Bindings, mobility of bindings, and the -quantifier



Similar documents
Relations: their uses in programming and computational specifications

Foundational Proof Certificates

CHAPTER 7 GENERAL PROOF SYSTEMS

Non-deterministic Semantics and the Undecidability of Boolean BI

System Description: Delphin A Functional Programming Language for Deductive Systems

Parametric Domain-theoretic models of Linear Abadi & Plotkin Logic

Summary Last Lecture. Automated Reasoning. Outline of the Lecture. Definition sequent calculus. Theorem (Normalisation and Strong Normalisation)

Lecture 13 of 41. More Propositional and Predicate Logic

Fixed-Point Logics and Computation

Andrew Pitts chapter for D. Sangorgi and J. Rutten (eds), Advanced Topics in Bisimulation and Coinduction, Cambridge Tracts in Theoretical Computer

Type Theory & Functional Programming

CMCS 312: Programming Languages Lecture 3: Lambda Calculus (Syntax, Substitution, Beta Reduction) Acar & Ahmed 17 January 2008

! " # The Logic of Descriptions. Logics for Data and Knowledge Representation. Terminology. Overview. Three Basic Features. Some History on DLs

ML for the Working Programmer

Static Program Transformations for Efficient Software Model Checking

A Propositional Dynamic Logic for CCS Programs

Introducing Formal Methods. Software Engineering and Formal Methods

Jieh Hsiang Department of Computer Science State University of New York Stony brook, NY 11794

Verifying Specifications with Proof Scores in CafeOBJ

CS510 Software Engineering

System BV is NP-complete

Testing LTL Formula Translation into Büchi Automata

Research Note. Bi-intuitionistic Boolean Bunched Logic

o-minimality and Uniformity in n 1 Graphs

= = 3 4, Now assume that P (k) is true for some fixed k 2. This means that

Verifying security protocols using theorem provers

(LMCS, p. 317) V.1. First Order Logic. This is the most powerful, most expressive logic that we will examine.

Path Querying on Graph Databases

Journal of Functional Programming, volume 3 number 4, Dynamics in ML

Formal Verification and Linear-time Model Checking

Semantics and Verification of Software

Chapter 7: Functional Programming Languages

NP-Completeness and Cook s Theorem

Model Checking: An Introduction

A Distributed Calculus for Role-Based Access Control

A Note on Context Logic

PROOFS AND TYPES JEAN-YVES GIRARD PAUL TAYLOR YVES LAFONT. CAMBRIDGE UNIVERSITY PRESS Cambridge. Translated and with appendices by

Simulation-Based Security with Inexhaustible Interactive Turing Machines

InvGen: An Efficient Invariant Generator

Software Modeling and Verification

Neighborhood Data and Database Security

University of Ostrava. Reasoning in Description Logic with Semantic Tableau Binary Trees

Linear Types for Continuations

Modal Proofs as Distributed Programs (Extended Abstract)

Types, Polymorphism, and Type Reconstruction

Observational Program Calculi and the Correctness of Translations

The Lean Theorem Prover

Computational Soundness of Symbolic Security and Implicit Complexity

Authenticity by Typing for Security Protocols

Functional Programming. Functional Programming Languages. Chapter 14. Introduction

CODING TRUE ARITHMETIC IN THE MEDVEDEV AND MUCHNIK DEGREES

Predicate Logic Review

Algorithmic Software Verification

Introduction to type systems

A Beginner s Guide to Modern Set Theory

Computational Logic and Cognitive Science: An Overview

Deterministic Discrete Modeling

Indiana State Core Curriculum Standards updated 2009 Algebra I

Verification of Imperative Programs in Theorema

Kolmogorov Complexity and the Incompressibility Method

Degrees that are not degrees of categoricity

Which Semantics for Neighbourhood Semantics?

Mathematical Induction. Lecture 10-11

Rigorous Software Development CSCI-GA

CHAPTER 3. Methods of Proofs. 1. Logical Arguments and Formal Proofs

OPERATIONAL TYPE THEORY by Adam Petcher Prepared under the direction of Professor Aaron Stump A thesis presented to the School of Engineering of

JUST THE MATHS UNIT NUMBER 1.8. ALGEBRA 8 (Polynomials) A.J.Hobson

Automated Theorem Proving - summary of lecture 1

Theory of Automated Reasoning An Introduction. Antti-Juhani Kaijanaho

Extending Semantic Resolution via Automated Model Building: applications

Software Verification and Testing. Lecture Notes: Temporal Logics

Logic, Algebra and Truth Degrees Siena. A characterization of rst order rational Pavelka's logic

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, Notes on Algebra

Chapter II. Controlling Cars on a Bridge

Low upper bound of ideals, coding into rich Π 0 1 classes

How To Prove The Dirichlet Unit Theorem

Section 13.5 Equations of Lines and Planes

Dedekind s forgotten axiom and why we should teach it (and why we shouldn t teach mathematical induction in our calculus classes)

Set-theoretic Foundation of Parametric Polymorphism and Subtyping

INTRODUCTORY SET THEORY

Novel Data Extraction Language for Structured Log Analysis

A first step towards modeling semistructured data in hybrid multimodal logic

Transcription:

ICMS, 26 May 2007 1/17 Bindings, mobility of bindings, and the -quantifier Dale Miller, INRIA-Saclay and LIX, École Polytechnique This talk is based on papers with Tiu in LICS2003 & ACM ToCL, and experience using λprolog and Bedwyr (systems developed with Baelde, Gacek, Nadathur, and Tiu).

ICMS, 26 May 2007 2/17 Outline 1. Bindings or Names? 2. Binder mobility 3. -quantification 4. Example: π-calculus bisimulation

ICMS, 26 May 2007 3/17 Some slogans (I) From Alan Perlis s Epigrams on Programming: As Will Rogers would have said, There is no such thing as a free variable. Thus: all variables will be bound somewhere. (II) We treat the names of binders as the same kind of fiction as we treat white space: they are artifacts of how we write expressions and have zero semantic content. Thus: we focus on bindings abstractly and not on how they are named (implemented). This conclusion that bindings are important and not names is targeted at meta-programming. Names as concrete objects clearly have importance in a number of other tasks: distributed computing, operating systems, the implementation of theorem provers, etc.

ICMS, 26 May 2007 4/17 Concrete syntax vs. parse trees Church and Gödel did their meta-theory on strings. For example, Church wrote about well formed formulas and the head is the first non-bracket symbol on the left. Concrete syntax has too much concrete nonsense. Parsing allows us to move from strings to algebraic terms (parse trees). Parse tree vs. λ-tree syntax Parse tree still have too much concrete nonsense. In particular, the names of bound variables. λ-tree syntax is an approach to HOAS where bound variable names cannot be accessed.

ICMS, 26 May 2007 5/17 Higher-Order Abstract Syntax If your object-level syntax (formulas, programs, types, etc) contain binders, then map these binders to binders in the meta-language. Functional Programming & Constructive type theories: the binder available is the one for function spaces. Proof Search (a modern update to logic programming): the binders available are λ-expressions with equality (and, hence, unification) modulo α, β, and η conversions. These approaches are different. Consider w i. λx.x λx.w ( ). Functional Prog: ( ) is not always a theorem, since the identity and the constant valued function coincide on singleton domains. Proof search: ( ) is a theorem since no instance of λx.w is λx.x. λ-tree syntax is HOAS in the proof search setting.

ICMS, 26 May 2007 6/17 Some developments in Proof Theory Uniform (focused) proofs Used to justify the proof-search paradigm (eg, λprolog). Different development path than for proof-normalization (functional programming). A proof theory for fixed points Allow unfoldings only. Finite-failure is given a symmetric treatment to finite success. One can capture some must-behavior (eg, bisimulation) and not just may-behavior (eg, reachability). -quantification The difference between and does not appear without negation-as-failure. Rich mobility of binders are possible in the resulting logic. Bedwyr implements the features above A proof theory for induction/co-induction Tiu and Momigliano have approaches to induction, co-induction, and. Baelde has a proof-theory of fixed points to support automation.

ICMS, 26 May 2007 7/17 Dynamics of binders during proof search During computation, binders can be instantiated or they can move. Σ :, typeof c (int int) C Σ :, α(typeof c (α α)) C L Σ, x :, typeof x α typeof B β Σ : x(typeof x α typeof B β) R Σ : typeof λx.b (α β) In this case, the binder named x moves from term-level (λx) to formula-level ( x) to proof-level (as an eigenvariable in Σ, x). Note: The variables in Σ within Σ : C are eigenvariables and are bound over the sequent. Σ is the sequent s signature.

ICMS, 26 May 2007 8/17 The collapse of eigenvariables An attempt to build a cut-free proof of x y.p x y first introduces two new and different eigenvariables c and d and then attempts to prove P c d. Eigenvariables have been used to encode names in π-calculus [Miller93], nonces in security protocols [Cervesato, et.al. 99], reference locations in imperative programming [Chirimar95], etc. Since x y.p x y z.p z z is provable, it follows that the provability of x y.p x y implies the provability of z.p z z. That is, there is also a cut-free proof where the eigenvariables c and d are identified. Thus, eigenvariables are unlikely to capture the proper logic behind things like nonces, references, names, etc.

ICMS, 26 May 2007 9/17 Quiz Consider a simple object-logic with a pairing constructor x, y. If the formula u v[q u, t 1 v, t 2 v, t 3 ] follows from the assumptions x y[q x x y] x y[q x y x] x y[q y x x] what can we say about the terms t 1, t 2, and t 3?

ICMS, 26 May 2007 10/17 Quiz Consider a simple object-logic with a pairing constructor x, y. If the formula u v[q u, t 1 v, t 2 v, t 3 ] follows from the assumptions x y[q x x y] x y[q x y x] x y[q y x x] what can we say about the terms t 1, t 2, and t 3? Answer: The terms t 2 and t 3 are equal. We wish to prove t 1 t 2 t 3 [prv ( u v[q u, t 1 v, t 2 v, t 3 ]) t 2 = t 3 Does not matter the domain of the quantifiers u v. This conclusion holds for internal reasons instead of external reasons. Such an internal treatment does not seem possible if the binders named u and v move to the meta-level as eigenvariables.

ICMS, 26 May 2007 11/17 Generic judgments and a new quantifier Gentzen s introduction rule for on the left is extensional: x mean a (possibly infinite) conjunction indexed by terms. The quantifier x.b x provides a more intensional, internal, or generic reading. It employs a new local context in sequents. Σ : B 1,..., B n B 0 Σ : σ 1 B 1,..., σ n B n σ 0 B 0 Σ is a list of distinct eigenvariables, scoped over the sequent and σ i is a list of distinct variables, locally scoped over the formula B i. The expression σ i B i is called a generic judgment. Equality between judgments is defined up to renaming of local variables.

ICMS, 26 May 2007 12/17 The -quantifier The left and right introductions for (nabla) are the same. Σ : (σ, x : τ) B, Γ C Σ : σ τ x.b, Γ C Σ : Γ (σ, x : τ) B Σ : Γ σ τ x.b Standard proof theory design: Enrich context and add connectives dealing with these context. Quantification Logic: Add the eigenvariable context; add and. Linear Logic: Add multiset context; add multiplicative connectives. Also: hyper-sequents, calculus of structures, etc. Such a design, augmented with cut-elimination, provides modularity of the resulting logic.

ICMS, 26 May 2007 13/17 Properties of The following are theorems: moves through all propositional connectives: x Bx xbx x. x. x(bx Cx) xbx xcx x(bx Cx) xbx xcx x(bx Cx) xbx xcx The moves through the quantifiers by raising them. x α y β.bxy h α β x.bx(hx) x α y β.bxy h α β x.bx(hx) Finally, with equality: x.t = s λx.t = λx.s. Thus: can be implemented for free in systems already solving equations involving λ-terms.

ICMS, 26 May 2007 14/17 Non-theorems and not-yet-theorems Some non-theorems: x ybxy zbzz zbzz x ybxy y xbxy x ybxy xbx xbx xbx xbx xbx xbx Once we introduce inference rules for definitions and equality, the following can be proved. xbx xbx xb B x yb x y y xb x y This quantifier seems to be a weaker version of the Pitts-Gabbay fresh quantifier.

ICMS, 26 May 2007 15/17 π-calculus: encoding (bi)simulation In the atomic formula P A P, the expressions P and P are processes and A is an action. In the atomic formulas P X P and P X P, the expression P is an name abstraction over processes and both X and X are name abstractions over actions (X is a name). sim P Q = A P [P A P Q.Q A Q sim P Q ] X P [P X P Q.Q X Q w.sim(p w)(q w)] X P [P X P Q.Q X Q w.sim(p w)(q w)] Bisimulation (bisim) is easy to write: it has 6 cases.

ICMS, 26 May 2007 16/17 Learning something from our encoding Theorem: Assume the finite π-calculus and the bisimulation definition. I x.bisim (P x) (Q x) if and only if P x is open bisimilar to Q x. X I x.bisim (P x) (Q x) if and only if P x is late bisimilar to Q x. Here, X is a finite set of excluded middle assumptions of the form n 1... n k w y.(w = y w y) (k 0) A straightforward application of proof search principles (as provided by, for example, Bedwyr) provides symbolic open bisimulation

ICMS, 26 May 2007 17/17 Future Work What is a good model theoretic semantics for? In classical and/or intuitionistic logic? What are some natural strengthening of? How exactly does it compare to Pitts-Gabbay? (See Tiu s talk.) How to do induction in the presence of? Develop an interactive theorem prover that incorporates induction and co-induction along with the model-checking behavior of Bedwyr. Generalize format rules for operational semantic (such as tyft/tyxt) to mobility in process calculi so that one gets guarantees that (open) bisimulation is a congruence (joint work with Palamidessi and Ziegler).

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information