Presentation is loading. Please wait.

Presentation is loading. Please wait.

Refining Mechanized Metatheory: Subtyping for LF William Lovas (with Frank Pfenning)

Published bySilvester West Modified over 9 years ago

Similar presentations

Presentation on theme: "Refining Mechanized Metatheory: Subtyping for LF William Lovas (with Frank Pfenning)"— Presentation transcript:

1 Refining Mechanized Metatheory: Subtyping for LF William Lovas (with Frank Pfenning)

2 LFMTP '07 2 LF: a framework for defining logics (Harper, Honsell, and Plotkin, 1987, 1993) Dependently-typed lambda calculus Encode deductive systems and metatheory, in a machine-checkable way – e.g. a programming language and its type safety theorem Guiding principle: “judgements as types”

3 LFMTP '07 3 Judgements as types On paper: Syntax – e ::= … Judgement – Γ ⊢ e : τ Deduction – D :: Γ ⊢ e : τ Proof checking In LF: Simple type – exp : type. Type family – of : exp →  tp → type. Well-typed term – M : of E T Type checking

4 LFMTP '07 4 Inclusion as subtyping Some judgements have a natural notion of inclusion – all values are expressions – all odd natural numbers are positive More interesting types means more interesting judgements!

5 LFMTP '07 5 Example: natural numbers nat : type. z : nat. s : nat → nat. double : nat → nat → type. % plus rules even : nat → type. % plus some rules… odd : nat → type. % plus some rules… dbl-even : Π X :nat. Π Y :nat. % plus cases double X Y → even Y → type.

6 LFMTP '07 6 Example: nats using refinements nat : type. z : nat. s : nat → nat. double : nat → nat → type. % plus rules even : nat → type. % plus some rules… odd : nat → type. % plus some rules… dbl-even : Π X :nat. Π Y :nat. % plus cases double X Y → even Y → type. nat : type. even ≤ nat. odd ≤ nat. z : even. s : even → odd ∧ odd → even. double : nat → even → type. % plus rules metatheorem checking problem ⇝ typechecking problem!

7 LFMTP '07 7 Example: nats using refinements nat : type. even ≤ nat. odd ≤ nat. z : even. s : even → odd ∧ odd → even. double : nat → even → type. dbl-z : double z z. dbl-s : Π X :nat. Π Y :even. double X Y → double (s X ) (s (s Y )). dbl-s : Π X :nat. Π Y :even. double X Y → double (s X ) (s (s Y )).

8 LFMTP '07 8 Example: the lambda calculus exp : type. val : type. lam : (val → exp) → val. app : exp → exp → exp. $ : val → exp. lam (λ x. app ($ x ) ($ x )) : val Intrinsic values encoding: val ≤ exp. lam (λ x. app x x ) : val

9 LFMTP '07 9 Technology

10 LFMTP '07 10 Adequacy Does this really mean what I think it means? Strategy: exhibit a compositional bijection between mathematical objects and canonical forms following judgements as types. – “canonical forms” are β-normal and η-long.

11 LFMTP '07 11 Canonical forms method Represent only the canonical forms. – β-normal: syntactically – η-long: through typing – Hereditary substitutions contract redexes Simplifies metatheory, emphasizes adequacy Concurrent LF (Watkins, et al, 2003)

12 LFMTP '07 12 LF typing Bidirectional typing Synthesis: Γ ⊢ R ⇒ A – elims: R ::= x | c | R N Checking: Γ ⊢ N ⇐ A – intros: N ::= R | λ x. N

13 LFMTP '07 13 Checking Γ ⊢ R ⇒ P’ P’ = P Γ ⊢ R ⇐ P Γ ⊢ N ⇐ A Key rule: – base type, so atoms fully applied – the only appeal to type equality

14 LFMTP '07 14 Checking… with subtyping! Γ ⊢ R ⇒ P’ P’ ≤ P Γ ⊢ R ⇐ P Γ ⊢ N ⇐ A Easy to adapt! – just change equality to subtyping – subtyping… only at base type?

15 LFMTP '07 15 Intersections Kind of like pairs, but the terms don’t change Γ ⊢ N ⇐ A 1 Γ ⊢ N ⇐ A 2 Γ ⊢ N ⇐ A 1 ∧ A 2 Γ ⊢ N ⇐ ⊤ Γ ⊢ R ⇒ A 1 ∧ A 2 Γ ⊢ R ⇒ A 1 Γ ⊢ R ⇒ A 1 ∧ A 2 Γ ⊢ R ⇒ A 2

16 LFMTP '07 16 Metatheory

17 LFMTP '07 17 LF(R) as a logic Entailment should be reflexive: – A ⊢ A and transitive: – if A ⊢ B and B ⊢ C, then A ⊢ C

18 LFMTP '07 18 LF(R) as a logic Assume x is a proof of A. Is x a proof of A ? – not necessarily! x : A 1 → A 2 ⊬ x ⇐ A 1 → A 2 – have to η-expand: x : A 1 → A 2 ⊢ λ y. x y ⇐ A 1 → A 2

19 LFMTP '07 19 LF(R) as a logic Assume x is a proof of A. Can M ⇐ A stand in for x ? – if substitution is hereditary? [M/ x ] A N not obviously defined…

20 LFMTP '07 20 Important principles Substitution if Γ, x :A ⊢ N ⇐ B and Γ ⊢ M ⇐ A, then Γ ⊢ [M/ x ] A N ⇐ [M/ x ] A B. Identity for all A, Γ, x :A ⊢ η A ( x ) ⇐ A. “Substitution” morally a normalization proof

21 LFMTP '07 21 More about subtyping

22 LFMTP '07 22 Key rule: Bidirectional: subtyping only at mode switch Canonical: mode switch only at base type Subtyping Γ ⊢ R ⇒ P’ P’ ≤ P Γ ⊢ R ⇐ P Γ ⊢ N ⇐ A

23 LFMTP '07 23 Subtyping at higher types? What happened to the structural rules? E.g., Distributivity? A 2 ≤ A 1 B 1 ≤ B 2 A 1 → B 1 ≤ A 2 → B 2 (A → B 1 ) ∧ (A → B 2 ) ≤ A → (B 1 ∧ B 2 )

24 LFMTP '07 24 Subtyping at higher types! Intrinsic subtyping: if A ≤ B and Γ ⊢ N ⇐ A, then Γ ⊢ N ⇐ B. Equivalently: if A ≤ B then x :A ⊢ η A ( x ) ⇐ B. – Just like the Identity principle! – … also the Substitution principle… Usual rules are all sound in this sense.

25 LFMTP '07 25 Subtyping at higher types!? … and also complete! Theorem: if x :A ⊢ η A ( x ) ⇐ B then A ≤ B. Also: if Γ ⊢ N ⇐ A implies Γ ⊢ N ⇐ B, then A ≤ B. There are no new subtyping principles.

26 LFMTP '07 26 Future work Two directions: 1. Extend LFR with Twelf stuff type reconstruction unification proof search 2. Extend LFR with CLF stuff more type constructors subtyping with linearity?

27 LFMTP '07 27 Summary Refinement types are a useful addition to LF. Canonical forms method is up to the task. Concentrating only on canonical forms and bidirectional typing yields new insights into subtyping.

28 LFMTP '07 28 secret slides

29 LFMTP '07 29 Related work Refinement types – Tim Freeman, Rowan Davies, Joshua Dunfield Logical frameworks – Robert Harper, Furio Honsell, Gordon Plotkin – Frank Pfenning Subtyping and dependent types – David Aspinall, Adriana Compagnoni

30 LFMTP '07 30 LF syntax Terms Types R ::= c | x | R N N ::= R | λ x. N P ::= a | P N A, B ::= P | Π x :A.B atomic normal atomic normal no redexes

31 LFMTP '07 31 Hereditary substitution Substitution must contract redexes Example: Indexed by type subscript for termination Sometimes undefined: [(λ x. d x x ) / y ] y z = d z z [M/ x ] A N [(λ x. x x ) / y ] A y y fails by induction on A

32 LFMTP '07 32 Synthesis Γ ⊢ R ⇒ Π x :A.B Γ ⊢ N ⇐ A Γ ⊢ R N ⇒ [N/ x ] A B x :A ∈ Γ Γ ⊢ x ⇒ A c:A ∈ Σ Γ ⊢ c ⇒ A Γ ⊢ R ⇒ A hereditary substitution

33 LFMTP '07 33 Checking Γ ⊢ R ⇒ P’ P’ = P Γ ⊢ R ⇐ P Γ, x :A ⊢ N ⇐ B Γ ⊢ λ x.N ⇐ Π x :A.B Γ ⊢ N ⇐ A

34 LFMTP '07 34 Example: the lambda calculus exp : type. val ⊏ exp. lam : (exp → exp) → exp. app : exp → exp → exp. value : exp → type. lam : (val → exp) → val.

35 LFMTP '07 35 s ⊏ a :: L Γ ⊢ R ⇒ P’ P’ = P Γ ⊢ R ⇐ P Γ ⊢ R ⇒ P’ P’ ≤ P Γ ⊢ R ⇐ P

36 LFMTP '07 36 Subtyping Key rule: Bidirectional: subtyping only at mode switch Canonical: mode switch only at base type subtyping only at base type!

37 LFMTP '07 37 ⇐Γ, x:A ⊢ M ⇐ B ≤ e abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ Γ ⊢ R ⇒ A

Download ppt "Refining Mechanized Metatheory: Subtyping for LF William Lovas (with Frank Pfenning)"

Similar presentations

Types and Programming Languages Lecture 4 Simon Gay Department of Computing Science University of Glasgow 2006/07.

Types and Programming Languages Lecture 4 Simon Gay Department of Computing Science University of Glasgow 2006/07.
Types and Programming Languages Lecture 13 Simon Gay Department of Computing Science University of Glasgow 2006/07.

Types and Programming Languages Lecture 13 Simon Gay Department of Computing Science University of Glasgow 2006/07.
Types and Programming Languages Lecture 15 Simon Gay Department of Computing Science University of Glasgow 2006/07.

Types and Programming Languages Lecture 15 Simon Gay Department of Computing Science University of Glasgow 2006/07.
Substitution & Evaluation Order cos 441 David Walker.

Substitution & Evaluation Order cos 441 David Walker.
Static and User-Extensible Proof Checking Antonis StampoulisZhong Shao Yale University POPL 2012.

Static and User-Extensible Proof Checking Antonis StampoulisZhong Shao Yale University POPL 2012.
11.1 11. Computational Models The exam. Models of computation. –The Turing machine. –The Von Neumann machine. –The calculus. –The predicate calculus. Turing.

Computational Models The exam. Models of computation. –The Turing machine. –The Von Neumann machine. –The calculus. –The predicate calculus. Turing.
Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.

Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.
Certified Typechecking in Foundational Certified Code Systems Susmit Sarkar Carnegie Mellon University.

Certified Typechecking in Foundational Certified Code Systems Susmit Sarkar Carnegie Mellon University.
March 4, 2005Susmit Sarkar 1 A Cost-Effective Foundational Certified Code System Susmit Sarkar Thesis Proposal.

March 4, 2005Susmit Sarkar 1 A Cost-Effective Foundational Certified Code System Susmit Sarkar Thesis Proposal.
Propositional Logic CMSC 471 Chapter , 7.7 and Chuck Dyer

Propositional Logic CMSC 471 Chapter , 7.7 and Chuck Dyer
VeriML: Revisiting the Foundations of Proof Assistants Zhong Shao Yale University MacQueen Fest May 13, 2012 (Joint work with Antonis Stampoulis)

VeriML: Revisiting the Foundations of Proof Assistants Zhong Shao Yale University MacQueen Fest May 13, 2012 (Joint work with Antonis Stampoulis)
Catriel Beeri Pls/Winter 2004/5 last 55 Two comments on let polymorphism I. What is the (time, space) complexity of type reconstruction? In practice –

Catriel Beeri Pls/Winter 2004/5 last 55 Two comments on let polymorphism I. What is the (time, space) complexity of type reconstruction? In practice –
CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)

CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)
1 Meta-Programming through Typeful Code Representation Chiyan Chen and Hongwei Xi Boston University.

1 Meta-Programming through Typeful Code Representation Chiyan Chen and Hongwei Xi Boston University.
A Concurrent Logical Framework (Joint work with Frank Pfenning, David Walker, and Kevin Watkins) Iliano Cervesato ITT Industries,

A Concurrent Logical Framework (Joint work with Frank Pfenning, David Walker, and Kevin Watkins) Iliano Cervesato ITT Industries,
Twelf: The Quintessential Proof Assistant for Language Metatheory Karl Crary Carnegie Mellon University Joint work with Robert Harper and Michael Ashley-Rollman.

Twelf: The Quintessential Proof Assistant for Language Metatheory Karl Crary Carnegie Mellon University Joint work with Robert Harper and Michael Ashley-Rollman.
1 A Dependently Typed Assembly Language Hongwei Xi University of Cincinnati and Robert Harper Carnegie Mellon University.

1 A Dependently Typed Assembly Language Hongwei Xi University of Cincinnati and Robert Harper Carnegie Mellon University.
Strict Bidirectional Type Checking Adam Chlipala, Leaf Petersen, and Robert Harper.

Strict Bidirectional Type Checking Adam Chlipala, Leaf Petersen, and Robert Harper.
Syntax With Binders COS 441 Princeton University Fall 2004.

Syntax With Binders COS 441 Princeton University Fall 2004.
Chair of Software Engineering 1 Concurrent Object-Oriented Programming Arnaud Bailly, Bertrand Meyer and Volkan Arslan.

Chair of Software Engineering 1 Concurrent Object-Oriented Programming Arnaud Bailly, Bertrand Meyer and Volkan Arslan.

Similar presentations

Ads by Google