Concurrent program extraction Ulrich Berger and Hideki Tsuiki CCC - PowerPoint PPT Presentation

Concurrent program extraction Ulrich Berger and Hideki Tsuiki CCC 2017, June 26-30, 2030, Loria, Nancy 1 / 25

Question? ◮ There are two doors. ◮ You know that you can get a treasure from at least one of the doors, but do not know which one. ◮ If you find a treasure, you can ? return with it. Otherwise, you have to search for it eternally, and no return. ◮ What shall you do? 2 / 25

Solution! ◮ Duplicate yourself! 3 / 25

Solution! ◮ Duplicate yourself! ◮ Search concurrently. 3 / 25

Solution! ◮ Duplicate yourself! ◮ Search concurrently. ◮ If one of them finds a treasure, 3 / 25

Solution! ◮ Duplicate yourself! ◮ Search concurrently. ◮ If one of them finds a treasure, Kill the other. 3 / 25

Solution! ARRGH! ◮ Duplicate yourself! ◮ Search concurrently. ◮ If one of them finds a treasure, Kill the other. 3 / 25

Continue with the treasure 4 / 25

Continue with the treasure We study this kind of concurrent computation. How can we implement it in programming languages? 4 / 25

Amb: Bottom-avoiding choice operator ◮ Amb : McCarthy’s nondeterministic bottom-avoiding choice operator.  if x � = ⊥ x  ◮ Amb x y = y if y � = ⊥ ⊥ if x = y = ⊥ .  ◮ Here, ⊥ means that computation does not terminate. ◮ It returns x when y = ⊥ . ◮ It returns y when x = ⊥ . ◮ It may return x or y nondeterministically when both x and y are not ⊥ . ◮ Compute x and y in parallel, and return the one obtained first. ◮ We want to extract a program that uses the Amb operator from a proof that at least one of x or y has a value and therefore Amb x y terminates. 5 / 25

The realizability theory with start with ◮ We extend the realizability theory IFP(Intuitionistic Fixed Point Logic) [B 2010], which is an extension and variation of Kreisel’s modified realizability. ◮ TCF and Minlog [Schwichtenberg 1991]. ◮ q -realizability of [Tatsuta 1998] ◮ Logic: Extension of first-order predicate logic by least and greatest fixed points. Note that it is not based on type theory. ◮ Program: Untyped programs. We allow unrestricted recursion and non-termination. Prove termination through adequacy. ◮ As the space of programs, consider the Scott domain D defined by a recursive domain equation of the form D = Nil + Left D + Right D + Pair ( D × D ) + Fun ( D → D ) + .. . ◮ + : separated sum. ◮ Nil , Left , Right , . . . : constructors. ◮ All the elements except for ⊥ are constructor terms like Left ..., Pair ( ..., ... ) , Fun ( λ d .... ). ◮ We write Def ( b ) to express that b is not ⊥ . 6 / 25

The realizability theory with start with (cont.) ◮ Formulae are divided into two categories: computational and non-computational (nc). Computational means that it contains ∨ . ◮ For a formula A and c ∈ D , we define the predicate c r A , which means that c is a “computational meaning” of A . Roughly speaking, c computes Left or Right for each ∨ in a computational formula. ◮ c r A Def = ( c = Nil ) ∧ A , for a nc formula A . ◮ c r ( A ∨ B ) Def = ∃ a ( c = Left ( a ) ∧ a r A ) ∨ ∃ b ( c = Right ( b ) ∧ b r B ).  ∀ a ( a r A → ( c a ) r B )  ◮ c r ( A → B ) Def = if A is computational. A → c r B if A is nc.  ◮ From a derivation of a formula A in IFP, one can extract a program term M and a derivation of M r A (Soundness Theorem). 7 / 25

Our extension ◮ We add a new formula S n ( A ) which means that the computational meaning of A is obtained through n parallel threads of computation. ◮ We consider a new constructor Amb which means the Amb operator with n arguments. We add to D the branch D = ... + Amb ([ D ]). Here, [ D ] is the domain of lists of D . ◮ Note: We do not consider a power domain. Amb ([ d 1 , . . . , d n ]) is a list of values obtained by each computation. 8 / 25

How can we derive that at least one of a or b terminate? ◮ First candidate (it is not valid): B → A C → A ¬¬ ( B ∨ C ) B , C : nc S 2 ( A ) b r ( B → A ) c r ( C → A ) ¬¬ ( B ∨ C ) B , C : nc Amb ([ b , c ]) r S 2 ( A ) B → b r A C → c r A ¬¬ ( B ∨ C ) B , C : nc Amb ([ b , c ]) r S 2 ( A ) ◮ If B holds, b will produce A . ◮ If C holds, c will produce A . ◮ If B or C holds. ◮ Therefore, by executing b and c in parallel, we obtain A . ◮ However, this reasoning is not valid. 9 / 25

The case C holds: B → b r A ◮ C → c r A ¬¬ ( B ∨ C ) Amb ([ b , c ]) r S 2 ( A ) ◮ c returns with a treasure. c 10 / 25

The case B holds: B → b r A ◮ C → c r A ¬¬ ( B ∨ C ) Amb ([ b , c ]) r S 2 ( C ) ◮ b returns with a treasure. ◮ ◮ ◮ ◮ b 11 / 25

The case B holds: B → b r A ◮ C → c r A ¬¬ ( B ∨ C ) Amb ([ b , c ]) r S 2 ( C ) ◮ b returns with a treasure. ◮ No information about C . Therefore, c may or may not return. ◮ ◮ ◮ b 11 / 25

The case B holds: B → b r A ◮ C → c r A ¬¬ ( B ∨ C ) Amb ([ b , c ]) r S 2 ( C ) ◮ b returns with a treasure. ◮ No information about C . Therefore, c may or may not return. ◮ c may return with a treasure. ◮ ◮ c b 11 / 25

The case B holds: B → b r A ◮ C → c r A ¬¬ ( B ∨ C ) Amb ([ b , c ]) r S 2 ( C ) ◮ b returns with a treasure. ◮ No information about C . Therefore, c may or may not return. ◮ c may return with a treasure. ◮ However, c may return with something else. c ◮ 11 / 25

The case B holds: B → b r A ◮ C → c r A ¬¬ ( B ∨ C ) Amb ([ b , c ]) r S 2 ( C ) ◮ b returns with a treasure. ◮ No information about C . Therefore, c may or may not return. ◮ c may return with a treasure. ◮ However, c may return with something else. c ◮ If c returns fast,... 11 / 25

The case B holds: B → b r A ◮ Wait!, C → c r A That’s fake treasure! ¬¬ ( B ∨ C ) I can find... Amb ([ b , c ]) r S 2 ( C ) ARRGH! ◮ b returns with a treasure. ◮ No information about C . Therefore, c may or may not return. ◮ c may return with a treasure. ◮ However, c may return with something else. ◮ If c returns fast,... 11 / 25

New connectives. ◮ S n ( A ) (Concurrently A ) Def ◮ a r S n ( A ) = ∃ m (1 ≤ m ≤ n ∧ a = Amb ([ a 1 , . . . , a m ]) ∧ . ∃ i ≤ m ( Def ( a i )) ∧ ∀ i ≤ m ( Def ( a i ) → a i r A )) ◮ A | | B ( A if B ) Def ◮ a r ( A | | B ) = ( B → Def ( a )) ∧ ( Def ( a ) → a r A ) . ◮ (We only consider the case B is nc.) ◮ Bounded non-determinism and restriction: A | | B A | | C ¬¬ ( B ∨ C ) nondet-class-orelim S 2 ( A ) 12 / 25

Realizable rules for S n : A S n ( A ) return, realized by λ a Amb ([ a ]) ◮ for strict A , that is, for a formula for which ⊥ r A does not hold. ◮ A → B S n ( A ) → S n ( B ) mon, by λ f λ a case a of { Amb ( b ) → Amb ( map f b ) } for strict B . S 1 ( A ) one, by λ a case a of { Amb ( a 1 : b ) → a 1 } . A ◮ S n ( A ) nc, by λ a Nil A ◮ where A is nc. 13 / 25

Realizable rules for | | A | B return, by λ a a . A | ◮ A → ( A ′ | A | | B | B ) bind, by λ a λ f f ↓ a . ( ↓ : strict application.) A ′ | | B ◮ B ′ → B A | | B antimon, by λ a λ f a A | | B ′ ◮ A | | B | ¬¬ B | | stab, realized classically by the identity. A | ◮ | False restriction-efq, by ⊥ ◮ A | A | | B B restriction-mp, by λ a λ b a A ◮ B → A 0 ∨ A 1 ¬ B → A 0 ∧ A 1 | | I, A 0 ∨ A 1 | | B ◮ by λ a case a of { Left b → Left b ; Right b → Right b } where A 0 , A 1 , B must be nc. 14 / 25

B → A 0 ∨ A 1 ¬ B → A 0 ∧ A 1 | | I, where A 0 , A 1 , B must be nc. A 0 ∨ A 1 | | B by λ a case a of { Left b → Left Nil ; Right b → Right Nil } | B ) Def a r ( A | = ( B → Def ( a )) ∧ ( Def ( a ) → a r A ) . Suppose that a r B → A 0 ∨ A 1 . That is, B → a r A 0 ∨ A 1 . ◮ If B holds, a r A 0 ∨ A 1 and obviously a r A 0 ∨ A 1 | | B . Since A 0 and A 1 are nc, a should be Left Nil or Right Nil . ◮ If B does not hold, then a may be anything. ◮ If a does not have the form Left b or Right b , then ⊥ r A 0 ∨ A 1 | | B . ◮ if a has the form Left b or Right b , then LeftNil or RightNil realizes A 0 ∨ A 1 because A 0 and A 1 are both true. 15 / 25

Realizable rules for the combination of S n and | | A | | B A | | ¬ B nondet-lem, by λ a λ b amb ([ a , b ]) S 2 ( A ) ◮ ¬¬ ( B ∨ C ) A | | B A | | C nondet-class-orelim, by λ a λ b amb ([ a , b ]) S 2 ( A ) ◮ We call the extended system CFP (Concurrent Fixedpoint Logic). 16 / 25

Soundness, Adequacy, Program Extraction Theorem ◮ A (closed) value is an intro program (i.e., weak head normal form). Amb [ bot , 1 , 2] is a value. ( bot = rec x . x ) ◮ We define a bigstep reduction relation M → v between (closed) program M and values v . We have [ [ M ] ] = [ [ v ] ] and such a v is unique if it exists. ◮ A data is a term defined inductively only with Nil , Left , Right , Pair . ◮ The printing relation M = ⇒ d between program M and data d . (Evaluating deeply, and expanding Amb .) ◮ It is a multi-valued relation. Amb [ bot , 1 , 2] = ⇒ 1, Amb [ bot , 1 , 2] = ⇒ 2 ◮ We define data ( a ) for a ∈ D as the set of values obtained by expanding Amb for non-bottom components. data ( Amb [ ⊥ , 1 , 2]) = { 1 , 2 } . ◮ [Computational Adequacy] For every closed term M , d ∈ data ([ [ M ] ]) iff M = ⇒ d . 17 / 25