Structural Logical Relations with Case Analysis and Equality Reasoning Ulrik Rasmussen Andrzej Filinski Department of Computer Science University of Copenhagen LFMTP , Boston, MA September 23, 2013 1
Motivation Logical relations (LR) are a powerful proof technique, but difficult to formalize in Twelf and similar systems. Method to do so ( structural logical relations ) devised by [Schürmann and Sarnat, 2008]: Formalizes weak normalization and completeness of equivalence checking for simply typed λ -calculus. Minimal, pure λ -calculus. Can we use this for “real” programming languages? 2
Our Contributions Extension of structural logical relations allowing more proofs to be formalized. Further insight into the structure of logical-relations based proofs. Demonstration of proofs of observational equivalence. In this talk: High-level perspective; see paper for technical details. 3
Example 1: Termination Definition ( λ nat ) Naturals n :: Nat ::= z | s n Expressions e , v :: Exp ::= x | lam x . e 0 | app e 1 e 2 | num n Types :: Tp ::= nat | arr τ 2 τ 0 τ CBN Eval. E :: e ⇓ v Typing T :: x 1 : τ 1 , . . . , x n : τ n ⊲ e : τ Theorem (Termination) For any e where ⊲ e : nat , there exists a v such that e ⇓ v. 4
Example 1: Logical Relation Termination proof requires a logical relation: Definition (Logical Relation for Termination) e ∈ � nat � ⇐ ⇒ ∃ n . e ⇓ num n e ∈ � arr τ 2 τ 0 � ⇐ ⇒ ∀ e 2 . e 2 ∈ � τ 2 � ⊃ app e e 2 ∈ � τ 0 � Extend to open expressions: For Γ = x 1 : τ 1 , . . . , x n : τ n : ∀ e 1 ∈ � τ 1 � · · · e n ∈ � τ n � . Γ ⊢ e ∈ � τ � ⇐ ⇒ e [ e 1 · · · e n / x 1 · · · x n ] ∈ � τ � Fundamental Theorem: If Γ ⊲ e : τ then Γ ⊢ e ∈ � τ � . Representing LR at arrow types problematic. Twelf only supports metatheorems on ∀∃ -form. 5
Use an Assertion Logic Structural Logical Relations [Schürmann and Sarnat, 2008]: ⇒ eval ) Definition (Assertion Logic, = ∀ Exp α. A | ∃ Nat α. A Propositions: A , B :: Form ::= A ⊃ B | | eval ( e , v ) Assumptions: ∆ :: Assm ::= { A 1 , . . . , A n } (Unordered) Parameters: :: Ctx ::= · | Ξ , α : Nat | Ξ , α : Exp Ξ • � ⇒ A “Cut-full” sequent: Ξ � ∆ = ◦ � “Cut-free” sequent: ⇒ A Ξ � ∆ = ◦ ⇒ eval ( _ , _ ) axiomatizes _ ⇓ _: = Theorem (Extraction) ◦ � If · � ∅ ⇒ eval ( e , v ) , then e ⇓ v. = 6
Fundamental Theorem LR representation: Map types to propositions w/bound expression: � τ � :: Exp → Form Definition (Logical Relation for Termination, Assertion-Level) ∃ Nat n . eval ( e , num n ) � nat � ( e ) ⇐ ⇒ ∀ Exp e 2 . � τ 2 � ( e 2 ) ⊃ � τ 0 � ( app e e 2 ) � arr τ 2 τ 0 � ( e ) ⇐ ⇒ Theorem (Fundamental Theorem) For any e, if x 1 : τ 1 , . . . , x n : τ n ⊲ e : τ , then • x 1 : Exp , . . . , x n : Exp | � τ 1 � ( x 1 ) , . . . , � τ n � ( x n ) ⇒ � τ � ( e ) . = Note: Induction lives entirely on the meta-level! 7
Cut Elimination • � Corollary: ⊲ e : nat implies · � ∅ ⇒ ∃ v . eval ( e , v ) . = By extraction , termination reduced to proving cut elimination : Theorem (Cut Elimination) • ◦ � � If Ξ � ∆ ⇒ A , then Ξ � ∆ ⇒ A = = In Twelf: Syntactic proof due to [Pfenning, 2000]. Bulk of work in: Lemma (Cut Admissibility) ◦ ◦ ◦ � � � ⇒ A ⇒ C ⇒ C. If Ξ � ∆ and Ξ � ∆ , A then Ξ � ∆ = = = 8
Extending to More Expressive Languages Languages just slightly more expressive than simply typed λ -calculus require stronger assertion logic. Specifically, equality reasoning and case-analysis principles. Assertion logic can only be strengthened if it retains cut-admissibility. 9
Example 2: λ -calculus + ifz Definition ( λ nat , ifz ) Naturals n :: Nat ::= z | s n Expressions e :: Exp ::= x | lam x . e 0 | app e 1 e 2 | num n | ifz ( e 0 , e 1 , e 2 ) Types τ :: Tp ::= nat | arr τ 2 τ 0 CBN Eval. E :: e ⇓ v Typing T :: Γ ⊲ e : τ Fund thm.: By IH, get � nat � ( e 0 ) ≡ ∃ Nat n . eval ( e 0 , num n ) . Select one of branches e 1 or e 2 based on n . Structure of terms opaque to assertion logic. Specify structure explicitly in LR. 10
Example 2: Logical Relation, Assertion Logic ⇒ eval , eq )) Definition (Assertion Logic ( = ∀ Exp α. A | ∃ Nat α. A Propositions: A , B :: Form ::= | A ⊃ B | A ∧ B | A ∨ B | eval ( e , v ) | eq ( n , n ′ ) Assumptions: ∆ :: Assm ::= { A 1 , . . . , A n } (Unordered) Parameters: Ξ :: Ctx ::= · | Ξ , α : Nat | Ξ , α : Exp c � Proof sequent: Ξ � ∆ ⇒ A ( c ∈ { • , ◦ } ) = Definition (Logical Relation for Termination, Assertion-Level) ∃ Nat n . eval ( e , num n ) � nat � ( e ) ⇐ ⇒ ∧ ( eq ( n , z ) ∨ ∃ Nat n ′ . eq ( n , s n ′ )) ∀ Exp e 2 . � τ 2 � ( e 2 ) ⊃ � τ 0 � ( app e e 2 ) � arr τ 2 τ 0 � ( e ) ⇐ ⇒ 11
Equality eq ( n , n ′ ) axiomatizes syntactic equality: c � ⇒ eq ( n , n ) Ξ � ∆ = Cannot show cut-elim for logic w/general equality conversion. Must restrict equality reasoning to leaves of proofs, i.e., atomic formulas: c � Ξ � ∆ ⇒ eq ( n 1 , n ′ 1 ) = c c � � ⇒ eval ( e [ n 1 / x 1 ] , v [ n 2 / x 2 ]) ⇒ eq ( n 2 , n ′ 2 ) Ξ � ∆ Ξ � ∆ = = c � Ξ � ∆ ⇒ eval ( e [ n ′ 1 / x 1 ] , v [ n ′ 2 / x 2 ]) = 12
Example 3: λ -calculus + case Definition ( λ nat , case ) Naturals n :: Nat ::= z | s n Expressions e :: Exp ::= x | lam x . e 0 | app e 1 e 2 | num n | case ( e 0 , e 1 , x . e 2 ) Types τ :: Tp ::= nat | arr τ 2 τ 0 e ⇓ v CBN Eval. E :: Typing T :: Γ ⊲ e : τ Still need to select branch based on � nat � ( e 0 ) . • � ⇒ eval ( e 0 , num ( s n ′ )) : By IH, get In subcase where ∆ � Ξ = • � Ξ , x : Exp � ∆ , � nat � ( x ) ⇒ � τ � ( e 2 ) . Instantiate LR for e 2 [ num n ′ / x ] : = • Need to show ⇒ � nat � ( num n ′ ) . = 13
Example 3: Logical Relation, Assertion Logic ⇒ eval , eq )) Definition (Assertion Logic ( = ∀ Exp α. A | ∃ Nat α. A Propositions: A , B :: Form ::= A ⊃ B | A ∧ B | A ∨ B | | eval ( e , v ) | eq ( n , n ′ ) Assumptions: ∆ :: Assm ::= { A 1 , . . . , A n } (Unordered) Parameters: Ξ :: Ctx ::= · | Ξ , α : Nat | Ξ , α : Exp c � Proof sequent: Ξ � ∆ ⇒ A ( c ∈ { • , ◦ } ) = Definition (Logical Relation for Termination, Assertion-Level) ∃ Nat n . eval ( e , num n ) � nat � ( e ) ⇐ ⇒ ∧ ( eq ( n , z ) ∨ ( ∃ Nat n ′ . eq ( n , s n ′ ) ∧ ( eq ( n ′ , z ) ∨ ∃ Nat n ′′ . · · · ))) ∀ Exp e 2 . � τ 2 � ( e 2 ) ⊃ � τ 0 � ( app e e 2 ) � arr τ 2 τ 0 � ( e ) ⇐ ⇒ 14
Example 3: Logical Relation, Assertion Logic ⇒ eval , eq , nat + )) Definition (Assertion Logic ( = ∀ Exp α. A | ∃ Nat α. A Propositions: A , B :: Form ::= | A ⊃ B | A ∧ B | A ∨ B eval ( e , v ) | eq ( n , n ′ ) | nat + ( n ) | Assumptions: :: Assm ::= { A 1 , . . . , A n } (Unordered) ∆ Parameters: Ξ :: Ctx ::= · | Ξ , α : Nat | Ξ , α : Exp c � ⇒ A ( c ∈ { • , ◦ } ) Proof sequent: Ξ � ∆ = Definition (Logical Relation for Termination, Assertion-Level) ∃ Nat n . eval ( e , num n ) ∧ nat + ( n ) � nat � ( e ) ⇐ ⇒ ∀ Exp e 2 . � τ 2 � ( e 2 ) ⊃ � τ 0 � ( app e e 2 ) � arr τ 2 τ 0 � ( e ) ⇐ ⇒ 14
Assertion Logic With Case-Analysis on Naturals c � ⇒ nat + ( n ) Ξ � ∆ = c c ⇒ nat + ( z ) ⇒ nat + ( s n ) � � Ξ � ∆ Ξ � ∆ = = c Ξ , n ′ : Nat c � � � ∆ , eq ( n , s n ′ ) , nat + ( n ′ ) ⇒ C ⇒ C Ξ � ∆ , eq ( n , z ) = = c � � ∆ , nat + ( n ) ⇒ C Ξ = nat + ( n ) proof: structural witness for some n . As-is, Pfenning’s cut-admissibility proof does not work for logic with left-rules on atomic propositions. Can be made to work as long as an index term always gets smaller in subderivations. For nat + ( n ) : n gets smaller. 15
Case-Analysis on Derivations ? Required in, e.g., proofs of observational equivalence (see paper). Observation: For eval ( e , v ) , indices do not get smaller in sub-proofs. To be able to add left-rule, index by explicit metric, e.g.: eval ( e , v , d ) . Alternatively: Treat object-language derivations as terms with dependent sorts . In the following: Will show minimal example. 16
Example 4: λ -calculus + case + numeral constructors Definition ( λ sz , case ) Expressions e :: Exp ::= x | lam x . e 0 | app e 1 e 2 | z | s e 0 | case ( e 0 , e 1 , x . e 2 ) Types τ :: Tp ::= nat | arr τ 2 τ 0 CBN Eval. E :: e ⇓ v Typing T :: Γ ⊲ e : τ Num N :: v # Numerals characterized in object-language judgment : v # z # s v # Could axiomatize as atomic formula, A ::= . . . | isnum ( v ) . Alternatively: Treat v # as a dependent sort ; add structural witness formula. 17
Recommend
More recommend
