Differential Logical Relations Joint work with Francesco Gavazzo and Akira Yoshimizu Ugo Dal Lago IFIP WG 2.2 Annual Meeting , Vienna, September 23rd 2019
Comparing Interacting Programs ≡ M N ⇓ ∼ C A C B
Comparing Interacting Programs ≡ M N ⇓ ≡ C M C N
Program Equivalence ◮ Let ≡ ⊆ Λ × Λ be a notion of equivalence. What are the minimal requirements we should put on ≡ ?
Program Equivalence ◮ Let ≡ ⊆ Λ × Λ be a notion of equivalence. What are the minimal requirements we should put on ≡ ? ◮ Adequacy : for every M, N , M ≡ N = ⇒ Obs ( M ) = Obs ( N ) where Obs : Λ → X is the observation function .
Program Equivalence ◮ Let ≡ ⊆ Λ × Λ be a notion of equivalence. What are the minimal requirements we should put on ≡ ? ◮ Adequacy : for every M, N , M ≡ N = ⇒ Obs ( M ) = Obs ( N ) where Obs : Λ → X is the observation function . ◮ Congruence : for every M, N, C , M ≡ N = ⇒ C [ M ] ≡ C [ N ] .
Program Equivalence ◮ Let ≡ ⊆ Λ × Λ be a notion of equivalence. What are the minimal requirements we should put on ≡ ? ◮ Adequacy : for every M, N , M ≡ N = ⇒ Obs ( M ) = Obs ( N ) where Obs : Λ → X is the observation function . ◮ Congruence : for every M, N, C , M ≡ N = ⇒ C [ M ] ≡ C [ N ] . ◮ Examples, the realm of λ -calculus: ◮ The largest adequate congruence, context equivalence [Morris1968]. ◮ Logical relations [Plotkin1973]. ◮ Applicative [Abramsky1990] or open bisimilarity .
Program Equivalence ◮ Let ≡ ⊆ Λ × Λ be a notion of equivalence. What are the minimal requirements we should put on ≡ ? ◮ Adequacy : for every M, N , M ≡ N = ⇒ Obs ( M ) = Obs ( N ) where Obs : Λ → X is the observation function . ◮ Congruence : for every M, N, C , M ≡ N = ⇒ C [ M ] ≡ C [ N ] . ◮ Examples, the realm of λ -calculus: ◮ The largest adequate congruence, context equivalence [Morris1968]. ◮ Logical relations [Plotkin1973]. ◮ Applicative [Abramsky1990] or open bisimilarity . ◮ What if X is a metric space?
Program Distance ◮ Let δ : Λ × Λ → R .
Program Distance ◮ Let δ : Λ × Λ → R . ◮ Adequacy : for every M, N , δ ( M, N ) ≥ δ X ( Obs ( M ) , Obs ( N ))
Program Distance ◮ Let δ : Λ × Λ → R . ◮ Adequacy : for every M, N , δ ( M, N ) ≥ δ X ( Obs ( M ) , Obs ( N )) ◮ Non-Expansiveness : for every M, N, C , δ ( M, N ) ≥ δ ( C [ M ] , C [ N ])
Program Distance ◮ Let δ : Λ × Λ → R . ◮ Adequacy : for every M, N , δ ( M, N ) ≥ δ X ( Obs ( M ) , Obs ( N )) ◮ Non-Expansiveness : for every M, N, C , δ ( M, N ) ≥ δ ( C [ M ] , C [ N ]) ◮ In probabilistic computation, one is naturally lead to observe a quantitative property, and X is simply R .
Program Distance ◮ Let δ : Λ × Λ → R . ◮ Adequacy : for every M, N , δ ( M, N ) ≥ δ X ( Obs ( M ) , Obs ( N )) ◮ Non-Expansiveness : for every M, N, C , δ ( M, N ) ≥ δ ( C [ M ] , C [ N ]) ◮ In probabilistic computation, one is naturally lead to observe a quantitative property, and X is simply R . ◮ But even when computation is deterministic , one could well work with X = R when real numbers are part of the underlying language [ReedPierce2010,AGHKC2017].
An Example
An Example M ID ≡ λx.x M SIN ≡ λx. sin x δ ( M ID , M SIN ) = + ∞
An Example M ID ≡ λx.x M SIN ≡ λx. sin x δ ( M ID , M SIN ) = + ∞
An Example M ID ≡ λx.x M SIN ≡ λx. sin x δ ( M ID , M SIN ) = + ∞
An Example M ID ≡ λx.x M SIN ≡ λx. sin x δ ( M ID , M SIN ) = + ∞ What if the environment feeds the function with values close to 0 , only?
An Example
A Toy Language Types
A Toy Language Types Typing Rules
A Toy Language Types Typing Rules Denotational Semantics
Differential Logical Relations Distance Spaces
Differential Logical Relations Distance Spaces The distance between two pro- grams of type τ → ρ is a func- tion which: ◮ Given an input in � τ � . . . ◮ And a distance in ( | τ | ) . . . ◮ Returns a distance in ( | ρ | ) .
Differential Logical Relations Distance Spaces DLRs as Ternary Relations
Differential Logical Relations Distance Spaces DLRs as Ternary Relations Theorem (Fundamental Lemma, Version I) For every ⊢ M : τ , there is d ∈ ( | τ | ) such that δ τ ( M, d, M ) .
On the Fundamental Lemma — So What? ◮ Why not null distances? ◮ The distance between a program M and itself is null, isn’t it?
On the Fundamental Lemma — So What? ◮ Why not null distances? ◮ The distance between a program M and itself is null, isn’t it? ◮ In fact, this is true only at ground types. ◮ Example : the distance between M ID and itself is something λ � x, ε � .ε . like λ
On the Fundamental Lemma — So What? ◮ Why not null distances? ◮ The distance between a program M and itself is null, isn’t it? ◮ In fact, this is true only at ground types. ◮ Example : the distance between M ID and itself is something λ � x, ε � .ε . like λ ◮ Too weak? ◮ The distance d is arbitrary, and can even be infinite. ◮ In ordinary logical relations, the FL enables compositional reasoning, when applied to the environment, the context.
On the Fundamental Lemma — So What? ◮ Why not null distances? ◮ The distance between a program M and itself is null, isn’t it? ◮ In fact, this is true only at ground types. ◮ Example : the distance between M ID and itself is something λ � x, ε � .ε . like λ ◮ Too weak? ◮ The distance d is arbitrary, and can even be infinite. ◮ In ordinary logical relations, the FL enables compositional reasoning, when applied to the environment, the context. ◮ The same here : ( C, d, C ) ∈ δ τ → REAL C : τ → REAL M, N : τ ( M, e, N ) ∈ δ τ ⇓ ( C [ M ] , d ( � M � , e ) , C [ N ]) ∈ δ REAL
On the Fundamental Lemma — So What? ◮ Why not null distances? ◮ The distance between a program M and itself is null, isn’t it? ◮ In fact, this is true only at ground types. ◮ Example : the distance between M ID and itself is something λ � x, ε � .ε . like λ ◮ Too weak? ◮ The distance d is arbitrary, and can even be infinite. ◮ In ordinary logical relations, the FL enables compositional reasoning, when applied to the environment, the context. ◮ The same here : ( C, d, C ) ∈ δ τ → REAL C : τ → REAL M, N : τ ( M, e, N ) ∈ δ τ ⇓ ( C [ M ] , d ( � M � , e ) , C [ N ]) ∈ δ REAL
On the Fundamental Lemma — So What? ◮ Why not null distances? ◮ The distance between a program M and itself is null, isn’t it? ◮ In fact, this is true only at ground types. ◮ Example : the distance between M ID and itself is something λ � x, ε � .ε . like λ ◮ Too weak? ◮ The distance d is arbitrary, and can even be infinite. ◮ In ordinary logical relations, the FL enables compositional reasoning, when applied to the environment, the context. ◮ The same here : ( C, d, C ) ∈ δ τ → REAL C : τ → REAL M, N : τ ( M, e, N ) ∈ δ τ ⇓ ( C [ M ] , d ( � M � , e ) , C [ N ]) ∈ δ REAL
On the Fundamental Lemma — So What? ◮ Why not null distances? ◮ The distance between a program M and itself is null, isn’t it? ◮ In fact, this is true only at ground types. ◮ Example : the distance between M ID and itself is something λ � x, ε � .ε . like λ ◮ Too weak? ◮ The distance d is arbitrary, and can even be infinite. ◮ In ordinary logical relations, the FL enables compositional reasoning, when applied to the environment, the context. ◮ The same here : ( C, d, C ) ∈ δ τ → REAL C : τ → REAL M, N : τ ( M, e, N ) ∈ δ τ ⇓ ( C [ M ] , d ( � M � , e ) , C [ N ]) ∈ δ REAL
Back to the Example Claim λ � x, y � .y + | x − sin x | , M SIN ) δ REAL → REAL ( M ID , λ
Back to the Example Claim λ � x, y � .y + | x − sin x | , M SIN ) δ REAL → REAL ( M ID , λ Proof. Consider any pairs of real numbers r, s ∈ R such that | r − s | ≤ ε , where ε ∈ R ∞ ≥ 0 . We have that: | sin r − s | = | sin r − r + r − s | ≤ | sin r − r | + | r − s | ≤ | sin r − r | + ε = f ( r, ε ) | sin s − r | = | sin s − sin r + sin r − r | ≤ | sin s − sin r | + | sin r − r | ≤ | s − r | + | sin r − r | ≤ ε + | sin r − r | = f ( r, ε ) . λ � x, y � .y + | x − sin x | . where f = λ
Back to the Example ◮ Now, consider, e.g., the context C = ( λx.x ( xθ ))[ · ] .
Back to the Example ◮ Now, consider, e.g., the context C = ( λx.x ( xθ ))[ · ] . ◮ C can be seen as a term having type τ = ( REALS → REALS ) → REALS . A self-distance d for C can thus be defined as an element of � τ � = � REALS → REALS � × � REALS → REALS � → � REALS � . λ � g, h � .h ( g ( θ ) , h ( θ, 0)) . namely F = λ
Recommend
More recommend
