Bisimulation and coinduction in higher-order languages

Similar documents
Probabilistic Applicative Bisimulation and Call-by-Value Lam

On Böhm Trees and Lévy-Longo Trees in π-calculus

On Coinductive Equivalences for Higher-Order Probabilistic Functional Programs

arxiv: v1 [cs.lo] 16 Apr 2018

A probabilistic lambda calculus - Some preliminary investigations

Environmental Bisimulations for Probabilistic Higher-Order Languages

Contextual equivalence

Techniques. Contextual equivalence

3.2 Equivalence, Evaluation and Reduction Strategies

Interpreting the Full λ-calculus in the π-calculus

Equations, contractions, and unique solutions

The Lambda-Calculus Reduction System

Communication Errors in the π-calculus are Undecidable

Concurrency theory. proof-techniques for syncronous and asynchronous pi-calculus. Francesco Zappa Nardelli. INRIA Rocquencourt, MOSCOVA research team

A note on coinduction and weak bisimilarity for while programs

Programming Language Concepts: Lecture 18

Applicative May- and Should-Simulation in the Call-by-Value Lambda Calculus with AMB

Origin in Mathematical Logic

Domain theory and denotational semantics of functional programming

Dipartimento di Informatica Università degli Studi di Verona

TRINITY COLLEGE DUBLIN. First-Order Reasoning for Higher-Order Concurrency

Advanced Lambda Calculus. Henk Barendregt & Giulio Manzonetto ICIS Faculty of Science Radboud University Nijmegen, The Netherlands

An introduction to process calculi: Calculus of Communicating Systems (CCS)

Origin in Mathematical Logic

Categories, Proofs and Programs

On Coinduction and Quantum Lambda Calculi

Skew and ω-skew Confluence and Infinite Normal Forms

Lambda-Calculus (I) 2nd Asian-Pacific Summer School on Formal Methods Tsinghua University, August 23, 2010

Syntax and Semantics of Propositional Linear Temporal Logic

Relating Reasoning Methodologies in Linear Logic and Process Algebra

A Behavioural Model for Klop s Calculus

Call-by-value non-determinism in a linear logic type discipline

Review. Principles of Programming Languages. Equality. The Diamond Property. The Church-Rosser Theorem. Corollaries. CSE 230: Winter 2007

A Behavioral Congruence for Concurrent Constraint Programming with Nondeterministic Choice

Simulation in the Call-by-Need Lambda-Calculus with Letrec, Case, Constructors, and Seq

Congruence of Bisimulation in a Non-Deterministic Call-By-Need Lambda Calculus

Subtyping and Intersection Types Revisited

Strong bisimilarity can be opened

Alonzo Church ( ) Lambda Calculus. λ-calculus : syntax. Grammar for terms : Inductive denition for λ-terms

λ-terms, M Some random examples of λ-terms: L9 105

On the Origins of Bisimulation and Coinduction

Normal Form Simulation for McCarthy s Amb

Making the unobservable, unobservable

Graph lambda theories

Strong Normalization for Guarded Types

Probabilistic Bisimilarity as Testing Equivalence

Communicating and Mobile Systems

Decidable Subsets of CCS

Programming Languages

λ-terms, M Some random examples of λ-terms: L9 105

Model Theory of Modal Logic Lecture 5. Valentin Goranko Technical University of Denmark

Denotational semantics

arxiv: v1 [cs.lo] 22 Jun 2015

CBV and CBN. Eduardo Bonelli. TP para LP 2012C1 1/55

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

Introduction to λ-calculus

Tutorial on Semantics Part I

Call-by-Value Non-determinism in a Linear Logic Type Discipline

Mobile Processes in Bigraphs. Ole Høgh Jensen. October 2006

ESE601: Hybrid Systems. Introduction to verification

Bisimulation for conditional modalities

Proving Soundness of Extensional Normal-Form Bisimilarities

Operational Semantics Using the Partiality Monad

A Tableau Calculus for Minimal Modal Model Generation

Review of The π-calculus: A Theory of Mobile Processes

Lecture 2: Self-interpretation in the Lambda-calculus

Step-Indexed Biorthogonality: a Tutorial Example

Coinductive big-step semantics and Hoare logics for nontermination

Models of Concurrency

RPO, Second-Order Contexts, and λ-calculus

Call-by-Value Non-determinism in a Linear Logic Type Discipline

Combinators & Lambda Calculus

A Propositional Dynamic Logic for Instantial Neighborhood Semantics

A Bisimulation-Like Proof Method for Contextual Properties in Untyped λ-calculus with References and Deallocation

Towards Correctness of Program Transformations Through Unification and Critical Pair Computation

MAKING THE UNOBSERVABLE, UNOBSERVABLE.

CS 6110 S16 Lecture 33 Testing Equirecursive Equality 27 April 2016

Distributed Processes and Location Failures (Extended Abstract)

On the method of typical bounded differences. Lutz Warnke. Georgia Tech

Relational Graph Models, Taylor Expansion and Extensionality

INFORMATIQUE THÉORIQUE ET APPLICATIONS

Principles of Program Analysis: Control Flow Analysis

Operationally-Based Theories of Program Equivalence

Computational Soundness of a Call by Name Calculus of Recursively-scoped Records. UMM Working Papers Series, Volume 2, Num. 3.

Congruence of Bisimulation in a Non-Deterministic Call-By-Need Lambda Calculus

Variations on a theme: call-by-value and factorization

Type Inference. For the Simply-Typed Lambda Calculus. Peter Thiemann, Manuel Geffken. Albert-Ludwigs-Universität Freiburg. University of Freiburg

1 Introduction. 2 Recap The Typed λ-calculus λ. 3 Simple Data Structures

Using models to model-check recursive schemes

Extending Abramsky s Lazy Lambda Calculus: (Non)-Conservativity of Embeddings

Simply Typed λ-calculus

Simulations and Bisimulations for Coalgebraic Modal Logics

CS 4110 Programming Languages & Logics. Lecture 16 Programming in the λ-calculus

Lazy Strong Normalization

Logic and Probability Lecture 3: Beyond Boolean Logic

arxiv: v1 [cs.lo] 29 May 2014

Typed Arithmetic Expressions

Communication Problems in the 7r-Calculus. M. R. F. Benevides* F. Prottit

The Safe λ-calculus. William Blum. Joint work with C.-H. Luke Ong. Lunch-time meeting, 14 May Oxford University Computing Laboratory

Coinductive big-step operational semantics

Transcription:

Bisimulation and coinduction in higher-order languages Davide Sangiorgi Focus Team, University of Bologna/INRIA ICE, Florence, June 2013

Bisimulation Behavioural equality One of the most important contributions of Concurrency Theory to CS (and beyond) [Milner, Park, 1980] Bisimulation: a relation R on states of an LTS s.t. whenever M R N: 1. P a P implies Q a Q and P R Q 2. the converse. Bisimilarity ( ): the union of all bisimulations [in the remainder: converse clauses omitted] page 1

Important 1. The definition gives us a powerful proof method: P R Q R is a bisimulation P Q 2. Coinduction and induction Bisimulation: a coinductive notion Congruence: the inductive dual of bisimulation (equivalence) [compatibility with the constructs of the language] In a language: we need them both inductive syntax coinductive semantics page 2

Higher-order languages Functions and/or processes move and/or used as data Example of higher-order feature: P(x) where x can be a program Functional languages, mobile code What is bisimulation? Compatibility can be hard page 3

The λ-calculus and contextual equivalence page 4

The λ-calculus The paradigmatical higher-order language M,N ::= x λx.m MN Values = the terms of the form λx.m Λ = the closed terms Reduction (call-by-name) M M (λx.m)n M{ N /x} MN M N = = the reflexive and transitive closure of. M = M terminates page 5

Behavioural equality in sequential languages for all context C, and for all values V, C[ P ] = V iff C[ Q ] = V Too strong in higher-order languages: I = λx.x λx.(ii) because I = I and λx.(ii) = λx.(ii) The observables should be as weak as possible page 6

Contextual equivalence [Morris, 68] M C N contextually equivalent if, for any context C such that C[ M ] and C[ N ] are closed, C[M] iff C[N] No need to check the identity of first-order values returned Example: if C[ P ] = 5 and C[ Q ] = 7, wrap C into if C = 5then trueelse <diverge> Problem : definition very hard to use (utterly useless in higher-order languages) page 7

Proof techniques for contextual equivalence in higher-order languages Till the 1990s: denotational techniques hard mathematics full abstraction scalability in non-purely functional extensions (eg, state; worst: concurrency) After the 1990s: coinduction (bisimulation) [Abramsky] A major factor in the movement towards operationally-based techniques in PL semantics after the 1990s Still a hot research topic page 8

Applicative bisimulation page 9

Bisimulation in the λ-calculus [Abramsky, 1990] Applicative bisimulation: a relation R Λ Λ s.t. whenever M R N: 1. M = λx.m implies N = λx.n and M { L /x} R N { L /x} for all L; Applicative bisimilarity ( A ) : the union of all bisimulations Questions: 1. A vs C? (contextual equivalence) 2. does the definition scale to extensions of the λ-calculus? page 10

Bisimilarity vs contextual equivalences A C easy? (cf: bisimilarity implies may testing) surprise: what is easy is the converse C A (λx.m)n C M{ N /x} ( ) M C N and M = λx.m imply N = λx.n We need: M { L /x} C N { L /x}, for all L M { L /x} C ( ) ML C (substitutivity) NL C ( ) N { L /x} Conclude from transitivity of C page 11

Congruence? A C would follow from the compatibility of A : for all M,N, and context C, if M A N then C[ M ] A C[ N ] A proof attempt : R = {(C[ M ],C[ Ñ ]) : M A Ñ} Induction on the structure of C. Main problematic case: C = C1C2 page 12

The two congruence problems Suppose (λx. M1)M2 R N1N2 with { λx.m1 R N1 M2 R N2 From the inductive assumption: (λx.m1)m2 M1{ M 2/x} R N1N2 = (λx.n 1 )N 2 N 1 {N 2/x} (... only if M2 = N2!) But we need more: (1) if M1{ M 2/x} = λx.m then N1{ L /x} = λx.n and for all L... (2) M2 R N2 page 13

Techniques for congruence Abramsky: via denotational semantics Howe s technique: define a relation that is, by definition, a congruence, and then prove that it is the same as A. Difficult to apply Limitations in extensions of the λ-calculus (concurrency) page 14

Bisimulation in the λ-calculus [Abramsky, 1990] Applicative bisimulation: a relation R Λ Λ s.t. whenever M R N: 1. M = λx.m implies N = λx.n and M { L /x} R N { L /x} for all L; Applicative bisimilarity ( A ) : the union of all bisimulations Questions: 1. A vs C? (contextual equivalence) 2. does the definition scale to extensions of the λ-calculus? page 15

Unsoundness of applicative bisimilarity under language extensions [example: call-by-value with generation of names] M = νnreturn λf.fn N = return λf.νn fn M A N (the argument supplied for f does not know n) M C N, as C[ M ] true but C[ N ] false for C = let [ ] = g in g(λn.g(λm.m = n)) [Koutavas, Levy, Sumii, 2011] page 16

Logical bisimulation, revisited page 17

simple congruence proof separate enhancements of the bisimulation Basis: logical bisimulation cf: logical relations [Kobayashi, Sangiorgi, Sumii, 2008 and 2010] page 18

First congruence problem From the inductive assumption: (λx.m1)m2 M1{ M 2/x} R N1N2 = (λx.n 1 )N 2 N 1 {N 2/x} (if M2 = N2!) But we need more: (1) if M1{ M 2/x} = λx.m then N1{ L /x} = λx.n and for all L... introduce a clause for internal moves (cf: concurrency) page 19

First change... whenever M R N: 1. M M implies N = N and M R N ; 2. M = λx.m implies N = λx.n and M { L /x} R N { L /x} for all L Problem: the new definition heavier to use in proofs page 20

The second congruence problem From the inductive assumption: (λx.m1)m2 M1{ M 2/x} R N1N2 = (λx.n 1 )N 2 N 1 {N 2/x} (if M2 = N2!) But we need more: (2) M2 R N2 first-order substitutivity: Q. P(x) P (x) implies P(Q) P (Q) higher-order substitutivity: Q,Q. P(x) P (x) and Q Q imply P(Q) P (Q ) page 21

Second change... whenever M R N : 1.... 2. M = λx.m implies N = λx.n and M { P /x} R N { Q /x} for all P R Q Now: problematic case ok Problem: definition unsound λx.x = I A K = λx.i, for R = {(I,I),(I,K)} R and the identity relation are bisimulations, but not their union a non-monotone functional page 22

Second change... whenever M R N : 1.... 2. M = λx.m implies N = λx.n and M { P /x} R N { Q /x} for all P R Q Problem: definition unsound W sound if R is a congruence (or substitutive) directly from the definition: A C page 23

Third change A congruence (or substitutive) R s.t. whenever M R N: 1. M M implies N = N and M R N ; 2. M = λx.m implies N = λx.n and M { P /x} R N { Q /x} for all P R Q Logical bisimilarity: L Theorem L = C Problem: not a good proof technique from the definition No need to kill two birds with one stone! Enhancements of the proof method, separately cf: up-to techniques [cf: Pous/Bonchi talk] bisimilarity results using relations smaller a bisimulation page 24

Example enhancement: up-to context [ R = the context closure of R ] A relation R is a bisimulation up-to contexts if whenever M R N 1. M M implies N = N and M R N ; 2. M = λx.m implies N = λx.n and M { P /x} R N { Q /x} for all P R Q Theorem If R is a bisimulation up-to contexts then R is a bisimulation. Proof: essentially the earlier proof of congruence page 25

Big-step up-to contexts and reductions A relation R is a big-step bisimulation up-to contexts and reductions if whenever M R N 1. M = λx.m implies N = λx.n and M { P /x} = R = N { Q /x} for all P R Q Theorem If R is a big-step bisimulation up-to contexts and reductions then = R = is a bisimulation. page 26

An example proof with enhancements I1 C I2 for I1 I2 = λx.x = λx.(λy. y)x A plain bisimulation R: a congruence closed under the rules I1 R I2 M R N M R (λy.y)n S = {(I1,I2)} is a big-step bisimulation up-to contexts and reductions, as for M S N: λx.x M M S λx.(λy.y)x N (λy.y)n = N page 27

Fixed-points The functional of the final definition non-monotone (even on congruence relations) but it has a greatest fixed point ( C ) non cocontinuous, but it has the stratification approximation A theory of coinduction for non-monotone functionals? Another possibility: environmental bisimulations monotone functional, robust more complex definition [Kobayashi, Sangiorgi, Sumii, 2010] page 28

Extensions and variations page 29

The example with language extension [call-by-value with generation of names] M = νnreturn V for V = λf.fn N = return W for W = λf.νn fn Distinguished in C = let [ ] = g in g(λn.g(λm.m = n)) Now, also M L N : M = V λn.v (λm.m=n ) = true N = W λn.w(λm.m=n )= false page 30

Evaluation contexts Sometimes useful to separate evaluation contexts [example: call-by-value λ-calculus with references] M = if!l = 0then l := 1else Ω N = l := 1 EC = contextual equivalence, under only evaluation contexts [l = 0]; M EC [l = 0]; N [l = 0]; M C [l = 0]; N for C = [ ];[ ] page 31

Coupled logical bisimulation (E, G) with E closed under contexts, and E G, G closed under evaluation contexts [call-by-value λ-calculus]... whenever M G N 1. M M implies N = N and M G N 2. M = λx.m implies N = λx.n with λx.m E λx.n, M{ P /x} G N{ Q /x} for all P E Q M E N implies M C N, and M G N implies M EC N page 32

Non-determinism and probabilities page 33

Non-determinism M,N ::=... M N Now the easy proof C A/L breaks (as C ) Convergence: may, must Variants of C : may, must, may & must Bisimulation: different from any of them λx.i λx.ω = λx.(i Ω) cf: the CCS-like law µ.p µ.q = µ.(p Q) page 34

To regain coincidence, two possibilities : 1. stengthen C 2. weaken A/L (1) is easy: replace contextual equivalence with barbed congruence (congruence induced by barbed bisimulation) Barbed bisimulation whenever M R N 1. M M implies N = N and M R N 2. M iff N (2) is be more delicate (cf: proof of C A/L ; first congruence problem) A case study: the probabilistic λ-calculus page 35

The probabilistic λ-calculus [Alberti, Dal Lago, Sangiorgi, on-going work] M N abbreviates for M 1/2 N M1 M2 1/2 M1 M1 M2 1/2 M2 Example: ((I Ω)I) Ω (I Ω)I 1 I Ω 1/2 1/2 Ω 1/2 1/2 I Ω which shows ((I Ω)I) Ω 1/4 page 36

Distributions Y = fix point operator N = λf.(i f) Y N 1 I Y N 1/2 1/2 I Y N For all n, Y N = 1/2 n I hence Y N 1 (ie, Y N 0) Using (partial) distributions: Y N Σn I,1/2 n page 37

Probabilistic contextual equivalence, C P M C N if, C[M] p iff C[N] p, for all contexts C. No issues of may and must convergence Probabilistic applicative bisimulation, A P, following Larsen-Skou An equivalence s.t. M R N implies, for all equivalence classes E of R and for all inputs L: prob(m = L E) = prob(n = L E) Theorem A P is a congruence [Howe s technique] A P = C P? And how discriminating? page 38

The effect of probabilities on pure λ-terms =LL = Lévy Longo Tree equality The finest equivalence for pure λ-term, under call-by-name [Dezani,Giovannetti tutorial, 2001] Theorem In Λ Λ: =LL = A P = C P Higher-order and probability: maximal discriminating power (on pure λ-terms) [cf: work in concurrency: eg Deng, Hennessy 2010] page 39

Quite different from (non-probabilistic) non-determinism : λx. xx and λx. x(λy. xy) contextually equivalent (both may and must) [under may (similarly for must): if L may then λz.lz = L; otherwise LÑ = Ω] Different in C P : (λx.xx)(i Ω) 1/4 I (λx.x(λy.xy))(i Ω) 1/2 λy.(i Ω)y Similarly, different under bisimulation, and different LL trees Outside pure λ-terms, usual counterexample: λx.i λx.ω vs λx.(i Ω) Coinductive characterisation of C P? page 40

Lévy Longo Trees The Lévy Longo Tree of M Λ is the labeled tree, LT(M), defined coinductively as follows: 1. λx if M = λx.n LT(N) 2. x if M = xm1...mn LT(M1)... LT(Mn) 3. LT(M) = otherwise (ie, M ) page 41

Probabilistic coupled logical bisimulation A partial distribution : Σi Mi,pi A distribution value : λx.σi Mi,pi = Σi λx.mi,pi Allow distributions in redex position Extended λ-terms (ΛD): E,F ::= EM Σi Mi,pi M1 M2 λx.m (M Λ) page 42

A bisimulation: (E, G) with E Λ Λ, G Λ D Λ D, E G. (E,G) is a bisimulation if for each E G F we have: 1. if E E then F = F and E G F ; 2. if E = λx.e then F = λx.f with prob(e ) = prob(f ), and E { M /x} G W{ N /x} for all M E N Write M CL P N if M E N for some bisimulation (E,G). Theorem CL P = C P page 43

Probabilistic λ-calculus: big-step operational semantics, call-by-name [Dal Lago, Zorzi, 2012] LAM λx.m λx.m,1 EMP M M λx.σ i Mi,pi Mi{ N /x} Σj Ni,j,qj APP MN Σi,j Ni,j,pi qj PLUS M E M F M N E 1/2 + F 1/2 Inductively: M = E if E = sup{f : M F} Coinductively, without EMP: M = E if E = inf{f : M F} page 44

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback