Mechanising Hankin and Barendregt using the Gordon-Melham axioms Michael Norrish Michael.Norrish@nicta.com.au Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.1
Motivation & Outline To investigate the utility of Gordon & Melham’s approach to handling terms identified up to α -equivalence. Strategy: mechanise a substantial piece of existing theory Hankin, Lambda calculi: a guide for computer scientists . Chapter 2 (basic equational theory), Chapter 3 (reduction). Barendregt, The lambda calculus: its syntax and semantics . Chapter 11 (residuals, finite-ness of developments, standardisation theorem), except for §11.3 (conservation theorem for λI ). Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.2
Why the λ -calculus? Lots of existing theory (no need for me to be creative). Replaying the theory requires: development of three “languages”: basic untyped λ -calculus, Λ ; λ -calculus with labelled redexes (two sorts of binder), Λ ′ ; Λ ′ with weighted variables, Λ ′∗ Definition of functions/relations over these languages Many proofs All this provides quite a work-out for any mechanised technique. Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.3
The Gordon-Melham approach Provides a type of terms ( term , also Λ ) identified up to α -conversion constructors: VAR , CON , LAM , @@ . constants: FV : term → ( string ) set [ _ / _ ] _ : term → string → term → term “axioms” about them . . . and it’s all done definitionally on top of core HOL. Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.4
GM Axioms 1–4 1. specifies the behaviour FV constant over the constructors of term . 2. specifies substitution, in particular [ M / v ]( LAM v N ) = LAM v N u � = v ∧ u �∈ FV ( M ) ⇒ [ M / v ]( LAM u N ) = LAM u ([ M / v ] N ) 3. α -conversion u �∈ FV ( LAM v M ) ⇒ LAM v M = LAM u ([ VAR ( u ) / v ] M ) 4. Unique iteration, allowing derivation of induction principle, and the definition of new functions over term Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.5
GM Axiom 5 Abstraction terms are in bijection with HOL functions of certain form: LAM v M = ABS ( λ y . [ VAR ( y ) / v ] M ) Those functions (of type string → term ) that generate LAM terms could be the basis for a Higher Order Abstract Syntax (using ABS instead of LAM ). Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.6
The Induction Principle A consequence of GM Axiom 4: ( ∀ k . P ( CON ( k ))) ∧ ( ∀ s . P ( VAR ( s ))) ∧ ( ∀ t , u . P ( t ) ∧ P ( u ) ⇒ P ( t @@ u )) ∧ ( ∀ x , t . ( ∀ y . P ([ VAR ( y ) / x ] t )) ⇒ P ( LAM x t )) ⇒ ∀ t . P ( t ) It’s straightforward to define size : term → N (for Λ and later types) so I also induct on the size of the terms if this is easier. Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.7
Hankin’s Chapter 2: basics First important result is the Substitution Lemma: x � = y ∧ x �∈ FV ( L ) ⇒ [ L / y ]([ N / x ] M ) = [[ L / y ] N / x ]([ L / y ] M ) Easy induction. Later found that I needed this variant: z � = y ∧ z �∈ FV ( M ) ∧ z �∈ FV ( L ) ⇒ [ L / y ]([ N / x ] M ) = [[ L / y ] N / z ]([ L / y ]([ z / x ] M )) More general, as can apply left-to-right anywhere; just pick a suitably fresh z . Slightly harder induction. Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.8
Hankin’s Chapter 2: equational theory Hankin presents λ ⊢ ( λv. M ) N = [ N/v ] M λ ⊢ M = M ′ λ ⊢ M = M ′ λ ⊢ M N = M ′ N λ ⊢ ( λv. M ) = ( λv. M ′ ) Mechanised in HOL, this is a simple inductive relation: ... ∧ ( ∀ M M ′ v . M lameq M ′ ⇒ LAM v M ′ ) LAM v M lameq ∧ ... Term incompatibility also easy to mechanise. Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.9
Hankin’s Chapter 3: reduction General properties of reduction relations. β -reduction is Church-Rosser, using notion of “grand reduction” ( ։ 1 ) (gives soundness of equational theory) Newman’s Lemma (Weak Church-Rosser + Strong Normalisation ⇒ CR) Hindley-Rosen Lemma CR for η - and βη -reduction (sketched) δ -rules and Mitschke’s theorem (sketched) Residuals and standardisation (sketched) Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.10
Chapter 3: 1st Encounter with the BVC Proving substitutivity of reduction relations, e.g.: M → β M ′ ⇒ [ N / x ] M → β [ N / x ] M ′ Proof by rule induction over → β In abstraction case: Ind. hyp.: ∀ N , x . [ N / x ] M → β [ N / x ] M ′ To show: [ N / x ]( LAM v M ) → β [ N / x ]( LAM v M ′ ) With BVC, assume x � = v and v �∈ FV ( N ) ; push substitution through LAM ; apply inductive hypothesis; apply congruence rule; done. Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.11
Chapter 3: 1st Encounter with the BVC Proving substitutivity of reduction relations, e.g.: M → β M ′ ⇒ [ N / x ] M → β [ N / x ] M ′ Proof by rule induction over → β In abstraction case: Ind. hyp.: ∀ N , x . [ N / x ] M → β [ N / x ] M ′ To show: [ N / x ]( LAM v M ) → β [ N / x ]( LAM v M ′ ) Without BVC, must instead α -convert abstraction to LAM z ([ VAR ( z ) / v ] M ) , with z fresh. Then result of substitution is LAM z ([ N / x ]([ VAR ( z ) / v ] M )) and inductive hypothesis does not apply. Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.11
Instead of BVC, use iterated substitution Previous proof failed because α -conversion produced two substitutions over base term. Strengthen statement to encompass this using iterated substitution, ISUB : term → ( term × string ) list → term Theorem to be proved becomes M → β M ′ ⇒ ( M ISUB S ) → β ( M ′ ISUB S ) Inductive hypothesis for abstraction case is then ∀ S . ( M ISUB S ) → β ( M ′ ISUB S ) The universal quantification of S then copes with goal including term of form LAM z (([ z / v ] M ) ISUB S ) Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.12
Barendregt Chapter 11 Section 11.1: introduction of type Λ ′ ( λ -terms with optionally labelled redexes). β ′ = β 0 ∪ β 1 . β 0 reduces labelled redexes, β 1 unlabelled redexes. Gives alternative proof of CR for β . Section 11.2: the finite-ness of developments. Introduction of residual theory. Proof of SN and WCR for β 0 . Hence all β 0 reduction sequences can be extended to a fixed completion point. Needs definition of new type Λ ′∗ . Section 11.3: conservation theorem for λI . (Omitted.) Section 11.4: standardisation theorem. Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.13
Barendregt’s new types Labelled terms ( Λ ′ ): where redexes within the term may be labelled by numbers. Λ ′ has an extra constructor: ( λ i x . M ) N , taking 4 arguments ( i ∈ N is the label). Weighted terms ( Λ ′∗ ): labelled terms where all variables (free and bound) are given strictly positive weights . E.g., λ x . x 2 ( y 4 x 3 ) . Same variable can get different weights, so weights really attach to variable positions . Mechanisation must provide substitution, α -conversion, and induction principles for these new types. Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.14
Defining type Λ ′ Find model in subset of Λ , using CON constructor to label certain applications. Λ ′ α modelled by Λ N + α ( Λ polymorphic through CON constructor) Representation of ( λ i x . M ) N is CON ( left ( i )) @@ ( LAM x M ) @@ N Inductively characterise set of terms that qualify as labelled. Substitution over representation corresponds to substitution over new type. Many theorems about Λ transfer unscathed (including Substitution Lemma and others) Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.15
Defining type Λ ′∗ This type used in SN proof for β 0 : if weighted appropriately, the sum of a term’s weights decreases with β 0 reduction. Following Barendregt’s example, terms are paired with a weighting map w . Values of Λ ′∗ are pairs of type Λ ′ × ( term posn → N ) . Characterising change in weighting map after substitutions is painful. (Barendregt completely skims over this.) Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.16
Labelling Reductions ∆ Barendregt writes M → N , with ∆ the redex (sub-term) of M that reduces. If the reduction is ( λ x . ( λ y . yx ) z ) → ( λ x . zx ) what is the right label? ( λ y . yx ) z ? But, ( λ x . ( λ y . yx ) z ) ≡ α ( λ w . ( λ y . yw ) z ) , so ( λ y . yw ) z must also be right. With the GM axioms, α -equivalent terms are really identical, and there’s no clean way of picking x over w , or over any other fresh variable. Merlin’03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms – p.17
Recommend
More recommend
