Probabilistic Applicative Bisimulation and Call-by-Value Lam

Size: px

Start display at page:

Download "Probabilistic Applicative Bisimulation and Call-by-Value Lam"

Cornelius Merritt
5 years ago
Views:

1 Probabilistic Applicative and Call-by-Value Lambda Calculi Joint work with Ugo Dal Lago ENS Lyon February 9, 2014 Probabilistic Applicative and Call-by-Value Lam

2 Introduction Fundamental question: when can two programs be considered equivalent? Probabilistic Applicative and Call-by-Value Lam

3 Introduction Fundamental question: when can two programs be considered equivalent? Context equivalence [Morris1968] : Two terms M and N are context equivalent if their observable behavior is the same in any context. Probabilistic Applicative and Call-by-Value Lam

4 Introduction Fundamental question: when can two programs be considered equivalent? Context equivalence [Morris1968] : Two terms M and N are context equivalent if their observable behavior is the same in any context. Proving that two programs are not equivalent is relatively easy: just find a context that separates them. Proving that two program are indeed equivalent, on the other hand, can be quite complicated. Other equivalence notion : Bisimilarity Probabilistic Applicative and Call-by-Value Lam

5 Our result For a probabilistic λ-calculus (Λ ) : Context Equivalence = Bisimilarity Probabilistic Applicative and Call-by-Value Lam

6 1 Λ Syntax and Operational Semantics Motivating Example : Perfect Security 2 Probabilistic in the abstact A Labelled Markov Chain for Λ Example 3 Full Abstraction 4 Probabilistic Applicative and Call-by-Value Lam

7 Syntax and Operational Semantics Motivating Example : Perfect Security 1 Λ Syntax and Operational Semantics Motivating Example : Perfect Security 2 Probabilistic in the abstact A Labelled Markov Chain for Λ Example 3 Full Abstraction 4 Probabilistic Applicative and Call-by-Value Lam

8 Syntax and Operational Semantics Motivating Example : Perfect Security Syntax and Operational Semantics of Λ [DLZorzi2012] Terms: M, N ::= x λx.m MM M M; Probabilistic Applicative and Call-by-Value Lam

9 Syntax and Operational Semantics Motivating Example : Perfect Security Syntax and Operational Semantics of Λ [DLZorzi2012] Terms: M, N ::= x λx.m MM M M; Values: V ::= λx.m; Probabilistic Applicative and Call-by-Value Lam

10 Syntax and Operational Semantics Motivating Example : Perfect Security Syntax and Operational Semantics of Λ [DLZorzi2012] Terms: M, N ::= x λx.m MM M M; Values: V ::= λx.m; Approximation (Big-Step) Semantics: M D, where D : Values [0, 1] sub-probability distribution. Approximation from below : only finite distributions M V {V 1 } M D N E M N 1 2 D E M K N F {P[V /x] E P,V } λx.p S(K ), V S(F) ( ) MN F (V ) λx.p S(K ) K (λx.p)e P,V V S(F) Probabilistic Applicative and Call-by-Value Lam

11 Syntax and Operational Semantics Motivating Example : Perfect Security Syntax and Operational Semantics of Λ [DLZorzi2012] Terms: M, N ::= x λx.m MM M M; Values: V ::= λx.m; Approximation (Big-Step) Semantics: M D, where D : Values [0, 1] sub-probability distribution. Approximation from below : only finite distributions M V {V 1 } M D N E M N 1 2 D E M K N F {P[V /x] E P,V } λx.p S(K ), V S(F) ( ) MN F (V ) λx.p S(K ) K (λx.p)e P,V V S(F) Semantics: M = sup M D D; Probabilistic Applicative and Call-by-Value Lam

12 Syntax and Operational Semantics Motivating Example : Perfect Security Syntax and Operational Semantics of Λ [DLZorzi2012] Terms: M, N ::= x λx.m MM M M; Values: V ::= λx.m; Approximation (Big-Step) Semantics: M D, where D : Values [0, 1] sub-probability distribution. Approximation from below : only finite distributions M V {V 1 } M D N E M N 1 2 D E M K N F {P[V /x] E P,V } λx.p S(K ), V S(F) ( ) MN F (V ) λx.p S(K ) K (λx.p)e P,V V S(F) Semantics: M = sup M D D; Variations: Small-Step Semantics, Call-by-name Evaluation. Probabilistic Applicative and Call-by-Value Lam

13 Syntax and Operational Semantics Motivating Example : Perfect Security Why Probabilistic Computation? Probabilistic Applicative and Call-by-Value Lam

14 An Example: Perfect Security Syntax and Operational Semantics Motivating Example : Perfect Security Probabilistic Applicative and Call-by-Value Lam

15 An Example: Perfect Security Syntax and Operational Semantics Motivating Example : Perfect Security Let Π = (GEN, ENC, DEC) be a cryptoscheme. Let A = (A 1, A 2 ) be an adversary. Probabilistic Applicative and Call-by-Value Lam

16 An Example: Perfect Security Syntax and Operational Semantics Motivating Example : Perfect Security Let Π = (GEN, ENC, DEC) be a cryptoscheme. Let A = (A 1, A 2 ) be an adversary. PrivK Π A m 0, m 1 A 1 ; Probabilistic Applicative and Call-by-Value Lam

17 An Example: Perfect Security Syntax and Operational Semantics Motivating Example : Perfect Security Let Π = (GEN, ENC, DEC) be a cryptoscheme. Let A = (A 1, A 2 ) be an adversary. PrivK Π A m 0, m 1 A 1 ; b {0, 1}; k GEN; Probabilistic Applicative and Call-by-Value Lam

18 An Example: Perfect Security Syntax and Operational Semantics Motivating Example : Perfect Security Let Π = (GEN, ENC, DEC) be a cryptoscheme. Let A = (A 1, A 2 ) be an adversary. PrivK Π A m 0, m 1 A 1 ; b {0, 1}; k GEN; c ENC(m b, k); Probabilistic Applicative and Call-by-Value Lam

19 An Example: Perfect Security Syntax and Operational Semantics Motivating Example : Perfect Security Let Π = (GEN, ENC, DEC) be a cryptoscheme. Let A = (A 1, A 2 ) be an adversary. PrivK Π A m 0, m 1 A 1 ; b {0, 1}; k GEN; c ENC(m b, k); b A 2 (c); Probabilistic Applicative and Call-by-Value Lam

20 An Example: Perfect Security Syntax and Operational Semantics Motivating Example : Perfect Security Let Π = (GEN, ENC, DEC) be a cryptoscheme. Let A = (A 1, A 2 ) be an adversary. PrivK Π A m 0, m 1 A 1 ; b {0, 1}; k GEN; c ENC(m b, k); b A 2 (c); return b = b. Probabilistic Applicative and Call-by-Value Lam

21 An Example: Perfect Security Syntax and Operational Semantics Motivating Example : Perfect Security For every adversary A, Pr(PrivK Π A = true) = 1 2 Probabilistic Applicative and Call-by-Value Lam

22 An Example: Perfect Security Syntax and Operational Semantics Motivating Example : Perfect Security One-Time-Pad GEN = true false : bool; ENC = λx.λy.if x then (NOT y) else y : bool bool bool; DEC = ENC. Probabilistic Applicative and Call-by-Value Lam

23 An Example: Perfect Security Syntax and Operational Semantics Motivating Example : Perfect Security One-Time-Pad GEN = true false : bool; ENC = λx.λy.if x then (NOT y) else y : bool bool bool; DEC = ENC. The Experiment as a Pair of Terms EXP FST = λx.λy.enc x GEN : bool bool bool; EXP SND = λx.λy.enc y GEN : bool bool bool. Probabilistic Applicative and Call-by-Value Lam

24 An Example: Perfect Security Syntax and Operational Semantics Motivating Example : Perfect Security One-Time-Pad GEN = true false : bool; ENC = λx.λy.if x then (NOT y) else y : bool bool bool; DEC = ENC. The Experiment as a Pair of Terms EXP FST = λx.λy.enc x GEN : bool bool bool; EXP SND = λx.λy.enc y GEN : bool bool bool. A.Pr(PrivK OTP A = true) = 1 2 EXP FST EXP SND Probabilistic Applicative and Call-by-Value Lam

25 Probabilistic in the abstact A Labelled Markov Chain for Λ Example 1 Λ Syntax and Operational Semantics Motivating Example : Perfect Security 2 Probabilistic in the abstact A Labelled Markov Chain for Λ Example 3 Full Abstraction 4 Probabilistic Applicative and Call-by-Value Lam

26 Bisimilarity (deterministic case) Probabilistic in the abstact A Labelled Markov Chain for Λ Example Let (S, Act, ) be a LTS (Labelled Transition System). A Simulation is a relation R on S such that : If p R q, and p a s, there exists t such that q a t and s R t. p R q a s Bisimilarity : p and q are bisimilar if : p R q, and R is a bisimulation. Probabilistic Applicative and Call-by-Value Lam

27 Bisimilarity (deterministic case) Probabilistic in the abstact A Labelled Markov Chain for Λ Example Let (S, Act, ) be a LTS (Labelled Transition System). A Simulation is a relation R on S such that : If p R q, and p a s, there exists t such that q a t and s R t. p R q a s R a t Bisimilarity : p and q are bisimilar if : p R q, and R is a bisimulation. Probabilistic Applicative and Call-by-Value Lam

28 Applicative [Abramsky93] Probabilistic in the abstact A Labelled Markov Chain for Λ Example Terms Probabilistic Applicative and Call-by-Value Lam

29 Applicative [Abramsky93] Probabilistic in the abstact A Labelled Markov Chain for Λ Example Terms Values Probabilistic Applicative and Call-by-Value Lam

30 Applicative [Abramsky93] Probabilistic in the abstact A Labelled Markov Chain for Λ Example Terms Values M N L. Probabilistic Applicative and Call-by-Value Lam

31 Applicative [Abramsky93] Probabilistic in the abstact A Labelled Markov Chain for Λ Example Terms Values M V N W L Z.. Probabilistic Applicative and Call-by-Value Lam

32 Applicative [Abramsky93] Probabilistic in the abstact A Labelled Markov Chain for Λ Example Terms Values M Probabilistic Applicative and Call-by-Value Lam

33 Applicative [Abramsky93] Probabilistic in the abstact A Labelled Markov Chain for Λ Example Terms M eval Values V Probabilistic Applicative and Call-by-Value Lam

34 Applicative [Abramsky93] Probabilistic in the abstact A Labelled Markov Chain for Λ Example Terms M eval Values V λx.n Probabilistic Applicative and Call-by-Value Lam

35 Applicative [Abramsky93] Probabilistic in the abstact A Labelled Markov Chain for Λ Example Terms M N{L/x} eval L Values V λx.n Probabilistic Applicative and Call-by-Value Lam

36 Applicative [Abramsky93] Probabilistic in the abstact A Labelled Markov Chain for Λ Example Simulation eval λx.l R M N L{R/x} P{R/x} eval λx.p R Probabilistic Applicative and Call-by-Value Lam

37 Applicative [Abramsky93] Probabilistic in the abstact A Labelled Markov Chain for Λ Example Simulation eval λx.l R M R N L{R/x} P{R/x} eval λx.p R Probabilistic Applicative and Call-by-Value Lam

38 Applicative [Abramsky93] Probabilistic in the abstact A Labelled Markov Chain for Λ Example Simulation eval λx.l R M R N L{R/x} R P{R/x} eval λx.p R Probabilistic Applicative and Call-by-Value Lam

39 Applicative [Abramsky93] Probabilistic in the abstact A Labelled Markov Chain for Λ Example Simulation eval λx.l R M R N L{R/x} R P{R/x} eval λx.p R Similarity: union of all simulations, denoted ; Bisimilarity: union of all bisimulations, denoted. Theorem M N iff M N. Probabilistic Applicative and Call-by-Value Lam

40 Probabilistic in the Abstract [LS1992] Probabilistic in the abstact A Labelled Markov Chain for Λ Example Labelled Markov Chain (LMC): a triple M = (S, L, P), where S is a countable set of states; L is a set of labels; P is a transition probability matrix, i.e., a function P : S L S R such that for every state s and for every label l, P(S, l, t) = t S P(s, l, t) 1; Probabilistic Applicative and Call-by-Value Lam

41 Bisimilarity (probabilistic case) Probabilistic in the abstact A Labelled Markov Chain for Λ Example Let (S, L, P) be a LMC (Labelled Markov Chain). p q a a s 1 s 2 s 3 s 4 s 5 E 1 E 2 : R such that R equivalence relation on S. (p, q) R for every equivalence class E, a L, P(q, a, s) P(p, a, s) = s E s E. Probabilistic Applicative and Call-by-Value Lam

42 Probabilistic in the abstact A Labelled Markov Chain for Λ Example A Labelled Markov Chain for Λ Terms Values M Probabilistic Applicative and Call-by-Value Lam

43 Probabilistic in the abstact A Labelled Markov Chain for Λ Example A Labelled Markov Chain for Λ Terms Values M eval, M (V ) eval, M (W ) V eval, M (Z) W Z. Probabilistic Applicative and Call-by-Value Lam

44 Probabilistic in the abstact A Labelled Markov Chain for Λ Example A Labelled Markov Chain for Λ Terms Values λx.n Probabilistic Applicative and Call-by-Value Lam

45 Probabilistic in the abstact A Labelled Markov Chain for Λ Example A Labelled Markov Chain for Λ Terms Values N{W /x} W, 1 λx.n Probabilistic Applicative and Call-by-Value Lam

46 Back to Our Example Probabilistic in the abstact A Labelled Markov Chain for Λ Example EXP FST = λx.λy.enc x GEN : bool bool bool; EXP SND = λx.λy.enc y GEN : bool bool bool. Probabilistic Applicative and Call-by-Value Lam

47 Back to Our Example Probabilistic in the abstact A Labelled Markov Chain for Λ Example EXP FST EXP SND true false true false λy.enc true GEN λy.enc false GEN λy.enc y GEN eval eval eval λy.enc true GEN λy.enc false GEN λy.enc y GEN false true ENC true GEN eval false true false ENC false GEN true eval 1 2 true false Probabilistic Applicative and Call-by-Value Lam

48 Back to Our Example Probabilistic in the abstact A Labelled Markov Chain for Λ Example R σ = X σ ID σ ; X bool = {(ENC true GEN), (ENC false GEN)}; X bool bool = {(λy.enc y GEN), (λy.enc true GEN), (λy.enc false GEN)}; X bool bool bool = {EXP FST, EXP SND }; Probabilistic Applicative and Call-by-Value Lam

49 Full Abstraction 1 Λ Syntax and Operational Semantics Motivating Example : Perfect Security 2 Probabilistic in the abstact A Labelled Markov Chain for Λ Example 3 Full Abstraction 4 Probabilistic Applicative and Call-by-Value Lam

50 Full Abstraction Contexts: C ::= [ ] λx.c CM MC M C C M. Context Equivalence: M N iff for every context C it holds that C[M] = C[N]. Theorem is included in. Lemma is a congruence. M N = C[M] C[N] Howe s technique. Probabilistic Applicative and Call-by-Value Lam

51 Full Abstraction? Full Abstraction is a sound methodology for program equivalence. Is it also complete? CBN : No [DLSA2014] Counterexample: M = λx.λy.(ω I ); N = λx.(λy.ω) (λy.i ). Probabilistic Applicative and Call-by-Value Lam

52 Full Abstraction? Full Abstraction is a sound methodology for program equivalence. Is it also complete? CBN : No [DLSA2014] Counterexample: M = λx.λy.(ω I ); N = λx.(λy.ω) (λy.i ). Of course, I Ω and as a consequence λy.ω λy.i λy.(ω I ) = M N. Probabilistic Applicative and Call-by-Value Lam

53 Full Abstraction? Full Abstraction is a sound methodology for program equivalence. Is it also complete? CBN : No [DLSA2014] Counterexample: M = λx.λy.(ω I ); N = λx.(λy.ω) (λy.i ). Of course, I Ω and as a consequence λy.ω λy.i λy.(ω I ) = M N. On the other hand, M N. We need a CIU-Theorem for that. Probabilistic Applicative and Call-by-Value Lam

54 Full Abstraction? Full Abstraction is a sound methodology for program equivalence. Is it also complete? CBN : No [DLSA2014] Counterexample: M = λx.λy.(ω I ); N = λx.(λy.ω) (λy.i ). Of course, I Ω and as a consequence λy.ω λy.i λy.(ω I ) = M N. On the other hand, M N. We need a CIU-Theorem for that. CBV The counterexample above cannot be easily adapted. Contexts seem to be more powerful. Probabilistic Applicative and Call-by-Value Lam

55 Full Abstraction in CBV Full Abstraction Tests: t ::= ω a t t, t. Semantics of Tests P M (x, ω) = 1; P M (x, a t) = s S P(x, a, s) P M (s, t) P M (x, t, s ) = P M (x, t) P M (x, s). Theorem (vbmmw2004) x y iff for every test t it holds that P M (x, t) = P M (y, t). Probabilistic Applicative and Call-by-Value Lam

56 Full Abstraction in CBV Full Abstraction Tests: t ::= ω a t t, t. Semantics of Tests P M (x, ω) = 1; P M (x, a t) = s S P(x, a, s) P M (s, t) P M (x, t, s ) = P M (x, t) P M (x, s). Theorem (vbmmw2004) x y iff for every test t it holds that P M (x, t) = P M (y, t). But the question now is: are contexts powerful enough to implement every possible test? Probabilistic Applicative and Call-by-Value Lam

57 Full Abstraction in CBV Full Abstraction Contexts do not have the necessary discriminating power in CBN. Conjecture: only tests in the form t 1,..., t n where each t i is a trace can be captured. In CBV evaluation, terms can be copied after being evaluated! Probabilistic Applicative and Call-by-Value Lam

58 Full Abstraction in CBV Full Abstraction Contexts do not have the necessary discriminating power in CBN. Conjecture: only tests in the form t 1,..., t n where each t i is a trace can be captured. In CBV evaluation, terms can be copied after being evaluated! Lemma. For every test t there is a context C t which is equivalent to t in CBV. Probabilistic Applicative and Call-by-Value Lam

59 Full Abstraction in CBV Full Abstraction Contexts do not have the necessary discriminating power in CBN. Conjecture: only tests in the form t 1,..., t n where each t i is a trace can be captured. In CBV evaluation, terms can be copied after being evaluated! Lemma. For every test t there is a context C t which is equivalent to t in CBV. Theorem. In CBV, and coincide. Probabilistic Applicative and Call-by-Value Lam

60 How About Simulation (in CBV)? Full Abstraction Similarity can itself be characterized by a notion of testing, but for a stronger notion of test. General boolean tests are allowed, including disjunctive tests. Probabilistic Applicative and Call-by-Value Lam

61 How About Simulation (in CBV)? Full Abstraction Similarity can itself be characterized by a notion of testing, but for a stronger notion of test. General boolean tests are allowed, including disjunctive tests. The grammar of test needs to be enriched: t ::= ω a t t, t t t.... Probabilistic Applicative and Call-by-Value Lam

62 How About Simulation (in CBV)? Full Abstraction Similarity can itself be characterized by a notion of testing, but for a stronger notion of test. General boolean tests are allowed, including disjunctive tests. The grammar of test needs to be enriched: t ::= ω a t t, t t t.... Let us look at the counterexample for CBN: M = λx.λy.(ω I ); N = λx.(λy.ω) (λy.i ). The two terms are incomparable by. But how about context equivalence? Probabilistic Applicative and Call-by-Value Lam

63 How About Simulation (in CBV)? Full Abstraction Similarity can itself be characterized by a notion of testing, but for a stronger notion of test. General boolean tests are allowed, including disjunctive tests. The grammar of test needs to be enriched: t ::= ω a t t, t t t.... Let us look at the counterexample for CBN: M = λx.λy.(ω I ); N = λx.(λy.ω) (λy.i ). The two terms are incomparable by. But how about context equivalence? Lemma. M N. Proof. Purely operational. Probabilistic Applicative and Call-by-Value Lam

64 Our Neighborhood Full Abstraction Λ, where we observe convergence CBN CBV [Abramsky1990,Howe1993] Λ with nondeterministic semantics, where we observe convergence, in its may or must flavors. CBN CBV [Ong1993,Lassen1998] Probabilistic Applicative and Call-by-Value Lam

65 1 Λ Syntax and Operational Semantics Motivating Example : Perfect Security 2 Probabilistic in the abstact A Labelled Markov Chain for Λ Example 3 Full Abstraction 4 Probabilistic Applicative and Call-by-Value Lam

66 Summing up: CBN CBV Further work: What if we add sequencing to CBN? What if we add parallel or to CBN? How about approximate notions of bisimulation? How about λ-calculi for probabilistic polynomial time? Probabilistic Applicative and Call-by-Value Lam

67 Questions? Probabilistic Applicative and Call-by-Value Lam

68 Probabilistic Applicative and Call-by-Value Lam

69 Howe s Technique R R H Probabilistic Applicative and Call-by-Value Lam

70 Howe s Technique R R H Probabilistic Applicative and Call-by-Value Lam

71 Howe s Technique R H is a Congruence whenever R is an equivalence R R H Probabilistic Applicative and Call-by-Value Lam

72 Howe s Technique H is a Congruence H Probabilistic Applicative and Call-by-Value Lam

73 Howe s Technique H is a Congruence H? Probabilistic Applicative and Call-by-Value Lam

74 Howe s Technique x x R M x x R H M x {x} M R H L x λx.l R N x / x x λx.m R H N x M R H P x N R H T x (PT ) R L x MN R H L x M R H P x N R H T x (P T ) R L x M N R H L Probabilistic Applicative and Call-by-Value Lam

75 The Key Lemma Proving that H is indeed a precongruence is a convenient way to proceed. Statement: If M H N, then for every X Λ (x) it holds that M (λx.x ) N (λx.( H (X ))). Proof. We prove that D(λx.X ) N (λx.( H (X ))) for every D such that M D. By induction on the structure of any derivation of M D (which is finite). Everything goes through smoothly, except... the application case. We need to prove that probability assignments can always be disentangled. This is the case, though. Probabilistic Applicative and Call-by-Value Lam

76 So we have : H = H = = is a precongruence = is a congruence =. Theorem Probabilistic Applicative and Call-by-Value Lam

Bisimulation and coinduction in higher-order languages

Bisimulation and coinduction in higher-order languages Davide Sangiorgi Focus Team, University of Bologna/INRIA ICE, Florence, June 2013 Bisimulation Behavioural equality One of the most important contributions