A model of PCF in Guarded Type Theory Marco Paviotti 1 Rasmus - PowerPoint PPT Presentation

A model of PCF in Guarded Type Theory Marco Paviotti 1 Rasmus Møgelberg 1 Lars Birkedal 2 1 IT University of Copenhagen 2 Aarhus University June 23th, 2015 MFPS 2015 Nijmegen, Netherlands 1 / 20

Guarded Type Theory Birkedal and Møgelberg ’12 In Type Theory unrestricted fix-point fix: ( A → A ) → A is inconsistent e.g. fix(id) : A leads to every type to be inhabited In Guarded Type Theory restricted fix-points are allowed by using the ⊲ operator • next : A → ⊲ A • ⊛ : ⊲ ( A → B ) → ⊲ A → ⊲ B • fix: ( ⊲ A → A ) → A s.t. f (next(fix( f ))) = fix( f ) • X ∼ = A × ⊲ X 2 / 20

Guarded Type Theory Birkedal and Møgelberg ’12 In Type Theory unrestricted fix-point fix: ( A → A ) → A is inconsistent e.g. fix(id) : A leads to every type to be inhabited In Guarded Type Theory restricted fix-points are allowed by using the ⊲ operator • next : A → ⊲ A • ⊛ : ⊲ ( A → B ) → ⊲ A → ⊲ B • fix: ( ⊲ A → A ) → A s.t. f (next(fix( f ))) = fix( f ) • X ∼ = A × ⊲ X 2 / 20

Streams Str A ∼ = A × Str A Streams in Coq ✔ • ones = 1 : : ones ✘ • bad = tail bad ✘ • nats = 0 : : map (1 +) nats 3 / 20

Streams Str A ∼ = A × Str A Streams in Coq ✔ • ones = 1 : : ones ✘ • bad = tail bad ✘ • nats = 0 : : map (1 +) nats A ∼ Str g = A × ⊲ Str g A Guarded Streams : A → ⊲ Str g A → Str g head : Str g tail : Str g A → ⊲ Str g : : A → A A A • ones = 1 : : ones : Str g ✔ A • bad = tail bad � : Str g ✘ A • nats = 0 : : next(map (1 +)) ⊛ nats : Str g ✔ A 3 / 20

Model of Guarded Type Theory Birkedal and Møgelberg ’12 The category of presheaves over ω X X (1) ✛ r 1 .. ✛ r n − 1 X ( n ) ✛ r n X (2) .. .. ✛ r n − 2 X ( n − 1) ✛ r n ! ⊲ X 1 ✛ X (1) .. Str g A ∼ = A × ⊲ Str g Guarded Streams A A × 1 ✛ r 1 A × ( A × 1) ✛ r 2 A × ( A × A × 1) Str g A ! A × 1 ✛ r 2 ⊲ Str g 1 ✛ A × A × 1 A A × 1 ✛ r 1 r 2 A × ⊲ Str g A × A × 1 ✛ A × A × A × 1 A 4 / 20

Can we do denotational semantics in Guarded Type Theory ? in particular, is it possible to model recursion with guarded recursion ? 5 / 20

Can we do denotational semantics in Guarded Type Theory ? in particular, is it possible to model recursion with guarded recursion ? • Motivations Mechanising denotational semantics in a proof-assistant • Contributions + Model of PCF in GTT + Adequacy Theorem proved in GTT Similar to Escardo’s metric model 1 , but here the whole development is entirely carried out within guarded type theory 1 M.H. Escardo, “A metric model of PCF”. Presented at the Workshop on Realizability Semantics and Applications , 1999 5 / 20

Outline • Operational Semantics of PCF • Denotational Semantics • Computational Adequacy • Discussion 6 / 20

PCF σ, τ := nat | σ → τ L , M , N := n | x | λ x . M | pred M | succ M | Y M | ifz L M N Γ , x : σ, ∆ ⊢ x : σ Γ ⊢ n : nat Γ , x : σ ⊢ M : τ Γ ⊢ M : σ → τ Γ ⊢ N : σ Γ ⊢ ( λ x : σ. M ) : σ → τ Γ ⊢ MN : τ Γ ⊢ M : nat Γ ⊢ M : nat Γ ⊢ succ M : nat Γ ⊢ pred M : nat Γ ⊢ M : σ → σ Γ ⊢ Y σ M : σ Γ ⊢ L : nat Γ ⊢ M : σ Γ ⊢ N : σ Γ ⊢ ifz L M N : σ 7 / 20

Big-step semantics The big-step relation is defined by induction on terms and indexes: M ⇓ k Q 8 / 20

Big-step semantics The big-step relation is defined by induction on terms and indexes: M ⇓ k Q explicit step counting 8 / 20

Big-step semantics The big-step relation is defined by induction on terms and indexes: M ⇓ k Q explicit step counting Predicates on values can define M ⇓ k v as M ⇓ k λ v ′ . v = v ′ 8 / 20

Big-step semantics The big-step relation is defined by induction on terms and indexes: M ⇓ k Q explicit step counting Predicates on values v ⇓ 0 Q def can define M ⇓ k v as = = Q ( v ) M ⇓ k λ v ′ . v = v ′ 8 / 20

Big-step semantics The big-step relation is defined by induction on terms and indexes: M ⇓ k Q explicit step counting Predicates on values v ⇓ 0 Q def can define M ⇓ k v as = = Q ( v ) M ⇓ k λ v ′ . v = v ′ MN ⇓ k + m Q def = M ⇓ k Q ′ = where Q ′ ( λ x . L ) = L [ N / x ] ⇓ m Q 8 / 20

Big-step semantics The big-step relation is defined by induction on terms and indexes: M ⇓ k Q explicit step counting Predicates on values v ⇓ 0 Q def can define M ⇓ k v as = = Q ( v ) M ⇓ k λ v ′ . v = v ′ MN ⇓ k + m Q def = M ⇓ k Q ′ = where Q ′ ( λ x . L ) = L [ N / x ] ⇓ m Q Y σ M ⇓ k +1 Q def = ⊲ ( M (Y σ M ) ⇓ k Q ) = 8 / 20

Big-step semantics The big-step relation is defined by induction on terms and indexes: M ⇓ k Q explicit step counting Predicates on values v ⇓ 0 Q def can define M ⇓ k v as = = Q ( v ) M ⇓ k λ v ′ . v = v ′ MN ⇓ k + m Q def = M ⇓ k Q ′ = where Q ′ ( λ x . L ) = L [ N / x ] ⇓ m Q Y σ M ⇓ k +1 Q def = ⊲ ( M (Y σ M ) ⇓ k Q ) = Synchronising with the type theory 8 / 20

Small-Step Operational Semantics ( λ x : σ. M )( N ) → 0 M [ N / x ] Y σ M → 1 M (Y σ M ) M → k M ′ M ( N ) → k M ′ ( N ) Let → 0 ∗ be the reflexive, transitive closure of → 0 . M ⇒ 0 Q def = Σ N : Term PCF . M → 0 = ∗ N and Q ( N ) M ⇒ k +1 Q def = Σ M ′ , M ′′ : Term PCF . M → 0 ∗ M ′ = and M ′ → 1 M ′′ and ⊲ ( M ′′ ⇒ k Q ) Define M ⇒ k v as M ⇒ k λ v ′ . v = v ′ Lemma M ⇓ k v ⇔ M ⇒ k v 9 / 20

Outline • Operational Semantics of PCF • Denotational Semantics • Computational Adequacy • Discussion 10 / 20

Lifting Monad LA ∼ = A + ⊲ LA Lifting monad • η : A → LA θ : ⊲ LA → LA • Time step operation : δ = θ ◦ next : LA → LA • Bottom element ⊥ = fix( θ ) • LA is a free ⊲ –algebra on A • L is the guarded recursive version of Capretta’s partiality monad 1 1 Venanzio Capretta, “General Recursion via Co-Inductive Types”, In Logical Methods in Computer Science , 2005 11 / 20

Lifting monad LA ∼ = A + ⊲ LA L N ∼ Lifting monad = N + ⊲ L N N + 1 ✛ r 1 N + N + 1 ✛ r 2 N + N + N + 1 L N ! N + 1 ✛ r 1 ⊲ L N 1 ✛ N + N + 1 N + 1 ✛ r 1 N + N + 1 ✛ r 2 N + N + N + 1 N + ⊲ L N 12 / 20

Interpreting PCF • Interpreting Types � nat � def = = L N � τ → σ � def = = � τ � → � σ � • All types are ⊲ –algebras with θ σ : ⊲ � σ � → � σ � • Interpreting terms � t � : � Γ � → � σ � � Γ ⊢ Y σ M � ( γ ) = (fix � σ � )( λ x : ⊲ � σ � .θ σ (next( � M � ( γ ))) ⊛ x )) 13 / 20

Interpreting PCF • Interpreting Types � nat � def = = L N � τ → σ � def = = � τ � → � σ � • All types are ⊲ –algebras with θ σ : ⊲ � σ � → � σ � • Interpreting terms � t � : � Γ � → � σ � � Γ ⊢ Y σ M � ( γ ) = (fix � σ � )( λ x : ⊲ � σ � .θ σ (next( � M � ( γ ))) ⊛ x )) can be thought of θ ◦ ⊲ � M � 13 / 20

Interpreting PCF • Interpreting Types � nat � def = = L N � τ → σ � def = = � τ � → � σ � • All types are ⊲ –algebras with θ σ : ⊲ � σ � → � σ � • Interpreting terms � t � : � Γ � → � σ � � Γ ⊢ Y σ M � ( γ ) = (fix � σ � )( λ x : ⊲ � σ � .θ σ (next( � M � ( γ ))) ⊛ x )) Lemma Let Γ ⊢ M : σ → σ then � Y σ M � = δ σ ◦ � M (Y σ M ) � 13 / 20

Soundness Theorem (Soundness) Let M be a closed term of type τ , if M ⇓ k v then � M � ( ∗ ) = δ k � v � ( ∗ ) 14 / 20

Outline • Operational Semantics of PCF • Denotational Semantics • Computational Adequacy if � M � ( ∗ ) = δ k � v � ( ∗ ) then M ⇓ k v • Discussion 15 / 20

Logical Relation Adequacy proved by (proof-relevant) logical relation d R τ M Define R τ by induction on τ η ( v ) R nat M def = M ⇓ 0 v = = Σ M ′ , M ′′ : Term PCF . M → 0 θ nat ( r ) R nat M def ∗ M ′ = and M ′ → 1 M ′′ and r ⊲ R nat next( M ′′ ) 16 / 20

Logical Relation Adequacy proved by (proof-relevant) logical relation d R τ M Define R τ by induction on τ η ( v ) R nat M def = M ⇓ 0 v = = Σ M ′ , M ′′ : Term PCF . M → 0 θ nat ( r ) R nat M def ∗ M ′ = and M ′ → 1 M ′′ and r ⊲ R nat next( M ′′ ) ∼ N + ⊲ L N L N = an element in this type is ei- ther of the form η ( v ) or θ nat ( r ) 16 / 20

Logical Relation Adequacy proved by (proof-relevant) logical relation d R τ M Define R τ by induction on τ η ( v ) R nat M def = M ⇓ 0 v = = Σ M ′ , M ′′ : Term PCF . M → 0 θ nat ( r ) R nat M def ∗ M ′ = and M ′ → 1 M ′′ and r ⊲ R nat next( M ′′ ) Delayed Relation ⊲ R t ⊲ R nat u delayed version of R 16 / 20

Logical Relation Adequacy proved by (proof-relevant) logical relation d R τ M Define R τ by induction on τ η ( v ) R nat M def = M ⇓ 0 v = = Σ M ′ , M ′′ : Term PCF . M → 0 θ nat ( r ) R nat M def ∗ M ′ = and M ′ → 1 M ′′ and r ⊲ R nat next( M ′′ ) f R τ → σ M def = = Π α : � τ � , N : Term PCF .α R τ N = ⇒ f ( α ) R σ ( MN ) 16 / 20