Multi-level Lax Logic Edwin Lewis-Kelham Mike Stannett Department of Computer Science, University of Sheffield Regent Court, 211 Portobello Street, Sheffield S1 4DP, UK. Correspondence: M.Stannett@dcs.shef.ac.uk Many thanks to the EPSRC for funding Ed’s research. TYPES 2006, 18 April 2006
Outline 1 Lax Logic 2 History 3 Base Logic Requirements 4 Lax Logic 5 Example 6 Multi-level Lax Logic 7 Operational MLL 8 Recursive MLL 9 Advice, please. . . 10 Further Reading 11 Thank you!
Lax Logic [Men93, FM97] ◮ Given a base logic B ◮ we can define a first-order logic, L , equipped with ◮ a modality, � , and ◮ a unary connective ι that faithfully embeds propositions of B as formulae of L . The modality represents the idea that a statement can be validated relative to some — initially unspecified — constraint. The statement � φ (‘somehow φ ’) is intended to mean ‘for some constraint c , φ holds under c ’.
History: Recent ◮ originally developed by Mendler [Men93] for extracting and reasoning about constraints during hardware verification and refinement. ◮ propositional lax logic (PLL) developed by Mendler and Fairtlough [FM97] ◮ two quantified versions (QLL, QLL + ) developed by Fairtlough and Walton [FW97, Wal99] ◮ multi-level version (MLL) developed by Ed Lewis as part of his PhD work [LK06] — described below
History: Ancient With hindsight, � has been studied in other contexts for æons. ◮ Earliest reference(?) is Curry’s presentation of an elimination theorem in the presence of modality [Cur52] ◮ Aczel [Acz99] has identified lax modalities occurring as ◮ nuclei in locale theory ◮ strong monads on categories ◮ modalities in topos theory. ◮ Pfenning and Davies [PD99] showed lax logic is contained within modal logic via � P ≡ ♦� P with P → L Q ≡ ( � P ) → Q .
Base Logic B should be many-sorted logic, with equality = , implication → , quantification ∀ , sorts S (including propositions, Ω ) and operators O . Types τ ::= A | 0 | 1 | τ + τ | τ × τ | τ ⇒ τ | τ ∗ | N where A ∈ S . Quantification is allowed over any type, e.g. ¬ φ = def φ → false where false = def ∀ x Ω .x . Terms t ::= x | f ( t, . . . , t ) | t → t | ∀ x.t | t = t | ∗ | π L t | π R t | ( t, t ) | t t | λx.t | � t | in L t | in R t | case x,y ( t, t, t ) | [ ] | t :: t | fold x,z ( t, t ) | 0 | succ | iter x ( t, t ) where x, y, z are variables and f ∈ O .
Base: Induction principles and equality axioms Γ ⊢B ∆ φ { [ ] /z } Γ , φ ⊢B ∆ ,x,z φ { x :: z/z } Γ ⊢B ∆ φ { 0 /z } Γ , φ ⊢B ∆ ,z φ { succ z/z } ListInd NatI Γ ⊢B ∆ ∀ z.φ Γ ⊢B ∆ ∀ z.φ ∆ , xσ ⊢B t : τ ∆ , x 0 ⊢B t : τ ⊢B ∆ ,x 0 t = � x ⊢B ∆ ,xσ ( λx.t ) x = t ⊢B xσ,yτ πL ( x, y ) = x ⊢B xσ,yτ πR ( x, y ) = y ∆ , xσ 1 ⊢B s : τ ∆ , yσ 2 ⊢B t : τ ∆ , xσ 1 ⊢B s : τ ∆ , yσ 2 ⊢B t : ∆ ⊢B u : σ 1 ∆ ⊢B u : σ 1 ⊢B ∆ casex,y (in L u, s, t ) = s { u/x } ⊢B ∆ casex,y (in R u, s, t ) = s { u/y } ∆ , xτ ⊢B t : τ ∆ , xτ ⊢B t : τ ∆ ⊢B s : τ ∆ ⊢B s : τ z N �∈ ∆ ⊢B ∆ iterx ( s, t )0 = s ⊢B ∆ ,z N iterx ( s, t )( succ z ) = t { iterx ( s, t ) z/x } ∆ , zτ , xσ ⊢B t : σ ∆ , zτ , xσ ⊢B t : σ ∆ ⊢B s : σ ∆ ⊢B s : σ vτ ∗ , uτ ⊢B ∆ foldz,x ( s, t )[ ] = s ⊢B ∆ foldz,x ( s, t )( u :: v ) = t { ( foldz,x ( s, t ) v ) /x }{ u/z } ∆ ⊢B t : σ ⇒ τ xσ �∈ ∆ ⊢B x 1 x = ∗ ⊢B xσ × τ ( πL x, πR x ) = x ⊢B ∆ λx. ( tx ) = t ∆ , zσ 1+ σ 2 ⊢B h : τ xσ 1 , yσ 2 �∈ ∆ ⊢B ∆ ,zσ 1+ σ 2 casex,y ( z, h { in L x/z } , h { in R y/z } = h ) ⊢B ∆ ,xσ 1 s = s ′ ⊢B ∆ ,yσ 2 t = t ′ ⊢B ∆ ,x s = t ∆ ⊢B u : σ 1 + σ 2 ⊢B ∆ λx.s = λx.t ⊢B ∆ casex,y ( u, s, t ) = casex,y ( u, s ′ , t ; )
Lax: Formulae The formulae M of L are given by M ::= ιφ | true | false | � M | M ∧ M | M ∨ M | M → M | ∀ x.M | ∃ x.M where φ ranges over the propositions of B and x ranges over variables. The role of each connective (i.e. whether it is in B or L ) is always clear from context.
Lax: Deduction Rules Most of these rules are standard. false M N M ∧ N M ∧ N trueI ∧ EL ∧ ER falseE ∧ I true M M ∧ N M N [ x 1 : M 1] [ x 2 : M 2] . . . . M N . . ∨ IL ∨ IR M ∨ N M ∨ N M 1 ∨ M 2 N N ∨ Ex 1 ,x 2 N [ y : M ] . . M { t/x } M ∀ x.M . ∀ Ix ∀ Et ∃ It ∀ x.M M { t/x } ∃ x.M ∃ x.M N ∃ Ey N ιφ 1 . . . ιφk ι (side condition: φ 1 , . . . , φk ⊢B ψ ) ιψ [ x : M ] . . ι ( s = t ) M { s/x } M → N M . → E Subst N M { t/x } N → Ix M → N
Lax: Deduction rules (cont.) Mendler’s lets-not-bother rule is a bit odd! Even though it provides no information, it still seems to be useful (worth investigating further). [ x : M ] [ x : M ] . . . . �� M . M . � I � M � M � M � M � N � M N � Lx � Fx � N � N [ x : M ] [ x : M ] . . . . . . M { 0 /n } M { succ n/n } M { [ ] /l } M { h :: l/l } NatIndn,x ListIndh,l,x ∀ n.M ∀ l.M lets-not-bother � M
Lax: Constraint extraction A proof of � φ is a pair ( c, p ) where c is a constraint and p is a proof of φ under c . We need to find both c and p . We first associate every closed L -statement M with a predicator M # . ( ιφ ) # z = def φ ( � M ) # z ( M # ( π R z )) π L z = def false # z = def false true # z = def true ( M ∧ N ) # z M # ( π L z ) ∧ N # ( π R z ) = def ( M ∨ N ) # z ( ∃ x | M | .z = in L x ∧ M # x ) ∨ = def ( ∃ y | N | .z = in R y ∧ N # y ) ( M → N ) # z ∀ x | M | .M # x → N # ( zx ) = def ( ∀ x τ .M ) # z ∀ x τ .M # ( zx ) = def ( ∃ x τ .M ) # z ( M { π L z/x } ) # ( π R z ) = def
Lax: Constraint extraction (cont.) Next we find any proof of � φ and translate it using these rules: [ trueI ] = ∗ � [ a ] [ falseE ( a )] = [ ∧ I ( a, b )] = ([ a ] , [ b ]) [ ∧ EL ( a )] = πL [ a ] [ ∧ ER ( a )] = πR [ a ] [ ∨ IL ( a )] = in L [ a ] [ ∨ IR ( a )] = in R [ a ] [ ∨ Ex 1 ,x 2 ( a, b 1 , b 2)] = casex 1 ,x 2 ([ a ] , [ b 1] , [ b 2]) [ ∀ Ix ( a )] = λx. [ a ] [ ∀ Et ( a )] = [ a ] t [ ∃ Ey ( a, b )] = [ b ] { πL [ a ] /x }{ πR [ a ] /y } [ ∃ It ( a )] = ( t, [ a ]) [ ι ( a 1 , . . . , ak )] = ∗ [ → Ix ( a )] = λx. [ a ] [ → E ( a, b )] = [ a ] [ b ] [ � Lx ( a, b )] = ( πL ([ b ] { πR [ a ] /x } )@ πL [ a ] , πR ([ b ] { πR [ a ] /x } )) [ � I ( a )] = ([ ] , [ a ]) [ � M ( a )] = (( πL πR [ a ])@( πL [ a ]) , πR πR [ a ]) [ � Fx ( a, b )] = ( πL [ a ] , [ b ] { πR [ a ] /x } ) [ Subst ( a, b )] = [ b ] [ NatIndn,x ( a, b )] = natrec ([ a ] , λn.λx. [ b ]) [ ListIndh.l,x ( a, b )] = listrec ([ a ] , λh.λl.λx. [ b ])
Example Consider the formula SPEC = def ∀ m N . � ι ∃ n N . ( m = succ n ) .
Example Consider the formula SPEC = def ∀ m N . � ι ∃ n N . ( m = succ n ) . We expect to extract ‘ m � = 0 ’.
Example Consider the formula SPEC = def ∀ m N . � ι ∃ n N . ( m = succ n ) . We expect to extract ‘ m � = 0 ’. Given any constraint term z , we get SPEC # z =( ∀ m N . � ι ∃ n N . ( m = succ n )) # z = ∀ m N . (( � ι ∃ n N . ( m = succ n )) # ( zm )) # π R ( zm )) π L ( zm ) ) = ∀ m N . ((( ι ∃ n N . ( m = succ n )) = ∀ m N . (( ∃ n N . ( m = succ n )) π L ( zm ) ) = ∀ m N . ( φ π L ( zm ) ) where φ = def ∃ n N . ( m = succ n ) , so the constraint in question is given by the subterm π L ( zm ) .
Example (cont). Different proofs of SPEC yield different choices for z . Let’s use the following proof. [ m : N ] . . . succ m = succ m ∃B I ∃ n N . ( succ m = succ n ) ι ι ∃ n N . ( succ m = succ n ) w ∀ E ∃ n N . (0= succ n ) � I � ι ∃ n N . (0 = succ n ) � ι ∃ n N . ( succ m = succ n ) NatIndm,m ∀ m N . � ι ∃ n N . ( m = succ n )
Example (cont.) This translates into the constraint term z = [ NatInd m,m ]([ ∀ E ∃ n N . (0= succ n ) ]([ w ]) , [ � I ]([ ι ]([ . . . ]))) = natrec ([ ∀ E ∃ n N . (0= succ n ) ](?) , λm.λm ′ . [ � I ]([ ι ]([ . . . ]))) = natrec (?( ∃ n N . (0 = succ n )) , λm.λm ′ . ([ ] , [ ι ]([ . . . ]))) = natrec (([ ∃ n N . (0 = succ n )] , ∗ ) , λm.λm ′ . ([ ] , ∗ )) and the required constraint, π L ( zm ) , is π L ( zm ) ≡ π L ( natrec (([ ∃ n N . (0 = succ n )] , ∗ ) , λm.λm ′ . ([ ] , ∗ )) m )
Example (cont.) This is equivalent to ( m � = 0) , as required: For the base case ( m = 0) , we have π L ( z 0) ≡ π L ( natrec (([ ∃ n N . (0 = succ n )] , ∗ ) , λm.λm ′ . ([ ] , ∗ )) 0) ≡ π L ([ ∃ n N . (0 = succ n )] , ∗ ) ≡ [ ∃ n N . (0 = succ n )] and for m = succ k we have π L ( z ( succ k )) ≡ π L ( natrec (([ ∃ n N . (0 = succ n )] , ∗ ) , λm.λm ′ . ([ ] , ∗ )) ( succ k )) ≡ π L (( λm.λm ′ . ([ ] , ∗ )) k natrec (([ ∃ n N . (0 = succ n )] , ∗ ) , λm.λm ′ . ([ ] , ∗ )) k ) ≡ π L ([ ] , ∗ ) ≡ [ ]
Notions of Constraint Central to the idea of constraint extraction is a notion C of constraint , a set including a unit constraint 1 , together with a function under : B × C → B satisfying the following conditions: ◮ φ under 1 is always equivalent to φ ◮ constraints can be combined, so that for any constraints c, d there is a constraint c.d such that φ under c under d is always equivalent to φ under c.d . ◮ the application of constraints preserves implication: if φ implies ψ , then φ under c implies ψ under c , for every constraint c .
Recommend
More recommend
