Classical BI (A logic for reasoning about dualising resource) James - PowerPoint PPT Presentation

Classical BI (A logic for reasoning about dualising resource) James Brotherston ∗ Cristiano Calcagno Imperial College, London ∗ Me British Logic Colloquium Nottingham, 4 Sept 2008

The logic of bunched implications (O’Hearn and Pym ’99) • A substructural logic for reasoning about resource. • Boolean BI (BBI) has the following connectives: ⊤ ⊥ ¬ ∧ ∨ → Additive: Multiplicative: ⊤ ∗ ∗ — ∗ • Additives are classical, multiplicatives are intuitionistic. • Models of BBI are partial commutative monoids � R, ◦ , e � . • Famous instance: separation logic model based on heaps ( ◦ is disjoint union, e is empty heap)

Our contribution: classical BI ( CBI ) • We obtain CBI by adding the missing connectives to BBI: Additive: ⊤ ⊥ ¬ ∧ ∨ → ⊤ ∗ ⊥ ∗ ∼ ∗ ⊕ ∗ Multiplicative: — and considering both families to behave classically. • What are the models of CBI? (Are there any at all?) • What do the new connectives mean? • Are there nice proof systems for reasoning in CBI? • Is the extension of BBI to CBI conservative?

Dualising resource models of CBI • A CBI-model is given by a tuple � R, ◦ , e, − , ∞� , where: • � R, ◦ , e � is a partial commutative monoid; • ∞ ∈ R and − : R → R ; • for all r ∈ R , − r is the unique solution to r ◦− r = ∞ . • Natural interpretation: models of dualising resources. • Clearly CBI-models are (special) BBI-models. • Every Abelian group is a CBI-model (with ∞ = e ).

Interpreting the CBI connectives • An environment for � R, ◦ , e, − , ∞� is a map ρ : V → R . • The satisfaction relation r | = F extends that for BBI: r | = P ⇔ r ∈ ρ ( P ) r | = F 1 ∧ F 2 ⇔ r | = F 1 and r | = F 2 . . . = ⊤ ∗ r | ⇔ r = e r | = F 1 ∗ F 2 ⇔ r = r 1 ◦ r 2 and r 1 | = F 1 and r 2 | = F 2 ∀ r ′ . r ◦ r ′ defined and r ′ | = F 1 implies r ◦ r ′ | r | = F 1 — ∗ F 2 ⇔ = F 2 r | = ⊥ ∗ ⇔ r � = ∞ r | = ∼ F ⇔ − r �| = F r | = F 1 ⊕ F 2 ⇔ ∀ r 1 , r 2 . − r ∈ r 1 ◦ r 2 implies − r 1 | = F 1 or − r 2 | = F 2 • A formula F is CBI-valid iff, in every CBI-model M , r | = F for all r ∈ R and all environments for M .

Some semantic equivalences of CBI ∼⊤ ⇔ ⊥ ∼⊤ ∗ ⇔ ⊥ ∗ ∼∼ F ⇔ F ¬∼ F ⇔ ∼¬ F F ⊕ G ⇔ ∼ ( ∼ F ∗ ∼ G ) F — ∗ G ⇔ ∼ F ⊕ G ∗ G ⇔ ∼ G — ∗ ∼ F F — F — ∗ ⊥ ∗ ⇔ ∼ F F ⊕ ⊥ ⇔ ∗ F Proposition CBI is a non-conservative extension of BBI . That is, there are formulas of BBI that are CBI -valid but not BBI -valid.

Example: Personal finance • Let � Z , + , 0 , −� be the Abelian group of integers. • View integers as money ( £ ): positive integers are credit and negative integers are debt. • m | = F means “ £ m is enough to make F true”. • Let C be the formula “I’ve enough money to buy cigarettes (£ 5 )” and W be “I’ve enough to buy whisky (£ 20 )” . So: m | = C ⇔ m ≥ 5 m | = W ⇔ m ≥ 20

Example contd.: Personal finance • m | = C ∧ W ⇔ m | = C and m | = W ⇔ m ≥ 20 “I have enough to buy cigarettes and also to buy whisky” • m | = C ∗ W ⇔ m = m 1 + m 2 and m 1 | = C and m 2 | = W ⇔ m ≥ 25 “I have enough to buy both cigarettes and whisky” ∀ m ′ . m ′ | = C implies m + m ′ | • m | ∗ W ⇔ = C — = W ⇔ m ≥ 15 “if I acquire enough money to buy cigarettes then, in total, I have enough to buy whisky”

Example contd.: Personal finance • m | = ⊥ ∗ ⇔ m � = 0 “I am either in credit or in debt” • m | = ∼ C ⇔ − m �| = C ⇔ m > − 5 “I owe less than the price of a pack of cigarettes” • m | = C ⊕ W ⇔ ∀ m 1 , m 2 . − m = m 1 + m 2 implies − m 1 | = C or − m 2 | = W ⇔ m ≥ 24 Note that C ⊕ W ⇔ ∼ C — ∗ W ⇔ ∼ W — ∗ C , i.e.: “if I spend less than the price of a pack of cigarettes, then I will still have enough money to buy whisky (and vice versa!)”

DL CBI : a display logic proof system for CBI • An instance of Belnap’s general display logic. • Write consecutions X ⊢ Y , where X, Y are structures: X ::= F | ∅ | ∅ | ♯X | ♭X | X ; X | X, X Positive positions Negative positions ∅ ⊤ ⊥ ∅ ⊤ ∗ ⊥ ∗ ♯ ¬ ¬ ♭ ∼ ∼ ; ∧ ∨ , ∗ ⊕

Proof rules for DL CBI Three types of proof rules: 1. display postulates allowing structures to be shuffled: X ; Y ⊢ Z X ⊢ Y = = = = = = = = = = = = = = X ⊢ ♯Y ; Z ♯Y ⊢ ♯X 2. left- and right-introduction rules for each logical connective: X ⊢ F G ⊢ Y X, F ⊢ G (— ∗ L) (— ∗ R) F — ∗ G ⊢ ♭X, Y X ⊢ F — ∗ G 3. structural rules governing the structural connectives: W ; ( X ; Y ) ⊢ Z X ⊢ Z X ⊢ Y, ∅ = = = = = = = = = = = (AAL) (WkR) = = = = = = = (MIR) ( W ; X ); Y ⊢ Z X ⊢ Y ; Z X ⊢ Y

Some proof-theoretic results about CBI Easy consequence of the fact that DL CBI is a display calculus: Theorem (Cut-elimination) Any DL CBI proof of X ⊢ Y can be transformed into a cut-free proof of X ⊢ Y . Main technical results: Theorem (Soundness) Any DL CBI -derivable consecution is valid. Theorem (Completeness) Any valid consecution is DL CBI -derivable. (NB. Validity extends easily to consecutions.)

Conclusions • CBI is a non-conservative extension of Boolean BI. • CBI can be interpreted in models of dualising resource. • CBI has firm logical foundations: a general class of models, plus a sound and complete cut-free proof theory. • Potential for applications in program analysis . . . • . . . but it is very early days!

Endnotes James Brotherston and Cristiano Calcagno. Classical BI (a logic for reasoning about dualising resource). Submitted, 2008. Available from www.doc.ic.ac.uk/~jbrother/ James Brotherston and Cristiano Calcagno. Algebraic models and complete proof calculi for classical BI. Imperial College London technical report, 2008. Available from www.doc.ic.ac.uk/~jbrother/ Peter O’Hearn and David Pym. The logic of bunched implications. In Bulletin of Symbolic Logic , June 1999.