Combining Higher Order Abstract Syntax with Tactical Theorem - - PowerPoint PPT Presentation

SLIDE 1

APPSEM II, Nottingham, March 2003 1

Combining Higher Order Abstract Syntax with Tactical Theorem Proving & (Co)Induction

Simon J. Ambler & Roy L. Crole & Alberto Momigliano University of Leicester, UK

SLIDE 2

APPSEM II, Nottingham, March 2003 2

An Introduction to Our Work

• The subjects which under-pin our research are Programming

Language Semantics, Functional Programming, Theorem Proving (in Isabelle HOL), and Categorical Logic.

• Our long term aims are to

✁

develop and improve technology for encoding operational semantics in a theorem prover;

✁

discover new methods for reasoning about variable binding which are amenable to automated theorem proving;

✁

develop mathematical models which under-pin such methods.

SLIDE 3

APPSEM II, Nottingham, March 2003 3

• More specific long term aims are

✁

develop mechanizations of higher order abstract syntax which are consistent with principles of induction and coinduction;

✁

to carry out such work in Isabelle HOL;

✁

to encode object level (programming) languages for which mechanized reasoning is likely to be practically useful; example is MIL-lite, a compiler intermediate language.

SLIDE 4

APPSEM II, Nottingham, March 2003 4

The Talk

• Review how to implement object level syntax such as

Q ::

• Vi

✁

Q

✂

Q

✁☎✄

Vi

✆

Q QPL in a logical framework, and the associated problems

• Motivate a system called HYBRID which addresses some
• f the problems
• Give a sketch of HYBRID
• Outline recent work

SLIDE 5

APPSEM II, Nottingham, March 2003 5

How to Implement Object Logic Syntax

• Implement once and for all the λ-calculus

E ::

• c

✁

Vi

✁

ΛVi

✂

E

✁

E E

• Define once and for all substitution and α

✄

βη

☎

• equivalence.

This gives a logical framework infrastructure – a metalanguage with binding

• To encode QPL specify constants

✆✝ ✞

:: expr

✟

expr

✟

expr and

✠✡ ✡

::

✄

expr

✟

expr

☎ ✟

• expr. One can define an encoding function

☛ ✁ ☞

, where

☛

Q1

✌

Q2

☞

def

• ✆

✝ ✞ ☛

Q1

☞ ☛

Q2

☞ ☛ ✍

Vi

✂

Q

☞

def

• ✠

✡ ✡ ✄

Λvi

✂ ☛

Q

☞ ☎

SLIDE 6

APPSEM II, Nottingham, March 2003 6

• Advantage: Substitution (etc) defined once only
• Disadvantages:
• We cannot have a (Isabelle HOL) datatype

expr ::

• expr

✁✂✁ ✄ ☎

exprexpr

✁✂✆ ✝ ✝ ✞

expr

✟

expr

✠

hence there is no principal of structural induction

• expr

✟

expr contains contains functions which are not in the image of

✡ ✁ ☛

, so the encoding is not adequate

✆ ✝ ✝ ✞

Λx

✆☞✌

x

• u

✍ ✎ ✏ ✑

u

✏ ✝ ✒ ✏ ✆ ✝ ✝ ✞

Λz

✆

z

✠ ✠

SLIDE 7

APPSEM II, Nottingham, March 2003 7

Motivating HYBRID

• Desiderata:
• Represent syntax, HOAS style, up to αβη-equivalence;
• deploy principles of recursion & induction;
• utilize Isabelle HOL tactics.
• Key Ideas:
• Object level binders will be represented as Isabelle (HOL)

meta-binders;

• this is achieved by a (hidden) translation into a de Bruijn

datatype of λ-calculus terms;

• ur approach is definitional thus consistent.

SLIDE 8

APPSEM II, Nottingham, March 2003 8

What HYBRID Provides

• System should provide a metalanguage (HOAS)

E ::

• c

✁

Vi

✁

ΛVi

✆

E

✁

E E

• HYBRID does provide

e ::

• ✁

✂

c

✁☎✄ ✆ ✆

i

✁ ✝ ✆ ✞

v

✆

e

✁

e1 $$ e2 Hλ

• These terms can be converted to terms of type expr

expr ::

• ✁

✂

con

✁ ✄ ✆ ✆

var

✁☎✟ ✂✠

bnd

✁ ✆ ✟ ✡

expr

✁

expr $$ expr

• Hλ is a hybrid of λ-calculus and de Bruijn notation

SLIDE 9

APPSEM II, Nottingham, March 2003 9

How HYBRID Represents the λ-calculus

• Hλ terms are definitions of HYBRID terms of type expr
• Roughly speaking we have implemented conversion

functions

DB

• ✁

✂ ✄☎ ✑ ✆ ✝ ✄☎ ✑ ✆ ✝

Hλ

• If user inputs

✝ ✆ ✞

v1

✆ ✞ ✝ ✆ ✞

v0

✆ ✞

v1 $$ v0

✠ ✠

where

✝ ✆ ✞

vi

✆

e is binder syntax, Isabelle HOL converts it to a de Bruijn term ...

SLIDE 10

APPSEM II, Nottingham, March 2003 10

• The function

✁ ✂ ✄☎ ✑ ✆

: Hλ

• DB calls a function

✝ ✁ ✄ ✂ ✁ ✁

, which calls a function

✝ ✂ ☞ ✑ ✁ ✝ ✁ ✄ ✂ ✁ ✁

: ξ

✂

• ✆

✟ ✡ ✞ ✝ ✂ ☞ ✑ ✁

0 ξ

✠ ✝ ✆ ✞

v1

✆ ✞ ✝ ✆ ✞

v0

✆ ✞

v1 $$ v0

✠ ✠

def

• ✝

✁ ✄ ✂ ✁ ✁ ✞

λv1

✆ ✞ ✝ ✁ ✄ ✂ ✁ ✁ ✞

λv0

✆ ✞

v1 $$ v0

✠ ✠ ✠ ✠

• ✆

✟ ✡ ✞ ✝ ✂ ☞ ✑ ✁ ✞

λv1

✆ ✞ ✆ ✟ ✡ ✞ ✝ ✂ ☞ ✑ ✁ ✞

λv0

✆ ✞

v1 $$ v0

✠ ✠ ✠ ✠ ✠ ✠

• ✆

✟ ✡ ✞ ✝ ✂ ☞ ✑ ✁ ✞

λv1

✆ ✞ ✆ ✟ ✡ ✞

v1 $$

✞ ✟ ✂✠ ✠ ✠ ✠ ✠ ✠

• ✆

✟ ✡ ✞ ✆ ✟ ✡ ✞ ✝ ✂ ☞ ✑ ✁

1

✞

λv1

✆

v1

✠

$$

✞ ✝ ✂ ☞ ✑ ✁

1

✞

λv1

✆ ✟ ✂ ✠ ✠ ✠ ✠ ✠

• ✆

✟ ✡ ✞ ✆ ✟ ✡ ✞ ✟ ✂✠

1 $$

✞ ✟ ✂ ✠ ✠ ✠ ✠

SLIDE 11

APPSEM II, Nottingham, March 2003 11

What we have done

• Proved that the “constructors” of Hλ are injective and have

disjoint images on suitable subsets of their domains ...

• so Hλ “is” a datatype and this leads to a consistent principle of

structural induction.

• For the lazy λ-calculus we have automated proofs of
• determinacy and subject reduction by induction;
• divergence by coinduction;
• bisimulation is a congruence by coinduction.

SLIDE 12

APPSEM II, Nottingham, March 2003 12

• For the higher order π-calculus
• HYBRID captures higher order quantification over processes –

sometimes problematic in other settings;

• automated proof that reduction preserves well-formedness of

processes.

• We have implemented a very general combinator for primitive

recursion, consistent with HOAS.

• We have developed a presheaf topos model, which validates a

family of recursion principles by realizing them as initial algebras.

• Started to apply these ideas to MIL-lite ...