Subset coercions in C M S under direction of C - PowerPoint PPT Presentation

Subset coercions in C  M  S  under direction of C  P  -M  Paris-Sud 11 University LRI - D´  Team & INRIA F  - P  Project TYPES’06 Workshop 18-21 April 2006

The Big Picture

The Big Picture

The Big Picture

The Big Picture

The Big Picture

Outline The idea 1 Theoretical development 2 R  Traduction in C  The implementation 3

A simple idea Definition { x : T | P } is the set of objects of set T verifying property P . Useful for specifying, widely used in mathematics ; Separates object and property.

A simple idea Definition { x : T | P } is the set of objects of set T verifying property P . Useful for specifying, widely used in mathematics ; Separates object and property. Adapting the idea t : T P [ t / x ] t : { x : T | P } t : { x : T | P } t : T

From “ Predicate subtyping ”. . . PVS Specialized typing algorithm for subset types, generating Type-checking conditions . t : { x : T | P } used as t : T ok used as if P [ t / x ] t : T t : { x : T | P }

From “ Predicate subtyping ”. . . PVS Specialized typing algorithm for subset types, generating Type-checking conditions . t : { x : T | P } used as t : T ok used as if P [ t / x ] t : T t : { x : T | P } + Practical success ;

From “ Predicate subtyping ”. . . PVS Specialized typing algorithm for subset types, generating Type-checking conditions . t : { x : T | P } used as t : T ok used as if P [ t / x ] t : T t : { x : T | P } + Practical success ; – No strong safety guarantee in PVS.

. . . to Subset coercions A property-irrelevant language (R  ) with decidable 1 typing ; Γ ⊢ t : { x : T | P } Γ ⊢ t : T Γ ⊢ t : T Γ , x : T ⊢ P : Prop t : { x : T | P }

. . . to Subset coercions A property-irrelevant language (R  ) with decidable 1 typing ; A total traduction to C  terms with holes ; 2 Γ ⊢ t : { x : T | P } Γ ⊢ σ 1 t : T Γ ⊢ t : T Γ , x : T ⊢ P : Prop Γ ⊢ ? : P [ t / x ] ( t , ?) : { x : T | P }

. . . to Subset coercions A property-irrelevant language (R  ) with decidable 1 typing ; A total traduction to C  terms with holes ; 2 A method to turn the holes into proof obligations. 3

Outline The idea 1 Theoretical development 2 R  Traduction in C  The implementation 3

R  ’s typing ⊢ and coercion � Calculus of Constructions - C  + Γ ⊢ t : U Γ ⊢ T : s U � T C  Γ ⊢ t : T

R  ’s typing ⊢ and coercion � Calculus of Constructions - C  + Γ ⊢ t : U Γ ⊢ T : s U � T C  Γ ⊢ t : T T ≡ βπ U S � T T � U S  -T  S  -C  S � U T � U

R  ’s typing ⊢ and coercion � Calculus of Constructions - C  + Γ ⊢ t : U Γ ⊢ T : s U � T C  Γ ⊢ t : T T ≡ βπ U S � T T � U S  -T  S  -C  S � U T � U U � V U � V S  -S  { x : U | P } � V S  -P  U � { x : V | P }

R  ’s typing ⊢ and coercion � Calculus of Constructions - C  + Γ ⊢ t : U Γ ⊢ T : s U � T C  Γ ⊢ t : T T ≡ βπ U S � T T � U S  -T  S  -C  S � U T � U U � V U � V S  -S  { x : U | P } � V S  -P  U � { x : V | P } 0 : nat nat � { x : nat | x � 0 } 0 : { x : nat | x � 0 }

R  ’s typing ⊢ and coercion � Calculus of Constructions - C  + Γ ⊢ t : U Γ ⊢ T : s U � T C  Γ ⊢ t : T T ≡ βπ U S � T T � U S  -T  S  -C  S � U T � U U � V U � V S  -S  { x : U | P } � V S  -P  U � { x : V | P } 0 : nat nat � { x : nat | x � 0 } 0 : { x : nat | x � 0 } ? : 0 � 0

R  ’s typing ⊢ and coercion � Calculus of Constructions - C  + Γ ⊢ t : U Γ ⊢ T : s U � T C  Γ ⊢ t : T T ≡ βπ U S � T T � U S  -T  S  -C  S � U T � U U � V U � V S  -S  { x : U | P } � V S  -P  U � { x : V | P } U � T V � W S  -P  Π x : T . V � Π x : U . W

Results Theorem (Decidability of type checking) Γ ⊢ t : T is decidable. Γ ⊢ f : T T � Π x : A . B Γ ⊢ e : E E � A A  Γ ⊢ ( f e ) : B [ e / x ]

Results Theorem (Decidability of type checking) Γ ⊢ t : T is decidable. Lemma (Elimination of transitivity) If T � U ∧ U � V then T � V . Γ ⊢ f : T T � Π x : A . B Γ ⊢ e : E E � A A  Γ ⊢ ( f e ) : B [ e / x ]

Outline The idea 1 Theoretical development 2 R  Traduction in C  The implementation 3

The target system CIC with metavariables Γ ⊢ ? t : T Γ ⊢ ? p : P [ t / x ] Γ ⊢ ? elt T P t p : { x : T | P } Γ ⊢ ? t : { x : T | P } Γ ⊢ ? t : { x : T | P } Γ ⊢ ? σ 1 t : T Γ ⊢ ? σ 2 t : P [ σ 1 t / x ] Γ ⊢ ? P : Prop Γ ⊢ ? ? P : P

From C  to R  The easy way ( σ 1 t ) ◦ t ◦ = ( elt T P t p ) ◦ t ◦ = ( σ 2 t ) ◦ = ⊥ (? P ) ◦ = ⊥ If Γ ⊢ ? t : T then Γ ◦ ⊢ t ◦ : T ◦ if () ◦ is defined on Γ , t and T .

From C  to R  and back The easy way ( σ 1 t ) ◦ t ◦ = ( elt T P t p ) ◦ t ◦ = ( σ 2 t ) ◦ = ⊥ (? P ) ◦ = ⊥ If Γ ⊢ ? t : T then Γ ◦ ⊢ t ◦ : T ◦ if () ◦ is defined on Γ , t and T . The hard way If Γ ⊢ t : T then � Γ � ⊢ ? � t � Γ : � T � Γ .

Traduction : deriving explicit coercions Traduction for coercions If T � U then Γ ⊢ ? c [ • ] : T � U which implies � Γ � ⊢ ? λ x : � T � Γ . c [ x ] : � T � Γ → � U � Γ .

Traduction : deriving explicit coercions Traduction for coercions If T � U then Γ ⊢ ? c [ • ] : T � U which implies � Γ � ⊢ ? λ x : � T � Γ . c [ x ] : � T � Γ → � U � Γ . Definition T ≡ βπ U Γ ⊢ ? : T � U

Traduction : deriving explicit coercions Traduction for coercions If T � U then Γ ⊢ ? c [ • ] : T � U which implies � Γ � ⊢ ? λ x : � T � Γ . c [ x ] : � T � Γ → � U � Γ . Definition T ≡ βπ U Γ ⊢ ? • : T � U

Traduction : deriving explicit coercions Traduction for coercions If T � U then Γ ⊢ ? c [ • ] : T � U which implies � Γ � ⊢ ? λ x : � T � Γ . c [ x ] : � T � Γ → � U � Γ . Definition T ≡ βπ U Γ ⊢ ? • : T � U Γ ⊢ ? : { x : T | P } � T

Traduction : deriving explicit coercions Traduction for coercions If T � U then Γ ⊢ ? c [ • ] : T � U which implies � Γ � ⊢ ? λ x : � T � Γ . c [ x ] : � T � Γ → � U � Γ . Definition T ≡ βπ U Γ ⊢ ? • : T � U Γ ⊢ ? σ 1 • : { x : T | P } � T

Traduction : deriving explicit coercions Traduction for coercions If T � U then Γ ⊢ ? c [ • ] : T � U which implies � Γ � ⊢ ? λ x : � T � Γ . c [ x ] : � T � Γ → � U � Γ . Definition T ≡ βπ U Γ ⊢ ? • : T � U Γ ⊢ ? σ 1 • : { x : T | P } � T : T � { x : T | P } Γ ⊢ ?

Traduction : deriving explicit coercions Traduction for coercions If T � U then Γ ⊢ ? c [ • ] : T � U which implies � Γ � ⊢ ? λ x : � T � Γ . c [ x ] : � T � Γ → � U � Γ . Definition T ≡ βπ U Γ ⊢ ? • : T � U Γ ⊢ ? σ 1 • : { x : T | P } � T Γ ⊢ ? elt • ? � P � Γ , x : T [ • / x ] : T � { x : T | P }

Traduction : deriving explicit coercions Traduction for coercions If T � U then Γ ⊢ ? c [ • ] : T � U which implies � Γ � ⊢ ? λ x : � T � Γ . c [ x ] : � T � Γ → � U � Γ . Definition T ≡ βπ U Γ ⊢ ? • : T � U Γ ⊢ ? σ 1 • : { x : T | P } � T Γ ⊢ ? elt • ? � P � Γ , x : T [ • / x ] : T � { x : T | P } Example Γ ⊢ ? 0 : nat Γ ⊢ ? c : nat � { x : nat | x � 0 } Γ ⊢ ? ( elt • ? ( x � 0)[ • / x ] )[0] = elt 0 ? 0 � 0 : { x : nat | x � 0 }

Traduction : interpretation of terms �� Γ Example (Application) Γ ⊢ f : T T � Π x : V . W : s Γ ⊢ u : U U � V Γ ⊢ ( f u ) : W [ u / x ] � f u � Γ let π = coerce Γ T ( Π x : V . W ) in = let c = coerce Γ U V in ( π [ � f � Γ ]) ( c [ � u � Γ ]) Theorem (Soundness) If Γ ⊢ t : T then � Γ � ⊢ ? � t � Γ : � T � Γ .

Theoretical matters ⊢ ? ’s equational theory : ( β ) ( λ x : X . e ) v ≡ e [ v / x ] σ i ( elt E P e 1 e 2 ) ( σ i ) ≡ e i ( η ) ( λ x : X . e x ) ≡ e if x � FV ( e ) ( SP ) elt E P ( σ 1 e ) ( σ 2 e ) ≡ e

Theoretical matters ⊢ ? ’s equational theory : ( β ) ( λ x : X . e ) v ≡ e [ v / x ] σ i ( elt E P e 1 e 2 ) ( σ i ) ≡ e i ( η ) ( λ x : X . e x ) ≡ e if x � FV ( e ) ( SP ) elt E P ( σ 1 e ) ( σ 2 e ) ≡ e elt E P t ′ p ′ if t ≡ t ′ ( σ ) elt E P t p ≡ ⇒ Proof Irrelevance