Toward a Theory of Contexts of Assumptions in Logical Frameworks Amy Felty University of Ottawa Inria Sophia Antipolis M´ editerran´ ee TYPES Meeting, May 12, 2014 Joint work with Alberto Momigliano and Brigitte Pientka 1
Motivation: Comparing Systems We focus on logical frameworks that support the use of higher-order abstract syntax . ◮ Commonalities: ⋆ encode object-level binders with meta-level binders ⋆ support for alpha-renaming and substitution ⋆ encode axioms and inference rules using hypothetical and parametric judgments ◮ Differences: ⋆ how a system supports reasoning about hypothetical and parametric derivations, which requires support for contexts to keep track of hypotheses ⋆ other features. . . 2
Comparing Systems (continued) Case studies we consider are in the domain of meta-theory of programming languages. Systems we have studied include: ◮ based on type theory: Twelf, Beluga ◮ based on proof theory: Abella, Hybrid We are also designing an Open challenge problem Repository for systems supporting reasoning with BInders (ORBI), for sharing HOAS benchmark problems. (Can be thought of as an intermediate language between OTT and TPTP .) We want to relate one framework to another with the aim of transferring theorems and proofs (some similar goals to the ProofCert project). 3
Outline Motivating Examples 1 Contexts as Structured Sequences 2 Structural Rules 3 Reasoning with Contexts: Generalized Contexts vs. Context 4 Relations Current and Future Work 5 4
A First Example: Polymorphic λ Calculus Grammar: Types and Terms (does not enforce scope) Types A , B ::= Terms M ::= x α | arr A B | lam x . M | app M N | all α. A | tlam α. M | tapp M A Alternative: Well-Formed Terms Martin-L¨ of Style (enforces scope) is tm x tm v is tp α tp v . . . . . . is tm M is tm M is tm (lam x . M ) tm x , tm v is tm (tlam α. M ) tm α, tp v l tl is tm M 1 is tm M 2 is tm M is tp A tm a tm ta is tm (app M 1 M 2 ) is tm (tapp M A ) 5
A Second Example (with Implicit Contexts) Rules for “algorithmic” equality for the untyped λ calculus: is tm x x aeq x x ae v . . . aeq M N aeq M 1 N 1 aeq M 2 N 2 aeq (lam x . M ) (lam x . N ) ae x , ae v aeq (app M 1 M 2 ) (app N 1 N 2 ) ae a l + Context-free representation scales from grammars to judgments - Can we tell open vs. closed object? - Meta-reasoning about such judgments requires explicit structured contexts. - Explicit structural properties of assumptions are also important. 6
Explicit Contexts Examples of contexts occurring in the above examples: Type Context Γ ::= · | Γ , is tp α Term/Type Context Γ ::= · | Γ , is tp α | Γ , is tm x Equality Context Γ ::= · | Γ , is tm x , aeq x x In the latter, note that we are introducing the variable x together with the assumption aeq x x . Issue: The use of ’ , ’ is ambiguous. Our view: Contexts are structured sequences. We use ’;’ to separate atoms inside a “block.” Equality Context Γ ::= · | Γ , is tm x ; aeq x x 7
Contexts as Structured Sequences A context is a sequence of declarations D where a declaration is a block of individual atomic assumptions separated by ’;’, which binds tighter than ’ , ’. Atom A Block of declaration ::= A | D ; A D Context Γ ::= · | Γ , D Schema ::= D s | D s | | | | S S A schema classify a context, where ’ | | | | ’ describes alternatives. ::= is tp α | | | | is tm x S α x S xa ::= is tm x ; aeq x x There are typing rules relating context and schemas (not shown here). Convention: Φ α x describes a context with schema S α x . 8
Polymorphic λ Calculus Revisited (with Explicit Contexts) is tm x ∈ Φ α x Φ α x ⊢ is tm x tm v Φ α x , is tm x ⊢ is tm M Φ α x ⊢ is tm M 1 Φ α x ⊢ is tm M 2 Φ α x ⊢ is tm (lam x . M ) tm l tm a Φ α x ⊢ is tm (app M 1 M 2 ) Φ α x , is tp α ⊢ is tm M Φ α x ⊢ is tm M Φ α x ⊢ is tp A Φ α x ⊢ is tm (tlam α. M ) tm tl tm ta Φ α x ⊢ is tm (tapp M A ) 9
Structural Rules More fine-grained view of structural rules, which can be applied inside a block or to a whole context. Slightly unusual presentation of rules based on operations on declarations: ◮ Let rm A : S → S ′ be a total function taking D ∈ S and returning D ′ ∈ S ′ where D ′ is D with A removed, if A ∈ D ; otherwise D ′ = D . ◮ Let perm π : S → S ′ be a total function which permutes the elements of D ∈ S according to π to obtain D ′ ∈ S ′ . 10
Example Operations on Declarations S α x ::= is tp α | | | | is tm x S xa ::= is tm x ; aeq x x ::= is tp α S α S x ::= is tm x rm aeq x x : S xa → S x = λ d . case d of is tm y ; aeq y y �→ is tm y rm is tm x : S α x → S α = λ d . case d of | is tp α �→ is tp α | is tm y �→ · (Note that the latter “removes” whole declarations.) 11
Structural Properties of Declarations Declaration Weakening: Γ , rm A ( D ) , Γ ′ ⊢ J d-wk Γ , D , Γ ′ ⊢ J Declaration Strengthening: Γ , D , Γ ′ ⊢ J Γ , rm A ( D ) , Γ ′ ⊢ J d-str ( † ) with the proviso ( † ) that A is irrelevant to J (e.g., subordination ) Declaration Exchange Γ , D , Γ ′ ⊢ J Γ , perm π ( D ) , Γ ′ ⊢ J d-exc 12
Structural Properties of Contexts We extended those operations to act on contexts (rm ∗ A , perm ∗ π ): Context Weakening rm ∗ A (Γ) ⊢ J c-wk Γ ⊢ J Context Strengthening Γ ⊢ J A (Γ) ⊢ J c-str ( † ) rm ∗ Context Exchange Γ ⊢ J π (Γ) ⊢ J c-exc perm ∗ 13
Example Revisited Recall: S α x ::= is tp α | | | | is tm x S α ::= is tp α rm is tm x : S α x → S α For the rule for well formed type application, we wrote: Φ α x ⊢ is tm M Φ α x ⊢ is tp A tm ta Φ α x ⊢ is tm (tapp M A ) Note that we also know rm ∗ is tm x (Φ α x ) ⊢ is tp A Furthermore, we really have the following rule, where Γ is any context that can be strengthened to a context satisfying schema S α x (and then further strengthened in the right premise). Γ ⊢ is tm M Γ ⊢ is tp A tm ta Γ ⊢ is tm (tapp M A ) 14
Reasoning and Contexts Rules for “declarative” equality for the untyped λ calculus: S xd ::= is tm x ; deq x x deq x x ∈ Φ xd Φ xd , is tm x ; deq x x ⊢ deq M N Φ xd ⊢ deq (lam x . M ) (lam x . N ) de l Φ xd ⊢ deq x x de v Φ xd ⊢ deq M 1 N 1 Φ xd ⊢ deq M 2 N 2 Φ xd ⊢ deq (app M 1 M 2 ) (app N 1 N 2 ) de a Φ xd ⊢ deq M M de r Φ xd ⊢ deq N M Φ xd ⊢ deq M L Φ xd ⊢ deq L N Φ xd ⊢ deq M N de s de t Φ xd ⊢ deq M N Attempt (Completeness) If Γ 1 ⊢ deq M N, then Γ 2 ⊢ aeq M N. This statement does not contain enough information about how the two contexts Γ 1 and Γ 2 are related. 15
Two Approaches Attempt (Completeness) If Γ 1 ⊢ deq M N, then Γ 2 ⊢ aeq M N. Context relations approach (R). Assume that Γ 1 and Γ 2 satisfy 1 the appropriate schemas, and then specify how they are related . S xd ::= is tm x ; deq x x S xa ::= is tm x ; aeq x x (This approach is used by Abella and Hybrid.) Generalized context approach (G). Use a single context in the 2 theorem that contains all assumptions in the relevant judgments. S da ::= is tm x ; deq x x ; aeq x x (This approach is used by Twelf and Beluga.) 16
Generalized Contexts S da ::= is tm x ; deq x x ; aeq x x Theorem (Completeness, G Version) If Φ da ⊢ deq M N, then Φ da ⊢ aeq M N. Proof of lambda case: Γ , is tm x ; deq x x ⊢ deq M N Γ ⊢ deq (lam x . M ) (lam x . N ) de l Φ da ⊢ deq (lam x . M ) (lam x . N ) by assumption Φ da , is tm x ; deq x x ⊢ deq M N by de l Φ da , is tm x ; deq x x ; aeq x x ⊢ deq M N by d-wk Φ da , is tm x ; deq x x ; aeq x x ⊢ aeq M N by i.h. Φ da , is tm x ; aeq x x ⊢ aeq M N by d-str Φ da ⊢ aeq (lam x . M ) (lam x . N ) by ae l 17
Context Relations S xd ::= is tm x ; deq x x S xa ::= is tm x ; aeq x x Theorem (Completeness, R Version) Assume Φ xd ∼ Φ xa . If Φ xd ⊢ deq M N, then Φ xa ⊢ aeq M N. We can define Φ xd ∼ Φ xa using rm ∗ . Recall: 1 S da ::= is tm x ; deq x x ; aeq x x Φ xd ∼ Φ xa iff there is a Φ da satisfying S da such that Φ xd = rm ∗ aeq x x (Φ da ) and Φ xa = rm ∗ deq x x (Φ da ). Alternatively, we can define this relation inductively: 2 Φ xd ∼ Φ xa . ∼ . Φ xd , is tm x ; deq x x ∼ Φ xa , is tm x ; aeq x x 18
Context Relations: Lambda Case Revisited Theorem (Completeness, R Version) Assume Φ xd ∼ Φ xa . If Φ xd ⊢ deq M N, then Φ xa ⊢ aeq M N. Proof of lambda case: Γ , is tm x ; deq x x ⊢ deq M N Γ ⊢ deq (lam x . M ) (lam x . N ) de l Φ xd ⊢ deq (lam x . M ) (lam x . N ) by assumption Φ xd , is tm x ; deq x x ⊢ deq M N by de l Φ xd , is tm x ; deq x x ∼ Φ xa , is tm x ; aeq x x by def ∼ Φ xa , is tm x ; aeq x x ⊢ aeq M N by i.h. Φ xa ⊢ aeq (lam x . M ) (lam x . N ) by ae l 19
Promotion S xa ::= is tm x ; aeq x x S da ::= is tm x ; deq x x ; aeq x x Proving completeness involves proving admissibility of reflexivity, symmetry, and transitivity. We consider the G version of reflexivity. Lemma (Admissibility of Reflexivity, G Version) If Φ xa ⊢ is tm M then Φ xa ⊢ aeq M M. Before using this lemma in the proof of completeness of algorithmic equality with respect to declarative equality, we must first “promote” it first to the larger context used in that theorem. Lemma (Promotion, G Version) If Φ da ⊢ is tm M then Φ da ⊢ aeq M M. 20
Recommend
More recommend