An Introduction to Nominal Sets Andrew Pi t s Computer Science & - - PowerPoint PPT Presentation

An Introduction to Nominal Sets

Andrew Pits

Computer Science & Technology

EWSCS 2020

1/70

Lecture 4

52/70

Outline

L1 Structural recursion and induction in the presence of name-binding operations. L2 Introducing the category of nominal sets. L3 Nominal algebraic data types and 훼-structural recursion. L4 Dependently typed 휆-calculus with locally fresh names and name-abstraction.

References: AMP, Nominal Sets: Names and Symmetry in Computer Science, CUP 2013 AMP, Alpha-Structural Recursion and Induction, JACM 53(2006)459-506. AMP, J. Mathiesen and J. Derikx, A Dependent Type Theory with Abstractable Names, ENTCS 312(2015)19-50.

53/70

Original motivation for Gabbay & AMP to introduce nominal sets and name abstraction: [A]( ) can be combined with × and + to give functors Nom → Nom that have initial algebras coinciding with sets of abstract syntax trees modulo 훼-equivalence. E.g. the initial algebra for A + ( × ) + [A]( ) is isomorphic to the usual set of untyped 휆-terms.

54/70

Recall: 훼-Structural recursion

For 휆-terms:

Theorem. Given any 푋 ∈ Nom and        푓1 ∈ A fs 푋 푓2 ∈ 푋 × 푋 fs 푋 푓3 ∈ A × 푋 fs 푋 s.t. N 푎, ∀푥, 푎 # 푓3(푎, 푥) (FCB) ∃! ˆ 푓 ∈ Λ fs 푋 s.t.        ˆ 푓 푎 = 푓1 푎 ˆ 푓 (푒1 푒2) = 푓2( ˆ 푓 푒1, ˆ 푓 푒2) ˆ 푓 (휆푎.푒) = 푓3(푎, ˆ 푓 푒) if 푎 # (푓1, 푓2, 푓3) Can we avoid explicit reasoning about finite support, # and (FCB) when computing ‘mod 훼’? Want definition/computation to be separate from proving.

55/70

ˆ 푓 = 푓1 푎 ˆ 푓 (푒1 푒2) = 푓2( ˆ 푓 푒1, ˆ 푓 푒2) ˆ 푓 (휆푎.푒) = 푓3(푎, ˆ 푓 푒) if 푎 # (푓1, 푓2, 푓2) = 휆푎′.푒′ = 푓3(푎′, ˆ 푓 푒′) Q: how to get rid of this inconvenient proof obligation?

56/70

ˆ 푓 = 푓1 푎 ˆ 푓 (푒1 푒2) = 푓2( ˆ 푓 푒1, ˆ 푓 푒2) ˆ 푓 (휆푎.푒) = 휈푎. 푓3(푎, ˆ 푓 푒) [ 푎 # (푓1, 푓2, 푓2) ] = 휆푎′.푒′ = 휈푎′. 푓3(푎′, ˆ 푓 푒′) 푂퐾! Q: how to get rid of this inconvenient proof obligation? A: use a local scoping construct 휈푎. (−) for names

56/70

ˆ 푓 = 푓1 푎 ˆ 푓 (푒1 푒2) = 푓2( ˆ 푓 푒1, ˆ 푓 푒2) ˆ 푓 (휆푎.푒) = 휈푎. 푓3(푎, ˆ 푓 푒) [ 푎 # (푓1, 푓2, 푓2) ] = 휆푎′.푒′ = 휈푎′. 푓3(푎′, ˆ 푓 푒′) 푂퐾! Q: how to get rid of this inconvenient proof obligation? A: use a which one? local scoping construct 휈푎. (−) for names

56/70

Dynamic allocation

◮ Stateful: 휈푎.푡 means “add a fresh name 푎′ to the current state and return 푡 [푎′/푎]”. ◮ Used in Shinwell’s Fresh OCaml = OCaml +

◮ name types and name-abstraction type former ◮ name-abstraction paterns —matching involves dynamic allocation of fresh names

[MR Shinwell, AMP, MJ Gabbay, FreshML: Programming with Binders Made Simple, Proc. ICFP 2003.] [www.cl.cam.ac.uk/users/amp12/fresh-ocaml]

57/70

Sample Fresh OCaml code

(* syntax *) type t;; type var = t name;; type term = Var of var | Lam of <<var>>term | App of term*term;; (* semantics *) type sem = L of ((unit -> sem) -> sem) | N of neu and neu = V of var | A of neu*sem;; (* reify : sem -> term *) let rec reify d = match d with L f -> let x = fresh in Lam(<<x>>(reify(f(function () -> N(V x))))) | N n -> reifyn n and reifyn n = match n with V x -> Var x | A(n’,d’) -> App(reifyn n’, reify d’);; (* evals : (var * (unit -> sem))list -> term -> sem *) let rec evals env t = match t with Var x -> (match env with [] -> N(V x) | (x’,v)::env -> if x=x’ then v() else evals env (Var x)) | Lam(<<x>>t) -> L(function v -> evals ((x,v)::env) t) | App(t1,t2) -> (match evals env t1 with L f -> f(function () -> evals env t2) | N n -> N(A(n,evals env t2)));; (* eval : term -> sem *) let rec eval t = evals [] t;; (* norm : lam -> lam *) let norm t = reify(eval t);; 58/70

Dynamic allocation

◮ Stateful: 휈푎.푡 means “add a fresh name 푎′ to the current state and return 푡 [푎′/푎]”. ◮ Used in Shinwell’s Fresh OCaml = OCaml +

◮ name types and name-abstraction type former ◮ name-abstraction paterns —matching involves dynamic allocation of fresh names

[MR Shinwell, AMP, MJ Gabbay, FreshML: Programming with Binders Made Simple, Proc. ICFP 2003.] [www.cl.cam.ac.uk/users/amp12/fresh-ocaml]

59/70

Dynamic allocation

◮ Stateful: 휈푎.푡 means “add a fresh name 푎′ to the current state and return 푡 [푎′/푎]”. Statefulness disrupts familiar mathematical properties

• f pure datatypes. So let’s try to reject it in favour of...

59/70

Aim

A version of Martin-L¨

• f Type Theory

enriched with constructs for locally fresh names and name-abstraction from the theory of nominal sets. Motivation: Machine-assisted construction of humanly understandable formal proofs about sofware (PL semantics).

60/70

Aim

More specifically: extend (dependently typed) 휆-calculus withnames 푎

name swapping swap 푎,푏 in 푡 name abstraction 푎푡 and concretion 푡 @ 푎 locally fresh names fresh 푎 in 푡 name equality if 푡 = 푎 then 푡1 else 푡2

61/70

Locally fresh names

For example, here are some isomorphisms, described in an informal pseudocode: 푖 : [A](푋 + 푌) [A]푋 + [A]푌 푖(푧) = fresh 푎 in case 푧 @ 푎 of inl(푥) 푎푥 | inr(푦) 푎푦 [Ex. 7]

62/70

Locally fresh names

For example, here are some isomorphisms, described in an informal pseudocode: 푖 : [A](푋 + 푌) [A]푋 + [A]푌 푖(푧) = fresh 푎 in case 푧 @ 푎 of inl(푥) 푎푥 | inr(푦) 푎푦

given 푓 ∈ Nom(푋 ∗ A,푌) satisfying 푎 # 푥 ⇒ 푎 # 푓 (푥,푎), we get ˆ 푓 ∈ Nom(푋,푌) well-defined by: ˆ 푓 (푥) = 푓 (푥,푎) for some/any 푎 # 푥. Notation: fresh 푎 in 푓 (푥,푎) ˆ 푓 (푥)

62/70

Locally fresh names

For example, here are some isomorphisms, described in an informal pseudocode: 푖 : [A](푋 + 푌) [A]푋 + [A]푌 푖(푧) = fresh 푎 in case 푧 @ 푎 of inl(푥) 푎푥 | inr(푦) 푎푦 푗 : ([A]푋 fs [A]푌) [A](푋 fs 푌) 푗(푓 ) = fresh 푎 in 푎(휆푥. 푓 (푎푥) @ 푎) Can one turn the pseudocode into terms in a formal ‘nominal’ 휆-calculus?

62/70

Prior art

◮ Stark-Sch¨

• pp [CSL 2004]

bunched contexts (+), extensional & undecidable (−)

◮ Westbrook-Stump-Austin [LFMTP 2009] CNIC

semantics/expressivity?

◮ Cheney [LMCS 2012] DNTT

bunched contexts (+), no local fresh names (−)

◮ Fairweather-Fern´ andez-Szasz-Tasistro [2012]

based on nominal terms (+), explicit substitutions (−), first-order (±)

◮ Crole-Nebel [MFPS 2013]

simple types (−), definitional freshness (+)

63/70

Our art

◮ Stark-Sch¨

• pp [CSL 2004]

bunched contexts (+), extensional & undecidable (−)

◮ Westbrook-Stump-Austin [LFMTP 2009] CNIC

semantics/expressivity?

◮ Cheney [LMCS 2012] DNTT

bunched contexts (+), no local fresh names (−)

◮ Fairweather-Fern´ andez-Szasz-Tasistro [2012]

based on nominal terms (+), explicit substitutions (−), first-order (±)

◮ Crole-Nebel [MFPS 2013]

simple types (−), definitional freshness (+) AMP, J. Mathiesen and J. Derikx, A Dependent Type Theory with Abstractable Names, ENTCS 312(2015)19-50.

63/70

Aim

More specifically: extend (dependently typed) 휆-calculus withnames 푎

name swapping swap 푎,푏 in 푡 name abstraction 푎푡 and concretion 푡 @ 푎 locally fresh names fresh 푎 in 푡 name equality if 푡 = 푎 then 푡1 else 푡2

Difficulty: concretion and locally fresh names are partially defined – have to check freshness conditions.

e.g. for fresh 푎 in 푓 (푥,푎) to be well-defined, we need 푎 # 푥 ⇒ 푎 # 푓 (푥,푎)

64/70

Definitional freshness

In a nominal set of (higher-order) functions, proving 푎 # 푓 can be tricky (undecidable). Common proof patern: Given 푎, 푓 , . . ., pick a fresh name 푏 and prove (푎 푏) · 푓 = 푓 . (For functions, equivalent to prov- ing ∀푥, (푎 푏) · 푓 (푥) = 푓 ((푎 푏) · 푥).)

65/70

Definitional freshness

In a nominal set of (higher-order) functions, proving 푎 # 푓 can be tricky (undecidable). Common proof patern: Given 푎, 푓 , . . ., pick a fresh name 푏 and prove (푎 푏) · 푓 = 푓 . Since by choice of 푏 we have 푏 # 푓 , we also get 푎 = (푎 푏) · 푏 # (푎 푏) · 푓 = 푓 , QED.

65/70

Definitional freshness

Γ ⊢ 푎 # 푇 Γ ⊢ 푡 : 푇 Γ#(푏 : A) ⊢ (swap 푎,푏 in 푡)= 푡 : 푇 Γ ⊢ 푎# 푡 : 푇

bunched contexts, generated by Γ ↦→ Γ(푥 : 푇) Γ ↦→ Γ#(푎 : A) definitional equality definitional freshness

65/70

Definitional freshness

Γ ⊢ 푎 # 푇 Γ ⊢ 푡 : 푇 Γ#(푏 : A) ⊢ (swap 푎,푏 in 푡)= 푡 : 푇 Γ ⊢ 푎# 푡 : 푇

definitional freshness for types: Γ ⊢ 푇 푎 ∈ Γ Γ#(푏 : A) ⊢ (swap 푎,푏 in푇) = 푇 Γ ⊢ 푎 # 푇

65/70

Definitional freshness

Γ ⊢ 푎 # 푇 Γ ⊢ 푡 : 푇 Γ#(푏 : A) ⊢ (swap 푎,푏 in 푡)= 푡 : 푇 Γ ⊢ 푎# 푡 : 푇 Freshness info in bunched contexts gets used via: Γ(푥 : 푇)Γ′ ok 푎,푏 ∈ Γ′ Γ(푥 : 푇)Γ′ ⊢ (swap 푎,푏 in 푥) = 푥 : 푇

65/70

A type theory

66/70

A type theory

O M I T T E D

66/70

Nominal set semantics of dependent type theory

A family over 푋 ∈ Nom is specified by: ◮ 푋-indexed family of sets (푌푥 | 푥 ∈ 푋) ◮ dependently type permutation action

• 휋∈Perm A
• 푥∈푋 (푌푥 푌휋·푥)

with dependent version of finite support property: for all 푥 ∈ 푋,푒 ∈ 푌푥 there is a finite set 퐴 of names supporting 푥 in 푋 and such that any 휋 fixing each 푎 ∈ 퐴 satisfies 휋 · 푒 = 푒 ∈ ∈ 푌휋·푥 = 푌푥

67/70

Nominal set semantics of dependent type theory

A family over 푋 ∈ Nom is specified by... Get a category with families (CwF) [Dybjer] modelling extensional MLTT, plus

nominal logic’s

Curry-

dependent freshness quantifier

Howard

name-abstraction

N 푎. 휑(푎) ←→ [푎 ∈ A]푌푎

67/70

For more details, see

AMP, J. Mathiesen and J. Derikx, A Dependent Type Theory with Abstractable Names, ENTCS 312(2015)19-50

But much remains to do, e.g. ◮ Explore inductively defined types involving [푎 : A]( ) (e.g. propositional freshness). ◮ Dependently typed patern-matching with name-abstraction paterns. Difficulties: ◮ Is definitional freshness too weak? (cf. experience with FreshML2000) ◮ Name-swapping with variables of type A

68/70

Other applications of nominal sets

◮ Computational logic

◮ Higher-order logic: Urban & Berghofer’s Nominal package for the interactive theorem-prover Isabelle/HOL. ◮ Equational logic: unification & rewriting for nominal terms [Fernandez+Gabbay+Levy+Villaret+· · · ] Logic programming mod 훼 (e.g. Cheney’s 훼Prolog)

69/70

Other applications of nominal sets

◮ Computational logic

◮ Higher-order logic: Urban & Berghofer’s Nominal package for the interactive theorem-prover Isabelle/HOL. ◮ Equational logic: unification & rewriting for nominal terms [Fernandez+Gabbay+Levy+Villaret+· · · ] Logic programming mod 훼 (e.g. Cheney’s 훼Prolog)

◮ Automata theory & verification

◮ HD-automata [Montanari el al] ◮ fresh-register automata [Tzevelekos] ◮ orbit-finite computation theory [Boja´ nczyk et al]

69/70

Other applications of nominal sets

◮ Homotopy Type Theory (HoTT) Cubical sets [Bezem-Coquand-Huber] model of Voevodsky’s axiom of univalence makes use of nominal sets equipped with an operation of substitution 푥 ↦→ 푥(푖/푎) where 푖 ∈ {0, 1}.

◮ names are names of directions (cartesian axes)

(so e.g., if an object has support {푎,푏,푐} it is 3-dimensional)

◮ freshness (푎 # 푥) = degeneracy (푥(푖/푎) = 푥) ◮ identity types are modelled by name-abstraction: 푎푥 is a proof that 푥(0/푎) is equal to 푥(1/푎).

HoTT and univalence is about (computable) mathematical foundations (a topic no longer very popular with mathematicians). That’s where the mathematics of nominal sets came from...

69/70

Impact can take a long time

The mathematics behind nominal sets goes back a long way...

Abraham Fraenkel, Der Begriff “definit” und die Unabh¨ angigkeit des Auswahlsaxioms, Sitzungsberichte der Preussischen Akademie der Wissenschafen, Physikalisch-mathematische Klasse (1922), 253–257. Andrzej Mostowski, Uber die Unabh¨ angigkeit des Wohlordnungssatzes vom Ordnungsprinzip, Fundamenta Mathematicae 32 (1939), 201–252.

70/70

Impact can take a long time

The mathematics behind nominal sets goes back a long way... ...and it’s still too early to tell what will be the impact of the applications of it to CS developed over the last 20 years. Two take-home messages from these lectures: ◮ Specific: in meta-programming/proving, permutation comes before substitution and (hence) name-abstraction before lambda-abstraction ◮ General: computation modulo symmetry deserves further exploration.

70/70