1 Explicit Contexts in LF Karl Crary Carnegie Mellon University Workshop on Mechanized Metatheory, 9/21/06

2 The LF methodology Construct isomorphisms between: –Syntactic classes and LF types –Expressions and LF terms (of appropriate type) –Judgements and LF types –Derivations and LF terms (of appropriate type)

3 The LF methodology Isomorphisms must commute with substitution. To do so: –Identify OL variables with LF variables. –Identify OL assumptions with LF assumptions. –Consequently, identify OL contexts with (fragments of) LF contexts.

4 LF example: Syntax tp : type. exp : type. o : tp. arrow : tp -> tp -> tp. b : exp. lam : tp -> (exp -> exp) -> exp. app : exp -> exp -> exp.

5 LF example: Semantics of : exp -> tp -> type. of/b : of b o. of/lam : of (lam A ([x] M x)) (arrow A B) of (M x) B). of/app : of (app M N) B <- of M (arrow A B) <- of N A.

6 The problem Contexts are implicit. Cannot be manipulated by proofs. Can be a problem for theorems involving a distinguished bound variable.

7 Distinguished bound variable If of M A and ({x} of x A -> of (N x) B) then of (N M) B In Twelf syntax: subst : of M A -> ({x} of x A -> of (N x) B) -> of (N M) B -> type. %mode subst +D1 +D2 -D3.

8 Important caveat There’s no reason to do this! Substitution lemma is free in LF. –If D1 : of M A and D2 : ({x} of x A -> of (N x) B) then D2 M D1 : of (N M) B Illustrative example, not a motivating one.

9 Motivating examples Substitution lemma for languages with different judgements on left and right – Sequent calculus, imperative type systems Narrowing in F-sub (Poplmark challenge) Functionality Defined notions of substitution –Hereditary substitution Linear and modal logic

10 Substitution theorem If of M A and ({x} of x A -> of (N x) B) then of (N M) B By induction on the second argument.

11 A proof case Suppose: D1 : of M A D2 = [x] [d:of x A] of/lam ([y] [e] D x d y e) : {x} of x A -> of (lam B ([y] N x y)) (arrow B C) D : {x} of x A -> {y} of y B -> of (N x y) C

12 A proof case Let y:exp and e:of y B be arbitrary. Therefore: [x] [d:of x A] D x d y e : {x} of x A -> of (N x y) C By induction there exists: D’ y e : of (N M y) C Therefore of/lam D’ : of (lam B ([y] N M y)) (arrow B C)

13 A proof case in Twelf -: subst D1 ([x] [d:of x A] of/lam ([y] [e:of y B] D x d y e)) (of/lam D') <- ({y} {e:of y B} subst D1 ([x] [d:of x A] D x d y e) (D' y e : of (N M y) C)).

14 Assumption permutation Proof permutes x & d with y & e. No room for bindings between distinguished variable and its scope. –Undistinguished variables go in context. In essence, the distinguished variable must appear last. –Permute assumptions to preserve this condition.

15 Uh oh! With dependent types, we cannot permute assumptions. When e ’s type depends on x, it cannot be pulled outside.

16 The problem When: –doing an inductive proof in Twelf –that involves a distinguished bound variable, –and the setting includes dependent types, You have a problem: –Cannot keep the designated bound variable last.

17 Explicit contexts Make the context into an explicit object that the proof can manipulate. –This allows us to place the variable of interest anywhere in the context. Proof technique only! –No change to LF or Twelf. No change to syntax! –Still using higher-order abstract syntax. Can convert from and to implicit contexts.

18 Methodology Syntax is still entirely higher-order. Give two versions of the semantics. –Implicit and explicit context. Convert derivations to use explicit contexts when necessary.

19 Contexts ctx : type. nil : ctx. cons : ctx -> exp -> tp -> ctx.

20 First cut: lookup lookup : ctx -> exp -> tp -> type. lookup/hit : lookup (cons G X A) X A. lookup/miss : lookup (cons G Y _) X A <- lookup G X A.

21 First cut: semantics ofe: ctx -> exp -> tp -> type. ofe/var : ofe G X A <- lookup G X A. ofe/closed : ofe G M A <- of M A.

22 First cut: semantics ofe/lam : ofe G (lam A ([x] M x)) (arrow A B) <- ({x:exp} ofe (cons G x A) (M x) B). ofe/app : ofe G (app M N) B <- ofe G M (arrow A B) <- ofe G N A.

23 Problem: bad contexts Contexts are merely association lists of terms and types. Syntax permits: –“Binding” of non-variables. –Multiple bindings of a single variable. Need a context formation judgement –Each term should be a distinct variable.

24 Context formation Distinguish variables using a hypothetical judgement. –Also assigns an ordering to variables. Context formation judgement: –Only variables may appear. –Variables must be ordered. (Hence, no duplicates.)

25 Variable ordering isvar : exp -> nat -> type. %{ Assumption " isvar X I " indicates: (1) X is a variable, and (2) x carries order stamp I. }% precedes : exp -> exp -> type. precedes/i : precedes X Y <- isvar X I <- isvar Y J <- lt I J.

26 Context formation bounded : ctx -> exp -> type. bounded/nil: bounded nil X <- isvar X _. bounded/cons: bounded (cons G Y _) X <- precedes Y X <- bounded G Y. ordered : ctx -> type. ordered/nil: ordered nil. ordered/cons: ordered (cons G X _) <- bounded G X.

27 Lookup Lemma: if lookup G X A then ordered G. lookup : ctx -> exp -> tp -> type. lookup/hit : lookup (cons G X A) X A <- bounded G X. lookup/miss : lookup (cons G Y _) X A <- bounded G Y <- lookup G X A.

28 Semantics ofe/closed : ofe G M A <- of M A <- ordered G. ofe/lam : ofe G (lam A ([x] M x)) (arrow A B) ofe (cons G x A) (M x) B).

29 Usage When combined, these theorems allow us to do proofs for the implicit system. –Convert to explicit form. –Perform the desired proof. –Convert back to implicit form.

30 Substitution theorem Before: –If  ⊢ M : A and , x:A ⊢ N : B then  ⊢ [M/x] N : B Now: –If   ⊢ M : A and  1, x:A,  2 ⊢ N : B then  1,  2 ⊢ [M/x] N : B

31 Substitution theorem in Twelf If ({x} append (cons G1 x A) G2 (G x)) and append G1 G2 G’ and ofe G1 M A and ({x} isvar x I -> ofe (G x) (N x) B) then ofe G’ (N M) B

32 Context Lemmas If lookup G X A then X is not a lambda or application. –That is, contexts bind only variables. If ({x} append (cons G1 x A) G2 (G x)) and ({x} isvar x I -> lookup (G x) x B) then tp-eq A B. –That is, contexts bind distinct variables.

33 Translation to implicit form If ofe nil M A then of M A Proof is not very hard.

34 Translation to explicit form If of M A then ofe nil M A Proof is tricky. –This is the enabling technical achievement.

35 Cut elimination Main lemma is a form of cut elimination. –Cut explicit-context “lookup” against implicit-context “of” assumption. –Prove simultaneously for cuts into of and ofe. If ({x} of x A -> of (M x) B) and ({x} isvar x I -> lookup (G x) x A) then ({x} isvar x I -> ofe (G x) (M x) B)

36 Conclusion General technique for proofs involving: –A distinguished bound variable –Dependent types Used in type safety proof for SML IL. –See Daniel Lee’s talk this afternoon. Not an extension to LF. Not a new representation technique: –Still use higher-order syntax and judgements.