Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Explicit Contexts in LF Karl Crary Carnegie Mellon University Workshop on Mechanized Metatheory, 9/21/06.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Explicit Contexts in LF Karl Crary Carnegie Mellon University Workshop on Mechanized Metatheory, 9/21/06."— Presentation transcript:

1 1 Explicit Contexts in LF Karl Crary Carnegie Mellon University Workshop on Mechanized Metatheory, 9/21/06

2 2 The LF methodology Construct isomorphisms between: –Syntactic classes and LF types –Expressions and LF terms (of appropriate type) –Judgements and LF types –Derivations and LF terms (of appropriate type)

3 3 The LF methodology Isomorphisms must commute with substitution. To do so: –Identify OL variables with LF variables. –Identify OL assumptions with LF assumptions. –Consequently, identify OL contexts with (fragments of) LF contexts.

4 4 LF example: Syntax tp : type. exp : type. o : tp. arrow : tp -> tp -> tp. b : exp. lam : tp -> (exp -> exp) -> exp. app : exp -> exp -> exp.

5 5 LF example: Semantics of : exp -> tp -> type. of/b : of b o. of/lam : of (lam A ([x] M x)) (arrow A B) of (M x) B). of/app : of (app M N) B <- of M (arrow A B) <- of N A.

6 6 The problem Contexts are implicit. Cannot be manipulated by proofs. Can be a problem for theorems involving a distinguished bound variable.

7 7 Distinguished bound variable If of M A and ({x} of x A -> of (N x) B) then of (N M) B In Twelf syntax: subst : of M A -> ({x} of x A -> of (N x) B) -> of (N M) B -> type. %mode subst +D1 +D2 -D3.

8 8 Important caveat There’s no reason to do this! Substitution lemma is free in LF. –If D1 : of M A and D2 : ({x} of x A -> of (N x) B) then D2 M D1 : of (N M) B Illustrative example, not a motivating one.

9 9 Motivating examples Substitution lemma for languages with different judgements on left and right – Sequent calculus, imperative type systems Narrowing in F-sub (Poplmark challenge) Functionality Defined notions of substitution –Hereditary substitution Linear and modal logic

10 10 Substitution theorem If of M A and ({x} of x A -> of (N x) B) then of (N M) B By induction on the second argument.

11 11 A proof case Suppose: D1 : of M A D2 = [x] [d:of x A] of/lam ([y] [e] D x d y e) : {x} of x A -> of (lam B ([y] N x y)) (arrow B C) D : {x} of x A -> {y} of y B -> of (N x y) C

12 12 A proof case Let y:exp and e:of y B be arbitrary. Therefore: [x] [d:of x A] D x d y e : {x} of x A -> of (N x y) C By induction there exists: D’ y e : of (N M y) C Therefore of/lam D’ : of (lam B ([y] N M y)) (arrow B C)

13 13 A proof case in Twelf -: subst D1 ([x] [d:of x A] of/lam ([y] [e:of y B] D x d y e)) (of/lam D') <- ({y} {e:of y B} subst D1 ([x] [d:of x A] D x d y e) (D' y e : of (N M y) C)).

14 14 Assumption permutation Proof permutes x & d with y & e. No room for bindings between distinguished variable and its scope. –Undistinguished variables go in context. In essence, the distinguished variable must appear last. –Permute assumptions to preserve this condition.

15 15 Uh oh! With dependent types, we cannot permute assumptions. When e ’s type depends on x, it cannot be pulled outside.

16 16 The problem When: –doing an inductive proof in Twelf –that involves a distinguished bound variable, –and the setting includes dependent types, You have a problem: –Cannot keep the designated bound variable last.

17 17 Explicit contexts Make the context into an explicit object that the proof can manipulate. –This allows us to place the variable of interest anywhere in the context. Proof technique only! –No change to LF or Twelf. No change to syntax! –Still using higher-order abstract syntax. Can convert from and to implicit contexts.

18 18 Methodology Syntax is still entirely higher-order. Give two versions of the semantics. –Implicit and explicit context. Convert derivations to use explicit contexts when necessary.

19 19 Contexts ctx : type. nil : ctx. cons : ctx -> exp -> tp -> ctx.

20 20 First cut: lookup lookup : ctx -> exp -> tp -> type. lookup/hit : lookup (cons G X A) X A. lookup/miss : lookup (cons G Y _) X A <- lookup G X A.

21 21 First cut: semantics ofe: ctx -> exp -> tp -> type. ofe/var : ofe G X A <- lookup G X A. ofe/closed : ofe G M A <- of M A.

22 22 First cut: semantics ofe/lam : ofe G (lam A ([x] M x)) (arrow A B) <- ({x:exp} ofe (cons G x A) (M x) B). ofe/app : ofe G (app M N) B <- ofe G M (arrow A B) <- ofe G N A.

23 23 Problem: bad contexts Contexts are merely association lists of terms and types. Syntax permits: –“Binding” of non-variables. –Multiple bindings of a single variable. Need a context formation judgement –Each term should be a distinct variable.

24 24 Context formation Distinguish variables using a hypothetical judgement. –Also assigns an ordering to variables. Context formation judgement: –Only variables may appear. –Variables must be ordered. (Hence, no duplicates.)

25 25 Variable ordering isvar : exp -> nat -> type. %{ Assumption " isvar X I " indicates: (1) X is a variable, and (2) x carries order stamp I. }% precedes : exp -> exp -> type. precedes/i : precedes X Y <- isvar X I <- isvar Y J <- lt I J.

26 26 Context formation bounded : ctx -> exp -> type. bounded/nil: bounded nil X <- isvar X _. bounded/cons: bounded (cons G Y _) X <- precedes Y X <- bounded G Y. ordered : ctx -> type. ordered/nil: ordered nil. ordered/cons: ordered (cons G X _) <- bounded G X.

27 27 Lookup Lemma: if lookup G X A then ordered G. lookup : ctx -> exp -> tp -> type. lookup/hit : lookup (cons G X A) X A <- bounded G X. lookup/miss : lookup (cons G Y _) X A <- bounded G Y <- lookup G X A.

28 28 Semantics ofe/closed : ofe G M A <- of M A <- ordered G. ofe/lam : ofe G (lam A ([x] M x)) (arrow A B) ofe (cons G x A) (M x) B).

29 29 Usage When combined, these theorems allow us to do proofs for the implicit system. –Convert to explicit form. –Perform the desired proof. –Convert back to implicit form.

30 30 Substitution theorem Before: –If  ⊢ M : A and , x:A ⊢ N : B then  ⊢ [M/x] N : B Now: –If   ⊢ M : A and  1, x:A,  2 ⊢ N : B then  1,  2 ⊢ [M/x] N : B

31 31 Substitution theorem in Twelf If ({x} append (cons G1 x A) G2 (G x)) and append G1 G2 G’ and ofe G1 M A and ({x} isvar x I -> ofe (G x) (N x) B) then ofe G’ (N M) B

32 32 Context Lemmas If lookup G X A then X is not a lambda or application. –That is, contexts bind only variables. If ({x} append (cons G1 x A) G2 (G x)) and ({x} isvar x I -> lookup (G x) x B) then tp-eq A B. –That is, contexts bind distinct variables.

33 33 Translation to implicit form If ofe nil M A then of M A Proof is not very hard.

34 34 Translation to explicit form If of M A then ofe nil M A Proof is tricky. –This is the enabling technical achievement.

35 35 Cut elimination Main lemma is a form of cut elimination. –Cut explicit-context “lookup” against implicit-context “of” assumption. –Prove simultaneously for cuts into of and ofe. If ({x} of x A -> of (M x) B) and ({x} isvar x I -> lookup (G x) x A) then ({x} isvar x I -> ofe (G x) (M x) B)

36 36 Conclusion General technique for proofs involving: –A distinguished bound variable –Dependent types Used in type safety proof for SML IL. –See Daniel Lee’s talk this afternoon. Not an extension to LF. Not a new representation technique: –Still use higher-order syntax and judgements.

Download ppt "1 Explicit Contexts in LF Karl Crary Carnegie Mellon University Workshop on Mechanized Metatheory, 9/21/06."

Similar presentations

Programmed Strategies for Program Verification Richard B. Kieburtz OHSU/OGI School of Science and Engineering and Portland State University.

Programmed Strategies for Program Verification Richard B. Kieburtz OHSU/OGI School of Science and Engineering and Portland State University.
Substitution & Evaluation Order cos 441 David Walker.

Substitution & Evaluation Order cos 441 David Walker.
Certified Typechecking in Foundational Certified Code Systems Susmit Sarkar Carnegie Mellon University.

Certified Typechecking in Foundational Certified Code Systems Susmit Sarkar Carnegie Mellon University.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.

Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
March 4, 2005Susmit Sarkar 1 A Cost-Effective Foundational Certified Code System Susmit Sarkar Thesis Proposal.

March 4, 2005Susmit Sarkar 1 A Cost-Effective Foundational Certified Code System Susmit Sarkar Thesis Proposal.
Cayley Theorem Every group is isomorphic to a permutation group.

Cayley Theorem Every group is isomorphic to a permutation group.
534 534534 534 534 534 534 A Type Theory for Memory Allocation and Data Layout Leaf Petersen, Robert Harper, Karl Crary and Frank Pfenning Carnegie Mellon.

A Type Theory for Memory Allocation and Data Layout Leaf Petersen, Robert Harper, Karl Crary and Frank Pfenning Carnegie Mellon.
CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)

CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)
Refining Mechanized Metatheory: Subtyping for LF William Lovas (with Frank Pfenning)

Refining Mechanized Metatheory: Subtyping for LF William Lovas (with Frank Pfenning)
74.757 Formal Logic Proof Methods Direct Proof / Natural Deduction Conditional Proof (Implication Introduction) Reductio ad Absurdum Resolution Refutation.

Formal Logic Proof Methods Direct Proof / Natural Deduction Conditional Proof (Implication Introduction) Reductio ad Absurdum Resolution Refutation.
A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.

A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.
What’s left in the course. The course in a nutshell Logics Techniques Applications.

What’s left in the course. The course in a nutshell Logics Techniques Applications.
Formalizing Alpha: Soundness and Completeness Bram van Heuveln Dept. of Cognitive Science RPI.

Formalizing Alpha: Soundness and Completeness Bram van Heuveln Dept. of Cognitive Science RPI.
Twelf: The Quintessential Proof Assistant for Language Metatheory Karl Crary Carnegie Mellon University Joint work with Robert Harper and Michael Ashley-Rollman.

Twelf: The Quintessential Proof Assistant for Language Metatheory Karl Crary Carnegie Mellon University Joint work with Robert Harper and Michael Ashley-Rollman.
The lambda calculus David Walker CS 441. the lambda calculus Originally, the lambda calculus was developed as a logic by Alonzo Church in 1932 –Church.

The lambda calculus David Walker CS 441. the lambda calculus Originally, the lambda calculus was developed as a logic by Alonzo Church in 1932 –Church.
POPLmark 1A in Cinic Evan Austin, Aaron Stump, and Edwin Westbrook 1.

POPLmark 1A in Cinic Evan Austin, Aaron Stump, and Edwin Westbrook 1.
Syntax With Binders COS 441 Princeton University Fall 2004.

Syntax With Binders COS 441 Princeton University Fall 2004.
Reading: Chapter 4, section 4 Nongraded Homework: Problems at the end of section 4. Graded Homework #4 is due at the beginning of class on Friday. You.

Reading: Chapter 4, section 4 Nongraded Homework: Problems at the end of section 4. Graded Homework #4 is due at the beginning of class on Friday. You.

Similar presentations

Ads by Google