing:

(letx = t′ in t) → t[x/t′] Use this derivation (for t = x):

· · · Γ ⊢ t′ : !A Dereliction Γ ′, x : !A ⊢ x : A Promotion Γ, x : !A ⊢ x : !A Abstraction Γ ⊢ letx = t′ in x : !A

◮ Execution:

run

def

= λx. lety = x in y Use this derivation:

Var Γ, y : A ⊢ y : A Dereliction Γ, y : !A ⊢ y : A Let Γ, x : !A ⊢ lety = x in y : A Abstraction Γ ⊢ λx. lety = x in y : !A → A

⇒ Both use Dereliction.

12/27

Exemple

◮ Writing:

(letx = t′ in t) → t[x/t′] Use this derivation (for t = x):

· · · Γ ⊢ t′ : !A Dereliction Γ ′, x : !A ⊢ x : A Promotion Γ, x : !A ⊢ x : !A Abstraction Γ ⊢ letx = t′ in x : !A

◮ Execution:

run

def

= λx. lety = x in y Use this derivation:

Var Γ, y : A ⊢ y : A Dereliction Γ, y : !A ⊢ y : A Let Γ, x : !A ⊢ lety = x in y : A Abstraction Γ ⊢ λx. lety = x in y : !A → A

⇒ Both use Dereliction.

Qestion

What is the logical meaning of Dereliction in this system?

12/27

Plan

Staged computation A correct system Sof modality Low level correspondence

13/27

Sof promotion

Dereliction afer Promotion is used for writing, contrary to alone Dereliction used to execute data.

14/27

Sof promotion

Dereliction afer Promotion is used for writing, contrary to alone Dereliction used to execute data.

Idea

Compose Dereliction and Promotion!

SoftPromotion

Γ ⊢ t : A Γ ⊢ t : !A

14/27

Sof promotion

Dereliction afer Promotion is used for writing, contrary to alone Dereliction used to execute data.

Idea

Compose Dereliction and Promotion!

SoftPromotion

Γ ⊢ t : A Γ ⊢ t : !A

Consequences

◮ No more Dereliction rule for writing ◮ Dereliction used only for execution of data ◮ Ex.:

· · · Γ ⊢ t′ : !A Var Γ ′, x : A ⊢ x : A SoftPromotion Γ, x : !A ⊢ x : !A Abstraction Γ ⊢ letx = t′ in x : !A

14/27

Language behavior

Var

Γ, x : A ⊢ x : A

Abstraction

Γ, x : A ⊢ t : B Γ ⊢ λx.t : A → B

Application

Γ ⊢ t : A → B Γ ⊢ t′ : A Γ ⊢ t t′ : B

Let

Γ ⊢ t′ : !A Γ, x : !A ⊢ t : B Γ ⊢ letx = t′ in t : B

SoftPromotion

xi : Ai ⊢ t : B Γ, xi : !Ai ⊢ t : !B

Dereliction

Γ, x : !A ⊢ x : A

Abilities

Properties inherited from languages inspired by modal logic.

◮ program generation (plug data into another) ◮ execution

Properties

◮ Language is confluent ◮ Type system has subject reduction property

15/27

Language behavior

Var

Γ, x : A ⊢ x : A

Abstraction

Γ, x : A ⊢ t : B Γ ⊢ λx.t : A → B

Application

Γ ⊢ t : A → B Γ ⊢ t′ : A Γ ⊢ t t′ : B

Let

Γ ⊢ t′ : !A Γ, x : !A ⊢ t : B Γ ⊢ letx = t′ in t : B

SoftPromotion

xi : Ai ⊢ t : B Γ, xi : !Ai ⊢ t : !B

Dereliction

Γ, x : !A ⊢ x : A

Abilities

Properties inherited from languages inspired by modal logic.

◮ program generation (plug data into another) ◮ execution

Properties

◮ Language is confluent ◮ Type system has subject reduction property

Missing

◮ No reflexion possibilities ◮ No syntactic analysis of data

15/27

Dereliction as launch control

Term typed without Dereliction cannot run data.

Corollary (non interference)

If Γ ⊢ C : A is derivable without Dereliction, then it exists C′ ∀x, t′, C[x/t′] ∗ → C′[x/t′] → . Then operations allowed are only:

◮ Writing operations (substitution in others data) ◮ Data passing function (use data without knowing it is actually

data : ex. λx.x)

16/27

Plan

Staged computation A correct system Sof modality Low level correspondence

17/27

Evaluation strategy

◮ Give low level interpretation of the language ◮ Simulate CBN strategy:

(λx.t) t′ CBN → t[x/t′] letx = t in t1

CBN

→ t1[x/t] t1

CBN

→ t′

1

t1 t2

CBN

→ t′

1 t2

t2

CBN

→ t′

2

letx = t2 in t1

CBN

→ letx = t′

2 in t1

18/27

ASM2 Machine: principle

A state d | k | e | D

◮ D a set of data (frozen terms) ◮ Stack k and environment e ◮ Code d being executed:

d ::= λ.d | d d | d | let d in d | run n | fetch n

19/27

Extended Krivine Machine

λ.d d′.k e D → d k d′.e D d d′ k e D → d d′

e.k

e D fetch n k e D

e[n]=de ′

→ d k e′ D let d in d′ k e D → d (λx.d′)e.k e D d (λx.d′)e ′.k e D

r fresh

→ d′ k r.e′ D[r → d[e, D]] run n k e D

e[n]=r

→ D(r) k · D

20/27

Abilities

◮ Program and data live in the same world (program are data) ◮ Clear distinction between program and data ◮ Execution of data are made explicit

21/27

Abilities

◮ Program and data live in the same world (program are data) ◮ Clear distinction between program and data ◮ Execution of data are made explicit

Lacks

◮ Patern matching on data ◮ Reflexivity

⇒ Same lacks than the high level language.

21/27

Compilation

Our will

◮ Compilation of t:

t ∼ d

◮ Soundness

if t

CBN∗

→ v then d | · | · | ·

∗

→ d′ | · | e | D where v = d′[e, D].

◮ Completeness

if t

CBN∗

→ ∞ then d | · | · | ·

∗

→ ∞

22/27

Variables

◮ Variables have two roles

◮ reference:

λx.x

◮ execution:

letx = t in x

◮ Indeterminism on variables can be mitigated with typing

information.

◮ New compilation rules: Γ ⊢ t ∼ d : A following typing system. ◮ Nothing changes but

CVar

Γ(n) : A Γ; T ⊢ n ∼ fetch n : A

CRun

Γ(n) : !A Γ; T ⊢ n ∼ run n : A

23/27

Examples (1/2)

Writing: letx = t in x

· e D

let

→ (λx.x)e e D

t

→ · r.e D[r → t]

x

→ stop

24/27

Examples (1/2)

Writing: letx = t in x

· e D

let

→ (λx.x)e e D

t

→ · r.e D[r → t]

x

→ stop

Execution: letx = t in x

. . . . . . . . . · r.e D[r → t] run x

x

→ · · D[r → t]

D(r)

→ · · ·

24/27

Examples (2/2)

Execution: letx = t in x

· e D

let

→ (λx.x)e e D

t

→ · r.e D[r → t] run x

x

→ · · D[r → t]

D(r)

→ · · ·

25/27

Examples (2/2)

Execution: letx = t in x

· e D

let

→ (λx.x)e e D

t

→ · r.e D[r → t] run x

x

→ · · D[r → t]

D(r)

→ · · ·

Identity: (λx.x)t

k e D

@

→ t.k e D

λx.x

→ k t.e D fetch x

x

→ k e D

t

→ stop

25/27

Correctness and decompilation

Correction of the compilation

If t ∼ d and t is well typed and closed

◮ t CBN∗

→ v → then d | · | · | ·

∗

→ d′ | · | e | D and v = d′[e, D].

◮ t CBN∗

→ ∞ then d | · | · | ·

∗

→ ∞.

Decompilation

For all state S = d | k | e | D decompiles following the rules: Dd | k.(λx.d′)e′ | e | D = letx = Dd | k | e | D in d′[e′, D] Dd | k.d′

e′ | e | D

= (Dd | k | e | D)d′[e′, D] Dd | · | e | D = d[e, D]

Property

S → S′ ⇒ D(S) = D(S′) ∨ D(S) → D(S′).

26/27

Conclusion

◮ High level language with self-modifying behaviors (writing &

executing data)

◮ Dereliction is a data execution ◮ Meaningful compilation in low-level machine designed for

self-modification

◮ Dereliction still corresponds to data execution

Still missing

◮ Reflexion & patern matching ◮ A more deterministic partial evaluation ◮ Recover all the power of modal logic

27/27