failure is not an option
play

Failure is Not an Option The Curry-Howard-Shadok correspondence - PowerPoint PPT Presentation

Mar 21, 2023 •157 likes •1.35k views

Failure is Not an Option The Curry-Howard-Shadok correspondence Pierre-Marie Pdrot joint work with Nicolas Tabareau Max Planck Institute for Software Systems Sminaire PPS P.-M. Pdrot (MPI-SWS) Failure is Not an Option 22/02/2018 1 / 44

  1. The Exceptional Type Theory: Overview As hinted before, we need to be call-by-name to feature full conversion. 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) raise B e The exceptional type theory extends vanilla CIC with p 10 / 44 raise E : □ : Π A : □ . E → A raise (Π x : A . B ) e ≡ λ x : A . raise B e match ( raise I e ) ret P with ⃗ ≡ raise ( P ( raise I e )) e where P : I → □ . Remark that in call-by-name, if M : A → B , in general M ( raise A e ) ̸≡ for otherwise we would not have ( λ x : A . M ) N ≡ M { x := N } .

  2. P p t p f p e true P p t p f p e false P p t p f p e raise p e e Catch Me If You Can P b where catch p t catch p f P false catch e P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 b P true Remember that on functions: P false It means catching exceptions is limited to positive datatypes! For inductive types, this is a generalized induction principle . catch P P P true e E P raise e b P b rect 11 / 44 raise (Π x : A . B ) e ≡ λ x : A . raise B e

  3. Catch Me If You Can Remember that on functions: 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) p f p t where 11 / 44 For inductive types, this is a generalized induction principle . It means catching exceptions is limited to positive datatypes! raise (Π x : A . B ) e ≡ λ x : A . raise B e catch B : Π P : B → □ . B rect : Π P : B → □ . P true → P true → P false → P false → (Π e : E . P ( raise B e )) → Π b : B . P b Π b : B . P b ≡ catch B P p t p f p e true ≡ catch B P p t p f p e false catch B P p t p f p e ( raise B e ) ≡ p e e

  4. Mot d’Ordre : A Model It’s not just randomly coming up with syntax though. We want a justifjcation for what we are doing What about normalization? Subject reduction? Other nice properties? ... that’s called a model. We want a model of the exceptional type theory! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 12 / 44

  5. Mot d’Ordre : A Model It’s not just randomly coming up with syntax though. We want a justifjcation for what we are doing What about normalization? Subject reduction? Other nice properties? ... that’s called a model. We want a model of the exceptional type theory! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 12 / 44

  6. Mot d’Ordre : A Model It’s not just randomly coming up with syntax though. We want a justifjcation for what we are doing What about normalization? Subject reduction? Other nice properties? ... that’s called a model. We want a model of the exceptional type theory! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 12 / 44

  7. Kardashian Functors, Anyone? Semantics of CIC has a fame of being horribly complex. I won’t lie: it is . But part of this fame is nonetheless due to its models. Set-theoretical models: because Sets are a (crappy) type theory. Pro: Sets! Con: Sets! Realizability models: construct programs that respect properties. Pro: Computational, computer-science friendly. Con: Not foundational (requires an alien meta-theory), not decidable. Categorical models: abstract description of type theory. Pro: Abstract, subsumes the two former ones. Con: Realizability + very low level, gazillion variants, intrisically typed, static. P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 13 / 44

  8. Kardashian Functors, Anyone? Semantics of CIC has a fame of being horribly complex. I won’t lie: it is . But part of this fame is nonetheless due to its models. Set-theoretical models: because Sets are a (crappy) type theory. Pro: Sets! Con: Sets! Realizability models: construct programs that respect properties. Pro: Computational, computer-science friendly. Con: Not foundational (requires an alien meta-theory), not decidable. Categorical models: abstract description of type theory. Pro: Abstract, subsumes the two former ones. Con: Realizability + very low level, gazillion variants, intrisically typed, static. P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 13 / 44

  9. Kardashian Functors, Anyone? Semantics of CIC has a fame of being horribly complex. I won’t lie: it is . But part of this fame is nonetheless due to its models. Set-theoretical models: because Sets are a (crappy) type theory. Pro: Sets! Con: Sets! Realizability models: construct programs that respect properties. Pro: Computational, computer-science friendly. Con: Not foundational (requires an alien meta-theory), not decidable. Categorical models: abstract description of type theory. Pro: Abstract, subsumes the two former ones. Con: Realizability + very low level, gazillion variants, intrisically typed, static. P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 13 / 44

  10. Kardashian Functors, Anyone? Semantics of CIC has a fame of being horribly complex. I won’t lie: it is . But part of this fame is nonetheless due to its models. Set-theoretical models: because Sets are a (crappy) type theory. Pro: Sets! Con: Sets! Realizability models: construct programs that respect properties. Pro: Computational, computer-science friendly. Con: Not foundational (requires an alien meta-theory), not decidable. Categorical models: abstract description of type theory. Pro: Abstract, subsumes the two former ones. Con: Realizability + very low level, gazillion variants, intrisically typed, static. P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 13 / 44

  11. Kardashian Functors, Anyone? Semantics of CIC has a fame of being horribly complex. I won’t lie: it is . But part of this fame is nonetheless due to its models. Set-theoretical models: because Sets are a (crappy) type theory. Pro: Sets! Con: Sets! Realizability models: construct programs that respect properties. Pro: Computational, computer-science friendly. Con: Not foundational (requires an alien meta-theory), not decidable. Categorical models: abstract description of type theory. Pro: Abstract, subsumes the two former ones. Con: Realizability + very low level, gazillion variants, intrisically typed, static. P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 13 / 44

  12. Curry-Howard Orthodoxy Friedman’s trick 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) CH (global monotonous cell) Forcing Markov’s rule (exceptions) classical logic ( callcc ) Instead, let’s look at what Curry-Howard provides in simpler settings. Double-negation On the logic side, extend expressivity through proof translation. Interpret mechanically efgectful programs (e.g. in Haskell) A type transformer T , two combinators, a few equations On the programming side, implement efgects using e.g. the monadic style. 14 / 44 Logical Interpretations ⇔ Program Translations

  13. Curry-Howard Orthodoxy Friedman’s trick 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) CH (global monotonous cell) Forcing Markov’s rule (exceptions) classical logic ( callcc ) Instead, let’s look at what Curry-Howard provides in simpler settings. Double-negation On the logic side, extend expressivity through proof translation. Interpret mechanically efgectful programs (e.g. in Haskell) A type transformer T , two combinators, a few equations On the programming side, implement efgects using e.g. the monadic style. 14 / 44 Logical Interpretations ⇔ Program Translations

  14. Curry-Howard Orthodoxy Instead, let’s look at what Curry-Howard provides in simpler settings. On the programming side, implement efgects using e.g. the monadic style. A type transformer T , two combinators, a few equations Interpret mechanically efgectful programs (e.g. in Haskell) On the logic side, extend expressivity through proof translation. P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 14 / 44 Logical Interpretations ⇔ Program Translations Double-negation ⇒ classical logic ( callcc ) Friedman’s trick ⇒ Markov’s rule (exceptions) Forcing ⇒ ¬ CH (global monotonous cell)

  15. CIC M CIC M Syntactic Models M 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) translation. implementing new terms given by the by going down to the CIC assembly language, Step 3: Expand A A Step 2: Flip views and actually pose Let us do the same thing with CIC: build syntactic models . A implies A M from it s.t. and derive on the syntax of Step 1: Defjne CIC . Step 0: Fix a theory 15 / 44

  16. CIC M CIC M Syntactic Models A 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) translation. implementing new terms given by the by going down to the CIC assembly language, Step 3: Expand A Step 2: Flip views and actually pose M Let us do the same thing with CIC: build syntactic models . A implies A M from it s.t. and derive on the syntax of Step 1: Defjne 15 / 44 Step 0: Fix a theory T := CIC .

  17. CIC M Syntactic Models A 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) translation. implementing new terms given by the by going down to the CIC assembly language, Step 3: Expand A M Let us do the same thing with CIC: build syntactic models . Step 2: Flip views and actually pose implies 15 / 44 Step 0: Fix a theory T := CIC . Step 1: Defjne [ · ] on the syntax of T and derive [ [ · ] ] from it s.t. ⊢ T M : A ⊢ CIC [ M ] : [ [ A ] ]

  18. Syntactic Models Step 2: Flip views and actually pose 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) translation. implementing new terms given by the by going down to the CIC assembly language, Step 3: Expand Let us do the same thing with CIC: build syntactic models . 15 / 44 implies Step 0: Fix a theory T := CIC . Step 1: Defjne [ · ] on the syntax of T and derive [ [ · ] ] from it s.t. ⊢ T M : A ⊢ CIC [ M ] : [ [ A ] ] ∆ ⊢ T M : A = ⊢ CIC [ M ] : [ [ A ] ]

  19. Syntactic Models Step 2: Flip views and actually pose 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) Let us do the same thing with CIC: build syntactic models . 15 / 44 implies Step 0: Fix a theory T := CIC . Step 1: Defjne [ · ] on the syntax of T and derive [ [ · ] ] from it s.t. ⊢ T M : A ⊢ CIC [ M ] : [ [ A ] ] ∆ ⊢ T M : A = ⊢ CIC [ M ] : [ [ A ] ] Step 3: Expand T by going down to the CIC assembly language, implementing new terms given by the [ · ] translation.

  20. « CIC, the LLVM of Type Theory » P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 16 / 44

  21. The Exceptional Implementation Let’s implement the exceptional type theory into CIC! Source is a CBN theory, so usual monadic encoding won’t work. We use a variant of our previous weaning translation. All typing and computations rules mentioned before hold for free. Let’s call the exceptional type theory to disambiguate it from CIC . Only parameter of the translation: a fjxed type of exceptions in the target. CIC P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 17 / 44

  22. The Exceptional Implementation Let’s implement the exceptional type theory into CIC! Source is a CBN theory, so usual monadic encoding won’t work. We use a variant of our previous weaning translation. All typing and computations rules mentioned before hold for free. Let’s call the exceptional type theory to disambiguate it from CIC . Only parameter of the translation: a fjxed type of exceptions in the target. CIC P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 17 / 44

  23. The Exceptional Implementation Let’s implement the exceptional type theory into CIC! Source is a CBN theory, so usual monadic encoding won’t work. We use a variant of our previous weaning translation. All typing and computations rules mentioned before hold for free. Only parameter of the translation: a fjxed type of exceptions in the target. CIC P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 17 / 44 Let’s call the exceptional type theory T E to disambiguate it from CIC .

  24. The Exceptional Implementation Let’s implement the exceptional type theory into CIC! Source is a CBN theory, so usual monadic encoding won’t work. We use a variant of our previous weaning translation. All typing and computations rules mentioned before hold for free. Only parameter of the translation: a fjxed type of exceptions in the target. P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 17 / 44 Let’s call the exceptional type theory T E to disambiguate it from CIC . ⊢ CIC E : □

  25. CIC M CIC M The Exceptional Implementation, Negative case x x x M N M N x A M M A B If A then A . P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 e A Intuition: x Every exceptional type comes with its own implementation of failure! A A and A A A x A B x A B x A B e 18 / 44 ⊢ T E A : □ ⊢ CIC [ A ] : Σ A : □ . E → A . ⇝

  26. CIC M CIC M The Exceptional Implementation, Negative case Intuition: 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) A . A then If x 18 / 44 Every exceptional type comes with its own implementation of failure! and ⊢ T E A : □ ⊢ CIC [ A ] : Σ A : □ . E → A . ⇝ [ [ A ] ] : □ := π 1 [ A ] [ A ] ∅ : E → [ [ A ] ] := π 2 [ A ] [ [Π x : A . B ] ] ≡ Π x : [ [ A ] ] . [ [ B ] ] [Π x : A . B ] ∅ e ≡ λ x : [ [ A ] ] . [ B ] ∅ e [ x ] ≡ [ M N ] ≡ [ M ] [ N ] [ λ x : A . M ] ≡ λ x : [ [ A ] ] . [ M ]

  27. The Exceptional Implementation, Negative case and 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) x Intuition: 18 / 44 Every exceptional type comes with its own implementation of failure! ⊢ T E A : □ ⊢ CIC [ A ] : Σ A : □ . E → A . ⇝ [ [ A ] ] : □ := π 1 [ A ] [ A ] ∅ : E → [ [ A ] ] := π 2 [ A ] [ [Π x : A . B ] ] ≡ Π x : [ [ A ] ] . [ [ B ] ] [Π x : A . B ] ∅ e ≡ λ x : [ [ A ] ] . [ B ] ∅ e [ x ] ≡ [ M N ] ≡ [ M ] [ N ] [ λ x : A . M ] ≡ λ x : [ [ A ] ] . [ M ] If Γ ⊢ CIC M : A then [ [Γ] ] ⊢ CIC [ M ] : [ [ A ] ] .

  28. The Exceptional Implementation, Failure A x A raise B e x A B e x B e x e x A B e P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 A B e raise It is straightforward to implement the failure operation. e E raise E A A Computational rules trivially hold! E e raise A A A A raise 19 / 44 : □ : Π A : □ . E → A

  29. The Exceptional Implementation, Failure A x A raise B e x A B e x B e x e x A B e P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 A B e raise It is straightforward to implement the failure operation. Computational rules trivially hold! E raise 19 / 44 : □ : Π A : □ . E → A [ E ] : Σ A : □ . E → A [ E ] := ( E , λ e : E . e ) [ raise ] : Π A 0 : (Σ A : □ . E → A ) . E → π 1 A 0 [ raise ] := π 2

  30. The Exceptional Implementation, Failure Computational rules trivially hold! 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) It is straightforward to implement the failure operation. 19 / 44 E raise : □ : Π A : □ . E → A [ E ] : Σ A : □ . E → A [ E ] := ( E , λ e : E . e ) [ raise ] : Π A 0 : (Σ A : □ . E → A ) . E → π 1 A 0 [ raise ] := π 2 [ raise (Π x : A . B ) e ] [ λ x : A . raise B e ] ≡ ≡ ≡ π 2 ((Π x : [ [ A ] ] . [ [ B ] ]) , ( λ ( e : E ) ( x : [ [ A ] ]) . π 2 [ [ B ] ] e )) [ e ] λ x : [ [ A ] ] . π 2 [ B ] [ e ] ≡

  31. The Exceptional Implementation, Positive case The really interesting case is the inductive part of CIC. Could pose and take an arbitrary boolean for ... ... but that would not play well with computation, e.g. catch . Worse, what about ? P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 20 / 44 How to implement [ B ] ∅ : E → [ [ B ] ] ?

  32. The Exceptional Implementation, Positive case The really interesting case is the inductive part of CIC. ... but that would not play well with computation, e.g. catch . Worse, what about ? P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 20 / 44 How to implement [ B ] ∅ : E → [ [ B ] ] ? Could pose [ [ B ] ] := B and take an arbitrary boolean for [ B ] ∅ ...

  33. The Exceptional Implementation, Positive case The really interesting case is the inductive part of CIC. ... but that would not play well with computation, e.g. catch . P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 20 / 44 How to implement [ B ] ∅ : E → [ [ B ] ] ? Could pose [ [ B ] ] := B and take an arbitrary boolean for [ B ] ∅ ... Worse, what about [ ⊥ ] ∅ : E → [ [ ⊥ ] ] ?

  34. P true P false The Exceptional Implementation, Positive case P 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) e e , reraise e using P b If b is an error If b is false , use second hypothesis If b is true , use fjrst hypothesis P b b P false P true b P b Very elegant solution: add a default case to every inductive type! P Pattern-matching is translated pointwise, except for the new case. 21 / 44 Inductive [ [ B ] ] := [ true ] : [ [ B ] ] | [ false ] : [ [ B ] ] | B ∅ : E → [ [ B ] ]

  35. The Exceptional Implementation, Positive case Pattern-matching is translated pointwise, except for the new case. 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) Very elegant solution: add a default case to every inductive type! 21 / 44 Inductive [ [ B ] ] := [ true ] : [ [ B ] ] | [ false ] : [ [ B ] ] | B ∅ : E → [ [ B ] ] [ [Π P : B → □ . P true → P false → Π b : B . P b ] ] ≡ Π P : [ [ B ] ] → [ [ □ ] ] . P [ true ] → P [ false ] → Π b : [ [ B ] ] . P b If b is [ true ] , use fjrst hypothesis If b is [ false ] , use second hypothesis If b is an error B ∅ e , reraise e using [ P b ] ∅ e

  36. ☺ A type theory with efgects! ☺ Compiled away to CIC ! ☺ Features full conversion ☺ Features full dependent elimination 😗 Ah, yeah, and also, the theory is inconsistent. Shadok Logic Strikes Back Theorem The exceptional translation interprets all of CIC . It suffjces to raise an exception to inhabit any type. P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 22 / 44

  37. 😗 Ah, yeah, and also, the theory is inconsistent. Shadok Logic Strikes Back Theorem The exceptional translation interprets all of CIC . It suffjces to raise an exception to inhabit any type. P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 22 / 44 ☺ A type theory with efgects! ☺ Compiled away to CIC ! ☺ Features full conversion ☺ Features full dependent elimination

  38. 😗 Ah, yeah, and also, the theory is inconsistent. Shadok Logic Strikes Back Theorem The exceptional translation interprets all of CIC . It suffjces to raise an exception to inhabit any type. P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 22 / 44 ☺ A type theory with efgects! ☺ Compiled away to CIC ! ☺ Features full conversion ☺ Features full dependent elimination

  39. Shadok Logic Strikes Back Theorem The exceptional translation interprets all of CIC . It suffjces to raise an exception to inhabit any type. P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 22 / 44 ☺ A type theory with efgects! ☺ Compiled away to CIC ! ☺ Features full conversion ☺ Features full dependent elimination 😗 Ah, yeah, and also, the theory is inconsistent.

  40. Consistency: A Social Construct You can still use the CIC target to prove properties about 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) And now for a little ad before the second part of the show! You can prove that a program does not raise uncaught exceptions. Clifghanger programs! A Safe Target Framework An Impure Dependently-typed Programming Language E . e for some e raise , then M M If Theorem ( Exceptional Canonicity a.k.a. Progress a.k.a. Meaningless explanations) Do you whine about the fact that OCaml is logically inconsistent? 23 / 44

  41. Consistency: A Social Construct An Impure Dependently-typed Programming Language Do you whine about the fact that OCaml is logically inconsistent? Theorem ( Exceptional Canonicity a.k.a. Progress a.k.a. Meaningless explanations) A Safe Target Framework You can still use the CIC target to prove properties about programs! Clifghanger You can prove that a program does not raise uncaught exceptions. And now for a little ad before the second part of the show! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 23 / 44 If ⊢ T E M : ⊥ , then M ≡ raise ⊥ e for some e : E .

  42. Consistency: A Social Construct An Impure Dependently-typed Programming Language Do you whine about the fact that OCaml is logically inconsistent? Theorem ( Exceptional Canonicity a.k.a. Progress a.k.a. Meaningless explanations) A Safe Target Framework Clifghanger You can prove that a program does not raise uncaught exceptions. And now for a little ad before the second part of the show! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 23 / 44 If ⊢ T E M : ⊥ , then M ≡ raise ⊥ e for some e : E . You can still use the CIC target to prove properties about T E programs!

  43. Consistency: A Social Construct An Impure Dependently-typed Programming Language Do you whine about the fact that OCaml is logically inconsistent? Theorem ( Exceptional Canonicity a.k.a. Progress a.k.a. Meaningless explanations) A Safe Target Framework Clifghanger You can prove that a program does not raise uncaught exceptions. And now for a little ad before the second part of the show! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 23 / 44 If ⊢ T E M : ⊥ , then M ≡ raise ⊥ e for some e : E . You can still use the CIC target to prove properties about T E programs!

  44. Consistency: A Social Construct An Impure Dependently-typed Programming Language Do you whine about the fact that OCaml is logically inconsistent? Theorem ( Exceptional Canonicity a.k.a. Progress a.k.a. Meaningless explanations) A Safe Target Framework Clifghanger You can prove that a program does not raise uncaught exceptions. And now for a little ad before the second part of the show! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 23 / 44 If ⊢ T E M : ⊥ , then M ≡ raise ⊥ e for some e : E . You can still use the CIC target to prove properties about T E programs!

  45. CIC P Informercial — Did You Know? types, 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) P Q . p CIC Q implies P p CIC If P and Q are The exceptional translation is just a principled Friedman’s A -translation! Friedman’s Trick in CIC . P type, then If P is a First-order purifjcation A A Informative double-negation As such, it can be used for classical proof extraction. 24 / 44

  46. CIC P Informercial — Did You Know? Friedman’s Trick in CIC 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) P Q . p CIC Q implies P p CIC types, If P and Q are . The exceptional translation is just a principled Friedman’s A -translation! P type, then If P is a First-order purifjcation Informative double-negation As such, it can be used for classical proof extraction. 24 / 44 ] ∼ [ [ ¬¬ A ] = ([ [ A ] ] → E ) → E

  47. Informercial — Did You Know? Friedman’s Trick in CIC 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) P Q . p CIC Q implies P p CIC types, If P and Q are 24 / 44 The exceptional translation is just a principled Friedman’s A -translation! First-order purifjcation Informative double-negation As such, it can be used for classical proof extraction. ] ∼ [ [ ¬¬ A ] = ([ [ A ] ] → E ) → E If P is a Σ 0 1 type, then ⊢ CIC [ [ P ] ] ↔ P + E .

  48. Informercial — Did You Know? First-order purifjcation 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) Friedman’s Trick in CIC The exceptional translation is just a principled Friedman’s A -translation! 24 / 44 As such, it can be used for classical proof extraction. Informative double-negation ] ∼ [ [ ¬¬ A ] = ([ [ A ] ] → E ) → E If P is a Σ 0 1 type, then ⊢ CIC [ [ P ] ] ↔ P + E . If P and Q are Σ 0 1 types, ⊢ CIC Π p : P . ¬¬ Q implies ⊢ CIC Π p : P . Q .

  49. Part II P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 25 / 44

  50. If You Joined the Talk Recently The exceptional type theory is logically inconsistent! Clifghanger (cont.) You can prove that a program does not raise uncaught exceptions. Let’s call valid a program in that “does not raise exceptions”. For instance, there is no valid proof of the only valid booleans are true and false a function is valid if it produces a valid result out of a valid argument Validity is a type-directed notion! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 26 / 44

  51. If You Joined the Talk Recently The exceptional type theory is logically inconsistent! Clifghanger (cont.) You can prove that a program does not raise uncaught exceptions. For instance, the only valid booleans are true and false a function is valid if it produces a valid result out of a valid argument Validity is a type-directed notion! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 26 / 44 Let’s call valid a program in T E that “does not raise exceptions”. there is no valid proof of ⊥

  52. If You Joined the Talk Recently The exceptional type theory is logically inconsistent! Clifghanger (cont.) You can prove that a program does not raise uncaught exceptions. For instance, the only valid booleans are true and false a function is valid if it produces a valid result out of a valid argument Validity is a type-directed notion! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 26 / 44 Let’s call valid a program in T E that “does not raise exceptions”. there is no valid proof of ⊥

  53. The Curry-Howard-Shadok Correspondence B 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) Zo ! Fools ! That’s parametricity . Come on. That’s intuitionistic realizability . What? That’s just logical relations . f x A x A x B A f 27 / 44 Let’s locally write M ⊩ A if M is valid at A .

  54. What? That’s just logical relations . The Curry-Howard-Shadok Correspondence Come on. That’s intuitionistic realizability . Fools ! That’s parametricity . Zo ! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 27 / 44 Let’s locally write M ⊩ A if M is valid at A . f ⊩ A → B ≡ ∀ x : [ [ A ] ] . x ⊩ A → f x ⊩ B

  55. What? That’s just logical relations . The Curry-Howard-Shadok Correspondence Come on. That’s intuitionistic realizability . Fools ! That’s parametricity . Zo ! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 27 / 44 Let’s locally write M ⊩ A if M is valid at A . f ⊩ A → B ≡ ∀ x : [ [ A ] ] . x ⊩ A → f x ⊩ B

  56. What? That’s just logical relations . The Curry-Howard-Shadok Correspondence Come on. That’s intuitionistic realizability . Fools ! That’s parametricity . Zo ! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 27 / 44 Let’s locally write M ⊩ A if M is valid at A . f ⊩ A → B ≡ ∀ x : [ [ A ] ] . x ⊩ A → f x ⊩ B

  57. What? That’s just logical relations . The Curry-Howard-Shadok Correspondence Come on. That’s intuitionistic realizability . Fools ! That’s parametricity . Zo ! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 27 / 44 Let’s locally write M ⊩ A if M is valid at A . f ⊩ A → B ≡ ∀ x : [ [ A ] ] . x ⊩ A → f x ⊩ B

  58. What? That’s just logical relations . The Curry-Howard-Shadok Correspondence Come on. That’s intuitionistic realizability . Fools ! That’s parametricity . Zo ! P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 27 / 44 Let’s locally write M ⊩ A if M is valid at A . f ⊩ A → B ≡ ∀ x : [ [ A ] ] . x ⊩ A → f x ⊩ B

  59. CIC M CIC M Making Everybody Agree 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) is the validity predicate. A where A M A A It’s actually folklore that these techniques are essentially the same. produce two sequents A M From Idea: We just have to adapt it to our exceptional translation. And there is already a parametricity translation for CIC! (Bernardy-Lasson) 28 / 44

  60. CIC M CIC M Making Everybody Agree 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) is the validity predicate. A where A M A A It’s actually folklore that these techniques are essentially the same. produce two sequents A M From Idea: We just have to adapt it to our exceptional translation. And there is already a parametricity translation for CIC! (Bernardy-Lasson) 28 / 44

  61. Making Everybody Agree produce two sequents 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) It’s actually folklore that these techniques are essentially the same. 28 / 44 And there is already a parametricity translation for CIC! (Bernardy-Lasson) We just have to adapt it to our exceptional translation. From Idea:  ⊢ CIC [ M ] : [ [ A ] ]   ⊢ M : A +  ⊢ CIC [ M ] ε : [ [ A ] ] ε [ M ]  where [ [ A ] ] ε : [ [ A ] ] → □ is the validity predicate.

  62. CIC M CIC M Parametric Exceptional Translation (Sketch) Most notably, 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) M . A A then If Every pure term is now automatically parametric. 29 / 44 [ [Π x : A . B ] ] ε f ≡ Π( x : [ [ A ] ]) ( x ε : [ [ A ] ] ε x ) . [ [ B ] ] ε ( f x ) ∼ [ [ B ] ] ε b b = [ true ] + b = [ false ] = ∼ [ [ ⊥ ] ] ε s ⊥ =

  63. Parametric Exceptional Translation (Sketch) Most notably, 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) Every pure term is now automatically parametric. 29 / 44 [ [Π x : A . B ] ] ε f ≡ Π( x : [ [ A ] ]) ( x ε : [ [ A ] ] ε x ) . [ [ B ] ] ε ( f x ) ∼ [ [ B ] ] ε b b = [ true ] + b = [ false ] = ∼ [ [ ⊥ ] ] ε s ⊥ = If Γ ⊢ CIC M : A then [ [Γ] ] ε ⊢ CIC [ M ] ε : [ [ A ] ] ε [ M ] .

  64. A Few Nice Results Theorem (Syntax) 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) 30 / 44 Theorem (Consistency) Theorem (Canonicity) Let’s call T p E the resulting theory. It inherits a lot from CIC ! T p E is consistent. E M : N then M ⇝ ∗ ¯ n ∈ ¯ T p E enjoys canonicity, i.e if ⊢ T p N . T p E has decidable type-checking, strong normalization and whatnot.

  65. What If There Were No Cake? Bernardy-Lasson parametricity is a conservative extension of CIC ... P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 31 / 44

  66. What If There Were No Cake? Bernardy-Lasson parametricity is a conservative extension of CIC ... P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 31 / 44

  67. What If There Were No Cake? Bernardy-Lasson parametricity is a conservative extension of CIC ... P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 31 / 44

  68. p a semantical layer atop of it. p is the embodiement of Kreisel modifjed realizability in CIC . Less Is More is the unsafe Coq fragment, and 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) Actually ... as long as you prove they don’t escape! Spoiler ... but you can still raise them locally p raising uncaught exceptions is forbidden in Intuitively, 32 / 44 T p E is not a conservative extension of CIC .

  69. p a semantical layer atop of it. p is the embodiement of Kreisel modifjed realizability in CIC . Less Is More is the unsafe Coq fragment, and 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) Actually ... as long as you prove they don’t escape! Spoiler ... but you can still raise them locally Intuitively, 32 / 44 T p E is not a conservative extension of CIC . raising uncaught exceptions is forbidden in T p E

  70. p a semantical layer atop of it. p is the embodiement of Kreisel modifjed realizability in CIC . Less Is More is the unsafe Coq fragment, and 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) Actually ... as long as you prove they don’t escape! Spoiler ... but you can still raise them locally Intuitively, 32 / 44 T p E is not a conservative extension of CIC . raising uncaught exceptions is forbidden in T p E

  71. p is the embodiement of Kreisel modifjed realizability in CIC . Less Is More Spoiler 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) Actually ... as long as you prove they don’t escape! ... but you can still raise them locally Intuitively, 32 / 44 T p E is not a conservative extension of CIC . raising uncaught exceptions is forbidden in T p E T E is the unsafe Coq fragment, and T p E a semantical layer atop of it.

  72. Less Is More ... but you can still raise them locally 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) Spoiler ... as long as you prove they don’t escape! Intuitively, 32 / 44 T p E is not a conservative extension of CIC . raising uncaught exceptions is forbidden in T p E T E is the unsafe Coq fragment, and T p E a semantical layer atop of it. Actually T p E is the embodiement of Kreisel modifjed realizability in CIC .

  73. Explaining the Analogy P m n 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) P n A n P n n A IP P n f n n f m Kreisel realizability n AC Kreisel realizability extends arithmetic with essentially two principles. CIC Logical meta-theory System T Programming language CIC Source theory 33 / 44 T p E HA or HA ω T E (“unsafe Coq”) HA ω

  74. Explaining the Analogy Kreisel realizability 22/02/2018 Failure is Not an Option P.-M. Pédrot (MPI-SWS) Kreisel realizability extends arithmetic with essentially two principles. CIC Logical meta-theory System T Programming language CIC Source theory 33 / 44 T p E HA or HA ω T E (“unsafe Coq”) HA ω AC N : ( ∀ n : N . ∃ m : N . P ( m , n )) → ∃ f : N → N . ∀ n : N . P ( n , f n ) IP : ( ¬ A → ∃ n : N . P n ) → ∃ n : N . ¬ A → P n

  75. Choice Not much to say here. In p , AC is a consequence of dependent elimination. The latter is in turn meta-theoretically justifjed by canonicity. In both cases, choice is built-in and a consequence of canonicity. P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 34 / 44 AC N : ( ∀ n : N . ∃ m : N . P ( m , n )) → ∃ f : N → N . ∀ n : N . P ( n , f n ) In Kreisel realizability, AC N is a consequence of canonicity of System T.

  76. Choice Not much to say here. The latter is in turn meta-theoretically justifjed by canonicity. In both cases, choice is built-in and a consequence of canonicity. P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 34 / 44 AC N : ( ∀ n : N . ∃ m : N . P ( m , n )) → ∃ f : N → N . ∀ n : N . P ( n , f n ) In Kreisel realizability, AC N is a consequence of canonicity of System T. In T p E , AC N is a consequence of dependent elimination.

  77. Choice Not much to say here. The latter is in turn meta-theoretically justifjed by canonicity. In both cases, choice is built-in and a consequence of canonicity. P.-M. Pédrot (MPI-SWS) Failure is Not an Option 22/02/2018 34 / 44 AC N : ( ∀ n : N . ∃ m : N . P ( m , n )) → ∃ f : N → N . ∀ n : N . P ( n , f n ) In Kreisel realizability, AC N is a consequence of canonicity of System T. In T p E , AC N is a consequence of dependent elimination.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Failure is not an Option Error handling strategies for Kotlin programs Nat Pryce & Duncan

Failure is not an Option Error handling strategies for Kotlin programs Nat Pryce & Duncan

Failure is not an Option Error handling strategies for Kotlin programs Nat Pryce & Duncan McGregor @natpryce, @duncanmcg Copenhagen Denmark What is failure? Programs can go wrong for so many reasons! Invalid Input Strings with

928 views • 46 slides
4 th June 2014 Ministerial Commitment Failure is not an Option A common purpose for the delivery

4 th June 2014 Ministerial Commitment Failure is not an Option A common purpose for the delivery

Joe Breen Department of the Environment Northern Ireland 4 th June 2014 Ministerial Commitment Failure is not an Option A common purpose for the delivery of Aichi Targets by 2020 The purpose of this UK Biodiversity Framework is to set a broad

331 views • 19 slides
Slips, Trips Success Failure is Not an Option Slips Cost Time if Not Caught Early Our

Slips, Trips Success Failure is Not an Option Slips Cost Time if Not Caught Early Our

ER LPE Presentation Slips, Trips Success Failure is Not an Option Slips Cost Time if Not Caught Early Our interest is to help you succeed. R/W = Property Right R/W Involvement in the Preliminary Engineering (PE) Phase Checks by

76 views • 3 slides
Welcome to your home church! Failure Is an Option Th The e Bi Bibl ble e St Stand ands

Welcome to your home church! Failure Is an Option Th The e Bi Bibl ble e St Stand ands

Welcome to your home church! Failure Is an Option Th The e Bi Bibl ble e St Stand ands The Bible Stands Matthew 26:69 27:26 Jeremiah 36 Jeremiah 36 I. The Bible is Inspired by the Holy Spirit A. The Word came to Jeremiah from the

337 views • 8 slides
Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Failure is not an option * A journey through software bugs Philippe Biondi Nov 20 th 2015 / GreHack Failure is not an option * Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?! 4 Living with bugs

966 views • 63 slides
Health Failure Telehealth Final Report Sarah Briggs Heart Failure Specialist Nurse Heart Failure

Health Failure Telehealth Final Report Sarah Briggs Heart Failure Specialist Nurse Heart Failure

Health Failure Telehealth Final Report Sarah Briggs Heart Failure Specialist Nurse Heart Failure Heart failure is a life limiting condition with outcomes worse than most cancers Heart failure is manifested by severe symptoms and the

775 views • 22 slides
Failure is a four-letter word Andreas Zeller Thomas Zimmermann Christian Bird PROMISE

Failure is a four-letter word Andreas Zeller Thomas Zimmermann Christian Bird PROMISE

Failure is a four-letter word Andreas Zeller Thomas Zimmermann Christian Bird PROMISE 2011, Banff, Canada Software failures 2 Defect distributions 3 Failure causes 4 Failure causes 5 Failure causes 6 Failure causes 7 Failure

1.16k views • 76 slides
Revel Ridge Project 1996-1998 Weymin Option from Equinox (Hecla) 2004 Bac-Tech Option 2007- 2019

Revel Ridge Project 1996-1998 Weymin Option from Equinox (Hecla) 2004 Bac-Tech Option 2007- 2019

Company Presentation May 2020 1952 Asarco option with trenching on Main Zone to south ROKMASTER RESOURCES CORP. 1962-1965 Westairs Ltd. option, new 830 Level in 297 meters 1980-1991 Leased by Pan American-Opioned to BP-Selco, Noranda,

870 views • 34 slides
Revel Ridge Project 1996-1998 Weymin Option from Equinox (Hecla) 2004 Bac-Tech Option 2007- 2019

Revel Ridge Project 1996-1998 Weymin Option from Equinox (Hecla) 2004 Bac-Tech Option 2007- 2019

Company Presentation May 2020 1952 Asarco option with trenching on Main Zone to south ROKMASTER RESOURCES CORP. 1962-1965 Westairs Ltd. option, new 830 Level in 297 meters 1980-1991 Leased by Pan American-Opioned to BP-Selco, Noranda,

847 views • 35 slides
Management of Co- morbidities in Heart Failure (COPD, Renal failure, Anemia) Dr John Parissis,

Management of Co- morbidities in Heart Failure (COPD, Renal failure, Anemia) Dr John Parissis,

Management of Co- morbidities in Heart Failure (COPD, Renal failure, Anemia) Dr John Parissis, Heart Failure Unit, Attikon University Hospital, Athens, Greece Prevalence of Non-cardiac Comorbidity In Chronic Heart Failure Braunstein et al

717 views • 70 slides
PALLIATIVE CARE Advanced heart failure Heart failure has a poor prognosis Heart failure

PALLIATIVE CARE Advanced heart failure Heart failure has a poor prognosis Heart failure

PALLIATIVE CARE Advanced heart failure Heart failure has a poor prognosis Heart failure mortality remains unacceptably high. 30-40% of patients die within the first year of diagnosis(Cowie et al, 2000; Hobbs et al, 2007). 1 year

381 views • 17 slides
Assessment Option 1: Take-home exam Option 1: Take-home exam Replicate an analysis

Assessment Option 1: Take-home exam Option 1: Take-home exam Replicate an analysis

Assessment Option 1: Take-home exam Option 1: Take-home exam Replicate an analysis we provide and answer questions Will be uploaded by Friday, December 2, 2016 Option 2: Essay involving data analysis Option 2: Essay

576 views • 20 slides
HEART FAILURE S Y M P T O M S A N D T R E A T M E N T B Y K E R R Y M O R T O N H F S N

HEART FAILURE S Y M P T O M S A N D T R E A T M E N T B Y K E R R Y M O R T O N H F S N

ACUTE DECOMPENSATING HEART FAILURE S Y M P T O M S A N D T R E A T M E N T B Y K E R R Y M O R T O N H F S N ACUTE HEART FAILURE DEFINITION The new onset or recurrence of symptoms and signs of heart failure requiring urgent or

1.01k views • 22 slides
Option Greeks 1 Introduction Option Greeks 1 Introduction Set-up Assignment: Read Section

Option Greeks 1 Introduction Option Greeks 1 Introduction Set-up Assignment: Read Section

Option Greeks 1 Introduction Option Greeks 1 Introduction Set-up Assignment: Read Section 12.3 from McDonald. We want to look at the option prices dynamically. Question: What happens with the option price if one of the inputs

591 views • 43 slides
Take the Top Spot by Transforming IT 157 157 Failure itself is not fatal, but failure to

Take the Top Spot by Transforming IT 157 157 Failure itself is not fatal, but failure to

Take the Top Spot by Transforming IT 157 157 Failure itself is not fatal, but failure to change might be. Legendary basketball coach John Wooden Transformation is the only way to take the top spot Transformed organizations:

387 views • 17 slides
Sudbury Previous Options Option 2 Option 5 Traffic Signals Revised Roundabout Revised

Sudbury Previous Options Option 2 Option 5 Traffic Signals Revised Roundabout Revised

Belle Vue Junction, Sudbury Previous Options Option 2 Option 5 Traffic Signals Revised Roundabout Revised Option 5 Following on from the initial design options the preferred option has been developed further Improving

353 views • 20 slides
Interim Results 2019/20 Kevin OByrne Chief Financial Officer Financial overview First

Interim Results 2019/20 Kevin OByrne Chief Financial Officer Financial overview First

Interim Results 2019/20 Kevin OByrne Chief Financial Officer Financial overview First period reporting on an inc. IFRS 16 basis - Material impacts on depreciation, finance costs and net debt UPBT 238m (H1 2018/19 279m) - Phasing

861 views • 51 slides
King Edward Memorial Park Foreshore Community Liaison Working Group 14 March 2018 Staff Tideway

King Edward Memorial Park Foreshore Community Liaison Working Group 14 March 2018 Staff Tideway

King Edward Memorial Park Foreshore Community Liaison Working Group 14 March 2018 Staff Tideway Jeff Alchin Project Manager Natasha Rudat Communications Lead Annie Lennox Architecture and Landscape CVB Charlie Lout Site

530 views • 27 slides
Local Plan Update Local Plan Stakeholder Briefing Cllr David Johncock - Cabinet Member for

Local Plan Update Local Plan Stakeholder Briefing Cllr David Johncock - Cabinet Member for

Local Plan Update Local Plan Stakeholder Briefing Cllr David Johncock - Cabinet Member for Planning and Sustainability Ian Manktelow - Strategic Planning Manager Chris Schmidt-Reid T eam Leader Policy T eam Rosie Brake Principal Policy

821 views • 37 slides
ME ME E E T THE T THE STARS STARS Building, selling, living green: sustainability in the

ME ME E E T THE T THE STARS STARS Building, selling, living green: sustainability in the

ME ME E E T THE T THE STARS STARS Building, selling, living green: sustainability in the residential sector sustainability in the residential sector Event Sponsored by GBCA Corporate Sponsor SPE AKE R Cate Collins, Head of

400 views • 39 slides
Di Divestme ment f from m fossil f fuels: Assessing the reasoning Aims for todays

Di Divestme ment f from m fossil f fuels: Assessing the reasoning Aims for todays

Di Divestme ment f from m fossil f fuels: Assessing the reasoning Aims for todays meeting Not to prosecute the case for (or against) divestment. Instead, we will use the main arguments (for and against) for diagnostic purposes:

366 views • 20 slides
ANNUAL GENERAL MEETING 1 Guests Arrive Chair Welcome Overview of the past 12 months

ANNUAL GENERAL MEETING 1 Guests Arrive Chair Welcome Overview of the past 12 months

ANNUAL GENERAL MEETING 1 Guests Arrive Chair Welcome Overview of the past 12 months and forthcoming year Adoption of Board of Directors and Accounts Q & A and AOB Networking and drinks AGENDA 2 OBJECTIVES 3 4 5

521 views • 38 slides
Advances in Programming Languages APL11: Concurrency David Aspinall (including slides by Ian

Advances in Programming Languages APL11: Concurrency David Aspinall (including slides by Ian

Advances in Programming Languages APL11: Concurrency David Aspinall (including slides by Ian Stark) School of Informatics The University of Edinburgh Monday 15 February 2010 Semester 2 Week 6 N I V E U R S E I H T T Y O H F G

770 views • 27 slides
Foundations of Computer Science Lecture 20 Expected Value of a Sum Linearity of Expectation

Foundations of Computer Science Lecture 20 Expected Value of a Sum Linearity of Expectation

Foundations of Computer Science Lecture 20 Expected Value of a Sum Linearity of Expectation Iterated Expectation Build-Up Expectation Sum of Indicators Last Time 1 Sample average and expected value. 2 Definition of Mathematical expectation. 3

972 views • 60 slides

More recommend